Do i need a ZoneDirector for Wireless Roaming?

  • 2
  • Question
  • Updated 1 year ago
  • Answered
Hi,

Do i need a ZoneDirector for Wireless Roaming?
One of my Customers need a Wireless Network for his Warehouse. There will be about 15 to 20 Wireless Barcode Scanner. The Scanner supports 802.11b/g/n.

I read there is no need for a ZoneDirector for Layer 2 Roaming because this is implemented in the 802.11 Protocoll. Is this true?

Please clarify.

Thanks.

Kind Regards
Marco
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes

Posted 3 years ago

  • 2
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
In my experience, barcode scanners run Telnet based applications that are very
sensitive to time delays and dropped packets. Using only standalone APs means
the scanners will have to re-authenticate with every roam. Having a ZoneDirector
allows for the cached client session credentials to be shared between APs and
allows for more seamless roaming, especially for VoIP and Scanner usage.
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hi Michael,

thanks for your Reply.
Ok. So if i understand right Roaming without ZD is working... more or less. It depends on the Client.

If my customer need a better (or even perfect) Roaming Experience he should use a ZoneDirector. Correct?

Is the statement true that Roaming is (in a simply) way implemented in the 802.11 Standard?

Thanks & Kind Regards
Marco
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 759 Posts
  • 162 Reply Likes
Hi Marco, The 802.11 standard explicitly places control of wireless connection establishment in the hands of clients by defining various logical services and breaking implementation out between clients and access points."

Even if controller is there you shall keep in mind that roaming will NOT always be smooth due due to the fact that decision and how fast to roam is taken care by STA or client.

Hope this helps.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
Hi Marco,

The fastest client re-association is facilitated by ZoneDirector managing client
sessions between Access Points under its control. Without a ZoneDirector, the
scanner is dropping from one AP, and performing an entire new connection to the
next AP, including another DHCP request, and will result in a few lost packets by
the scanner telnet application. If these dropped packets are enough to freeze the
application or cause it to lose session with the server will have to be evaluated,
but for best results, the ZD is a valuable piece of the solution.
Photo of Koen

Koen

  • 30 Posts
  • 1 Reply Like
Good reply Michael,

For the session credentials to be shared between access points, does 802.11r with 802.11k support needs to be enabled on the zonedirector or will enabling these features trigger an even faster (more seamless) roaming (for client devices that support these features) because of storing the PMKs at the zonedirector (PSK & 802.1x support) and also clients requesting neigboring reports from the access points. Will 802.11r trigger pre-authentication of the client devices with neigboring access points before re-association to these AP's?

Best regards,
Koen
Photo of Munish Dhiman

Munish Dhiman, Employee

  • 100 Posts
  • 14 Reply Likes
Hi Koen,

In 802.11r Yes, the initial handshake with the new AP is done even before the client roams to the new AP( Fast Transition (FT). So the initial handshake tells the client and the AP to calculate the encryption keys in advance . These keys are than applied to the client and AP after the client request for re-association .

Thanks,

Munish
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
I think the short answer to Marco Eichstetter question is NO. You don't need a ZD for roaming to work. The standard takes care of that not the ZD or any other control entity. Maybe in a single channel architecture things are different, but I don't actually know how things go there.

Then there is the consideration of authentication, which is a big factor here.

So when you have 2 APs configured with the same SSID and security parameters the client will decide to which one it is talking at any time. So if it's talking to AP1 and decides AP2 is better it will roam to that one and vice versa.

One thing that vendors do is help the client with the decision. This help is kind of 2 tier:

1. One is standard based with the implementation of 802.11k Radio Resource Measurement of Wireless LANs amendment. This however NEEDS to be supported on APs and client devices (STAs), otherwise it's useless

2. If 11k isn't supported a controller can gather data on an STA and if it thinks it has a better option for it it disassociates it thus forcing an association from an STA and hopefully the STA will connect to the same SSID but one advertised by a "nearer" AP with better signal. It's a hit and miss process.

The other thing is authentication that basically defines the speed of a roam as the STA needs to perform it every time it changes an AP association. These times can vary between 10ms to 300ms, depending on various things. The fastest way to do it now is by employing 11r as was discoussed by Koen and Munish, but again both nodes on a network need to support it.

