Only a few years ago, Cisco tried their hand at a converged access wireless platform with, among other devices, the Cisco 5760 Wireless LAN Controller. To this day, I have nightmares about that box. It wasn’t fully functional, and it had huge code issues. Today, in spite of AireOS being a stable, highly functional, and well-known WLC platform, Cisco is trying it again with a range of WLCs in the 9300 and 9800 series.
However, will this brave attempt prove to have the same fate as the 5760?
According to Cisco,
Converged access represents an architectural change in the way wired and wireless networks are deployed. A converged access network allows policy decisions to be enforced at the network edge, potentially minimizes unnecessary traffic backhaul, and simplifies network management by allowing one policy to be used for both wired and wireless traffic. (source)
What this means is a unification, to some extent, of the wireless and wired networks in terms of deployment, management, and policy enforcement. This is much more than simply layering Cisco Prime over the top as a management tool. Cisco’s idea of converged access is to truly unify the wired and wireless environments in terms of how we control both the appliance and wireless endpoints.
Today, the Catalyst 3850 switch is a very common access or distribution layer switch, but it can also act as a small branch wireless LAN controller supporting 50 access points. This eliminates backhaul of wireless traffic to a centralized controller at some main office or data center, and embeds the WLC functionality into the code of the Catalyst switch.
For larger environments, this means racking a couple hardware WLCs. Models like the 5508, 8510, 5520, and 8540 aren’t exactly integrated into the wired network, but they have IP addresses, VLANs, and push policy – and isn’t that enough?
I build wireless networks with controllers running AireOS all the time, and they work just fine. So after the mess with the 5760, what’s the point of trying converged access again?
I think the answer is twofold: programmability and what Cisco calls “deploy anywhere.”
PROGRAMMABILITY
I don’t believe Prime was successful in unifying the management of the wired and wireless networks, and Prime has nothing to do with features. And since AireOS has to be managed box by box, I don’t believe it’s very integrated with the wired network in terms of management and policy enforcement. I love AireOS, but it’s not highly programmable in the context of overall network operations. It requires manually configuring WLCs, usually at a GUI, one device at a time.
IOS-XE WLCs are run IOS-XE code which is built from the ground up to be highly programmable. The familiar IOS-XE already provides all sorts of modern network programmability tools for network management. This means the tools we already use to manage the wired network can also be used to manage the wireless environment.
Exactly like IOS-XE, IOS-XE WLC contains NETCONF and YANG models allowing it to be managed off-box by Ansible or Puppet. In fact, you can also drop into a guestshell for on-box bash or python.
At Networking Field Day 19, Ankur Bhasin, a software development manager with Cisco, mentioned that every single CLI configuration has a corresponding NETCONF and YANG model. This means, for example, that the IOX-XE WLC can be incorporated right into the inventory file an Ansible playbook might use for wireless network management.
Below notice that built right into the IOS-XE WLC user interface is a python sandbox:
This is the screen you’d see when opening up the sandbox:
Clearly, an IOS-XE based WLC offers tremendously more opportunity for programmability, off-box management, and ultimately a greater integration into an existing wired infrastructure.
DEPLOY ANYWHERE
The 9800-40 and 9800-80 are the hardware appliance platforms that can be deployed in a rack like any other box. The 9800-CL (cloud) is a virtual appliance that you can spin up in ESXi or in AWS.
Having a truly fully functional virtual WLC is a big step forward. I’m sure there are good technical reasons the AireOS vWLC isn’t quite the same as the hardware appliance. I rarely saw a vWLC in production, and I personally never deployed one outside a lab.
The 9800-CL, however, has complete feature parity with the hardware appliance. This is a big deal and makes it an excellent option for so many organizations that need enterprise wireless but are also trying to reduce their hardware footprint.
This is also an avenue for deploying a WLC in the cloud to be used by many branch offices or by any organization making use of a hybrid-cloud topology. Cisco calls it “deploy anywhere”, or in other words, customers have the choice to deploy a hardware appliance, a virtual appliance, or a cloud appliance, all with complete feature parity.
There are several IOS-XE WLC platforms to consider: the Catalyst 9300 switch, the 9800-40, the 9800-80, and the 9800-CL. I bring this up because it’s important to note that the Catalyst 9300, already a familiar switch model, is similar to the 3850 in that it’s a switch that also has a built-in wireless controller to support a small number of access points.
This may be beneficial to branch offices that need local RF management without the backhaul to a data center, but the 9300 requires SDA and DNA Center to run. This may be a hard sell for many customers since it means needing to deploy another overlay of management and infrastructure.
The 9800-40 and 9800-80 are traditional hardware appliances, and the 9800-CL is the completely equivalent virtual appliance able to deployed in ESXi or in the cloud. By IOS-XE version 16.12, there is complete feature parity between AireOS and IOS-XE based WLC.
This is pretty big. A stumbling block with converged access a few years ago was that IOS-XE based WLCs didn’t provide equivalent features, either in RF management or in WLAN management, as AireOS. One example is that I wasn’t able to perform per client throttling on the 5760 – a feature already well-established in AireOS code.
And deploying a 9800-CL virtual appliance doesn’t have to be in FlexConnect mode like deploying an AireOS vWLC has to be today. The fact that I can now run a full-featured vWLC, whether in ESXi or in AWS, is going to be music to many of my customers’ ears.
At NFD19, Ankur explained this move toward converged access is in line with Cisco’s philosophy of a network fabric, including both the wired and wireless networks. What this means for people like me, talking to customers and installing wireless networks, is that with the IOS-XE based wireless controllers, I now have a highly programmable, feature-rich WLC option I can manage as part of my wired infrastructure and deploy any way I want without penalty.
Based on the presentations at NFD19 and my own exploration of the 9800-CL virtual WLC, I don’t think this is at all a repeat of the 5760. I’m not talking about it with customers yet, but especially because AireOS will eventually be going away, this is something to build out in a lab right now.
Thanks,
Phil
Make sure to watch the NFD19 video in its entirety to learn about specific advancements such as the decoupling of access point and wireless controller code, analytics, and security features.
{networkphil} 