The power of distributed Wi-Fi encryption

Xirrus asserts the importance of line-rate Wi-Fi encryption at the network edge to support non-compromised Wi-Fi performance. The rollout of 802.11n – which brings a 6X or more boost to Wi-Fi network performance – is mandating a reassessment of how and where wireless encryption is implemented in the network.

While typical thin AP + controller-based systems centralize this function, Xirrus’ Wi-Fi Array architecture distributes encryption and intelligence to the network edge to enable secure, line-rate encryption today plus the capability to upgrade to new technologies tomorrow.

The standardization of 802.11i in 2004, and its subsequent certification as WPA/WPA2 by the Wi-Fi Alliance, has ensured robust, highly secure deployment options for Wi-Fi networks. Best practices advocate these security technologies are deployed as a given in enterprise-grade wireless networks, and that users abandon the original WEP security standard. The implementation of the encryption portion of WPA/WPA2 places significant processing requirements on Wi-Fi equipment designs.

Network traffic flow and the distribution of processing power are key variables between distributed and centralized Wi-Fi architectures, and ultimately impact the performance limits of these systems. Several of the key differences are as follows:

1. Distributed Wi-Fi systems, characterized by processing resources within the Array/AP:

• Scale seamlessly with network growth
• Encryption performance is added as Arrays/APs are added
• Reduce core network traffic
• Wi-Fi traffic is encrypted/decrypted at the edge, and does not need to traverse the network to/from the controller
• Simplify and reduce the cost of redundant design
• Fewer users are impacted by outages, and proper coverage design can ensure continuous up time.

2. Centralized controller-based Wi-Fi systems, characterized by many thin Access Points connected to a central controller:

• Create an encryption processing choke point
• Centralized vendors state a 5X and greater hit in performance for encrypted vs. non-encrypted traffic
• Create a network traffic choke point
• All traffic is directed to the core, whether its ultimate destination is or not
• Create a significant single point of failure
• Expensive encryption engines must be replicated for redundancy.

The Xirrus Wi-Fi Array supports a modular hardware and software-reprogrammable architecture, which allows new encryption or other technologies to be implemented without wholesale product changes. Wi-Fi technology is continually evolving, with higher performance versions of 802.11n, advanced encryption technologies (e.g. 256 bit AES), and numerous other new 802.11 standards on the horizon. Upgradeability is a critical consideration for customers looking to implement a Wi-Fi network today and protect their investment in the future.