Fortinet Leads With Security at Forti-Field Day

You are the reason
I’ve been FortiWaiting for so long
Some FortiThing holds the key
And I’m FortiWasted
And I can’t FortiFind my way home

(Apologies to Steve Winwood there.) Having watched Fortinet do their thing at Mobility Field Day 6 as a delegate at the event, I was struck by a handful of realizations:

  1. Fortinet faithfully gets their message of security-at-every-level out with each presentation. On this point they are remarkably consistent and articulate.
  2. They have a product line that is expansive beyond what I tend to think I know of the company- from hardware, software, monitoring, and performance measurement, they are generally on par with anyone else in the game.
  3. The company continues to buck the trend of licensing the living shit out of EVERYTHING, like their competitors tend to do. In this regard, Fortinet has not flushed their customer empathy chip down the toilet as others have, and their execs aren’t out writing BS-blogs explaining to customers how being gouged with endless micro-subscriptions is somehow innovative.
  4. They overplay the Forti-prefix to the point of FortiDistracting from the FortiMessage. I personally FortiStruggle to FortiFocus during the FortiPresentations. That may just be me, but I’m guessing it’s not, for whatever that is FortiWorth… (hmmm… reminds me of a George Straight song- Does FortiWorth Ever Cross Your Mind?)

Where Fortinet can be FortiFrigginExhausting in their FortiSpeak, I cannot say the same about their security messaging- the company does a solid job of weaving their security priorities through the product narrative without overplaying it. You’ll see the focus on security in all their MFD6 presentations. Given the daily spate of network breeches in the media these days, you’d be a FortiChump not to listen.

For their bits and pieces, I like this slide that summarizes their various network building FortiBlocks:

FortiStuff

Without even watching any of their presentations, this graphic gives the un-FortiFamiliar a sense of the robustness of their offerings. But there’s a heck of a lot more to the FortiStory, so I do recommend watching the presentations.

Having seen a couple of other vendors present before Fortinet, I realized when the FortiAiOps session unfolded that the notion of “AI Ops” is one of those “all the cool kids are doing it” things that every vendor has to have to compete. That’s not to throw dirt in any way, it’s more of a statement on where the industry is right now- AI has become a fact of life as an important underpinning of various solutions, but is still new enough to be held up to the light as if Zeus himself gave birth to it. I’m glad Fortinet has a hand in the AI card game, too.

We all have our own frames of reference, and to me Fortinet is still somewhat exotic in that I don’t see a lot of their wireless gear in my own corner of the world. I do know colleagues in other areas that use Fortinet, and also truly appreciate several Fortinet employees as just awesome people. With the likes of Wi-Fi 6/6E, AI in the house, and many customers considering how to evolve their WLANs (and frequently being tired of the incumbent vendor) all potentially catalyzing market shifts, perhaps we’ll see more Fortinet in more places in the days to come. They certainly are equipped to compete and do have interesting differentiators, from what I can see.

I Friggin LOVE You, NetAlly LANBERT

His name was LANBERT and he came from the west
To show which cables sucks and which are best
With a push of a button it’s doing it’s stuff
Hopefully for mGig the existing wire is enough…
Oh looky there, this one passes just fine
That LANBERT just saved us money and time

–Ode to LANBERT, by Wendall Pissmont Jr

There’s a new Bert in town… forget about Reynolds*, Bacharach*, and that whiny neurotic muppet from Sesame Street. Them cats is yesterday. NetAlly has recently introduced LANBERT (at Mobility Field Day 6), and if you are in the business of network wiring then you should pay attention.

This was easily one of the more thought provoking sessions of MFD6, says I. Let’s set the stage: you have an installed cable base, and are migrating access points to Wi-Fi 6 and 6E, and at long last we hopefully will see the massive throughputs that WLAN industry marketers have been telling us we should expect for years… like to the point where the old reliable 1 Gig uplink may not cut it. Do you need to replace that cable to get mGig performance?

LANBERT to the rescue! There should be no mystery when it comes to cabling performance capabilities. Many of us grew up knowing the value of cable certification testing, and now the free LANBERT app adds a much needed evolution to the notion.

