This chapter discusses about drivers and benefits of implementing an RToWLAN deployment followed by an illustration that depicts an enterprise solution reference network architecture. This chapter also identifies the high-level touch points of the RToWLAN solution deployment, provides a brief overview of RToWLAN solution architecture, and describes the following three main RToWLAN solution components:
802.11 enterprise WLAN solution infrastructure
Enterprise collaboration solution applications and services
Real-time Traffic over WLAN endpoints
After the description of the components, the chapter describes common RToWLAN solution design considerations across both single-site and distributed multisite deployments with specific focus on quality of service (QoS), security, high availability, and capacity planning.
over WLAN solution drivers and benefits
are faster-paced than ever before. To succeed, grow, and stay ahead of the
competition, enterprises depend on efficient employees, collaboration, and a
timely business process. While maintaining a secure corporate data and
communications infrastructure, enterprises are encouraging a mobile work style
to get more work done. Additionally, enterprises are not just streamlining
processes through technology but are also looking to increase their revenue and
reduce costs with new technology that improves user productivity and
accelerates business processes.
applications and services that are delivered over WLAN networks provide the
the need for mobile cellular devices in the enterprise: IP voice and video
over WLAN calls traverse the enterprise WLAN in whole or in part, providing
cost savings over direct cellular network calls. Employees can use their voice
or video over WLAN endpoint or client on campus instead of consuming voice
minutes over the cellular voice network.
dependency on mobile provider network coverage within the enterprise: By
leveraging 802.11 WLAN network connectivity, enterprises provide adequate
network coverage and capacity by deploying sufficient number of access points
and at the same time reducing or eliminating dependency on mobile provider
network coverage within the enterprise.
employee-owned personal and guest devices: With the prevalence of personal
mobile devices like smartphones and tablets, there is an increasing inflow of
these devices into the enterprise. This type of enterprise is often called
own device (BYOD). Enabling employee-owned or guest devices with a BYOD
overall employee satisfaction.
productivity when enabling device for real-time traffic collaboration
applications and services.
Maximizes availability and
reachability of mobile employees: By enabling mobile devices for enterprise
collaboration, you can reach employees anywhere within the enterprise, and the
user experience on the mobile device is equivalent to that of the traditional
enterprise endpoint. This flexibility provides a smooth experience to users who
transition between many enterprise clients and devices.
Ensures high-quality voice
and video calls and seamless mobile user experience for fixed mobile
substitution (FMS) deployments: To enable enterprise directory number use
on dual-mode mobile smartphones and tablets through enterprise IP telephony
systems, you must send IP voice and video calls over the enterprise WLAN
network. A RToWLAN network is tuned to provide optimal bandwidth and throughput
as well as higher-priority queuing or transmission on the network for real-time
traffic. In the case of IP-based voice and video calls, this means minimized
packet loss, jitter, and delay translating to high-quality voice and video.
Enabling the enterprise directory number usage on mobile endpoints and clients:
integration to enterprise IP call-control features.
enterprise dial plan, enabling seamless user experience across enterprise
the need for an enterprise deskphone for mobile employees.
deployments can help enterprises to:
expenditures for mobile provider voice and data services.
employee productivity, reachability, and availability.
increased presence of personal mobile devices within the enterprise for
collaboration and communication at less or no cost with BYOD solutions.
employee satisfaction when they engage with collaboration and other business
applications and services by providing flexibility and a seamless user
provides a high-level example network topology for deploying real-time traffic
applications and services for wireless endpoints and clients. This RToWLAN
solution design example uses a typical hierarchical, access, distribution, and
core campus network as a basis. The following additional components are
included in this design:
Controller (WLC) and Access Points (APs) to provide the wireless network
infrastructure for carrying real-time and other IP network traffic.
access points added to Client and Endpoint Access Blocks for client and mobile
endpoint wireless network attachment.
