The Light Weight Access Point Protocol by aoa12282

VIEWS: 10 PAGES: 14

									
























    The
Light
Weight
Access
Point
Protocol

      Monmouth
College
Computer
Science
Department

             COMP450
–
Independent
Study

                            

                            

                   By:
Daniel
Krueger


                    December
2008



























Purpose



      Laptops,
IP
phones,
and
other
mobile
computing
devices
are
becoming


staples
in
the
corporate
workplace,
consequently
increasing
the
demand
for
larger,


more
intricate
wireless
network
solutions.
However,
increasing
a
wireless
local
area


network
(WLAN)
infrastructure
brings
to
attention
several
challenges
and
concerns.



Administration



      Inherently,
staffing
and
administration
costs
will
increase,
as
a
larger


deployment
will
have
an
increased
amount
of
problems.
Isolating
and
diagnosing


WLAN
issues
become
a
more
involved
and
time‐consuming
task,
due
to
the
shear


size
of
the
infrastructure.
Thus,
administration
costs
can
be
expected
to
increase
at
a


greater
than
linear
rate.


Security



      A
major
concern
is
network
security.
WLAN
environments
of
every
size
have


increased
security
vulnerabilities
over
their
wired
local
area
network
(LAN)


predecessors,
as
the
network
transmission
media
is
air,
a
physically
open
medium.


Visibility
of
threats
is
limited,
and
may
not
be
detected
unless
a
user
reports
a


problem.
The
probability
of
being
victimized
in
a
WLAN
attack
increases
as
the


infrastructure
grows.


Scalability



      A
function
of
the
WLAN
is
having
the
ability
to
roam
throughout
the
domain,


while
always
maintaining
network
connectivity.
Therefore,
unlike
a
wired
LAN,
a


single
user
may
connect
through
various
points
of
the
infrastructure.
However,
as


the
WLAN
grows
and
more
access
points
are
added,
controls
are
needed
for
“load


balancing”,
or
managing
the
aggregate
amount
of
users
throughout
the
domain.


Efficient
load
balancing
maintains
scalability
through
maximizing
user
throughput


and
signal
strength.
Failure
to
implement
these
controls
may
have
brutal


consequences
on
scalability.


       Cisco
System
Inc.’s
proprietary
Light
Weight
Access
Point
Protocol
(LWAPP)


was
developed
to
address
these
emerging
issues
in
wireless
networks.
The
purpose


of
this
report
is
to
explore
the
LWAPP
technology
and
determine
under
what


conditions
it
would
be
beneficial
for
an
institution
to
integrate
LWAPP
into
its
WLAN


architecture.



       


Background


Traditional
WLAN
Architecture


       Traditional
WLAN
solutions,
prior
to
LWAPP,
use
“fat”
wireless
access
points


to
provide
network
connectivity.
A
“fat”
wireless
access
point
operates
on
a
stand‐

alone
basis,
as
it
contains
all
necessary
information
to
handle
wireless
clients


(Meyer).
Thus,
the
traditional
architecture
pushed
all
traffic
handling,


authentication/security,
RF
management,
and
mobility
functions
out
to
the


individual
“fat”
access
point
(Calhoun
Aaron).


   Because
these
access
points
operate
in
isolation,
and
the
visibility
of
all
802.11


traffic
is
limited
to
individual
access
points
only,
this
architecture
is
inherently


flawed.
Therefore,
several
downsides
are
present:



   •   Operations
and
staffing
costs
increase
greatly,
as
it
is
more
difficult
for


       network
administrators
to
diagnose
and
address
WLAN
problems.



   •   Network‐wide
attacks
and
interference
are
not
visible
across
the
system.


       This
has
implications
for
security
policy
enforcement,
as
well
as
the
inability

       to
detect
and
mitigate
rogue
devices,
denial
of
service
(DoS)
attacks,
and


       other
malicious
network
activities.


