Tag Archives: WiFI

Future-Proofing Networks with Fabric-Attached Wi-Fi: Q&A with Extreme Networks’ Director of Wireless Product Management & Strategy

It’s easy to become desensitized to the onslaught of marketing that surrounds networking concepts like “fabric” and “unified networks” when every vendor has their own version of them. Naturally, each marketing department promises that their solution is the best, but reality shines through when you start to look past the buzzwords for substance. I was recently  introduced to (and impressed by) Extreme Networks’ own fabric accomplishments, and wrote about my impressions here. Soon after, I had the chance to talk with Extreme’s director of wireless product management and strategy, Mike Leibovitz, about where WLAN specifically fits into the company’s fabric approach.

Leibovitz is one of those people that I’m always glad to catch up with. I’ve spent time with him at different Tech Field Day events and  IT conferences, and have had opportunities to socialize with him. Beyond just being an all-around nice guy, Leibovitz has a passion for his job and believes strongly in Extreme’s products, methods and his company’s future. Our most recent conversation evolved into an informal Q& A about the Extreme Automated Campus solution and Wi-Fi. Here are the highlights from that discussion (I’m in italics).

Mike, Extreme has been busy integrating the likes of ExtremeWireless WiNG from Zebra/Motorola and Avaya’s fabric portfolio (from recent acquisitions) with Extreme’s own wireless product lines. How’s all that going?

It’s been a great run, for us and our customers. We’re fully supporting all product lines, and it’s only getting better for the end users, regardless of which hardware they use. Looking forward, the best of all our product lines will be fused into new feature options that customers of either ExtremeWireless WiNG or ExtremeWireless can take advantage of without forklift upgrades.

We’ll get to fabric and Wi-Fi in a bit, but first- is there anything on the horizon that is particularly driving Extreme’s WLAN-specific evolution, and do you have any examples of where ExtremeWireless WiNG might bring something new to Extreme’s story that customers can appreciate?

Aside from our fabric architecture taking deeper root, we see the coming of 802.11ax as significant, and that does figure into our current product evolution. As the radio side of the equation gets higher in performance, we’ll continue to leverage things like Motorola’s unique excellence in access point design for challenging and high-ceiling environments, for instance. Also, we have the successful integration of the Azara Cloud into ExtremeCloud as an example of how we make what’s good even better.

It seems that Extreme goes to great lengths to make sure that new customers gained through acquisitions are treated just as well as long-time Extreme customers. Is that a fair characterization?

Absolutely, and that’s something we work hard at. You’ve experienced and written first-hand about being a customer on the losing end of an acquisition, when the purchasing company doesn’t get it right when it comes to integrating support for its new customers. Despite being well-established, Extreme has more of a start-up mentality in that all of our customers matter. We take none of them for granted. No one should have to guess at what’s going to happen when they need support just because their vendor was acquired.

Amen to that, Mike. Now onto fabric, Extreme Automated Campus, and wireless specifically. I know that you are pumped up about this area. What’s the first thing that potential customers should know about Extreme when it comes to fabric and WLAN?

I’d say first that people should realize that our fabric offering is mature, proven, and is shipping now. That includes how our Wireless solution connects to the fabric. Other market leaders have their fabric stories ahead of their deliverables to a certain degree, but Extreme doesn’t use customers as guinea pigs while we figure out how to keep promises.

Give me a sense of how that integration of Wi-Fi to the fabric works. Do you have any  examples?

Sure. Let’s start with ExtremeControl, which competes with ISE and Clearpass for functions like onboarding, authorization, and role-based policies. ExtremeControl has always excelled at extremely granular policy constructs used to program per-session behavior of the access point, the data plane, and the likes of QoS and analytics. That’s what we’ve been doing for years. Now add in the Avaya fabric contribution. Instead of just bridging traffic to a controller or to an AP you can now bridge wireless sessions to different fabric segments, uniquely for each connected device. That’s a new level of micro-segmentation that basically means you can traffic engineer wireless user traffic literally anywhere in the enterprise campus with the policies you set for RBAC, Layer7 control, QoS, and analytics carried all the way through.

So… we’re used to thinking of wireless access points or AP/controller pairings as bridges that have 802.11 on the radio side, and 802.3 Ethernet on the wired side. Am I reasonable in suggesting that now we can replace Ethernet with fabric on the wired side when we think about access at the WLAN edge?

