Share Tweet Share





Let me start this piece by saying straightaway I am not bashing cloud-managed networking. In fact, I have designed and supported a couple of dozen Meraki sites with longevity as a customer that pre-dates the acquisition of Meraki by Cisco. I have Mist Wi-Fi running in eval, and I also have Ubiquiti’s cloud-managed full stack running in larger eval. I’m no stranger to cloud-managed Wi-Fi, or support and analysis tools like Nyansa and Wyebot. But let’s stick with just Wi-Fi for this discussion, and what prevents some of us from embracing cloud-managed WLANs more than we presently do.

My day job involves the care and feeding of a very large WLAN environment. I grew this beast from just four APs back around 2000 to the four-thousand-plus that it has now. This journey has seen fat/autonomous access points give way to LWAPP and CAPWAP-enabled “thin” APs, and along the way I’ve picked up a love of Meraki as a cloud-managed branch solution. More on both of these in a bit.

Cloud Services Providers Raw HTML Module

There’s no doubt that cloud-everything is gaining deeper roots. Pretty much every major WLAN vendor has at least a partial answer to the question “I like your stuff, but does it come in cloud?” At the recent Mobility Field Day 3 event, I got to hear straight from Mist Systems and Meraki alike how their already-impressive offerings are getting even better, but also to lament to them about what I see as a major impediment to larger scale adoption of their solutions- I’ll call it The Layer2 Situation.

The Layer 2 Situation is arguably more of a concern for large, established enterprise customers with high counts of lightweight access points. Let’s do a little white-boarding…

Here we have a simplified look at the L2 advantage provided by thin-AP systems. I might have 20 VLANs going into my controller for eventual mapping to individual SSIDs out in a large environment (remember, some controllers support THOUSANDS of access points. I don’t broadcast twenty SSIDs anywhere, but I do have pockets where three or four purpose-specific SSIDs are used differently from a different combination of SSIDs in other buildings).

Focus here on the “management VLAN”.

With lightweight, controller based APs, I can use a simple single-VLAN access-port uplink to each AP, because within that VLAN is tunneled bundle of whatever VLANs are actually needed at the AP for the SSIDs in use. That tunnel is hugely empowering in the simplification of my L2 environment, as I can put all my APs on a management VLAN and be done with it, while still getting as many VLANs as are needed for SSID-mapping distributed via that sweet controller-to AP tunnel.

Even when your controller hardware solution is a maddening buggy disappointment, there’s no denying that the simplification of Layer 2 is hugely compelling when controllers are used.

Now let’s consider the Layer 2 underpinnings of cloud APs in large, complicated environments. Given that there are a LOT of switches in big LAN/WLAN, simply saying “I want to migrate away from my controllers to new sexy cloud APs” can open a can of L2 worms. Again- to the whiteboard:

If I have 4,000 access points, I may have to touch over 12,000 switchports to get trunks everywhere they are needed. I have to trunk to the switches that feed other switches, and eventually to the APs themselves. Even where my Layer 3 operations are closer to the network edge, it can be thorny. And if I have different VLAN/SSID combinations in different parts of my environment, it gets hard to standardize on any single switch configuration- which is fairly easy to do in the thin-AP world.

Now, you can say “just redesign your topology and rethink how you do everything”, which is always an option. But it also adds to migration costs and works against promises of better TCO with cloud Wi-Fi, as significant network changes are not free. Remember- I’m talking specifically here about why it’s hard to think about moving a large thin-AP network to cloud-based replacements based on the fact that the two approaches are generally quite different in switching.

In my branches, everything is less complex and there are very few SSIDs and VLANs. Cloud-managed is a lot easier to get to when the scale is small, and L2 concerns are simpler. “Redisign” here, if needed, can be inconsequential where redesign of a network the size of a city is anything but simple.

So… what’s the “fix”? I fully believe that controllers have overstayed their welcome (at least the stink-ridden controllers from the vendor I’ve used for the last twelve years). But until the L2 nut gets cracked by the cloudy types, I’m in a predicament. Maybe Meraki will ultimately make their cloud-managed switches function as “VLAN concentrators” in some sort of hybrid compromise, or make their MX appliances terminate CAPWAP tunnels on top of the other stuff they do. Likewise with Ubiquiti as a full-stack solution that hopes to start competing more in the enterprise space (I’m speculating here, mind you. I have no inside information.) I have no idea what Mist will do, since they don’t have their own switches or security appliances, but there are only so many posibilities in this dilemma.

All I know is that the The Layer 2 Situation is real, and is keeping cloud vendors from getting those of us with big old lightweight environments from making the jump. I’d love to see viable, creative answers to The Layer 2 Situation offered up soon from the cloud Wi-Fi folks. Maybe there will be something new and exciting to talk about at Mobility Field Day 4?