Wi-Fi options for branches

* Motorola, Cisco address highly distributed Wi-Fi environments

A variety of new and modified Wi-Fi architectures have started taking into account the increasingly distributed nature of enterprises. Those with many branch offices have local capital expenses to consider as well as the risk of outages in the WAN connecting them to centralized Wi-Fi controllers.

The last newsletter, for example, described how highly distributed First Industrial Realty Trust is turning to one of the newer architectures on the market: an Aerohive architecture that operates similarly to a “flat” routed network in that neighboring access points (like routers) discover one another and share best-path and state information. The distributed Aerohive APs talk to one another, both over the air and over the wire, in an encrypted fashion, explains Stephen Philip, Aerohive senior director of marketing.

This way, they work together to perform automatic radio frequency management and fast, secure roaming for latency-sensitive applications without requiring a separate WLAN controller. The APs use mesh capabilities to reduce cabling and, like routers, to redirect WLAN traffic around a failed Ethernet link or switch. User credentials can be cached in DRAM in the distributed APs, allowing authentication to continue working locally, but eliminating the cache once the AP is unplugged for security purposes, Philip says.

Most of the other primary WLAN suppliers, too, are embracing the branch, though most require at least a controller in the headquarters office across the WAN from the branch. But many of them now allow users to continue functioning, at least partially, even in the event of a WAN outage.

Last week, for example, Motorola announced its “adaptive AP” architecture. You can add software to Motorola’s existing AP-5131 and AP-5181 intelligent access points to allow them to be controlled by the company’s headquarters WLAN switches. “The APs have enough intelligence to save the last known state if the WAN link goes down,” says Manish Rai, director of product marketing in Motorola’s enterprise WLAN business.

Meanwhile, earlier this month, Cisco enhanced its branch-office 1130 hybrid Remote Edge Access Point (REAP). Similar to the new Motorola adaptive AP setup, the REAP can fully maintain authentication of new devices via a slimmed down AAA service right in the AP or via a local AAA server, should the WAN link fail, says Chris Kozup, senior manager of mobility solutions.

The general difference in the various suppliers’ architectures is whether they fundamentally distribute or centralize the data plane (the forwarding of data packets), the control plane (functions like RF management and channel selection) and the management plane (configuration, provisioning and policy setting).

Aruba, Cisco, Meru, Motorola and Trapeze, for example, are fundamentally centralized. Like the Cisco and Motorola branch-centric enhancements described, Trapeze’s Smart Mobile architecture enables you to bypass the WLAN controller in a branch by opting to distribute some traffic forwarding out to the APs.

For its part, Aruba offers the Remote AP that is managed centrally and requires no local controller. If a single WAN connection fails, the firewall will enforce policies locally. Users can use any local services such as printing, and, with split tunneling supported, can access the public Internet, says head of strategic marketing Mike Tennefoss.

Colubris and Xirrus are fundamentally more distributed in nature; Colubris distributes all its data forwarding but centralizes the management and control planes. Xirrus distributes both the data and control planes by bundling up to 16 radios, specially designed antennas, a WLAN controller, and a Gigabit Ethernet switch into a distributed box. The management plane is centralized.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10