ArubaOS 6.4, AirWave og Lync
Transcript of ArubaOS 6.4, AirWave og Lync
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
ArubaOS 6.4, AirWave og Lync
Anders Lagerqvist Systems Engineer
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
ArubaOS 6.4
AppRF 2.0
DPI for ~1,500 apps! B/W contract per app. App groups
AppRF 2.0
UCC dashboard and improved diagnostics
UCC/Lync Visibility
Reduce Client failover times
HA Phase 2
With group-based device sharing, time fencing and AirWave integration
AirGroup for DLNA & UPnP
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
AppRF 2.0 Features
• Incorporates Application Aware Deep Packet Inspection technology – Uses advanced techniques for application ID – Over 1500 Applications
• Operates at user role level to provide automated application control – Block application or categories of apps – QoS application at L2 or L3 – Bandwidth contracts for applications
• New Category Dashboard element • Shows apps by category such as Peer-‐to-‐Peer, Streaming video
• Customers can add their own HTTP-‐based app definitions
• Graphically based application blocking work flow
Lync Mobility Best Practices
Growing Market, Technical Headwinds
>20% Annual Growth Rate
of Enterprise Mobile
Devices Connecting To Wi-Fi
>28% CAGR of Enterprise Network Traffic Thru
2017
≥3 Devices Per User Needing 5Mbps of Shared Network
Access
≈1% CAGR Of On-Premise
UC Deployments (N America)*
$50B Combined UC On-Premise And Cloud
Markets (N America)*
>20% CAGR Of UCsaaS
While Price Compress At >5% Per Annum
(N America)*
80% Enterprise Wi-Fi Networks Not
Designed For The Surge of Mobile Users
48% Enterprise IT
Planners Expect Cloud UC To Be Main
Model In 2017**
Critical Inflection Points for Midmarket Mobility Initiatives, James A. Browning, Gartner, 11 July 2014 * Tech Go-to-Market: Selling Unified Communications in a Highly Disrupted Market, Bern Elliot and Tiffani Bova, Gartner, 3 June 2014 ** Market Trends: Key Trends in Unified Communications Technology, Adoption & Delivery, Megan Marek Fernandez, Daniel O'Connell, Tom Eagle, Gartner, 18 July 2014
• Need to optimize Wi-Fi environment • Need to ensure proper prioritization of UCC traffic • Must have tools to measure and troubleshoot end-to-end
Environment Is Challenging• Wi-Fi bandwidth is a scarce commodity
• IT priorities must be carefully set, rigorously enforced
• Lync and other priority applications must be allocated more network resources • Others apps must be selectively
disadvantaged • BYOD brings a mix of devices and
capabilities • Devices must be correctly enabled and QoS
tagged bi-directionally • Changing RF requires agile Wi-Fi
adaptation
The Five Pillars Of Lync Mobility
• Voice-grade Wi-Fi deployment • Traffic optimization • Lync packet tagging • Mobile BYOD • Lync diagnostics and troubleshooting
RF Design Best Practices For Voice• Capacity based Wi-‐Fi vs. coverage based across all areas of Lync usage • Pervasive RF coverage with AP-‐AP spacing ≈15 meters
• Small cell sizes maximizes client data rates • Minimum -‐65 dBm RF signal (RSSI) , minimum 25 dB signal-‐to-‐noise ratio (SNR)
• Higher number of APs operating with lower TX power ensures resiliency • Minimum and maximum AP power difference no greater than two steps
Roaming Behavior• Many devices have unique characteristics
• Proprietary roaming algorithm, scanning behavior, receive sensitivity
• Bad driver design can prevent Wi-‐Fi clients from roaming to the best access point • Addressed by infrastructure deterministically mapping clients to the best AP – no change to client or client software required
• Steering based on SNR and signal level information gathered from client's perspective
• Steering decision made based on probe requests from the client
• Combined with periodic load balancing it ensures seamless roaming
RF Design Best Practices For Voice
ENABLE
• Voice/video/load aware scanning to detect priority traffic • Client and interference awareness to optimize operation • Spectrum load balancing to ensure adequate bandwidth • QBSS Load Information Element to help clients select the best AP • WMM traffic management to provide an SLA • Application flow and load awareness so voice/video get prioritized • Fair access to assign more bandwidth to corporate vs. guest traffic • Band steering to give high-‐speed clients a fast lane • Higher rate beacons to reduce airtime consumption • Higher data rates to prevent low-‐speed chatter
Optimize For Roaming
RO
AM
ING • Minimize inter-‐AP power differences to promote faster roaming
• Avoids “hotter” APs which attract more distant clients • Enable Extensible Authentication Protocol over LAN (EAPoL) rate optimization in 802.1X environments • Ensures APs send EAPoL frames at the lowest possible rates, maximizing chances of receipt the first time and avoiding auth delays due to retransmitted packets
• Use 802.11r for fast BSS transitions • Match QoS markings used by the clients – mismatches impact voice quality
• Define two basic rates for convenience and avoid low basic rates
Authentication/Encryption Guidelines• 802.1X authentication through a RADIUS server can introduce delays during re-‐association and roaming
