Last week I had the pleasure of attending Wireless Field Day 4 down in Silicon Valley. There were many great presentations and I will be writing my thoughts on all of them over the next few weeks or so. To get things rolling, I will begin with my thoughts on the Aruba Networks session.

AppRF and The New 7200 Series Controllers

For many of us, this was our first look at AppRF. This is Aruba's technology that allows their solution to categorize applications using application fingerprinting/heuristics instead of by just looking at IP addresses and port numbers. This is something I was looking forward to for quite some time now and I'm glad it has finally almost arrived. What? Did I just say almost? Yes. Yes I did. While AppRF is off to a really good start, it is still a bit behind something like Meraki's L7 Firewall and it is currently missing one key component.

During the demonstration, we were shown how the 7200 controller can quickly and easy breakdown application usage for each user; very cool. This is well and good but there is currently nowhere to actually configure a layer 7 firewall rule. Yes, I can still go and block YouTube by creating a 'Name' destination that resolves youtube.com to an IP but that really isn't a layer 7 firewall, is it? Upon further questioning, I was told that the enforcement capabilities will be in an upcoming code release. To me, AppRF won't really be useful until this occurs.

I promised you some funky math...

During the presentation, a key point was glossed over. It was mention by Aruba that the AppRF functionality, present in the 6.2.x code, would only work on the 3000-series controllers and up. Put another way, if I'm understanding correctly, AppRF will not be supported on the 600-series controllers. I guess this is understandable since AppRF would require a beefier box and the 600 controllers are rather light on muscle. However, this does lead to a few obvious questions:

• Does the introduction of AppRF and 6.2 code spell the demise of the 600 series?
• Is there a possible play to replace 600 deployment with Instant APs and Airwave instead?

I might be attending the AirHeads conference in March so I'll be sure to try and get some clarification then.

Increased Emphasis on Controller-less

Aruba spent a lot of time on controller-less WLAN solutions this time around. In Aruba-speak, this means Aruba Instant. You can view the controller-less session below:

Aruba Controllerless Wi-Fi from Stephen Foskett on Vimeo.

There weren't too many surprises during this part of the session. For me, the main take-aways were:

• Instant is a good fit for distributed deployments.
• Instant APs can create IPSec VPN tunnels but cannot terminate them.
• By using a combination of Instant APs, Controllers, and Aruba Activate a company could build a highly available, highly-customized WLAN across a very distributed deployment.  

Closing Thoughts

Overall I thought that Aruba did a good job of introducing most of their solutions (Airwave, Controllers, Instant, Activate) and demonstrating how all of the components can integrate fairly well with one another. I didn't see any mention of AppRF on the Instant side so I am a little worried about feature disparity across solution sets but we'll have to wait and see how this plays out over the coming year.

Aruba really 'did it right' by giving the delegates the chance to log into the management pages of each product during the presentations. Hands-on experience is incredibly valuable and I give kudos to Aruba for making it happen.

Daniel

For another great breakdown of the Aruba session, please check out 'Aruba Controllerless and Controller-Based WiFi' by Steve Williams. He's done a great job of summarizing the entire session.

This is the second post in my series of access point throughput tests. As the title states, this post has the results of my Aruba Instant AP135 testing. This will probably be the final 3-stream device I test for awhile due to equipment availabilities issues.

The Lab Setup

I used the same setup and configuration as my previous Meraki MR24 testing. However, one thing I neglected to mention in my previous post was that the access points are running with a vanilla configuration. No QoS or Airtime Fairness setting have been adjusted or activated for these tests.

The IAP135 was running 6.1.3.4-3.1.0.1_35899 code.

The Test Scenarios

I tested the IAP135 throughput in three different scenarios:

1. Main Client on 5 GHz band.
2. Main Client on 5 GHz band and Traffic Client 2 on 2.4 GHz band.
3. Main Client on 5 GHz band, Traffic Client 1 on 5 GHz band, and Traffic Client 2 on 2.4 GHz band.

Just like my MR24 testing, all tests were run twice.

The Results

Here is the video recording of each test. The results can be seen in the video and in a table below:

Result Summary in Mbps:

1. Scenario 1/Test 1 - Average: 237.2 Median: 213.8
2. Scenario 1/Test 2 - Average: 204.0 Median: 194.8
3. Scenario 2/Test 1 - Average: 231.6 Median: 207.6
4. Scenario 2/Test 2 - Average: 230.4 Median: 208.2
5. Scenario 3/Test 1 - Average: 197.2 Median: 190.4
6. Scenario 3/Test 2 - Average: 176.0 Median: 173.8

Closing Thoughts

The IAP135 performed reasonably well. I noticed that I had a difficult time keeping my client at a 450 Mbps connection which might have affected the results a bit. The final throughput test was a bit lower than I expected but that is why I ran each test twice.

Daniel

Next up on the list will be some Aerohive access points, hopefully a few Ruckus access points, and possible a few more Meraki and Aruba two-stream access points. I'm not sure when I will have the results posted but this is a good time for suggestions regarding changes to my testing procedures. Please feel free to leave a comment or contact me directly with thoughts. 

Aruba had quite a few different technologies and products on display at Wireless Field Day 2. The one I would like to focus on for this post is Aruba Instant. (Today I'll be sticking to a high-level review and saving my technical testing results for another post.)

Many people know Aruba as a hardware controller-based wireless solution. Instant moves away from a hardware controller and replaces it with a virtual controller that resides on the access points themselves. This allows for distributed forwarding, low cost controller redundancy, and elimination of feature licenses (thank you).

Here is a brief video demonstration I recorded showing the administrative interface:

The Good

There are several things I like about the new Instant architecture: 

• The UI has been cleaned up considerably. It is much more intuitive and easy to navigate than the controller UI. 
• No feature licensing. 
• Cheap controller redundancy. When a number of IAPs are forming a single network, one of the APs acts as the virtual controller. If it fails, another one takes it's place.
• Auto-join. This feature allows you to add additional IAPs to the network and have them automatically pull the config of the existing virtual controller. 

The Bad

Life in an instant world isn't all roses. There are some things that I didn't like so much: 

• Lack of granular QoS controls. For example, you have 3 choices of networks: employee, voice, and guest. Voice networks prioritize all traffic as voice instead of just actual voice traffic. 
• OS Fingerprinting is available but only as an FYI. Currently, there is no way leverage this information to affect policy or access.
• Lack of alerting capabilities. While there is an alerts page, there is no way to natively generate email alerts for administrators. To accomplish this, you must use SNMP traps, syslog scrapes, or AirWave.

The Ugly

The only truly ugly thing is that the Instant UI hasn't been ported over to the hardware controller UI yet. (We've been informed that work on this is underway).

Final Thoughts

Instant is an interesting foray into the hardware controllerless arena by Aruba. The solution is easy to deploy and configure. While it looks like they've made a concerted effort to include as many important features as possible, they have clearly had to remove some functionality due to processing and memory limitations. In its current state, I see Instant fitting nicely into a smaller environment that doesn't have a large IT team or budget.  

Daniel

Disclosure: As a delegate of Wireless Field Day 2, I attended a presentation at Aruba Networks HQ where I received an evaluation IAP-135 and RAP-2. I am also currently employed by an Aruba Networks partner VAR.