Understanding WLANs: Architecture 101
December 29, 2008
Architecture is what makes any network more than the sum of its parts. We outline some of the differences between major vendors and give an overview of how contemporary enterprise WLAN architectures are combining new innovative technologies with past approaches.
Sharks swim continuously to avoid sinking to their deathbut that doesnt prevent them from circling back through familiar waters.
In the hardscrabble enterprise WLAN market, vendors that stop innovating also quickly fall from grace. But those that flourish arent moving ahead without a backwards glance. In fact, some of todays hottest players are combining creative new twists with the best of the past, producing hybrid architectures that are increasingly tough to categorize.
In the beginning
Todays WLANs may bear little resemblance to pre-802.11 deployments, but those dusty old peer-to-peer wireless bridges launched an industry that now threatens to topple Ethernet.
But as businesses moved beyond experimentation, new requirements emerged: VPN tunnel termination, captive portal authentication, load balancing across APs, remote management. At first, these new capabilities were stuffed into business-grade fat APs, such as Cisco Aironet and Proxim Orinoco. Some even learned to speak proprietary Inter-AP load balancing protocols inside homogeneous WLANs. Soon, network administrators learned how to supervise these otherwise autonomous APs from a central point using SNMP and SYSLOG.
These innovations fostered early enterprise WLAN deployment. But they also hit the wall fairly quickly, when AP CPU and memory became saturated. More powerful chips were available, but they were too big and too expensive to be included in every single AP. Inevitably, those more advanced capabilities had to be off-loadedfirst to Wireless Gateways (e.g., BlueSocket, ReefEdge) and then to Wireless Switches (e.g., Symbol, Airespace).
Early Wireless Gateways concentrated wireless network access, providing necessary services like firewalling, VPN termination, and subnet roaming at layer three. Wireless Switches delved into layer two by relieving APs of association management duties like 802.1X authentication, key caching, fast handoff, and prioritization.
When enterprise APs grew thinner, they also became more dependent on Wireless Switcheswhich then evolved into Wireless Controllers, responsible for AP discovery, provisioning, and maintenance. And WLAN topologies became rigidly hierarchical: clients talked to APs, APs talked to Controllers, Controllers routed traffic onto the wired network.
Controller-based products quickly dominated the enterprise WLAN landscapean outcome that remains to this today. All ten companies in ABIs latest 802.11n vendor matrixMeru, Aruba, Motorola, Bluesocket, Trapeze (Belden), Cisco, Colubris (HP), Xirrus, Siemens (Enterasys), and Extricomparticipate in the WLAN Controller market.
But business requirements and hardware capabilities have continued to evolve. Significant refinements and variations on this now-common architecture have emerged to address contemporary needs in more cost-effective, efficient, and flexible fashions.
Along the way, WLAN architectures grew even more difficult to categorize. Vendors now differentiate their offerings in fairly diverse ways. Its no longer terribly helpful to refer to a given AP as fat or thinnor can one lump everything else into one box labeled controller.
Many networking devices, from routers to firewalls, can be decomposed into three planes: data, control, and management. These planes can also be applied to WLAN infrastructure devices.
The data plane is responsible for moving information in real-timein WLANs, accessing the wireless media to convert radio signals into LAN frames. In a broader architectural sense, the data plane describes the way in which a network relays data between elements. For example, are packets relayed from APs to controller or can they be forwarded directly between APs?
The control plane makes real-time operational decisions, based on policies related to topology, security, quality of service, bandwidth limits, etc. In routers, the control plane participates in protocols that ultimately determine which packets get discarded or forwarded to another router. In wireless devices, the control plane may be responsible for decisions that affect association admission, session prioritization, stateful packet inspection, and load balancing.
The management plane is responsible for carrying out non-real-time administrative tasks, including AP activation, provisioning, configuration updates, firmware maintenance, fault surveillance, and performance monitoring. For example, must APs be configured individually, or can the same configuration update be applied to a group of APs from a single point?