How to Stabilize and Scale Wireless Network Architectures
WiFi networks are used every day to connect with others, access business data, and learn. Increasingly, the primary means of network access is wireless. The 802.11 standards, the IEEE standard for WiFi, have become more and more efficient. And the hardware and software backing these standards has become more resilient and capable in the last 10 years, reducing the need for physical network cabling in many network applications.
All of this research and progression, however, means very little if wireless networks are not carefully planned and designed. What follows are the key principles and practices you should understand as part of your CWNA certification exam preparation, and to prepare you for designing and maintaining real-world WLAN implementations. Let’s start with the different WLAN architectures you can use to build your wireless deployments.
3 WLAN Architectures: What You Need to Know
There are three primary WLAN architectures to become familiar with. These three architectures are designed for very specific wireless applications:
Autonomous WLANs. These are typically single-radio deployments, and is likely the type of wireless network you have in your home. In these deployments, the wireless access point contains everything needed to provide wireless communication, authentication, and traffic flow for client devices. These wireless networks do not scale well, nor do they allow you to manage multiple radios in a large deployment. They are great for small home and office networks.
Centralized deployments. These involve multiple radios using a minimal amount of features to process client traffic and tunnel it through to a centralized controller, called a WLAN controller. This traffic routing method is called centralized data forwarding. In this scenario, traffic is tunneled to the WLAN controller with IP protocols, the most common being the Generic Routing Encapsulation or GRE. This is because 802.11 frames are designed for wireless radios, and cannot physically be modulated over 802.3 ethernet networks.
Once the GRE encapsulated 802.11 frames reach the WLAN controller, they are de-encapsulated and processed on the controller. These types of deployments are often used in large local area network (LAN) deployments where many wireless clients must access local services or the internet. In this type of deployment, the WLAN controller provides authentication, roaming, Quality of Service (QoS), load balancing, and other services to enable quality network connectivity for client devices, while the access points facilitate traffic flow and respond to instructions from the controller. Centralized deployments offer great availability for wireless clients, as they leverage multiple access points (radios). As such, if one radio stops functioning, clients can roam to the others in the deployment to continue network functions.
Distributed deployments. These are used in the same scenarios as centralized deployments, but instead of leveraging a centralized WLAN controller for management, control, and data functions, the access points themselves share this burden of responsibility equally. Essentially, the access points behave like a fully managed controller-based system, while exchanging information between each other about security, traffic flow, client roaming, and other factors.
Distributed deployments are often the best way to scale a WLAN solution serving many clients, as the capacity for client traffic and other needs increases as you add more access points to the deployment. These deployments leverage distributed data forwarding, which means each access point handles the forwarding of network traffic to the next hop, instead of tunneling this traffic to a central controller.
Distributed architectures provide the best chances of wireless availability for clients, as other access points can take over clients if one becomes inoperable. Distributed architectures are also the best choice for large campus deployments with multiple buildings, as the wireless traffic does not have to traverse higher-latency links between sites to reach destinations, as in a centralized wireless architecture.
Another advantage that centralized and decentralized architectures have over Autonomous deployments, is that they can leverage Basic Service Set Identifiers, or BSSIDs, to create multiple wireless networks on the same set of access points. These BSSIDs can then be assigned to specific virtual local area networks (VLANs), which allow you to specify which clients can connect to which subnets. This is a very valuable segmentation and security feature. BSSIDs and VLANs allow you to use the same physical infrastructure to build multiple (virtual) local area networks for clients to access.
Each of these architectures is made up of many different protocols and services, which enable them to function. These protocols and services are defined by the 802.11 wireless standards and are categorized into three logical planes. This framework will help you understand how WLAN architectures work.
3 Control, Management and Data Planes
There are three fundamental components of any wireless network that you must understand to properly design, deploy, and administer wireless local area network architectures. These components are called planes, as a way to logically define units of processing and certain activities that exist across wireless networks. First, let’s break them down and learn what each consists of:
- Data Plane
- Management Plane
- Control Plane
Data Plane. This is likely the one you’re most familiar with, and what most people are thinking about in wireless networks. The data plane, quite simply, is the end-user or service data being transmitted over the wireless network. This could be email, web requests, Twitter posts, SIP phone calls, or many other types of data. User data is transmitted and received by a wireless access point (WAP or AP) and either handed off directly to a switch/router or tunneled through a WLAN controller, which we will talk about next. The data plane is the stuff that end users care about accessing; so any time we’re dealing with the data plane, we’re talking about the end-user traffic and content that is traversing our wireless network.
Management Plane. The management plane refers to the set of interfaces, services, and configuration settings that enable you as a WLAN administrator to manage and monitor your wireless service sets (WLANs). For example, a Cisco Wireless LAN controller provides a web or console-based interface for you to configure SSID names, WPA2 Personal passwords, wireless channel, and RF power settings. These interfaces are considered part of the management plane and are what allow you to monitor the health of your WLAN deployments, as well as react with changes to the configuration, without having to handle changes at the bit level.
Control Plane. The control plane refers to the set of protocols and behaviors that are used by embedded systems to carry out your desired WLAN configuration. Examples of protocols in this plane are Spanning Tree Protocol (STP), Dynamic Radio Frequency Parameters (which control channels and power levels across a set of access points), Client Roaming activities, and others. These are effectively the behaviors built into the 802.11, Quality of Service (QoS), and other network standards to create the desired behavior on the network for client devices.
These logical planes become useful when you consider that each of them can exist on every single access point within your environment. In large indoor or outdoor spaces, where many clients must connect to your wireless networks, this becomes very inefficient. This is the primary cause of poor wireless performance in dense coverage scenarios. More times than not, a small business that grows very quickly ends up deploying more of the same old access point they used in their startup days, which employs a “fat” configuration of control, data, and management functions.
4 Potential Issues Associated With Planes
These are autonomous WLAN architectures, and consist of technology you might purchase at a local electronics store. They are meant for small and home office deployments and don’t provide coverage across multiple access points in an efficient way or coordinate with other radios. This duplicate homing of the control, data and management planes causes several issues:
- Lack of coordinated, centralized control and monitoring for administrators. This makes it difficult to detect and respond to incidents or make changes to your wireless environment.
- Inability to share wireless service sets across access points, which means no assisted Layer 2 roaming, and no Layer 3 roaming is possible. This has a particularly negative impact on voice, video, and other real-time protocols, as roaming is left to the client to handle, and every device does it differently.
- No implementation of WPA2 enterprise authentication, which uses certificates or passwords with multiple factors of authentication to secure network traffic.
- Lastly, and potentially the worst consequence, is that the lack of coordination between autonomous access points means that even if you broadcast the same network across all of them, and one loses its uplink, clients will still connect that radio, even though there is no possible way to achieve a network connection. In a distributed or centralized system, access points “know” that they must not serve clients if their uplinks go down. This is the difference between a graceful, non- urgent failure, and creating a wireless jammer for all of your wireless traffic.
Spreading control, management, and data planes in a distributed fashion is the best way to achieve scalability and availability for wireless deployments. Applying these practices and understanding these principles is key to successful WLAN deployments. Great design through deep understanding is the key to bringing meaningful business results for your customers and stakeholders.