Simulation tests feasibility of replacing wired networks with wireless Lans
Ask any doubters of wireless Lan (WLan) technology what the key potential problem is and chances are they will say scalability.
WLan technology is still in its infancy, and most deployment has either been in the home or in public "hotspot" applications, neither of which would be considered to carry the burden of the "mission critical" tag.
The reality is that, to date, most companies have shied away from deploying WLan altogether, or at least in any kind of business-critical scenario. But are they right to be holding back? And is - with the obvious exception of small office and branch office applications - WLan simply an extension of a wired network or can it be a true wired network replacement?
With these questions in mind, in conjunction with Iometrix Labs in the US and Trapeze Networks' Mobility System switched WLan product, Broadband-Testing put together a series of tests to assess enterprise WLan manageability, scalability and reliability.
The test emulated a 50-storey, high-rise commercial building with seven tennant companies and a total user base of more than 10,000. Each company effectively had its private network with its own user authentication, encryption, roaming, management and quality of service requirements.
As the physical WLan infrastructure was provided by the building owner, the infrastructure was a shared service. Security, scalability and reliability were obviously paramount for all tenants. All the common concerns about WLans were targeted:
- Scaling the number of simultaneous active user sessions
- Scaling the size of the management domain
- Understanding the management demands of a large WLan
- Exploring real-time applications such as voice and video over wireless
- Identifying how to use location-based services to find users
- Using radio frequency location to quickly locate rogues.
Within a mobile network, as a client device moves around, its data rate is likely to change. As it continues to move, the client may re-associate with different access points, making testing a challenge. Another performance penalty comes from the extra security needed to protect open WLans, which are easy targets.
To see how Trapeze coped with this requirement, Broadband-Testing enabled IEEE 802.1x authentication, Wi-Fi Protected Access/IEEE 802.11i and dynamic WEP encryption with rotating broadcast/multicast keys for all users. If these are not properly implemented, they can be a performance drain on the network, especially as the network grows to support thousands of users.
Not only is the scalability of authenticating 10,000 clients on a single physical network an issue, but also the network was created so that each and every client always authenticated via the "virtual" company it belonged to, regardless of where that user was roaming in the office block.
For instance, in a restaurant located on the 50th floor, any wireless user re-associating with the WLan would always be routed via its office WLan connection to authenticate, before being allowed to roam as configured, including the virtual restaurant. This means their access controls would always be in place, regardless of where they roamed.
This was achieved using Trapeze's mobility profiles, which define a user's rights across the entire network. The users retain the same access rights, including virtual Lan assignment, no matter where they roam, even if the new access point is separated by a router. If the roaming cannot be completed quickly enough, a user application session may drop, which makes the service unreliable and real-time applications such as voice over wireless IP impossible.
For the test-bed, 802.11a/b/g clients were simulated. All of the 200 access points in the test (from Trapeze Networks and 3Com) supported these standards, using a cluster of 50 Linux workstations, with each workstation simulating 200 clients.
Each of these client groups was put on a separate virtual Lan to enable the testers to manage the number of connections. To test the ability to scale the number of users, the 10,000 clients were allowed to roam anywhere.
A typical working day for the virtual clients was tested, so that every real hour of testing represented a 24-hour working period with typical peaks and troughs of activity. A live network of real users was added to test real-time applications - voice over wireless IP and streaming video - running across the wireless network at the same time as the traffic generator was peaking. Quality of service on the network was also switched on to ensure the applications always had access to bandwidth. Any impact on the regular network traffic this might cause was also monitored.
The starting point in deploying the network was to use Trapeze's Ringmaster management software to create an installation plan. Having fed an AutoCad drawing of the building into the system, along with the user requirements, the software generated a detailed plan of exactly where to position each mobility point, what it should be attached to, switch port wise, and where possible access point channel conflicts/overlaps might cause performance problems.
The access points could then be fine-tuned to minimise cross-interference, although because of space constraints this was simulated by hard-wiring the access points back to the network, as well as a number of points spread around the labs for the live users.
The WLan infrastructure included two Trapeze MX-400 switches, 10 MX-20 switches and eight MX-8 switches for 20 Mobility Exchange switches. It also included a Nortel IP PBX and a Spectralink Voice Priority server for controlling voice traffic.
The underlying wired infrastructure included two Radius servers that shared the AAA authentication duties. The network also included a Microsoft Internet Authentication Service server and Cisco Catalyst 6500 and 4500 routers at the core, so adding more realism to the test set-up.
A number of voice over wireless IP phones were enabled and a permanent security webcam streaming video across the network was set up. With this set-up, Broadband-Testing found the network supported more than 11,000 virtual clients and wireless VoIP handsets.
Steve Broadhead runs Broadband-Testing Labs, a spin-off from independent test organisation the NSS Group. Author of DSL and Metro Ethernet reports, Broadhead is now involved in a number of projects in the broadband, mobile, network management and wireless Lan areas, from product testing to service design and implementation.