   •   A
system
cannot
correlate
activity
across
the
wireless
network.
Enabling


       optimized,
real‐time
load
balancing
between
access
points
is
limited
to


       manual
configurations.


   •   An
enterprise’s
security
is
challenged,
should
an
access
point
be
stolen
or


       comprised
(Understanding
the
Lightweight
Access
Point
Protocol
(LWAPP)).


An
Industry
Response


       As
a
response
to
these
issues
with
traditional
wireless
networks,
many


equipment
vendors
announced
new
architectures
to
centralize
WLAN
intelligence


for
better
performance.
The
arrival
of
WLAN
switch
start‐ups
in
the
early
2000’s


encouraged
the
trend
toward
centralized
management,
based
on
“thin”
access


points
connected
to
the
wired
network
via
a
WLAN
switch
(Calhoun
Aaron).
A
“thin”


access
point
is
essentially
a
radio
antenna
connected
to
and
controlled
by
the
WLAN


switch.
By
centralizing
key
intelligence
functions
within
the
switch,
these
functions


could
be
managed
across
the
entire
wireless
enterprise.
Therefore,
reducing
the


amount
of
time
spend
on
configuring,
monitoring,
or
troubleshooting
a
large


network.
The
system
would
also
allow
network
administrators
to
closely
analyze


the
network
(Meyer).



       Airespace,
a
Wi‐FI
infrastructure
management
company
who
owned
LWAPP


related
patents,
focused
on
controlling
multiple
access
points
simultaneously.
They


sought
to
create
interoperability
between
thin
access
points
and
WLAN
switches


from
different
vendors.
In
June
2003,
Cisco
Systems
Inc.
introduced
its
own


approach
to
WLAN
and
management,
Structured
Wireless‐Aware
Network
solution.

Shortly
thereafter,
Cisco
acquired
Airespace,
and
reversed
its
prior
negative
position


on
LWAPP,
endorsing
Airespace’s
LWAPP
technology
(Griffith).


Argument
for
a
Standard



      For
several
years
the
Internet
Engineering
Task
Force
(IETF)
had
been


working
on
a
protocol
for
controlling
and
provisioning
of
wireless
access
point,


driven
largely
by
the
proliferation
of
productions
that
used
“thin”
access
points
with


centralized
WLAN
intelligence
(Vance).
The
need
for
a
standard
to
govern
how
these


devices
communicate
with
one
another
was
best
described
by
Alan
Cohen,
then


vice‐president
at
Airespace,


       Standardization
drives
adoption,
LWAPP
is
essentially
USB
for
WAN
[access


       points]
and
network
devices.
USB
allows
you
to
plug
a
printer
or
a
CD
burner


       into
a
PC,
and
it
connects
at
a
very
high
speed.
With
USB
in
place,
the
issue
of


       how
to
connect
any
new
device
is
taken
off
the
table.
This
encourages
people
to


       create.
So
when
HP
comes
out
with
a
new
photo
printer
or
Apple
comes
out


       with
the
iPod,
they
just
work.
The
same
is
true
with
LWAPP.
When
you
deploy
a


       wireless
switch,
along
with
any
type
of
LWAPP­enabled
[access
point],
they
will


       work
(Qtd.
in
Vance).



      The
LWAPP
protocol
proposal
pushed
by
Cisco
would
standardize
the


communications
protocol
between
access
points
and
WLAN
systems
(controllers,


switches,
routers,
etc.)
It
defines
the
control
messaging
for
setup
and
path


authentication
and
run‐time
operations.
LWAPP
also
defines
the
tunneling


mechanism
for
data
traffic.
Specifically,
it
would:

    •   Provide
consistent
behavior
across
WLAN
devices
via
generic
encapsulation


        and
transport
mechanism,
thereby
ensuring
multi‐vendor
WLA


        interoperability
and
protection
of
WLAN
hardware
investments.


