Going Wi-Fi: A Practical Guide to Planning and Building an 802.11 Network

 < Day Day Up > 


A WLAN's Architecture

Typically a WLAN is built upon "plug and play" equipment, an open architecture, and a wired LAN. The WLAN's architecture also should be customized to facilitate the efficient and effective coordination of the organization's common business processes, information flow, and systems. Thus, a proper WLAN architecture provides a framework around which it is possible to develop, maintain, and implement an excellent operation environment.

All 802.11 specifications require that the network be built on a cellular architecture where the system is subdivided into cells. An access point controls each cell with coverage generally mapped with cells overlapping by 30 percent to support continuous communications as end-users move around the facility. Three different kinds of cellular architectures are specified for a WLAN implementation:

Ad Hoc: The first is an ad-hoc architecture, i.e. no access points. Computing devices communicate directly via the antennae built into their PC card. This type of architecture, which is also known as an Independent Basic Service Set (IBSS), has limited usage. This form of wireless networking can be applicable in situations where end-users spontaneously form a wireless network (e.g. conference rooms, demonstrations, small informal work groups such as a traveling business development team, or a group of people gathered for a business meeting) to share documents such as presentation charts, spreadsheets or data files. But since an ad-hoc network doesn't provide connection to the entire network ecosystem, its capabilities are limited. (See Fig. 7.7.)

Figure 7.7: The various Basic Service Set (BSS) modes that can be deployed in a wireless networking environment.

Infrastructure or BSS: In this architecture where there is at least one access point connected to a wired LAN and a number of wireless computing devices. This type of network architecture is referred to as a Basic Service Set (BSS).

Extended Service Set: ESS refers to a network designed with two or more BSSs that are linked together to form a subnetwork.

To pull all of these different Service Sets together sometimes requires not only a wired Distribution System, but also a Wireless Distribution System (WDS). A WDS allows a network manager to deploy a completely wireless infrastructure.

Wireless Distribution System

A wireless system is only as good as its backbone, since achieving optimal transmission rates and coverage depends more on the quality and installation of that backbone than on any other component. A good wireless backbone should be reliable, easy to install and administer, and scalable. It is the crucial component not only to future migration, but also to good radio coverage and optimal data throughput.

As mentioned at the beginning of this chapter, this backbone is typically referred to as the "Distribution System," in that it connects all Basic Service Sets (BSSs). More often than not, the backbone is made up of a wired network (or the wired components of the system) and access point(s). Ideally, the WLAN will be invisible (or transparent) from an IT management perspective. The wireless system should be seamless to the existing wired system and should not require additional expertise to manage; although as you should already understand, this is not always the case.

A Distribution System is usually Ethernet-based and the networks' APs are connected to the LAN while creating cells to allow wireless connections. A Wireless Distribution System, on the other hand, allows the APs to be wirelessly connected-the connection between the APs is established using the AP's PC card. A WDS is useful in a situation where the coverage area is too large for one AP and a second AP is needed to act as a wireless repeater.

A common WDS deployment is to use two APs to create a wireless bridge between two wired networks with one AP configured to forward all data to the other AP and vice versa. To communicate effectively, both APs apply the same wireless parameters. Since they are acting as a bridge, the APs learn the network devices that are connected to their respective Ethernet ports to limit the amount of data forwarded. Data destined for stations that are known (1) to reside on the peer Ethernet, (2) to be multicast data, or (3) to be for an unknown destination, must be forwarded to the companion or peer AP. The fact that the data is being wirelessly bridged is completely transparent to the LAN, its components, and the end-users.

A Wireless Distribution System can also be designed to have forwarding functionality. By setting up an Extended Service Set (ESS) between APs and manually configuring the WDS peers, stations can intersect with any AP within the ESS and move between the coverage of both APs while the higher layer network connection remains intact. This is similar to the mobility provided in an ESS environment with a wired Distribution System. For instance, a WDS might be used when expanding an existing wired infrastructure network to provide coverage for office space that is not adjacent, but perhaps located across the street. WDSs also are a good solution when creating a roaming network in an area where wired connections between the APs cannot be installed, such as for a trade show where a large area needs to be covered requiring multiple APs.

Figure 7.8: A WDS bridge setup.

Figure 7.9: A WDS can have forwarding functionality by setting up APs as repeaters.