Block including call control and other application servers for enabling
Internet Gateway Block for access to PSTN and to provide access to and from the
Figure 1. Real-Time
Traffic over WLAN Solution Network Topology Overview
The two key
solution component areas of focus for any enterprise RToWLAN deployment are:
802.11 wireless infrastructure enabled within the Distribution and Client and
Endpoint Access blocks as shown in the preceding figure.
collaboration infrastructure enabled within the Data Center and Voice and
Internet gateway as shown in the preceding figure.
wireless LAN overview
802.11 wireless LAN (WLAN) infrastructure is the underlying foundation for any
RToWLAN solution deployment. The enterprise wireless network must be designed
to ensure that network connectivity is available for wireless endpoints and
that sufficient bandwidth and throughput for real-time traffic is provided. The
WLAN must be designed with sufficient capacity for the number of RToWLAN
endpoint devices expected to be deployed. The WLAN must also be designed with
sufficient redundancy such that hardware or IP connection failures do not
completely eliminate WLAN network availability.
infrastructure not only provides network connectivity but just as with wired
networks, the infrastructure also provides authentication and encryption
security services and quality of service for better than best effort treatment
for select traffic. To deliver this functionality, the 802.11 WLAN
infrastructure consists of a number of components and applications including
wireless LAN controllers (WLCs), wireless access points (APs), and wireless LAN
systems enable a large number of features and services. The most common and
prevalent feature is voice and video over IP calling. However, these
collaboration systems can provide communication features and functions above
and beyond traditional IP telephony including conferencing, messaging,
presence, information and document sharing, fixed mobile convergence, and
directory integration. These features and services are often deployed in
tandem, providing a comprehensive collaboration solution for enterprises and
their workers. To deliver these features and services, the collaboration system
relies on a number of components and applications including voice and video
endpoints, gateways and application servers including voicemail and presence.
architecture for an RToWLAN solution deployment (see
Figure 1) consists of the following three
802.11 Wireless LAN
infrastructure: The wireless infrastructure enables the 802.11 wireless LAN
for endpoint or client attachment. This infrastructure includes the WLAN
controller, access points, and management applications.
and services: Collaboration applications enable real-time traffic services,
including voice and video calling. These applications and services include call
control, PSTN gateways, media resources, voicemail, and instant messaging and
Real-time traffic capable
802.11 wireless endpoints: Wireless endpoints consume and generate
real-time traffic over the 802.11 WLAN. These endpoints include
wireless-enabled desktop and mobile software applications and clients as well
as wireless IP phone hardware.
All of these
components are involved in enabling RToWLAN applications and delivering
real-time services wirelessly.
Figure 2. RToWLAN
solution architecture overview
Figure 1 above and subsequent discussions
within this chapter do not include information about basic network services
that are provided by typical enterprise applications and servers. These network
services are assumed to be present, and considerations related to the following
are not discussed except in cases that are directly related to RToWLAN:
Network-based device and
user authentication and identification services, including certificate
authority servers, two-factor authentication supplicants, identity stores like
directory servers, and any other applications or components that provide
Network time and IP address
resolution and assignment, including network time services (NTP), domain name
services (DNS), and dynamic IP address assignment (DHCP).
routing, packet forwarding and queuing, quality of service, and admission
Enterprise 802.11 wireless LAN solution infrastructure
802.11 wireless LAN (WLAN) network is essential for RToWLAN solutions, because
the wireless infrastructure provides the network that transports real-time
traffic that connected real-time traffic capable wireless devices generate and
consume. The following table lists the 802.11 wireless network infrastructure
wireless LAN access point provides wireless network access to wireless devices
that enables the devices and clients to communicate with wired network
components. The access points not only provide wireless device network
connectivity, but they also serve as the demarcation point between the wired
and wireless networks. The wireless LAN controllers manage the access points
that are registered to them.
wireless LAN controller (WLC) is a network infrastructure device that performs
the central management role in the wireless network. WLCs make it easier to
manage wireless LAN deployments by centralizing access point configuration and
management, radio frequency monitoring, and client association and
authentication. After the wireless access points register to a WLC, the
wireless access points tunnel all management and client traffic to the WLC. The
WLC is also responsible for switching traffic between wireless clients and the
wired portion of the network.
LAN management applications and services provide a robust wireless life-cycle
management tool that enables network administrators to successfully plan,
deploy, monitor, troubleshoot, and report on wireless networks.
You must design
the enterprise WLAN network to meet the needs of the users, applications, and
endpoints. The WLAN coverage must provide enough bandwidth on the Wi-Fi
channels to support quality application performance. To design enough bandwidth
into WLAN coverage areas for the users, you must understand the Wi-Fi
performance capabilities of the endpoints. Wireless endpoints and mobile client
devices are available in different varieties, and not all wireless clients have
the same capabilities. You must perform detailed wireless infrastructure
planning for the WLAN deployment to be successful.
