Skip to main content

Network Designing for Enterprise: WLAN Architecture and Technology Updates

written by Asterfuison

May 23, 2024

Wireless networks directly affect overall network performance. More than half of the data traffic is transmitted over wireless channels in today’s office environments, and with IoT technologies popularizing, wireless LAN will soon be carrying even more mission-critical traffic.

We are always looking for ways to reduce the TCO while ensuring high availability, scalability, mobility and security. Trying to be thoughtful and design the best possible architecture, but there are always challenges when scaling or upgrading. Considering a multi-vendor solution may be a good start, but can all these devices work at the same time and be well managed, and what about security profiles and policies? Would that become too complicated?

Before taking action, reviewing or updating critical knowledge about wireless LANs is absolutely essential , and this article may help you make better choices.

WLAN Components and Infrastructure

A typical topology of a medium-sized enterprise network

The wireless network portion of a medium-sized enterprise network generally has the following infrastructure and components.

  • Wireless Access Points(AP)
  • Wireless LAN controller(WLC)
  • Radius Server
  • PoE switches

The enterprise wireless network should be based on the actual needs, not only for the present, but also to anticipate the future. There are plenty of key factors to consider, for example, terminal mobility like AP roaming capability and coverage, bandwidth and throughput, capacity and latency, channels, cells and RF interference, etc. Then, of course, the network security configurations and AAA, which are the most customized aspect.

In this blog, we’ll focus only on network architecture designing or selection and not go into technical implementation details.

Evolution of WLAN Standards/Protocols

How WiFi relates to IEEE 802.11

IEEE 802.11 is a set of standards developed by the Institute of Electrical and Electronics Engineers (IEEE) for wireless local area networks (WLANs). The IEEE 802.11 standards define the protocols and specifications for wireless communication in the 2.4 GHz and 5 GHz frequency bands.

WiFi is commonly used to refer to wireless networking based on the IEEE 802.11 standards. The term “Wi-Fi” was coined by the Wi-Fi Alliance(WFA), a global consortium that promotes and certifies interoperability of wireless devices.

In simpler terms, Wi-Fi is a popular term that describes wireless networking technology, while IEEE 802.11 is the technical standard that defines the underlying protocols and specifications for wireless communication. Since the wireless technology advent, specifically the Wi-Fi, it has kept evolving with the release of more sophisticated standards over the years.

YearWi-FiWLAN ProtocolFrequency BandsMax. Data Rate
1997gen1IEEE 802.112.4GHz2Mbit/s
1999gen2IEEE 802.11a
IEEE 802.11b
2003gen3IEEE 802.11g2.4GHz54Mbit/s
2009gen4IEEE 802.11n(Wi-Fi 4)2.4GHz / 5GHz600Mbit/s
2013gen5IEEE 802.11ac(Wi-Fi 5)5GHz6,933Mbit/s
2019gen6IEEE 802.11ax(Wi-Fi 6)2.4GHz/5GHz/6GHz9,607.8MBit/s
Table 1:Evolution of WLAN Standards/Protocols

Wi-Fi 6 and Wi-Fi 6E

According to the Wi-Fi Alliance’s report,Wi-Fi 6 has seen rapid adoption, surpassing 50% market share in 3 years since its introduction in 2019, compared to 4 years for Wi-Fi 5.

WiFi 6 delivers more overall bandwidth per user, but perhaps more importantly its ability in congested environments to deliver up to 4x more throughput per user than previous technologies, providing more total spectrum and channels, and laying foundation for the coming smart infrastructure.

The improvements comes with the variety of multi-user technologies that 802.11ax has implemented, such as MU-MIMO and OFDMA and both of them are borrowed from the cellular industry. In addition to that, 802.11ax supports Target Wake Time (TWT) for less power consumption.

MU-MIMO and OFDMA for Multi-user Access

MU-MIMO stands for Multi-User Multiple-Input Multiple-Output, and it allows a single AP device to communicate over multiple channels at once. 802.11ax is able serve up to 8 users on both up and downlink and 4 simultaneous streams to a single client. But actually, MU-MIMO of WiFi 6 uses more in downlink since most exsiting devices only have 2×2:2 or 3×3:3 MIMO radios.