Wired or wireless, when a WLAN is part of the network mix, a Distribution System connects cells in order to build a premises-wide network that allows users of mobile equipment to roam and stay connected to the available network resources. The whole interconnected WLAN, including the different cells, their respective access points, and the Distribution System, is seen as a single 802 network to the upper layers of the OSI (Open System Interconnection) model.

WDS can use an AP with its single PC card to assume multiple roles simultaneously. But for an AP to take on such roles, the operational (frequency) channel must be the same for the cell that is controlled by the AP and for the wireless links to the other APs. In Fig. 7.10, this is illustrated by the four cells on the left side of the graphic all operating on channel 1. Thus, a WDS can "drive" a cell (as in wired connected APs), can connect wireless clients to the infrastructure, and can maintain up to six different wireless connections to other APs. (This is in contrast to other existing wireless AP-to-AP connection schemes such as those used in outdoor installations.)

Figure 7.10: The three access points on the right hand side of this graphic are connected by Ethernet cable and hence use a wired Distribution System, while the four access points to the left are wirelessly connected, and are said to use a Wireless Distribution System. Graphic courtesy of Agere Systems, Inc.

To fully comprehend how a Wireless Distribution System works, we must also consider MAC addressing issues that are inherent to all wireless distribution systems. All LAN devices (including WLAN devices) communicate with each other by using MAC addresses (hardware addresses uniquely assigned in the factory to each device). Each wireless network interface device, whether an adapter, NIC, PC Card, or Compact Flash has a unique MAC address that is used by the system to send data frames to it. If a LAN device transmits data, it will add its own MAC address to the frame in order to indicate to the recipient where the frame originated. Thus, all data frames transmitted over a LAN contain a Destination and a Source MAC address as part of the frame header. When a data frame is transmitted over an Ethernet cable, just those two MAC addresses are required. But when data frames are transmitted between LAN end-stations that are not connected to the same LAN segment, an intermediate device is required to "bridge" the frame from one segment to another. An AP can act as that bridge. To relay traffic from one segment to another the AP uses a "bridge learn table," where MAC addresses are stored in association with the LAN segment (or physical interface) where they reside (from the perspective of the bridge).

However, instead of the two above-referenced addresses, traffic between 802.11 WLAN devices requires four MAC addresses. That's because when a wireless device is associated with an AP it will always direct its traffic to that AP by using the MAC address (address one) of the AP's PC card as its direct destination address. The MAC address of the end-station (address two) to which the frame is being sent is also included in the frame header, so that the PC card in the AP can determine where to relay the frame. Finally the sending station's own MAC address is in the frame as the source address (address three). Then when the WDS link is set up between the two relevant APs, the receiving AP's PC card's MAC address (address four) must be added to the address fields in the MAC header.

While a Wireless Distribution System offers great flexibility at low cost and can be applied in many useful situations, a few considerations may discourage a network manager from using a WDS:

Supporting Mobility and Roaming

A key demand of untethered employees is to maintain a network connection as they roam throughout an organization's facilities whether from office to office, the first floor to the 20th floor, or from the distribution center to the customer service area. Changing a device's network attachment point, however, causes topology and identity changes at the IP level. Traditional end-user applications usually react badly to having the underlying host's identity changed in mid-session.

There are a variety of methods that can be used to decouple a host's identity from its location on the IP network, so that identity can remain the same while attachment points change. In order to accomplish this, however, the network must have a backbone that can track mobile workers wherever they go.

Many limitations are posed when roaming workers cross over subnets, including issues that do not permit users to cross over subnets or even to leave a specific coverage area. Consequently, when evaluating the hardware and software to build a WLAN, both standards-based and vendor-specific roaming capabilities must be closely examined if the WLAN being deployed is to support mobility.

Note 

A subnet (short for subnetwork) is a logical portion of a network that has a contiguous string of IP addresses. Addresses in a subnet are reachable without going through a router, and thus can be reached by broadcasts. To reach addresses outside of a particular subnet, you must transmit through a router. Typically, a subnet will consist of all networked devices in one geographic location, or in one area of a facility, or on the same network.

