Switch or Gateway: Future-Proofing Your Wi-Fi Network

Despite a sluggish economy, the Wi-Fi equipment space is booming. Market-research
firm Synergy Research Group
notes that 2002 was the best year to date for Wi-Fi with over $1.8 billion worth
of Wi-Fi equipment shipped — an estimated 15.8 million devices. With the space
expected to expand in coming years, a gold-rush mentality has taken hold. WLANs
are being deployed in such disparate locations as enterprises, airports, and
coffee shops. Stranger still, companies like Transaction Network Services and
SiriCOMM intend to roll-out WLANs in campgrounds
and truck stops.

As WLANs proliferate, companies in the space continue to push innovation. However,
that innovation has been focused on issues like management and security, hence
the slew of WLAN switch vendors. A largely overlooked issue, however, is the
access point itself.

As the clients and switching improve, the access point is quickly becoming
the weak link in the WLAN chain. That’s not to say there is no innovation on
the access point front. There is, but the current trend in access point innovation
is centered either on power, with vendors starting to utilize Power over Ethernet
(PoE) to juice the devices, or on putting some intelligence
in the nodes. While certain switch vendors, such as Trapeze Networks,
intend to drive network intelligence out to the access points, this itself addresses
only two issues: authentication and roaming. Problems of interference, bandwidth,
and range, though, are not part of the equation.

From an access point standpoint, the myriad WLAN switch vendors can be roughly
segmented into two camps: 1) those with proprietary access points as an integral
part of the larger WLAN system, or 2) those claiming to be "access point
agnostic" and willing to incorporate third-party access points into their
networks. The large players entering the space, like Nortel and HP, typically
lock customers into proprietary access points, whereas a few of the startups,
like Bluesocket and Vernier, espouse the latter view, believing that the radio
frequency (RF) and 802.11 protocol issues need to be worked out before committing
to specific end nodes.

Already, a few startups, such as Engim and Bandspeed, are
developing chip-level solutions to improve access point throughput and range;
thus, organizations deploying WLANs should keep an eye out toward future-proofing
their networks. Once chip-level innovation comes along, many current-generation
access points will be obsolete.

With this in mind, corporations face a difficult decision when making the wireless
plunge. Do they trust one vendor, opting for the ease of an end-to-end deployment?
Or do they focus on the core of the network, while opting for flexibility in
how the end points are deployed, allowing for incremental upgrades as new technologies

Making Wireless Look Like the LAN

The latest buzz in wireless these days centers on the "WLAN switch."
Both established vendors, like Extreme Networks
and Proxim,
and startups, such as Aruba and Trapeze
Networks, have rolled out WLAN switching solutions. Detractors says that these
boxes are little more than hubs or bridges, while advocates claim that they
add much needed security and management features to the chaotic wireless network.

Trapeze Networks, for instance,
argues that a switching paradigm is needed in order to make the WLAN look like
its more manageable predecessor, the LAN. In fact, Trapeze argues that WLANs
represent the "fifth inflection point of Ethernet," or the latest
step in the evolution of Ethernet. "Users are driving the demand for WLANs,
just as they drove demand for the first inflection point by installing the first
Ethernet LANs themselves to interconnect PCs," said Jim Flach, president
and CEO at Trapeze Networks. "The second inflection point occurred in the
late 1980s with the advent of Ethernet over structured wiring and centralized
network management. The third came when 10/100 Mbps Ethernet switching was introduced
in the early 1990s. The fourth inflection point was Layer 3 switching at gigabit
speed in the late 1990s. These inflection points had two things in common: Each
drove the market faster than the previous one and each was vendor driven, not
user driven." In other words, as Trapeze sees it the WLAN is not some new,
unique networking entity, but rather a logical successor to its wired counterparts,
and, as such, principals of wired networking should be adopted for wireless.

To capitalize on this "fifth inflection point of Ethernet," Trapeze
intends to deliver an end-to-end wireless LAN solution, with a centralized switch
working in tandem with robust access points. The goal is to make the wireless
LAN act and behave like its Ethernet-based predecessor. Trapeze’s access points,
which they refer to as Mobility Points (MPs), work within a broader mobility
system. The core of this system is Trapeze’s WLAN switch, which is integrated
with the wired infrastructure to leverage existing network engineering.

This architecture enables MPs to preserve subnets, ACLs, and other constructs
deployed on the wired network. In essence, as with other WLAN switch vendors,
Trapeze centers intelligence at the switch. However, the somewhat plump MPs
are better able to handle persistent roaming and facilitate single sign-on access.
They monitor RF signals, coordinating back to the switch for rouge detection,
and they have the ability to dynamically enable VLANs across all of the access

Of course, one of the key drawbacks to the Trapeze approach is that customers
are locked into Trapeze MPs, rather than being able to use third-party access
points they may already have deployed. Thus, customers are locked into robust,
expensive access points, rather than being able to opt for cheap alternatives
from third-party vendors. Moreover, as access points evolve to offer better
throughput, customers will be reluctant to abandon their existing investment
in these robust access points, thereby locking themselves into outdated equipment.

