Software Defined Local Area Network

Software Defined Local Area Network (SD-LAN) is a service provided on RUCKUS One that is implemented on Edge.

Overview

The SD-LAN service provides centralized forwarding for RUCKUS access points, enabling the access points to tunnel User Equipment (UE) traffic to an Edge device. All intermediate network hops are hidden from the end user’s traffic.

The SD-LAN service works as follows:
  • A Generic Protocol Extension for Virtual Extensible LAN (VxLAN-GPE) tunnel is established between the access point (AP) and the Edge device to facilitate the forwarding of User Equipment (UE) traffic.
  • The AP associates the VLAN with the corresponding Virtual Network Identifier (VNI) (both having the same ID). For example, VLAN 10 maps to VNI 10, and vice-versa.
  • Layer 2 (L2) bridging allows user equipment (UE) traffic to be forwarded into the core network.

SD-LAN also provides the capability to forward Captive Portal guest WLAN traffic between a Data Center (DC) Edge and an Edge device located in the DMZ network. In the context of Wi-Fi networks, the DMZ is a logical network that adds an extra layer of security for the Local Area Network (LAN) by providing a safe zone, separating the LAN from untrusted networks (such as public internet).

Requirements

The SD-LAN service requires the following:
  • An onboarded Edge device with a LAN port enabled and configured as a core port.
  • A configured venue with associated APs and a Wi-Fi network.
  • An Edge cluster configured and associated with the venue.
  • APs with 7.x or later firmware version.
  • A Tunnel profile, for more information on creating a tunnel profile, refer to Policies > Creating a Tunnel Profile in the RUCKUS One online help.
    Note: When configuring a VxLAN-GPE tunnel profile between a Data Center Edge device and a DMZ Edge device, the Gateway Path MTU mode should be configured as Manual (because automatic path MTU Discovery (PMTUD) is not supported between two Edge devices) and the maximum transmission unit (MTU) defined (select from 68 to 1450 bytes).

    When configuring a VxLAN-GPE tunnel profile between an Access Point and a Data Center Edge device, the Gateway Path MTU mode can be configured as Auto or Manual.

Limitations

The SD-LAN service has the following limitations:
  • Network types supported:
    • Traffic tunneling between an AP and a Data Center Edge device: Supports all types of WLANs.
    • Traffic tunneling between a Data Center Edge device and a DMZ Edge device: Supports Captive Portal WLANs only.
  • Captive Portal WLAN support:
    • Captive portal terminating to Data Center Edge support: Supports SSID-VLAN and VLAN pooling.
    • Captive portal terminating to DMZ Edge support (Redirected through Data Center Edge): Supports only SSID-VLAN.
  • Path MTU Discovery (PMTUD) is not supported for tunnels between two Edge devices. PMTU should be manually configured for these tunnels.
  • SD-LAN does not support VLAN 1. Regardless of the method used (VLAN pooling, dynamic VLAN assignment, SSID VLAN, or OS policy), VLAN 1 cannot be assigned to User Equipment (UE).
  • SD-LAN supports only IPv4 traffic from the UE. It does not support IPv6 traffic from UE.

Best Practices

This feature has no special recommendations for feature enablement or usage.

Prerequisites

Ensure your RUCKUS One tenant account has the following configurations prior to starting this procedure:
  • A configured venue with associated APs and a Wi-Fi network
  • A configured Edge Cluster associated with the venue
  • The LAN port must be configured as the core port on the Edges that are associated with the cluster participating in the SD-LAN service.