Sideseadmed IRT 0040 2 5 AP Avo LOENG

Sideseadmed (IRT 0040) 2. 5 AP Avo LOENG 2

Raadiressursi jaotus Operator A Operator B Operator N Joint radio access system Joint frequency range

Infrastructure based networks Uses fixed base stations (infrastructure) which are responsible for coordinating communication between the mobile hosts (nodes)

Hidden Nodes - a Qo. S Issue • If you can’t see a frame you can’t avoid colliding • RF characteristics make it hard to see all frames • Hidden nodes usurp priority and break service commitments • Only the AP can see and be seen by all nodes. Hidden

• The Light Weight Access Point Protocol is used between APsand a WLAN Controller • LWAPP carries control and data traffic between the two • It facilitates centralized management and automated configuration • Open, standards-based protocol ––Submitted to IETF CAPWAP WG

Lightweight AP WLAN Concept

Autonomous Deployments • Each AP had its own view of the network – like standalone cell towers • No hierarchical view of the RF – or the network

Centralization – not a new idea • Original cellular networks were nodal. • Lots of call drops • Lots of administration • Roaming wasn’t very good • Not capable of providing advanced services

Enter the Base Station Controller Management/Control • Complete view of the network • Improved roaming • One point of administration • Enabled provisioning of advanced call services Base stations are used to handle setup, handovers, and other functions across an entire cellular network.

Enter The Wireless Controller DHCP LWAPP DNS RADIUS ACS HPOV Control and Management

System Layers

Basic LWAPP Architecture AC LWAPP (C=0) 802. 11 Assoc. Req LWAPP (C=0) 802. 11 Assoc. Resp LWAPP (C=0) 802. 11 Data Frame WTP 802. 11 Assoc. Req 802. 11 Assoc. Resp 802. 11 Data Frame STA

Unified Wireless Network Unified Advanced Services –Unified cellular and Wi-Fi Vo. IP. Advanced threat detection, identity networking, location-based security, asset tracking and guest access. World-Class Network Management –Same level of security, scalability, reliability, ease of deployment, and management for wireless LANs as wired LANs. Network Unification • Integration into all major switching and routing platforms. Secure innovative WLAN controllers. Mobility Platform • Ubiquitous network access in all environments. Enhanced productivity. Proven platform with large install base and Client Devices 61% market share. Plug and play. • 90% of Wi-Fi silicon is Certified. “Out-ofthe-Box” wireless security.

Centralized Wireless LAN Architecture • Controller – 802. 11 MAC Mgmt – (re)association requests & action frames – 802. 11 data – encapsulate and sent to AP – 802. 11 e Resource Reservation – control protocol carried to AP in 802. 11 mgmt frames – signaling done in the controller. – 802. 11 i Authentication & Key exchange • AP – 802. 11 – beacons, probe response, auth (if open) – 802. 11 control – packet ack & retransmission (latency) – 802. 11 e – frame queuing & packet prioritization (real-time access) – 802. 11 i – Layer 2 encryption WLAN Controller LWAPP Lightweight Access Points

LWAPP • LWAPP - Light Weight Access Point Protocol is used between APs and WLAN Controller • LWAPP carries control and data traffic between the two – Control plane is AES-CCM encrypted – Data plane is not encrypted • It facilitates centralized management and automated configuration Business Application • Open, standards-based protocol (Submitted to IETF Data Plane Access Point CAPWAP WG) LWAPP Controller Wi. Fi Client Control Plane

Protocol for Centralization • LWAPP = Light. Weight Access Point Protocol • Standardized Interface between an access point and a centralized controller • Defines: – Association of APs Authentication of APs Control of APs • Works across L 2 / L 3 boundaries • Design goals: – – – Zero-config deployment Secure deployment Centralization Controllers • • • Security Policies Wireless IDS Qo. S Policies RF Management Mobility Management IPSec Encryption Access Points • • • Remote RF interface Timing critical functions L 2 Encryption

