Embed Size (px)
Citation preview
+
Chief Information Security OfficerNetwork infrastructure team leader
www.segi.be [email protected]
ULiègeover WLAN
13/12/2017
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architectures
nWiFi@ULiege
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
© 2017 SEGI ULiege – Simon FRANCOIS
+.: University of Liege overview :.
n Univ & teaching hospitals
n 5000 + 5000 staff
n > 23000 students
n Privately held companies
n > 30 remote sites / branch
n Wide campus
© 2017 SEGI ULiege – Simon FRANCOIS
+.: IT Dept. overview :.
n IT staff : 105
n Network & Security : 8
n 100,000 network wall plugs
n 2,300 WiFi access points
n 1800+ vServers / 2 DC
n Mass storage, NIC
n 2x10 Gbps internet BW
n Kind of small ISP
© 2017 SEGI ULiege – Simon FRANCOIS
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architecture
nWiFi@ULg
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
+.: RFM in-depth (1) :.
n Don’t deploy wireless infrastructure until you understand RF
n Wireless signal main signatures :n Carrier frequency
n Signal band (spectrum) width
n Signal power at transmitter’s antenna
n Signal power at receiver’s antenna
n Signal to noise ratio
n Duty cycle
n Needed for site surveys, interferences management…
Radio Frequency (RF)
© 2014 SEGI ULg – Simon FRANCOIS
+.: RFM in-depth (2) :.WiFi Bands and Channels – 2,4GHz (UHF)
© 2016 SEGI ULg – Simon FRANCOIS
One channel = 20 MHz wide, except for (deprecated) 802.11b (22 MHz)
+.: RFM in-depth (3) :.WiFi Bands and Channels – 2,4GHz (UHF)
© 2016 SEGI ULg – Simon FRANCOIS
Warning when using 1-5-9-13 :- Neighbours using 1-6-11- Poorly manufactured antennæ overflow out of channel boundaries
+.: RFM in-depth (4) :.WiFi Bands and Channels – 5GHz (SHF)
© 2016 SEGI ULg – Simon FRANCOIS
2,4 GHz used by 802.11b/g5 GHz used by 802.11aBoth used by 802.11n/ac
+.: RFM in-depth (5) :.WiFi Bands and Chans – 2,4GHz (UHF) vs 5GHz (SHF)
© 2016 SEGI ULg – Simon FRANCOIS
+.: RFM in-depth (6) :.
n Obstacles are legionn Walls of course, but what about :
n Metal ?
n Mirrors ?
n Aquariums (water) ?
n Wind or fog ?
n Humans ?
n Paper ?
n Bushes and trees ?
Interferences and obstacles
© 2014 SEGI ULg – Simon FRANCOIS
+.: RFM in-depth (7) :.
n LBT: WiFi is a polite protocol
n Unlicensed frequency bands
n Interferences are WiFi’s worst enemyn motion sensors, n wireless cameras, n microwave ovens, n other WiFi devices, n false-DECT phones, n bluetooth devices, n machinery, n Zigbee, n Fairy lights…
Interferences and obstacles
© 2015 SEGI ULg – Simon FRANCOIS
+.: RFM in-depth (8) :.2,4GHz (UHF) vs 5GHz (SHF)
n All clients are compliant
n Legacy propagation range
n Flooded by interferences
n 3 to 4 channels max
n Less bandwidth
n Hard site survey (because of channel assignment)
n Legacy, low-end/cheap clients don’t have 5 GHz antennæ
n Slightly shorter range
n Much fewer interferences
n 19 channels for Europen Up to 160MHz channelsn Easy site survey and
channel assignmentn Warning : weather-radars +
military usage (DFS+TPC)
2,4GHz 5GHz
© 2017 SEGI ULiege – Simon FRANCOIS
+.: RFM in-depth (9) :.Bands and Channels – future frequency bands & standards?