Working with NetAlly’s Etherscope nXG and and LinkRunner 10G portable analyzers, LANBERT “generates and measures the transmission of line rate Ethernet frames over your network cabling infrastructure, qualifying its ability to support 1G/10G on fiber and 100M/1G/2.5G/5G/10G on copper links.” You are proving what an installed UTP or fiber run can really do despite what a certification report might say, without needing a standalone certification tester.

Test that existing cable for mGig before the new AP goes in, and don’t assume that “old” runs can’t support the new speeds.

I’ve long beaten the drum that the physical layer is critical to good networking. I’ve always viewed each part of a structured wiring system as it’s own component, worthy of note when it comes time for labeling, troubleshooting, and yes- performance testing. I’ve seen old cable work surprisingly well, and new cable disappoint for a number of reasons. There is simply no reason to guess how UTP and fiber will perform FOR REAL, with LANBERT. It’s the shizzle, baby!

View this fascinating Field Day presentation here.

*Yes, I know these dudes are actually named Burt and not Bert. Shut up.

VenVolt 2- Power to the (Survey) People

Hello wireless friends,

My name is VenVolt 2. I’m soon to be sent by the excellent folks at Ventev to assist you with your wireless site surveys in those situations where you need to power an access point. If you caught Mobility Field Day 6, then you saw Ventev Product Line Manager Chris Jufer introduce me… it’s a little daunting being shown off, but I can handle it. I was born for this role- some of you probably know my dad, VenVolt 1:

VenVolt 1

The Old Man still has his own magic, and quite the following. But we all know the drill… everything changes. If you get lucky, the change is for the better- and that’s where I come in. Here’s my profile pic, in case you missed it:

VenVolt 2

I’m sleek, I’m sexy, and I got the juice. Ventev learned a lot from my pappy, and I’m proud to be his follow-on in the product line. V1 uses Lithium Iron Phosphate batteries, but I’m LiPo, baby! V1 was also a bit of a porker at 4 1/2 pounds, but I go a svelt 2.2 pounds for you less macho types. And I’m rated at 26,400 mAh- just at the edge of legal airline carry-on. I charge in about 3 hours, and will power an AP for around 6-8 hours, depending on model. I could go on, but I’m already bragging a bit so maybe I’ll just show you some specs.

But first I gotta tell you- they are shipping me with this very cool bag!

You can already see the benefit there, I’m guessing. It’s not just a protective case for my handsome finish, it’s also an accessory at survey time when you need to attach me to something. (Think safety, says I.)

Now back to some specs and application notes from my demo reel. I think you’re gonna like what you see… Look for me around late September or early October of this year. Meanwhile, feast your eyes on this goodness:

VenVolt 2 by Ventev, ports, etc

I trust that you dig it? Of course you do. Because you’re smart and good-looking, too. Or maybe just smart, as I take a second look. But what matters is that I’m (almost) here for you, and you’re gonna want to make sure we get together for your Q4 surveys. I’ll see you then.

Hugs,

Ventev’s VenVolt 2

Mist Systems Has an Advantage- but Also Gets a Yellow Card

Now the race is on
And here comes pride up the backstretch
Heartaches are goin’ to the inside
My tears are holdin’ back
They’re tryin’ not to fall
My heart’s out of the runnin’
True love’s scratched for another’s sake
The race is on and it looks like heartache
And the winner loses all

-Sang by George Jones

Though events like Mobility Field Day 6 may not be typically thought of as being contests, I can only imagine that those participating from the vendor side feel the competitive heat. The spotlight is on, the dollars to participate have been spent, the camera is rolling, and there is a tight window to differentiate your offerings and approach from the rest of the pack- all while a group of delegates interrupts your presentation and peppers you with questions. Success is measured by Twitter conversations, blog posts, and ultimately sales numbers. As a long-time Field Day participant from the delegate side of the paradigm, I can’t help but think that Mist still has an advantage of sorts when they present. I’ll explain that here, but will also point out that cockiness can sometimes cost you based on one comment made by Mist during MFD6.