For a successful
wireless network deployment, you must conduct a thorough wireless site survey
to ensure that the radio frequency configuration and design are optimized to
provide necessary bandwidth and throughput to endpoints in motion throughout
the deployment. In addition, the site survey helps you identify the sources of
interference so that they can be eliminated. A site survey seeks to verify the
following basic radio frequency design principles:
Adjacent channel cell
separation: Same channel or adjacent channel can cause interference, which
reduces network throughput and leads to increased packet loss. Through site
survey, you can verify that adjacent channel cells are separated appropriately.
channel cell overlap: Nonadjacent channel cells should be overlapped to
ensure that wireless endpoints can seamlessly transition or roam between access
points and wireless channel cells. Through site survey, you can verify that
nonadjacent channel cells are overlapped sufficiently.
Channel cell coverage for
all desired areas of service: If wireless network coverage is expected in
stairwells, between buildings, or on building perimeters, you can verify
through site survey that access points and antennas are located properly to
provide appropriate wireless channel coverage in all required locations.
Channel cell density:
Appropriate channel cell density must be provided such that the required number
of endpoints are supported with necessary network bandwidth and throughput
provided on WLAN channels to support quality real-time application and service
interference identification and mitigation: Wireless interference caused by
improper AP and antenna placement, physical structures and characteristics of
the deployment area, and poor radio frequency design must be identified during
a site survey. Further, sources of interference such as cordless phones,
personal wireless network devices, sulphur plasma lighting systems, microwave
ovens as well as high-power electrical devices such as transformers, heavy-duty
electric motors, refrigerators, elevators and elevator equipment, and any other
power devices that could cause electromagnetic interference (EMI) must be
considered when you plan a WLAN deployments. You must mitigate these
interference sources by adjusting access point locations and antenna direction,
radio frequency configuration and AP power levels, or by removing or
eliminating these interference sources.
and access points are purpose-built for particular use cases and levels of
scale. In a home environment, a limited number of mobile client devices share
the same WLAN channel radio frequencies at the same time. Hence, bandwidth is
not a concern. However, in an enterprise environment, many devices are
connected to a Wi-Fi channel. With inadequate bandwidth, voice calls may become
inaudible, video calls may become unwatchable, and in some cases, the
Enterprise collaboration solution applications and services
enterprise wired and wireless LAN is planned and deployed, you must deploy the
enterprise collaboration applications, services, and endpoints on top of this
infrastructure. The enterprise collaboration deployment must be properly
designed to ensure that required components, applications, and services are
available and that the infrastructure provides sufficient capacity and
systems enable a large number of features and services, including voice and
video calling; messaging, including voicemail and instant messaging (IM),
presence and availability; media resources, including conferencing and music on
hold, and directory integration. These features and services are often deployed
in tandem, which provides a comprehensive collaboration solution for
enterprises and their workers.
call control platform, which is considered central to the collaboration system,
is responsible for providing voice and video calling services (for example,
Cisco Unified Communications Manager). The collaboration system also relies on
several components and applications, including the following:
Gateways: Platforms with IP or TDM interfaces that provide
external access to the PSTN as well as internal access to other call control
platforms, applications, and devices.
Hardware or software-based resources that are deployed throughout the network
to enhance call flows with supplementary services like voice and video
conferencing, music on hold, and transcoding.
Collaboration applications: Applications that provide
communication features and functions beyond traditional voice and video
calling. These include voicemail, IM and presence, conferencing, information
and document sharing, fixed mobile convergence, and directory integration.
Voice and video
endpoints are also a key component of the collaboration system. Enterprise
users communicate and collaborate with endpoints including desk phones,
wireless phones, software clients, immersive video systems, and mobile clients
for smartphones and tablets.
collaboration hardware, applications and services, and before enabling
real-time traffic capable wireless endpoints, ensure that the required
collaboration and communication applications and services are deployed and
configured appropriately. You must consider the following factors:
configuration within the call control system including, location, user
association, calling privileges, button layout, and other feature settings must
be configured correctly for proper operation.
be capable of attaching to the network, retrieving or receiving their
configuration from the call control system over the network, and connecting to
and communicating with the collaboration infrastructure components.
