Architektura a služby moderní bezdrátové sítě NW2/L2 Pavel Křižanovský, CCIE #11457 Sponsor Logo Sponsor Logo Sponsor Logo 1
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 2
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 3
The world is changing fundamentally Nomadic/ Mobile Devices Collaboration Wireline/ Wireless 4
The Incoming Mobility Wave Continued Proliferation of Number of Devices, OS, Applications, Wireless Technologies Creates a Tremendous IT Challenge 500 Internet Users Mobile Users 400 300 200 100 0 2000 2005 2010 How to Manage/Operate a Unique Secure Mobility Experience and Create Business Value 5
Growth in Mobile Devices Mobile Device Growth Create Greater IT Risks 6 2009 Cisco Systems, Inc. All rights reserved. Cisco Public
Business Mobility Requirements Differ from Consumer Mobility Secure, Manage and Audit Device Usage/Policies/Access Unify Multiple Networks from Personal to Private to Public Enable Applications to Securely Access Information Across Multiple Networks Ensure Overall Quality of the Mobile Connection: Reliability, Predictability and Speed. Anytime, Anywhere Over Any Network Not Exactly Rather Right Application, Right User, Right Policies 7
The ROI of Mobility: Cisco on Cisco Cisco embarked on a program to deliver pervasive wireless connectivity 45% of Cisco s employees use the wireless network for primary access First quarter the network optimization resulted in over 30% OpEx saving Service-impacting incidents were reduced by 90% with automated self-healing Additional cost decreases with improved employee productivity Cisco Employee Productivity 95% of 7,000 Employees Surveyed Gained at Least 1 Hour per Week of Productive Time by Using the WLAN Avg. Cost of Work Hour 95% of Employees Surveyed Hours/Year Gained $75 6,650 50 Annual Productivity Improvement $24,937,500 8
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 9
Evolving Wireless Technology Architecture Unified Wired+Wireless Wireless Connectivity Best in Class Range/ Throughput Enterprise-Class Security Capital Efficiency Centralized WLAN Systems Centralized Management and Control Layer 2/3 Mobility Wireless IDS/IPS Hierarchical Approach for Scalability Voice Support Integrated and Unified Security (AAA, NAC, SDN, IDS/IPS, etc.) Exploding Number of Wi-Fi Clients (Laptops, Dual-Mode PCS Phones, Video PDAs) Higher-Capacity, Higher-Density WLANs (Pico Cells) Unified Wired+Wireless Support for Applications (Voice/Video, Location Services, AAA) Extending Networking Outdoors (Mesh, Outdoor AP, Etc.) Enterprise Scale and Reliability 2000 Present 2003 Present 2006 Future 10
Challenges for Wireless Deployment Building a Business Class Network Wired and Wireless Lack of Resources to Manage the RF The Radio Frequency Is Unpredictable Wireless Doesn t Scale or Deliver the Uptime We Need Managing wireless devices is costly SSC Devices Access Points Controllers Management 11
Cisco Unified Wireless Network Architecture Overview Wireless LAN Controller Switched/Routed Network Mobility Services Voice Location & RFID Guest Lightweight Access Point Switched/Routed Network Client Devices Security Management System Seamless Mobility for WLAN Services Dynamic RF Management Centralized Management Planning and troubleshooting tools Easy to use GUI Security Management (IDS/IPS,..) Scalability, Predictability, Reliability 12
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 13
What are the mobility services? Security Context Aware Services (Location) Voice Mobile Intelligent Roaming Guest Access Spectrum Intelligence Mobility Services Guest Access Spectrum Intelligence Context- Aware Security Voice Mobile Intelligent Roaming 14
Secure Wireless Solution Architecture Trusted Untrusted Wireless Wired Public NAC Manager CSA Server Guest Anchor Controller SSC Cisco Security Agent Cisco Secure ServiesClient Internet Enterprise Cisco VPN Client ASA 5500 w/ IPS Module NAC Appliance 802.1X WPA2 MFP WCS NGS CS-MARS Guest Endpoint Protection Host intrusion prevention Endpoint malware mitigation Traffic and Access Control Device posture assessment Dynamic, role-based network access and managed connectivity WLAN threat mitigation with IPS/IDS WLAN Security Fundamentals Strong user authentication Strong transport encryption RF Monitoring Secure Guest Access Secure Wireless Design Guide: www.cisco.com/go/srnd 15
