Transcript Carrier Grade Wi-Fi Deployment

Carrier Grade Wi-Fi Solution
By
Dr. Ajay N. Khosla
Director Ankhnet Informations Pvt. Ltd.
([email protected])
+91-9820217705
Why Wi-Fi ?
Why Wi-Fi for Wireless Broadband ?
 Overwhelming demand for video and other
high bandwidth data services that has
swamped 3G networks.
 Future data needs cannot be met by
enhancements to the traditional mobile
network on available licensed spectrum.
 Wi-Fi radio interface is available in all
smartphone, tablets and PCs.
 Wi-Fi offers a high-capacity connection and
It is Ubiquitous.
Why Wi-Fi for Wireless Broadband ?
 Wi-Fi use unlicensed spectrum.
 Wi-Fi is easy and faster to deploy.
 Wi-Fi simultaneously support a number
of service including public and private
to many provider users.
 It support true triple play (Data, Video
and Data).
 It is possible today to offer a
comprehensive Wi-Fi hotspot service
for both public and private services.
Explosive Growth of Wi-Fi
 Explosive growth is driven by many
factor.
 Ubiquity of Wi-Fi in mobile devices like
laptops, tablets and smartphones.
 Investment in Wi-Fi networks by fixed
broadband providers as a means to
extend their services to subscribers
outside the home.
 End-user appetite for Wi-Fi connectivity
over 3G and 4G for mobile devices
Explosive Growth of Wi-Fi
 Widening support by mobile operators of Wi-Fi hotspots as
a means to offload traffic from congested networks and to
improve the end-user experience.
Explosive Growth of Wi-Fi
Explosive Growth of Wi-Fi
Explosive Growth of Wi-Fi
Wi-Fi Goal
Wi-Fi roaming should be like cellular
roaming
Wi-Fi HotSpot
What is Wi-Fi Hotspot
 Hotspot is venue or area like Cyber Café,
where Wi-Fi service is available and user
can connect to it and use Internet.
 It can be free or chargeable W-Fi service
provided by owner of café, restaurant.
hotels, airport, railway station, school,
college, university, library etc. or any
other public place.
 It can be provided by your ISP. Where
user can connect to Wi-Fi at any part of
city.
 It can be extended service by mobile
operator as 3G offload.
How Free Wi-Fi Hotspot Works
UE is Connected to AP Open SSID
Without any Authentication
User Equipment
Mobile/Laptop/Tablet
(UE)
After Connection,User open browser to authenticate
Wi-Fi Access Point
How Free Wi-Fi Hotspot Works
Browser show login page
Here hotspot owner can also add
Ads or registration process
can also lead to Ads.
How Free Wi-Fi Hotspot Works
New User Registration
How Free Wi-Fi Hotspot Works
After receiving SMS
User can go back to login page and
login using SMS username and
password.
How to Charge User For Using
Hotspot
 After registration , user is redirected to
online-payment webpage.
OR
 User buys coupons from venue and
send coupon PIN number via SMS to
get Username and Password.
Why Wi-Fi provider use SMS
 Provider use SMS to know the user
mobile number to whom they send
username/password.
 User Mobile number can be used to
track user in future for cyber crime
activity.
 It is mandatory by regularity bodies to
“Know Your Customer” (KYC).
Which SSID belongs to me?
 Due to increasing number of Wi-Fi
Hotspot there are chances that
users are unaware about Wi-Fi
network to which they connect.
 In case of Roaming partner, user
don’t know, which SSID represent
their ISP roaming partner.
 Users also don’t know which SSID
offer free Wi-Fi service and online
sign-up.
Automatic Selection of Wi-Fi Service ?
 Network discovery and selection:
 Devices discover and automatically choose
network based on user preference, provisional
operating policy, and network availability.
 IEEE comes with new standard 802.11u base on
Generic Advertisement Service (GAS) and
Access Network Query Protocol (ANQP)
protocol in Feb., 2011.
