Wireless access has not only revolutionized networks. It has profoundly changed our culture. It has transformed how and where we work, how we interact through social media, and how we stay connected with family and friends.
The challenge we are now facing is Wi-Fi saturation. Given the number of connected devices online now, and the predictions for exponential growth over just the next few years, we need to ensure that we are building wireless networks that can accommodate both the volume of connections and connected devices coming, the increase in latency-sensitive content streaming over wireless connections, as well as the highly mobile nature of devices and users. Add security to the mix, with its requirements for secure authentication, data inspection, and encryption, and planning and building a wireless infrastructure can be challenging.
Two primary Wi-Fi Architectures exist today - both use the same 802.11 technologies – Multi Channel Architecture (MCA) and Single Channel Architecture (SCA), which is also referred to as single cell or virtual cell. While the vast majority of wireless infrastructures are MCA, there are advantages to SCA designs that we shouldn’t overlook.
MCA Access Points (APs) operate across different channels. In an MCA environment, all access points (in close proximity) operate on different RF channels. As a client moves and the signal strength of the AP they are connected to degrades, it searches for and connects to the next AP (with a stronger signal) even though it may be on a different channel.
With Virtual Channel, or SCA, all APs operate on the same channel. This ensures that as a client moves around the environment they will always see a strong signal. And, even though they may connect through a variety of APs during the day, the client does not even know they have roamed. This makes wireless mobility a much more seamless process, and is especially good for real-time voice or video communications.
Today, 99% of networks use Multi Channel designs, while less than 1% use single Virtual Channel. Interestingly, even though the Multi Channel design does not support roaming as well, it offers greater bandwidth and capacity, and is therefore 'good enough' for most communications. However, single channel architecture still has its place for some organizations and in some use cases. Fortinet is one of the few Wireless AP vendors who still support both single and multichannel design, providing administrators a choice for design.
Mitch Dickey, the Senior Network Engineer for the Loudoun County School District, recently spoke about the advantages of single channel architecture. The reality is that a properly designed single channel virtual network can support not only an extremely high numbers of clients, but also ones that are constantly moving. According to Dickey, “Our students and staff are very mobile, which makes our wireless networks mission critical. The vast majority of our schools don’t have desktop computers other than in administrative areas. Many of our schools also don’t have computer labs, but employ several carts of mobile devices. For us, a single channel architecture solves a number of challenges.”
Virtual Cell – How it Works:
The key to this is the Virtual Cell technology employed by the Fortinet (Meru) wireless APs. The Virtual Cell concept changes the whole WiFi process.
In each Virtual Cell, the number of access points can vary widely depending on the design. All the APs in a Virtual Cell, whether 10 or 500, are able to operate on the same radio channel, and they all share the same SSID (BSSID). This means that when a client scans for an SSID, it is only presented with 1 or 2 BSSIDs to choose from (typically, this would include one in the 5GHz range and one in the 2.4GHz range.) The client can make the decision as to which of the two BSSIDs it wants to talk to, or you can have the central controller manage that decision.
The question, of course, is which AP will the client associate with? The answer is, the most appropriate Access Point as defined by the controller. The controller is aware of all the APs, including which ones can see each another. It is also aware of which APs are busy. This intelligence allows it to assign the most appropriate AP to connect with this new client. If the client then moves, and the originally assigned AP is no longer the absolute best option, then the controller simply tells the next AP to connect with the client. From the client’s perspective, nothing changed. It never asked to roam, and as far as it can tell, it never did because the Virtual Cell dynamically changed the route of the traffic.
The Virtual Cell process is designed to make sure, on a packet-by-packet basis, that the 'best AP' is always the one communicating to the client. This ensures the client is always running at its highest possible data rate. Interestingly, this also ensures that it spends as little time on the air as possible, which in turn means there is more space for other devices to talk, as Dickey explains in his use case.
And because the most appropriate AP is the one connected to the client, it has the capability to reduce its transmit power, which reduces interference and saves battery life for the client. This process has great advantages when designing for clients that may not be at the premium end of the scale. Low cost client devices with poor drivers are mostly designed for home networks, and often are poor at roaming. However, in a Virtual Cell that doesn’t matter. The controller takes care of that for them.
The obvious argument many folks make against the Virtual Cell model is that since they all have to operate on a single channel, this must provide less throughput when compared to lots of APs on different channels. Well, the answer is absolutely yes and definitely no – which is just a sneaky way to say that you can always set up a test to categorically prove one is better than the other. It just depends how you configure the test.
Of course, administrators have the option to operate their Fortinet APs in Multi Cell mode and be the same as the rest of the industry. But because Virtual Cell is an option on the controller platform, they also have the option of functioning in Virtual Cell where appropriate. In fact, the best of both worlds are available because a single controller is fully capable of operating some APs in Virtual Cell mode and others in Multi Cell mode. Mitch Dickey goes on to explain that the key for any network is proper design for the specific use case.
You Don’t Have to Choose Between Availability and Security
Regardless of your architectural design, whether Virtual or Multi Cell, providing seamless Wi-Fi access and network security is the goal of all administrators as it provides the most efficient and affordable WLAN solution for organizations of all sizes, from small businesses all the way up to distributed school districts or enterprises. By integrating a centralized FortiGate Next Generation Firewall with the Controller solution, all authorized and guest traffic is subjected to enterprise-class cybersecurity protection. This allows the enterprise to implement comprehensive security at any location without needing to alter the network framework.
For a complete overview of Fortinet’s WLAN Controller solution please click here