We noticed an article in InformationWeek recently on the subject of WLAN Mesh:
WLAN Mesh Moves Into New Territory:
“Enterprise mesh’s benefit is clear: pervasive connectivity throughout the organization. Unbound by the constraints of copper or fiber, wireless mesh enables enterprises to deliver ubiquitous access and services to parts of their facilities that previously were untouchable by their wired architectures, while managing it as a subset of their overall wireless architecture.”
Mesh is used primarily over close geographic distances; a neighborhood, office park, or large office building. Connecting to a mesh network from a VPN seems to run into a couple of issues:
- When you roam from node to node, does your VPN client need to re-establish connection and authenticate?
- How do you manage a corporate network over a mesh in a large office park or building? The Mesh Networks Research Group seems to suggest that this would be a management nightmare with SSL. Meanwhile, this video explores some larger considerations for security strategy over a mesh network.
The impact of WLAN Mesh on VPNs is clear… but how do you deal with it? Has anyone had to rethink their strategy? We’re interested in hearing any and all insights or feedback.
For Mesh Network security do the following
Hide ESSID
Select encryption method- AES-based WPA2 recommended
Enable MAC filtering
Protect OLSR traffic
Details in link below
Source: Mesh Network Research Group
Another resource is
Building Trustworthy Mesh Networks: Why Security and Fault-Tolerance Must Be Considered Together- Speaker(s):Cristina Nita-Rotaru, assistant professor, Department of Computer Science, member of CERIAS, Purdue University – Duration 50 Minutes
Hope this helps
Links:
http://www.mesh-networks.org/
http://www.researchchannel.org/prog/displayevent.aspx?rID=4795
i still havent seen a mesh system that fixes the fundamental scale problems that repeating packets and multi hop causes.
Those that say mesh in the name but are just collections of access points on a conventional network seem better, but still are limited for bandwidth, users and QoS.
What happens when other unlicenced equipment out there interferes – an all wireless network adds some completely new ways to crash a company network.
And that ignores the accidental ways to the same thing, like leaky microwave ovens, enthusiastic amateurs with illegal amplifiers….
Graduate of the “cynics ‘R’us” and burned fingers school of networking
WLAN Mesh happens primarily @ layer 2 in the OSI stack; whereas your question/issue resides is much higher (OSI level) and unaffected.
OSI model
http://en.wikipedia.org/wiki/OSI_model
Transport Layer Security
http://en.wikipedia.org/wiki/Transport_Layer_Security
IPsec
http://en.wikipedia.org/wiki/IPsec
Layer 2, WLAN based, Mesh network
http://paginas.fe.up.pt/~mricardo/07_08/cmov-mieec/slides/mesh-networks-layer2.pdf
http://www.nttdocomo.co.jp/english/binary/pdf/corporate/technology/rd/tech/main/mesh_network/vol8_2_13en.pdf
The article is very-very high-level. And it doen’s imply anything for VPNs.
For static clients nothing won’t change as meshing occurs on lower layers than VPN.
For mobile clients the main VPN issue is session persistance (not taking into account performance and battery life).
This is not a problem, if you use specially designed client – you can, (theoretically – I didn’t try it myself) roam through different technology networks (Wi-Fi GSM – Ethernet, for example) w/o breaking your session.
For SSL check out http://tinyurl.com/6hwebb
For IpSEC check out http://tinyurl.com/5ucm8e
The new generation wireless network architectures, like mentioned here: http://tinyurl.com/58ulcf
have the ability to manage mesh networks easily enough. For example, Motorola’s Adaptive AP technology automatically establishes IpSEC controll session from AP to wireless switch, and also can automatically establish secure VPN connection for data, should this be required. The APs themselves and mesh network settings are managed centrally from the switch as if they were lightweight (dependant, LWAPP, whatever) APs.
The other mesh article (video) is talking about cooperative mesh networks, which is some kind of “Wireless Internet”
The speech is really interesting and touches a lot of things I never thought of, but these conclusions are totally irrelevant for enterprise networks, when everything is menaged centrally (at least some order and thought is present).
[...] WLAN Mesh on a VPN? “Enterprise mesh’s benefit is clear: pervasive connectivity throughout the organization. Unbound by the constraints of copper or fiber, wireless mesh enables enterprises to deliver ubiquitous access and services to parts of their … [...]