 Hot Spot 2.0 is released by Wi-Fi Alliance Based
on 802.11u
 NGH (Next Generation Hotspot) by WBA
(Wireless Broadband Alliance) leverages
802.11u, HS2.0 and add extension.
Login process require manual human
intervention.
 Login is not seamless , it require human
intervention.
 This process is not only cumbersome but
also one of the reason that users are not
using free/paid Wi-Fi service.
 Difficult to give Wi-Fi service to devices,
which lack browser, eg. camera, home
appliances, mobile etc.
 If user already have username/password
then they should be login automatically or
seamlessly without any human intervention
as soon as user come into the range of Wi-Fi
zone.
Seamless Automatic login
 Seamless network access :
 Wi-Fi hotspot access for in-network APs
should not requires an active selection or
input from the subscriber.
 Authentication can be on basis of
username and password, digital
certificate credential, SIM/USIM.
 No end-user intervention should be
required in order to establish a
connection to a trusted network.
 WPA2-Enterprise, EAP-SIM, EAP-AKA is
recommended by expert.
Wi-Fi Alliance Passpoint
(Technical)
Wi-Fi Client Basic Architecture
Network / Connection Manager
Supplicant
Support 802.11u, HS2.0 and Passpoint
Kernel Network Device Driver
What is Passpoint ?
 Wi-Fi CERTIFIED Passpoint from Wi-Fi
Alliance was developed to address
service provider requirements for
seamless Wi-Fi access in public hotspots,
and to give subscribers the user
experience they desire and expect.
 It is based on 802.11u and HS 2.0
standard.
What is Passpoint ?
Passpoint can be divided into three step
Advertise its service in beacon using GAS
protocol
Send and receive ANQP queries and select
AP for association
User Authentication based on gather
information and its store credentials
New Beacon (Passpoint)
 A few information elements are added to the
beacon and probe response, including:
 Access network type, identifying whether
hotspot is for public, private or guest access, etc.
 Internet bit, indicating the hotspot can be used
for Internet access
 Advertisement protocol, indicates the hotspot
supports GAS/ANQP/HS2.0.
 Roaming consortium element, a list of up to 3
names of reachable service providers.
New Beacon (Passpoint)
 Venue information, describing the venue where
the hotspot is situated.
 Homogenous ESSID, a label identifying hotspots
in a continuous zone.
 P2P and cross-connect capability.
 BSS load element, an indication of current load
on the access point originally from 802.11e.
 Emergency call availability (802.11u).
 Additional Step Required for Authentication
(ASRA) (802.11u)
Access Network Query Protocol
(ANQP) of Passpoint
 The information in the beacon will not normally
be enough for the mobile device to decide it
wants to connect to the hotspot
 Venue Name information
 Venue Group and Venue Type is define in 802.11u
 Example : Educational Institute (3), School,
Secondary (2)
 Network Authentication Type information




Acceptance of terms and conditions
On-line enrollment supported
http/https redirection
DNS redirection
Access Network Query Protocol
(ANQP) of Passpoint
 Roaming Consortium list (Define by IEEE)
 Example: 0123456
 IP Address Type Availability Information
 Availability of IPv4 Address
 Public, NATed, Double NATed, Port restricted
etc.
 Availability of IPv6 Address
 NAI (Network Access Identifier) Realm list
 Example.com
Access Network Query Protocol
(ANQP) of Passpoint
 3GPP Cellular Network information
 MCC (Mobile Country Code), 404,405,406 for
India.
 MNC (Mobile Network Code) Vodafone
Maharashtra & Goa 27
 Domain Name list (example.com)
 Hotspot Operator Friendly Name
 Operating Class.
 The Global operating Classes define in Table E4 of IEEE Std 802.11-2012 Annex E
 Example :
Operating classes 81 (2.4 GHz channels 113) and 115 (5 GHz channels 36-48)
Access Network Query Protocol
(ANQP) of Passpoint
 Hotspot WAN Metrics.