    •   Reducing
processing
within
an
access
point,
freeing
the
limited
resources
to


        focus
on
wireless
access
(not
filtering
and
policy
enforcement).
Access
points


        are
essentially
remote
radio
frequency
interfaces
that
no
longer
house
all
the


        mandatory
wireless
processing
capabilities.


    •   Permit
traffic
handling,
authentication,
encryption,
and
policy
enforcement
to


        be
centralized
for
an
entire
WLAN
system,
thereby
simplifying
WLAN


        deployment
and
management
(Understanding
the
Lightweight
Access
Point


        Protocol
(LWAPP)).


        Although
this
specific
protocol
has
so
far
not
been
popular
beyond
the


    Airespace/Cisco
product
lines,
the
CAPWAP
(control
and
provisioning
of


    wireless
access
points)
standard
is
based
on
LWAPP.
Still
considered


    proprietary,
LWAPP
systems
compete
with
other
non‐standard
lightweight


    wireless
mechanisms
from
companies
like
Aruba
and
Trapeze
Networks
(IETF


    selects
Cisco's
LWAPP).


The
LWAPP
Technology



       Cisco’s
specific
Centralized
Wireless
LAN
Architecture
uses
access
points


operating
in
light‐weight
(thin)
mode.
The
access
points
associate
to
the
WLAN


switch,
a
Cisco
wireless
LAN
controller.
The
controller
manages
initial
configuration,


firmware
upgrades,
and
control
transactions,
such
as
802.1x
authentications.


Additionally,
all
wireless
data
traffic
is
tunneled
through
the
controllers
(Upgrading


Autonomous
Cisco
Aironet
Access
Points
to
Lightweight
Mode).


      An
access
point
discovers
a
controller
using
LWAPP
discovery
mechanisms


and
then
sends
it
an
LWAPP
join
request.
Replying
with
an
LWAPP
join
response,


the
controller
adds
the
access
point
to
the
RF
domain.
After
joining
the
domain,
the


access
point
will
download
any
necessary
software
revisions
to
match
that
of
the


controller.
The
transactions
between
controller
and
access
point
are
secured
key


certificates,
requiring
already
provisioned
X.509
certificates
on
both
the
access


points
and
controller
(Upgrading
Autonomous
Cisco
Aironet
Access
Points
to


Lightweight
Mode).


       A
more
in
depth
look
at
a
single
Cisco
AP
option,
the
Cisco
Aironet
1000


Series
indicates
the
access
point
provides
dual
band
support
for
802.11a
and


802.11b/g
channels,
and
load‐balances
between
bands
for
real‐time
RF


management
(Lightweight
Access
Point
FAQ).
The
plethora
of
channels
allows


clients
an
uninterrupted,
reliable
connection,
despite
any
RF
or
electromagnetic


interference.
The
access
point
is
“zero
touch”
deployed,
as
no
individual


configuration
is
necessary
(Upgrading
Autonomous
Cisco
Aironet
Access
Points
to


Lightweight
Mode).





Case
Studies


LWAPP
Deployed
at
Cisco
Systems
Inc.


       In
a
move
to
upgrade
its
wireless
infrastructure
and
serve
as
a
real‐world


model
for
customers,
Cisco
significantly
improved
its
WLAN
architecture
in
2006


through
adopting
its
own
LWAPP
technology.
By
2005,
it
became
apparent
a
major


renovation
of
the
WLAN
was
required.
User
saturation
of
the
current
infrastructure

was
near,
and
the
company
required
a
WLAN
with
better
security
and
reduced


support
costs.
Specfically,
these
objectives
included:


   •   Accessibility—
Increased
WLAN
coverage,
accessibility
and
performance
for


       60,000
users.


   •   Availability—Use
a
tool
suite
that
provides
visibility
into
service‐impacting


       incidents;
support
new
features
like
Layer
2
roaming,
Call
Admission
Control,


       and
QoS.


   •   Security—Limit
vulnerability
to
attack
and
loss
of
intellectual
property
by


       detecting
rogue
AP’s
through
radio
based‐scanning;
support
802.11i
security


       standards
(Wireless
Case
Study:
How
Cisco
Upgraded
Its
Wireless


       Infrastructure).