When connecting a WLAN to a wired network, map out exactly how the connection(s) will take place. End-users will be on the move. One minute the computing device will be associated with one subnet, the next another. Supporting mobile devices means there are new challenges to consider. Some of the most common operating systems (e.g. Windows XP and Windows 2000) support automatic Dynamic Host Control Protocol (DHCP), which is a release and renew process to obtain the IP address for the new subnet. However, certain IP applications such as virtual private networks (VPNs) will fail when DHCP is enabled. If this is an issue you envision running up against once the WLAN is deployed, then perhaps it would be best to deploy a flat network design for the WLAN, where all access points in a roaming area are on the same segment.

A flat network design, however, only works for small and static networks. Larger organizations may need to implement several flat networks. This can be done if the designer first determines where the end-users will roam (e.g. from their office to a conference room, or from their office to the warehouse, or from the warehouse to the cafeteria). Then segment the wireless network based on coverage areas with a minimum number of users roaming between them.

Note 

Roaming between cells that are interconnected by a WDS link works exactly the same as for cells that are interconnected via Ethernet. When a station is relocated from one cell to another, the access point's "bridge learn tables" is updated via a hand-over request message that is part of the Inter Access Point Protocol (IAPP) to reflect the station's new location.

Routers and Switches. These devices provide end-users with the ability to roam the confines of the wired LAN without interruption. But this requires the wireless network to integrate seamlessly with the wired network's routers and switches.

The main function of a router is to keep network traffic at a manageable level, ideally five percent of network capacity, but again we run into the subnet issue-routers segment data to control traffic flow by dividing the network into subnets. (Routers can act as filters to the data as well.) However, since a router can be configured, its functions can be customized to meet a network's demands, including a roaming user-base.

A switch's tasks are usually a bit different than a router's-they are normally responsible for segmenting data to various ports, i.e. acting as subnets within the network. Switches are more affected by mobile devices roaming the network than routers. This means a switch is usually the roadblock when end-users who roam have problems maintaining a consistent connection. For instance a mobile user might be dropped from the network if the switch cannot keep up with the roaming computing device's hops from subnet to subnet.

Seamless IP Mobility

Many readers might wonder at the fuss over network mobility. After all there is a certain degree of mobility in IP networks today. Just look at the Internet, the king of IP networks. An Internet user can move from one city to another and essentially have connectivity and the same set of services available everywhere. But this type of nomadic mobility means that end-users have to shut down an application or a session and restart it when they connect at the new point of attachment.

While for many users, this type of mobility is sufficient, for others it's not-especially the computing nomads who are the most frequent users of wireless networks. This group demands seamless mobility where session continuity is maintained even as the mobile device changes its network point of attachment or interface type. One method that can be used to provision a wireless network to support employee mobility is to create a separate sub-network within the existing wired network, where all wireless access points are wired back to a single hub. While this method can simplify network administration, it requires extra cabling, upping the costs of the WLAN.

Note 

When a WLAN or WLAN/LAN Distributed System is correctly designed for roaming, a roaming computing device can move from subnet to subnet and in and out of a fixed Ethernet 802.3 connection or interface to an 802.11 WLAN interface without even a blip on the computer screen.

Various solutions to the seamless-mobility problem have been proposed. These can be classified according to the layer of the OSI model at which they're implemented. The approaches may vary, but the end result is always the same: seamless continuity of applications or sessions. Hence, mobility can be solved at the Data Link Layer, the Network Layer or the Application Layer, as shown in Figure 7.12.

Figure 7.12: Various solutions have been proposed to solve the problem of seamless continuity of IP sessions and applications. They can be classified according to the layer of the OSI model at which they are implemented.

Application Layer: Application Layer mobility essentially moves the burden of managing the session and the underlying changes at the Network Layer's IP layer to the Application Layer protocol itself. For example, File Transport Protocol (FTP), which is commonly used for downloading files, music or video, would have to be enhanced to support mobility. What happens to other applications if FTP is extended? Mobility would have to be added to Simple Management Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), Session Initiation Protocol (SIP), HyperText Transfer Protocol (HTTP) and every other Application Layer protocol used. Applications would have to be rebuilt to support mobility. Such an approach is not viable. The impact is too drastic and backward compatibility would be a major issue. A shim could be developed, however, to sit between the application and the transport layers to perform the mobility task. NetMotion Wireless Inc. takes that approach.