Up/Down.
Backhaul Up/Down Bandwidth.
Current load of Up/Down bandwidth usage.
Load measurement Duration.
 Hotspot Connection Capability.
 Protocol (UDP), port (5060) , status closed or
open.
 NAI Home Realm
 Example.com
How Passpoint Works
Wi-Fi Access Point
AP send beacons with
Internetworking, HS2.0, Internet bit
set including roaming consortium ID
with other parameter.
User Equipment
(UE)
How Passpoint Works
Wi-Fi Access Point
UE send ANQP query to find out more
information, which is not present in
beacon. It may include roaming
consortium ID, Domain Name, Chargeable
or Free Internet, domain list, venue
information etc.
User Equipment
(UE)
How Passpoint Works
AP respond to ANQP query.
Wi-Fi Access Point
User Equipment
(UE)
How Passpoint Works
Wi-Fi Access Point
UE compare data send by AP with its
store credentials of trusted network and
its profile and select AP according to its
store credential and profile. It try to
associate with AP using WPA2-Enterprises
or EAP-SIM or EAP-AKA authentication
method.
User Equipment
(UE)
How Passpoint Works
UE is Connected to AP
Wi-Fi Access Point
User Equipment
(UE)
User Authentication
User Authentication
Provisioning
AAA
(Radius)
AAA
(a.com)
Internet
UE
AAA
(b.com)
AP
SMS
Gateway
Mobile Network
HLR
(d.com)
HLR
(c.com)
How Roaming Works?
AAA
(Radius)
AAA
(a.com)
Internet
UE
AP
[email protected]
Password
@a.com is not
home network and
request is forward
to Roaming Partner
@a.com AAA
Server
@a.com AAA
Server respond
Accept/Reject
with reply
attributes
Secure User Authentication in
Windows 7
Next Time user seamlessly login using
same credential
Secure Authentication Using
Android Phone
Secure Authentication Using
Android Phone
Click The Connect
button
&
User will be connected
to the “TEST-Secure"
wireless network
Next time user
seamlessly connected
to all AP with same
credential Till user
credentials are valid in
his/her ISP billing.
Large Wi-Fi Mesh Network
How to Manage Large Network
 Project like City Wi-Fi will have 1000’s of
AP and it require central management
tool.
 Configuration of AP from central remote
location.
 Bulk update/change to APs configuration.
 Remote monitoring of APs data transfer,
number of user connected and health of
APs.
 Our solution have central dashboard.
Which configure APs and monitor its
health.
What is Mesh Network?
Advantage of Mesh Network
 The key advantages
 Ease of installation.
 No cable costs.
 Automatic connection among all
nodes.
 Network flexibility.
 Automatic discovery of newly
added nodes.
 Redundancy and self-healing
reliability.
Advantage of Mesh Network
 Self Healing and Fail Over
Network.
 Dynamic Auto Routing.
 Auto Discovery of Gateway.
 Detecting and Avoiding Loop.
 End to End better bandwidth
throughput.
 Wireless Mobility.
 Multicasting.
 Client Provisioning for last mile
access.
Self healing and fail-over
Internet Gateway
Obstruction
Self healing and fail-over
Internet Gateway
Down
Obstruction
Self Healing and fail-over
Auto Gateway Discovery
Internet Gateway
Obstruction
Internet Gateway
Self Healing and fail-over
Auto Gateway Discovery
Internet Gateway
Down
Obstruction
Internet Gateway
Bandwidth Throughput
(Single Radio)
Mesh
Node
1
2
3
6
5
4
Mesh
Node
Bandwidth=1x
Mesh
Node
Bandwidth=1/2x
Mesh
Node
Bandwidth=1/4x
Throughput = Bandwidth/(Hop count x 2)
Second hop Throughput = 100Mbps/2x2= 25Mbps
Bandwidth Throughput
(Dual Radio)
1
2
3
2
3
4
3
4
5
Mesh
Node
Mesh
Node
Bandwidth=1x
Mesh
Node
Bandwidth=1x
Mesh
Node
Bandwidth=1x
After 2nd hop throughput = 100Mbps
Deployment of Wi-Fi Mesh
Network and its Advantages
Advantage of Wi-Fi Mesh Network
Mesh Network is wireless
to wireless or multipoint
to multi point network
No Wired/Fiber Require
Between Buildings
Advantage of Wi-Fi Mesh
 Hotspot feature allow
users to connect anywhere
 AP may be connected
directly to Internet or may
be multi-hop away from
Internet Gateway.
