bluebay2014 - Fotolia
The wireless LAN market remains extremely competitive, with vendors like Cisco, Aruba, Ruckus, HP and Meru all jostling to get a foot in enterprises' doors. It's an environment that spurs innovation, and software-defined networking (SDN) is one such area on its way to improving the way wireless networks are deployed and managed.
The basic tenet of SDN -- separating the control plane from the data plane -- should sound familiar to any network engineer who has worked with Wi-Fi architectures that rely on a centralized controller to communicate with access points (APs). But until recently, there were very few use cases for SDN in wireless LANs (WLANs). Most of the focus was on SDN's role in unified wired and wireless network management. That's slowly beginning to change.
"Consider 2014 as the year of embarking on the journey of leveraging SDN for WLAN," says Rohit Mehra, IDC's vice president of network infrastructure. "This year, campus networking solution providers are exploring the various ways SDN concepts can provide value to both wired and wireless enterprise networks."
The shift to SDN for most WLAN vendors will be gradual: At least some of their current wireless controller capabilities will continue to be used to control and manage APs for security, policy, network management or even to control radio frequency.
"One way to get started is to combine proprietary [wireless] protocols and technologies in parallel with SDN-specific protocols, such as OpenFlow or other alternatives, to introduce the technology -- using both wherever it makes sense," Mehra says. "This is an opportunity to really explore which technologies or vendors' implementations best meet your requirements."
How is SDN changing WLAN architectures?
Traditional, controller-based WLAN architectures tend to be closed and not programmable. In other words, most vendors currently use proprietary protocols to facilitate communication between the controller and APs; this lack of interoperability between different vendors' products can be problematic.
Another issue concerns the de facto WLAN standard CAPWAP, an acronym for Control and Provisioning of Wireless Access Points. CAPWAP is a protocol that enables controllers to manage APs. It has been significantly modified with vendor extensions or simply isn't implemented in an interoperable way, according to Paul Congdon, chairman of the Open Networking Foundation's (ONF) Wireless and Mobile Working Group.
"It's essentially a combination of all the different pieces -- the control plane, data plane and management plane -- all bundled into a hardware-based controller," says Congdon, who is also chief technology officer at Tallac Networks, a startup that sells its cloud-based SDN platform for Wi-Fi control and provisioning exclusively through channel partners.
This is where SDN comes in. It allows engineers to break apart all three planes and deploy them in different ways -- via software constructs -- locally in servers, in data centers and even in cloud-based WLAN architectures.
SDN-specific protocols like OpenFlow provide this "missing interoperability" between controllers and APs in a multi-vendor environment by making the management of both the control and data planes possible. OpenFlow's agent -- vSwitch -- now resides within the AP itself, which conveniently puts the data plane right on the AP, according to Congdon.
"To us, SDN is the great neutralizer," says Steve Singlar, president of Single Digits Inc., a network operator based in Bedford, N.H., that provides high-speed Internet access, guest management software and technical support to clients in the hospitality, retail and transportation industries, and at large venues such as stadiums. Single Digits is exploring the use of SDN in its clients' wireless networks.
Thanks to OpenFlow, says Singlar, "there's a common language to control all vendors' hardware, which ultimately allows our customers to buy infrastructure hardware at a lower cost, and then license the applications and feature sets that are specifically relevant instead of paying for unnecessary feature sets."
OpenFlow's flow table also "provides very fine-grained control of traffic, which lets us create powerful and flexible policy configurations," says the ONF's Congdon. "In traditional WLANs, we use 802.1X and RADIUS attributes for policy enforcement. Now, with SDN, we can use 802.1X and OpenFlow rules to enforce policy to get much richer capability."
SDN for wireless application performance
One of the key benefits of SDN is that it enables the fine-tuned control and definition of flows necessary to identify and map applications differently -- allowing network engineers to define different levels of security, quality of service or access control in a very granular manner. This benefit would extend to wireless networks as well.
"RADIUS doesn't have quite the same level of expressiveness, so now we're able to better identify and treat traffic from individual applications and give them the differentiated services they need," Congdon explains.
For a long time, Single Digits struggled to find ways to get access to clients at the edge of the network, "which is the on-ramp to connect to the network," Singlar says.
