For the record, I like VLANs. In fact, I vividly remember marveling at their magic.
A couple of CLI commands and voila, a Switch was divided into multiple Switches. To me, VLANs are as beautiful an invention as PageRank for search engines. It's too bad that Larry Page made serious bank on PageRank and the VLAN inventor, Dr. Sincoskie paled in comparison. But I digress. My main beef (or tofu for my veggie friends) with VLANs these days is that they are overused and frankly, just too static for mobility use-cases. Plus, our engineers have me convinced on software-defined flows as the VLAN replacement.
We at Aruba have always been working around VLANs. First we simplified configuration and sped-up roaming by centralizing wireless VLANs with aggregation controllers in the core. A few years later we started pooling VLANs per SSID to increase the number of available IP addresses as more devices connected wirelessly.
The recent SDN movement in data center networks has added wind in our sails. Aruba engineers are amidst wrapping up their last homage to VLANs in enterprise mobility networks. We are ready to control networks on a flow-by-flow basis. Manual configuration of VLANs and its accompanying siblings like ACLs, filters, routes and QoS tags is really a thing of the past. Flow-based controls give us programmable networks that automatically optimize traffic paths around people, devices and apps.
Aruba's policy management system, ClearPass is the foundation of flow-based control. Policies that define user, device, time of day, app and location usage restrictions are downloaded to any access network at connection time. With its new WorkSpace capabilities, ClearPass can now host security policies that are enforced on a mobile device and even by an individual mobile app.
Next, every connection is monitored and controlled in real time to trigger flow-based traffic management. Actually, Aruba controllers have been doing so for a while with their integrated firewalls. Controllers keep a real time view of everything that is happening on the network. Every user, every device, every app, every location is visible in this control plane. So is everything about the spectrum and how it is being used.
Aruba firewalls recently received a visibility boost and can now distinguish cloud apps running on HTTP and different Microsoft Lync media streams even when encrypted. With AppRF introduced in 2012, this app visibility is transferred to the RF layer to auto-tune classes of service. Then came AirGroup capabilities that stitch forwarding paths on demand for applications like AirPlay and AirPrint. It is truly magical how the network selectively forwards Bonjour traffic across subnets so a wireless device can print to the closest printer or a guest can project to a conference room AppleTV. Stay tuned on upcoming news on how we take flow-based controls to the next level to solve visibility problems with Microsoft Lync over Wi-Fi.
Net-net, VLANs, Spanning Tree and routing protocols don't go away. They are assumed to exist as the basic underlying infrastructure. However, they are not the center of gravity for mobility networks. The way forward is a L4-7 control plane that manages flows on all APs and Switches. Aruba ClearPass uses the standard RADIUS protocol on any vendors' APs and Switches to push access policies. Aruba Controllers conduct flow-based traffic management on Aruba APs and Switches using proprietary tunnels. Thanks to OpenFlow, even that's about to change.
Ready to drop VLANs and use flows?
