Hello everyone,
Today I will share the WLAN networking mode.
Fat AP architecture
This architecture is also called autonomous network architecture because it does not require a dedicated device for centralized control and can implement functions such as wireless user access, Service data encryption, and service data packet forwarding.
Applicable scope: home
Characteristics: A Fat AP works independently and requires separate configurations. It provides only simple functions and is cost-effective.
Disadvantages: The increase in the WLAN coverage area and the number of access Users require more and more Fat APs. No unified control device is available for these independently working Fat APs. Therefore, it is difficult to manage and maintain the Fat APs.
"AC + Fit AP" Architecture
The AC and Fit APs communicate through CAPWAP. With CAPWAP, APs automatically discover the AC, the AC authenticates the APs, and the APs obtain the software package and the initial and dynamic configurations from the AC. CAPWAP tunnels are established between the AC and APs. CAPWAP tunnels include control and data tunnels. The control tunnel is used to transmit control packets (also called management packets, which are used by the AC to manage and control APs). The data tunnel is used to transmit data packets. The CAPWAP tunnels allow for Datagram
Transport Layer Security (DTL9) encryption, so that transmitted packets are more secure.
Compared with the Fat AP architecture, the "AC + Fit AP” architecture has the following advantages:
l Configuration and deployment: The AC centrally configures and manages the wireless network so that you do not need to configure each AP separately. In addition, the channels and power of APs on the entire network are automatically adjusted, eliminating the need for manual adjustment.
l Security: Fat APs cannot be upgraded in a unified manner which cannot ensure the latest security patches are installed for all AP versions. In the "AC + Fit AP” architecture, security capabilities are mainly implemented on the AC, and we only need to perform the software upgrade and security configuration on the AC. This allows for quick global security settings. Additionally, to prevent malicious code from being loaded, the AC performs digital signature authentication on the software, enhancing the security of the update process. The AC also implements some security functions that are not supported by the Fat AP architecture, including advanced security features such as virus detection, uniform resource locator (URL) filtering, and stateful inspection firewall.
l Upgrade and extension: The centralized management model of this architecture enables APs on the same AC to run the same software version. When an upgrade is required, the AC obtains the new software package or patch and then upgrades the AP version. The separation of AP and AC functions prevents frequent AP version upgrades. We only need to update the user authentication, network management, and security functions on the AC.
"AC + Fit AP" Networking
Layer 2 Networking vs Layer 3 Networking
Layer 2 Networking
Description: The AC and Fit APs are in the same broadcast domain. The Fit APs can directly discover the AC through local broadcast. The networking, configuration, and management are simple.
Application scope: Layer 2 networking applies to Small-scale networks, such as small-sized enterprise networks, and is not recommended for large-sized enterprises that use complex WLAN networking, and require fine-grained management.
Layer 3 Networking
Description: The AC and Fit APs are in different network segments. The intermediate network must ensure that the Fit APs and AC are reachable to each other Additional configurations are required to enable the Fit APs to discover the AC. The networking is flexible and easy to expand.
Application scope: Layer 3 networking is suitable for medium- and large-scale networks. For example, on a Large-scale campus network, APs are deployed in each building for wireless coverage, and the AC is deployed in the core equipment room for unified management and control In this case, a Complex Layer 3 network must be deployed between the AC and Fit APs.
In-Path Networking vs off-path Networking
In-Path Networking
Description: An AC functions as both a wireless access controller and an aggregation Switch to centrally forward and process the data and management services of APs.
Application scope: newly deployed small- and medium-scale centralized WLANs
Off-Path Networking
Description: An AC is connected to the live network in off-path mode and processes only the management Services of APs. The Service data of APs reaches the uplink network without passing through the AC-
Application scope: network reconstruction or construction of large- and medium-sized campus networks.
Direct Forwarding
Indirect forwarding mode, wireless user service data is translated on the AP from 802.3 packets into 802.11 packets, which are then forwarded by an upstream aggregation switch.
The AC only manages APs, and service data is forwarded locally. Management traffic is encapsulated in the CAPWAP tunnel and terminated on the AC, whereas AP service data traffic is directly forwarded by the AP to a Switching device without CAPWAP encapsulation.
The data forwarding mode is commonly used. Wireless user service data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the Usage of existing security policies. Therefore, this mode is recommended for converged network deployment.
Direct forwarding is often used in in-path networking mode. This networking model simplifies the network architecture and applies to small- and medium-scale centralized WLANs.
Direct forwarding can also be used in off-path networking mode. In this mode, wireless user service data does not need to be processed by an AC, eliminating the bandwidth bottleneck and facilitating the usage of existing security policies. This mode applies to wired and wireless converged large-scale campus networks or HQ-branch scenarios.
Tunnel Forwarding
Tunnel forwarding is usually used together with off-path networking. The AC centrally forwards data packets, which are secure and facilitates centralized management and control. New devices can be easily deployed and configured, with small changes to the live network. This forwarding mode applies to independent WLAN deployment or centralized management and control on large-scale campus networks.
Comparison of "AC + Fit AP" Networking Modes
Cloud Management Architecture
Traditional network solutions have many network deployment problems, such as high deployment costs and O&M difficulties. These problems are obvious in enterprises with many branches or geographically dispersed branches. The cloud management architecture can solve these problems. Using this architecture, devices can be managed and maintained in a centralized manner at any place, greatly reducing network deployment and O&M costs.
After a cloud AP is deployed, the network administrator does not need to go to the site for cloud AP software commissioning. After being powered on, the cloud AP automatically connects to the specified cloud management platform to load system files such as the configuration file, software package, and patch file. In this manner, the cloud AP can go online with zero-touch configuration. The network administrator can deliver configurations to the cloud AP through the cloud management platform at any time and anywhere, facilitating batch service configurations.
Leader AP Architecture
Some micro and small enterprises need to build their own wireless networks that are managed independently without the cloud management architecture. If the Fat AP architecture is used, APs cannot be managed and maintained in a unified manner and users cannot enjoy a good roaming experience. If the "AC + Fit AP" architecture is used, only a few APs are required due to the small number of STAs and the small wireless coverage area, but the AC and license costs are high. If an AP can manage other APs and provide unified O&M capability and continuous roaming experience, the enterprises' requirements can be met. The leader AP architecture designed by Huawei will work.
The leader AP architecture involves APs only. After purchasing APs, a user can set one AP to the leader AP mode and connect the other APs to the network in Fit AP mode. The other APs communicate with the leader AP at Layer 2. After the leader AP broadcasts its role on the Layer 2 network, the other APs automatically discover and connect to the leader AP. Similar to the AC, the leader AP provides unified access management, configuration, and O&M based on CAPWAP tunnels, enabling centralized wireless resource management and roaming management. Users only need to log in to the leader AP and configure wireless services. After the configuration, all APs provide the same wireless services, and STAs can roam between different APs.
WLAN Networking Architecture Comparison
That is all I want to share with you! Thank you!