The Mist Advantage

Mist was a late-comer to the mature WLAN industry, being founded in 2014. But those involved with starting the company are hardly newcomers to the game, and they have done a good job of making a start-up extremely relevant in a competitive market. I’d dare say they have been disruptive. And of course they were bought for a zillion dollars by Juniper. So what is The Mist Advantage when it comes to these presentation-oriented events?

Their short history.

Sure, they have decent technology, and even if you get tired of AI-everything in the company’s messaging, that is obviously working for them. But it’s what Mist DOESN’T have that’s just as significant to their appeal: they don’t have years and years of messaging fog and technical bloat to overcome. Their story is still fresh, and when you sit down to listen to them, your mind doesn’t involuntarily think about their long history of bugs, frequently changing “campaigns” and named networking frameworks, and all the ways customers have been frustrated with their licensing and support. Because… that history doesn’t exist yet.

The irony with Mist is that many of their key corporate players have come from companies that DO suffer from the effects of simply having a long history, and were likely personally responsible on some level for at least some of the baggage left behind at the companies they left. Such is life in Silly Valley, and I applaud anyone who recreates themselves and learns from the past.

How long will the Mist story remain untainted by it’s own longevity? This will be an interesting question to watch play out. But I have yet to hear of any customer switching FROM having a Mist WLAN to a legacy vendor, and the continual development of products and underlying magic is impressive on Mist’s part as evidenced by what you’ll see in the MFD videos.

Yellow Card Thrown

I recommend that anyone interested in Mist or wireless networking in general watch the Mobility Field Day videos from the company’s presentations. These folks know their stuff, and the enthusiasm is palpable. But I do have to call out one thing that didn’t set well, and sounded maybe a bit beneath the Mist Team.

The day before Mist presented, Aruba Networks showed their Wi-Fi 6E AP630, a fairly ground-breaking offering that brings real-world networking in new 6 GHz spectrum to the wireless space. For months now we’ve all been giddy about 6 GHz being made available for use by the FCC, so Aruba giving the world an early 6E AP and being able to show what it does in a controlled environment is a good thing.

I’ve heard every single vendor so far at Mobility Field Day 6, including Mist, say things like “you gotta start somewhere” or “this is just our first step towards blah blah blah”- reasonable utterances for companies who need to innovate or wither. So when the topic of 6E access points came up and Mist seemingly slighted Aruba for putting out a lowly 2×2 6E AP while Mist has nothing to show yet in 6E, it seemed a bit low-brow. The comment was noticed by a few other folks out there as well, and I’m curious your take on this if you happened to catch the dialogue.

Aruba Said the Right Words Regarding Dashboards

I wanna be a dashboard ranger
Live a life of guts and danger
I better stop before this song gets stranger…

Ah, dashboards. We got ’em these days, in quantity. We got so many freakin dashboards we need a dashboard to keep track of our dashboards when it comes to networking. But beyond dashboards, we got… AI.

That’s right- we got Artificial Intelligence, baby. And it’s teamed up with Dashboards, Inc. to make sure we have ALL KINDS OF STUFF to worry about. And maybe, if we’re lucky, some time those alerts will actually be actionable…

If you haven’t figured it out yet, I’m dashboard-jaded. I’ve seen many dashboards from market leaders that cost a fortune (they gotta make money, no fault there), that are fraught with Chicken-Little noise that is so overwhelming and uncorroborated by any other practical metric that they become one more Glass of Pain that gets ignored. Will AI help that? The answer will depend on how that AI is coded- like does the team behind the AI actually GET that endless petty alerts aren’t really a good thing?

Which brings us back to REAL intelligence… and Aruba Networks at Mobility Field Day 6. In particular, the presentation on what Aruba calls AIOPS– their version of system monitoring, root cause analysis, system adjustment, etc. This is something all the major vendors are doing these days, and all make sure that “AI” is sprinkled liberally in the marketing so you know that you are good to go. Unless you’re not, because the AI flags a bunch of stuff you don’t care about that takes you away from real work.

