Schools, Enterprise or Not

How important is education? We hear this question all the time. So, how important is our children’s education?

Most school networking departments are working on a shoe-string budget. With this budget, they need to upgrade computers both for students and administrators, classroom peripherals i.e. smartboards, projectors. They also need to use this budget to keep their infrastructure  wired and wireless, and cabling up to date…for 5-7 years at a time. Yes you read that right, 5-7 years at a time.

Most people that work for at least a medium sized company, know that they will get a new laptop every three years. After three years, ok 6 months, most laptops are out of date. Wired networks get faster, wireless networks get faster, display drivers change get updated etc. And schools, the places where our children are supposed to be educated, have to wait 5-7 years.

Let’s think for a second, what do schools use that equipment for? To educate the next generation. Indeed more and more educational content is being presented online instead of via text books. School assignments are saved to the cloud. Heck even YouTube has educational content on it.

This post goes into how the children are more engaged with digital learning.

So the big Question: Are schools an Enterprise?

In my opinion, they absolutely are, or at least should be thought of as one. Let’s think about a school district that has 3,000, 5,000 or 10,000+ students. That’s HUGE when it comes to networking. How many switches are needed? How many Access Points are needed? What are the uplinks back to the MDF? Security? Internet Access? Server/Storage/Virtualization? Software? There are a lot of points that need to be upgraded, but how can they do that on small budgets?

I’ve been in schools that have 20+ year old fiber MDF to IDF, it’s not uncommon, and they can’t upgrade it due to budget constraints. They do what they can, upgrade switches, upgrade Access Points so that our children can learn. But to use one of my favorite analogies:

You buy a brand new Jaguar. It’s sleek, it’s pretty and it’s fast. But you live out on a gravel and dirt road. Makes a lot of sense right?

Now expand that to school networks. The students and faculty get spiffy new equipment, whether district or self provided. We’ve given the children a device that can access educational content at the speed of light,  but have constrained them to an infrastructure that is old and slow.

How can we expect our children to learn, to stay engaged when the local Starbucks has faster access? Why are we not helping our schools upgrade their infrastructure out of the dark ages? We go to work and expect, no *demand*, that the network be fast and stable. Why is this not a demand of schools? Or more importantly the School Boards?

How do we get more funding to the schools? How do we ensure that the next generation(s) has the tools necessary to thrive and surpass us?

802.11ac Speeds

Faster, faster faster!!! That’s what we all want right? Faster cars, faster computers, faster Wireless?

 

Well, let’s put the brakes on that for a minute and talk about this.

Let’s talk about what happens when we go “faster” and how we achieve it. Let’s start with Channel Bonding. Wireless uses a 20MHz wide channel to pass traffic, let’s think of this like a 1″ hose. In 802.11n with 5GHz channel bonding, we can now take that single 1″ hose and join it with a second 1″ hose, and basically have a 2″ hose that can spray more data. Sounds great right?!

The other way we get faster is modulation. Modulation let’s you say more in the same amount of space.. Anyone remember The Micro Machines ManJohn Moschitta could say more in one minute than you could. Or if you prefer this analogy, the smaller you can write on a sheet of paper the more information you can get on it. 802.11ac allows for up to 256-QAM Modulation and we can take that bonding and go 20, 40, 60, even 80MHz wide!! ZOMG the speeds, the speeds!! *STOP*

 

Now we need to think a little bit about how this is going to affect the wireless network. So to start a little refresher. In the U.S. we have 3 non overlapping channels in the 2.4GHz spectrum 1/6/11. Now we all know that the 2.4GHz is “dirty”, lots of things can (and do) interfere with it. We also know that with the density that is needed to support BYOD/BYOT that even when the power is turned to it’s lowest setting there are issues with CCI (co-channel interference) and ACI (adjacent channel interference).

In the 5GHz spectrum, we have more channels (9-12 depending on the installation), and a “cleaner” spectrum. For the purposes of this post, we are going to assume we have 12 channels.

 

40MHz wide, if we go with 12 channels, that means we can have 6 channels to use. In most environments that should be fine, really dense deployments like Stadiums aside.

80MHz wide, again assuming 12 channels, we have only 3 channels that we can use. This puts us right back to one of the issues with 2.4GHz, we don’t have enough channels. So let’s hope you’re not doing this.

 

ac_speeds

In the above infogram, you can see the max connected rate and throughput for a an 802.11ac client with 1/2/3SS. Remember this is “theoretical” and perfect world.

802.11ac wave 2 allows for up to 4 SS, and channel bonding of 80-80 or 160MHz wide. If we have issues going 80MHz wide, why would you want to go even wider and have only 1 usable channel? And “usable” it may not be depending on what your neighbors wireless is doing. Adding another Tx/Rx pair to a device is going to, probably, make it bigger. We all want to carry aroudn 17″ laptops and phablets right? That’s why what I’m really waiting for is MU-MIMO.

 

So for all the spiffy new speeds we can get, to achieve those “theoretical maximums” we have to sacrifice our spectrum, which we shouldn’t do. Channel reuse becomes a pain again, even if you are using some automagic channel/power settings.

