1 its 2003, taipei © 2001, cisco systems, inc. all rights reserved. mobile & public wireless...

1ITS 2003, Taipei © 2001, Cisco Systems, Inc. All rights reserved.

Mobile & Public Wireless LAN Solution Integration

Howard Tsai

[email protected]


Agenda

• Mobile & WLAN Market Trends

• Key Technologies of Mobile & PWLAN Integration

• Case Study of WLAN Services

• Summary


U.S.: 2.5G/3G/PWLAN Service Revenues

Relative size of revenuesData service segmentation

Source: IDC, 2003

2002

WAN data revenue: $3.6BP-WLAN revenue: $8.5M

2002

WAN data revenue: $3.6BP-WLAN revenue: $8.5M

2006

W A N d a ta re ven u e: $32 .8BP -W L A N re ven u e : $1 .5B

2006

W A N d a ta re ven u e: $32 .8BP -W L A N re ven u e : $1 .5B

$0

$5,000

$10,000

$15,000

$20,000

$25,000

$30,000

$35,000

2002 2003 2004 2005 2006

Th

ou

sa

nd

s

Mobile Internet (WAP & other)

Networked-based messaging (SMS, IM, MMS)

Data-only device connectivity

Mil

lio

ns


Wireless LANs Equipment Are Taking Off

($ Billions)

Source: Forward Concepts, 2003

Future Growth Due To:

StandardsLots of BandwidthLow CostEmbedded in LaptopsVariety of DevicesVoice + DataMultiple ApplicationsSecurity Issues SolvedEase of DeploymentNetwork Mgmt. ToolsEnterprise Adoption

Worldwide WLAN Market*includes embedded clients, add-on client cards, & infrastructure equipment for both the business and consumer segments

CAGR = 43%


Enterprises Driving Early WLAN Market Growth

WLAN Equipment Market

$-

$500.0

$1,000.0

$1,500.0

$2,000.0

$2,500.0

$3,000.0

$3,500.0

$4,000.0

$4,500.0

$5,000.0

2000 2001 2002 2003 2004 2005

Enterprise WLAN Market Total WLAN Market

• By 2002, Gartner estimates that 75% of U.S. Enterprises will have piloted or deployed WLAN Infrastructure

• Enterprise WLAN market is expected to represent 1/3 of Total WLAN market: In 2005 the Enterprise WLAN market is expected to grow to a $1.6 Billion market which represents more then 30% of the Total WLAN market

Diagram Data Source: Synergy Research Group, May 2002

Source: Gartner, Notebook Market Predictions for 2002, 12/2001


Evolution of the WLAN Market

Specific IndustriesHotels

RetailAirports Coffee Shops HospitalsConvention Center Manufacturing

Managed Enterprise VPN

OfficeWLANs

OutdoorWirelessBridging

HomeNetworking

New ApplicationsPhones, PDA’s, Printers

Buses, Sports Events, Construction SitesPublic Safety (Police, Ambulances)

Early Adopters

Major Market

Next Wave

EducationUniversities

K-12 Libraries

Public WLAN Services


Enterprise Spending Priorities

0 10 20 30 40 50 60 70

Video Conferencing

Network OS

WAN Services

LAN Infrastructure

Network Management

Remote Access

Servers

Wireless

Storage

Disaster Recovery

Security

Source: Network World, IT Spending Survey 2002Source: Network World, IT Spending Survey 2002


Wireless LAN Market Share Data

Cisco 51%Cisco 51%

SymbolSymbol 11.5%11.5%ProximProxim 9%9%EnterasysEnterasys 4%4%3Com3Com 3%3%AvayaAvaya 2%2%

WLAN Enterprise Infrastructure MarketWLAN Enterprise Infrastructure Market

Total WLAN MarketTotal WLAN Market

Cisco 16%Cisco 16%

Others 27%Others 27%

LinksysLinksys 17%17%BuffaloBuffalo 12%12%D-LinkD-Link 11%11%NetgearNetgear 8%8%ProximProxim 5%5%SymbolSymbol 4%4%