But Robin Jellum at Aruba said something profound in it’s simplicity as he presented on AIOPS… The exact wording escapes me, but Robin alluded to the fact that we all get bombarded with data. There’s no shortage of it in today’s network systems. But turning that data into MEANINGFUL alerts versus just lots of red and yellow dots to get lost in is the challenge, and Aruba recognizes that gratuitous, copious amounts of alerting on transient stuff does no one any good.

As a customer, I don’t want to buy ALERTS by the pound. I want to buy INFORMATION that comes from my data. It’s nice to hear Aruba recognize the difference. Time will tell if AIOPS can deliver.

Best Danger Will Robinson GIFs | Gfycat

Burned By an App- a Cautionary Tale

I was maybe living too fast, life was maybe too good, looking back. Just who the hell did I think I was with that fancy Apple pencil taking notes on a swanky iPad Pro in my own scribble?

WHO DOES THAT?

Ah, but it was intoxicating. I was living the high life with hundreds of pages of notes taken through the tip of that space-age wonder scribetool on virtual paper. Then, just last week, it all came to a screeching halt. Fate handed me a shit sandwich, and I’d eaten half of it before realizing what was even going on.

Perhaps I should back up a bit. For at least five years now, I’ve become accustomed to taking notes on an iPad using the compatible pencil device to allow me to quickly scribble down my thoughts. Countless meetings, product briefings, conferences, and more were all captured for later reference, and believe me you, refer to them I did. Nobody refers to notes as good as me, I tellya.

Until I couldn’t any more.

You see, way back when, I vaguely recall fiddling around in the App Store like a happy idiot looking for something I could take notes with. I remember trying a few, and settling on this:

It has been fantastic. Reliable, simple, free. “Memo” and me were buddies. Until it screwed me over.

Last week, I learned that a project I’m involved with had seemingly changed in scope over the last several months, and the changes seemed to be a drastic pivot from the way I remembered it all from the last meeting. This is one of those drawn-out projects with a lot of players, and good notes can be the difference between things going off the rails or not over time. When I got the email about what was supposed to happen next in this project, I thought “no worries, let me pull up my notes and get this all cleared up…”

ARE YOU F’ING KIDDING ME? Sunsabitches… it won’t even open! How does this happen? At no point was there any kind of warning by Apple that the iOS upgrade would break certain apps… Including my beloved Memo app! The sinking feeling- THE STING OF LOSS- will haunt me for many a day…

Ah well. I suppose it is what it is, and I have no doubt many of you reading this have already had thoughts like “you dumbass, this is really your fault for several reasons” and to you I say, yes, of course it’s my fault. Shut up anyway.

Lessons learned:

  • Should have emailed each memo to myself to have a copy after scribbling them
  • Should have used Apple’s native Notes app for better chance of longevity
  • Should have paid more attention to who authored this app I relied on so much so I could maybe contact them to see if they are still around and plan on updating their now ugly baby
  • I’ll take a serious look at other apps I use for drawing, writing, etc and make sure other important docs won’t be lost to an eventually unsupported app

I’m sure other regrets will come to mind. For some reason, this incident particularly sucks, despite having other apps and programs go away in the past before this happened. In some cases, there was plenty of warning that the vendor was discontinuing, in others maybe I didn’t rely on the application so deeply.

Live and learn… and maybe somebody reading can benefit from my angst.

Contemplations on Large-Scale Cloud Wi-Fi in Higher Education

For so many years, the Wi-Fi story at most campuses has been pretty similar: hundreds or thousands of access points connect to some number of controllers, and it’s all managed by a network management system. Sounds simple enough, but this basic formula of WLAN building blocks has a number of implications that many of us who keep these networks up frequently get weary of. I recently took part in a panel discussion webinar where some notable wireless network managers and architects from the higher ed space discussed these implications. Let me share what we talked about, and we’ll see if any of it resonates with you- and I’m sure that you’d agree that the topics covered here certainly apply well beyond higher ed.