• Use Opportunistic Key Caching with 802.1X for faster roaming
• EAP-‐TLS provides the best security and is preferred in enterprises than EAP-‐PEAP • PSK has lower delays and works well for voice devices but is not preferred due to weak security
Traffic Management
Lync DSCP Tagging • Tunnel Mode: DSCP retagging at controller • D-‐Tunnel Mode: DSCP retagging at AP • WMM Only – Tunnel Mode: controller sets egress DSCP per Layer2 priority sent by client
• Heuristics – Tunnel Mode: controller finds Lync voice/video traffic and retags packets per SSID profile mapping
• SDN API – Tunnel Mode: controller learns Lync traffic type from SDN API and retags packets per SSID profile mapping • Desktop-‐sharing mapped to the same priority as video
•Routing
•Voice
•Video Conferencing
•Streaming Video
•Mission-Critical Data
•Call Signaling
•Transactional Data
•Network Management
•Bulk Data
•Scavenger
•Best Effort
QOS - Tunnel Mode (WMM Only)
Mobility Controller
AP
Client-A, VO: DSCP 46
Client-B, VO: DSCP 46
DSCP 46 WMM VI
DSCP 34 WMM VI
DSCP 34
DSCP 34
VO: 46 VI: 34
• AP looks at L2 Priority and sets DSCP per DSCM-WMM mapping in controller
• Controller decrypts packet and uses L2 priority to assign DSCP mapping in downstream direction
Controller decrypts the packet and retags as per L2 priority
AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping
QOS - DTunnel Mode (WMM Only)
Mobility Controller
AP
Client-A, VO: DSCP 46
Client-B, VO: DSCP 46
DSCP 46 WMM VI
DSCP 34 WMM VI
DSCP 34
DSCP 34
VO: 46 VI: 34
• AP decrypts packet and looks at L2 Priority to assign DSCP per DSCM-WMM mapping in controller
• Controller passes the same DSCP tag in the downstream direction
Controller passes the same DSCP tag
AP decrypts the packet and retags as per L2 priority
Backbone Network
• ACL is defined on Wi-Fi network to listen on port TCP 5061 • Classify media is enabled and ACL is mapped to a user
role • Lync voice/video calls hit the Lync ACL and Lync clients
are marked as Media-capable • Subsequent UDP data flow with source/destination port
>1023 from/to Media capable clients goes through Deep Packet Inspection (DPI) engine
• DPI identifies an RTP session then the payload type in RTP header is assessed to determine if it’s a voice/video session
• Type of Service (TOS) is set in the session equal to the egress Wi-Fi tunnel DSCP mapping configured in SSID profile
Heuristics-Based Lync Classification
Ideal For Office 365
Lync SDN API Network ArchitectureLync Federated
Partners
Reverse Proxy
Lync Edge Server
Lync FE Server Pool/ Lync SDN API Dialog Listener
Lync SDN Manager
Internet
Wi-Fi Mobility Controller
Exchange Server
QoE Server/ Monitoring
Active Directory
Backbone Network
Call type update
Call transition update
Call QoE update
• Wi-Fi controller, Lync server configured for SDN API • User makes Lync peer-to-peer call through server, Lync
server sends call type to controller • Controller prioritizes Lync traffic types and applies
correct DSCP tag • DSCP tag for video applies to desktop sharing • DSCP Tag for file transfer is best effort
• Lync server sends controller a call transition update from voice to video
• At end of the call, Lync Server sends controller QoE metrics
SDN API-Based Lync Classification
Ideal For On-Premise & Hosted Lync 2013 Server
Capabilities: Heuristics vs. SDN APIFeature Heuristics SDN APITagging and retagging WMM/DSCP values ✓ ✓
Dynamic identification/prioritization of Lync voice/video streams ✓ ✓
Prioritization of Office365 traffic ✓ ✓Scalable beyond 100 controllers ✓Independent of Lync infrastructure ✓Dynamic identification/prioritization of Lync desktop sharing, file transfer ✓Call metrics including MOS for diagnostics and troubleshooting ✓Visibility into dialed numbers and gateway endpoint ✓Real-time call quality analysis using UCC score ✓Correlation between UCC score and Wi-Fi health metrics ✓UCC dashboard for network-wide visibility and troubleshooting ✓Network-wide view across multiple controllers ✓Lync application usage overlay on a floor plan ✓Accurate identification of 100% of all Lync traffic ✓
QOS - Tunnel Mode (Heuristics)
Mobility Controller
AP
Client-A, VO: DSCP 46
Client-B, VO: DSCP 46
DSCP 46 WMM VI
DSCP 46 WMM VO
DSCP 46
DSCP 34
VO: 46 VI: 34
• AP looks at L2 Priority and sets the DSCP per DSCM-WMM mapping in controller
• Lync heuristics determines the access category based on the codec – if voice codec used it gives DSCP value corresponding to voice
Controller decrypts the packet and retags as per as per Traffic type
AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping
QOS - Tunnel Mode (SDN API)
Aruba Mobility Controller
AP
Client-A, VO: DSCP 46
Client-B, VO: DSCP 46
DSCP 46 WMM VI
DSCP 46 WMM VO
DSCP 46
DSCP 34
VO: 46 VI: 34
• AP looks at L2 Priority and sets DSCP per DSCP-WMM mapping in controller
• Lync SDN API informs controller that it’s a voice call • Assigned DSCP value corresponds to the value for voice mapped
under the ssid-profile - if multiple values, the first will be assigned to the DSCP
Controller learns the traffic type from Lync Server SDN API and does DSCP retagging
