Some words about Lightweight Access Point Protocol or LWAPP

December 23rd, 2009

LWAPP is the name of a protocol that can control multiple Wi-Fi wireless access points at once. This can reduce the amount of time spent on configuring, monitoring or troubleshooting a large network. The system will also allow network administrators to closely analyze the network.

LWAPP was proposed by Airespace, as a standard protocol to provide interoperability among any brand of access point.  Its purpose was to standarardize “lightweight” access points with the Internet Engineering Tak Force (IETF), but it was not approved as a standard. Airespace was purchased by Cisco Systems.

LWAPP now is a generic protocol with a binding definition for the 802.11 wireless LAN protocol. As I said LWAPP defines how access point communicate with wireless LAN controllers. This communication can be either by means of native, Layer 2 Ethernet frames, or Layer 3 via IP packets. In the Cisco LWAPP implementation, Layer 3 LWAPP packets are carried in UDP packets.

LWAPP messages carry one of two types of payload:

LWAPP Data Messages, which are encapsulated and forwarded data frames send from and to wireless clients.

LWAPP Control Messages, which are management messages exchanged between the wireless LAN controller and the access point.

The LWAPP protocl header contains a controll bit (the C-bit) which identifies data control packets. When Layer 3 LWAPP is used, the LWAPP data and contorl packets are sent to separate UDP ports. Because both data and control frames can be fragmented, the payload LWAPP data or control message can be fragmented.

How does an Access Point (AP) bind with a Wireless LAN Controller (WLC) to form a complete working access point? The two devices must bring up a tunnel between them to carry 802.11 – related messages and also client data. The tunneled data can be switched or routed across the campus network.

Actually, LWAPP consists of the two tunnels:

LWAPP control messages –  Exchanges that are used to configure the LAP and menage its operation. THe control messages are authenticated and encrypted so that the LAP is securely contolled by only the WLC.

LWAPP data - Packets to and from wireless clients assiciated with the LAP. The data is encapsulated within LWAPP, but is not encrypted or otherwise secured between the LAP and WLC.

Every LAP and WLC must also authenticate each other with digital certificates. An X.509 certificate is pre-installed in each device when it is purchased.

Lightweight AP Operation

The lightweight AP is designed to be a “zero-tough” configuration. The LAP must find a WLC and obtain all of its configuration paramets, so you never have to actually configure it through its console port or over the network.

The following sequence of steps detail the bootstrap process that an LAP must complete before it becomes active.

  1. The LAP obtains an IP address from a DHCP server.
  2. The LAP learns the IP addresses of any available WLCs.
  3. The LAP sends a join request to the first WLC in its list of addresses. If that one fails to answer, the next WLC is tried. When a WLC accepts the LAP, it sends a join reply back to the LAP, effectively binding the two devices.
  4. The WLC compares the LAP’s code image release to the code release stored locally. If they differ, the LAP downloads the code image stored on the WLC and reboots itself.
  5. The WLC and LAP build a secure LWAPP tunnel for management traffic and an LWAPP tunnel (not secured) for wireless client data.
      

LWAPP devices can communicate in two mode LWAPP Layer 2 and Layer 3.

LWAPP Layer 2 Transport Mode

  LWAPP communication between the access point and the wireless LAN controller can be in native, Layer 2 Ethernet frames.

 

As you can see from this figure, the LWAPP Control and Data messages are encapsulated in Ethernet frames using Ethertype “0xBBBB”. In Layer 2 LWAPP mode, although the access points may get an IP address via DHCP, all LWAPP communications between the access point and WLC are in Ethernet encapsulated frames, not IP packets. The access points must be on the same Ethernet network as the WLC. For this reason, Layer 2 LWAPP mode may not be suitable for scalability purposes in most deployments. 

 LWAPP Layer 3 Transport Mode          

 Layer 3 LWAPP Control and Data messages are transported over the IP network in UDP packets. This transport architecture is inherently more flexible and scalable than Layer 2 LWAPP and is the generally preferred solution. Layer 3 LWAPP is supported on all Cisco WLC platforms and lightweight access points.

 

 

LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point’s IP address and the WLC’s AP Manager interface IP address as endpoints.  On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.

Lightweight AP Association and Roaming

Wireless clients must negotiate an association with lightweight APs, as with any 802.11 wireless network. However, the split-MAC architecture has an interesting effect on client associations. Remember that an LAP handles mostly real-time wireless duties, so it will just pass the client’s association requests on up to the WLC. In effect, the wireless clients negotiate their associations with the WLC directly. This is important for two reasons:

  • All client associations can be managed in a central location.
  • Client roaming becomes faster and easier; associations can be maintained or handed off at the
    controller level.

With autonomous APs, a client roams by moving its association from one AP to another. The client must negotiate the move with each AP independently, and the APs must also make sure any buffered data from the client is passed along to follow the association. Autonomous roaming occurs only at Layer 2; some other means must be added to support Layer 3 roaming.

With lightweight APs, a client still roams by moving its association. From the client’s point of view, the association moves from AP to AP; actually it moves from WLC to WLC, according to the AP-WLC bindings.

Intra-Controller Roaming

In the next figure, a wireless client has an active wireless association at location A. The association is with WLC1 through AP1. As you might expect, all traffic to and from the client passes through the LWAPP tunnel between AP1 and WLC1.

 

 The client begins moving and roams into the area covered by AP2. For this example, notice two things: The cells provided by AP1 and AP2 both use the SSID “MyWLAN,” which
enables the client to roam between them. In addition, both AP1 and AP2 are joined to a single controller, WC1.

Inter-Controller Roaming

In some cases, a client might roam from one controller to another. For example, a large wireless network might consist of too many LAPs to be supported by a single WLC. The LAPs could also be distributed over several controllers for load balancing or redundancy purposes.

In the next figure, a wireless client is using an association with WLC1 through AP1. This is similar to our previous figure, but now each of the adjacent LAP cells belongs to a different WLC. All the client’s traffic passes through the LWAPP tunnel from AP1 to WLC1.

When the client moves into AP2’s cell, the same SSID is found, and the client can move its association to WLC2. As long as the two controllers (WLC1 and WLC2) are located in the same
IP subnet, they can easily hand off the client’s association. This is done through a mobilitymessage exchange where information about the client is transferred from one WLC to the other. Once the mobility exchange occurs, the client begins using the LWAPP tunnel between AP2 and WLC2. The client’s IP address has not changed; in fact, the roaming process was completely transparent to the client.

I will continue write about WLAPP in the next articles…

Sources:

http://en.wikipedia.org/wiki/LWAPP

http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1050339

Book: CCNP Self-Study BCMSN Official Exam Certification Guide.

Categories: Wireless

Tags: Leave a comment

Feed

http://www.ipstuff.net / Some words about Lightweight Access Point Protocol or LWAPP