Access Point-Agnostic WLAN Gateways

As opposed to the switching approach, several other startups, including AirFlow
, ReefEdge,
and Bluesocket,
believe that the wireless and wired LANs should be treated as separate entities.
By utilizing a wireless gateway to make security, routing, and management decisions,
the wireless network can be treated as a separate entity, which allows the gateway
to handle a number of functions not typical to wired LANs, such as roaming and
authentication. Thus, the gateway approach puts less emphasize on the endpoints,
allowing access points to be thin, cheap, and, essentially, disposable. As new
access point technology comes along, customers can rapidly adopt new network
end nodes, having already recouped their initial access point investments.

Typically, gateways serve two roles: First, they impose order on the chaotic
WLAN. Gateways provide initial user authentication and handle roaming between
access points and subnets. They add security features, encrypt traffic, conduct
packet inspection, and ensure QoS. Secondly, the gateways, as the name implies,
serve as the portal to the LAN, aggregating WLAN traffic before sending it through
to the wired network.

Bluesocket is indicative of this approach, and, with over 300 customers, it
is possibly the most successful WLAN gateway vendor. Bluesocket has released
the third generation
of its Wireless Gateway product
. According to Bluesocket CTO Dave Juitt,
customers should be wary of end-to-end solutions that promise the world, but
deliver limited functionality. "We’ve had extensive input from hundreds
of customers around the world," Juitt says, "and one message is consistent:
the desire for flexibility."

Rather than looking at the WLAN as a simple LAN extension, Bluesocket considers
the wireless segment of the network as a unique entity with its own specific
needs. "So much changes when you extend your network over the air,"
Juitt says. "Security, authentication, and management all become more complex,
and the traditional switching approach falls short."

With this in mind, Bluesocket takes a gateway approach to wireless, separating
the WLAN from the LAN, while enabling inspected traffic to flow back and forth
between the two. Bluesocket centralizes management and security in its gateway,
while allowing customers to choose the access point that is right for them.
In some cases, as with financial institutions, customers may decide to rely
on fat access points for their added authentication capabilities. In other deployments,
such as in museum lobbies, authentication may be less of an issue, so commodity
access points can be used.

Bluesocket’s WGX-4000 Switch Wireless Gateway supports wireless devices and
access points from all major vendors, while supporting all current and future
802.11 versions. This open-systems approach means that organizations won’t be
locked into a specific technology or vendor, thereby ensuring interoperability
with current and future WLAN infrastructures.

Where multiple Wireless Gateways are deployed across multiple WLANs, these
Wireless Gateways communicate with each other; configuration is performed on
one unit and changes are automatically pushed out to all other Wireless Gateway
devices without the need for a central server. The WGX-4000 Switch Wireless
Gateway conforms to existing wired and wireless network infrastructures, allowing
enhanced policy-based deployments.

Featuring role-based access control, the unit provides managed and protected
Gigabit interfaces and eight 10/100 interfaces on the managed side for traffic
aggregation. Providing 800-Mbps throughput for clear traffic, and 400-Mbps throughput
for IPSec (3DES) encrypted traffic, the gateway is suited for high-density deployments
involving hundreds of users, devices and access points. With dynamic traffic
optimization across the WLAN infrastructure, the system implements 802.1q VLAN
trunking, 802.1p traffic prioritization, and intelligent VLAN learning within
its switch fabric, allowing each user, group or service to be allocated its
appropriate amount of the WLAN bandwidth. For instance, in a corporation, the
CEO’s traffic could be prioritized over that of a visitor’s. Or, specific departments,
such as sales, could be prioritized over engineering or data entry.

By separating the wireless and wired networks, the Bluesocket Gateway ensures
that a company can go wireless without disrupting its existing infrastructure.
While some of the switch vendors essentially require that existing LAN infrastructure
be ripped out and replaced, the gateway accepts whatever is already installed
on the LAN side, simply stitching it together with the new wireless network.
Moreover, the gateway approach is not only open to new vendors, but to new technologies
as well. As new client devices hit the market, they can work on the WLAN without
reconfiguring the device or network, and as new access points with better throughput
and less radio channel interference hit the market, the gateway allows the WLAN
to immediately benefit from this innovation.

The wireless movement is well under way. That much is clear. With WLANs now
available in such counter-intuitive locations as truck stops and McDonald’s
franchises, it’s obvious that the computing space is quickly following the lead
of the cell phone sector, with end users demanding for mobility. But equally
clear is the need for corporate CIOs to carefully consider their options. They
must ask themselves if it makes sense to wed their wireless networks to a single

Jeff Vance is a technology consultant and freelance writer. Formerly the
editor of
Mobile Internet Times and E-Infrastructure Times, he
has published articles with
DeviceTop.com, Telecom Trends, and SearchWireless.com,
among others. You can contact him at mailto:[email protected].

News Around the Web