October 24, 2005
LWAPP
WLANs are moving toward centralized intelligence. The trend is for an architecture that consists of a WAN controller system which is employed for the creation and enforcement of policies across several lightweight access points.
Centralized intelligence for these devices enables efficient management of security, mobility, etc across the WAN. The performance and security of WANs improves and the management becomes easier when functions are divided between the access point and the controller.
The IETF is looking into the development of protocols for managing the communication between the lightweight access points and the WLAN systems.
In traditional WLAN solutions, the access point handles all the traffic handling, security, and mobility, etc. However, this results in the 802.11 traffic being visible only to the individual access point. This can lead to increased management costs as each individual access point must be managed separately. An attack on the network is not visible to everyone on the system and DoS attacks can be neither predicted nor controlled across the WLAN. The security policies for Layers 1, 2, and 3 have a single point of enforcement. Real-time load balancing can not be achieved in an optimal manner. The speed of hand-offs, which is critical for applications such as voice and video, is compromised.
The issue of standardization in a centralized WAN is being looked into in the LWAPP draft, which was prepared by Airespace (acquired by Cisco Systems in March 2005) and NTT DoCoMo. This exercise aims at minimizing the process time in an access point so that the computing resources of the device are used for providing wireless access and not wasted on enforcing policy. The draft also proposes a method for centralized management of policy enforcement for the entire WLAN. An IP routed network or a Layer 2 infrastructure is suggested for providing multivendor access point interoperability.
The LWAPP draft aims to achieve these objectives by means of access point device discovery, information exchange, etc; packet encapsulation, fragmentation, and formatting; management of communication between access points and the wireless system devices. By adopting LWAPP, enterprises can choose interoperable accessible points. This enables them to make decisions keeping in mind the capabilities of the individual access points.
Widespread acceptance of LWAPP should reduce the industry’s dependence on single-vendor proprietary WLAN system devices. Centralized WLAN architectures provided by different vendors can avail secure Layer 2 and 3 networking services by using the open standards solution provided by LWAPP. Vendors can build their applications around a common platform when using LWAPP.
LWAPP was introduced in 2002. It enabled separate management of the real-time traffic, particularly the real-time frame exchange that is accomplished within the access point. Functions such as authentication, security management, etc are performed by the WLAN controllers.
The split MAC functionality of LWAPP was first utilized by the Cisco Centralized WLAN Solution. The solution provided by Cisco enables dynamic RF management across the system and allows dynamic assignment of channels and load balancing. There is only one graphical interface for all the policies such as VLANs and QoS. Uniform security enforcement is facilitated by the enterprise-wide security policies that cover the radio layer, the MAC layer, and the network layer. The Cisco system also facilitates swift hand-offs and quick discovery and remedy of DoS attacks.
--
Did you enjoy this post?