Mist Systems Hosts the Panel Discussion
Mist Systems isn’t the first company to bring cloud-managed wireless to market, but they do offer some fairly comprehensive strategies for those interested in different options. During the panel session, we talked with Bryan Ward from Dartmouth College and Brian Stephens from MIT. Both of these gents are now using Mist for their respective campus WLAN environments, albeit in different topologies. Rounding out the panel was Rowell Dionicio of Packet6.com, Wes Purvis and Jussi Kiviniemi (Mist Product Management team), and myself. Though Rowell and I both have deep backgrounds in higher ed wireless, we joined this session as independent consultants.

The Layer 2 Elephant in the Room
Back in the day when controllers first hit the market, they gave the WLAN world a major gift at Layer 2. With “fat APs”, any VLAN in use by the access point needs to be part of a trunk on the Ethernet uplink. But when the AP is controller based, a single management VLAN can be used to encapsulate a number of VLANs using CAPWAP tunnels. Using controllers allows for a much simpler L2 paradigm from the perspective of AP-uplink switch and switchport configurations- by an order of magnitude in large environments. To me, this is perhaps one of the most significant single benefits of using controller-based WLAN, and is one potential obstacle when going to a cloud-managed model. Old L2 concerns come back to haunt us when the controller gives way to a cloud-managed management plane, and not all vendors have an answer to the dilemma.

During our discussion, we learned that Dartmouth re-engineered their LAN network and embraced configuration automation to reduce the L2 admin burden when they migrated away from their old Cisco controllers to Mist’s cloud-managed WLAN. By contrast, MIT’s timeline for WLAN upgrades required that they NOT re-engineer their L2 environment, meaning they needed a solution to the L2 dilemma.

How do you take advantage of CAPWAP/similiar tunnel terminations afforded by controllers, when you are abandoning controllers? Mist provides an appliance called the Mist Edge which allows for termination of AP-management tunnels and VLAN aggregation, while still keeping the rest of Management Plane functions out in the cloud. This option allowed MIT to quickly get their Wi-Fi moved to the cloud paradigm while preserving their legacy LAN topology.

There was a lot of good discussion about what exactly a controller is versus solutions like Mist Edge and similar building blocks from other vendors. Wes presented this graphic to guide discussion:

Why Else is the Controller Construct so Important When Considering Cloud W-Fi?
Aside from Layer 2 concerns, we heard from both MIT and Dartmouth the various ways their admin time has gotten more productive since they jettisoned controllers. We all spoke of reliability and such, and there is no doubt that a move to the cloud simplifies major administrative tasks. I’ve used cloud-managed networking in almost twenty branch locations of varying sizes for at least a decade, and I can say that not having to upkeep both controller code and quirky, feature-bloated management servers is nothing short of liberating.

The panel as a group seemed to agree that many WLAN professionals get hung up on the loss of nerd-knobs and command-line deep debug capabilities when they consider a move away from controllers to cloud. I wasn’t the only one to vocalize that often the deeper debugs we do on controllers are when we are troubleshooting controller code for TAC rather than actually trying to figure out Wi-Fi or client issues (this gets extremely old). Dartmouth’s Bryan Ward spoke highly of the ease of use and effectiveness of Mist’s API capabilities from first-hand experience when deeper-than-GUI information is needed, while MIT’s Brian Stephens reflected on the Mist interface being comprehensive enough for daily use. Both perspectives are good news for the controller-weary. Competing cloud systems have similar API functionality, and one point of analysis at evaluation time is always “is there the right balance between GUI and API?” from the usability perspective.

