RealTime IT News

Switch or Gateway: Future-Proofing Your Wi-Fi Network

Despite a sluggish economy, the Wi-Fi equipment space is booming. Market-research firm Synergy Research Group notes that 2002 was the best year to date for Wi-Fi with over $1.8 billion worth of Wi-Fi equipment shipped -- an estimated 15.8 million devices. With the space expected to expand in coming years, a gold-rush mentality has taken hold. WLANs are being deployed in such disparate locations as enterprises, airports, and coffee shops. Stranger still, companies like Transaction Network Services and SiriCOMM intend to roll-out WLANs in campgrounds and truck stops.

As WLANs proliferate, companies in the space continue to push innovation. However, that innovation has been focused on issues like management and security, hence the slew of WLAN switch vendors. A largely overlooked issue, however, is the access point itself.

As the clients and switching improve, the access point is quickly becoming the weak link in the WLAN chain. That's not to say there is no innovation on the access point front. There is, but the current trend in access point innovation is centered either on power, with vendors starting to utilize Power over Ethernet (PoE) to juice the devices, or on putting some intelligence in the nodes. While certain switch vendors, such as Trapeze Networks, intend to drive network intelligence out to the access points, this itself addresses only two issues: authentication and roaming. Problems of interference, bandwidth, and range, though, are not part of the equation.

From an access point standpoint, the myriad WLAN switch vendors can be roughly segmented into two camps: 1) those with proprietary access points as an integral part of the larger WLAN system, or 2) those claiming to be "access point agnostic" and willing to incorporate third-party access points into their networks. The large players entering the space, like Nortel and HP, typically lock customers into proprietary access points, whereas a few of the startups, like Bluesocket and Vernier, espouse the latter view, believing that the radio frequency (RF) and 802.11 protocol issues need to be worked out before committing to specific end nodes.

Already, a few startups, such as Engim and Bandspeed, are developing chip-level solutions to improve access point throughput and range; thus, organizations deploying WLANs should keep an eye out toward future-proofing their networks. Once chip-level innovation comes along, many current-generation access points will be obsolete.

With this in mind, corporations face a difficult decision when making the wireless plunge. Do they trust one vendor, opting for the ease of an end-to-end deployment? Or do they focus on the core of the network, while opting for flexibility in how the end points are deployed, allowing for incremental upgrades as new technologies emerge?

Making Wireless Look Like the LAN

The latest buzz in wireless these days centers on the "WLAN switch." Both established vendors, like Extreme Networks and Proxim, and startups, such as Aruba and Trapeze Networks, have rolled out WLAN switching solutions. Detractors says that these boxes are little more than hubs or bridges, while advocates claim that they add much needed security and management features to the chaotic wireless network.

Trapeze Networks, for instance, argues that a switching paradigm is needed in order to make the WLAN look like its more manageable predecessor, the LAN. In fact, Trapeze argues that WLANs represent the "fifth inflection point of Ethernet," or the latest step in the evolution of Ethernet. "Users are driving the demand for WLANs, just as they drove demand for the first inflection point by installing the first Ethernet LANs themselves to interconnect PCs," said Jim Flach, president and CEO at Trapeze Networks. "The second inflection point occurred in the late 1980s with the advent of Ethernet over structured wiring and centralized network management. The third came when 10/100 Mbps Ethernet switching was introduced in the early 1990s. The fourth inflection point was Layer 3 switching at gigabit speed in the late 1990s. These inflection points had two things in common: Each drove the market faster than the previous one and each was vendor driven, not user driven." In other words, as Trapeze sees it the WLAN is not some new, unique networking entity, but rather a logical successor to its wired counterparts, and, as such, principals of wired networking should be adopted for wireless.

To capitalize on this "fifth inflection point of Ethernet," Trapeze intends to deliver an end-to-end wireless LAN solution, with a centralized switch working in tandem with robust access points. The goal is to make the wireless LAN act and behave like its Ethernet-based predecessor. Trapeze's access points, which they refer to as Mobility Points (MPs), work within a broader mobility system. The core of this system is Trapeze's WLAN switch, which is integrated with the wired infrastructure to leverage existing network engineering.

This architecture enables MPs to preserve subnets, ACLs, and other constructs deployed on the wired network. In essence, as with other WLAN switch vendors, Trapeze centers intelligence at the switch. However, the somewhat plump MPs are better able to handle persistent roaming and facilitate single sign-on access. They monitor RF signals, coordinating back to the switch for rouge detection, and they have the ability to dynamically enable VLANs across all of the access points.

Of course, one of the key drawbacks to the Trapeze approach is that customers are locked into Trapeze MPs, rather than being able to use third-party access points they may already have deployed. Thus, customers are locked into robust, expensive access points, rather than being able to opt for cheap alternatives from third-party vendors. Moreover, as access points evolve to offer better throughput, customers will be reluctant to abandon their existing investment in these robust access points, thereby locking themselves into outdated equipment.