Source: Dell’Oro, Feb.’03Source: Dell’Oro, Feb.’03

(Enterprise Market, Access Points & Bridges, 802.11a + b + g)

(Consumer + Enterprise, Infrastructure + Clients, 802.11a + b + g)

Others 19.5%Others 19.5%

Con

sum

er


Perceived Customer Service Needs

CONSUMER

• Personalized services & content

• (Very) easy to use

• Lower price: charged by value not by traffic

ENTERPRISE

• Enable mobile working

• Plug-and-Play

• Application-ready

• Easy to Manage

• Secure/Trusted

SourceSource ：： Cisco AnalysisCisco Analysis


Agenda

• Mobile & PWLAN Market Trends

• Key Technologies of Mobile & PWLAN Integration

– VPN

– Security

– IP Mobility


• Summary


Public Wireless LAN Solution Architecture

SESM

AAAHLR-Proxy

Billing

SSG

Internet

Extranet

Walled Garden Services

CorporateVPN

CGF

Tunnel

IP

VPN

ITP

HLR/AuC

SS7 Network

Roaming ConsortiumGRX, GRIC, etc

Foreign PLMN

HLR/AuC

Cisco 2600 SSG /BBMS

Airline 1Ticketing,Baggage


Operator A

ISP Cloud/Internet

PMS AAA

L2 or L3 Device

Hot Spot 1

Hot Spot 2

HA

PDSN

GGSN


GPRS and PWLAN Integration

• Everything Separate

• Common Services

• Common Subscription

• Common Billing

• Common User Authentication

• Common Roaming Agreements

• Seamless Mobility

De-coupled

Integration Model

Loose Coupling

Tight Coupling

What does it mean?


Mobile WLAN Integration EvolutionMobile WLAN Integration Evolution

1. Single Service View: common billing and custom care.

2. Network Control: mobile based access control and charging?

3. Single Voice Access: Access to GSM CS Services.

4. Service Continuity: Between WLAN and GSM/GPRS.

5. New Services: Access to 3GPP PS services.


#1 Concern:Wireless LAN Security

“War Driving”

Hacking into WEP

Lessons:

• Security must be turned on (part of the installation process)

• Employees will install WLAN equipment on their own (compromises security of your entire network)

• WEP keys can be easily broken (business & government users need better security)


Corporate Network

Client Enabled VPN: Operator only provide a access way

DHCP

AAA

Internet

VPNsBTS SGSN/PCFBSC

HLR

PLMN

Proxy AAADNS

GTP/RP WML content

App Servers

GGSN/PDSN

Client IP software is source Original IP layer

VPN concentrator terminates

tunnel

GTPTunnel VPN tunnel

BGW BGW

Air LinkEncryption

optional


CoreNetwork

Sample “Wireless” VLAN Deployment

Router

Company-B Floor 2

Company-A Floor 1

DataVLAN

VoiceVLAN

802.1Q Trunk

Network Server(User Database,DHCP/DNS Services)

RADIUS Server

SSID=Voice2SSID=Voice1

802.1x with Dynamic WEP/LEAP + TKIP/MIC

802.1x with Dynamic WEP/LEAP

Cisco CallManager

SSID=Data


Client Differentiation with VLANs

SSID: phoneSecurity: LEAP + WEP

SSID: laptopSecurity: PEAP + AES

SSID: pdaSecurity: LEAP + TKIP

AP Channel: 6SSID “laptop” = VLAN 1SSID “pda” = VLAN 2 SSID “phone” = VLAN 3

802.1Q wired network w/ VLANsAllows a single WLAN

network to handle different devices with

different types of security (up to 16 separate VLANs)

Allows a single WLAN network to handle

different devices with different types of security (up to 16 separate VLANs)


Seamless Handoff With Dual-mode Handset(Generic Architecture)

