3 Tips to Keep BYOD from Killing Your Network
Lee H. Badman
October 01, 2012
Much of the coverage around BYOD focuses on the complexities of data protection and policy enforcement on user devices that don't necessarily belong to the employer. But BYOD also has network implications. In my own environment, on a university campus, the number of people who use the network is the same, but they routinely use multiple devices. As more smartphones and tablets connect to the WLAN, that means increased load and stress on network resources such as DHCP and authentication servers. Here are three tips to help you manage the network side of the BYOD challenge.
First, consider the IP address space. We're lucky to have a full, publicly routed Class B network, but we still have more total devices in need of connectivity than we can serve with public IP addresses. So we find creative ways to handle the load. For example, we put all devices that we practically can into private space, and we use NAT where it makes sense, like for short-term wireless guest access in our stadium. We also periodically review our use of subnets for efficiency and relevance against organizational changes, such as when wired usage in our residence halls fell off dramatically in favor of wireless.
- Smarter Process: Five Ways to Make Your Day-to-Day Operations Better, Faster and More Measurable
- Bring Salesforce.com Alive with Your Key Business Processes: Register Now
- Virtualization and Cloud Computing : Optimized Power, Cooling, and Management Maximizes Benefits
- Part 1 Whitepaper - Why Use Big Data for Cyber Security? A Practical Guide Big Data Security Analytics
But even the best IP address stewards know that there are only so many tricks for staving off local IPv4 exhaustion, and when BYOD causes connected device counts to increase exponentially, it brings the IPv6 wolf a little closer to the door. (The real wolf, not the stuffed one that many of us trot out for IPv6 Day and then put back in the toy box and ignore for the next year.) Our campus plans to hold on to IPv4 as long as we can, but we are watching for signs that we have no choice but to move. In the meantime, we do a lot of IPv6 testing and development in the lab to ensure that when the times comes, we'll be ready for the transition.
Next, consider subnet sizing. There are lots of opinions on how big a single wireless network should be allowed to get on modern hardware, and every network engineer and has his or her own ideas about how big to let a broadcast domain become. We've found that 15,000 devices on a subnet works fine--as long as things like multicast are managed (or disallowed). We've also invoked tricks like band steering and disabling of legacy data rates to essentially shrink cell sizes.
Finally, look to your network design. Corporate (or university) Wi-Fi is a godsend to users who don't want to tap their own carrier data plan. And those users are going to test your WLAN design in real time. If your design is dated or sloppy, you'll be adding or moving APs to address the influx of devices. A design isn't just about accommodating overall client counts; location also matters. For one, users may congregate more heavily in some areas than others. For another, you have to account for the physical properties of the location. For example, our residence halls and library both get heavy loads, but we can't copy the design for one location and use it with the other. In the residence hall we're dealing with dorm rooms made of concrete blocks, while the library has lots of wide-open spaces.
The influx of BYOD clients has a ripple effect that runs through wireless controllers, ACLs, switch configurations, DHCP pools and the training of support staff. As we've grown our network to meet user demand, our assumptions about what we know about WLAN design have really been tested. We've reviewed and altered designs and added and upgraded hardware. And we can always count on users to let us know if our BYOD efforts aren't making the grade.