i-Fi wireless LANs are exploding in the corporation. Corporations have adopted 11.6 million Wi-Fi devices in 2002, a 65 percent increase over 2001, according to market researcher In-Stat/MDR. Notebooks, PDAs, and digital phones are being equipped with 802.11 wireless chips. Intel estimates that by 2006, there will be 30 million notebooks with 802.11 wireless access.
Users want the ability to work anytime, anywhere. For the IT department, wireless can also offer both a convenience and a cost savings as a replacement for running costly cable. Deploying a WLAN is less costly than paying for and pulling cable. With a wireless data network, new buildings only require half the cabling and connections (for the phones). 802.11 has even captured the imagination of the service providers, who are pegging their next wave of revenue on WLAN hotspots and cellular-to-WLAN roaming.
This article will give developers a tutorial on WLAN technologies and architectures as well as deployment and application development issues.
While networking people have always loved acronyms, 802.11 wireless LANs are truly an alphabet soup. Let’s get the basics out of the way. 802.11 WLANs come in three flavors: 801.11a, 802.11b and 802.11g.
Virtually all WLANs installed today are 802.11b, which operates in the 2.4GHz band and supports a maximum data rate of 11Mbps, with real throughput in the 4Mbps to 6Mbps range. In the average office environment, users will need to be within 100 feet of the access point (AP) to get decent performance. Bluetooth devices, 2.4GHz cordless phones, and microwaves all operate in the same frequency as 802.11b, so they will interfere with each other, causing poor WLAN performance.
To solve the problems of low speed and interference, the IEEE created 802.11a. 802.11a will likely become the dominant WLAN technology in the enterprise, with products coming to market early in 2003. Operating in the 5GHz band, 802.11a supports a maximum data rate of 54Mbps, with 20Mbps to 25Mbps of real throughput. In a typical office, users will need to be within 75 feet or even closer to get decent performance.
When the standard is completed in June 2003, 802.11g is supposed to offer the best of both 802.11b and 802.11a. 802.11g is touted as backward compatible with 802.11b, which means that when a mobile 802.11b device joins an 802.11g AP, all connections on that AP slow down to 802.11b speeds.
As the standards mature, APs and adapter cards will support multiple types of 802.11?say 802.11a and 802.11b within the same device?giving the user more flexibility.
For the application developer, writing applications for a WLAN is not much different than applications for the wired network?with one big exception. WLANs are a shared media with relatively low bandwidth. Today’s networks are switched, giving users dedicated access to 10Mbps, 100Mbps, or even 1Gbps of bandwidth. WLAN bandwidth at 11Mbps or 54Mbps (at best) is shared among all the users on that AP. Its important to consider how much time the application will be communicating to other servers and using the scarce RF bandwidth. Supporting delay-sensitive applications, such as VoIP, or bandwidth-hungry applications such as streaming video will take some finesse. (For more on supporting voice and video on WLANs, see the Voice over Wireless IP (VoWIP) Quick Start.)
WLAN System Architecture
To give users sufficient capacity to comfortably run enterprise applications, a WLAN will quickly grow to encompass hundreds of APs, making the manageability of the APs critical. The “right” system architecture for WLANs, known as the fat vs. thin debate in WLAN circles, is a matter of hot debate in the market today.
For a small WLAN, say with fewer than 10 APs, that’s deployed for a small business or a workgroup in a larger corporation, a fat AP architecture?or the traditional approach?may be more cost-effective. However, as the WLAN grows, the thin or fit AP architectures, which offer greater manageability and centralized control, will be the approach that most enterprises will take.
A fat AP architecture concentrates all of the WLAN intelligence in the AP. This is the most common AP architecture used today. The AP handles the radio frequency (RF) communication, as well as authenticating users, encrypting communications, secure roaming, WLAN management, and in some cases, network routing.
A thin AP architecture actually uses two components?an AP that’s essentially a stripped down radio and a centralized management controller that handles the other WLAN system functions. Wired network switches are also required. By centralizing the configuration and management of the APs, this architecture greatly simplifies the management of hundreds of APs.
A variation of the thin AP is one that’s often described as a “fit AP.” In this architecture, the AP is slightly beefier than just an RF radio, the network switches are optimized for both wireless and wired environments and the central control point is also present. The AP handles the RF and encryption, while the network switches, because they are aware of the wireless users’ identities and locations, handle secure roaming, quality of service, and certain aspects of user authentication. The central management controller also handles AP configuration and management.
That’s a Hot Spot!
A hot market segment is the creation of WLAN hotspots, which are public places such as airports, hotels, conference centers, and cafes where people can get 802.11 access for a fee or for free. A corporation may also set up hotspots in its conference rooms or lobbies for visitors and guest access.