IPAP

Cell/PSTN

HS

Overview: Overview: - Handoff is accomplished by managing VoIP call legs- Make before break ensures seamless handoff- HS is responsible for forwarding media from the appropriate call leg.- HS can use media processing to estimate and compensate for delay differences between mobile and VoIP call-legs

Overview: Overview: - Handoff is accomplished by managing VoIP call legs- Make before break ensures seamless handoff- HS is responsible for forwarding media from the appropriate call leg.- HS can use media processing to estimate and compensate for delay differences between mobile and VoIP call-legs

MS(Dual-mode)

VGWCCM/PS: Call Manager/ Proxy Server

MS: Mobile Station

HS: Handoff Server

VGW: Voice Gateway

CCM/PS

Phone B

VoIP Signaling

Handoff SignalingCellular/PSTN signaling


Cisco’s WLAN Security Hierarchy

Authentication:

• 802.1X-based LEAP

• 802.1x-based EAP-TLS

• 802.1X-based PEAP with One-Time Passwords

• 802.1X-based SIM

Encryption:

• Dynamic WEP keys

• Cisco pre-standard TKIP

• 802.11i-standard TKIP, part of WPA (Wi-Fi Protected Access)

• AES Blue: Available todayGreen: Future 802.11i Standards


The Cisco Wireless Security Suite

CCX

802.1X

Au

then

tic

atio

nTKIP

orAESEn

cryp

tio

n

WPA Interoperability

Strong Security

Mobility

Scalability

Low CostOn-Campus

Remote Access

VPN is the Best Solution!

Remote Access

WPA: Wi-Fi Protected Access

CCX: Cisco Compatible eXtensions

TKIP: Temporal Key Integrity Protocol

AES: Advanced Encryption Standard


Wi-Fi Protected Access (WPA)

• WPA is the biggest thing to happen to WLAN security since Cisco LEAP

• Cisco has supported the base technologies of WPA longer than any other vendor

• All new products after Aug.’03 MUST have WPA

Existing products are grandfathered

• 802.11i-standard TKIP + 802.1X authentication

• There is a non-802.1X version of WPA for home use which is unsuitable for enterprises


WLAN Security:802.1X Authentication

• LEAP

“Lightweight” EAP

Nearly all major OS’s supported:

WinXP/2K/NT/ME/98/95/CE, Linux, Mac, DOS

• EAP-TLS

EAP-Transport Layer Security

Mutual Authentication implementation

• PEAP

“Protected” EAP

Establishes secure tunnel (similar to VPN)

Supported by Cisco, Microsoft, & RSA

Option: One-Time Passwords (“OTP”)

Client

APRadiusServer


Broadening Support for LEAP

Cisco has licensed LEAP to many companies:

• LEAP support: RADIUS serversFunk Software: Steel-Belted Radius ServerInterlink: Secure.XS Radius Server

• LEAP support: Client DevicesApple: Powerbooks/iBooksHP: Print ServersSymbol: HandheldsIntermec: Handhelds

• LEAP support: Client SoftwareFunk Software: Odyssey Client v.1.1Meetinghouse: Aegis Client v.1.3.6

• LEAP support: ChipsetsIntel TIIntersil MarvellAtheros AgereAtmel Broadcom


WLAN Security:Encryption

• TKIPTemporal Key Integrity Protocol

Dec.’01: Cisco’s pre-standard TKIP

Aug.’03: 802.11i-standard TKIP (part of WPA)

• AESAdvanced Encryption Standard

“The Gold Standard”

Optional part of 802.11i spec

Hardware encryption vs. software encryption


Cisco Compatible Program (“CCX”)for WLAN Client Cards

• No cost licensing of Cisco wireless technology, via Cisco Compatible eXtensions (“CCX”) specification for use in non-Cisco wireless client devices

• Independent testing to ensure interoperability with Cisco infrastructure

• Marketing of these devices by Cisco and the client suppliers under the Cisco Compatible brand


Goals of Internet Mobility

• Not constrained by location

• Always on IP connectivity

• Transport Independent

• Robust Roaming Connections

• Application Mobility

• Application Continuity


Mobile IP

• Transparent connectivity to all other hosts

• Mobile always reachable at the same IP address

• Only the Home/Foreign Agent needs to knowthe mobile’s location

• Scalable Solution: All other routers do normal forwarding

The Solution for Mobility at the IP Layer


Mobile IP Components

MN, Mobile Node

Using its “home” IP address, regardless of which network it is connected.

