When roaming is seamless, a work session can be maintained while moving from one cell to another. Multiple access points can provide wireless roaming coverage for an entire building or campus.
When the coverage area of two or more access points overlap, the stations in the overlapping area can establish the best possible connection with one of the access points while continuously searching for the best access point. In order to minimize packet loss during switchover, the “old” and “new” access points communicate to coordinate the roaming process. This function is similar to a cellular phones’ handover, with two main differences:
- On a packet-based LAN system, the transition from cell to cell may be performed between packet transmissions, as opposed to telephony where the transition may occur during a phone conversation.
- On a voice system, a temporary disconnection may not affect the conversation, while in a packet-based environment it significantly reduces performance because the upper layer protocols then retransmit the data.
Standards
The 802.11 standard does not define how roaming should be performed, but does define the basic building blocks. These building blocks include active & passive scanning and a reassociation process. The reassociation process occurs when a wireless station roams from one access point to another, becoming associated with the new access point.
The 802.11 standard allows a client to roam among multiple access points operating on the same or separate channels. For example, every 100 ms, an access point might transmit a beacon signal that includes a time stamp for client synchronization, a traffic indication map, an indication of supported data rates, and other parameters. Roaming clients use the beacon to gauge the strength of their existing connection to the access point. If the connection is weak, the roaming station can attempt to associate itself with a new access point.
To meet the needs of mobile radio communications, the 802.11b standard must be tolerant of connections being dropped and re-established. The standard attempts to ensure minimum disruption to data delivery, and provides some features for caching and forwarding messages between BSSs.
Particular implementations of some higher layer protocols such as TCP/IP may be less tolerant. For example, in a network where DHCP is used to assign IP addresses, a roaming node may lose its connection when it moves across cell boundaries. The node will then have to re-establish the connection when it enters the next BSS or cell. Software solutions are available to address this particular problem.
The 802.11b standard leaves much of the detailed functioning of what it calls the distribution system to manufacturers. This decision was a deliberate decision on the part of the standard designers, because they were most concerned with making the standard entirely independent of any other existing network standards. As a practical matter, an overwhelming majority of 802.11b wireless LANs using ESS topologies are connected to Ethernet LANs and make heavy use of TCP/IP. Wireless LAN vendors have stepped into the gap to offer proprietary methods of facilitating roaming between nodes in an ESS.
Connectivity
The 802.11 MAC layer is responsible for how a client associates with an access point. When an 802.11 client enters the range of one or more access points, the client chooses an access point to associate with (also called joining a BSS) based on signal strength and observed packet error rates.
Once associated with the access point, the station periodically surveys all 802.11 channels in order to assess whether a different access point would provide better performance characteristics. If the client determines that there is a stronger signal from a different access point, the client re-associates with the new access point, tuning to the radio channel to which that access point is set. The station will not attempt to roam until it drops below a manufacturer-defined signal strength threshold.
Reassociation
Reassociation usually occurs because the wireless station has physically moved away from the original access point, causing the signal to weaken. In other cases, reassociation occurs due to a change in radio characteristics in the building, or due simply to high network traffic on the original access point. In the latter case, this function is known as load balancing, since its primary function is to distribute the total wireless LAN load most efficiently across the available wireless infrastructure.
Association and reassociation differ only slightly in their use. Association request frames are used when joining a network for the first time. Reassociation request frames are used when roaming between access points so that the new access point knows to negotiate transfer of buffered frames from the old access point and to let the distribution system know that the client has moved. Reassociation is illustrated in Figure 7.13.
This process of dynamically associating and re-associating with access points allows network managers to set up wireless LANs with very broad coverage by creating a series of overlapping 802.11 cells throughout a building or across a campus. To be successful, the IT manager ideally will employ channel reuse, taking care to configure each access point on an 802.11 DSSS channel that does not overlap with a channel used by a neighboring access point. While there are 14 partially overlapping channels specified in 802.11 DSSS (11 channels can be used within the U.S.), there are only 3 channels that do not overlap at all, and these are the best to use for multi-cell coverage. If two access points are in range of one another and are set to the same or partially overlapping channels, they may cause some interference for one another, thus lowering the total available bandwidth in the area of overlap.