That’s a good way of picturing it for functional discussion.

Can you give a specific scenario where fabric-attached Wi-Fi yields obvious, easy-to-highlight benefits that solve real-world problems?

We’re already leveraging fabric-connected WLAN in healthcare environments. As a wireless networker, you know the technical importance of reducing the number of SSIDs in a given wireless environment. Think about having one single SSID for everything, with a slew of different security and policy constructs going on behind it with no dependence on VLANs. From doctors’ unique security requirements to guest access to IoT devices and their various limitations – all are configured via ExtremeControl and micro-segmentation on the fabric. We can bridge traffic anywhere it needs to be for any user or use case. It’s really impressive, and no other vendor is even close to this level of functionality yet.

 Does the new magic come at the cost of CPU or memory utilization anywhere?

 That’s a great question, but actually the opposite is true. You can even add new policies on the fly, non-disruptively, directly on our access points. The flow technology that came way back from our Enterasys purchase works wonders in keeping resource utilization low.

This is great information, Mike. It’s awesome to learn of real-world, low-hype network fabric technology that is proven, shipping, and mature. What else do you want people to know as we close?

It sounds silly to say that “fabric is the future” because for Extreme Networks, fabric is now. At the same time, our fabric today does future-proof customer environments by providing unparalleled flexibility in security, segmentation, simplicity, control, and analytics that will only evolve for the better. Extreme will be ready to add 802.11ax into our fabric-connected Wi-Fi strategy when it comes, and we’re a natural fit for IoT in its many incarnations. Our roadmap is exciting, and I encourage our customers and analysts like you to watch us as we evolve.

FTC-required disclosure: I was compensated to comment on the Extreme Networks Automated Campus referenced in this blog, by PR company Racepoint Global. I have no direct business relationship with Extreme Networks, and in no way claim to be an Extreme Networks customer or representative of Extreme Networks. At the same time, I have known Mike Leibovitz for years.

Getting to Know Cape Networks

I recently attended the 2017 edition of the Wireless LAN Professionals conference in Phoenix. As usual, it was awesome. Catching up with old friends who are scattered far and wide, hearing information-rich presentations, and meeting new people with their own wireless story made it a very enriching week for me. But part of my learning actually came after the conference. I was saying my goodbyes when a gent named David Wilson asked for a few minutes of my time, and that’s how I would come to know of Cape Networks.

It turns out that Wilson and his travel partner Michael Champanis are two of the co-founders of Cape Networks. These guys were awesome to talk with at the end of a long week, and the conversation flowed easily. I learned that Cape Networks is based in both South Africa and San Francisco, and is trying to raise their brand awareness here in the US. The company is in the business of Wi-Fi performance monitoring and testing through deployed sensors and a deceptively simple cloud dashboard.

I was given a demo of the Cape dashboard and got to handle the low-profile sensors. We talked of how the system finds issues and helps with resolution, and what customers are already using it.None of us was in a particular hurry since our travel arrangements were all later in the evening, so they patiently handled every one of the many questions that came to me during the demo.

I’m hoping to get a couple of sensors in the near future, and to be able to do a proper review. Until then, I can share that the solution looks interesting and of decent quality with the potential to reveal information that other systems I’ve looked at or used don’t really do very well. At the same time, I’m not endorsing Cape Networks here as I haven’t used the solution yet.

But I did find them interesting, with enough potential differentiators that I felt it worth sharing what little I know of Cape so far. Once I do a review on their hardware and dashboard, I’ll be sure to follow up.

Meanwhile, I encourage anyone running business WLAN systems to have a look at Cape Networks’ web site and to learn about a company that you may not have been aware of yet.

