WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] نسخه متنی

Figure 5-1. Distributed Intelligence System

[View full size image]

Figure 5-2. Centralized, Core Intelligence System

[View full size image]

Figure 5-3. Alternative Centralized, Core Intelligence Architecture

Ethernet switch, which has connection directly to the backbone. To make the network secure, wireless traffic should be placed on a "dirty" segment, or demilitarized zone (DMZ), until it has been authenticated. The only way to accomplish this is to pass through the controller to a separate switch that then passes traffic to the backbone. Each link is 100 Mbps, full duplex.

Comparing Packet Flows of Distributed and Centralized Intelligence Systems

In fact, basic network speeds and feeds bores a hole in this architecture in more than one way. To illustrate, look at a simple packet flow through the network, from a wireless client to a wired client. Figure 5-4 shows a day in the life of a packet in a centralized intelligence core system environment. Keep in mind that the APs have been effectively "lobotomized," forcing each and every packet back to the controller for inspection.

The following traffic flow (typical packet sequence) describes Figure 5-4:

Now the packet must traverse back through the same steps in reverse order to the appropriate AP and client, for a total of 22 steps to move from one wireless client to another (even if these clients are on the same AP)!

A simple ping travels across 22 interfaces. If the source and destination IP devices are on different subnets, add a Layer 3 hop in the controller to that total.

Contrast the centralized intelligence system to a distributed intelligence system where the AP provides port-blocking authentication services, as well as local encryption.

Figure 5-5 shows the life of a packet in a fat AP.

The following traffic flows describes Figure 5-5:

If the packet is destined for another wireless device (on a different AP), it simply travels from step 5 to the other AP and then to the client. If the traffic is between two clients on the same AP, it travels from the client to the AP and then to the next client. In both cases, a distributed intelligence WLAN network results in much less overall traffic than a centralized intelligence system.

The centralized controller solution hits nearly twice the number of interfaces per packet as the distributed solution. The implication for traffic is profound. Delays can occur in numerous areas, including the following:

RF port on the AP

Egress port on the AP

Ingress port on Ethernet switch

Egress port on Ethernet switch

Ingress port on controller

The controller itself

Egress port on controller

Ingress port on the second Ethernet switch

Egress port on the second Ethernet switch

Any given packet can be subject to propagation delay and processing delay, both of which effect the variation of delay, also known as jitter. The net effect is a slower, less-predictable network. This is particularly a concern with applications such as voice over IP (VoIP) that are very sensitive to jitter.

Edge Device Architecture

Starting in 2002, several new start-up companies such as Airespace and Aruba, as well as several established networking companies such as Extreme and Nortel, came out with their versions of switched wireless architecture. In these cases, the term switched wireless is a bit closer to what you know and understand as network switching. Here an Ethernet switch houses the intelligence for the APs.

By centralizing some of the wireless services and troubleshooting tools into a structured WLAN switching system, systems engineers can build, manage, and operate large-scale 802.11 infrastructures with improved performance and management capabilities. However, pulling in too much intelligence and processing into a central point can produce many of the same issues as a centralized core controller.

WLAN switching is based on bringing a system's approach to 802.11 wireless network infrastructures. Most of the WLAN switch systems today move intensive-processing functions such as encryption, authentication, and mobility management that are found in today's intelligent APs into a centralized WLAN switch; they do this while also adding important new wireless features, such as air monitoring and automated site surveys, that give network managers more visibility, security, and control. With WLAN switching, a multilayered approach is necessary for security protecting the air space, the network, and the user.

The use of actual Ethernet-type switches as the controller for APs is a better approach than a centralized controller, in that it actually improves security by having the switch become the port authenticator. In this manner, unauthenticated traffic will not pass beyond the switch port. However, this depends on whether the AP is connected directly to the switch providing the control for this particular AP. In most edge wireless switch systems, you can use one switch to control many APs, including those that are located at another switch (see Figure 5-6). In this case, you still have unauthenticated packets on the network.

Another downside to edge switch device systems is the use of a proprietary switch. Most networks already have a network installed, and the wireless is an additional system, to be incorporated as part of the network. Requiring a separate, proprietary switch just for wireless can be a management challenge (and can increase the overall cost significantly).

The one key item that both core and edge device and centralized intelligence systems promote is ease of management. In most cases, however, the switches or controllers have a maximum number of APs that they can support and manage. In a large enterprise system, this requires that you add yet another component, a sort of manager of managers, required to manage these WLAN switches or controllers. In an ideal system, the same manager that is used to manage your wired routers and switches would be used to manage your wireless network.