       The
solution,
based
on
the
Cisco
Unified
Wireless
Network,
extended
from


the
company
headquarters
campus
to
both
large/mid‐size
field
offices
and
small


remote
office
locations.
Predicated
on
three
main
designs,
the
architecture
plan


used
both
autonomous
(fat),
and
LWAPP
(thin),
access
points.
At
the
main


headquarters
campus,
the
WLAN
design
used
Aironet
1130AG
series
access
points,


as
they
offer
features
such
as
dual
band
and
802.11i
security
compliance.


Authorized
user
traffic
would
be
carried
over
LWAPP
tunnels,
while
guest
traffic


would
be
carried
in
a
generic
routing
encapsulation
(GRE)
tunnel
(Wireless
Case


Study:
How
Cisco
Upgraded
Its
Wireless
Infrastructure).


       At
the
midsized
and
larger
field
offices,
a
centralized
WLAN
solution
was


also
employed,
using
Aironet
1130AG
Series
SP’s
controlled
by
two
4400
Series


WLAN
controllers.
The
controllers
manage
office‐wide
WLAN
functions
like
security

policies,
intrusion
prevention,
Auto
RF,
QoS,
and
mobility
(Wireless
Case
Study:
How


Cisco
Upgraded
Its
Wireless
Infrastructure).



       After
the
implementation
of
LWAPP
into
the
WLAN
infrastructure,
notable


benefits
were
immediately
evident:


    •   A
600%
increase
in
aggregate
wireless
bandwidth,
achieved
by
nearly


        doubling
AP’s
and
using
higher
bandwidth
protocols.
The
user‐to‐AP
ratio


        approached
15:1,
(versus
the
previous
25:1),
yielding
approximeately
2.3


        Mbps
bandwidth
per
user
on
a
single
radio
interface.


    •   Greater
reliability
as
measured
by
a
95%
reduction
in
incidents
affecting


        service
to
users,
which
delivers
an
estimated
cost
avoidance
of
US$1.4


        million/year.


    •   Reduced
operational
costs,
estimated
at
30%
savings.


    •   New
security
capabilities,
although
this
was
flagged
as
an
enhancement


        opportunity
for
continued
pursuit.


    •   Employee
productivity
gains,
of
almost
1
to
1.5
hours
of
productive
time


        every
day
by
using
wireless
access.
This
equates
to
more
than


        US$24,000/user
annually
(Wireless
Case
Study:
How
Cisco
Upgraded
Its


        Wireless
Infrastructure).


LWAPP:
Syracuse
University,
Test



       Using
the
Real
World
Lab
at
Syracuse
University,
a
small‐scale
Aironet
1500


mesh
network
was
set‐up
for
evaluation
(Badman).


        Wireless
mesh
networks
are
designed
for
broad
coverage
encompassing


outdoor
settings:
typically
urban
areas,
corporate
or
other
campus
environments


like
hospitals
and
educational
institutions.
Variables
beyond
providers’
control
that

will
unpredictably
affect
performance
include
outdoor
physical
obstacles
like
signs,


awnings,
trees,
competing
networks,
etc.
Mesh
networks
differ
from
traditional


WLAN
systems
in
that
many
access
points
are
used;
however
only
a
portion
of
them


connects
to
the
wired
Ethernet
network.
The
additional
access
points
serve
as


repeaters
to
amplify
the
pre‐existing
wireless
signal.
In
Cisco’s
1500
series
access


points,
the
traffic
routing
is
executed
using
Cisco’s
AWPP
(Adaptive
Wireless
Path


Protocol).
The
1500
series
are
built
designed
specifically
for
use
with
LWAPP,
which


implies
the
access
points
are
essentially
useless
until
connected
to
a
controller
for


intelligence
(Badman).



