Enabling Multicast Support for vWLAN 2.3 and Later

Version 5

    adtran.jpg

    Sections Included in this Document


    1. Introduction
    2. Hardware and Software Requirements
    3. Deployment Concerns and Considerations
    4. Configuring "Convert Multicast to Unicast"
    5. Configuring Multicast in the Role of the SSID
    6. Troubleshooting

     

     

    Introduction


    vWLAN is user-based VLAN ready, which allows an administrator to shrink broadcast domains easily and to place users into the proper network or VLAN-based on credentials. vWLAN’s Layer 2 architecture allows multicast support without the need for protocol awareness such as Distance Vector Multicast Routing Protocol (DVMRP) or Protocol Independent Multicast (PIM) sparse mode (PIM-SM) when multicast is allowed in the AP firewall.  This document covers how to enable Mutlicast on vWLAN 2.3 and later.

     

    Hardware and Software Requirements


    For the purpose of this document, a vWLAN appliance or Virtual Machine running vWLAN 2.3.0.9 or later is required. Further, Bluesocket Access Point (BSAP) firmware 6.7.0-23 is recommended for use with this version of vWLAN. You can find additional information under the vWLAN software notifications (https://supportforums.adtran.com/community/bluesocket/bluesocket-vwlan/software).


    Deployment Concerns and Considerations


    By default, "Convert Multicast to Unicast" is enabled on an SSID. Multicast transmissions are typically sent from one source to several destinations or to all destinations. From a security standpoint, it is difficult to configure the firewall properly for multicast transmissions between different client types because it is not client specific, but rather a multicast address. Converting multicast to unicast allows you to police traffic more efficiently because the traffic is split into individual streams destined to each client. In addition, when multicast and broadcast transmissions are sent wirelessly, they use the lowest data rate available, resulting in lower performance than unicast transmissions. If traffic is converted from multicast to unicast, it is sent using a higher data rate which improves performance, using less air time.  Again unicast traffic is sent to a single client, therefore it can be sent at the speed of each client rather than that of the slowest client.


    Anytime the AP is configured to edit or change traffic "Convert Multicast to Unicast", there will be an added overheard. In this case, the additional overhead is coming from the unicast acknowledgments, whereas with multicast/broadcast there are no acknowledgements.  Converting multicast to unicast will add fidelity because of the acknowledgment, but that will also add another frame and if missed, will add re-transmissions which are more likely to occur on a WLAN compared to a wired network. Multicast does not possess the same fidelity as unicast because multicast traffic because clients must check in with the AP to receive buffered frames.  The amount of time required to wake up the client can be edited using the Beacon intervals and DTIM values. 


    Note: If you decrease the beacon interval, the client will check in more often and as a result the client's battery may suffer.


    Adtran does not recommend converting multicast to unicast if there will be more than seven clients associated to each radio.  If you do not choose to convert multicast network traffic to unicast traffic, you must allow multicast traffic in the role of the SSID. If you do not allow multicast traffic in the SSID’s role, and you do not choose to convert multicast traffic to unicast traffic in the SSID, then multicast traffic from a wired host or wireless client on another AP will not be seen.


    Configuring "Convert Multicast to Unicast"


    By default, "Convert multicast to unicast" is enabled on the SSID.  On a per-SSID basis, you can determine if the system should convert multicast and/or broadcast packets to unicast frames for wireless clients (this is already done for wired clients).  Navigate to the Configuration tab, and select Wireless > SSIDs. Here any previously configured SSIDs are displayed, and the name, role, broadcast SSID, authentication method, accounting server, and cipher type for each SSID is displayed. You can edit an already configured SSID by selecting the SSID or by selecting the edit icon next to the SSID in the list. To create a new SSID, select Create SSID from the bottom of the menu or select Domain SSID from the Create drop-down menu (at the top of the user interface) as illustrated in Figure 1.  Specify whether the SSID will convert multicast or broadcast network traffic to unicast traffic by selecting the appropriate option from the Convert drop-down menu. You can select to "Disable" to turn this feature off.


    Note: It is not recommended to convert multicast to unicast if there will be more than seven clients associated per radio.


    SSID.jpg

    Figure 1.


    Configuring Multicast in the Role of the SSID


    To allow multicast traffic in the Default Role of the SSID you will first need to create a destination and then assign that destination to the User's Role.  By default, when a user connects for the first time and has not been authenticated, the user’s role is Un-registered.


    Note: If you are using Web Authentication, you will need to add the multicast rule to the Un-registered Role.

     

    To configure the destination, follow these steps:

     

    1. Navigate to the Configuration tab, and select Role Based Access Control > Destinations.  To create a new destination network, either select Create Destination Network at the bottom of this menu, or select Destination Network from the Create drop-down menu (at the top of the user interface).
    2. Define the parameters of the new Destination Network as illustrated in Figure 2.
    3. Select "Create Destination" to add the Destination to the Destination table in vWLAN.

     

    DestinationNetwork.jpgFigure 2.


    Next, you will need to configure the role(s) accordingly.  Roles are all configurable from the Configuration tab. To configure the domain roles, follow these steps:

     

    1. Navigate to the Configuration tab, and select Role Based Access Control > Roles. Any previously configured domain roles will be listed in the menu. If you want to edit a previously created domain role, select the Role or edit icon next to the role name. To create a new domain role, either select Create Role at the bottom of this menu, or select Domain Role from the Create drop-down menu (at the top of the user interface).
    2. Specify whether client-to-client traffic will be allowed on the AP by selecting the "Allow Client to Client" check box as illustrated in Figure 3.  This is required if the multicast sender and receiver are associated to the same access point. 


    role.jpgFigure 3.

    1. Define the parameters of the new role.  For the purposes of this document we will be adding a rule for multicast in a role. Enter the action, the service or group to which to apply the policy, the traffic direction, and the traffic’s destination network in the appropriate fields using the drop-down menus as illustrated in Figure 4.  If a role is set to allow all traffic (allow any, both ways, any) it will not allow multicast be default.


    Note: The firewall rules operate by checking network traffic against the configured policies. If the service, direction and destination of the traffic match the policy, then the action is taken and traffic checking ends. If no policy matches, then traffic is denied. If there are no policies configured, then all traffic is denied. Policy matches are attempted in order, so make sure to arrange the policies as needed for your network (using the [drag] option to reposition a policy).  You can delete a policy by selecting the trash icon next to the policy.

    FirewallRules.jpgFigure 4.

    1. Select "Update Role" to apply the change to the role.
    2. Run the required Domain Task to apply the change the the Access Points by selecting the play button beside "Must apply configuration to APs" under Administration > Admin Tasks > Domain as illustrated in Figure 5.  Once the APs have come "UpToDate" under Status> APs, you should now be able to use multicast over the WLAN.

    domaintask.jpgFigure 5.



     

    Troubleshooting


    If you are having issues with multicast after making the necessary changes to allow multicast, it is recommended to take an AP packet capture to confirm multicast is traversing the AP properly.  For more on how to take an AP Packet Capture, please refer to the Bluesocket AP Traffic Capture Guide.