Wireless luxemburg february 2013

MOBILITY TRACK – WLAN AND “SIMPLY CONNECTED”

Frank Baeyens

Senior System Engineer

[email protected]

2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net

AGENDA

Juniper WLAN what’s new

Q&A

Juniper ‘Simply connect’ intro

Juniper WLAN Solution

BYOD ‘Simply Connect’ overview


JUNIPER WLAN SOLUTION


WLAN ManagementWLAN Controller

COMPONENTS OF A WIRELESS LAN

Access Point

TrustedClient

802.1xAuthentication

EncryptedMAG

Access

Firewall

Wireless LAN CONTROLLER

(WLC)

CampusCore

(Location)WLM1200

WLANManagement


JUNIPER WLA SERIES ACCESS POINT FAMILY

Entry level 802.11n Indoor 11n Outdoor 11n

2x2 MIMOSingle Radio Entry-level AP

WLA321-WW

2x2 MIMODual Radio All-Purpose

AP

WLA322-WW

2x2 MIMODual Radio

High Density

WLA522(E)-WW

WLA Series Highlights

Highest performance APs in the industry Most cost effective APs in the industry Full featured Intelligent switching Spectrum analysis across the portfolio Bridging and mesh

3 x3 MIMO3 stream

Dual RadioMax.

Performance

WLA532(E)-WW

Fu

nct

ion

alit

y


Q!

JUNIPER WLC SERIES CONTROLLER FAMILY

WLC Series Highlights

Simplest solution in the Industry Highest Reliability in the industry Only vendor with In-service upgrades One software platform Full Featured distributed deployment

4 12 16 32 128 192 256 51264

4 AP

WLC2

WLC8

12 AP

16 - 128 11n AP’s

WLC800

Bra

nch

Cam

pu

sE

nte

rpri

se

16 - 256 11n AP’s

WLC880

64 - 512 11n AP

WLC2800

# of AP

4 - 256 AP’s

VMware

Virtual controller

4 - 32 AP

WLC100

1H-2013

1H-2013


Planning and deployment 3D predictive planning tool Indoor and outdoor network plan

Configuration and Verification Complete offline configuration System and service wizards Pushes configuration to WLCs

Monitoring and reporting By user, radio, AP, WLC, SSID 30 day history aids compliance WIDS/WIPS integration

Location aware Search by location Roaming history Geo fencing

RingMaster

Plan

Config

MonitorTroubleshoot

Report

JUNIPER WLM SERIES LIFE CYCLE MANAGEMENT


JUNIPER WIRELESS MANAGEMENTRINGMASTER


SMARTPASS – ACCESS CONTROL

SmartPass is a multi-faceted web-based, access control application suite

Guest access module Ease of use / Bulk user creation API for 3rd part application integration SMS / Email creation of guest coupons with

Self-Provisioning

Accounting database Detailed client accounting history Reporting available via RingMaster.

Access control module RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic

Radius) Location awareness for client sessions.

– Allow or deny access based on location

– Change any AAA attribute based on location Access Rules (location based, time based or a combination of both)

Centralized Guest Access

Database


Clustered controllers – act collectively as single virtual controller for wireless configuration

Old and Complex Approach

SIMPLICITY AT SCALE CONTROLLER CLUSTERING

Hot Stand-by orBack-up Controller

Controller A Controller B Controller C

VendorA

VendorB

Juniper’s Simplified Approach

x Scalex

Resiliency

x Reliability

Optimized for:

Management x

Discrete controllers operate independently for AP redundancy configuration

Optimized for:

Scale

Reliability

Resiliency

Management


Fat AP ArchitectureLocal Switching

Thin AP Architecture

Central Switching

Juniper WLAN Architecture

Local AND Central Switching

NO NEED TO COMPROMISE JUNIPER NETWORKS WIRELESS LAN EVOLUTION

xPerformance

xReliability

Security Management

Performance Reliability

Security Management

Performance

x Security x Managementx Reliability

Optimized for: Optimized for:Optimized for:


UNIQUE FLEXIBILITY OF THE CLUSTER ARCHITECTURE

Ring Master SmartPassAD/DHCP/DNSWLC1 / WLC2 WLC3 / WLC4

Remote Site 2

DC 1 DC 2192.168.1.0/24 192.168.2.0/24

Remote Site 1

192.168.5.0/24192.168.4.0/24

DHCP DHCP

WAN

192.168.3.0/24

192.168.6.0/24

As soon as WLC’s are installed on the same DC, AP affinity can be used


SINGLE POINT OF MANAGEMENTFEWER MANAGED DEVICES

Primary Seed

MemberMember Member

Secondary Seed


IN-SERVICE SOFTWARE UPGRADE

Member MemberMember

Secondary Seed

Primary Seed

AP moves associated stationsto alternate AP then upgrades

4

Secondary passes control back to Primary and

upgrades

2

Primary Controller initiates upgrade sequence; passes control to

Secondary and upgrades

1

Primary Seed coordinates individual member upgrades; Member moves APs to

backup controller and upgrades

3

HITLESSUPGRADE


AIRTIME FAIRNESS

What will Juniper’s Airtime Fairness do for the clients? Juniper’s Airtime Fairness will provide each clients with an equal amount of time to send traffic.When a client goes into retransmission for whatever reason, that client will get less time next time he wants to send traffic.This will improve the throughput for all of the other clients connecting to that ap.


AUTOMATIC CLIENT LOAD BALANCING

5 GHz capable client ‘encouraged’ to connect at 5 GHz

2.4 GHz only client connects at 2.4 GHz

Automatic Load Balancing per

RF Band

Band Steering


PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING

Alerting on interference source Classification and other properties

RSSI

Duty Cycle

Channel(s) impacted

Associated events with that source

Per AP historical information

30 day history

Spectrograph All channels in 2.4GHz and 5GHz band

Multiple AP views

Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history

Auto reconciliation for planned sources Automatic correlation between planned

and monitored source

Reduce false alarms


JUNIPER WLAN WHAT’S NEW


JUNIPER WL SERIES FLAGSHIP ACCESS POINTWLA532 INDOOR 802.11N AP

3 Industry Bests Highest Performance AP Lowest Power Consumption AP Smallest Form Factor AP

Mandate this technology in RFP 450Mbps data rate (3x3, 3 spatial stream)

What to know

• Juniper WLAN is 15-20% less expensive when comparing complete BOMs

• Juniper WLA 532 outperforms Cisco and Aruba by up to 35% as validated by Novarum

• Ideal for High Density environments

• Look movie about WLA532 http://techvangelist.net/juniper-at-wfd3

http://techvangelist.net/juniper-at-wfd3

http://techvangelist.net/juniper-at-wfd3


WLA532E AVAILABLE FOR USAGE EXTERNAL ANTENNA’S


REMOTE BRANCH ENHANCEMENTS

Branch

WLA532

SRX

EX2200

Resilient SSIDWLA in the remote branch will be able to accept new client requests in the remote branch while in outage mode on pre-configured back-up SSIDs, supporting either clear or PSK authentication.

Path MTUThis enhancement will make it possible to set the correct MTU size to avoid packet fragmentation.

Remote-site Country CodeThis enhancement will provide a way to group WLAs in remote sites, each such site having its own country-code for geographical deployed WLA’s.

WLAN Round Trip LatencyWireless clients will be able to authenticate to a WLA over high latency WLA-WLC connections.

Remote Office DFS SupportWLAs in outage mode will be able to change channels to avoid operating on radar enabled channels.

WIDS LoggingWhen in outage mode, rogue and other attack information can be forwarded to a log server directly from the WLA.

WAN

Ringmaster

SRX

EX4400WLC2800


WATCHED CLIENT LIST

New and Improved Client Watch List from legacy RM 5.0 version.

Allows RingMaster to collect detailed data for a subset of clients to assist troubleshooting.

Collected data includes session properties, location history, events, and statistics.

All the clients in the Watch List are tracked by MAC address.

Data lifetime: Non-trended data for Watch List clients including session details, events, and locations will be stored for 30 days.

Retrieves and stores RADIUS accounting data and location from the configuredSmartPass server


WATCHED LIST AP/CONTROLLER

RingMaster is able to collect detailed information for WLC's and WLA's. In the Equipment view of the Status Monitoring page, you can add WLCs and WLA’s to the Watched list

Data lifetime: This information is kept up to 1 Year.