Switched Antenna Systems

collision domains. Switched antenna systems use a phased array antenna and perform beam steering for the RF radiation. Beam steering refers to the capability to focus the RF energy in a narrow beam of energy and steer or change the beam's primary point of focus from one direction to another. Beam steering is not a new technology to RF in general; it has been used in the military for some time.

The two advantages to this architecture are range and ease of installation. Most WLAN models require hard wiring dozens of APs to cover the large areas where users are located. This wiring and installation can represent a large portion of the cost in many sites. Systems with large numbers of APs rely on what is known as a microcellular architecture, where a network of APs covering small areas (or microcells) are connected and the wireless client can move from one microcell to another, much like a cellular telephone system operates (see Figure 5-7). This type of microcellular system requires maintaining and managing a large number of APs on the network. Some view this as a strain on network management resources.

These issues have posed unique problems for the traditional design of the 802.11 solutions, and deploying dozens of APs raises the issues of installation, network management, security, and QoS. The switched antenna system is an attempt to improve these areas for WLANs.

Phased Array Antenna Technology

sinusoidal signals such as electromagnetic waves and the time delay that can be translated as a shift of the phase of the signal.

The characteristics of a phased array antenna allow the signal to be directional and less sensitive to radiating interference (the technical rationale for why it was used for radar). In the world of WLANs, using a phased array antenna system equates to less interference from other devices because of the narrow directional beams. This is particularly important because of the unlicensed and free spectrum in which it operates. The Vivato switch uses a phased array antenna (sometimes called panels because of their physical size and shape) as part of their AP. This antenna is composed of 128 array elements that work in unison to transmit the 802.11 signal. The beamed power is provided only in the locations where there are users; consequently, there is a significant reduction in possible interference. As a result of the narrow beam widths, users enjoy a considerable increase in antenna gain. This increase in gain provides a significant improvement in range. Therefore, the range of a phased antenna system can be measured in kilometers.

Although this all seems great, remember what your dad used to tell you, "If it seems too good to be true, it probably is." The same holds true here. When using a beam-steering technology such as this, utilizing very high-gain, narrow-radiation beams, RF-reflective surfaces can become a major hurdle. In most cases, if there is any type of metal or other RF-reflective surface in the first 20 to 50 feet or so of the antenna's radiation path, the beam steering becomes distorted, and the overall performance of that beam is dramatically reduced, usually to the point of a normal dipole antenna. This severely limits the use of the system in an indoor environment. This is also the reason a vendor that sells this type of device also sells a single, typical intelligent AP. This AP is used for "filling in holes" of RF coverage, caused by items such as bookshelves, storage cabinets, stairwells, elevators, and many other commonly found RF-reflective items in a building.

The second drawback has to do with capacity. If, in fact, the AP can support an entire floor of 250 people as a result of its increase coverage, what about bandwidth? The AP provides coverage using all three nonoverlapping channels. This means that when optimized, the maximum throughput of all three combined will be about 16 Mbps, and this will be shared among all 250 users! As discussed in later chapters, many industries, including enterprise, are looking at smaller-size cells, so the number of users per AP is lower and the bandwidth per user is higher. Using a switched antenna system eliminates this capability.

Because of the gain of the antennas in most phased array antenna systems, the use of this technology device is limited to regions that permit high gain. The devices actually communicate over one antenna beam to one device at a time; therefore, they fall into the point-to-point regulations under FCC rules. Because each user may have its own beam pattern, and because it operates on a point-to-point protocol, range is increased. As a result, broadcast and multicast packets must be converted to unicast packets and sent to every user individually. This reduces efficiency drastically in systems that have a fair amount of multicast packets.

Two of the biggest drawbacks to this technology are size and cost. A typically indoor AP has a list price of more than $8000 and requires wall space of 2 feet by 4 feet.

In outdoor systems, the switched antenna array may have more usefulness. It can provide distances of up to 1 kilometer for non-line-of-sight links, which can help with last-mile solutions for hard-to-reach areas. Campus green spaces are another area for which this system has been positioned, and it may have valid usage there, provided the following:

The number of users (and their required aggregate bandwidth) in the green space is within the capable bandwidth of the AP.

The strong signals do not interfere with the in-building wireless systems.