AP looks at L2 priority and puts DSCP as per DSCP to WMM mapping
BYOD Impacts Access Network Model
• Security and QoS assurance, traffic engineering needs a new context-‐focused paradigm based on user, device, mode (personal/enterprise), application, location
L1/L2 Network separation no longer exists; one common services network shared between all users, devices, applications IP-PBX
server
Many network destinations – including classic, public cloud, virtualized, personal
internet
private cloud
Cloud and SaaS
Each user has multiple devices, some Enterprise and some BYOD
Each device supports multiple apps, some Enterprise and some personal
BYOD Traffic Engineering For Lync
• With lots of active UCC flows all hitting the DMZ and edge server the network must be designed to keep Lync traffic local instead of dragging it to the DMZ
•
Lync Heuristics Configuration·
SDN API: Target Controller
SDN API Configuration Changes• Once the API is installed, edit the configuration file LyncDialogListener.exe.config to point the API to the controller and tell it what information to send
• For http based configuration use controller IP address, but for https, you must use controller FQDN
• Restart Lync Dialog Listener service after configuration changes
<?xml version="1.0" encoding="utf-8"?> <configuration> <appSettings> <add key="submituri" value=" http://10.10.110.1:15790;https://aruba-lync.arubanetworks.com:15790 "/> <add key="hidepii" value="false"/> <add key="sendallcallqoe" value="true"/> <add key="sendrawsdp" value="false"/> <add key="sendcallinvites" value="false"/>
http/https Configuration
• Controller and SDN API can be configured to communicate over http and https • https configuration
• Generate a server certificate and install on the controller • The server certificate must contain the FQDN of the controller • The certificate must be signed by a certificate authority (CA) and the
root certificate must be installed on both the controller and the Lync front-end server
Configure Web Lync Listening Port
#configure terminal (config) #web-server (Web Server Configuration) #web-lync-listen-port http 15790
Enable Lync ALG
#configure terminal (config) #no firewall disable-stateful-sips-processing
Set Lync ACL
netservice svc-sips tcp 5061 alg sips ! ip access-list session lync-acl any any svc-sips permit queue high ! user-role test access-list session lync-acl
Disable Classify-Media for Lync SDN API
Enable Lync Traffic Prioritization
#configure (config)#app lync traffic-control (Configure Traffic Control) #prioritize-video (Configure Traffic Control) #prioritize-voice (Configure Traffic Control) #prioritize-desktop-sharing (Configure Traffic Control) #prioritize-file-transfer
SDN API – Controller Message Exchange
Debugging▪ Controller provides debug logging to troubleshoot issues like call drop, poor call quality, delays
Sample Debug logs: May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_handle_xml_msg:1139 LYNC INFO: Received XML message from Lync Server of length = 3772 May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_check_xml_msg_syntax:2181 LYNC INFO: Stats are start left & right, end left & right = 0 0 1 1 May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_get_xml_msg_type:3377 LYNC INFO: XML method found startDialog May 7 14:13:58 :503188:<DBUG> |stm| |voice| VM: vm_lync_parse_xml_msg_n_store:2256 LYNC INFO: lync method is start dialog
Visualization & Troubleshooting
The fifth pillar of Lync mobility is formed when mashed Lync and network data are presented on
a powerful visualization tool
System Status At A Glance
Applications In-Flight
Identify Client Configuration Errors
Quality Of Service Tagging Issues
Usage Trends Troubleshooting
One Click Drill Down
User – “Jenny” – Calls Help Desk
User-Specific Trends
Individual Call Records
Individual Call Records & Trends
Bad Call Details
30 second sample call quality and client health
Dip in quality correlates with dip in health
AirWave – Multivendor Bird’s Eye View Of Trouble Spots
UCC Dashboard• Dashboards Identify call quality issues and correlate with client health • Data via AMON • Lync overlay with historical view of calls • Lync Mobility trail to track historical call sessions
Dashboard to Diagnostic page
• Drilldown from Dashboard: Click on a call (designated by a dot) which will take you to the Client Diagnostic page with UCC view. The call is selected in the list of calls.
Call Details• Selecting a call gives details for the call. In addition to call quality and client health you
get jitter, delay and packet loss. • The graph shows call quality and client health mapped over time. • The red icon shows the point at which the client roamed during the call..
Summary• The foundation of Lync mobility is voice-grade Wi-Fi • Traffic optimization is needed to free bandwidth for latency-sensitive Lync voice/video traffic
• Lync packet and retagging of mismarked packets is essential for QoS
• Mobile BYOD must be factored in to minimize the performance impact of adding new devices
• Lync diagnostics and troubleshooting keeps Run state networks humming
Questions ?