The concepts behind the NetMotion Wireless solution are analogous to the Internet Engineering Task Force (IETF)-defined Mobile IP, which refers to protocol enhancements that allow transparent routing of IP datagrams to mobile nodes within an IP extended network environment. The major difference between NetMotion's approach and the Mobile IP approach is that the mobility solution is based on a shim, or driver, that sits between the Application Layer and the Transport Layer. Because the driver sits beneath the Application Layer, applications are unaware of the mobility mechanism in place. And because there is no change in the IP stack, rebuilding the operating system or replacing or enhancing the IP stack of the mobile client becomes unnecessary. A mobility server acts as a proxy for the mobile device, which is assigned an IP address that results in packets destined for the mobile node being routed to the mobility server. The mobility server knows the mobile's current location and care-of address and is able to forward the packets.

This means that the NetMotion solution requires a mobility server as well as the installation of proprietary software on the client. The same is true for Mobile IPv4. However, since NetMotion's solution does not include the concept of a foreign agent, there are no agent advertisements, as required with Mobile IPv4. The motion-detection mechanism is based on either Data Link Layer triggers provided by the interface card driver or by DHCP discover broadcasts. Triggers from the Data Link Layer may be available for certain types of wireless technologies like 802.11, but getting such triggers from other wireless interfaces is a highly complex task.

Network Layer: Mobile IP (which we examine in detail later in this section) solves the mobility problem at the Network Layer. Network Layer mobility hides the changes in IP address and network attachments from the upper layers, thus applications are essentially unaware of mobility enhancements. It also provides mobility to all applications, rather than dealing with applications individually. The mobile IP scheme is derived from work done by the IETF, which defines Internet protocols and standards, and maintains the most developed and deployed model today.

Data, Link Layer: Drivers at the Data Link Layer can be developed to handle IP mobility. To understand, one way to think about Data Link Layer mobility is that the access technology handles all the mobility and the IP/Network layer is unaware of changes in the points of attachment. A device moving across 802.11 access points within the same Distribution System continues to maintain its sessions uninterrupted. Data Link Layer mobility solutions for seamless mobility across heterogeneous access media are extremely complex, so it is generally considered easier to instead develop and deploy a Network Layer solution.

In a network (wired or wireless), IP routing depends on a well-ordered hierarchy. At a network's core is the router. This device isn't concerned with individual users. It looks only at the first few bits of an IP address (the prefix) and forwards the packet to the correct network. Routers further out look at the next few bits, sending the packet to a subnet. At the edge, access routers look at the final parts of an address and send the packet to a specific networked device.

The hierarchy depends on devices that remain fixed to one network or subnetwork (subnet) and move between networks or subnets. In the case of an organization's networking environment, whether wholly wireless or a mixture of wired and wireless, when a computing device moves from one subnet and connects to another, its IP address must be altered. The result is that most computing devices don't have a permanent IP address, but acquire a new one each time they log on to a network. Most laptops, for example, have an IP address on the employer's network while docked at the office, but another one when accessing the employee's ISP while at home.

Mobile IP

IP addressing in a WLAN environment is not a problem if users don't often switch between subnets and if they are willing to log off and on again whenever they do. However, it is a problem if users need to stay connected while on the move, because it entails moving connectivity between subnets. Higher-level protocols, such as TCP, use the IP address to identify users, so a user can't maintain a TCP connection if the IP address changes. The solution to this is mobile IP, an IETF standard enabling users to keep the same permanent IP address no matter how they're connected.

One of the most popular methods for providing mobility within a networking environment is mobile IP with IP tunneling. The Internet Protocol (IP) is a connectionless protocol that operates at the OSI's Network Layer, meaning it avoids failures in intermediate networks by rerouting packets, an activity that brings into play the Transport Layer. The OSI's Transport Layer, which supports the majority of applications including the World Wide Web, uses the workhorse of the Transport Layer, the connection-oriented protocol, Transmission Control Protocol (TCP).

The two end points of a session or application use the IP address and the TCP port number at each end point as a tuple (an ordered sequence of fixed length of values of arbitrary types) to form a connection. Any change in those identifiers tears down the connection and breaks the session continuity. When a mobile node, such as a laptop or PDA moves from one point of attachment to another point of attachment, that node may be assigned a new IP address. This change in IP address will usually break an ongoing session. The relevance of a node moving to different points of attachment is especially high in wireless networks due to the mobility factor. Thus arises the need for IP mobility to support seamless session continuity even as the address of the node (one or both of the tuples in the connection, depending on whether both ends are mobile or one is static) itself changes.

