Wireless LAN Update - Department of Computer Engineering
Download
Report
Transcript Wireless LAN Update - Department of Computer Engineering
July 14,2004
Wireless LAN & Internet
Anan Phonphoem, Ph.D.
Assistant Professor
Intelligent Wireless Network Group (IWING)
http://iwing.cpe.ku.ac.th/
Computer Engineering Dept., Faculty of Engineering,
Kasetsart University
Agenda
WLAN and Internet
Wireless classification
History and present of IEEE 802.11
WLAN Security
WLAN Tendency
Case study: KUWIN
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
2/69
WLAN and Internet
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
3/69
Internet
Internet definition:
Network of network of network….
Information, Communications, Business, and
much more
How to access the Internet ?
Just a PC (device) and connection
Where can I connect?
Office, Home, or everywhere
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
4/69
Internet Connection
Normally implies “Cable Connection”
Last “string” to PC
UTP cable from Ethernet card to a switch
Phone line from modem to the outlet
Or any broadband access….
Local Area Network
WLAN is “Unwired LAN” or “No string LAN”
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
5/69
WLAN Classification
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
6/69
Wireless Classification
WWAN
GSM/ GPRS / CDMA
WMAN
IEEE802.16
WLAN
IEEE802.11
HyperLan
WPAN
Bluetooth
WAN
WAN-MAN
PAN
MAN
MAN-LAN
LAN-PAN
Pico-Cell
Personal Operating Space
~50km
Computer Engineering Department
Kasetsart University
~2km
0km
~10m
Courtesy of IEEE 802.15, Jan. 2001
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
7/69
History and present of IEEE 802.11
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
8/69
IEEE 802.11 Family
Standards Band (GHz) Raw Throughput
802.11
2.4
2Mbps (Legacy)
802.11a
802.11b
802.11g
802.11n
5
2.4
2.4
??
Computer Engineering Department
Kasetsart University
54Mbps
11Mbps
54Mbps
100 Mbps
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
9/69
IEEE 802.11 Family
Standards Descriptions
802.11c
Improves interoperability
802.11d
Multiple Regulatory Domains (Improve Roaming; New
country)
802.11e
Quality of Service (QoS); prioritizing voice or video
802.11f
Inter-Access Point Protocol (IAPP)
802.11h
Supports measuring and managing the 5-GHz radio
signals in 802.11a
802.11i
Enhanced Security (repairs WEP weakness)
802.11j
Extensions for Japan
802.11k
Passing specific radio frequency health and
management data to higher-level management apps.
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
10/69
History: 802.11 Legacy
1997: First standard
Standard name: IEEE 802.11-1997
Updated:
IEEE 802.11-1999
Starting Point for “Standard-based WLAN”
For 2 Mbps: (fallback to 1 Mbps – Noisy): Direct
sequence Spread Spectrum (DSSS) modulation
For 1-2 Mbps Frequency Hopping Spread Spectrum
(FHSS)
Both operate in ISM band 2.4 GHz
FHSS, DSSS, and infrared medium
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
11/69
802.11b
802.11b-1999
Range 50 – 100 m. (depends on obstacles)
Omnidirectial antenna
Indoor / Outdoor / Point-to-point (high-gain external
antennas)
Max throughput of 11 Mbit/s (5.5, 2, 1 Mbps)
Attenuation: Metal, Thick walls, Water, etc.