FA, Foreign Agent

• Provides an local IP address to the MN called “Care Of Address” (COA)

• Acts as a ‘relay’ between the MN and its Home Agent

HA, Home Agent

• Association of the MN’s “home” IP address and its “care of address” on the foreign network

• Redirects and tunnels packets to the care of address on the foreign network

CN, Correspondent NodeDestination IP host in session with a Mobile Node

MN

HA

FA

CN

Internet

COA

MN


Overview of Mobile IP Functionality

• 1. MN discovers Agent

• 2. MN obtains COA (Care Of Address)

• 3. MN registers with HA

• 4a. HA tunnels packets from CN to FA

• 4b. FA detunnels packet and forwards to MN

• 5. FA forwards packets from MN to CN

HA FA1. and 2.1. and 2.

3.3.MN

CN5.5.

4.4.


Vertical Market Applications

Defense • Army, Navy, Marines, Air Force,

NATO, UK DoD, etc. Public Services & Homeland

Security• EMS• Police• Fire Fighters

Commercial Markets• Mass Transit • Rail & Airlines • Rental fleets • Commercial aircraft • Heavy equipment, logistics

Consumer Automotive• Telematics• Infotainment


Effective Continuity of Public Safety

CDPD/1xRTT/GPRS

802.11 Hotspot

DMV driver database

NFIS National Criminal DB

Video Storage Database

Dispatch Center for remote video monitoring

Core Network

Mobile Network

Applications are accessed by the Mobile Network via Cellular Network

Applications are now accessed by the Mobile Network via the 802.11 Hotspot

Patrol vehicle roams into 802.11 coverage

Mobile Router


Agenda

• Mobile WLAN Market Trends

• Key Technology of Mobile & WLAN Integration


• Summary


Internet

SP #2 Data Center

BBSM/ SSG


Airport Gates


SP #1Cloud

RADIUS/SNMP/SESM/DHCP/DNS/Appsservers

SP #1 Data Center

RADIUS/SNMP/SESM/DHCP/DNS/Appsservers

SP #2Cloud

Hot Spot Access Service ProviderHot Spot Access Service Provider

Mobile SP


Munich Airport Uses Cisco Technology for the World's First WiFi Multiple ISP Hotspot

MUNICH, Germany--(BUSINESS WIRE)--June 5, 2003-- Using technology from Cisco Systems, the German airport operator Flughafen Munchen GmbH (FMG) is making Munich International Airport with wireless Internet user-friendly hotspot in the world -- one that allows the user to choose their own Internet service provider (ISP). Munich is Germany's second-largest commercial airport, handling 23.2 million passengers in 2002….increasing capacity of 50million by 2003…..

Michael Zaddach, vice president of Information Systems at Munich Airport, "Business travellers in particular benefit from instant access to the Internet, email and corporate networks over wireless LANs, so there was clearly a case for creating a hotspot at the airport. Cisco Systems was the only company able to offer a homogeneous and workable solution spanning everything from access points to a Service Selection Gateway. …


WLAN Products:Consumer vs. Business

• Industry has segmented: consumer vs. business

• Cisco offers only “business-class” products:

Security

Upgradeability

Network management

Advanced features

Choice of antennas

Highest throughput

Scalability

To deliver these capabilities while maintaining high performance (i.e. no tradeoffs) requires intelligence at the network edge (i.e. Smart AP’s)

To deliver these capabilities while maintaining high performance (i.e. no tradeoffs) requires intelligence at the network edge (i.e. Smart AP’s)


BT Wireless LAN

BT Retail has launched a Wireless Local Area Network (WLAN) which will be rolled out across the UK (complemented by GPRS)