dial plan that is configured on the call control system is as fundamental to
collaboration system operation as IP addressing and routing are to IP
networking. You must implement the following dial plan configuration correctly
to ensure that users are capable of making and receiving calls:
numbering or assigning of directory or telephone numbers to devices
dialing habits enabled and the classes of restriction applied to devices
manipulation of called or calling numbers as configured for the device
configure integrations between collaboration and communication infrastructure
components to deliver additional features and services. For example,
integrations between the call control platform and PSTN gateways or border
controllers, the voicemail and IM or presence application servers, and
directory or contact source platform must be put in place to enable additional
services like PSTN access or IM and presence.
security features as indicated by enterprise security policies to ensure that
operations are secured. Specifically, if you plan to use functionality such as
encrypted voice or video media or signaling, certificate-based trunk
integrations, or digest authenticated devices, then you must deploy an
appropriate configuration and infrastructure, including a certification
Use a nonwireless
real-time traffic capable endpoint first to verify the preceding considerations
and ensure that the required features and functions are working correctly
before proceeding with deployment of RToWLAN wireless endpoints.
After you design
and implement the enterprise WLAN infrastructure and collaboration applications
and services, you must deploy the RToWLAN-capable devices and clients on top of
this overall infrastructure.
RToWLAN endpoint selection during the WLAN infrastructure design and
implementation phase, particularly during the site survey. If you design the
WLAN infrastructure without consideration for the specific RToWLAN endpoints
that will be deployed on this infrastructure, the result will be issues such as
packet loss, excessive delay, and poor voice and video quality.
are categorized into two categories:
Hardware-based wireless IP phones
Software-based clients for wireless devices
wireless IP phones
wireless IP phones are purpose-built wireless IP voice and video phones that
are designed specifically to provide voice and video calling functionality.
wireless IP phones fall into two subcategories:
Phones (or Fixed WLAN Phones): IP desk phones connect to the network
wirelessly but remain stationary because they are powered from a wall outlet.
For example, Cisco Desktop Collaboration Experience DX650.
Mobile WLAN Phones:
Wireless IP phones are battery powered and are connected to the network
wirelessly, which enables them to move throughout the enterprise while
maintaining an active network connection. For example, Cisco Unified Wireless
IP Phone 7925G.
clients for wireless devices
clients for wireless devices run on multifunction wireless devices that are
capable of generating many types of traffic and performing many types of
operations. The multifunction wireless device runs a collaboration software
application that enables voice and video calling as well as other collaboration
clients running on wireless devices fall into two subcategories:
connect to the network wirelessly, but depending on the platform, they may or
may not remain stationary. Desktop computers rely on power from a wall outlet,
while laptop computers are battery powered, and can therefore move around while
maintaining an active wireless connection to the network. These devices
typically run Microsoft Windows or Apple Mac operating systems, so the
collaboration software client must support these operating systems.
Cisco Jabber for Windows.
and tablets are examples of these types of devices. They are battery powered,
and when wirelessly connected, they can move throughout the enterprise while
actively maintaining connection to the network. These devices typically run
Android or Apple iOS operating systems, so the collaboration software client
must support these operating systems.
Cisco Jabber for Android.
and WLAN site survey
understand the WLAN performance capabilities on the endpoints to design enough
bandwidth into WLAN coverage areas for the users. Wireless endpoints and mobile
client devices are available in different varieties, and not all wireless
clients have the same capabilities.
Site surveys are
one of the basic requirements when you deploy a WLAN, and you must always
consider the Wi-Fi capabilities of the client devices or endpoints. Most
smartphones and tablets support 802.11. However, generally, the smartphones and
tablets have fewer antennas and lower data rates than laptops. In addition,
most are not purpose-built for the enterprise WLAN market. Almost all
smartphones and tablets support enterprise security policies. However, many of
them do not support Wi-Fi protocols and features like 802.11e WMM for QoS and
bandwidth control for audio and video calls. Consider these limitations before
you start the survey process.
tablets generally have subpar access point to access point roaming logic. Most
consumer or nonenterprise Wi-Fi endpoints perform poorly when they roam between
access points. Client roaming can be unpredictable, and it is common for an
endpoint without enterprise roaming logic to travel the same path repeatedly
without repeating the same roam times in milliseconds or seconds. Nonenterprise
Wi-Fi endpoints often repeatedly roam to the same access points in a
high-density deployment rather than using other access points that may provide
better throughput. It is important to test and understand the capabilities of
the devices that are to be used in your facilities before you start the survey
controllers provide parameters to help nonenterprise clients roam. These
parameters include minimum received signal strength indication (RSSI),
hysteresis of decibels (dB), scan threshold in decibels per milliwatt (dBm),
and transition time. The settings of these parameters need to be tested on-site
with different mobile clients, because mobile clients behave differently.
describes important factors that you must consider when you design and
implement an RToWLAN solution.