Three Inconvenient Truths and Some Conspiracy Theory About the FCC’s Mi-Fi Enforcements

The recent enforcement actions by the FCC against hotels that disrupted private Mi-Fi usage are interesting for a number of reasons. If you’re a Mi-Fi user that travels and you don’t really understand or care about the inner workings of business wireless networks, you likely did some variation of a fist-pump because evil companies must now seemingly mend their dastardly ways. (This blog may challenge the validity of that assumption, so click out of here now if you don’t want your bubble burst.) If you are a long-time wireless admin of business Wi-Fi networks, you are likely scratching your head a bit over several of the finer points of what the FCC is up to these days in going after companies like Marriott and MC Dean. I would guess that some Wi-Fi admins are feeling a bit uncomfortable but can’t quite put their fingers on why that is, but what the FCC’s doing all of the sudden just feels weird. And for those of you that are trying to keep an open mind about what it all really means as all sides of the debate try to be heard, I give you the following to ponder:

1. “Our Premises, Our Airspace to Keep Healthy” Since Late ’90s

The 802.11 Wi-Fi standard dates back to the late 90s. For over 15 years, wireless network administrators, security managers, and CTO/CEOs have been writing and enforcing policy about signals that compete with their WLAN systems and the use of “rogue” access points not put in by “Central IT”. Many of these policies pre-date Mi-Fi’s existance, but often address off-my-wire ad hoc (peer to peer, my laptop to yours) direct connect rogues that both interfere and bring their own security concerns. This is an entrenched technical cultural issue. Though Mi-Fi doesn’t meet the textbook definition of IBSS ad hoc networking, it does share the properties of being a competing Wi-Fi signal and it’s own security risk in that if you know what you are doing, you can bridge “isolated” networks to each other pretty easily. Rogue ad hoc is just as important to rogue on-wire by most WLAN policies I’ve reviewed- for both RF interference and security concerns.

All of these (and plenty more) are scraped from easily-found published private network policies on the Internet:

If there are cordless phones, ad hoc or peer-to-peer WAP’s in the prohibited frequency, [we} will attempt to notify the user in writing and ask them to remove the device.  If the device is not removed within 24 hours, [we] will take necessary actions to stop the interference of the device.

This policy covers any devices and users to adhere to the rules, regulations and policies concerning security and prevention of interference.

Due to possible interference from other sources within the 802.11 wireless 2.4GHz frequency range, [our] wireless spectrum should be kept clear of unauthorised transmissions.

Interference means the degradation of a wireless communication signal caused by electromagnetic radiation from another source. Interference can slow down or eliminate a wireless transmission depending on the strength of the interfering signal.

Interference or disruption of other authorized communications that result from the intentional or incidental misuse or misapplication of wireless network radio frequency spectrum is prohibited.

In the event that a wireless device interferes with other equipment, [we] shall resolve the interference as determined by use priority.

So, those of us administering wireless networks tend to recognize that solutions enforce policy, and the policies that guide WLAN security and interference management are nothing new. They are so ingrained in the Wi-Fi psyche from the system side that WLAN vendors and companies that train new WLAN staff are all on board with the philosophy that you can do what you need to to keep your own airspace clean and healthy for the greater good of your users, and to enforce YOUR OWN policies. And… this culture has been in place under the FCC’s own nose for all these years. Mi-FI devices are easy to lump into the spirit of long-established Wi-FI policies, with no malicious intent in doing so.

2. Non-Accommodation Equals Disruption, Too- To Users.

In convention centers where big events are going on, the Wi-Fi network will be made up of dozens (if not hundreds) of extremely low-powered WLAN cells. These cells only have limited channels to use, so staggering channels meticulously and controlling cell size is pivotal to network operation (and event success, in many cases). Along comes a Mi-Fi, with it’s often bad-neighbor config that blasts out a strength that may be an order of magnitude stronger than the conference Wi-Fi cells. As the Mi-Fi disrupts multiple cells (that other conference goers are trying to use), those same cells are also interfering with the Mi-Fi device. In these scenarios, there are typically no “free channels” so mutual interference is a fact of life.

So… I go to use my Mi-Fi at a convention center during an event, and lo and behold, it doesn’t work well. All I know from the headlines is that the FCC says it’s OK for me to do what I’m trying to do, so if it’s not working well, the stinking hotel must be trying to block me! I better report them to the FCC! It’s an outrage!  Except it’s not- it’s physics at work. So what comes next- convention centers needing to ask Mi-Fi users permission to use specific channels?

3.  The FCC Is Closing Many Field Offices, Which May Impact It’s Ability to Enforce. 

The agency is calling it an efficiency move, but what impact the cuts will have on the agency’s ability to enforce it’s own rules remains to be seen.

