Scribd Logo
Upload

Welcome to Scribd!

  • $RXKG8SE

    Uploaded by

    Murad suleman
    27 views30 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views30 pages

    $RXKG8SE

    Uploaded by

    Murad suleman

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    A-to-Z Design Guide for the

    All-Wireless Workplace

    Partha Narasimhan, Michael Wong


    March 2015

    #ATM15 | @ArubaNetworks
    #nomorephones

    #ATM15 | 2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Wireless Devices

    •  Wireless Devices
    –  802.11n / 802.11ac
    –  Wireless NIC driver updates
    –  Roaming behavior
    –  11r, 11k, 11v capabilities

    #ATM15 | 3 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Wireless Office Requirements

    RF

    Aruba
    Solution High
    Availability
    Exchange
    Wireless
    Office
    Requirements

    Broadcast
    Visibility Suppression

    #ATM15 | 4 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    RF Considerations

    •  ARM
    –  Channel / TX Power
    •  ClientMatch
    –  Band-Steering
    –  Spectrum Load-Balancing
    –  Sticky Client Moves
    –  Voice Aware
    –  .11v BSS transition
    •  Data Rates
    –  Remove lower rates
    •  Channel Width
    –  20 / 40 / 80 / 160 MHz

    #ATM15 | 5 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    ASE RF Solution

    •  Task-Oriented Configuration for RF Optimization

    #ATM15 | 6 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    ASE RF Solution

    •  Generated Configuration can be pasted to controller

    #ATM15 | 7 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    High Availability / Redundancy

    #ATM15 | @ArubaNetworks 8
    Controller High Availability

    Client State •  Client State Info is shared by a pair of controller


    Sync •  2048 APs: under a second

    Transition Content
    AP Fast •  ESSID stays up
    •  AP builds a primary tunnel and a standby tunnel
    Failover •  512 APs: ~9 sec

    •  Ensures that AP always have a controller available


    VRRP •  LMS / Backup LMS
    •  512 APs: ~1min 20 sec

    #ATM15 | @ArubaNetworks 9 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Client State Sync

    1.  Client successfully authenticates


    and generates Key and PMK-SA
    (Role, VLAN)
    Authentication
    2.  Client info are synced between Master Servers
    the controller pair Transition Content
    X
    3.  AP standby tunnel becomes
    active upon controller failure
    Local Local
    4.  Client is deauth and when it
    reconnects, it performs a 4-way Active GRE
    key exchange Standby GRE
    •  Does not require full authentication to Active / Active Deployment
    radius servers

    5.  Controller deployed in Active /


    Active Model

    #ATM15 | @ArubaNetworks 10 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Generated Configuration from ASE

    #ATM15 | 11 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Broadcast / Multicast
    Controls

    #ATM15 | @ArubaNetworks 12
    Wireless Requirements

    •  Design Criteria
    –  Mobility
    •  Mobile device don’t disconnect and do not understand VLANs
    •  User are not physically constraint to space
    –  RF coverage
    •  Boundaries are less obvious
    –  Decisions, Decisions
    •  Single VLAN or VLAN Pool?
    •  How large should the broadcast domain be?
    •  L2 Mobility
    •  IP Mobility
    –  IPv6 Clients

    #ATM15 | 13 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Broadcast Domain

    •  “Controlling broadcast
    propagation… is important
    to reduce the amount of
    overhead”
    •  Wired Network
    –  Broadcast Control with VLAN
    segmentation
    –  Physically Constraint (per floor)
    –  Finite number of ports

    #ATM15 | 14 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Problem: WLAN Broadcast Flow

    Unicast Frame
    Broadcast /
    Multicast Frame
    •  Unicast frames
    VLAN –  Unique for each client

    •  Broadcast / Multicast frames


    –  Clients connecting to same BSS
    (AP) use the same key
    –  Broadcast / multicast traffic is
    unnecessary flooded

    #ATM15 | 15 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Problem: Multiple VLANs
    Broadcast /
    Unicast Frame Multicast Frame
    •  Unicast frames
    VLAN 10
    VLAN 20
    –  Unique for each client

    •  Broadcast / Multicast frames


    –  Clients connecting to same BSS
    (AP) use the same key
    –  Clients can see broadcast /
    multicast from other VLANs