Multi-User Multiple-Input Multiple-Output

OFDMA (Orthogonal Frequency-Division Multiple Access) breaks channels down further into “Resource Units” which can be individually assigned and that is the key to performance benefit. It will reduce latency, boost capacity and improve efficiency by allowing as many as 30 users at once to share a channel.

OFDMA and the resource unit

The OFDMA and MU-MIMO are utilized based on the type of application being served, and they act as complemetary technologies in todays advanced wireless network.

For the high-bandwidth applications like streaming a movie or games, the MI-MIMO allows more than one WiFi device to simultaneously receive different streams of data. Multiple lanes are created, so the high-bandwidth network can be achieved at its maximum speed per user. Additionally, MU-MIMO enables the queue for accessing the wireless network to be changed from one to many, allowing multiple devices to access at the same time(without having to wait).

For low-bandwidth applications like instant messages, email or web browsing, the number of resource units (RU) assigned to each client using factors like data packet size, device constraints, and the quality of service expected of that packet traffic. A single frequency band can provide traffic transmission services to multiple users. It makes transmission more effective and limits resource waste.

TWT for Device Battery Life Improvement

TWT(Target Wake Time) first appeared in the 802.11ah “Wi-Fi HaLow” standard, which is used to support energy efficiency in large-scale IoT environments, and it has been extended with the development of the IEEE 802.11ax. It uses a scheduled mechanism to tell clients when to wake and sleep instead of letting them listen on a channel all the time.

In TWT, a schedule is agreed between the client and the AP, which consists of time periods. It usually contains one or more beacons (e.g., minutes, hours, or even up to days). When the time is up, the client wakes up, waits for a trigger frame sent by the AP and exchanges data, and then goes back to sleep. AP and devices negotiate specific times independently, or the AP can group them together and connect to more than one device at a time.

Target Wake Time
Wi-Fi 6E and other projects

A year after the release of the Wi-Fi 6 standard, Wi-Fi 6e was introduced to extend the existing technology to the 6GHz band due to spectrum shortage. Wi-Fi 6E uses WPA3 instead of the traditional WPA2 for enhanced security, but it still uses 802.11ax, so it counts as an add-on enhancement to WiFi 6, not the next-generation standard.

Besides,the Wi-Fi evolution also includes several niche projects. For example, Millimeter-wave Wi-Fi (802.11ad/ay) supports nominal data rates up to 275 Gbps at the cost of very low range. The variety of interactive applications and new services related to 8K streaming, AR/VR, gaming, telecommuting, industrial IoT, cloud computing, and high volume users accessing over the air are driving the industry to support higher throughput wireless networks.

WiFi 7 – Next gen WiFi Standard Based on IEEE 802.11be

According to WFA, the Wi-F 7 specification will be published this year, numerous Wi-Fi 7-badged adapters for PCs and routers are on the market today. They follow the so-called ‘draft’ Wi-Fi 7 specification. WiFi 7 builds on what is already in place with WiFi 6 and WiFi 6e, such as MU-MIMO and OFDMA, and offers speeds of up to 40Gbit/ s speeds, and is already a replacement for wired networks for many people.

However, as it always with backwards compatibility, we may not feel the improvements from the new technology until it’s available to a wider range of devices.