 

Granted, this is all IMHO, take it or leave it.

CLUS 2014

Well, another Cisco Live has come and passed. And again, it was a great time with the tweeps (twitter people for the unknowing).

TWEEPS!
TWEEPS!

Again this year I was astounded by the huge sense of community and togetherness that comes when geeks let their flags fly. I think the only session I made was the Cisco Champions radio, but that session was so much fun.

Cisco Champions
Cisco Champions

Click here for more about the Cisco Champions

I think what I like best about #CLUS is the ability to have an intelligent conversation almost anywhere. Sitting around the Social Media Routed Bridge, Lunch, Dinner…everywhere.

Wednesday evening comes to mind, where a group of us were sitting in a cigar shop after the CAE, and talked to a voice engineer, CCIE candidate about why he should be on twitter! The best part of this, was when Renee joined in and explained how it helped Aaron study. Growing the community, getting people involved, helping each other, THAT is what it is about!

Or Thursday evening sitting in the lobby of the Hilton talking about SDN and wireless enjoying the “hometown gift” that Scott Morris brought with him.

Getting to meet the greatest people EVAR! like:
Denise Fishburne

@DeniseFishburne
@DeniseFishburne

Denise Donahue

@Ladynetwkr
@Ladynetwkr

John Schreiner Capt USMC @jschrein

Carole Reece @cwreese

and many many more.

as well as just hanging around the best people in the world!

Some parting questions. If you didn’t enjoy #CLUS2014, why? What can you do next year to make it more enjoyable?

If you’re not part of the community, why? Why are you not participating, sharing, and growing with the all of us?

Lesson learned? When you need a little bit of luck, kiss a unicorn!

for luck
for luck

Clean Up Aisle 6

So, remember when I said that AP count shouldn’t be a factor? Well let me add to that a bit. You also need to pay attention to the type of antenna you are using, as well as placement of AP. Please dear lord, PAY ATTENTION TO AP PLACEMENT!! Design, Design, Design!

I was called out to work at a customer site that was having issues with one of their warehouse spaces. Now this was not designed by anyone I work with, and it was kinda useable, but had roaming issues down one set of aisles in particular.

This in particular stuck in my head. The customer has a 3602e with an AIR-ANT-2566-P4W-R. This guy is a pretty powerful antenna, and the back lobe on this guy was….wow.

RSSI

This AP was 90 feet away, mounted on a metal girder, and had to come through all that FSPL as well as people, machinery, and a metal shelving unit. The signal, from its back lobe!, was still useable for the most part, but once you got a few feet down the aisle, the devices were dropping off. There are APs farther down but the roam wasn’t clean.

So from a ‘coverage’ standpoint, it looked pretty good, from a usability standpoint, not so much. And then I find this guy.
bad_ap

This AP was mounted pretty much above the AP on the pole, but notice that it’s behind that big air intake unit. The lift you see in the RSSI image is the AP being moved about 10′ to the side. Once this AP was moved from behind the intake unit, roaming improved down the aisle where we had issues. Checking the rest of the area, we had no noticeable impact from this AP being moved, but time will tell.

So lesson learned:

    1. Don’t mount your AP behind air intake unites
    2. Pay attention to the back lobe from antennas you mount
    3. Bacon is still awesome

Secure Wireless…Why?

With the growth of wireless networking a very common question we hear is “How should I secure my WLAN?”

Well as I said in my last post, “It Depends”

What are you looking to do? Do you have administrative control of the devices that are going to be on the network? Do you have AAA, want to implement one, what about PKI? Oh and my favorite question, is your LAN secure?

Don’t get me wrong, I love a well oiled EAP-TLS environment (PKI is required here folks it is not an option) . But if I can walk in and connect my laptop to the LAN and get access to your network, what’s the point in securing the wireless?

I am by no means saying that you should have a completely open wireless network. Except for guest, that needs to be open and ACL to high heaven to just have internet access. You need to have a secured wireless network, encryption at a minimum.

So notice I said encryption at a minimum.

WEP TKIP and AES-CCMP are encryptions. PSK or even better 802.1X are authentications.
PSK is a shared key. Think of this like the password to your clubhouse as a kid. It could be overheard and anyone could have it.
802.1X uses either credentials (usually domain) or certificates (PKI). Everyone has been trained to not share their domain login.

So decide how much you want to invest in your security, PSK minimal, TLS high. And remember to secure all your layer 1.

How many AP’s do I need

So one of the most common questions I hear is “How many AP’s do I need?”

The honest answer here is, It Depends. And believe it or not, this is a very common answer with regards to wireless.

What are you looking to accomplish with your wireless? Data or Voice usage? High Density? Video? All of these are questions that need to be addressed prior to being able to determine a “number”.