Context Aware Services Architecture Formerly Location Business Application SOAP/XML API Context-Aware Software MSE Context Aware Engine for Clients Context Aware Engine for Tags Si Si RSSI RSSI / TDOA Mobile User Voice over 802.11 Smart Phone 802.11 Clients 802.11 CCX Tags Indoor Environment Indoor & Outdoor Environments 16
Cisco Unified Wireless Network Voice Services Solution Seamless mobile voice communications across the enterprise Only end-to-end unified wireline and wireless voice solution Rich selection of enterpriseclass and industry specific voice clients Increased call capacity, higher network availability and improved performance Cisco Unified Unity Server Cisco Unified CallManager Cisco Mobility Manager Mobile Connect 7921/5 Wireless IP Phone Personal Communicator Wireless Control System Management End to End Intelligent Integration Si Cisco Compatible Clients 17
Cisco Unified Wireless Network Integrated Guest Access Several Radio Network over one infrastructure : Corporate Network Strong Security Access to corporate LAN Voice / IP Communication Strong Security Access to Voice VLAN QoS Guest Network No encryption Path isolation with Corp. Net. Internet Access internet VLAN Voice Central Site VLAN Data 18
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 19
Cisco Drives Wireless Standards CCX Over the Air LWAPP 802.11k 802.11r 802.11u 802.11v 802.11w 802.11j 802.11n 802.11s Radio Measurement Fast Roaming External Networks Client Management Mngmt Security Japan Radios Next-gen Radios Mesh Networks Over the Wire IETF CAPWAP 20
Centralized Wireless LAN Architecture What is CAPWAP? CAPWAP - Control And Provisioning of Wireless Access Points is used between APs and WLAN Controller and based on LWAPP CAPWAP is specified in IETF RFC 5415 (March 2009) LWAPP-enabled access points can discover and join a CAPWAP controller, and conversion to a CAPWAP controller is seamless CAPWAP is not supported on Layer-2 mode deployment (only L3 mode) Business Application Access Point Formerly CAPWAP LWAPP Data Plane Controller WiFi Client Control Plane 21
Difference between LWAPP and CAPWAP Description LWAPP CAPWAP Fragmentation/Re-assembly Relies on IpV4 CAPWAP itself does both Path-MTU Discovery Not supported Has a robust P-MTU discovery mechanism, can also detect dynamic MTU changes Control Channel Encryption between AP and WLC Yes (using AES) Yes (Using DTLS) Data Channel Encryption between AP and WLC No Yes (using DTLS) UDP Ports 12222, 12223 5246 (ctrl) 5247 (data) 22
Wireless has Become Business Oxygen Evolution to 802.11n Business applications have gone mobile Wireless is evolving to meet needs for high performance, pervasive connectivity Next Gen Wireless Ubiquitous mobile computing Business Ready Mobile Data Point Applications Voice, Video, Data Email Web browsing Inventory Management Barcode Scanning 802.11n 300Mbps 802.11ag 802.11b ration e f i l 54Mbps o Pr vice e D i Wi-F 11Mbps 802.11 2Mbps 23 2009 Cisco Systems, Inc. All rights reserved. Cisco Public
802.11n It s About a Whole Lot More Than Speed Throughput Reliability Predictability 5x more throughput 2x more reliable 2x more predictable Enhanced file transfer and download speeds for large files Lower latency for mobile unified communications More consistent coverage and throughput for mobile applications 140 120 100 Mbps Throughput >5x 88.5 146.83 Average Packet Retries 11a/g AP1240 306 Predictability of Throughput Standard Deviation of Packet Retries 2x 80 60 40 20 0 22.5 802.11a/g 802.11n, 20 MHz 802.11n, 40 MHz 11a/g AP1250 201 11n AP1250 152 2x 0 100 200 300 130 92 60 IDEAL 802.11a/g with AP1240 802.11a/g with AP1250 802.11n with AP1250 24
Technical Elements of 802.11n MIMO 40Mhz Channels Packet Aggregation Backward Compatibility 40Mhz Channels Packet Aggregation Backward Compatibility 25
Maximum Ratio Combining MIMO 40Mhz Channels MIMO (Multiple Input, Multiple Output) Without MRC Multiple Signals Sent; One Signal Chosen Packet Aggregation Backward Compatibility SISO AP With MRC Multiple Signals Sent and Combined at the Receiver Increasing Fidelity Performance MIMO AP Performance 26
Maximum Ratio Combining Performed at receiver (either AP or client) Combines multiple received signals Increases receive sensitivity Works with both 11n and non-11n clients MRC is like having multiple ears to receive the signal 27
