In this installment of our Buyer's Guide to WLAN Controllers, we consider Mobility Controllers offered by Aruba Networks and how they can be used to oversee access points (APs) deployed throughout enterprise networks.
According to product marketing manager Ozer Dondurmacioglu, Aruba considers controllers to be network service delivery platforms. "In a WLAN, users are highly mobile; they can show up anywhere," he said. "When a device roams [between APs], users expect to get the same QoS, the same RF management, and the same secure access to the corporate network. These services are all defined at the controller but enforced by APs."
Dondurmacioglu compared this to cellular network roaming. "You can roam between base stations, but your phone works the same everywhere. The network delivers features based on who you are and what you subscribe to, and your carrier sends you one bill," he said. "Enterprise mobility should not be that different. Device authorization, user authentication, connection management, and reporting are all centralized network services provided by Mobility Controllers."
Powered by ArubaOS
Under the covers, each Mobility Controller and AP is powered by the ArubaOS, an embedded real-time OS and application engine. ArubaOS performs kernel functions like authentication and logging, packet-processing functions like routing and switching, and uses crypto engines to encipher Wi-Fi and VPN data. However, the point at which functions are applied depends on network design.
With FlexForward, customers can choose between centralized, locally-bridged, or policy-routed traffic forwarding. In centralized WLANs, all user traffic is routed or switched through a Mobility Controller. In locally-bridged WLANs, user traffic is forwarded by each access device (AP or switch) onto an attached LAN. In policy-routed WLANs, traffic forwarding depends on type and policy.
"One advantage of our Mobility Controllers is their information sharing architecture," said Dondurmacioglu. "Campus building[s] may have multiple controllers that need to share information [about] configuration, users, firewall policy, session state, and wireless security. They share this by linking to each other over any IP network so that, when a user roams from controller 1 to 2, their session is maintained. We don't care if they cross a VLAN boundary or an IP subnet -- state is maintained utilizing standard IP Mobility."
Building an access network
Of course, users could not roam it were not for underlying network access devices. Enterprises seeking high-performance, high-density indoor APs can choose the AP-124 or AP-125 - 3x3 MIMO dual-radio 802.11abgn APs with detachable or integrated antennas. Lower-density indoor WLANs can use single-radio counterparts: the AP-120 or AP-121. Locations that require lower rates and capacity may opt for 2x2 MIMO alternatives: the dual-radio AP-105 or single-radio AP-92/AP-93. Aruba also offers outdoor APs, 2.4 GHz-only indoor APs, and fist-sized Virtual Branch Network (VBN) APs for small offices and teleworkers.
The above-listed models are controller-managed "thin APs" that can be deployed locally or remotely to deliver access or a combination of access and dedicated IPS monitoring and/or spectrum analysis. To become operational, each AP must connect to a Master (central) or Local Mobility Controller using GRE or IPsec . When deployed at sites without a controller, Remote APs (RAPs) use the Internet to find a one and establish a VPN tunnel back to it. "Our APs are plug-and-play," said Dondurmacioglu. "No configuration data is stored on APs, making adds and changes relatively easy."
Delivering network services
Mobility Controllers are responsible for providing AP configuration - along with a modular set of unified network services. "Our controllers are network control devices first, WLAN control devices second," said Dondurmacioglu. "You can deploy a controller anywhere you need high-capacity firewalling, even where you don't have APs."
Aruba offers three Mobility Controller Series. "The 6000 Series is our high-end controller, which is a chassis where four controller blades share a backplane to support 512 APs each (2048 APs per chassis). At the low-end is our 620, which supports up to 32 APs," explained Dondurmacioglu. In between lie the 650/651 (16 APs) and the 3000 Series (32-128 APs). These limits apply to local APs; controllers can support 2-4 times that many RAPs.
"Some people use our 6000 Series to create a big data center which stores a lot of information in the network core. Others put several 3200 Series controllers between their distribution layer and core. Our 600 Series is perfect for retailers looking for a branch office in a box," said Dondurmacioglu.
Customers that outgrow the 3000 Series can switch to an M3 blade plugged into a 6000 Series chassis. "If you have just one big building, then we suggest buying an M3 license, usually purchased in 64 AP increments," he said. According to specs, the 6000 chassis can push up to 80 Gbps of filtered traffic through 8 x 10 Gbps Ethernet ports. Additional M3 blades can be deployed to create a standby Master Controller or an active-active Local Controller pair.