Let’s Play the “What If” Game A Bit

I, and others have voiced a fair amount of concern about not only what the FCC is doing with it’s new tactic of huge fines, but why it’s being done with very little substantive guidance. Even two of the five commissioners at the FCC don’t seem to agree, or to get what the agency is supposed to be accomplishing with their new fundraising campaign. With lack of leadership from the FCC, the WLAN community is left to speculate about what they could be thinking in DC. Here are a couple of theories to ponder:

  • What if the FCC really is clueless about how important Wi-FI has become to businesses of all types? What if, while we as IT organizations have been doing our best to write and enforce good WLAN policy, and have bought WLAN tools that help us to enforce those policies for the greatest number of people on our premises that rely on Wi-Fi, the FCC in it’s ivory tower was oblivious to it all for the last 15 years? What if an out-of-touch FCC is thinking one thing, while the rest of the WLAN community is basically thinking something else?  It might explain the rush to crank out big fines for what amounts to the same policy that private WLAN environments have been enforcing for the last 15 years. Because the hotels were charging big fees, they have cast the whole thing in a stinky light (and deserve to be called out on it), but the issues for the rest of us are made murky because of the FCC’s Mi-Fi related hits on the hotels and convention centers. It would seem that we all need help (that the FCC has no interest in providing) in:
    • Re-writing our business policies to accommodate Mi-Fi while still preserving our own business continuity
    • Understanding whether the hotels were only in trouble because they were trying to charge (what everyone seems to agree was too much) for their own Wi-Fi (it sure reads that way at times)
    • Or coming to grips with- if it’s what the FCC is saying- Mi-F- must be accommodated everywhere under all circumstances regardless of collateral damage from it’s interference
  • What if the FCC is just using these headline-grabbing fat fines to sew paranoia as a way to augment their enforcement capabilities as they reduce field offices and employee head-count? Uncertainty and paranoia can certainly be force-multipliers when you have the ability to name your price when handing out fines, and the bigger the fine the harder the impact of the tactic. The new-found interest in taking issue with practices that many companies have had written into their IT policies since Wireless Day 1 times out nicely with the cutting back of FCC field offices. It’s just a thought…

My personal sympathies are absolutely with those users who didn’t want to pay what the convention centers were asking for Wi-Fi. But there is so much more to the whole picture than that, and it needs to be talked about.

My related articles on this:

The FCC’s Equipment Authorization Search is Captivating (If You’re Into That Sort Of Thing)

Being an amateur radio operator and paperwork originator for a few licensed point-to-point network links, I occasionally find myself in the FCC’s Universal Licensing System (ULS). Trolling around in the ULS can be kinda fun (when you’re really, really bored) if you want to get information on different kinds of valid and expired licenses for everything from public safety to TV stations to IT-related transmitters.

For those of us in the Wi-Fi world, there is another FCC resource that holds a treasure trove of information on every piece of gear ever certified for use in the US. The EAS (Equipment Authorization Search) is your gateway to RF testing reports, internal and external photos of a particular access point, wireless router, etc, and basically the whole “how it came to be” story for each device.

An example- the BlueSocket model 1800v2  access point.

1. Go to the EAS front door.

2. In “Applicant Name” field, enter BlueSocket. (I’ve not had much luck with any of the other fields, even when I have the absolute specific information that should go in them.) You may want to adjust the “show ___ records at a time” field from the default of 10, to something like 50 or 100.

3. Click “Start Search” at bottom of page.

4. You’ll be presented with a table of fairly obvious values- some will be one page, and some will span dozens of pages depending on manufacturer. For BlueSocket, there are only 32 entries and finding my 1800v2 in FCC ID column is pretty easy.

NOTE- Each piece of equipment has Summary or Detail available. Being geeky, we want Detail, as that is where the good stuff is. If multiple entries for same device, pick most current date.