       To
create
the
mesh,
Syracuse
University
deployed
several
1500
series
access


points
connected
to
the
typical
Ethernet
network
via
the
controller.
Significantly


more
“stand
alone,”
repeater
access
points
were
positioned
on
streetlight
poles
and


other
tall
apertures
(Badman).


       


       


       Findings
from
the
test
include:


   •   LWAPP
architecture
does
not
integrate
with
legacy
Cisco
WLAN’s.
Cisco’s


       legacy
access
points,
prior
to
the
Aironet
1000
Series,
cannot
be
used
as
a


       thin
access
point
in
an
LWAPP
environment.
Thus,
a
renovation
of
network


       infrastructure
and
replacement
of
existing
access
points
may
be
required
for


       certain
companies
adopting
the
technology.


   •   No
radio
power
or
activity
indicator
is
present
on
Cisco’s
1500
series
access


       points.
Thus,
the
entire
system
must
be
fully
implemented
and
then
verified

        through
the
management
console.
Cisco
agrees
this
issue
must
be
addressed


        (Badman).


        


Analysis


Benefits



       Through
centralizing
WLAN
intelligence,
LWAPP
efficiently
addresses
many


of
the
deficiencies
and
challenges
emerging
from
growing
WLAN
infrastructures.


    •   Ease
of
administration
is
achieved;
therefore,
drastically
reducing
operating


        costs.
Specifically,
in
Cisco’s
deployment,
there
was
a
95%
decrease
in


        network
connectivity
incidents,
and
an
overall
30%
decrease
in


        administration
and
staffing
costs.


    •   Security
is
enhanced,
as
security
policies,
encryption
keys,
and
other


        sensitive
information
is
stored
centrally
on
a
WLAN
controller,
removing
all


        privileged
information
from
the
individual
access
points.
Additionally,
rogue


        devices
are
easily
detected
and
visible
to
administrators
in
the
management


        console.


    •   Greater
scalability
is
achieved
with
layer
2
roaming
and
QoS
algorithms
on


        the
WLAN
controller,
as
load
balancing
of
users
can
be
done
more
efficiently.


        Cisco
received
an
average
2.3
Mbps
bandwidth
increase
per
user,
with
a


        600%
overall
bandwidth
increase.
Furthermore,
the
user‐to‐AP
ratio


        decreased
on
average
by
10
users.


Deficits



       Although
Cisco
System’s
LWAPP
technology
mitigates
many
of
the
potential


WLAN
issues,
the
technology
has
several
drawbacks
and
insufficiencies.

    •   LWAPP
is
potentially
an
expensive
venture,
as
Syracuse
University


        discovered,
legacy
Cisco
access
points
are
not
compatible
with
the
WLAN


        controllers.
Thus,
any
institution
wishing
to
adopt
LWAPP
must
have
the


        compatible
access
points,
or
replace
every
existing,
non‐compatible
unit.


    •   Being
a
proprietary
protocol,
there
is
no
guarantee
for
future
vendor


        support.
Although
LWAPP
is
currently
the
industry
leader
for
WLAN


        management,
other
companies
such
as
Meru,
Aruba,
and
Trapeze
Networks


        are
competing
for
market
share.
Therefore,
if
the
IEFT
adopts
a
different


        vendor
as
the
CAPWAP
standard,
support
for
LWAPP
may
be
abolished,


        making
the
technology
obsolete.


Integration
of
LWAPP



       An
institution
best
suited
to
adopt
Cisco
System’s
LWAPP
technology
has


the
financial
resources
for
the
initial
investment.
The
WLAN
should
minimally
be
an


enterprise
level
network,
as
the
return
on
investment
(ROI)
is
directly
related
to


size
of
the
infrastructure.
Thus,
the
larger
and
more
widely
dispersed
the
network,


the
greater
ROI
one
can
expect.

Furthermore,
there
should
be
a
demand
for
reduced


administration,
and/or
increased
security,
as
these
are
the
areas
in
which
LWAPP


offers
the
greatest
ROI.