ISM Band 2.4 GHz; DSSS; CSMA/CA
14 overlapping ch. (Different ch.for different countries)
3 simultaneously ch. (such as 1, 6, and 11)
Proprietary speed extension "802.11b+" (22, 33 and
44 Mbit/s)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
12/69
802.11a
2001 (802.11a-1999)
Max throughput of 54 Mbps (Normally around 20
Mbps)
ISM Band 5 GHz (FCC may open more spectrum)
12 nonoverlapping channels,
8 dedicated to indoor
4 to point to point
Not widely deployed (US. / Japan)
802.11b popularity
Less range / More attenuation
Lack of roll back compatibility (now support a,b,and g)
In Europe considering HiperLan2
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
13/69
802.11g
3rd quarter 2003
ISM Band 2.4 GHz
Max throughput of 54 Mbps (Net 24.7 Mbps)
Fully backwards compatible with 802.11b
Dual-band / Tri-mode
supporting a, b, and g
A single wireless card / Access point
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
14/69
802.11 Wi-Fi
Specification defined by IEEE (not Compatibity
guarantee)
A special group, Wi-Fi Alliance
Group of maufacturer
Test compatibility
Guarantees interoperability (by issue Wi-Fi
Trademark)
Start with 802.11b Dual band/Tri mode (a, b, or g)
Security standard Wi-Fi Protected Access (WPA)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
15/69
WLAN Security
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
16/69
WLAN Security: Original 802.11
Service Set IDentifier (SSID)
Simple password to identify WLAN
Need correct SSID to access
Media Access Control (MAC) address
Filtering
List of MAC that allow to use
Wired Equivalent Privacy (WEP)
An encryption scheme
Have some flaws
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
17/69
WLAN Security: 802.1x
Provides secure access using port control
Provides EAP (Extensible Authentication Protocol)
Supports Kerberos, smart cards, one-time
password
Require mutual authentication from users via
access point to RADIUS (Remote Authentication
Dial-in user Service)
Improved WEP
Employ dynamic keys (instead of static keys)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
18/69
WLAN Security: WPA
Wi-Fi Protected Access (WPA)
By Wi-Fi Alliance
Design to run on existing HW as a SW
upgrade
Derived from upcoming 802.11i
Deployed in WLAN products for software
download
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
19/69
WLAN Security: WPA
Operate in 2 modes
Enterprise mode
Need network server
Sophisticated authentication mechanism
Automatic distribution keys (Master keys)
Home mode (Pre-Shared Key)
No network server
User need to enter password (Key) – for starting
point, change later
Use encryption process called Temporal Key
Integrity Protocol (TKIP)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
20/69
WLAN Security: 802.11i
Improve WPA encryption gain
Dynamic session key
Improve authentication
Implement Advanced Encryption Standard
(AES)
Message Integrity Check (MIC)
Temporal Key Integrity Protocol (TKIP)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
21/69
WLAN Tendency
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
22/69
Tendency
WiMAX
Increasing speed
More WLAN security
WLAN adoption
Technology convergence
Power over Ethernet (PoE)
Wireless LAN Hot Spot
Killer applications ???
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
23/69
Wireless Last Mile
IEEE 802.16a (WiMAX)
Last mile access (besides xDSL and cable modem)
Wireless point-to-point link
With directional antenna
Improve non-line of sight performance (eg. tree)
Install on house not the tower
Operating frequency < 11 GHz
Range up to 40 Km
Throughput up to 75 Mbps
Extension for WLAN usage
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
24/69
Need for speed
For 802.11, the overhead more than half of
the data rate
802.11b Max 11 Mbps; Actual 6 Mbps
802.11a,g Max 54 Mbps; Actual 22 Mbps
802.11n
Aims at 100 Mbps (raw throughput)
Reducing power and cost
Replace wire
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
25/69
More WLAN security: wireless worm
Blaster and Nachi Experience
Normally treated end user (desktop and
notebook) as the target of malicious code
Treats end user as transmission points for
attacks on the network infrastructure
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
26/69
More WLAN security: wireless worm
Mobile users
Connected to unprotected Internet connections
Bring infected machines to logged in to corporate
networks
Networks
Firewall and Intrusion-Detection System software
Routers/Switches need to protect the network
Implement software client such as “Cisco Trust Agent”
Trust Agent collects info from security software clients
and relays that info to network devices
Routers/Switches enforce access privileges (denied /
quarantined / limited access)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
27/69
WLAN Adoption
Adoption
Security
Standards
Interoperability
Lack of Awareness
Lower Costs
Employee Demand
Security Solutions
Stabilizing Standards
Intel & Microsoft $$
Time
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
28/69
Technology Convergence
26% of New PCs will be
Labtop or Tablet PC
By 2006, 90% laptops will
include Wi-Fi Capability
Internet led technology
convergence
SMS and TV ()
Interactive TV (Interactive
Chat/Games/Program
Guides)
Computer Engineering Department
Kasetsart University
By Visiongain
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
29/69
Power over Ethernet (PoE)
IEEE 802.3af (June 2003)
Major LAN Switch; IP Telephony; WLAN
Two delivery methods
Mid-Span
DC 48 volts
Unused wire pairs (Cat 5 and Cat 6)
End-Span
DC 48 volts over used pairs (different freq.)