Wi-Fi 5 (802.11ac)Wi-Fi 6 (802.11ax)Wi-Fi 6e (802.11ax)Wi-Fi 7 (802.11be)
Frequency5 GHzDual-Band(2.4 & 5 GHz)Tri-Band(2.4, 5, & 6 GHz)
Bandwidth20, 40, 80, 160 MHz80+80 MHz20, 40, 80, 160, 320 MHz80+80, 160+160 MHz
Access(Multiplexing)OrthogonalFrequency-DivisionModulation(OFDM)Orthogonal Frequency-Division Multiple Access(OFDMA)
Modulation256 QAM1024 (1K) QAM4096 (4K) QAM
AntennaDL MU-MIMO (4×4)DL + UL MU-MIMO (8×8)
SecurityWPA2WPA2/3WPA3WPA3 (Enhanced)
KeyInnovations80 MHz MandatoryBeamformingTarget Wake Time (TWT),BSS Coloring6 GHz Operation (Wi-Fi 6E)Multi-Link Operation (MLO),Enhanced Multi-Link Single Radio (eMLSR),Multi-Resource Unit (RU),Improved QoS Framework
Table 2: WiFi 5 vs WiFi 6/6e vs WiFi 7

WLAN Design Methods:The Architectures

Autonomous AP Based

Autonomous AP got its name because they each are their own entity, they place the complete logic like security, conguration, control of traffic flow, roaming capability as well as QoS into itself, so that every AP needs to be manually configured for the network and security settings you would want running. These WLAN devices were the first type that were introduced onto the market, which are perfect for small scale wireless networks.

Autonomous AP Based WLAN

Refer to the autonomous AP architecture diagram provided by Cisco, client roaming across the APs is typically limited to the Layer 2 domain, or the extent of a single VLAN. As the wireless network expands, the infrastructure becomes more difficult to configure and becomes less efficient.

Centralized Wireless AP Controller + Fit AP

This centralized approach involves 2 wireless products including the AP and the wireless AP controller(WAC). The controller plays the most important role in this solution, while the AP has only provide basic radio frequency, transmits 802.11 packets at the physical layer and establishes communication with controller through the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. The network between a WAC and fit APs can be a Layer 2 or Layer 3 network.

WAC Deployment Mode: Inline and Bypass

  1. Inline networking

The WAC acts as an aggregation switch, processing and forwarding data from access points and managing traffic. It is very simple and fits into a small network.

  1. Bypass networking

The WAC only manages APs and usually connects to the aggregation switch only as a bypass so that packets can be transmitted directly to the upper network via the WAC. This would be appropriate for modifying the wireless network without changing the existing network.

inline and bypass deployment Mode

Data Forwarding Mode: Direct and Tunnel

Not all the data packets have to be encapsulated and processed by the centralized WAC, data packets can forward directly to the upper layers of the network, but this only applies to Layer 2 network.

In tunnel forwarding mode, data packets are encapsulated in a CAPWAP tunnel and then forwarded by the WAC to the upper-layer network. As the figure shows bellow, the CAPWAP tunnel may be a control tunnel or data tunnel, and they carry different packets, one’s for the WAC manage APs and another is for carring data packet.

CAPWAP tennel

WAC handles multiple functions, such as access control, AP configuration and monitoring, packet forwarding , roaming, security control. It works just like the brain of the wireless network, allowing the entire wireless network to be configured and managed in one place. These make it suitable for large enterprise networks with many access points.

VLAN Planning, and WAC Backup: The Most Complex Part

VLAN planning involves two main aspects, segregating management VLAN from service VLAN and mapping service VLAN and SSIDs based on requirements. As a centralized deployment, we need to consider redundant devices, links, and switching strategies to ensure that a single point of failure does not affect the entire system function, so WAC backup is extremely critical in the WAC+Fit AP architecture.

If you are considering AP roaming for a large number of wireless access users, this can be a big challenge for network engineers.

  • Option 1: Try to plan the roaming area in a Layer 2 network if possible, but the larger the Layer 2 network, the less secure it is.
  • Option 2: Establish a tunnel connecting the two WACs to pass roaming traffic back to the original WAC, which in turn leads to complex configurations and traffic detours in the network, affecting roaming performance.

In addition to the complex configuration, multiple vendors have their own proprietary protocols, which were then continually changed in their own products to improve communications. The customers had to stick to one solution since it was impossible for products from different vendors to communicate and interact with each other.

