Wednesday, January 20, 2010

Using Wireless LANs

Wireless LAN Overview

Devices on a wireless LAN (WLAN) transmit and receive data using radio or infrared signals, sent through an access point (AP). WLANs function similarly to Ethernet LANs with the access point providing connectivity to the rest of the network as would a hub or switch. WLANs use an Institute of Electrical and Electronics Engineers (IEEE) standard that defines the physical and data link specifications, including the use of Media Access Control (MAC) addresses. The same protocols (such as IP) and applications (such as IPSec) can run over both wired and wireless LANs.

WLANs are local to a building or a campus, use customer-owned equipment, and are not usually required to have radio frequency (RF) licenses.

Service Set Identifiers (SSID) correspond to a VLAN and can be used to segment users. SSIDs can be broadcast by the access point, or statically configured on the client, but the client must have the same SSID as the AP to register with it. SSIDs are case sensitive. Clients associate with access points as follows:

Step 1. The client sends a probe request.

Step 2. The AP sends a probe response.

Step 3. The client initiates an association to an AP. Authentication and any other security information is sent to the AP.

Step 4. The AP accepts the association.

Step 5. The AP adds the client’s MAC address to its association table.


Characteristics of Wireless LANs

The following lists some characteristics of wireless LANs, and the data transmitted over wireless networks.
  • WLANs use Carrier Sense Multi-Access/Collision Avoidance (CSMA/CA). Wireless data is half-duplex. CSMA/CA uses Request to Send (RTS) and Clear to Send (CTS) messages to avoid collisions.
  • WLANs use a different frame type than Ethernet.
  • Radio waves have unique potential issues. They are susceptible to interference, multipath distortion, and noise. Their coverage area can be blocked by building features, such as elevators. The signal might reach outside the building and lead to privacy issues.
  • WLAN hosts have no physical network connection. They are often mobile and often battery-powered. The wireless network design must accommodate this.
  • WLANs must adhere to each country’s RF standards.

Clients can roam between APs that are configured with the same SSIDs/VLANs. Layer 2 roaming is done between APs on the same subnet; Layer 3 roaming is done between APs on different subnets.


WLAN Topologies

Use of the Cisco Aironet line of wireless products falls into three categories:
  • Client access, which allows mobile users to access the wired LAN resources
  • Wireless connections between buildings
  • Wireless mesh

Wireless connections can be made in ad-hoc mode or infrastructure mode. Ad-hoc mode (or Independent Basic Service Set [IBSS]) is simply a group of computers talking wirelessly to each other with no access point (AP). It is limited in range and functionality. Infrastructure mode’s BSS uses one AP to connect clients. The range of the AP’s signal, called its microcell, must encompass all clients. The Extended Service Set (ESS) uses multiple APs with overlapping microcells to cover all clients. Microcells should overlap by 10–15 percent for data, and 15–20 percent for voice traffic. Each AP should use a different
channel.

Wireless repeaters extend an AP’s range. They use the same channel as their AP, they must be configured with the AP’s SSID, and they should have 50 percent signal overlap.

Workgroup bridges connect to devices without a wireless network interface card (NIC) to allow them access to the wireless network. Wireless mesh networks can span large distances because only the edge APs connect to the wired network. The intermediate APs connect wirelessly to multiple other APs and act as repeaters for them. Each AP has multiple paths through the wireless network. The Adaptive Wireless Path (AWP) protocol runs between APs to determine the best path to the wired network. APs choose backup paths if the best path fails.

Monday, January 4, 2010

Virtual Router Redundancy Protocol (VRRP)

Virtual Router Redundancy Protocol (VRRP) is similar to HSRP, but it is an open standard (RFC 2338). Two or more devices act as a virtual router. With VRRP, however, the IP address used can be either a virtual one or the actual IP address of the primary router.

The VRRP Master router forwards traffic. The master is chosen because 1) it owns the real address, or 2) it has the highest priority (default is 100). If a real address is being supported, the owner of real address must be master. A Backup router takes over if the master fails, and there can be multiple backup routers. They monitor periodic hellos multicast by the master to 224.0.0.18, using UDP port 112, to detect a failure of the master router.

Multiple VRRP groups are allowed, just as with HSRP.

Routers in the same VRRP group must belong to the same subnet/VLAN. To enable VRRP, give this command vrrp groupnumber ip virtual-IP-address under the interface connecting to that
subnet or VLAN:

Router(config-if)#vrrp 39 ip 10.0.0.1

Control the master and backup elections by configuring priority values from 1–255. If a master VRRP router is shutdown, it advertises a priority of 0. This triggers the backup routers to hold an election without waiting for the master’s hellos to time out.

Router(config-if)#vrrp 39 priority 175

VRRP uses the following timers:

  • Advertisement, or hello, interval in seconds. Default is 1 second.
  • Master down interval. Equals (3 x advertisement interval) plus skew time. Similar to a hold or dead timer.
  • Skew time. (256–priority) / 256. This is meant to ensure that the highest priority backup router becomes master, since higher priority routers have shorter master down intervals.

To change the timers on the master, use the following command because it is the router that advertises the hellos:

Router(config-if)#vrrp 39 timers advertise 5

To change the timers on the backup routers, use the following command because they hear the hellos from the master:

Router(config-if)#vrrp 39 timers learn


GLBP

One issue with both HSRP and VRRP is that only the primary router is in use, the others must wait for the primary to fail before they are used. These two protocols use groups to get around that limitation. However, Gateway Load Balancing Protocol (GLBP) allows the simultaneous use of up to four gateways, thus maximizing bandwidth. With GLBP, there is still one virtual IP address. However, each participating router has a virtual MAC address, and different routers’ virtual MAC addresses are sent in answer to ARPs sent to the virtual IP address. GLBP can also use groups up to a maximum of 1024 per physical interface.

The load sharing is done in one of three ways:
  • Weighted load balancing—Traffic is balanced proportional to a configured weight.
  • Host-dependent load balancing—A given host always uses the same router.
  • Round-robin load balancing—Each router MAC is used to respond to ARP requests in turn.

GLBP routers elect an Active Virtual Gateway (AVG). It is the only router to respond to ARPs. It uses this capacity to balance the load among the GLBP routers. The highest priority router is the AVG; the highest configured IP address is used in case of a tie.

The actual router used by a host is its Active Virtual Forwarder (AVF). GLBP group members multicast hellos every 3 seconds to IP address 224.0.0.102, UDP port 3222. If one router goes down, another router answers for its MAC address.

Configure GLBP with the interface command glbp group-number ip virtual-IP-address, as shown:

Router(config-if)#glbp 39 ip 10.0.0.1

To ensure deterministic elections, each router can be configured with a priority. The default priority is 100:

Router(config-if)#glbp 39 priority 150


Hello and hold (or dead) timers can be configured for each interface with the command glbp group-number timers [msec] hello-time [msec] hold-time. Values are in seconds unless the msec keyword is used.

GLBP can also track interfaces; if an interface goes down, another router answers for the first router’s MAC address.