VPN Use
Wireless VPN solutions are typically implemented in two fashions. First, a centralized VPN server is implemented upstream from the access points. This VPN server could be a proprietary hardware solution or a server with a VPN application running on it. Both serve the same purpose and provide the same type of security and connectivity. Having this VPN server (also acting as a gateway and firewall) between the wireless user and the core network provides a level of security similar to wired VPNs.
The second approach is a distributed set of VPN servers. Some manufacturers implement a VPN server into their access points. This type of solution would provide security for small office and medium-sized organizations without use of an external authentication mechanism like RADIUS. For scalability, these same access point/VPN servers typically support RADIUS.
Tunnels are built from the client station to the VPN server, as illustrated in Figure 7.14. When a user roams, the client is roaming between access points across layer 2 boundaries. This process is seamless to the layer 3 connectivity. However, if a tunnel is built to the access point or centralized VPN server and a layer 3 boundary is crossed, a mechanism of some kind must be provided for keeping the tunnel alive when the boundary is crossed.
Layer 2 & 3 Boundaries
A constraint of existing technology is that wired networks are often segmented for manageability. Enterprises with multiple buildings, such as hospitals or large businesses, often implement a LAN in each building and then connect these LANs with routers or switch-routers. This is layer 3 segmentation has two major advantages. First, it contains broadcasts effectively, and second it allows access control between segments on the network. This type of segmentation can also be done at layer 2 using VLANs on switches. VLANs are often seen implemented floor-by-floor in multi-floor office buildings or for each remote building in a campus for the same reasons. Segmenting at layer 2 in this fashion segments the networks completely as if multiple networks were being implemented. When using routers such as seen in figure 7.15, users must have a method of roaming across router boundaries without losing their layer 3 connection. The layer 2 connection is still maintained by the access points, but since the IP subnet has changed while roaming, the connection to servers, for example, will be broken. Without subnet-roaming capability (such as with using a Mobile IP solution or using DHCP), wireless LAN access points must all be connected to a single subnet (a.k.a. "a flat network"). This work-around can be done at a loss of network management flexibility, but customers may be willing to incur this cost if they perceive that the value of the end system is high enough.
Many network environments (e.g., multi-building campuses, multi-floored high rises, or older or historical buildings) cannot embrace a single subnet solution as a practical option. This wired architecture is at odds with current wireless LAN technology. Access points can't hand off a session when a remote device moves across router boundaries because crossing routers changes the client device's IP address. The wired system no longer knows where to send the message. When a mobile device reattaches to the network, all application end points are lost and users are forced to log in again, reauthenticate, relocate themselves in their applications, and recreate lost data. The same type of problem is incurred when using VLANs. Switches see users as roaming across VLAN boundaries.
A hardware solution to this problem is to deploy all access points on a single VLAN using a flat IP subnet for all access points so that there is no change of IP address for roaming users and a Mobile IP solution isn't required. Users are then routed as a group back into the corporate network using a firewall, a router, a gateway device, etc. This solution can be difficult to implement in many instances, but is generally accepted as the "standard" methodology. There are many more instances where an enterprise must forego use of a wireless LAN altogether because such a solution just isn't practical.
Even with all access points on a single subnet, mobile users can still encounter coverage problems. If a user moves out of range, into a coverage hole, or simply suspends the device to prolong battery life, all application end points are lost and users in these situations again are also forced to log in again and find their way back to where they left off.
Load Balancing
Congested areas with many users and heavy traffic load per unit may require a multi-cell structure. In a multi-cell structure, several co-located access points “illuminate” the same area creating a common coverage area, which increases aggregate throughput. Stations inside the common coverage area automatically associate with the access point that is less loaded and provides the best signal quality.
As illustrated in Figure 7.17, the stations are equally divided between the access points in order to equally share the load between all access points. Efficiency is maximized because all access points are working at the same low-level load. Load balancing is also known as load sharing and is configured on both the stations and the access point in most cases.
1 comment:
Have you resaecrhed 3D roaming?
(VPN Server)
Post a Comment