When you select
the hardware and software for an RToWLAN solution deployment, you must consider
feature sets, standards and capabilities that are supported, and compatibility
of the hardware and software. It is important to ensure that the selected
wireless and collaboration infrastructure and the devices that are deployed on
that infrastructure deliver the required features and capabilities, whether you
are selecting wireless LAN controllers and access points, collaboration
platforms and applications, or the endpoint devices.
As a general
rule, you should choose products that support a rich set of advanced network
and application features, and at the same time, meet approved wireless and
collaboration protocol standards to ensure interoperability and compatibility
with a wide variety of systems. For example, when you choose wireless
infrastructure components, consider full support for 802.11 wireless standards
(802.11a, 802.11g, and the newer 802.11n and 802.11ac wireless access
standards, as well as advanced wireless standards like 802.11e and 802.11r) as
minimal requirements. Support for these standards ensures that necessary
bandwidth with minimal delay and best effort treatment are provided for
real-time traffic like voice and video.
When you design
collaboration and communications infrastructure, a system that provides
advanced capabilities (location and availability awareness, fixed mobile
convergence, voice and video over IP, dual-mode device support, and so on) is
needed to deliver the appropriate feature set that mobile workers require with
video over WLAN
It is critical
that you plan and deploy a finely tuned, QoS-enabled, and highly available WLAN
network to enable voice and video calling and other real-time traffic
applications to ensure a successful RToWLAN solution deployment.
802.11 RToWLAN endpoints rely on the WLAN infrastructure for carrying both
critical call signaling and real-time voice and video media traffic, you must
deploy a WLAN network that is optimized for both data and real-time media
traffic. A poorly deployed WLAN network results in a large amount of
interference and diminished capacity, leading to poor RToWLAN application and
service performance. In the case of voice and video calling, issues include not
only poor call quality but in some cases dropped or missed calls. The poor
application performance renders the WLAN deployment unusable for making and
receiving calls or using other real-time applications.
requirement is that you must conduct a WLAN radio frequency (RF) site survey
before, during, and after deploying an RToWLAN solution. This ensures that cell
boundaries, configuration and feature settings, capacity, and redundancy are
optimized to support RToWLAN applications and services. The site survey must
verify that the WLAN RF design minimizes same-channel interference and also
provides sufficient radio signal levels and nonadjacent channel overlap which
helps to maintain acceptable real-time traffic throughput and voice and video
quality as the RToWLAN endpoint device moves or roams from one location to
site survey and careful planning, the wireless infrastructure conforms to the
following collaboration and unified communications application minimum network
packet loss for collaboration or other communications application traffic of
less than or equal to one percent.
end-to-end delay variation or jitter for collaboration or other communications
application traffic of less than or equal to 30 ms.
one-way packet delay for collaboration or other communications application
traffic of less than or equal to 150 ms.
If you implement
an RToWLAN network that is intended to carry voice or video traffic where the
one-way delay exceeds 150 ms, it introduces issues not only with the quality of
the voice and video calls but also with call setup and media cut-through times.
These problems occur because several call signaling messages must be exchanged
between each endpoint and the call control platform to establish the call.
a site survey and carefully planning an RToWLAN network ensures a successful
deployment on the 2.4 GHz WLAN band (802.11b/g/n), Cisco recommends that you
use the 5 GHz WLAN band (802.11a/n/ac) whenever possible for RToWLAN endpoint
connectivity. 5 GHz WLANs enable higher density device deployments and provide
better traffic throughput and less interference than 2.4 GHz WLANs. Higher
density, higher throughput, and less interference are important network
characteristics for RToWLAN applications and services, that include voice and
video calling. In addition, with the prevalence of Bluetooth headsets and other
Bluetooth peripherals, interference on enterprise 2.4 GHz WLANs is hard to
avoid. When you use the 5 GHz band for RToWLAN deployments, Bluetooth
interference is not a concern.