© 2015 SEGI ULg – Simon FRANCOIS
802.11ad : up to 60 GHz à 5Gbps !802.11af : below 1 GHz802.11ah : 700 MHz, 860 MHz,
902 MHz…
+.: RFM in-depth (10) :.LPWAN
© 2017 SEGI ULiege – Simon FRANCOIS
n LPWAN (Low-Power Wide-Area Network) practicalexamples : LoRa ; Sigfox
n 868 MHz ; single channel ; UNB (Ultra Narrow Band) ; very slow transmissions by design…
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architecture
nWiFi@ULg
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
+.: WiFi Engineering features (1) :.
n Cables and bandwidthn Bringing a cable is as expensive as buying an AP.
n 802.11ac and 802.11ad claim performances > 1Gbps
n Power over Ethernet : PoE, PoE+, UPoE…n No need to bring a power cable : power goes through your ethernet
n Two cables or… mGig ?n And bring 1/2,5/5/10Gbps on Cat5e/Cat6
Challenges
© 2015 SEGI ULg – Simon FRANCOIS
+.: WiFi Engineering features (2) :.
n Crowded placesn Imagine auditorium 604n Each and every student with laptop + smartphone + tablet
n More access-points !n Simplest solution to crowded places ?n With caution ! Mind channel overlapsn è Disable some 2,4 GHz antennæ
n Use directional antennæ
Challenges
© 2015 SEGI ULg – Simon FRANCOIS
+.: WiFi Engineering features (3) :.Opera - auditorium 1
© 2015 SEGI ULg – Simon FRANCOIS
+.: WiFi Engineering features (4) :.
n (unintentional) selfish usersn Consuming all bandwidth
n Airtime fairnessn Solution to selfish users
Challenges
© 2015 SEGI ULg – Simon FRANCOIS
+.: WiFi Engineering features (5) :.
n Underused access-pointn While other neighbor APs have too many clients
n Client load balancingn Solution to crowded places and underused Aps
Challenges
© 2015 SEGI ULg – Simon FRANCOIS
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architecture
nWiFi@ULg
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
+.: WiFi Architecture (1) :.
n Local = each and every access-point takes decisions and switches traffic. n Only architecture available for 1st generation WiFi (2005)
n Centralized = use of central equipment called “controller”n All wireless traffic must go through the controller
n Controller takes decisions, and switches traffic… Possibly back to the access point (think of VoWLAN phones)
n Controller can (must !) be duplicated and work in failover to avoid SPoF
n While they catch all the traffic, controllers are ideal for accounting
Local Switching vs Centralized
© 2014 SEGI ULg – Simon FRANCOIS
+.: WiFi Architecture (2) :.Local vs Centralized
n Faster, direct switching
n Normal bandwidth usage
n No bottleneck
n No centralized accounting
n No correlation between APs
n Few management features
n Slower switching by distant controller
n Bandwidth waste
n Controller is such a bottleneck
n Full accounting, security point
n Full correlation à fasterroaming, easier channelselection…
n Easier management
Local Centralized
Winner ??© 2014 SEGI ULg – Simon FRANCOIS
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architecture
nWiFi@ULg
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
+.: WLAN @ ULiège :.Stats : 2017 (2013)
n > 2200 WiFi access points (Uliege+CHU)n Cisco 2602 model n Cisco 2702 model (+802.11ac)
n a/b/g/n/acn 10% (0%) using 802.11acn 55% (72%) using 2,4GHz 802.11nn 34,7% (22%) using 5 GHz 802.11nn 0,25% (6%) using 2,4GHz 802.11gn 0,05% (9)… people using 802.11a
n 3 SSIDn Guestn ULg-Securedn eduroam
n > 15,000 (4500) concurrent auth users
n > 27,000 ≠ users per week
n > 45,000 ≠ users per year
n 80% secured connections
n > 110TB traffic per month
© 2017 SEGI ULiege – Simon FRANCOIS
+.: Agenda :.
n IT Dept. and network overview
nRadio Frequency Management
nWiFi engineering features
nLocal vs Centralized architecture
nWiFi@ULg
nPitfalls, or why WiFi = Evil
nTelecom and server rooms tour
© 2014 SEGI ULg – Simon FRANCOIS
+.: Pitfalls :.
n Wireless communications will NEVER be as reliable as wired isn (intentional) interferences, obstacles…n !! VoWLAN
n Wireless communications will NEVER be as secured as wired can be
n Client load balancing, wayfinding, aso. … don’t work well !
n Most decisions are taken client-siden Network admins are helpless, no global policy
n àWiFi was designed as a home technology
It’s a trap !
© 2015 SEGI ULg – Simon FRANCOIS