But on that, the “number” isn’t what matters here. What matters is the user experience.
If we, as wireless engineers/architects/monkeys/whatever, just give you a number then we are doing you a great disservice.
On top of the “number” we also need to talk about where we can mount the APs, how high, do we need to hide the AP and just have an antenna visible? All the aesthetics that you, as the customer, may require from us. As well as signal propagation, penetration, diffraction, and attenuation.

For an example:

I have a customer that had enough AP to cover each floor of his building. The problem was, access to the wireless was horrible. (Told you the number wasn’t important!!) When I started digging into his configuration, I found that all of his AP were at maximum power. In wireless networking, the client is what determines which AP it will connect to, not the AP/WLC. Yes we can attempt to influence this, but ultimately it’s the client and its driver that will decide.

So why is the AP at maximum power bad? Well, at any given time clients were hearing 3-4 AP, while this isn’t necessarily a bad thing, it also depends on how well the AP is being heard. In this case the client was hearing an AP across the building, and the signal was still decent and the client decided it would stay on that AP versus roaming to an AP that was closer. What do you get when that happens? Really, really slow throughput which tends to make for a bad user experience.

Part of what we Wireless Engineers do, is work to limit the Cell Size of any given AP, so that you don’t hang onto an AP that is farther away, so that you are able to maintain good throughput.

*1
CellSize

Yes this is an older image that doesn’t go into 802.11n/ac rates, but the theory is the same. Lower data rates, if enabled, carry really far. And this was part of the problem the clients were seeing. They stayed connected far past the time frame “we think they should have roamed”. The drivers of the clients believed they had a good enough signal to work, and they did, just at very very slow rates. My recommendations to my customer, turn the power down and disable the lower data rates. This was done on a test floor and on that floor things got better.

Years ago, the number of AP “really mattered” and was the focus of conversations. APs were installed sparsely, and with their power on high. This was how wireless networks were designed, right or wrong it’s the past.

Now we know better and design better. We use more APs, disable lower data rates and turn the power down to keep the cell sizes small. We do all of this to keep clients connected to the network at their highest possible speed. We do this so that your clients are able to connect to your network and get work down. We do this so that your users have a good experience on wireless.

But for those that are looking for numbers, it depends

*1 image is from here http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bfed06.shtml

Cisco AP Discovery, Option 43/60….And You!

So most of the people that read this blog should know that I’m pretty active on .

One of the things I see there a lot is either a misunderstanding or lack of understanding as to what Option 43 is for.

So, what is Option 43 for? Glad you asked!

Option 43 is one method of WLC discovery. So let me go back a little bit, and lay out how the AP is informed of the WLC.

In no particular order:

Layer 2 (broadcast)
Layer 3
DHCP Option 43/60
DNS
OTAP (depricated)
Previously Joined WLC

So, if you have multiple methods, or in the case of Option 43 multiple WLC, which one will it use? Well I’m going to answer you with the standard wireless answer, “It Depends”.

So, what most people do not understand, is that the AP doesn’t just use one method, it uses them all.

Once the AP has “learned” all the WLC it can from all the methods in use, it sends a discovery request to a WLC that it is aware of. In the WLC’s discovery reply it sends the max AP license, as well as the current excess availability for all members of its mobility group.

So what does that mean? It means that if you have 3 WLC 5508.

5508-A is licensed for 100 AP and has 48 currently joined – excess 52
5508-B is licensed for 150 AP and has 50 currently joined – excess 100
5508-C is licensed for 100 AP and has 65 currently joined – excess 35

The new AP should join to 5508-B, as it has the greatest excess availability. Key word here is should. If the AP has already joined a WLC before, this option will supercede all the others. Another caveat is if one of the WLC has enabled. MCM does not have an affect if the AP has a Primary/Secondary/Tertiary set.

Ok, now to go back and explain the methods.

Layer 2, this is purely broadcast messaging. For this to work the AP and WLC need to be in the same subnet, or you have to add a ip forward-protocol 5247 globally, and an ip helper-address under the L3 interface. That being said, this does not really scale well.

Layer 3 AP is not on the same subnet, so we fall to other methods:

DHCP Option 43/60. So Option 60 is ‘optional’, and is a VCI (Vendor Class Identifier). This will limit the server from giving out the Option 43 if configured. While that sounds bad, it’s actually a good thing. If a DHCP request comes in and it doesn’t have the VCI the server will not return Option 43.

Option 43, is the IP address of the management interface. You only need to list one. If you are running your AP DHCP on a IOS switch, you have the ability to list multiple if you so desire.

DNS – CISCO-CAPWAP-CONTROLLER. resolves to the management IP. This option can be nice if you have regional WLC and your DNS broken up, like east.xzy.com west.xyz.com etc. If you are only XYZ.com then it still works, but you lose the ability to point to a regional WLC.

Now to move on a bit.

You have AP that are already on the network, can you use Option 43 to push the AP to a new WLC? The answer is no. The AP is going to already know all the WLC in the mobility group, so it will first attempt to join the last WLC it was on.

If you need to move an AP from one WLC to another, a discovery method won’t help you. Your best bet is to go through and just set the Primary Controller as the WLC you want it to join, and make sure that AP fallback is enabled.