Wireless Mesh Network (WMN)

Originally developed for military applications, wireless mesh networks are architectures consisting of radio devices that do not need to be connected to a wired port. Each device in a wireless mesh network works like a router, where individual nodes not only boost the signal, but also calculate the network topology and route it, dividing long-distance data transmissions into multiple short hops.

Wireless Mesh Network

There are also mesh network solutions for enterprises. They are particularly useful in situations where it is difficult or impossible to pull wires, such as temporary indoor or outdoor, old or historic buildings, etc.

The core concept of Wi-Fi mesh networks is that not all APs have to be plugged into the wired infrastructure, the APs can get their connectivity from nearby mesh APs. When designing a mesh wireless network for a small place, we may only need one or two mesh APs that access to wired network, which is not complicated. But in a larger network, we still need to plug multiple mesh APs into the wired network to ensure available connectivity, and that is where the downside comes in.

Firstly, the performance degradation. Each wireless link between mesh access points has an approximate 50% drop in throughput compared to the previous AP. When placing mesh APs, the number, transmission distance and power location should be considered, and they should be placed closer together to get a better signal, so you will need more mesh APs to cover a given area. Besides, most mesh wireless APs are not compatible between vendors.

Distributed Gateway in Cloud-based Enterprise Network

As cloud networks are beginning to adopt a distributed gateway architecture, deploying gateways to the access/edge layers closer to the endpoints in a decentralized manner.

This architecture has significant advantages in forwarding paths, network operations and maintenance, table space and security. It also provides a good way to think about enterprise network innovation – despite differences in scale and speed, the migration of VMs and containers is similar to wireless network roaming, both requiring device IP/MAC to remain unchanged.

In an IP Fabric like this, the distributed gateway means all the subnet exists on every access switch, and they automatically synchronize the endpoint’s IP/MAC and security policy across the network. In this way, each access switch is fully utilized and all forwarding/roaming of cross-subnet traffic is handled by the nearest switch without taking a long path to a centralized WAC.

Distributed Gateway for WiFi roaming
Centralized Gateway (CAPWAP tunnel)Distributed Gateway
Forwarding pathPackets are tunnel-encapsulated andforwarded uniformly through thecentralized gatewayPackets are forwarded on the localaccess switch
O&MDeployment requires a lot of manualconfigurations (such as AP groupplanning,separate SSID/VLAN, etc.) which is complicated and difficult to maintainJust configure the distributed gateway information once at the start of the additional action required
ReliabilityThe gateway function is too-centralized with the risk of which has a large impact in case of failureGateway functions are decentralized to all access switches; one-device failure has little impact on services
ScalabilityCarrying the entire networkgateway services, the need forhigh-performance, high-capacityequipment, but also easy to become a bottleneck of network expansionAccess layer switches only need to store local table entries, which requires less equipment capacity and makes it easier to expand network access scale
Table 3: Centralized Gateway (CAPWAP tunnel) vs Distributed Gateway

To learn more the cloud-based network architecture in campus, you can refer to this blog:

Centralized Gateway with Cloud Management

This new type of WLAN designing is also based on cloud network technology, taking inspiration from the similarity between WiFi roaming and VM migration. Compared to the “distributed gateway”, the biggest advantage is that there is no need to change the existing wired network architecture. Simply deploy a programmable switch to access to the core switch as a centralized gateway, and then replace the old APs with new ones to upgrade the wireless network.

WLAN  architecture based on gateway switch

Each gateway switch has 3.2Tbps throughput and supports 10K access points or 640K wireless terminals. The access points communicate with the gateway through VXLAN tunnels, with multiple VTEPs running on the them for network isolation. In addition, the access points can be white-box hardware based entirely on open-source technology, and VXLAN is more standardized than the CAPWAP we mentioned earlier.
We will briefly introduce in the next section and post a more detailed blog about this method, so stay tuned.

TIP OpenWiFi:The Up-rising Open and Disaggregated WLAN Technology

In recent years, a growing number of enterprise network users and managers have indicated that the traditional lock-in model that exists in enterprise wireless LAN systems reduces the speed of deployment, limits innovation, and introduces artificial barriers to new market use cases. As a result, some new trends are emerging in wireless LAN technology.