Built in new switches
Support FastEthernet / Gigabit Ethernet
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
30/69
Power over Ethernet (PoE)
http://www.nwfusion.com/news/2003/1124infrapoe.html
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
31/69
Wireless Hot Spot
Public places
Top-rated hotels and restaurants
Colleges / Universities
In-building antenna systems to support
various wireless technologies (Wi-Fi/cellular)
Wireless friendly environmental hot spot
KUWiN (Kasetsart University Wireless
Network http://kuwin.ku.ac.th)
http://www.wi-fihotspotlist.com/
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
32/69
Enterprise VoIP
Enterprise
VoIP
New technology to replace existing solutions
Well-known user expectations
Emphasis on meeting traditional PBX reliability and
functionality
Good migration strategies
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
33/69
VoIP
Router
Internet
Corporate
LAN
Internet
Server
Router
Corporate
LAN
Traditional LAN
Server
PSTN
PSTN
Traditional
PBX
Proprietary
Digital
Phones
Telephony
Server
Proprietary IP
Phones
VoIP
Traditional Telephony
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
34/69
Enterprise wireless
Enterprise
wireless
Computer Engineering Department
Kasetsart University
New technology for new
applications
Developing user expectations
Emphasis on solving deployment
issues and lowering cost
Disruptive technology
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
35/69
Voice Over WLAN (VoWLAN)
A Killer Application for WLAN ?
Enterprise
wireless
Voice over
Wireless Enterprise
VoIP
LAN
http://www.spectralink.com
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
36/69
Case Study: KUWIN
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
37/69
Agenda
Background and Milestones
Deployment issues
System developments
Applications
Conclusion/Future Issues
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
38/69
Kasetsart University Background
Established in 1943, KU celebrates the 60th
anniversary last year
7 campuses with 38,000+ students, 3000+
academic staffs, 4000+ supported staffs
4 established campuses : Bangkhen,
KampaengSaen, SriRacha and Sakhon
Nakorn Province campus
3 campuses projects : SupanBuri, LopBuri,
and Krabi
2 Demonstration schools : Bangkhen and
Amata City
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
39/69
Bangkhen Campus
194 buildings on 568,173 m2
14 Faculties (130 buildings)
1 Graduate school (1 building)
5 Offices (9 buildings)
4 Institutes (16 buildings)
Central management (38 buildings)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
40/69
NontriNet
Gigabit backbone
Multicast enabled
VoIP enabled
Internet
Japan
2 Mbps
24 Mbps
UniNet
NECTEC
155 Mbps
155 Mbps
Bangkhen
1 Mbps
2 Mbps
512 Kbps
2 Mbps
SriRacha
Kampaengsaen
Computer Engineering Department
Kasetsart University
1.5 Mbps
SakonNakhon
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
41/69
Implementation Phase I: 2000-2001
Followed IEEE 802.11b standard
Deploy network in 2 campuses
SakhonNakorn : 5 APs in 5 Buildings
Bangkhen :
6 APs in CPE and 2 APs in OCS (2000)
8 APs in Rector’s office for e-meetings (2001)
Enable use by approximately 80 users
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
42/69
Implementation Phase II : 2002
Deploy network campus wide
30 APs installation in 18+
buildings
Check out wireless LAN cards
from main library : Birth of
KUWiN
Open for everyone on campus
19 Sep 2002:
Launch KUWiN at Main Library
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
43/69
Implementation Phase III : 2003
More APs installation…
40 APs at every
academic and
administrative building
in Bangkhen
2 APs in
Kampangsaen (only
for executives)
Provide information and
technical support
equivalent to wired
network
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
44/69
KUWiN Current Status
No. of APs : approximately 120
No. Building installed : 43
Coverage Area : ~800,000 m2
Wireless users : 859
Wireless cards : 1236
Status : March 31, 2004
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
45/69
How much does it cost?