LWAPP Modes Layer 2 • Layer 2 LWAPP is in an Ethernet frame (Ethertype 0 x. BBBB) • Cisco WLAN Controller and AP must be connected to the same VLAN/subnet LWAPP-L 2 : Data Message MAC Header LWAPP Header (C=0) LWAPP Header (C=1) Data … Control Msg LWAPP-L 2 Lightweight Access Points LWAPP-L 2 : Control Message MAC Header Cisco WLAN Controller Control Elts …

LWAPP Modes Layer 3 • Layer 3 LWAPP is in a UDP / IP frame LWAPP-L 3 : Data Message MAC Header IP UDP=12222 LWAPP Header (C=0) Data … LWAPP-L 3 3 • Cisco Controller and AP can be connected to the same VLAN/subnet or connected to a different VLAN/subnet • Requires IP addressing of Cisco Lightweight AP Cisco WLAN Controller LWA PP-L – Data traffic uses source port 1024 and destination 12222 – Control traffic uses source port 1024 and destination port 12223 LWAPP-L 3 Lightweight Access Points LWAPP-L 3 : Control Message MAC Header IP UDP=12223 LWAPP Header (C=1) Control Msg Control Elts …

The need for Client Mobility • Wireless LAN is not only about wire-less • Need for mobility, and not only “hotspot” connectivity • Mobility is when a client move from one Access Point to an other • Access points can be on a single Controller or on different Controller • Client need to keep IP connectivity (same IP address) • Client Mobility is mandatory for some applications (Voice, Video, Business Applications, …) Controller 1 Controller 2 Subnet A AP B Subnet B AP C AP D

Client Mobility • Different Client Mobility levels [L 2 Mobility [L 3 Mobility : Conceptually similar to Proxy Mobile IP – Foreign and Anchor Controllers – Asymmetric traffic flow • What about Security ? [PKC – Proactive Key Caching WPA 2 / 802. 11 i Fast Roaming

Mobility Groups • Mobility Group is a “Cluster of Controllers” that share information between them (e. g. client context and state, controller “load”, etc. ) • Up to 24 Controllers per Mobility Group • Mobility Group facilitates seamless roaming at both L 2 & L 3 • Configuring a Mobility Group: IP connectivity between all devices Same Mobility Group Name (IS case sensitive) Same Virtual Interface IP address Each device is configured with the MAC and IP of every other device in the group

Layer 2 Mobility move • All controllers in same Mobility Group • Client connects to AP A on Controller 1 – Client database entry created • Client roams to AP B on Controller 1 Client Database MAC, WLAN, AP, Qo. S, IP, Sec, … – Proactive Key Caching (PKC) provides fast roam times for WPA 2/802. 11 i clients. No need to re-authenticate to Radius server. Controller 1 Mobility Announcement Controller 2 • Client roams from AP B (Controller 1) to AP C (Controller 2) – Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC – Controller 1 responds, handshakes, ACKs – Client database entry moved to Controller 2 AP A AP B AP C AP D • PMK data included (master key data from Radius server) – Proactive Key Caching provides fast roam times for WPA 2/802. 11 i clients. No need to re-authenticate to Radius server. • Roam is transparent to client • Same DHCP address maintained • Proactive Key Caching with WPA 2/802. 11 i (Funk or MS client)

Layer 3 Mobility • • • – – MAC, WLAN, IP, Sec, ANCHOR… – MAC, WLAN, IP, Sec, FOREIGN… Ethernet in IP Tunnel Client database entry created as ANCHOR Controller 1 Controller 2 makes a Mobility Announcement to peers in Mobility Group looking for Controller with client MAC Controller 1 responds, handshakes, ACKs Client database entry copied to Controller 2 • • Client Database copy Client roams to AP C on Controller 2 – • Client Database All controllers in same Mobility Group Ethernet in IP Tunnels automatically created between controllers Client connects to AP B on Controller 1 Controller 2 Mobility Announcement Subnet A Subnet B Marked as FOREIGN PMK data included (master key data from Radius server) AP A Proactive Key Caching provides fast roam times for WPA 2/802. 11 i clients. No need to re-authenticate to Radius server. AP B AP C AP D Client roams to AP on 3 rd Controller – Same as above except FOREIGN client DB entry moved from previous Foreign Controller • • • Roam is transparent to client Traffic from client to network exits at Foreign Controller Traffic to client tunneled from Anchor to Foreign Controller Same DHCP address maintained Proactive Key Caching with WPA/802. 11 i (Funk or MS client)