Wi-Fi is ubiquitous and available
everywhere /anywhere
Advantage of Wi-Fi Mesh
 Mesh Wi-Fi can be used as
wireless Internet backhaul.
 Wireless Internet backhaul
can be used to distribute
Internet inside building.
 All users have their in
independent username
and password and user
policy.
No additional controller or server
require. All Multi dwelling or
individual users can use their own
credential to login.
Advantage of Wi-Fi Mesh Network
 Less Wiring is required as
not all AP required to
connect to Internet via
wired connection.
 May be only one is required
to connect per floor to
Internet via wired. Rest will
require only power and it
will get backhaul from the
nearest Internet Gateway
automatically
Reduce in-building network wiring
and switches. Save money on
renovation of Interiors.
Integration of with DAS (Distributed
Antenna System)
 Wi-Fi Mesh Network can be
easily integrated with existing
IBS (In-Building Solution)/DAS
system of Mobile Network.
 DAS/IBS should support 2.4GHz
frequency.
Easy Deployment for
cooperate offices,
shopping mall etc.
Cyber Cafe
 Wi-fi service can be sold on hourly
basis eg. 1,1/2 hour.
 No controller (hardware/software)
is required for user authentication.
 Automatic time management.
 Reduce revenue loss due to
automatic management.
 Reduce management cost due to
less number of human resources are
required.
Possible Public or Private Wi-Fi
Installation
Possible Wi-Fi Installation
Possible Wi-Fi Installation
Possible Wi-Fi Installation
Managing Mesh Wi-Fi Network
using Dashboard
Adding Node in Dashboard
How Dashboard Works?
````
Mesh Node
Internet
Dashboard
Server
Mesh Node
Mesh Node
1) Mesh node connect
default dashboard
server, whose
addresses is embedded
in firmware
2) Mesh node
download its
configuration and
reconfigure it self
and reboot, if
require.
3) Mesh node connect
dashboard periodically and
download its configuration
(if change). Reports its
parameter like user
connected, bandwidth
usage, CPU usage etc.
Features of Dashboard
 Show location of AP in Google
map with status (On/Off) and
number of users connected.
 Show Mesh map of nodes.
 Add/Edit/Delete Nodes in to
the network.
 Configure Network parameter
like SSID, RADIUS server, URL
of login page, Radio channel,
VLAN ID, Passphrase, strict
mesh etc.
Features of Dashboard
 Configure AP parameter like Location parameter, Owner and
its contact details, NATing parameter etc.
 Receive data from AP like Number of user connected, User
details with its data transfer, CPU usage of AP, Data transfer
of AP, Memory usage etc.
 Help in creating Management Information System Reports.
Health of Mesh Nodes in Dashboard
RADIUS
Authentication Server
RADIUS Frontend
RADIUS: Authentication
 Support different authentication protocol
like WPA2-Enterprise , EAP-SIM, EAP-AKA
used for Wi-Fi.
 Check user expiry based on usage time or
data and days passed after first time
logging.
 Inform AP about remaining time by setting
maximum session time.
 Check user data usage based on previous
usage.
 Inform AP about user remaining data
usage.
RADIUS: Managing Bandwidth
 After authentication, RADIUS
inform/reply with many attribute to AP
about authenticated user. These are
 Maximum and Minimum download and
upload bandwidth.
