Aruba Advanced QoS Part 3: Additional Mechanisms
Back to the future with this Airheads Online article from 2007.
Bandwidth management is another QoS mechanism that helps ensure adequate bandwidth for user traffic. The Aruba controller supports several bandwidth management mechanisms. This section discusses the bandwidth management features and possible use cases.
Role-based bandwidth management
One option is to apply bandwidth contracts on a per-role basis. In this case, the total bandwidth by all users belonging to a given role is limited by the corresponding bandwidth contract. This method does not police per-user network usage, just the total usage by the group of users belonging to a role.
User-based bandwidth Management
The per-user bandwidth contract ensures that no single user can access more than the bandwidth defined by the contract.
SSID-based bandwidth Management
Unlike the other bandwidth contracts which are based on a maximum number of bytes, the per-SSID bandwidth contract specifies and assures a minimum amount of air time. Traffic on an SSID can burst above the minimum as long as other SSIDs have at least their minimum time allocation available. If there is not
adequate air time available for the SSID to burst, non-conforming traffic will be dropped by the policer.
Additional Aruba QoS Features
Aruba implements additional QoS features to improve the call quality. These features focus on other Wi-Fi and networks operations that can negatively impact jitter and delay.
Call Admission Control (CAC)
Wireless networks use a half-duplex medium and consequently faces greater resource constraints than wired networks. In a wireless deployment supporting real-time applications, it is necessary to police the bandwidth in the air and ensure that handsets on active calls (i.e., off hook) get premium treatment for the duration of the call irrespective of whether they are stationary or roaming between APs. It is also necessary to manage
the bandwidth by limiting the per AP call count to ensure good call quality for devices on active calls as well as to ensure available bandwidth for data users.
Aruba’s CAC is call status-aware and intelligently manages bandwidth and call load balancing depending on a given client’s call status.
This feature helps limit the bandwidth lost to multicast and broadcast traffic. It is primarily aimed at limiting the amount of broadcast traffic in the air. For broadcast ARPs to clients known to the WLAN system, the controller filters the broadcast traffic and sends a corresponding unicast ARP request to the client.
A significant percentage of network bandwidth is used by network devices and clients periodically sending broadcasts and unicasts to either find clients or update ARP tables. By having the controller filter the broadcast ARPs for known clients, most broadcast requests will not be sent into the air, resulting in more available bandwidth. In addition, enabling proxy-arp limits the multicast traffic for STP, VRRP, and CDP packets from being sent into the air from the wired to the wireless clients.
Fast Roaming with WPA
In the case of dynamic key encryption, the keys are derived as a function of both the client’s and the AP’s MAC addresses. As the client moves from one AP to another, new keys are derived for security purposes. During the time the client takes to renegotiate its keys, data or voice traffic cannot be exchanged between the
infrastructure and the client, which could result in the session being dropped. WPA2 offers key caching mechanisms that alleviate these roaming effects by allowing the clients and APs to cache keys. This support is not available in the WPA standard.
However, on designated handsets, Aruba controllers have implemented a mechanism for WPA key caching similar to the Opportunistic Key Caching feature available for WPA2.
Voice-aware .1X /.11i Re-keying
802.1X transactions in the middle call can result in choppy voice due to the time taken by the AP and client for the 4-way key handshake and the group key handshake.
Without key-caching, key negotiations are important and unavoidable as a client moves from one AP to
another. However, Aruba can postpone re-keying for the duration of a call when a handset remains on the
same AP, thus avoiding choppiness.
QoS-aware RF Management
Most wireless APs go offline during RF scanning mode for the purpose of RF management and / or Intrusion
Detection System (IDS) functionality. When this happens, the APs do not process traffic. Even though the
scanning time may be short enough that data clients are unaffected, real-time traffic such as voice may be
impacted by this delay. This could result in temporary degradation of the voice quality, dead air, or a dropped
call. For delay-sensitive applications such as medical reporting, delays could have far more dire
Aruba’s RF management system is tied to its session aware firewall. In the case of voice, it is possible to
avoid scanning when a device is off hook. Once the device moves to another AP or the call is disconnected,
the AP resumes its normal RF scanning operations. This allows the Wi-Fi system to maintain the RF quality
in a dynamic environment while also ensuring that real-time traffic quality is not compromised. This
behavior can be extended to other applications and traffic patterns that require high QoS.
Advanced QoS functionality is critical to supporting real-time applications in WLAN networks where the RF
environment can be unpredictable. In addition, WLAN systems need to perform numerous operations for
Wi-Fi optimization and Wi-Fi protection that could potentially adversely affect end-to-end QoS.
QoS implementations on the WLAN infrastructure need to extend beyond conventional methods to accommodate the requirements of real-time traffic in the air, while simultaneously, being capable of performing RF management operations critical to the stability of the RF environment.
Aruba implements standards-based QoS mechanisms that ensure interoperability with any compliant handset or real-time mobile device, as well as providing best-in-class additional features that optimize not only the mobile user’s experience but the mobile application performance as well without compromising the stability and security of today’s mission critical WLAN network.