Specific Mobility : Guest Access • The traditional approach to segmenting guest traffic requires ‘pulling’ the guest VLAN through the corporate network Internet – Many companies can’t or won’t do this Isolated Guest Corp User Corp Intranet 802. 1 Q WLAN Controller (Policy) LWAPP AP Corp SSID Guest SSID Corp SSID LWAPP AP Guest SSID Internet

Tunnel Guest Traffic • By tunneling all guest traffic to a DMZ controller, traffic originates and terminates in the DMZ • Guest clients logically reside in the DMZ network • No changes required to existing infrastructure except adding FW rules • Add additional DMZ controllers for scalability • Each DMZ controller can handle up to 40 tunnels Internet Guest WLAN Controller Eo. IP IP Proto 97 “Guest Tunnel” Corp Intranet WLAN Controller LWAPP AP Corp SSID Guest SSID

Ad-hoc networks • Consists of mobile nodes which communicate with each other through wireless medium without any fixed infrastructure

Ad-hoc On iseseadistuv võrk, kus seadmed käituvad ruuteritena ning võivad oma asukohta ruumis muuta.

MANET Difficulties for routing H E F G B C X X A X D § limited connectivity due to transmission range of signal § Low bandwidth § Higher error rates § Vulnerable to interference § Power consumption § No specific devices to do routing § Dynamic nature - high mobility and frequent topological changes

Mobile Ad Hoc Networks • Meaning of the word “Ad hoc” is “for this”, means “for this purpose only”, implies it is a special network for a particular application. • A mobile ad-hoc network (MANET) is a self configuring network of mobile routers (and associated hosts) connected by wireless links—the union of which form an arbitrary topology. • The routers are free to move randomly and organize themselves arbitrarily; thus, the network's wireless topology may change rapidly and unpredictably.

Characteristics and tradeoffs • Characteristics – – Decentralized Self-organized Self-deployed Dynamic network topology • Tradeoffs – Bandwidth limited – Multi-hop router needed – Energy consumption problem – Security problem

Adhoc Routing Protocols Wireless Routing Protocol (WRP) Proactive routing Destination Sequence Distance Vector (DSDV) routing protocol Fisheye State Routing (FSR) Distance Routing Effect Algo. for Mobility (DREAM) Location-based routing Dynamic Source Routing (DSR) protocol Uniform routing Temporally-Ordered Routing Algorithm (TORA) Reactive routing Adhoc On-demand Distance Vector Routing (AODV) Location-based routing Associativity Based Routing (ABR) protocol Link-stability based routing protocol Signal Stability-base adaptive Routing (SSR) Link-stability based routing protocol Zone Routing Protocol (ZRP) Zone-based routing Location Aided Routing (LAR) Hybrid routing protocol Hybrid Adhoc Routing Protocol (HARP) Hybrid routing protocol Zone-based Hierarchical Link State routing (ZHLS) Hybrid routing protocol

Ad Hoc Routing Protocols Proactive (table-driven) • DSDV • WARP • DREAM Reactive (on-demand) • DSR • AODV • TORA Hybrid • ZRP • HARP

Residential Modem Base Station Business Modem Portable Modem Management System Network Planning

Rahakulu ja katteala

Lingid http: //www. cs. umd. edu/~clancy/docs/lwappreview. pdf http: //www. ieee 802. org/21/ http: //www. ieee 802. org/11/ http: //www. ietf. org/rfc 3990. txt

Lingid http: //en. wikipedia. org/wiki/AODV http: //en. wikipedia. org/wiki/Mobile_adhoc_network http: //moment. cs. ucsb. edu/AODV http: //core. it. uu. se/core/index. php/Main_Page