A Lot to Consider, Digest
For me, this discussion does scrape off a significant portion of apprehension about potentially moving a large WLAN of many thousands of access points to the cloud-managed paradigm. (In my perfect world, I’d be able to keep my existing very expensive controller-based APs and use them with another vendor’s cloud solution- but the world doesn’t work that way, and likely never really will at enterprise scale.) We covered a lot of ground, with these among some of the other details to ponder:

• Rowell asked a great question- can we make a Mist Edge in VM? Wes replied that it could be done, but most customers don’t.
• Bryan Ward pointed out that SNMP completely goes away with the Mist deployment.
• Brian Stephens made the case that so many other enterprise systems are moving to a cloud-managed model that taking Wi-Fi there really isn’t that much of a leap.
• We all talked about the “what if your Internet connection goes down?” I’ll say that your Mist Wi-Fi will be fine during the downtime, but let you hear the rest of the conversation for yourself when you watch the session.
• We also hit on how funding changes from Capex to Opex with cloud management, and the value of scripting skills for network admins

There’s a lot more to hear, and it’s better firsthand so I hope you spend an hour or so and watch it. I will close by saying this: regardless of what system you are contemplating, you really have to do an honest eval with it the way you would actually use it daily, and you also have to talk to real-world customers that have been empowered to speak freely about the good and less-than-great of the solution you’re interested in.

This panel discussion was especially useful to me because Bryan and Brian have already gone down a road I think about often, and Rowell’s insights are always right on. I’m now better equipped to think about the WLAN future of environments that I manage.

If you missed one of the embedded links above, find the webinar here.

Mighty mioty and a Bit of IoT Knowledge

Like many of you, I get a lot of emails announcing some new thing going on under the general heading of technology. Most get a quick glance, register as either ho-hum or not of particular interest, and then get quietly flushed out my email box’s septic system. But a recent announcement regarding mioty gnawed at me. I wasn’t sure why, and then it hit me…

Why do they not capitalize the M?

Somehow I didn’t know that mioty is a competitor to LoRaWAN when I scanned the email, but I do know that the announcement covered the first “mioty Blueooth Low Energy Dual Stack“. EVERY WORD WAS CAPITALIZED EXCEPT MIOTY AND IT FREAKIN DROVE ME NUTS.

Yeah, I know- that’s probably a weird reason to be paying attention to a new-to-me technology… but truth be told, it was enough to hook me. I started digging in.

So Much to Learn

One of my several during-COVID areas of self-study is IoT. I got into LoRaWAN and a few others, I’m starting down the road of CWNP’s IoT-related certifications, and I give my RF Explorer and other spectrum analyzers/SDRs frequent workouts trying to capture fleeting little low-power pulses from all sorts of gadgets. I do know that “IoT” is one of those oft-abused words that some vendors try to own in their marketing of Wi-Fi systems, but the concept of IoT is far-ranging, very Un-Wi-Fi at times, and maybe even endless, when you think about it.

So.. I’m not completely IoT-ignorant, yet little-m mioty had never registered in my brainpan to date. If you too are in the dark, let me get you started. Think massive IoT. There’s an Alliance. Stolen from the mioty Alliance’s web pages, the following describes what differentiates this technology from others in the space:

The core invention behind the mioty technology is the Telegram Splitting Multiple Access (TSMA) method. As defined by the European Telecommunications Standards Institute (ETSI TS 103 357), Telegram Splitting splits the data packets to be transported in the data stream into small sub-packets at the sensor level.

These sub-packets are then transmitted over different frequencies and time. An algorithm in the base station permanently scans the spectrum for mioty sub-packets and reassembles them into a complete message. Due to sophisticated Forward Error Correction (FEC), the receiver only needs 50% of the radio bursts in order to completely reconstruct the information. This reduces the impact of corrupted or lost bursts due to collisions and increases the resistance to interference.

That should tickle the fancy of anyone who claims to do wireless…

Combine mioty and Bluetooth for Fascinating Scenarios

So now you have a starting point to go learn more about mioty, if you needed one. Let me bring you back to the announcement that started this whole thing for me- a company called BehrTech combining forces with Texas Instraments to put mioty and the latest Bluetooth (BLE 5.2) on a single chip. Remember, Bluetooth operates in 2.4 GHz, and mioty is “sub-Gigahertz” meaning 868 MHz in Europe and 915 MHz here in the states. Hopefully for some of you, just knowing the frequencies involved have your mind going… Bluetooth is a pretty short-range PAN technology, while mioty can go much, much, much farther riding those 915 MHz radio characteristics of distance and penetration. Meaning that mioty can backhaul Bluetooth traffic to other parts of the same network over large distances. All from the same chip.