    #ATM15 | 16 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    AOS Broadcast / Multicast Control
    “broadcast-filter arp”
    • ARP will be flooded on the wired side
    and sent as 802.11 unicast frame if
    there is a match in the user table
    • DHCP converted to unicast
    • IPv6 NS is treated in a similar fashion
    “broadcast-filter all”
    • Packets allowed if:

    Transition Content
    • Packets originating from the wired
    Duplicate Address Detection
    side with destination range of • Gratuitous ARP
    225.0.0.0-239.255.255.255 • IPv6 DAD
    • A station has subscribed to a multicast
    group

    Enable IGMP snooping /


    MLD
    • Learn IGMP membership
    Broadcast / If DMO is enabled,
    multicast packets will
    • Prune multicast flows if there are no Multicast be sent as 802.11
    subscribers
    Controls unicast

    #ATM15 | @ArubaNetworks 17 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    ARP Packet Flow Example (with broadcast control)

    Unicast Frame
    Broadcast /
    Multicast Frame
    •  Unicast frames encrypted with
    PTK
    VLAN
    –  Unique for each client
    •  Broadcast / Multicast frames
    are not flooded
    ARP •  ARP packet sent only to
    matching client entry in user
    table
    –  ARP packet from Client A is sent to
    Client B as 802.11 unicast
    –  Client C does not get ARP packet
    Sta A: Sta B: Sta C:
    Who has IP 10.10.10.1? IP 10.10.10.1

    #ATM15 | 18 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Bonjour and SSDP in the Enterprise

    Enable Airgroup to handle Zero Configuration Networking Multicast (Bonjour


    and SSDP) large campus without affecting Wi-Fi performance
    •  Well-known address for mDNS is 224.0.0.251
    •  Well-known address for SSDP is 239.255.255.250

    #ATM15 | 19 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    VLAN Pooling

    •  When should VLAN pool be used?


    –  Provide additional address space for non-contiguous
    •  Higher chance if public IP address is being used
    –  All VLANs in the pool should be the same size
    •  Controller will automatically convert IPv6 RAs to unicast
    –  Conversion of RAs to unicast is necessary to prevent client from
    getting address in wrong IPv6 prefix
    –  Unicast traffic may negatively affect battery life

    #ATM15 | 20 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Summary

    •  Keep it simple, use a single VLAN


    –  The cost of managing broadcast / multicast domain for multiple
    VLANs is expensive
    –  Use Airgroup to manage Bonjour (AirPlay) and SSDP (Chromecast /
    DLNA) behavior
    –  Avoid potential client misbehavior
    •  L2 Domain should match a contiguous RF footprint
    –  With Mobility, devices are not constraint to a physical space

    #ATM15 | 21 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Things to Keep in Mind

    •  Single VLAN can put additional requirements to uplink


    router
    –  Router should be able to handle large ARP table
    •  DHCP server scalability / redundancy

    #ATM15 | 22 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Visibility

    #ATM15 | @ArubaNetworks 23
    Voice / UCC Visibility

    •  Real time correlation between


    Call Quality and Wi-Fi Quality
    •  Lync SDN 2.1
    –  additional session info provided

    #ATM15 | 24 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    AppRF

    #ATM15 | 25 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    Aruba Solution Exchange (ASE)

    •  Aruba Solution Exchange (ASE)


    –  https://ase.arubanetworks.com

    •  Benefits
    –  Generate dynamic configuration
    –  Reduce time to make use of configuration
    –  Solution validates user input

    #ATM15 | 26 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    ASE FAQ

    •  Who can access ASE?


    –  Customer, Partners, Airhead Social Users
    •  Is there a cost?
    –  ASE is free
    •  Documentation
    –  https://ase.arubanetworks.com/docs
    •  How can I get notification when a solution is updated?
    –  Follow the solution!

    #ATM15 | 27 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    … Before You Go

    Give feedback! Sign up, save $200!

    atmosphere
    2016

    arubanetworks.com/atmosphere2016

    #ATM15 | 28 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
    #ATM15 | @ArubaNetworks 29
    THANK YOU

    #ATM15 | @ArubaNetworks 30

    You might also like