So in the end, the answer is YES, you need a controller for roaming to work very fast, but you also need clients that support 11k & 11r and 802.1X must be employed.
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hello Primoz Marinsek,

thanks for your detailed answer.
In my specific Case a Customer wants to deploy a wireless Network in his Warehouses. In the End there will be about 10 Wireless Bar Code Scanners. For my Customer its important that the Clients roam as "smooth" as possible. Unfortunatelly my Customer don't know which kind of Bar Code Scanner (Model, Vendor, etc.) he will get.

Someone of Ruckus reccomendet to use a ZD1106.
If i read the Information within this Topic it seems it whould be a good way to try roaming first without a ZD. If it works: Fine! If not: Lets try with a ZD.

Is this my way i should go?
If i understand right a STA have to support 11k to roam "smoothly". Is 11r just needed if i am using 802.1x or is it also good if i use a simple autonomous WPA2 Network?

Many Thanks!
Kind Regards
Marco
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
To roam as smooth as possible scanners will have to support 11k, 11r and 1X will have to be deployed.

The second not so optimal, but still probably good option is too use a ZD and a static WPA2/AES key.

The last and the least optimal option is to use stand-alone APs configured with static WPA2/AES key.

Maybe start from the bottom and go up if needed.
Photo of Koen

Koen

  • 30 Posts
  • 1 Reply Like
Hey Marco,

The goal of 802.11r & 802.11k is that when using 802.1x authentication for the first time, this authentication process will happen between the client device (supplicant), Zonedirector (authenticator) and RADIUS server (authentication server) and can take up to a few seconds depending where it is located, once successfully authenticated, the RADIUS (AAA) server will send the MSK = PMK to the Zonedirector which will be stored there and forwarded to all APs in the same mobility domain that request it. The 4-way handshake (deriving session keys) will happen between the AP the client is connected to and the client device itself. Now when the client device is roaming to another AP (and i think the client can even auth to other AP's before making a roaming decision) in the same mobility domain, the client will authenticate to the Zonedirector instead of the AAA server & re-associate with the new AP. The 4-way handshake will occur between the new AP and the client device. The client roaming time will be reduced from a few seconds to around 50ms. The 802.11k part is that clients who support this standard are able to request a neighbor report of the access point it is connected to. The AP will respond with a neighbor report containing following information on the top 8 neighboring AP's: SSID, channel #, PHY type, BSS capabilities, mobility domain, ect... The neighbor report empowers client devices with info to make the smartest roaming decision. Without 802.11k clients will learn neighbor AP information from probe responses

Guys, please correct me if i am wrong on this.
br.
Koen
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Hi,

Sorry for the question again. I hope i am not too annoying. ;)

I read at "support.apple.com":
"11k" is for quickly identify nearby APs available for roaming. It doesn't matter if i am using static WPA2 or 802.1x.
"11r" streamlines the authentication Process using a Feature called FT and allows STA to associate with APs more quickly. Depending on WiFi-Hardware Vendor, FT works with static WPA2 (PSK) and 802.1x.

On "theruckusroom.net" i read 11r is just needed if i am using 802.1x, because the authentication Process needs his time. This Statement is the same like you (Koen and Primoz Marinsek) described.

Because my Customer don't have an IT-Staff. The IT-Staff is in fact one Person who manages the IT besides. I'm thinking to use DPSK (WPA2). Maybe he should look for Bar Code Scanner who supports 11k.

Thanks.
Marco
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 48 Reply Likes
Yes, 11k doesn't care about your authentication method.

Definitely the customer should buy a scanner that supports 11k, 11r and 11w. These things last for years and they should be future proof.