The Network Layer's mobile IP is used rarely, partly because, until the WLAN explosion, there was little need for it and partly because present implementations (for IP version 4) waste bandwidth and require at least two precious IP addresses per user. But with wireless networking becoming ever more popular, mobile IP will become a blip on every WLAN manager's radar.

Every type of mobile IP depends on giving the mobile node two IP addresses: a permanent address on its home subnet, and a care-of address on another subnet. The permanent address is the one that higher-level protocols use, while the care-of address signifies the node's actual location within a network and its subnets.

At the moment there are two official versions of mobile IP, one for Internet Protocol version 4 (IPv4) and the other for use with the new IP version, 6 (IPv6). The design of these two mobile IPs varies to a certain extent.

Mobile IPv4 is not an inherent part of the IP stack and is an add-on that is built into nodes that require it. As a result, it is not universally used. Mobile IPv4 uses the basic concept of a home agent and a foreign agent, but because address space in IPv4 is a concern, many nodes share a single care-of address that is advertised by the foreign agent. As the names suggest, the home agent is a router in the mobile's home subnet and the foreign agent resides on visited links. In most cases, the foreign agent assigns the care-of address. (A mobile node can also obtain a care-of address for its own interface, called a co-located care-of address, but this is not the general model.)

Mobile IPv6 is still a work in progress. The IETF Mobile IP Working Group is in the process of developing routing support to permit IP nodes (hosts and routers) using either IPv4 or IPv6 to seamlessly "roam" among IP subnetworks and media types. This will support transparency above the IP layer within the OSI Network Layer, including the maintenance of active TCP connections and UDP (User Datagram Protocol) port bindings. Where this level of transparency is not required, Mobile IP will not be needed. In such instances, the Working Group assumes that solutions such as DHCP and Domain Name Service (DNS) updates will be adequate.

Mobile IPv6 provides many advantages over the mobility support provided for IPv4. This includes the fact that IPv6 is designed from the ground up to include route optimization. This means that the mobile and correspondent node communicate with each other without the support of a home agent. Hence, routing of packets between the session end points is optimal. Since the mobility support is a standard feature of IPv6, every IPv6 node is expected to support IP mobility. Therefore, the deployment and support of true IP mobility are expected only when IPv6 networks are widely built out and begin to replace the current IPv4 networks.

Let's look a little closer at how Mobile for IPv4 and IPv6 differ.

Whenever a computing device accesses a new subnet, it must acquire a new care-of address on the subnet it's visiting. In IPv4, this means requesting an address from a special mobility agent-essentially a DHCP server, with some authentication, authorization, and accounting (AAA) functionality added-on. On the other hand, IPv6 has so many addresses available that the mobile node can make up its own by combining the visited subnet's prefix with an identifier unique to the device, such as its MAC address. This eliminates the need for a mobility agent, which, in turn speeds up the process, and ensures that a care-of address is always available.

Back at the home subnet, another mobility agent, usually an edge router with some AAA functions keeps track of all the mobile nodes with permanent addresses on that network, associating each with its care-of address. The mobile node keeps the home agent informed of its whereabouts by sending a binding update whenever its care-of address changes.

When a computing device on another subnet within the network needs to correspond with the mobile node, it sends packets via the home subnet. The home agent must intercept these packets and forward them to the visited subnet via a process known as "tunneling." This allows correspondent nodes to use the permanent address and remain unaware of the mobile node's movements.

The next step depends on which type of mobile IP you're using. In IPv4, all packets intended for the mobile node are tunneled via the home subnet, where the home agent intercepts and forwards them to the care-of address. This is the simplest way to enable mobility, but it adds extra routing hops, uses more bandwidth, and increases latency. The latter is particularly important for wireless networks, where latency is already high and unpredictable.

Figure 7.13: Graphic A and B depict how mobility for IPv4 works, whereas Graphic C depicts mobility for Ipv6.

In the original version of mobile IPv4, mobile nodes sent replies directly to correspondents. For compatibility with higher-level protocols, the "source" address field in these packets had to be the permanent address on the home network, even though routers on the Internet would see that the packets were actually coming from the care-of address on the visited subnet or network. This wasn't a problem in 1996, but it is now.