       Obviously,
centralized
WLAN
management,
and
more
specifically
LWAPP
is


not
a
technology
for
every
institution’s
wireless
architecture.
Smaller
WLAN


infrastructures
that
are
administered
by
a
single
individual,
or
wireless


environments
contained
in
one
geographical
location
are
best
served
with
the


traditional,
autonomous
access
point
configuration.

The
ROI
will
be
less
or
non‐

existent
in
a
small
to
medium
size
environment,
as
the
benefits
will
be
less

prominent.
Even
in
information
sensitive
environments
where
security
is
a
staple


the
autonomous
configuration
will
suffice
because
the
smaller
WLAN
size
greatly


mitigates
the
possibility
of
security
oversights.
However,
such
an
institution


considering
building
an
entirely
new
WLAN
should
use
Cisco
access
points
with


LWAPP
compatibility.
Thus,
when
the
cost
of
LWAPP
licenses
decreases,
the


institution
will
have
a
fully
compatible
infrastructure
for
adopting
LWAPP,
should


they
so
choose.



      These
recommendations
are
based
on
the
assumption
that
Cisco
System’s


LWAPP
technology
will
be
the
dominant
protocol
for
the
controlling
and


provisioning
of
access
points,
and
possibly
the
standard
as
named
by
the
IETF
in
the


proceeding
years.




Works Cited

Badman, Lee. "Cisco Aironet 1500." Network Computing. 17 Jan. 2006. United Business
     Media LLC. 11 Nov. 2008
     <http://www.networkcomputing.com/showarticle.jhtml?articleid=175803961>.

Calhoun, Pat, and Jeff Aaron. "LWAPP brings harmony to WLANs." Network World. 1
      Dec. 2003. Microsoft. 20 Nov. 2008
      <http://www.networkworld.com/news/tech/2003/1201techupdate.html>.

Griffith, Eric. "Unpatched Cisco/Airespace WLANs at Risk." Wi-Fi Planet. 3 Nov. 2005.
        Jupitermedia Corporation. 20 Nov. 2008 <http://www.wi-
        fiplanet.com/news/article.php/3561421>.

"IETF selects Cisco's LWAPP." Fierce Broadband Wireless. 10 Jan. 2006. FierceMarkets
       Inc. 20 Nov. 2008 <http://www.fiercebroadbandwireless.com/story/ietf-selects-
       cisco-s-lwapp/2006-01-11>.

"Lightweight Access Point FAQ." Cisco. Cisco Systems Inc. 11 Nov. 2008
       <http://www.cisco.com/en/us/products/hw/wireless/ps430/products_qanda_item0
       9186a00806a4da3.shtml>.

Meyer, Eric. "Wireless Access Points: Thin vs Fat." Ezine Articles. 2008. 20 Nov. 2008
       <http://ezinearticles.com/?wireless-access-points:-thin-vs-fat&id=260040>.

"Understanding the Lightweight Access Point Protocol (LWAPP)." Cisco. 2005. Cisco
      Systems Inc. 11 Nov. 2008
      <http://www.cisco.com/en/us/prod/collateral/wireless/ps5678/ps6306/prod_white
      _paper0900aecd802c18ee.html>.

"Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode." Cisco. 24
      Apr. 2008. Cisco Systems Inc. 20 Nov. 2008
      <http://www.cisco.com/en/us/docs/wireless/access_point/conversion/lwapp/upgra
      de/guide/lwapnote.html>.

Vance, Jeff. "The LWAPP flap." Network World. 1 May 2004. Microsoft. 20 Nov. 2008
       <http://www.networkworld.com/research/2004/0105lwapp.html>.

"Wireless Case Study: How Cisco Upgraded Its Wireless Infrastructure." Cisco. Cisco
       Systems Inc. 11 Nov. 2008
       <http://www.cisco.com/web/about/ciscoitatwork/mobility/ngwlan_web.html>.





								
To top