Contents

Overview·· 1

iEdge implementation· 1

Application identification and acceleration· 1

Protocol snapshot and address cache· 3

Protocol snapshot 3

Address cache· 4

Edge security· 4

ARP edge protection· 4

Collaboration with the security state awareness platform·· 4

Doctor AP· 5

Overview

With amazing speed, lower power consumption and latency, and higher bandwidth, Wi-Fi 6 technology has become the first choice of campus networks.

During WLAN deployment, operations, and maintenance, network optimization is critical to ensure user experience, improve user quantity, and prolong device lifetime. H3C developed iRadio, iStation, iEdge, and iHeal technologies to optimize WLANs from radio performance, roaming, application assurance, and network automation to improve user experience.

This document describes how iEdge empowers Wi-Fi 6 APs with the edge service awareness capability and provides service identification-based route selection.

Figure 1 H3C 4i technologies

iEdge implementation

Application identification and acceleration

iEdge uses the H3C-proprietary Wi-Fi 6 eXtreme Plus technology to identify applications and take snapshots of the identified applications. The system compares subsequent user traffic against the snapshots and processes matching packets at a high speed, which improves the DPI performance as well as DFI application identification accuracy.

When iEdge detects traffic of a critical service, it enables APs to optimize roaming and radio switchover to ensure smooth user experience for critical services. If the channel usage of a radio is so high that affects video or audio services, the AP suppresses traffic of non-critical services to reserve channel resources for critical services, thus to further accelerate traffic processing.

Figure 2 Application identification and acceleration

On the smart O&M platform, iEdge provides application analysis and statistics from the campus, AP, and user aspects, allowing network administrators to view user experience through one click. Except for application traffic statistics and traffic ranking, the platform also provides 7×24 quality monitoring for critical applications (audio and video applications). Available application quality metrics include latency, jitter, and packet loss.

Figure 3 Smart O&M platform (1)

Figure 4 Smart O&M platform (2)

Protocol snapshot and address cache

Protocol snapshot

Protocol snapshotting records every critical moment during client association from client access, authentication, DHCP exchanging, and ARP exchanging to DNS translation, which provides strong support for evaluating user experience and device state in the entire network.

The smart O&M platform displays the association process as shown in Figure 5 for users to fast identifying failed exchanges or abnormal exchanges that take a long time.

Figure 5 Protocol snapshot on the smart O&M platform

Address cache

This feature analyzes client ARP requests to the gateway and as well as the IP obtaining process, and maintains an address cache table on each AP to store the MAC and IP addresses of the gateway and the clients. If the gateway fails to respond to an ARP request of a client, the corresponding AP responds with the gateway MAC address obtained from the table instead, enabling client fast association.

Edge security

Edge security enables the system to perform specific security policy-based filtering and security analysis operations on Wi-Fi 6 APs deployed at network edges, instead of on the AC or the firewall. Edge security improves the response speed of security policy and security analysis, and isolates threats from the wireless network.

ARP edge protection

If malicious clients perform subnet ARP scanning or launch ARP large traffic attacks, the CPUs on wired devices in the network will get too busy to support ARP learning and responding.

To resolve this issue, H3C Wi-Fi 6 APs monitor the ARP request sending rate on clients and the requested objects. If any rate anomaly is detected, the APs automatically deploy control policies to rate limit ARP requests to the gateway and discard the other ARP requests, and silence the clients with large ARP traffic.

Figure 6 ARP edge protection

Collaboration with the security state awareness platform

To perform in-depth security analysis and prediction, large networks are often deployed with the security state awareness platform. iEdge supports collaboration with the platform, which prevents risky clients detected by the platform from access the WLAN to block security threats.

Compared with discarding risky packets, isolating risky clients reduces unnecessary forwarding of risky packets and better protects the system from attacks.

The security state awareness platform can manage security devices of multiple third parties and can be widely deployed in various scenarios.

Figure 7 Collaboration with the security state awareness platform

Doctor AP

Doctor AP is an AP diagnosis mode. In doctor AP mode, an AP simulates client access to diagnose user Internet access through the wireless network, from WLAN access, address obtaining, DNS, ping, to well-known website access, to detect network issues and locate the root causes.

APs in doctor AP mode collect network failure information from the cloud platform and perform intelligent analysis of the collected data to help fast network recovery with reduced O&M cost.

Doctor AP also supports automatic routine inspection. You can specify the detection scope and time, and the system will automatically switch the optimal APs in service mode to doctor AP mode to perform routine inspection. The inspection result can be pushed to users through WeChat, SMS, or email.

Figure 8 Doctor AP