Wireless ISPs (WISPs), which provide wireless Internet services, are looking to provide public 802.11 hotspots as a way to generate additional revenue. In this scenario, an individual may buy hotspot access as-needed or on a pre-paid monthly card. Another interesting hotspot application is the ability to roam from a cellular network to an 802.11 hotspot and back again, which would provide seamless mobile connectivity regardless of where the user moves. Vendors are developing the network software platforms that will enable mobile devices like smartphones and PDAs to hand off between cellular and 802.11 networks.
Secure and Mobile
Unless you have quite happily lived under a rock for the last year, you’ve heard about security problems with WLANs. The IEEE is plugging the security holes with 802.1X for authentication and network access control as well as 802.11i for encryption.
These access control and encryption standards are still being finalized, so the Wi-Fi Alliance, the industry consortia of WLAN vendors, has introduced Wi-Fi Protected Access (WPA) as the interim solution. WPA certification testing will begin in spring 2003. WPA combines 802.1X authentication with the Temporal Key Integrity Protocol (TKIP) for encryption and key management. Another option for encryption in the 802.11i standard is the Advanced Encryption Standard (AES), which when completed in late 2003, will be the strongest encryption available in the United States. AES will be finalized in 2003 and APs will require a firmware or hardware upgrade to support the processor-intensive encryption.
If the WLAN uses 802.1X authentication to ensure that only authorized users can gain access to the WLAN and encrypts all communication on the WLAN, then the chance of hackers or rogues getting onto the network and doing any damage is significantly decreased. As with all security, it’s important that enterprises actually use it. Today, many users of WLANs don’t even bother to get the most basic protection from WEP, anemic as it is, leaving their WLAN door wide open.
So believe it or not, the security problems will be solved with these new standards. Many WLANs will take the approach of basing authentication on a users identity, which will enable them to tie authentication, access privileges, and polices to an individual user, the way applications do. From a network perspective, security is traditionally tied to the switch port that a user connects to, not the user himself. With awareness of the users identity and location, developers can begin to create location-based applications for WLANs.
The next knotty problem is secure mobility, as things that are secure don’t typically move. To date, WLAN vendors have recommended that all wireless users be segregated in a demilitarized zone (DMZ) and contained within their own virtual LAN (VLAN). In a large enterprise network, its not practical to create a separate VLAN for all wireless users, since as the wireless usage grows, all users will end up in the same VLAN, which breaks down the network boundaries.
Vendors take a couple of approaches to secure mobility, namely IPsec VPNs, Mobile IP, or VLANs. IPsec VPNs are the most common solution to secure mobility today. Using specialized secure mobility appliances can improve the performance of centralized wireless VPN servers, which can quickly become a bottleneck in a large network. These appliances typically also offer user authentication and quality of service capabilities, along with secure roaming. IPsec VPNs also typically require client software, which few IT managers want to hassle with.
Mobile IP is most commonly recommended by Cisco and by a few providers of 802.11 hotspot solutions. Mobile IP solves the mobility problem for 802.11-equipped devices as well as a host of other mobile devices. Mobile IP is a triangulation routing scheme that creates tunnels for devices as they roam across subnets. It is coupled with Network Address Translation (NAT) so clients can keep the same IP address as they move. Mobile IP requires additional software in the routers and APs and it can be complex to manage in a large-scale environment. Mobile IP needs to be added to the network, but from the application developer’s perspective, you only need to support IP.
The newest approach to secure roaming is to use multiple VLANs. By using multiple VLANs, IT managers do not have to change the existing network protocols or engineering and of course, the applications do not have to be modified. One approach is to create VLANs by the Service Set Identifier (SSID), or the English name of the WLAN segment. This approach enables IT managers to create separate VLANs for different groups, say marketing, finance, and engineering, so they have better control over who can roam; however, it also requires them to create these VLANs everywhere in the network, which is an administrative task they may not want to hassle with.
Another approach is to create these VLANs dynamically, which allows IT to put in a WLAN without any impact to the existing network infrastructure?either client software or the network backbone. From an application developer’s point of view, either VLAN approach is transparent to the application.
New Level of Convenience
For corporate users, wireless brings a new level of convenience. A project team may convene in the conference room to hammer out their latest work with access to all the resources they had at their desks. A car dealer can call up inventory and financing details while on the lot with a customer. Physicians and nurses can keep patient records and access medical databases from wireless-enabled handhelds. Workers on the manufacturing line may track product assembly and workflow using wireless handhelds. In nearly every industry, wireless is becoming an integral part of the enterprise.
As the authentication and encryption issues are resolved and methods for secure mobility are falling into place, enterprises are gaining confidence in 802.11 solutions. Over the next several years, WLANs will explode in the enterprise. For application developers, the biggest issue is that WLANs are a flashback to the shared Ethernet networks of more than 10 years ago when bandwidth was scarce.