WLANs (WLANs with both 2.4 GHz and 5 GHz bands), devices can roam between
802.11b/g/n and 802.11a/n with the same service set identifier (SSID), provided
the RToWLAN endpoint is capable of supporting both bands. However, with some
devices, a dual-band WLAN can cause gaps in the real-time traffic path. To
avoid these gaps, use only one band for real-time traffic applications and
component for successful RToWLAN solution deployments is to implement Quality
of Service (QoS) at the network and application layer. QoS ensures that
different types of network traffic are given access to specific amounts of
bandwidth or are given priority over other traffic as they traverse the
network. You can use a variety of methods to provide different levels of
network throughput and access based on traffic type.
traffic, QoS methods fall into the following two categories:
marking determines how packets are queued as they ingress and egress network
interfaces along the traffic path. Based on packet marking, certain types of
traffic are allocated more or less bandwidth or can be transmitted more quickly
and more often. Generally, when traversing the network, real-time media traffic
is given priority treatment in all transmit queues along the network path.
Real-time signaling traffic that is used to set up calls or facilitate
application features is allocated dedicated bandwidth amounts based on the
expected overhead of this signaling and other control plane traffic. Real-time
signaling and other non-media traffic must never be assigned to priority
marking may or may not be performed at the application or endpoint level, but
most IP networks are capable of marking or re-marking traffic flows as they
traverse the network. Marking or re-marking of traffic flows by the network is
usually based on IP port numbers or IP addresses. The client application or
device performs the packet marking at the endpoint level based on specific
application requirements or based on standardized marking guidelines (for
example, voice media should be marked as Layer 2 802.11 WLAN User Priority 6,
and Layer 3 IP packet marking should be Class of Service of 5, Differentiated
Services Code Point of 0x46, or Per-Hop Behavior Expedited Forwarding).
packet marking at layer 2 (User Priority, or UP) presents challenges for many
RToWLAN applications and endpoints. While some applications and endpoints do
mark RToWLAN traffic flows at Layer 2 according to standard guidelines, many
endpoint devices, particularly multifunction mobile devices, may not support
Layer 2 802.11 UP marking. Unless endpoint devices are fully 802.11e and WMM
compliant, and the operating system supports UP values as marked by
applications, you cannot rely on Layer 2 QoS marking to provide improved
RToWLAN traffic throughput on the wireless network.
Packet marking at
Layer 3 is more common in RToWLAN applications and endpoints. Many applications
and endpoints mark RToWLAN traffic flows at Layer 3. When the application and
endpoints are marking traffic according to recommended guidelines, existing
wired network QoS policy should not be modified, because real-time traffic
automatically receives appropriate treatment based on standard QoS policy
(priority treatment for voice and dedicated bandwidth for video and control
packet marking is important, whether by application or endpoint, it is also
important that you trust that the correct packet marking is applied to the
correct type of traffic by the application or endpoint. If the packet marking
of even some network traffic generated by an RToWLAN endpoint cannot be
trusted, then administrators can decide to rely on network-based packet
re-marking for all traffic. In this case, all traffic is re-marked according to
enterprise policy based on traffic type (port number or protocol) and IP
address to ensure that network priority queuing and dedicated bandwidth are
applied to traffic flows. As a general rule, you must not trust the packet
marking from RToWLAN endpoints unless the enterprise has complete control over
the endpoints and the applications that are running on those devices. Besides
re-marking packets for untrusted devices or applications, administrators can
also enable network-based policing and rate limiting to ensure that untrusted
devices or applications do not consume too much network bandwidth.
deployments, RToWLAN endpoints securely connect to the enterprise network to
utilize RToWLAN applications and services. Because these connections traverse
the Internet, there is no end-to-end QoS on the IP path. All packet marking is
ignored and all traffic is treated as best effort. RToWLAN application
performance cannot be guaranteed over these types of connections.
When you deploy
wireless endpoints, consider the security mechanisms that are used to control
access to the network and to protect the network traffic. Wireless LAN
infrastructure and RToWLAN endpoints support a wide range of authentication and
encryption protocols, including WPA, WPA2, EAP-FAST, and PEAP. Generally, the
authentication and encryption method that you choose for securing the wireless
LAN should align with the IT security policies that are supported by both the
WLAN infrastructure and the RToWLAN endpoint devices that you deploy.
and encryption method that supports fast rekeying such as Proactive Key Caching
(PKC) or Cisco Centralized Key Management (CCKM) is important for real-time
traffic solution deployments. It is critical because it ensures that active
voice and video calls and other RToWLAN applications can maintain connectivity
and operations as the RToWLAN endpoint is roaming from one access point in the
network to another.
security consideration is seamless attachment to the WLAN network. The
endpoints must automatically attach to the WLAN network without user
intervention to maximize the utilization of RToWLAN applications and services.