The types of collected data include the following:- Name- IP Address- Model- Serial Number- Version- Mobility Domain- Last Updated

- Client Count- Client Count by SSID- Port Statistics- Traffic Information- Traffic by VLAN- Booted WLAs- CPU and Memory Management- Connectivity Graph


IF-MAP


IF-MAP(THE INTERFACE FOR METADATA ACCESS POINTS )IF-Map is a SOAP based protocol for publishing data to the MAP-server and querying or subscribing to get data from it.IF-Map is an open, non-proprietary standard that is multi-vendor compatible.


SMARTPASS IF-MAP SUPPORT

Wireless Clients

WLC

SmartPass

SmartPass 7.7 adds support for two IF-MAP use cases Guest User Federation – Guest users authenticating with SmartPass have

complete session information published to IF-MAP; UAC can apply dynamic policy based on “learned” sessions

IP-MAC Binding for Non-agented Dot1x Sessions – Dot1x users authenticate directly with UAC; WLC sends session IP-MAC binding to SmartPass via RADIUS acct and SmartPass updates dot1x session in IF-MAP

IFMAP

UAC

HTTP Redirect (guest users)

RADIUS Auth (dot1x users)

RADIUS Acct (dot1x users)


DEVICE FINGERPRINTING


DEVICE FINGERPRINTING SOLUTIONS

• All controllers and 11N WLA’s.

• Pre-configured list of device fingerprints.

• Additional fingerprints can be added by user.

• Device detection and attribute assignment is be supported with regular authentication mechanisms.

• Ability to query MSS to show total counts by device-type and device-profile.

•Each device fingerprint has a label, called device-type, that is used to identify the fingerprint.•User will be able to add/delete/modify these fingerprints.

•There are various fingerprinting techniques available which use protocols like DHCP, ARP, DNS, HTTP to determine the type of device. For detection, it will be used DHCP in MSS

•Whenever the DHCP client issues a DHCP request, it asks for DHCP option

•Examine the DHCP messages for their DHCP option.

SupportMSS device fingerprint database characteristics

Detection


DEVICE FINGERPRINTING - CONFIGURATION


Autotune Channel


NEW TERM: “INTERFERENCE DOMAIN”

Overlapping coverage, so affected by each other’s channel settings Conversely, radios in different InDos do not mutually interfere

Example: radios that aren’t on the same band

Only purpose is to improve scaling characteristics of the feature In a large MoDo, most overlaps are too weak to affect the solution Don’t want to store & process large tables of near-zero interference

InDos are created automatically from the same RF data that drives the channel selection algorithm

Def.: A set of radios in a MoDo that can interfere with each other

Temporary, non-configured, non-user-facing


DOMAINS OF PROCESSING

AP Radio

Set of radios that affect each other

Communications infrastructure MoDo

InDo

Radio Radio Radio

InDo

Radio Radio


IPv6 address detection

Session visibility in CLI, SNMP and RingMaster

QoS support using DSCP

Captive Portal with dual stack clients

IPV6

IPV6 FEATURES

ACLs


TRANSMIT BEAMFORMING

A radio-frequency (RF) technique that focuses the RF energy to radiate directly at the receiver to improve signal reception and thus increase throughput.

We implemented 802.11n-based transmit beamforming (TxBF): does not require special antenna design only works with clients that support 802.11n-based TxBF

TxBF is supported in the following AP models in MSS 8.0: WLA532, WLA322 and WLA321

Without TxBF With TxBF


TRANSMIT BEAMFORMING

802.11n standard specifies 2 different TxBF methods.

We support Explicit TxBF based on the Atheros radio capabilities.

Implicit TxBF Explicit TxBF

1. Beamformee transmits Long Training Symbols (LTSs) to beamformer. Beamformer makes channel estimate on the LTS.

beamformerbeamformee

2. Beamformer computes the transmit steering matrix based on the reciprocal of the channel estimate. Beamformer can then perform TxBF.

Implicit TxBF requires the radio to be calibrated accurately to improve reciprocity which complicates the transceiver design.

1. Beamformee makes direct channel estimate from LTSs sent from Beamformer.

beamformerbeamformee

2. Beamformee returns channel feedback based on the channel estimate.

3. Beamformer computes the transmit steering matrix based on the channel feedback. Beamformer can then perform TxBF.

Channel feedback

Technology

Wireless luxemburg february 2013