Meru Debuts 'Virtual Port'

By Lisa Phifer

November 10, 2008

vWLAN, a new core feature of Meru's System Director platform, carves available RF resources into "virtual ports" that can be configured, managed, and monitored at the same level of granularity as Ethernet switch ports.

Before Wi-Fi can displace Ethernet as the LAN access method of choice, enterprises must learn how to accurately plan, budget, provision, troubleshoot, and tune WLANs. To facilitate this, Meru Networks believes that WLANs must become more predictable by exploiting the advantages of virtualization.

 

"Micro-cell [WLAN] adaptation and variability is the main cause of high operating expenses," Joe Epstein, Meru's senior director of technology, told Wi-Fi Planet. "Predictability has long been taken for granted in the wireline world, but has not been fully possible in the wireless world. With virtual cells, pooling resources took us 75 percent of the way there. With virtual ports, we've taken the next step by partitioning that pool into deterministic per-user sandboxes."

 

Slice and dice

vWLAN (Virtual WLAN)—a new core feature of Meru's System Director platform—carves available RF resources into "virtual ports" that can be configured, managed, and monitored at the same level of granularity as Ethernet switch ports.

 

"As Ethernet speeds increased from 10 to 100 to 1000 Mbps, [shared] hubs couldn't keep up. They had to be replaced with Ethernet switches that could intelligently share uplink ports and backplane capacity," said Epstein. Moving to dedicated switch ports helped LAN administrators plan capacity/cost more accurately, insulate stations from each other, isolate problems, and deterministically manage per-user performance.

 

Similarly, vWLAN applies virtualization techniques to Meru Access Points (APs) to aggregate and then divvy the shared RF medium across wireless clients. "Like disk or server virtualization, our approach abstracts out the physics that underlie wireless networks to improve their reliability and reduce cost," said Epstein.

 

First, Meru's virtual cell architecture places every AP on the same channel(s), using controller-based Air Traffic coordination to avoid the roaming delays and co-channel interference found in micro-cell WLANs. Virtual cells create one large "wireless blanket" shared by all clients that associate to a given network, identified by ESSID.

 

Meru's new virtual port concept further refines this architecture by snipping the big RF blanket into tiny little pieces: individually-configurable RF resource partitions. Each virtual port is assigned to a single station at associate time, identified by its own unique BSSID.

 

Personalized sandboxes

Virtual BSSIDs (AP MAC addresses) are commonly used to offer multiple ESSIDs from a single device, so that each can be associated with different security and quality of service policies—for example, when one radio supports both corporate and guest WLANs.

 

Meru's virtual ports start with the same technique—virtual BSSIDs—but apply them in a far more granular fashion. In a Meru WLAN, all users attempt to associate to the same ESSID, but end up communicating with their own private logical AP (virtual BSSID). This makes it possible to use standard 802.11 management frames to deliver customized traffic parameters—including WMM Quality of Service Parameter Sets—to each and every station.

 

In micro-cell WLANs that do not use virtual ports, all stations associated to a given ESSID must use the same QoS parameters and the same multicast keys. In effect, RF and AP resources are shared by the entire network, using WMM to prioritize and WPA2 to secure traffic. One mis-configured or extremely chatty station can easily impact everyone else's performance.

 

But, assigning each station its very own logical AP means that different QoS parameters can be provisioned for per user. Meru's controller and physical APs can then use standard WMM to enforce defined resource bounds, regulating traffic flow. This per-station "sandbox" simplifies administrative tasks like capacity planning, trouble-shooting, and tuning to meet service level agreements. For example, a chatty station can be given lower priority or limited by flow control.

 

Furthermore, per-BSSID (and thus per-station) multicast encryption keys stop users from snooping on each other's over-the-air multicast packets. Once wireless traffic hits the wire, conventional VLANs can still be used to create desired multicast/broadcast domains.

 

Transparent roll-out

Because Meru's approach leverages standard protocols, no proprietary client-side software or configuration is required. However, to be fully QoS-manageable, those devices must support WMM. "Every new 802.11n client is required to support WMM anyway," said Epstein. "Other clients can still be assigned to a virtual port but they are just more difficult to control."

 

vWLAN technology has been incorporated into Meru's System Director 3.6 software, now shipping to all new customers and available at no additional charge to existing customers with support contracts. "We consider this part of our core OS; virtual ports are on by default," said Epstein. "We think this is a big step forward for us and the industry—we're very excited about it."

 

 

Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A 27-year industry veteran, Lisa has been involved in Wi-Fi training, product evaluation, network deployment, and security assessment since 2001.

 



Comment and Contribute
(Maximum characters: 1200). You have
characters left.