Wireless LAN infrastructure vendor Aruba Networks yesterday announced a cluster of VoIP-related improvements to its centralized operating system designed to yield reliable telephony services and a high quality user experience.
With Aruba’s centrally managed network architecture, all user traffic passes through a hardware-accelerated, performance-optimized data path that includes a stateful-packet-inspection firewall.
The overarching element of Aruba’s announcements is Voice Flow Classification or VFC. “It’s technology derived from our firewall that allows us to do packet inspection,” said Aruba product manager Peter Thornycroft in an interview. “In particular we’re looking inside signaling packets. By looking inside, we can see what’s going on, and having knowledge of the call, we can do sensible and useful things.”
Foremost among the VFC-enabled enhancements is advanced Call Admission Control (CAC), a primary line of defense against the biggest pitfall associated with running voice over wireless LANs: degradation of call quality due to call overcrowding.
The notion of limiting the number of calls moving through a WLAN access point (AP) is not new—Meru Networks uses the technique in its VoWLAN deployments—but Aruba feels VFC gives it an edge in this regard.
VFC allows an Aruba network to monitor the state of every voice call over the WLAN. This means the network can account, in real-time, for the actual number of active (off-hook) calls. “Based on this real time count per AP, we can start setting thresholds,” Thornycroft told us.
System administrators choose an ‘initial threshold,’ the basic cutoff point at which other voice-capable (but inactive) devices in the AP’s ‘cell’ are seamlessly load-balanced to adjacent cells.
The initial threshold, however, incorporates some reserve capacity or ‘margin’ to accommodate a limited number of mobile calls that may need to transfer to the AP (as the user moves through the building, for example), or for clients that, for whatever reason, can’t be load-balanced away from the cell. Aruba calls these contingencies the ‘handoff threshold’ and the ‘sticky client threshold.’
The end result of this load-management capability—based on actual call-in-progress counts—is to allow the maximum number of high-quality VoWLAN calls per AP, while preventing overload and degradation of service to voice and non-voice clients.
According to Thornycroft, VFC works with all the common signaling protocols—SpectraLink’s SVP, Vocera protocol, Cisco’s SCCP (‘skinny’), and the emerging industry standard SIP (Session Initiation Protocol). In a separate announcement, Aruba revealed active interoperability alliances with SpectraLink, Vocera, and Avaya.
Basic quality-of-service control (traffic prioritization) on a wireless LAN depends on ‘priority tags’ inserted into the data packets at their point of origin, often based on a management ‘role’ assigned to the device in question. Unfortunately, the tags do not always accurately correspond to the actual nature of the traffic flows. With VFC and stateful packet inspection, the system can actively ‘police’ or monitor each traffic flow and adjust the priority—upward for legitimate voice traffic or downward for data traffic—as appropriate.
QoS policing eliminates one possible source of potential call-quality degradation. “QoS is not new to us,” Thornycroft pointed out, “but we do keep tweaking it.”
Voice, scanning don’t mix
These days, most APs double as radio-frequency management tools. They periodically scan for interference sources and/or rogue APs operating in the neighborhood. While this has no negative impact on data transmissions, it can wreak havoc on voice. VFC allows the system to watch all voice traffic and ‘inhibit’ APs carrying calls from scanning for the duration of voice activity. And so another potential source of call-quality degradation bites the dust.
Separating secure, insecure traffic
Without sophisticated authentication and encryption safeguards in place, voice can make a wireless LAN vulnerable to security breeches. And while powerful systems like WPA, WPA2, and 802.11i are available, not all devices are capable of supporting them. Even when IT administrators set up a separate virtual LAN (VLAN) for voice, intruders impersonating a voice call could jump VLANs and access the network’s data resources.
Aruba’s VFC gets around this by monitoring each flow, comparing protocol and destination with the user’s—and the device’s—role-based policy. A role that allows voice automatically blocks all non-voice traffic to or from the device. Intruders can’t get to data.
Smoothing the user experience
Rounding out the VoIP enhancement suite, Aruba has concocted a solution to a minor ‘user-experience’ glitch specifically related to the SIP signaling protocol. Here’s the problem: When you initiate a VoIP call via SIP, the caller’s SIP server sends out an invite to the call recipient. Once the OK is received, a second round of negotiation is required to determine the ‘media format’—since SIP can be used for IP communications other than straight audio. These protocol communications sequences can take a bit of time, during which the caller won’t necessarily know when the call has ‘gone through.’
To alleviate the possible confusion on the part of the caller, Aruba has instituted
‘early media’ (a name only an engineer could love), in which a ring tone is transmitted to the caller until the speech channel is fully set up. A refinement of the overall ‘user experience.’
VFC and its associated capabilities become part of ArubaOS version 2.5 as of this month. The enhanced OS will be supplied to existing customers with support contracts as a no-charge upgrade.