Access Point-Agnostic WLAN Gateways

As opposed to the switching approach, several other startups, including AirFlow Networks, ReefEdge, and Bluesocket, believe that the wireless and wired LANs should be treated as separate entities. By utilizing a wireless gateway to make security, routing, and management decisions, the wireless network can be treated as a separate entity, which allows the gateway to handle a number of functions not typical to wired LANs, such as roaming and authentication. Thus, the gateway approach puts less emphasize on the endpoints, allowing access points to be thin, cheap, and, essentially, disposable. As new access point technology comes along, customers can rapidly adopt new network end nodes, having already recouped their initial access point investments.

Typically, gateways serve two roles: First, they impose order on the chaotic WLAN. Gateways provide initial user authentication and handle roaming between access points and subnets. They add security features, encrypt traffic, conduct packet inspection, and ensure QoS. Secondly, the gateways, as the name implies, serve as the portal to the LAN, aggregating WLAN traffic before sending it through to the wired network.

Bluesocket is indicative of this approach, and, with over 300 customers, it is possibly the most successful WLAN gateway vendor. Bluesocket has released the third generation of its Wireless Gateway product. According to Bluesocket CTO Dave Juitt, customers should be wary of end-to-end solutions that promise the world, but deliver limited functionality. "We've had extensive input from hundreds of customers around the world," Juitt says, "and one message is consistent: the desire for flexibility."

Rather than looking at the WLAN as a simple LAN extension, Bluesocket considers the wireless segment of the network as a unique entity with its own specific needs. "So much changes when you extend your network over the air," Juitt says. "Security, authentication, and management all become more complex, and the traditional switching approach falls short."

With this in mind, Bluesocket takes a gateway approach to wireless, separating the WLAN from the LAN, while enabling inspected traffic to flow back and forth between the two. Bluesocket centralizes management and security in its gateway, while allowing customers to choose the access point that is right for them. In some cases, as with financial institutions, customers may decide to rely on fat access points for their added authentication capabilities. In other deployments, such as in museum lobbies, authentication may be less of an issue, so commodity access points can be used.

Bluesocket's WGX-4000 Switch Wireless Gateway supports wireless devices and access points from all major vendors, while supporting all current and future 802.11 versions. This open-systems approach means that organizations won't be locked into a specific technology or vendor, thereby ensuring interoperability with current and future WLAN infrastructures.

Where multiple Wireless Gateways are deployed across multiple WLANs, these Wireless Gateways communicate with each other; configuration is performed on one unit and changes are automatically pushed out to all other Wireless Gateway devices without the need for a central server. The WGX-4000 Switch Wireless Gateway conforms to existing wired and wireless network infrastructures, allowing enhanced policy-based deployments.

Featuring role-based access control, the unit provides managed and protected Gigabit interfaces and eight 10/100 interfaces on the managed side for traffic aggregation. Providing 800-Mbps throughput for clear traffic, and 400-Mbps throughput for IPSec (3DES) encrypted traffic, the gateway is suited for high-density deployments involving hundreds of users, devices and access points. With dynamic traffic optimization across the WLAN infrastructure, the system implements 802.1q VLAN trunking, 802.1p traffic prioritization, and intelligent VLAN learning within its switch fabric, allowing each user, group or service to be allocated its appropriate amount of the WLAN bandwidth. For instance, in a corporation, the CEO's traffic could be prioritized over that of a visitor's. Or, specific departments, such as sales, could be prioritized over engineering or data entry.

By separating the wireless and wired networks, the Bluesocket Gateway ensures that a company can go wireless without disrupting its existing infrastructure. While some of the switch vendors essentially require that existing LAN infrastructure be ripped out and replaced, the gateway accepts whatever is already installed on the LAN side, simply stitching it together with the new wireless network. Moreover, the gateway approach is not only open to new vendors, but to new technologies as well. As new client devices hit the market, they can work on the WLAN without reconfiguring the device or network, and as new access points with better throughput and less radio channel interference hit the market, the gateway allows the WLAN to immediately benefit from this innovation.

The wireless movement is well under way. That much is clear. With WLANs now available in such counter-intuitive locations as truck stops and McDonald's franchises, it's obvious that the computing space is quickly following the lead of the cell phone sector, with end users demanding for mobility. But equally clear is the need for corporate CIOs to carefully consider their options. They must ask themselves if it makes sense to wed their wireless networks to a single vendor.

Jeff Vance is a technology consultant and freelance writer. Formerly the editor of Mobile Internet Times and E-Infrastructure Times, he has published articles with DeviceTop.com, Telecom Trends, and SearchWireless.com, among others. You can contact him at mailto:jwvance@hotmail.com.