Approximate investment
~3M Baht for APs + wired network
~0.5M Baht for fiber optics expansion
~1M Baht for new switches expansion
~0.7M Baht for wireless LAN cards (140+ units)
Not included…
Survey and design labor costs
System development
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
46/69
Agenda
Background and Milestones
Deployment issues
System developments
Applications
Conclusion/Future Issues
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
47/69
Wireless Needs Wires
New dedicated cables needed to be installed.
CAT 5e UTP cable capable of supporting a
100BaseT connection
All APs utilize POE (Power on Ethernet)
Fiber optics patch cords for wireless VLANs
New fiber optics installation for some buildings
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
48/69
Deployment
Wireless site survey by KUWiN team
Computer Center staff
Computer Engineering students
Wireless installation was handled by local
contractors
Wireless team controlled the contractor’s
deployment on a per-building basis
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
49/69
Design Considerations (I)
Indoor coverage area is a primary
consideration
Comprehensive coverage with roaming
Wireless must be accessible in all academic
and administrative buildings
Simple to access with authentication
RADIUS authentication
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
50/69
Design Considerations (II)
How to prevent IP
contention on local
subnets?
How to provide roaming to
wireless users?
Solutions :
A dedicated layer of
multiple wireless subnets
VLAN implementation
Computer Engineering Department
Kasetsart University
Wired Plane
Wireless Plane
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
51/69
Model
“KUWiN for free”
Easily access :
Wireless LAN cards
available for free
check out at Main
Library
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
52/69
Agenda
Background and Milestones
Deployment issues
System developments
Applications
Conclusion/Future Issues
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
53/69
What we have developed?
Registration System
Site Information
System Monitoring
Usage
Availability
Bandwidth
Management system
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
54/69
System Registration
Registration page
Number of users
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
55/69
Site information
Signal strength & Coverage area
Computer Engineering Department
Kasetsart University
AP’s Location
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
56/69
Usage
Maximum concurrent users
Average number of users
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
57/69
Global Measurement: #Users Monitoring
Daily
Weekly
Monthly
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
58/69
Local Measurement :
AP’s User & BW Utilization
AP to clients
Clients to AP
#users (weekly)
#users (daily)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
59/69
Agenda
Background and Milestones
Deployment issues
System developments
Applications
Conclusion/Future Issues
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
60/69
Our applications
E-meetings
Lectures
Conferences
WLAN Positioning
System
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
61/69
WLAN Positioning System
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
62/69
Agenda
Background and Milestones
Deployment issues
System developments
Applications
Conclusion/Future Issues
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
63/69
Our Experiences
Good embraces
Top executives/Engineering are relying on
wireless every day (the wireless has to be
up!)
High demand from students! (more than from
staff)
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
64/69
Keys to Deployment Success (for KU)
Design first, then deployment
Design for coverage, not for capacity
Concrete implementation plan
Centralized management and investment
Full support from top executives
Simple procedure to access/use
Support team with strong experiences in both
wired and wireless
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
65/69
Support Team
Office of Computer Services
Computer Engineering Department
Research Lab:
Intelligent Wireless Network Group
http://iwing.cpe.ku.ac.th
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
66/69
KUWiN Future Issues
Hotspot with power outlets, free of charged
More coverage area (every building)
More secure (Encryption)
Notebook checkout
Next generation : 802.11g – 54 Mbps
Upgrade cost?
Ease of transition?
“Airspace policy” enforcement
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
67/69
References
Spectral Link
http://www.spectralink.com/
Vision Gain
http://www.visiongain.com/
http://www.wireless-analyser.co.uk/content/802.11/
http://www.hkwtia.org/wtia/index.htm
http://www.intel.com/business/bss/infrastructure/wireless/
http://www.nwfusion.com/news/2003
http://en.wikipedia.org/wiki/IEEE_802.11
http://www.newsfactor.com/
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
68/69
Thank you
Computer Engineering Department
Kasetsart University
Office of Computer Services
KUWIN website: http://kuwin.ku.ac.th
69/69