This is the kind of announcement I like, as it leads to me learning something.

But why the little m?

Damn You, CAPWAP Tunnels… Damn You All to Hell

There comes a time in every person’s life when they have to face the truth: maybe their CAPWAP tunnels that have been so good for so long actually have a dark side… Maybe them tunnels make you feel empowered, nay- maybe they make you feel invincible when it comes to creatively using VLANs in your overall Wireless LAN construct… and maybe someday that good thing leaves you in a bad place. Maybe.

Let’s pause for some lyrics from the immortal Waylon Jennings’ song “Wrong”:

I should have known it all along
When the future looks too bright can’t be anything but right
Wrong

Everything was going strong
The sky was always blue I thought my dreams had all come true
Wrong
Wrong

Let’s get right to it: CAPWAP TUNNELS SPOIL YOU.

You’ve been using a WLAN solution for a lot of years. It’s been buggy at times, the vendor has left you frustrated on countless levels. You’re thinking “shit I would freakin love to finally ditch controllers and that bloated, semi-functional NMS and move to a cloud WLAN solution for my thousands of wireless access points” – WAPs for some of you (shut it- you know who you are)… But then you run into the CAPWAP tunnel thing and a big honkin Layer 2 quandary down in your switches.

If I have a controller-based WLAN, I can get away with this at the AP uplink port, which clearly gets the Polly Pony Seal of Approval:

But alas, take away the CAPWAP tunnel construct and you are left with something less savory, and Cactus Mike isn’t digging it:

I gotta agree with Cactus Mike- in very large WLAN environments, the thought of no CAPWAP tunnels sucks ass. Sure, maybe a radical redesign of the LAN that underpins the WLAN would help, by pushing L3 out closer to the edge and reducing the need for VLANs. But such undertakings aren’t always a possibility, and if they are a possibility, the timing of redesign opportunities may not line up. Back to topic.

Am I suggesting that by going to a cloud-managed WLAN solution that CAPWAP tunnels aren’t possible? Yes and no… Some cloud vendors recognize Cactus Mike’s conclusion, others not so much. I have not actually used any of the following solutions, but I do appreciate that they recognize that “switching to cloud” and “ditching the controller” isn’t all that easy for those of us with CTA (CAPWAP Tunnel Addiction):

Arista:

Aruba: (link is here)

Extreme definitely has an answer but I’m not finding the right link. Will edit

Mist: (link is here)

Ruckus: (link is here)

By no means is this summary meant to be comprehensive. And, if you were to drill in to any of these, I’m not sure they would each stand up as an answer to “how do we ditch our current controllers, terminate VLANs somewhere, yet move the rest of the show out to the cloud while retaining our CAPWAP tunnels and not doing a massive L2 reconfiguration?” as I have not tested any of them.

But- I do appreciate that the situation is being recognized and addressed by major vendors. AND- I am surprised that at least one long-running pure cloud innovating powerhouse vendor has yet to provide an answer to the situation. As long as the only answer is to configure the uplink to a cloud-managed AP as if it was an old fat legacy access point, they won’t be getting an invite to Cactus Mike’s summer bash…

Your thoughts on the topic?

Interfering Personal Hotspots- Beyond Simply a Technical Issue

After 20-some odd years in the Wi-Fi business, I can safely say that I both love and hate personal wireless hotspots. Before I get into all that, let’s go back in time. If you want some zesty background, here are a few easy, compelling reads written by me from the way back machine:

If you don’t want to review the above links, here’s the poor man’s executive summary:

FCC: Don’t use de-auth frames- that equals jamming (depending on which one of our own definitions you stumble across). Selling jammers is illegal. We let Wi-Fi vendors sell illegal jammers because they provide tools that do de-auth. But that is illegal. You can’t sell jammers except when you can sell jammers. Confused? Shut up, or maybe we’ll fine your ass for our lack of clarity. Our annual fund-raiser is coming up- how’d you like to “donate” several thousand dollars?

