Roaming helps ensure a seamless end user experience and application mobility within an environment. That being said, it can be extremely complicated and has many dependencies such as varying security requirements, underlying infrastructure, and coordination between clients and access points. This article takes a look at some of the challenges of roaming, and methods used to improve user experience and overall network performance.
But first, why roam?
When a client detects better wireless service at a different access point it will roam from one access point to another. But often, those roams don’t go as smoothly as planned. Clients might have to disconnect, reconnect, and even reauthenticate, proving their identity once again. Going through re-authentication can be slow enough to interrupt latency sensitive applications. In an ideal world, once a client connects to an SSID, they would be able to move around freely, and every access point would already have them on the VIP list. Cisco Meraki implements some features to make this a reality, but first, some background on the evolution of roaming.
What makes roaming slow?
The latency experienced when roaming is dependent on the type of authentication being used. For simple authentication methods (open, WEP, or even WPA2-PSK) roaming is pretty quick, around 50ms. Minimal to zero authentication exchanges are required for a roam to take place. But for enterprise networks, it’s common to use 802.1X and RADIUS in order to meet security requirements. In these environments, clients have to re-authenticate every time they move to a new access point. This means authentication exchange packets have to travel all the way to the authentication server, even if it is across a WAN connection. This type of roam can take 600ms or more depending on the underlying infrastructure.
Why is fast roaming important?
For many networks, low latency roaming isn’t important but there are certain applications that cannot sustain 600ms of latency, such as those for manufacturing, medical devices, warehouses, and most notably VoIP. For an uninterrupted voice call, generally roams need to be in the ballpark of 100ms, give or take 50ms. We will use this as a benchmark as we aim to reduce roaming latency even in environments that require 802.1x authentication.
How can I reduce roaming latency?
Building on existing fast roaming capabilities, Cisco Meraki APs now include new standards support to speed up roaming even in a WPA2-Enterprise environment.
802.11k speeds up roaming by helping clients more quickly determine which AP they should connect to. Usually the client will spend some time scanning various channels and then choose the best candidate. The Cisco Meraki AP will provide the client with valuable data about nearby APs and their channel. Clients then know exactly which channels to scan, and which to skip, before roaming.
As discussed earlier, one of the things that slows down roaming most is re-authenticating at each new AP and sending exchange packets all the way back to the authentication server. 802.11r implements something called fast transition (FT), allowing encryption keys to be stored at all APs in the SSID. Instead of re-authenticating, the new AP already knows about the roaming client and can resume sending secure encrypted traffic right away.
(Left) The client re-authenticates at each AP as it roams. (Right) After initial authentication, the client can easily roam to other APs in the SSID.
Layer 3 roaming
Finally, the Cisco Meraki access points have added support for layer 3 roaming. Layer 3 roaming is required when a client moves from an AP on one VLAN to an AP on an entirely different VLAN, and subnet. Without layer 3 roaming, the client would need to request a new IP address via DHCP. In traditional wireless solutions, an IP change would cause all open sessions to be dropped, forcing the client to initiate new sessions to the newly obtained IP address. Cisco Meraki has implemented a method to create a seamless roam even when changing to an AP on a different VLAN. The wireless network can create a connection from current AP back to the starting AP, allowing for communication to continue with the client’s original IP address. This can be easily configured in the SSID Access Control settings in the dashboard. Just navigate down to Addressing and Traffic and select “Layer 3 roaming.”
Cisco Meraki provides support for layer 2 and layer 3 roaming. Layer 2 provides for speedy seamless handoffs for most scenarios. Layer 3 is often only needed for applications like VoIP over WiFi which are required over an extended area.
Using a combination of faster client association from 802.11r, and 802.11k’s assistance in identifying where to roam, Cisco Meraki APs greatly enhance the wireless experience for end users. Additionally, the ability to support layer 2 and layer 3 roaming opens up doors for network administrators when designing the network architecture. Layer 3 roaming is available in beta today on all Cisco Meraki access points. For more information on Cisco Meraki products and roaming functionality check out the knowledge base.