Certificate-based identity and authentication facilitates an excellent user
experience by eliminating user intervention (after initial provisioning) for
network connection and minimizing authentication delay. However, deployments
where enterprise security policy requires two-factor authentication or one-time
passwords, user intervention is required for network attachment. In such cases,
access to RToWLAN applications and services gets delayed.
security infrastructure and configuration in place, 802.11 RToWLAN endpoints
are able to connect to the enterprise from remote locations using public or
private 802.11 WLAN networks or Wi-Fi hot spots. While this securely enables
RToWLAN application and service delivery for remote attached endpoints, you
must consider whether to deliver RToWLAN applications and services over these
types of remote connections.
The two key
reasons that makes it problematic to enable RToWLAN applications and services
over remote secure connections are as follows:
private 802.11 WLAN networks like wireless hot spots that are found at coffee
shops and airports are typically not optimized for real-time traffic
applications and do not deliver enterprise-class security or performance.
Acceptable RToWLAN solution performance (voice and video quality, connection
reliability, and so on) can never be guaranteed over nonenterprise class 802.11
remote connections result in real-time traffic traversing the Internet between
the enterprise and the endpoint, RToWLAN application performance, including
voice and video quality, may be poor. Connectivity across the Internet is never
guaranteed and always best effort. There is no end-to-end QoS on the IP path
and all packet marking is ignored. All traffic is treated as best-effort.
Acceptable RToWLAN solution performance can never be guaranteed over these
Internet-based network connections.
is another important factor to consider while planning and deploying RToWLAN.
Along with stringent network and radio frequency design requirements for
successful deployments of real-time traffic applications and services, you must
also consider redundancy and failover for WLAN infrastructure and real-time
applications, services, and endpoints.
implement the wired network infrastructure in a redundant fashion so that the
IP path from the network edge through the data centers and to all locations
within the enterprise network infrastructure is maintained even in cases of
hardware or service failure. With redundant physical network connections and
appropriate network routing and switching configuration, hardwired RToWLAN
components, such as call control platforms and other applications servers, are
still able to communicate on the network even when components or portions of
the network becomes unavailable.
infrastructure must be deployed in a resilient manner to ensure continued
network connectivity for endpoints even in scenarios where an access point,
wireless LAN controller, or authentication system fails. By providing highly
available network connectivity, real-time applications and services can
continue to function despite isolated infrastructure outages.
real-time traffic applications and services as well as the endpoints that
service them must be highly available. In the case of real-time voice and video
services as provided by Cisco call control, it is imperative that given the
failure of a primary call control platform that other platforms or components
can continue to provide these services to endpoints and their users. In
addition to network services redundancy, the endpoints and the real-time
traffic applications that run on them must be able to automatically fail over
to backup service nodes and remain operational.
considerations for RToWLAN solutions deployments, in some cases, dictates the
physical characteristics of the enterprise network or deployment.
campus RToWLAN deployment
In a single-site
or campus deployment, the RToWLAN solution is implemented and operated within a
single location or a group of locations within close proximity. The primary
consideration for this deployment is to provide resiliency to network
connectivity and RToWLAN services like voice and video calling.
figure shows a single-site or campus deployment that relies on duplication of
key components and services to ensure high availability across the RToWLAN
Figure 3. RToWLAN
figure does not show the wired network infrastructure redundancy but you must
assume that it exists.
It also shows a
split data center between two buildings in a campus location with duplication
of all key components and services, which are as follows:
network components: Multiple WLAN controllers and access points.
redundant wireless network infrastructure components ensures that wireless
network connectivity for RToWLAN endpoints is highly available. It also ensures
that the devices can continually have access to network-based RToWLAN
applications and services both when stationary and when moving or roaming
within a location.
components: Multiple call control platforms or nodes, media resources
(conference bridges, media control units, and so on), PSTN gateways or border
controllers, and application servers.
redundant call control platforms, media resources, PSTN connections, and
application servers ensures that RToWLAN applications and services are highly
available and that RToWLAN endpoints can continually use these applications and
In a distributed
deployment, the RToWLAN solution is implemented and operated at multiple sites
or locations, and RToWLAN devices are distributed throughout the network. In
these type of deployments, providing resiliency to network connectivity and
RToWLAN services like voice and video calling is still the primary
consideration. However, there are specific considerations apply for distributed
deployments, related to site interconnectivity.
figure shows that with distributed deployments, key WLAN and collaboration
components and services must be replicated locally at each site to provide
persistent network connectivity and persistent access to RToWLAN applications
and services across the enterprise.