5. You’ll be rewarded with a table of contents like this:

OET Exhibits List
14 Matches found for FCC ID TIH-BSAP1800V2
View Attachment Exhibit Type Date Submitted to FCC Display Type Date Available
Ad Hoc letter Cover Letter(s) 03/17/2010 pdf 03/17/2010
Request for Confidentiality Cover Letter(s) 03/17/2010 pdf 03/17/2010
PoA Cover Letter(s) 03/17/2010 pdf 03/17/2010
External Photos External Photos 03/17/2010 pdf 03/17/2010
Label Location Info ID Label/Location Info 03/17/2010 pdf 03/17/2010
Internal Photos Internal Photos 03/17/2010 pdf 03/17/2010
Monopole MPE 11an RF Exposure Info 03/17/2010 pdf 03/17/2010
MPE PIFA 11an RF Exposure Info 03/17/2010 pdf 03/17/2010
Monopole Test Report Test Report 03/17/2010 pdf 03/17/2010
Monopole Test Report 11an Test Report 03/17/2010 pdf 03/17/2010
PIFA Test Report Test Report 03/17/2010 pdf 03/17/2010
Monopole Test Setup Photos Test Setup Photos 03/17/2010 pdf 03/17/2010
PIFA TEst Setup Photos Test Setup Photos 03/17/2010 pdf 03/17/2010
USer Manual Users Manual 03/17/2010 pdf 03/17/2010

And from there, you can see more than you ever imagined you could care about a wireless device. The Internal Photos and Test Setup Photos tend to be the most interesting, at least to me. Enjoy!

When Good Wireless Feels Bad

If my client device doesn’t connect to your WLAN, your network must have a problem.

My iPad keeps getting dropped by your network.

I keep losing my Internet, your network sucks.

Ever hear anything along these lines? Sure, sometimes wireless networks do have problems. Access points crap out. Controllers fail. A switch glitches, and PoE isn’t sent to an AP. But on enterprise-grade hardware running proper code, these sorts of issues should be the exception. At the same time, even when “the problem” lives on the client device itself, it still feels like a network issue to the user.

With a daily load on my own WLAN that peaks around 16K, I see every kind of client device under the sun. Thankfully, we have a generally very healthy environment despite the relative complexity that comes with supporting any and every device type in a multi-SSID/security type environment. But trouble does hit the individual user on occasion; hence the purpose of this blog.

Even when the WLAN is running perfectly at each cell and all the way through the network’s important parts (DHCP, DNS, RADIUS, credential store, routing, etc), these are among the many factors can still make the wireless network “feel” crappy to individual clients:

  • OS upgrade causes trouble in wireless adapter
  • Wireless driver dated, needs update
  • Windows wireless driver not best fit for client, need Intel/Broadcom latest version
  • IPv6 getting in the way of IPv4
  • Client “sticks” to APs that common sense says it shouldn’t
  • On dual-mode devices (cellular data and Wi-Fi), each side of device occasionally causes trouble for the other
  • Client device requires legacy data rates not supported by WLAN
  • Client supplicant for 802.1x network gets corrupted, mis-configured
  • Local interference (usually in 2.4 GHz) causes issues
  • Client device clings to weak/poor 5 GHz connection when solid 2.4 GHz available
  • Client device has static IP address set from previous network use
  • User changes network password but doesn’t update supplicant config
  • Too small of an Internet pipe for user load
  • Trouble on the Internet, out in ISP land, impacting specific destinations
  • Client device is laden with malware that gets in the way of Internet access

You get the picture… there are many conditions that can impact the individual client, or a specific group of like client devices, and what worked yesterday may have been changed today by an OS update or patch.

Thankfully, when critical network building blocks do fail, we can either rely on our good instrumentation (you have that, right?) to tell us we lost a switch, or controller, or AP, etc. Or we can correlate based on good trouble report gathering (always happens, yes?) that there is something similar among users having issues- maybe a common AD grouping that RADIUS services are  borking on or the like. Good logs help, too.

Regardless of what is causing the pain, many clients instantly blame the network. Some can’t fathom that their shiny, expensive device could be imperfect in any way or that the mothership would ever send them a patch that wasn’t properly QA’d. It can be frustrating, but is also just part of the wireless support experience.

Things get easier if you have the rare environment where client types are tightly controlled and the BYOD water has yet to spill over the dam. For the rest of us, being aware of not only the health of the network but also of the various ills that can hit the client end of wireless (and what to do and how to communicate about them) is an absolute must. 

At the recent Wireless Field Day 4, I discussed this topic with my fellow delegates in a conference room in Building 4 of the Cisco Campus in San Jose.

Here’s a bit more on specific frustrations with the WLAN, from factors that are largely out of the admin’s hands.