WLAN Mesh on a VPN?

Posted: November 26, 2008 in Posts

We noticed an article in InformationWeek recently on the subject of WLAN Mesh:

WLAN Mesh Moves Into New Territory:

“Enterprise mesh’s benefit is clear: pervasive connectivity throughout the organization. Unbound by the constraints of copper or fiber, wireless mesh enables enterprises to deliver ubiquitous access and services to parts of their facilities that previously were untouchable by their wired architectures, while managing it as a subset of their overall wireless architecture.”

Mesh is used primarily over close geographic distances; a neighborhood, office park, or large office building. Connecting to a mesh network from a VPN seems to run into a couple of issues:

  1. When you roam from node to node, does your VPN client need to re-establish connection and authenticate?
  2. How do you manage a corporate network over a mesh in a large office park or building? The Mesh Networks Research Group seems to suggest that this would be a management nightmare with SSL. Meanwhile, this video explores some larger considerations for security strategy over a mesh network.

The impact of WLAN Mesh on VPNs is clear… but how do you deal with it? Has anyone had to rethink their strategy? We’re interested in hearing any and all insights or feedback.

Comments
  1. Amit Singh says:

    For Mesh Network security do the following

    Hide ESSID
    Select encryption method- AES-based WPA2 recommended
    Enable MAC filtering
    Protect OLSR traffic

    Details in link below

    Source: Mesh Network Research Group

    Another resource is

    Building Trustworthy Mesh Networks: Why Security and Fault-Tolerance Must Be Considered Together- Speaker(s):Cristina Nita-Rotaru, assistant professor, Department of Computer Science, member of CERIAS, Purdue University – Duration 50 Minutes

    Hope this helps

    Links:
    http://www.mesh-networks.org/
    http://www.researchchannel.org/prog/displayevent.aspx?rID=4795

  2. Stephen Hope says:

    i still havent seen a mesh system that fixes the fundamental scale problems that repeating packets and multi hop causes.
    Those that say mesh in the name but are just collections of access points on a conventional network seem better, but still are limited for bandwidth, users and QoS.

    What happens when other unlicenced equipment out there interferes – an all wireless network adds some completely new ways to crash a company network.
    And that ignores the accidental ways to the same thing, like leaky microwave ovens, enthusiastic amateurs with illegal amplifiers….

    Graduate of the “cynics ‘R’us” and burned fingers school of networking 🙂

  3. The article is very-very high-level. And it doen’s imply anything for VPNs.

    For static clients nothing won’t change as meshing occurs on lower layers than VPN.

    For mobile clients the main VPN issue is session persistance (not taking into account performance and battery life).
    This is not a problem, if you use specially designed client – you can, (theoretically – I didn’t try it myself) roam through different technology networks (Wi-Fi GSM – Ethernet, for example) w/o breaking your session.

    For SSL check out http://tinyurl.com/6hwebb

    For IpSEC check out http://tinyurl.com/5ucm8e

  4. The new generation wireless network architectures, like mentioned here: http://tinyurl.com/58ulcf

    have the ability to manage mesh networks easily enough. For example, Motorola’s Adaptive AP technology automatically establishes IpSEC controll session from AP to wireless switch, and also can automatically establish secure VPN connection for data, should this be required. The APs themselves and mesh network settings are managed centrally from the switch as if they were lightweight (dependant, LWAPP, whatever) APs.

    The other mesh article (video) is talking about cooperative mesh networks, which is some kind of “Wireless Internet” 🙂 The speech is really interesting and touches a lot of things I never thought of, but these conclusions are totally irrelevant for enterprise networks, when everything is menaged centrally (at least some order and thought is present).

  5. […] WLAN Mesh on a VPN? “Enterprise mesh’s benefit is clear: pervasive connectivity throughout the organization. Unbound by the constraints of copper or fiber, wireless mesh enables enterprises to deliver ubiquitous access and services to parts of their … […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s