• Targeting Business Customers initially and Residential Customers later this year

• Planning 4000 hot spots by June 2005: airports, train stations, hotels, cafes…

• Services up to 2 Megabits/sec (5 x 3rd Generation Mobile)

• By June 2003 400 hot spots will be covered at a cost of less than £10m

• Mobility Strategy is expected to generate £180m of annual revenues by 2005

• Pricing options: monthly flat rate of ~£95 (+VAT), time based tariff at 10p (+VAT) per minute and daily flat rate (price TBC)


Service Offering:•BT created UK's first Public Access Wireless LAN network

•Currently there are 300K WLAN users in the UK (mostly at home)

•Focus on integrated mobile and fixed line solutions

•BT‘s target is to capture 10% of the UK mobile business market by 2006/7, the expected margin being 10%.

•BT Openzone Pricing

•£85+vat/mnth unlimited

•£40+vat/mnth 900minutes

•£20+vat/mnth 300 MinutesProof of success:•New mobility strategy expected to contribute new revenue of £180m a year

•by 2004/05 and could rise to £500m per annum in five years; £30m is expected from WLAN while £150m from reselling mmO2 airtime

BT Open Zone: Public Wireless LAN


Telia „Homerun“

• Telia provides a public WLAN service, Homerun:

- 150 sites with more than 1000 access points, mainly in Sweden

- Airports, eg SAS lounges in airports in Copenhagen (Kastrups),Stockholm (Arlanda) and Chicago (O’Hare)

- Hotels, eg Best Western and First Hotel

- Shopping centres, schools, heritage buildings, conference centres, roadside restaurants, trade fairs, ...

• Allows enterprise VPN access

• Hotspot, office and home options available

• Three pricing options

- Flat rate (£98.60 monthly charge, £32.60 initial charge)

- Usage-based (£19.78 monthly charge, 15.8p/min usage charge, £32.60 initial charge)

- Day-rate (£6.33 for 24 consecutive hours, can be purchased over the web)


Swisscom P-WLAN Service

• Public launch Q4 of 2002

• Up to few 100 Hot Spots

• ‘Nearest Hot Spot’ locater provided through SMS

• Easy to use service built on browser technology

• Pricing:

Postpaid and billing through the mobile bill

Prepaid value cards (24h) (multiple sessions)

• Open to the Enterprise VPN technology


Service Offering:

• Public Wireless LAN (PWLAN) service which will initially be available at airports, hotels and convention centers

• European roll-out will cover all countries with T-Mobile presence, later full roaming and integration with T-Mobile US (ex Voicestream)

• Targetted for business customers when travelling

• Main device for use will be laptops or PDAs

• Authentication either per SMS or perusername/password

• Billing: postpaid (T-Mobile customers) andprepaid (credit card)

Public Wireless LAN


Lufthansa Wireless LAN

• January 2003, Lufthansa launched FlyNet, a high-speed broadband access on a scheduled flight

• Lufthansa is also equipping al its 55 airport lounges worldwide with WLAN Internet access in conjunction with its partner Vodafone D2

• Flynet will cost 30-25 euros per flight leg with up to 3 Mbit/s for downloads and 128 Kbps for uploads (later 750 Kbps)

• The components for the on-board data network were supplied by Cisco Systems. From mid-2003 Lufthansa plans to introduce FlyNet throughout its long-range fleet, which will consist of 80 aircrafts.


Agenda

• Mobile WLAN Market Trends

• Key Technology of Mobile WLAN

• WLAN Applications and Services

• Summary


Summary

• GPRS and PWLAN – Complementing in Mobile Market

• Extend Enterprise WLAN to PWLAN then to GPRS -- Extension strategy

• Roamed/visiting PWLAN users in key locations – Airports, Hotels, Convention Centers, and many new hot spots.

• Security, Mobility and VPN are key ingredients of mobile and wireless LAN integration.

1 its 2003, taipei © 2001, cisco systems, inc. all rights reserved. mobile & public wireless...

Documents