Understanding WLANs: Architecture 101

Sharks swim continuously to avoid sinking to their death—but that doesn’t prevent them from circling back through familiar waters.

In the hardscrabble enterprise WLAN market, vendors that stop innovating also quickly fall from grace. But those that flourish aren’t moving ahead without a backwards glance. In fact, some of today’s hottest players are combining creative new twists with the best of the past, producing hybrid architectures that are increasingly tough to categorize.

In the beginning

Today’s WLANs may bear little resemblance to pre-802.11 deployments, but those dusty old peer-to-peer wireless bridges launched an industry that now threatens to topple Ethernet.

Those devices were reflected by the original 802.11 standard ad hoc (peer to peer) and infrastructure (client to access point) architectures. Many early 802.11 “base stations” could also be configured to operate as clients, access points, repeaters, or bridges. Back then, wireless nodes were configured manually, worked independently, and could be assembled into varied topologies—appropriate for a fledgling market where consumers were just learning how to use wireless.

But as businesses moved beyond experimentation, new requirements emerged: VPN tunnel termination, captive portal authentication, load balancing across APs, remote management. At first, these new capabilities were stuffed into business-grade “fat APs,” such as Cisco Aironet and Proxim Orinoco. Some even learned to speak proprietary Inter-AP load balancing protocols inside homogeneous WLANs. Soon, network administrators learned how to supervise these otherwise autonomous APs from a central point using SNMP and SYSLOG.

These innovations fostered early enterprise WLAN deployment. But they also hit the wall fairly quickly, when AP CPU and memory became saturated. More powerful chips were available, but they were too big and too expensive to be included in every single AP. Inevitably, those more advanced capabilities had to be off-loaded—first to Wireless Gateways (e.g., BlueSocket, ReefEdge) and then to Wireless Switches (e.g., Symbol, Airespace).

Early Wireless Gateways concentrated wireless network access, providing necessary services like firewalling, VPN termination, and subnet roaming at layer three. Wireless Switches delved into layer two by relieving APs of association management duties like 802.1X authentication, key caching, fast handoff, and prioritization.

When enterprise APs grew thinner, they also became more dependent on Wireless Switches—which then evolved into Wireless Controllers, responsible for AP discovery, provisioning, and maintenance. And WLAN topologies became rigidly hierarchical: clients talked to APs, APs talked to Controllers, Controllers routed traffic onto the wired network.

Moving ahead

Controller-based products quickly dominated the enterprise WLAN landscape—an outcome that remains to this today. All ten companies in ABI’s latest 802.11n vendor matrix—Meru, Aruba, Motorola, Bluesocket, Trapeze (Belden), Cisco, Colubris (HP), Xirrus, Siemens (Enterasys), and Extricom—participate in the WLAN Controller market.

But business requirements and hardware capabilities have continued to evolve. Significant refinements and variations on this now-common architecture have emerged to address contemporary needs in more cost-effective, efficient, and flexible fashions.

Along the way, WLAN architectures grew even more difficult to categorize. Vendors now differentiate their offerings in fairly diverse ways. It’s no longer terribly helpful to refer to a given AP as “fat” or “thin”—nor can one lump everything else into one box labeled “controller.”

Many networking devices, from routers to firewalls, can be decomposed into three planes: data, control, and management. These planes can also be applied to WLAN infrastructure devices.

The data plane is responsible for moving information in real-time—in WLANs, accessing the wireless media to convert radio signals into LAN frames. In a broader architectural sense, the data plane describes the way in which a network relays data between elements. For example, are packets relayed from APs to controller or can they be forwarded directly between APs?

The control plane makes real-time operational decisions, based on policies related to topology, security, quality of service, bandwidth limits, etc. In routers, the control plane participates in protocols that ultimately determine which packets get discarded or forwarded to another router.  In wireless devices, the control plane may be responsible for decisions that affect association admission, session prioritization, stateful packet inspection, and load balancing.

The management plane is responsible for carrying out non-real-time administrative tasks, including AP activation, provisioning, configuration updates, firmware maintenance, fault surveillance, and performance monitoring. For example, must APs be configured individually, or can the same configuration update be applied to a group of APs from a single point?


Shifting back

Those very early APs did everything on their own—in some cases, even using peer-to-peer protocols to make control plane decisions. The subsequent evolution from Wireless Gateway to Switch to Controller relocated tasks from all three planes—often making the Switch or Controller an active data plane participant. However, we now see some previously-offloaded tasks shifting back towards the WLAN edge—or onto separate upstream systems.