Phased Array Antenna Extends Range

Companies such as Vivato and Bandspeed have taken a new systems approach for the design and integration of WLAN. This type of system uses a unique phased array antenna panel that can significantly extend the range of transmissions. This powerful antenna is combined with a centralized intelligent controller (called a switch by Vivato) that mirrors a similar management model as an Ethernet switch, but takes into account the specialized aspects of the management of WLANS. The intent here is that the long-range capabilities of this device will solve the issues of installing dozens of APs for providing coverage to a large area.

Instead of emitting a 360-degree coverage pattern like most APs, the phased array antenna has a radiation pattern of 100 degrees and will associate with any client within this field of view (see Figure 5-8). It transmits on a particular beam only when a client is active, by sending a narrow beam of energy directly to the client. The powerful antenna is used to send and receive on a packet-by-packet basis, enabling seemingly multiple conversations at the same time. Notice the use of the word seemingly. In reality, it provides a platform that three users can communicate with at any one time (based in 802.11b or 802.11g having only three nonoverlapping channels). The Vivato AP uses several (as many as 13) radios in each AP to provide the three-channel coverage and to power the antenna array structure.

These phased array antennas are intended to be used both indoors and outdoors. Indoor panels are designed to be mounted flat on a wall or in a corner that can provide coverage for an entire floor in the 100-degree horizontal beam width with a range of up to 300 meters (see Figure 5-9). The idea here is that this eliminates the need to install and maintain multiple APs.

Because an outdoor switch is exposed to the elements of nature, it must be enclosed in a dust- and moisture-proof, temperature-controlled environment. This is accomplished by incorporating the device in a NEMA 4-rated enclosure to withstand severe weather conditions. The weather-proof enclosure is a complete package that can easily be mounted on the outside of a building or on a tower (see Figure 5-10).

An outdoor wireless switch can provide coverage for an entire building from the outside. In some cases, the ranges of an AP using a phased array antenna in an outdoor environment can be much farther than with a standard AP implementation. For example, the range can be up to 4 kilometers (line of sight) for the Vivato Outdoor Switch AP, and it can penetrate into some buildings for 11-Mbps connections from up to 1 kilometer away.

Mesh Networking

peer-to-peer routing technology that leverages routing techniques originally developed for battlefield and other temporary communications systems. By pushing intelligence and decision making to the edge of the network, you can build highly mobile and scalable broadband networks at very low cost.

Some systems, such as the MeshNetworks system, support both infrastructure meshing and client meshing. Infrastructure meshing creates a scalable network, whereas client meshing enables clients to instantly form a broadband wireless network among themselves, with or without network infrastructure. Using the MeshNetworks multihopping routing technology, you can use every client device as a router/repeater, so every user on the system plays a part in network coverage and network throughput for other users. Figure 5-11 illustrates a mesh network topology and the RF traffic patterns.

One issue with a mesh network approach is security. The fact that every client can become a repeater for other devices means that other clients' traffic is traversing systems that may or may not be totally secure. Add to this the fact that some clients may be turned off or moved, and the overall stability and performance of such a network can be questionable. Typically, mesh networking is done for only temporary and unsecured systems.

Free-Space Optics (Laser)

Free-space optics (FSO) is a line-of-sight technology that uses lasers to provide optical bandwidth connections. Currently, FSO is capable of up to 2.5 Gbps of data, voice, and video communications through the air, allowing optical connectivity without requiring fiber-optic cable or securing spectrum licenses. FSO requires light, which can be focused by using either light emitting diodes (LEDs) or lasers (light amplification by stimulated emission of radiation). The use of lasers is a simple concept similar to optical transmissions using fiber-optic cables; the only difference is the medium. Light travels through air faster than it does through glass, so it is fair to classify FSO as optical communications at the speed of light.

FSO technology is relatively simple (see Figure 5-12). It is based on connectivity between FSO units, each consisting of an optical transceiver with a laser transmitter and a receiver to provide full-duplex (bidirectional) capability. Each FSO unit uses a high-power optical source (that is, laser), plus a lens that transmits light through the atmosphere to another lens receiving the information. The receiving lens connects to a high-sensitivity receiver via optical fiber. FSO is easily upgradeable, and its open interfaces support equipment from a variety of vendors, which helps service providers protect their investment in embedded telecommunications infrastructures.

FSO systems are usually used in point-to-point systems that are fixed mounted. They have a very narrow beam focus, and therefore need to be mounted to a sturdy fixture that has minimal movement (due to wind or other vibration problems). Although they can provide very high bandwidths, FSO systems are relatively short-range devices (1000 feet to a few miles).

Most FSO systems are installed with a backup RF system in the event that some environmental conditions, such as fog, heavy snow, or heavy storms, interfere with the light signal.