May 2004
Lessons From The Wireless Edge
Enterprise-grade wireless local-area networks (WLAN) are a high-growth
area, driven by the need for mobility and always-on connectivity, offering a
new dimension in productivity for business users. Gartner Group says that,
�The notion of �office� is just the act of paying attention to work through
always-on access,� and suggests that enterprises could expect a 22 percent
productivity improvement by introducing WLANs. WLANs can provide mobile,
high-speed connectivity not only in conference rooms but across the
enterprise; not only for data but also for telephony. So what have we
learned from WLAN enterprise deployments to date, that will make it easier
for us to reap the benefits of WLANs, while managing the Total Cost of
Ownership of this new networking technology?
Lesson #1: Understanding What You Are Trying to Do
Three key questions you may want to ask yourself are Who? What? Where? Who
are the targeted users? Executives? Knowledge workers? Visitors? What
applications will need to be supported and through which devices? Will you
need to provide access to both general office apps such as e-mail and to
business apps such as Supply Chain Management? What about opportunities for
converged communications? In most general office environments, WLAN
deployment is driven by data with incidental voice support � after all, in
most cases mobile users have cell phones as well, and except for very large
campuses, coverage is adequate. In some environments such as in a point of
care solution in a hospital, we can anticipate lots of mobile voice and data
usage. In yet other environments, voice may be the dominant application with
a low level of data traffic (e.g., barcode readers and price checks), as
would be the case in a retail environment. �Where?� is heavily influenced by
�who?� and �what?� In the short term, are you focused on conference rooms,
classrooms, or executive suites or is there a need for building, campus, or
enterprise-wide roaming? If voice is a planned requirement, then ubiquitous
coverage becomes a necessity given the user expectation to be able to walk
and talk without interruption. Understanding your requirements is critical
in making the optimal use of WLAN technology.
Lesson #2: Getting the Coverage You Need
WLANs are implemented using multiple Access Points (APs) to provide the
required coverage. Omni-directional antennas are most often used with a
range of 50 to 100 meters, in all directions. Weakening of the signal (e.g.,
trying to get through pillars or floors) or undesirable reflections (off
walls and partitions) result in smaller and less regular coverage areas,
these being highly dependent on the nature of the material encountered.
Which radio channel a given AP uses can be configured (e.g., to avoid
interference between adjacent APs), or which RF power should be configured
to maximize the coverage and avoid gaps. Overlapping AP cells of coverage
are created when multiple APs exist around the floor or building, creating
roaming coverage for mobile users. Given the three-dimensional nature of
radio waves, providing coverage in a multi-story building is problematic
with only three non-overlapping channels supported by the most widely
deployed WLAN standard (IEEE802.11b). IEEE802.11a is better suited for
high-density deployments with its 13 channels (in the United States). The
latter also has the advantage that each channel is up to 54Mbps, compared to
11Mbps for 802.11b. However, given the installed base of 802.11b devices,
the ideal solution is one that supports dynamic 11a/b/g operation. Site
surveys are an important step in planning WLAN AP deployment for the desired
coverage.
Lesson #3: Power over Ethernet for Deployment Ease
Early WLAN systems were based on extending AC power and Ethernet
connectivity to every AP. Bringing AC power to every AP is a major upfront
cost and bottleneck to rapid expansion. The Power-over-Ethernet standard
(IEEE802.3af) enables much easier AP deployment and is supported by current
generation of APs and Ethernet switches. That said, in some environments
where coverage is needed but no LAN infrastructure exists, it may be easier
to get AC power than Ethernet connectivity. Examples include: shopping
malls, and service yards. WLAN mesh networks are emerging to address this
need. Wireless mesh networks consist of a peer-to-peer Access Point
architecture � with smart antennas, integrated routers, and adaptive routing
and security capabilities � to backhaul data wirelessly to wired broadband
networks, minimizing the need for expensive (in these environments) wired
connections to every AP.
Lesson #4: Capacity Planning
54Mbps per channel capacity with 802.11a or 802.11g is more than adequate
for a single user used to 10/100 operation from his or her desktop. But
unlike wired switched Ethernet, which dedicates the bandwidth to the user,
802.11 is a shared media with bandwidth a function of number of users and
how far the user is from the AP. In general, the full capacity is available
only for the first tens of meters from the AP, decreasing in steps to 1Mbps
for 11b and 6Mbps for 11a or 11g to the edge of the cell. Contention for the
radio channel is resolved for these variable speed users using a technique
called Carrier Sense Multiple Access/ Collision Avoidance. This operation
introduces additional overheads (over and above Ethernet frame overheads).
The end result is that the optimal throughput achievable using the maximum
Ethernet frame length of 1,500 bytes is closer to 30Mbps for 11a and 6Mbps
for 11b. For much shorter voice packets, these values drop to roughly one
quarter of these values. For data traffic, wired Ethernet and DSL
equivalency requires on the order of 4 and 1 Mbps capacities respectively,
while voice calls require 100�200Kbps, depending on coding scheme and
sampling rate. The above provides a rough methodology to engineer the WLAN,
based on projections on the number of voice and data users and the
anticipated usage across the coverage area. If additional capacity is
needed, then additional APs can be deployed. As mentioned above, 802.11a/b/g
systems are preferred, 11a to avoid interferences, 802.11g for higher
capacity and backward compatibility with 802.11b. Finally, capacity planning
can be enhanced through the use of directional antennas which constrain the
radio signal to a narrower beam pattern (horizontally or vertically) and
minimize interference with adjacent cells.