Thanks to Denial of Service (DoS) attacks, where malicious packets often claim to be from fake IP addresses, routers have begun to incorporate ingress and egress filtering whereby routers only allow a packet through if its source address field is consistent with its origin. To get around these filters, mobile IPv4 was updated in 2002 to include reverse tunneling. Instead of taking a triangular path, all packets travel via the home subnet in both directions. Unfortunately, this step wastes even more bandwidth and adds further latency, making it unsuitable for any wireless network running bandwidth intensive applications.

Mobile IPv6 reduces the bandwidth and latency problems by avoiding tunneling as much as possible. Though the first few packets of every session are still tunneled via the home agent, the mobile node also sends binding updates to every correspondent. Future packets can be sent directly, just as if the mobile node belonged on the network it was visiting. You can apply the same principle to entire mobile subnets, such as a WLAN inside a moving vehicle.

You can accomplish this with extensible headers, a feature allowing IPv6 packets to contain extra protocol information to deal with issues such as QoS and prioritization. Extensible headers allow each packet to contain both the permanent and the care-of address, satisfying both higher-level protocols and routers. However, the extra bandwidth taken up by this information can be significant, especially for small packets such as those used in VoIP. That is why IPv6 uses the robust header compression (ROHC) standard. By taking advantage of the fact that consecutive packets often have identical headers, ROHC can reduce header size by around 95 percent.

Because a mobile node can move rapidly, it might have several care-of addresses at any one time. These addresses include the primary one, representing the subnet the node is attached to, and several older ones on subnets the node previously passed through. Packets sent to these older care-of addresses must be tunneled by agents on the previously visited subnet, just as if they were sent through the home subnet. To prevent a node from accumulating too many old care-of addresses, mobile IPv6 provides binding updates, which always include an expiry time for a care-of address.

The mobile node registers its care-of address with its home agent, and the home agent forwards packets destined for the mobile node to the care-of address via an IP-in-IP tunnel. The tunneled packets are stripped out of the outer header and the inner packet is delivered to the mobile node. Because the application/session is using the home address, session continuity is maintained. As the mobile node moves, it obtains a new care-of address and performs a re-registration with the home agent to indicate its new care-of address, and the tunnel end point is changed to the new care-of address.

All of this would seem to require extra functionality within every device connected to the network; edge routers must be able to tunnel packets not just to their own mobile nodes, but also to other nodes that have previously used a care-of address on their network; TCP/IP stacks on individual devices must be able to understand the difference between a permanent and a care-of address. However, such functionality is standard in the IPv6 specification, whereas the ability to act as a home or foreign agent has to be retrofitted to IPv4 devices. These facts, rather than the larger address space, is why the wireless industry is so keen to promote IPv6 adoption.

IP Mobility Solutions

While a few proprietary IP-mobility solutions have been developed, the emphasis remains on developing Mobile IP standards-based solutions with enhancements to handoffs, security and tunneling. A few of the companies developing solutions based on Mobile IP include not only the above-mentioned NetMotion, but also Flarion Technologies, a company that has developed an all-IP mobile network based on FlashOFDM as the air interface and uses Mobile IP for roaming and handoff support. The Flarion architecture includes a RadioRouter base station, a concept that puts the access router at the very edge of the network. Here, the access router that terminates IP between the mobile and the network is located at the base station instead of at a distant point deep in the network.

The RadioRouter base station is connected to a packet data network. Mobility is accomplished using Mobile IPv4 albeit with enhancements to support fast handoffs at up to vehicular speeds for real-time services like VoIP and video streaming. Flarion has also demonstrated seamless handoffs between 802.11-based WLAN networks and the Flarion FlashOFDM-based network, using Mobile IP as the IP mobility glue.

Other Mobile IP-based solutions are available from Birdstep Technology, ipUnplugged and Airvana (for 3GPP2). Though standards based, almost all have their own enhancements in terms of security and handoff speed. Also, ipUnplugged, in conjunction with Airvana Networks, has demonstrated seamless mobility between 802.11 WLAN and cdma2000 1xEV-DO networks.

Mobile IP's Downside

While mobile IP is widely used, some drawbacks should be considered before implementing this mobility solution.


 < Day Day Up > 

Категории