Spatial Multiplexing 40Mhz Channels Packet Aggregation MIMO (Multiple Input, Multiple Output) Backward Compatibility Spatial Multiplexing: Without Information Spatial Multiplexing Is Split and - Single Transmitted Streamon Multiple Streams stream 1 MIMO AP stream 2 Performance Transmitter and Receiver Participate Concurrent Transmission on Same Channel Increases Bandwidth Requires 11n Client 28
40-MHz Channels MIMO 40Mhz Channels Packet Aggregation MIMO (Multiple 40Mhz Input, Channels Multiple Output) Backward Compatibility Moving from 2 to 4 Lanes 40-MHz = 2 aggregated 20-MHz channels takes advantage of the reserved channel space through bonding to gain more than double the data rate of 2 20-MHz channels 29
Aspects of 802.11n MIMO 40Mhz Channels Packet Aggregation Packet 40Mhz Aggregation Channels Backward Compatibility Carpooling Is More Efficient Than Driving Alone Without Packet Aggregation 802.11n Overhead Data Unit Packet 802.11n Overhead Data Unit Packet 802.11n Overhead Data Unit Packet 802.11n Overhead Packet Data Unit Packet Packet With Packet Aggregation 30
Aspects of 802.11n MIMO 40Mhz Channels Packet Aggregation Backward Packet Aggregation Compatibility Backward Compatibility 2.4GHz 5GHz 11n Operates in Both Frequencies 802.11ABG Clients Interoperate with 11n AND Experience Performance Improvements 31
Backward Compatibility & Co-Existence Co-existence of ABG/N APs Benefits of 11n accrue to ABG clients MIMO benefits ABG clients on the AP receive side from MRC Co-Existence at Controller Level Backwards Compatibility WLAN Controller WLAN Controller 11g 11n 11g 11n 54 Mb 48 Mb 36 Mb 28 Mb 300 Mb 54 Mb 300 Mb Roam 11g 11n 11g 11n 32
Agenda Mobility As a Trend Modern Wireless Architecture Mobility Services New Technology Trends Interesting Products And Innovations In Cisco Unified Wireless Solution 33
Cisco Unified Wireless Network Client CCX Program 90% of laptops Cisco compatible Secure Services Client (CSSC) Access Points Indoor and Outdoor Modular, 802.11a/b/g/n Unified Network Wireless LAN Controllers and Management Centralized management Flexible, scalable (1000s of APs) Radio resource management Wired Network Services Unified Security and Management services Mobile Unified Communications Mobility Services Security Guest Access Spectrum Intelligence Voice Compatible Device Access Unified Wired and Wireless Network Control and Service and Visibility Performance Location Mobile Applications 34
Single Client for Uniform Security and Services Key features: EAP: 802.1X authentication for wired and wireless devices Windows XP/2000 support EAP-FAST, EAP-MD5, PEAP-MSCHAP, PEAP-GTC, EAP-TLS, EAP-TTLS, Cisco LEAP Encryption: WEP, dynamic WEP, TKIP, AES Standards: WPA and WPA2 SSC Cisco Secure Services Client Features Unified wired and wireless client Support for industry standards Endpoint integrity Single sign-on capable Enabling of group policies Administrative control Benefits Reduces client software Simple, secure device connectivity Minimizes chances of network compromise from infected devices Reduces complexity Restricts unauthorized network access Centralized provisioning 35
Proven Platform for Mobile Access Indoor Access Points Features Access Points Industry s best range and throughput Enterprise class security 1130AG 1140 Indoor Rugged Access Points Many configuration options Simultaneous air monitoring and traffic delivery Wide-area networking for outdoor areas 1240AG 1250 Outdoor Access Points/Bridges Benefits Zero touch management No dedicated air monitors Supports all deployment scenarios (indoor and outdoor) 1520 1400 1300 From secure coverage to advanced services 36
Wireless Controller Product Portfolio Performance & Scale 4402-12, 25, 50 3750G-25, 50 2106, 12, 25 WLCME-6, 12, 25 4404-100 WiSM-300 H-REAP 1 6 12 25 50 100 250 300 500 # of APs 37
Simple Intuitive Management Centralized RF and System Management Can I see how good my wireless coverage is? Can I detect interference from cordless phones and microwaves? Can I ensure my network is voice ready? Can I locate rogue access points? Can I determine my wireless PCI compliance? Can I assess the security health of my wireless? Predictive Voice CleanAir Wireless PCI Security Technology Floor Dashboard Planning Intrusion Maps Tools Prevention Reporting 38
11a/g to 11n Access Point Migration Indoor Environments Integrated Antennas Rugged Environments Antenna Versatility 39
The Aironet 1140 Series Access Point Integrated Radios 2.4GHz (b/g/n) 5GHz (a/n) 10/100/1000 Ethernet Port Console port Security lock Plastic over metal design Runs in Unified-mode (CAPWAP) only Powered via 802.3af PoE 40