Lesson #5: Securing Your WLAN
Security exposures of using WLANs have been well documented, including
threats from �war-driving� and �war-chalking� and the malicious insertion of
rogue Access Points. Wired Equivalent Privacy (WEP), the primary security
mechanism shipped with most WLAN products, has proven to be non-secure. The
future is based on the universal deployment of WPA (WiFi Protected Access)
along the path to the IEEE802.11i standard.
It is therefore not surprising that industrious enterprises have adopted
various security solutions to their WLAN deployments. One brute force
technique is RF isolation complemented by physical security. This approach
attempts to isolate the WLAN radio signals from the outside world, as might
be possible in a military base. Another method of blocking unauthorized
outsiders from taking advantage of the open air availability of the signal
is to surround the perimeter of the corporate grounds with APs that
effectively �jam� the internal signal from any outsiders. Clearly such
approaches are of limited applicability in the enterprise environment. In
response to enterprise needs, WLAN vendors have developed their own security
solutions. Most are vaguely �standards-based,� are not interoperable with
other vendors� solutions, and carry a high price tag. Some are not that
secure! Often these solutions are implemented in the Access Points
themselves complicating management, increasing costs and sometimes requiring
hardware upgrades. Clearly, these stop gap approaches incur a total cost of
ownership penalty and are difficult to evolve.
One approach that has proven secure is leveraging VPN technology already
used by many enterprises for remote user and remote office access over the
Internet. Enterprises that have deployed remote access and more recently
branch office VPNs have extended these implementations to include WLANs.
These have either leveraged their investments in Secure IP Services
Gateways, or deployed additional units closer to the WLAN APs. Users trying
to access the network via the WLAN are first authenticated (exactly as if
they were accessing the enterprise across the Internet), their information
is encrypted, and all communication logged by the VPN system. This approach
solves many of the challenges of enterprise WLANs. Other security areas that
need to be addressed include deployment of personal firewall and anti-virus
software in mobile devices, and solutions that automate unauthorized AP
detection.
Lesson #6: Keeping An Eye On TCO
What have we learnt about architecting WLAN solutions with an eye to
minimizing the total cost of ownership? Central to this discussion is how to
optimally distribute routing and intelligence between AP�s and the wired
network. Continuous upgrades and churn required to add functionality to APs
has severe operational implications, given their widely distributed nature
and limited accessibility on the ceilings and hallways of the enterprise.
The costs and complexity of WLAN Access Points can be kept down by
minimizing the intelligence of these highly distributed network elements, to
only those functions which need to be distributed. For example, Access
Points should support functions to make effective use of the radio spectrum
by providing power management and seamless roaming between 802.11 radio
bands. They also need to have basic security and traffic management
functionality. However, much of the intelligence required to integrate WLANs
into the enterprise can be centralized, and realized via what can be called
a WLAN Security Switch. The latter can provide functions such as Access
Point load balancing, a full range of user authentication and security
capabilities, unauthorized Access Point detection, enterprise-wide roaming,
and mobile adaptive tunneling dynamically adapting security and performance
levels to meet application needs.
Lesson #7: Planning for Convergence
Wireless IP telephony represents a convergence of two important and rapidly
growing technologies. Mobility and always-on access is one of the drivers
behind this convergence. Users have had mixed results in running voice over
WLANs. Firstly, demos on an otherwise empty network will obviously work.
Some enterprises have successfully deployed converged WLANs, leveraging
proprietary QoS implementations. However, the future is clearly in
standard-based interoperable solutions. In mid-2004, multi-vendor QoS-enabled
WLAN interoperability will be provided via the WiFi Alliance�s Wireless
Multimedia Enhancements (WME) and will set the stage for converged WLAN
networks. Once implemented in both WLAN Access Points, and deployed
ubiquitously across the enterprise, wireless IP telephony will enter the
mainstream.
CONCLUSION
WLAN will extend the reach of wired infrastructures in the office and
provide mobility for future applications. It is a powerful means of
connectivity when you�re not at your desk or when you need connectivity when
there aren�t any wires in place. The lure of WLANs is not unlike the lure of
Ethernet and IP networking of old: connectivity is king and security,
manageability, and flexibility are afterthoughts. Like many networking
technologies, you need to plan and engineer the network to meet your needs
and make some choices to ensure on-going evolution in the context of the
overall enterprise environment. This ensures that WLAN solutions you deploy
today will grow and adapt as the enterprise moves towards network,
communications and application convergence.
Tony Rybczynski is Director of Strategic Enterprise Technologies at
Nortel Networks. He has over 30 years experience in the application of
packet network technology. For more information, please visit
www.nortelnetworks.com.
If you are interested in purchasing reprints of this article (in
either print or HTML format), please visit Reprint Management Services
online at www.reprintbuyer.com or
contact a representative via e-mail at
[email protected] or by phone at 800-290-5460
[ Return To The
May 2004
Table Of Contents ]
|