  • Uniformity of interfaces is important in order to achieve openness and shorten the time-to-market of new products and applications
  • Cloud-friendly and platform-independent, considerable freedom of implementation and deployment is required
  • Application developers have easy access to network APIs, and enterprise networks have the potential to serve as the innovation platform of the future.

What is Telecom Infra Project (TIP) OpenWiFi ?

TIP stands for Telecom Infra Project, and OpenWiFi is an open source community project of the OpenLAN. The OpenLAN was formerly known as Open and Converged Wireless(OCW), an important work group under TIP.

OpenWiFi focuses on a vendor-neutral disaggregated wireless networking technology stack and a community-driven approach, where multiple types of players in the industry, from ODMs and OEMs to end-users such as SPs and enterprises, can benefit from the cost reductions and accelerated innovations come with it.

Openwifi overview

OpenWiFi SDK

The TIP OpenWiFi project provides developers and integrators with a number of high quality WiFi features to build their commercial networking solutions, and one of its core technologies or services is the TIP OpenWiFi SDK.

OpenWiFi 2.x SDK Architecture

Released 2.x SDK offers a number of ways to consume OpenWiFi. Available as a single Docker for just the uCentralGW or as a set of microservices offering increasing value to consume helps multiple eco-system partners use as much or as little as desired to integrate with or build a commercial product on the TIP OpenWiFi SDK.

uCentral Data Model

The TIP OpenWiFi platform leverages a robust communication framework to ensure seamless and secure connectivity between network devices. At the heart of this framework is the uCentral interface, which facilitates a websocket-based JSON-RPC (Remote Procedure Call) protocol between the OpenWiFi Gateway and the devices running the uCentral agent.

The uCentral data model is a standardized data model that defines the structure and semantics of data such as IP addresses, MAC addresses, and wireless channel configurations, to ensure consistency and interoperability across the network and simplify the management and configuration of Wi-Fi networks. Moreover, it is designed to be extensible, ensuring that it can evolve and adapt to support new technologies and requirements as the TIP OpenWiFi project progresses.

This design ensures that all communications from the Gateway to the connected devices are secured using mutual Transport Layer Security (mTLS), providing a strong encryption layer and verifying the identity of both endpoints. Once a successful connection is established, the device automatically exchanges its capabilities with the OpenWiFi SDK, allowing the system to tailor the configuration and provisioning data accordingly.

uCentral Data Model interacts with AP and 3rd party management tools

For integrators that aimed to implement commercial solutions with Openwifi services and compatible hardwares, the uCentral data model gives essential framework and APIs to connect them such as Open API authentication northbound, websocket interfaces southbound, as well as the basic network visibility.
The OpenWiFi SDK, through the Gateway microservice, then seamlessly delivers the entire device provisioning data as a JSON payload, simplifying the onboarding process and ensuring a consistent and streamlined experience for network administrators.

WebSocket is a bi-directional communication protocol that allows data to be sent from a client to a server, or from a server to a client, by reusing an established connection channel. The connection will remain active until terminated by either the client or the server.HTTP is a one-way protocol where the client sends the request and the server sends the response. After the connection is closed we need to re-create the connection using HTTP request again.
WebSocket is faster than HTTP connections. Almost all real-time or frequently updated applications (e.g., trading, monitoring, notification services) should use WebSocket to receive data on a single communication channel.HTTP connections are slower than WebSocket. HTTP is used when we don’t want to keep the connection for a specific period of time or don’t reuse a single connection to transfer data, such as simple RESTful applications
Table 4: Websocket vs HTTP

Open LAN Switching

OpenLAN Switching significantly extends the capabilities of OpenWiFi by integrating Wi-Fi APs and white box switches under a unified CloudSDK controller.