Figure 4. RToWLAN
(APs) are deployed redundantly throughout the enterprise at each site based on
density and site survey requirements. In the case of wireless LAN controllers
(WLCs), you have two high availability deployment options:
WLCs control and manage APs at all locations providing centralized management
In the case
of IP network failures between a branch and the central site, the local APs at
the branch continue to service local RToWLAN endpoint devices, providing
network connectivity and authentication services with cached credentials from
the central site. This type of high availability scheme works best for smaller
branch sites with a limited number of APs and wireless devices.
deployed at each branch site control and manage APs at the local site.
In the case
of IP network failures between a branch and the central site, all WLAN network
services continue to be provided locally. It is also possible to leverage
centralized authentication services in this type of deployment, with the local
site WLC caching credentials from the central site to provide local
authentication services during IP network outages. This type of high
availability is better suited for larger branch sites with many APs and
wireless devices. Even in the case of distributed or local WLCs, in most
deployments, the overall WLAN network management component and application
typically remain centralized as shown in
where branch sites vary in size or the required service level at each location
differs, it is possible to have hybrid deployments, where some locations rely
on centralized management and control of wireless APs and other locations rely
on distributed or local control.
depicts both WLC high availability deployment options. The gray dashed lines
between the central site WLC and all APs including the branch site APs
represent centralized WLC control. Each branch site location router is capable
of providing local WLC capabilities, as indicated by the wireless antennas.
call control platforms and other components must also be replicated at each
enterprise site to provide persistent access to RToWLAN applications and
shows the replication of critical collaboration components including call
control, PSTN connectivity, and media resources as represented by the voice
enabled router and the media control unit (MCU) at each branch site. As with
WLC high availability for distributed deployments, collaboration call control
can also be centralized within the central site or distributed at all
depicts centralized call control with distributed backup call control provided
at each branch site in the case of IP network failures between the branch and
consideration for RToWLAN deployments and distributed multisite deployments is
RToWLAN device mobility. In a multisite deployment, movement between locations
is common, because of the mobile nature of most RToWLAN endpoints. The
collaboration call-control platform should dynamically track the location of
RToWLAN endpoints as they move between enterprise sites. Based on the IP
address of the device or other identifying information, the call control
application should determine the devices location and adjust call routing, PSTN
egress point, and codec and media resource selection as appropriate.
consideration with distributed RToWLAN deployments is call admission control.
Call admission control is a collaboration call control feature that ensures
that bandwidth between enterprise sites is not oversubscribed by voice or video
call traffic. Oversubscription of bandwidth on the connections between sites
leads to poor voice and video quality, delayed call set up, and even dropped
calls. Given the limited bandwidth and throughput that is available on links
between enterprise sites which are usually lower speed, call admission control
ensures that sufficient bandwidth is available on the IP path to setup and
maintain a quality voice or video call. If sufficient bandwidth is not
available, the call control system denies the call setup or reroutes the call
using the local site PSTN connection. While call admission control is not
unique to RToWLAN, it is an important consideration in distributed multisite
deployment scalability is a major design consideration when you implement
real-time traffic applications and services. Failure to provide sufficient
network and call processing capacity may result in service or functionality
outages that prevent endpoints from associating, authenticating, registering,
making or receiving voice and video calls, or leveraging other collaboration
infrastructure must provide sufficient client attachment as well as bandwidth
capacity to ensure endpoints are able to actively connect to the WLAN and
successfully make high-quality voice and video calls. In particular, the number
of simultaneous voice or video bidirectional traffic streams per WLAN channel
cell is a critical capacity consideration, which, along with the number of
associated endpoints, ultimately determines deployment device densities and
potential user call rates.
Apart from WLAN
infrastructure endpoint and bandwidth capacity, you must also consider the
capacity of the collaboration system, which enables real-time traffic
applications and services. With Cisco call control, each call control platform
or node has a finite endpoint and call volume capacity. Likewise, media
resource platforms and MCUs have finite call or session capacity. You must
deploy sufficient endpoint and call volume capacity by adding the appropriate
number of call control application nodes to provide services for the required
number RToWLAN endpoint users.