Mobility Services Architecture Open Platform Designed for Applications Applications Applications Applications Applications Applications Applications Applications Applications Open API Mobility Services Engine WIPS Handoff Location Service n Location WIPS Handoff Service n NMSP Open Protocol WCS WLAN Controller Controller Ethernet Wi-Fi WiMax Cellular 41
Cisco Context Aware Mobility Solution Tracking Tags and Clients Cisco Mobility Services Engine Context-aware engine for tags (partner engine) Tracking tags (indoor and outdoor/outdoor-like) Context aware engine for clients (Cisco engine) Tracking clients (indoor) Cisco 3350 Mobility Services Engine Context Aware Engine for Tags Context Aware Engine for Clients Context Aware Software Cisco Wireless Control System (WCS) Si Application and Management Utilizes: CAPWAP infrastructure for indoor environments Wi-Fi TDoA receivers for outdoor and outdoor-like environments Partner HW/SW managed by System Manager (partner) and Cisco WCS Wi-Fi TDoA Receiver Network Wired location (supported on v6.0) Today: Catalyst 3750, 3750E, 3650, 3650E, 2960 Summer 2009: Catalyst 4500 series, 4500-E series, 4900 series Future: Catalyst 6500 Chokepoint 125 khz AeroScout Tag and Devices 42
Cisco Adaptive Wireless IPS System Overview System Functions Rogue Detection and Mitigation Over-the the-air Threat Detection Security Vulnerability Assessment Performance Monitoring and Self-Healing Proactive Threat Prevention SYSTEM ARCHITECTURE wips Integrated in WLAN Infrastructure Over-the-Air Detection Network Detection & Correlation Complex Attack Analysis, Forensics, Events WCS AP WLC MSE Usage Scenarios Detect and Mitigate Rogue APs and Clients Detect External Hackers & Thieves Ensure Strong Network Security Posture Ensure Consistent WLAN Performance Internal Security Reporting/Audit Security and Compliance Reporting Monitoring, Reporting External Compliance Audit Reporting 43
Adaptive wips One Alarm per Attack WCS Controller IDS Adaptive wips WCS MSE Controller IDS has no correlation 44
How is this different than controller IDS? wips can has 45 different signatures, a variety of network-side detection and analytical logic to detect 100-200 different threat conditions and attack tools (depending on how you count) Controller IDS has 17 signatures that detect 14 different attack scenarios wips provides forensics (packet capture) abilities wips provides centralized database for attack aggregation and alarm archival on MSE wips provides an attack encyclopedia 45
Cisco Mobile Intelligent Roaming A software-based Mobility Solution delivered through Cisco 3300 Series Mobility Services Engine Dynamically determines network handoff requirements for dual mode devices Leverages network intelligence and client software integration with an open ecosystem of partners to initiate seamless handoff and an improved user experience Seamless intelligent handoff enables a transparent mobile experience 46
Access Point MSE WLAN Controller 1 Mobile Intelligent Roaming WLAN Infrastructure Assisted Handoff Enterprise Domain 5 Dual-mode with Client Software VoIP 3 4 IP PBX CMIR PSTN Gateway 2 Carrier Domain TDM Cellular Network 1 Dual-mode device on an active call is monitored by WLAN infrastructure 2 Device roams to edge of RF coverage 3 At designated threshold Cisco Mobile Intelligent Roaming (CMIR) triggers client to initiate handoff 4 Client software initiates new call leg to PBX; PBX bridges new leg to active call and releases WLAN connection 5 New call path is established transparently Client software initiates handoff based on CMIR event triggers 47
Other Upcoming Innovations New HW products Cisco 1430 Autonomous PTP/PTMP Wireless 5GHz, 40 MHz wide band, SISO - 130 Mbps data rate Cisco 5500 Controller Up to 500 APs, 8 GE ports, flexible licensing Cisco ISR 890W SW news 802.11 a/b/g/n MIMO Integrated AP FE/GE WAN, 8port FE LAN switch features of AP 1250, autonomous and unified OfficeExtend AP Plug&Play TeleWorker Solution based on 1130s & 1140s and WLC 5500 Voice over Indoor Mesh support Only for Enterprise Mesh, Up To 2 Hops 48
Summary The World Is Changing Rapidly, Mobility Is the Key Unified Wireless Network Evolve to a Mobility Services Architecture Cisco as a Trusted Partner 49
Architektura a služby moderní bezdrátové sítě NW2/L2 Pavel Křižanovský 50