My suggestion is still the same. Start at the bottom of my last post and work your way up if needed.
Photo of Marco Eichstetter

Marco Eichstetter

  • 148 Posts
  • 7 Reply Likes
Ok. Thanks!
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
Note that even on WPA2-PSK networks, my iOS devices start showing that they're using 802.11r FT to roam. Renegotiating WPA2-PSK is certainly faster than 802.1x and making it to a RADIUS server and back, but it still takes time.
Photo of Nick Wollman

Nick Wollman

  • 18 Posts
  • 0 Reply Likes
why does my zd 1100 not have an ft roaming option? or is that also dependent on the ap? my 1200 has it and im using r600s on it but only 7343s on my 1100.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2114 Posts
  • 297 Reply Likes
Nick, the Fast BSS Transition WLAN option was introduced in 9.8 release.  What version firmware are you running on your ZD1100?
Photo of Nick Wollman

Nick Wollman

  • 18 Posts
  • 0 Reply Likes
9.8. But that brings me to another point. I was looking at the release notes for 9.10 and I saw that the 7962 access point was not supported anymore. What does that mean exactly? I have a couple of those and I'd still like them to work when I update. Also my zone director 1100 reports a whole bunch of useful information such as users roaming from one AP to the next and AP join requests and heartbeats lost and stuff like that. My newer zone director 1200 only reports when rogue APs are detected and that's pretty much it. Do the new software updates make them report less stuff?
Photo of Nick Wollman

Nick Wollman

  • 18 Posts
  • 0 Reply Likes
R and V....now I have to go research those protocols. Relatively new I would assume. and not all devices support it yet? They are just addon protocols to the ac right?
(Edited)
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
Correct and correct. Modern iOS devices are publicly stated to support it: https://support.apple.com/en-us/HT202628. I'm sure other devices do as well, but it's hard to find solid evidence.

One thing nice about 802.11r FT is that the handoff from AP to AP is virtually instantaneous and you can even carry a VOIP call while walking from AP to AP.
Photo of Nick Wollman

Nick Wollman

  • 18 Posts
  • 0 Reply Likes
Well we just invested in a ruckus system and that ft transition was one big reason why. Trouble is, the "management" like to make sure the system actually works before throwing lots of money at it so we bought older aps off of eBay that might turn out to not even support it. Oh well.

Can you explain a bit what the channelization feature is for and what it has to do with a client switching between aps steadily? What is the problem if a client steadily disconnects from his ap and roams out to a neighbor but comes right back to his own almost immediately? What would cause an ap to lose clients if no others in the system have any problems?
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 137 Reply Likes
Channelization? You mean 20/40/80 MHz, or something else? It's not really for optimizing client switching per se. A client steadily disconnecting and reconnecting between AP's is not really something the AP's can control. If a client decides it wants to disconnect there's nothing an AP can do to disagree. That is an issue you'll have to debug from the client side.

OTOH, the ZoneDirector logs can make it sound like a client voluntarily disconnected when in reality what happened is that the AP switched channels (e.g. ChannelFly) or the AP forced the client to disconnect (SmartRoam).

Do you mean ChannelFly by any chance?
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 329 Posts
  • 80 Reply Likes
RE: 7962s. APs that are not supported/EOF will have an upper firmware limit. So you could end up in a situation where you can upgrade the ZD but not all the APs...need to be careful.
If this doesn't apply right now it might hit on the next firmware upgrade cycle.

If the ZD cannot upgrade the firmware on the AP then those APs will not join and be configurable from the ZD. Ooops.
Photo of Mitchell Axtell

Mitchell Axtell

  • 58 Posts
  • 15 Reply Likes

The log settings changed in more recent firmware to show warning and critical events only, but it's easy to change this.  Under Configure > System > Log Settings, click the "Show More" option and save.  That will show the user roaming and other entries.

Photo of CJ SoCal

CJ SoCal

  • 4 Posts
  • 0 Reply Likes
Does Ruckus Unleashed support Fast Roaming 802.11k and r protocols or would I need Zone Director?
Photo of John D

John D, AlphaDog

  • 497 Posts
  • 136 Reply Likes
Yes, unleashed supports 802.11k/r FT roaming.
Photo of Alastair Chisholm

Alastair Chisholm

  • 2 Posts
  • 0 Reply Likes
We have installed on a large yacht a ZD1100 with 5 x RUC007-72 access points. This has been simply configured with all five having the same SSID and security parameters.
The yacht owner is using this with an iPad to control his on-board entertainment system and complains of drop out when moving around the boat.
Can you help with the  configuration process which would optimise seamless roaming between APs?