"With OpenFlow and SDN," he adds, "we can finally control granularity at the edge of the network rather than at the head-end of the network."
Another big benefit of an SDN-enabled WLAN comes from the separation of control and data planes.
"By using OpenFlow messaging and constructs to configure the data plane right at the edge in the access point, we can direct traffic locally, to a tunnel or a remote destination," Singlar says.
Controlling traffic right at the edge improves performance with the lowest latency possible.
"CAPWAP has a centralized architecture, which involves forwarding application traffic back to a hardware controller and dealing with it there, which obviously creates a bottleneck inside that controller," Congdon says.
There are some misconceptions about how exactly this works. One bogus notion is that all of OpenFlow's traffic goes through the controller.
"That's exactly what we're not doing," Congdon says. "OpenFlow gives us much better control at the edge. There's a common misconception that some sort of centralized forwarding is required because you have centralized management."
The debate between OpenFlow "purists" and "hybridists" about whether or not devices should only support OpenFlow for control is also generating some confusion.
Hybrid models that partially incorporate OpenFlow control in WLANs can be beneficial, and they are being explored to simplify some Wi-Fi configuration and management to suit specific needs.
"On a per-service-set-identifier basis, you can opt to either use OpenFlow or not -- it's not mandatory," Congdon says. "A common assumption is that once you 'go OpenFlow,' you need a controller for everything. For advanced capabilities, typically yes. But you don't necessarily need it if you just want basic centralized or cloud-managed Wi-Fi."
Single Digits, for example, is currently in a hybrid mode, taking its current architecture and, in parallel, running a link into an OpenFlow/SDN system for its clients.
"Behind the scenes, we're slowly building up our OpenFlow and SDN knowledge and expanding our footprint," Singlar says.
SDN and OpenFlow: Data centers vs. WLANs
How exactly are SDN and OpenFlow different in a data center than in wireless networks? First, the enterprise campus WLAN is an access layer, so it connects end users to the network. Also, its policy enforcement is different from policy enforcement within a multi-tenant data center.
Although parallels exist between roaming in the access layer and virtual machine migration within the data center, Congdon points out that when clients roam and there's a handoff between networks -- say, from 3G/4G to Wi-Fi -- the resources reserved for that are much different from the resources virtual machines need within the data center, in terms of storage, CPU and bandwidth demands.
There are similarities between the data center and enterprise campus WLAN. Network virtualization and SDN in the data center enabled many as-a-service business models, and Congdon sees multi-tenancy in the access layer as "an equally interesting business proposition at the edge as within the data center."
The level of virtualization SDN provides "can be leveraged to create new as-a-service business models in the access layer as well," he adds. "Venues like shopping malls, business complexes and apartment buildings can all benefit from a single, coordinated -- but virtualized -- Wi-Fi infrastructure that tenants could simply buy as a service, as opposed to putting in their own Wi-Fi equipment and creating interference and overcrowding the spectrum."
Development of SDN-enabled WLANs is just beginning; several key things still need to happen before there is wide-scale adoption. Even then, such a model might not be suitable for everyone.
Enterprise IT pros must first identify which aspects of SDN will benefit their network before adopting it.
"We've definitely reached a stage where adoption [of SDN with wireless] is occurring -- particularly within campus environments for which multi-tenancy and as-a-service business models make sense," Congdon says. "The midmarket, which is inherently multi-tenant and lacks large IT staffs, can benefit greatly right now. Large enterprises with an IT staff running their own Wi-Fi will need to take a hard look at what SDN wireless can offer that they don't already have with a closed, proprietary system."
The bottom line is that "everyone needs to think this through carefully and clearly articulate the benefits and differentiation SDN provides for wireless LAN deployments -- otherwise it'll wind up being yet another protocol and capability, but it won't be embraced as quickly as it was in the data centers," Mehra says.
Meru aims to replace WLAN management fabrics with SDN
Aruba looks to SDN to change wireless network models
HP embeds SDN into wireless network management
- Network Evolution: Software-defined networking in action –SearchNetworking.com
- Computer Weekly – 19 November 2013: Software-defined networking explodes –SearchSecurity.com
- SDN Across the Data Center and the Network: Expert Insight –SearchSecurity.com
- Software-Defined Networking Could Make Network-as-a-Service a Reality –SearchSecurity.com