Hotspot Makers: We use only the highest power and some really cocked up channel selection algorithms to ensure your device delivers the absolute finest in RF interference to the Wi-Fi environment you are sitting in the middle of.

Wi-Fi Alliance: BUY MORE WI-FI GEAR! FAT CHANNELS! GO TEAM! CRANK UP THAT POWER! WORK IT, YOU SWEET THANG! WE ARE AWESOME, JUST ASK US! IGNORE ALL THE STUFF WE SHOULD HAVE BEEN DOING FOR THE LAST 20 YEARS.

Network Customers, WLAN Admins: WTF?

It all makes perfect sense if you don’t think about it.

The Technical Frustrations

Anyone else in the biz knows that hotspots can be annoying, or they can be WLAN-killers. It all depends on the day, the device, the location, and the density of the WLAN where those hotspots are fired up. You can only play so many frequency-stomping games with spectrum, then physics shows through and Wi-Fi sucks for everyone until the contention is eliminated. This is the technical side of hotspot frustration.

And nobody of title has done a shittin’ thing to improve the situation- not the FCC, not the WI-Fi Alliance whose members make all of the devices that step on each other, not anybody. Everyone is in it for themselves… (Soapbox moment brought to you by the good folks at Shamwowsers & McKracken, LLC).

Ah well.

The Cultural Component to the Whole Mess

Cell phones and Mi-Fi devices have come soooo far since WLAN administrators first played whack-a-mole with hotspot-induced network issues. Data plans have also evolved, to the point where many of us are walking around with dual-band, unlimited data hotspots in our pockets ready to put into service at the slightest notion.

Let’s turn to rocker Ted Nugent for his take on the situation, as written about in his mega-hit “Free For All”:

Well looky here, you sweet young thing: the magic’s in my hands
When in doubt, I’ll whip it out. I got me a hotspot- dual-band
It’s a free for all

Or something like that… It ABSOLUTELY IS a free for all. That’s the culture right now. If I can’t get on the business network because I don’t know how to configure meself for 802.1X, I’m gonna WHIP IT OUT, Nugent-style, and get myself off to the Internet. The business Wi-Fi can suck it, and how dare you expect me to open a trouble ticket to get help with your 802.1X noise? THE MAGIC IS IN MY HANDS. Any collateral damage is NOT MY PROBLEM.

So what if your stupid police cars can’t transfer dashcam video because of interference? Why do I give two figs if your expensive Wi-Fi locks and clocks are acting up because of my RF pride and joy? Spare me the lecture on how your wireless VoIP handsets are getting walked on… Maybe YOU shouldn’t be using Wi-Fi-equipped medical devices. IT’S A FREE FOR ALL, DID YOU NOT GET THAT MEMO FROM TED NUGENT?

Hate ’em, Love ’em

Yeah, hotspots are a big fat PITA. They really do create problems. Some are dual-band, high power beasts that insist on obliterating your WLAN, while others seem to have a little more common sense and lower power built in, but in dense WLAN environments it still gets ugly.

But I’m here to confess that I too hear their siren song.

I get WHY people fire up their hotspots. At hotels, at camp, while troubleshooting systems that have potential ISP issues and so on. My phone’s hotspot gets it’s share of exercise, and I can’t imagine not having it available in a number of situations. But as a WLAN professional, I have the knowledge and (usually) the discipline to not hose up someone else’s WLAN with my hotspot when I’m at their place of business. Most people- not so much.

We’re way past the opportunity for THE INDUSTRY PLAYERS to responsibly to educate end users on why hotspots shouldn’t just be whipped out Ted Nugent-style. So we’re stuck with the problem.

Suck it up, Buttercup

What really sucks about all of this is that WLAN components are only getting ever more expensive. The tools that are used to design and support WLANs are only getting more expensive. Collectively, the security stakes in almost all WLAN environments are only getting higher. We can pump endless dollars and man-hours into delivering really good Wi-Fi, yet hotspots can lay waste to parts of our infrastructures, and there isn’t much anyone can do except to ask the offender to put them away, if we can pinpoint them and get them to listen to our appeal that they think of their fellow man…

Strange times, says I.