Open LAN Switching overview

OpenLAN Switching was specifically created to address these key requirements:

  • Support Wi-Fi 6E/7 and 6 Ghz AP’s that require new level of power to operate (PoE++)
  • Provide a common solution to WiFi & switching with a unified controller
  • Future proofing network for immersive applications (extreme low latency, high bandwidth)

This move highlights OpenWiFi’s dedication to providing customizable and cohesive networking solutions, reducing the barrier to entry for new suppliers, and improving industry collaboration.

The TIP OpenWiFi Community Ecosystem and User cases

As of the end of 2023, the TIP OpenWiFi community includes over 50 active participants, with the number expected to continue growing.The main types of participants in the TIP OpenWiFi community include:

  • Network Operators: Major telecom and internet service providers, such as Telefonica, Vodafone, and Deutsche Telekom.
  • Technology Providers: Leading networking and software companies, including Cisco, Google, and Meta, are contributing to the development of OpenWiFi components, such as the uCentral management framework and the OpenWiFi SDK.
  • System Integrators: Specialized system integration firms are joining the community to help network operators and enterprises with the deployment and management.
  • Academic and Research Institutions: Working with the community to advance underlying technologies and explore new use cases.

Here are some public reports of large-scale commercial deployments of OpenWiFi technology.

City’s public Wi-Fi network at Dublin City Council, Ireland:

Spectra, a Delhi-based NaaS provider, is bringing OpenWiFi to their network in India:

The National Research and Education Network (NREN) of Kenya:

OpenWiFi/OpenLAN Solution Vendors

  • JoinDigital: JoinDigital is an MDU Managed Service Provider that utilises its own OSS/BSS system to deliver its services and integrates existing billing, network management, assurance and inventory directly with the SDK.
  • Indio Networks: By integrating with the OpenWiFi SDK, Indio brings device configuration, firmware management and telemetry capabilities to their WiOS (cloud platform). This enables Indio to support both their own hardware and ODM hardware running OpenWiFi.
  • EdgeCore: EdgeCore introduces the WLAN Controller (ecCLOUD) with OpenWiFi. EcCLOUD integrates with SDKs for device configuration, firmware management and telemetry, providing network management capabilities and comprehensive security authentication services.
  • NetExperience (acquired by Pavlov Media): NetExperience is a contributor and co-manager of the TIP open source CloudSDK and Access Point software.The NetExperience Cloud Platform allows service providers to integrate WLAN controllers and management capabilities into their back office, compatible with the CloudSDK and certified AP hardware and software.
  • Asterfusion: Asterfusion is the earliest vendor in the market to offer a one-stop turnkey SONiC solution for enterprise networks, and OpenWiFi/OpenLAN Switching is a natural fit with its fully open product architecture. Currently, Asterfusion’s enterprise networking solutions (full range of enterprise switches) are compatible with CloudSDK and certified white box APs.

Next-gen Open Networking Solution for Enterprises

The OpenWiFi community currently has over 100 participants, but a few of them are able to offer turnkey solution with fully open networking architecture and technologies. Let’s take Asterfusion as an example and go through some of the key components of a next-generation open networking for the enterprise.

Asterfusion’s enterprise network solution integrates OpenWiFi/OpenLAN-based control software, which is a freely available standard component designed to manage wireless and wired networks in one place.

Depending on the size of the network and user preferences, the controller software can be deployed either locally or in the cloud.

  • Public cloud, for remote real-time management across different geographical locations
  • Open network appliances (serve as router gateway, firewall…and powered by OpenWrt/VPP)
  • Any SONiC switch in LAN, deployed as a docker

You can build your enterprise WLAN entirely with vendor-neutral and white-boxed devices, and choose different WLAN design methods depending on how much network change is acceptable. For example, a “centralized gateway” based on VXLAN and programmable switches (no changes to the existing wired network), or a “distributed gateway” with a simpler architecture, yet there are specific requirements for the wired network.

As for VLAN planning, the most annoying issue in WiFi roaming, it is completely discarded. All initial configurations of the network, for both wireless and wired devices, can be loaded automatically through the controller. Routine network operations and monitoring are also performed by the controller, with real-time status clearly displayed on the dashboard.


Latest Posts