Hardware advances have made it possible to build more powerful APs at lower cost. Much of that additional CPU and memory has been directed towards internal data plane improvements—notably, MIMO antenna management and advanced signal processing techniques associated with 802.11n. But some products have also used more powerful chipsets to reabsorb control plane functions. Examples include the on-board firewalling implemented by certain “adaptive APs” that can be used with or without a Controller (e.g., Motorola, Aruba) and the “cooperative control” protocols used by mesh APs that can reconfigure themselves in response to changes (e.g., Aerohive, Colubris).

On the flip side, WLAN management plane functions are moving out—and not just away from the data path, but into systems that look beyond 802.11. Management duties that are unique to 802.11 may always fall to WLAN-specific products—for example, channel (re)assignment for interference avoidance or availability. But the writing on the wall is clear: enterprises want to see consolidated network management for common tasks like configuration backup and firmware update. Companies like Proxim and Motorola seem to be focusing on management plane integration across different kinds of wireless, while HP and Cisco are motivated to integrate 802.11 and Ethernet network management.

Contemporary battlegrounds

In this year’s State of the WLAN Market report, Webtorials asked respondents which WLAN architectures they currently used and planned to adopt within the next six months. The results, published in October 2008, show a clear preference for some degree of centralization:

  •  47% use thin APs with a central Wireless Controller
  •  39% use “intelligent” APs with a central Management Server
  •  18% use “intelligent” APs without centralized management
  •  17% split intelligence between APs and the Wireless Controller or Switch

However, note the majority interest in “intelligent” APs—a less pejorative term applied to APs that are more fat than thin since they are not wholly-dependent on a Wireless Controller. Given that management plane functions have largely moved elsewhere, today’s “intelligent APs” are primarily performing some combination of control and data plane functions.

For example, consider the growing popularity of AP-to-AP packet forwarding. This may be done based on QoS/security settings to reduce latency and avoid bottlenecks at the data plane—concerns that have increased along with the speed of 802.11n WLANs.

Alternatively, APs that normally forward traffic through a Controller may revert to autonomous operation (that is, adapt) whenever upstream connectivity is lost. Adaptive APs can appeal to smaller remote offices and retail stores where even an entry-level Controller may be considered too expensive to install or maintain locally.

Packaging can also play a role in WLAN architectures. For example, each Xirrus “Wi-Fi array” is a large circular device that combines up to 16 APs with an integrated Controller, firewall, and WIPS, using a sectorized antenna system to divvy airspace.  At first glance, you might be tempted to call this a very fat or intelligent AP – but we consider it to be the extreme in tight coupling between thin APs and a co-resident Wireless Controller.

Different strokes

In fact, the rigid hierarchy that emerged along with Controller-based WLANs also appears to be in jeopardy. Answering that same Webtorials survey question, 30% of respondents reported using Wi-Fi mesh networks, while 7% used single-channel or channel blanket architectures.

Like those old ad hoc WLANs, mesh networks involved peer-to-peer communication—not between clients, but between APs. Today, most new enterprise-class 802.11n APs can participate in mesh networks for high-speed wireless backhaul—especially appealing in hard-to-wire locations. Many of those mesh WLANs must still be configured into a static hierarchy, leading back through a root AP and perhaps a Controller. However, some intelligent APs can now converse with peers to form dynamic meshes and/or optimize traffic flows between themselves, without requiring a separate Wireless Controller.

Within the data plane, Meru and Extricom are challenging the way in which the airwaves have long been divvied between adjacent APs. In most enterprise WLANs, all APs participate in the same Extended Service Set, but each uses its own channel. APs can thus avoid stepping on each other so long non-overlapping channels are assigned. In channel-blanket architectures, APs share a single channel by relying on a Wireless Controller to coordinate airtime use. Because this side-steps co-channel interference altogether, it appeals to high-density WLAN deployments.

The take-away

Clearly three are many different ways to slice and dice WLAN functionality. What will WLANs look like three to five years from now? Further integration seems likely, as hardware grows more powerful, Ethernet dwindles at the edge, high-speed wireless WANs grow ubiquitous, and enterprise focus shifts away from infrastructure deployment to application service delivery.  WLAN vendors will no doubt continue to tweak and twist their offerings to wring the very most out of hardware and spectrum. But don’t become so distracted by individual functions that you overlook how well any platform fits into your own network’s data, control, and management planes. After all, architecture is what makes any network more than the sum of its parts.

Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A 27-year industry veteran, Lisa has been involved in Wi-Fi training, product evaluation, network deployment, and security assessment since 2001.

News Around the Web