 Maximum data usage allowed in current
login session.
 Maximum session time (in second) allow
in current login session.
 Redirection Login/Logout URL.
RADIUS (Access Request)
UE
Wi-Fi Access Point
Username
Password
Calling-station ID
Called-Station-ID
IP-Address
NAS Parameter
Location ID
AAA
(Radius)
RADIUS (Reply)
UE
Wi-Fi Access Point
Accept/Reject
Session Time Out
Max Upload Bandwidth
Max Download Bandwidth
Mini Upload Bandwidth
Logoff URL
Redirect URL
Bytes Upload Limit
Bytes Download Limit
Reply attribute as per WISPr 1.0 and WISPr 2.0 Standard
AAA
(Radius)
Features of our Mesh Node Firmware
 Apart from our own custom hardware, our
firmware can be installed on any AP
supporting open source (linux).
 Currently we support ar71xx chipset with
at least 8 Mb Flash (Recommended).
 We support following brands.
 All models of Ubiquity (Recommended for
outdoor application).
 Some Model of TP-LINK, Netgear, Buffalo,
Atheros reference board, Compex, D-link,
JJplus etc.
Features of our Mesh Node Firmware
 Support almost all type of authentication
type including Captive Portal
Authentication, WPA2-Enterprise, EAP-SIM,
EAP-AKA.
 Support 802.11u, HS2.0 and Passpoint for
Network selection and Seamless
Authentication.
 Support WISPr 1.0 and 2.0 for
authentication and provisioning user.
Features of our Mesh Node Firmware
 Widely support RADIUS attribute
require for Authentication,
Authorization, Accounting and
Provisioning of user.
 Send update to RADIUS server
periodically about user usage.
Features of our Mesh Node Firmware
 Create Mesh Network with
neighboring node/AP.
 Support Auto Gateway Discovery.
 Support self healing and fail over.
 Automatically self configure to
Gateway or Repeater Mode.
 In 40MHz channel Mesh node give
TCP/IP throughput as high as
125Mbps between two nodes.
 Unrestricted user can login at the
speed as high as 50-60 Mbps (TCP/IP
throughput).
Features of our Mesh Node Firmware
 As every hop reduce the bandwidth
to half. At two hop away mesh node
bandwidth is reduce to 1/4th.
 To maintain the end to end
bandwidth. Mesh Node firmware
support Multiple Radio to maintain
end to end bandwidth
Features of our Mesh Node Firmware
 Support Hotspot Authentication
portal,
 Support Redirection URL.
 Support Advertisement Insertion.
 Support Walled Garden (Allow only
few white list sites and others are
restricted).
 Support real time kick off user, if
user exhausted its allocated time or
data usage
Features of our Mesh Node Firmware
To Other Mobile
Mesh Node
To Other
Fix
Mesh Node
Mesh Network
Mesh
Node
Client Network
To PDA/
Tablet
To LAPTOP
To Access Point
Client or Repeater
or WDS Mode
To Cellphone
With Wifi
Switch
To Desktops
Or other AP
Features of our Mesh Node Firmware
Provisionin
g Server
Radius
Server
Authenticatio
n Gateway
Type of Customer
IP Address
Session Time
Session Time
Fix IP address
Upstream
Bandwidth
Bandwidth to be
Allocated
Mesh
Node
Other Radius
Attribute
Gateway
Router
Browser
Authentication
Redirect to Gateway
DNS & SMTP
Downstream
Bandwidth
Other Firewall &
Bandwidth Filters
Any other DNS
Redirector
Any other SMTP
CLIENT
Authentication
Request/Reply
Proof of Concept (POC)
of Wi-Fi Mesh
Proof Of Concept (POC) of Wi-Fi
Mesh
POC of Wi-Fi Mesh
POC of Wi-Fi Mesh
POC of Wi-Fi Mesh
Q&A?
Thank you