Analysis: Metro Wi-Fi

It's not often government saves businesses money. No wonder IT groups in all size enterprises are eyeing the surge in metropolitan Wi-Fi networks with interest. If you're not considering how to incorporate this technology into your mobility strategy, wake up and smell the bandwidth: Metro Wi-Fi projects are multiplying like Starbucks stores in suburbia. As of last month, Muniwireless.com lists 111 city or regional hot zones, with an additional 135 planned deployments. That's up from 60 live and 34 planned in July 2005. And per-user access costs are significantly lower than a couple weeks' worth of lattes, ranging from free to $19.95 per month.

There's a dark side, however. Companies smack in the middle of a dense metro Wi-Fi deployment may experience co-channel interference with their enterprise WLANs, and the security concerns inherent in all wireless systems are magnified in relatively open public networks. But smart enterprises will make the most of metro Wi-Fi, whether as a primary broadband connection for branch offices or to supplement more expensive and slower 3G services for mobile employees. Here's how.

WI-FI Vs. 3G

For enterprise IT, metro Wi-Fi has advantages beyond cost when compared with 3G technologies, such as HSDPA/ UMTS and EV-DO, and the IEEE 802.16e-2005 mobile WiMax standard. Wi-Fi cards are embedded in most laptops, many PDAs and an increasing number of high-end smartphones, obviating add-on PC technology.

For speed and latency, metro Wi-Fi performance leaves rivals in the dust: The 3G technologies we profiled in our Aug. 31 issue provide 1 Mbps downstream, at best, with a fraction of that on the uplink. Even legacy IEEE 802.11b can eke out multiple Mbps at symmetrical rates.

Today, pseudo mobile WiMAX systems like those from Navini Networks and Soma Networks are fixed services or use proprietary cards or modems. They do offer higher capacity and speeds, with lower latency than 3G networks, and speeds in the 1 Mbps to 5 Mbps range. But the reality is, Mobile WiMAX is still a wildcard for the enterprise: The cost for upcoming WiMAX cards and services are unknown and true mobile WiMAX networks have not yet been built in the United States. It's too early to tell what the potential is for enterprise users.

In contrast, IEEE 802.11g can realistically provide upwards of 20 Mbps at short ranges, dropping to 1 Mbps to 2 Mbps throughput only at the outer edges.

See more on metro Wi-Fi's technical advantage below, in "Wi-Fi Flexes its Technical Muscle."Enterprise Alignment?

How big a role should metro Wi-Fi play in your overall wireless and mobility strategy? It depends on your location and bandwidth requirements.

Companies based in areas covered by established metro Wi-Fi networks may be tempted to forego wireline altogether and install mesh-terminating nodes at their locations--products that BelAir Networks and Strix Systems are very happy to sell. But despite the technical advantages of mesh design, such as self-healing and low-cost internodal data transport, mesh networks can't match the high-speed throughput and performance of PTMP (point-to-multipoint) links.

As a result, metro Wi-Fi operators are using the same backhaul networks used for mesh cluster backhaul to provide alternative broadband services to businesses, with 1 Mbps to 100 Mbps, low-latency, full-duplex links; quality depends on distance, line-of-sight and radio technology used.

Further, remember that cellular networks don't provide five bars of service across their coverage areas--and that's just as true for metro Wi-Fi. Few deployments can serve the basement, centers of buildings and above the second floor. Most RFPs ask for 85 percent to 90 percent indoor coverage within the first wall, with 95 percent outdoor coverage. Wireless Minneapolis, for example, required 95 percentage coverage within one-square-mile grids, so that not serving a contiguous quarter-square-mile of difficult terrain--or poor neighborhoods--would be unacceptable.

Metro Wi-Fi service will also not likely be found in shopping malls, conference centers and deep inside hotels--any real estate where obtaining affordable access to mounting locations is difficult and where the venue may have it's own (perhaps for-pay) solution.

Backup power is also a concern. Unless the network is designed for public safety (see "Tax Dollars and Digital Divide"), batteries are usually eliminated, to save money. Those planning to use VoWLAN phones on the metro Wi-Fi network as a replacement for primary-line service will be sorely disappointed during power outages. Even where battery backup is available, nodes will last only a few hours.

And, despite the rising interest in metro Wi-Fi networks, service is not yet anywhere near ubiquitous. Muniwireless provides a list of cities and regions with projects running or in the works (PDF), but development is far from uniform. Twenty-three California sites are listed, with 15 more planned. In Tennessee and Alabama, you're out of luck. Most states are somewhere in between. Only Rhode Island is considering a statewide project.

Get HotMetro Wi-Fi networks will offer better price and performance versus 3G for mobile users who remain within the confines of such a network, but for city-hopping employees where Wi-Fi coverage is not guaranteed, 3G connectivity will provide a wider-range link. Even though 3G networks from Verizon and Sprint (based on EV-DO Rev. 0) or Cingular (based on HSDPA) may not provide 3G service everywhere, they can generally fall back to 2.5G, providing a continuous and seamless experience over most populated areas in the United States.

If your organization's wireless carrier sells access in terms of a bucket of minutes or bytes rather than per account, a combination of 3G and metro Wi-Fi could be the best route to reduce access fees. T-Mobile is the only wireless carrier with a substantial Wi-Fi buildout, but it has no 3G play.

Hot-spot providers are also taking notice. In fact, iPass wants to step into the role of one-stop shop for network access.

David Hawkins, director of business development for iPass, says the nature of Metro Wi-Fi networks is so similar to his company's offerings that iPass hopes to negotiate deals with metro Wi-Fi operators to offer access at the same rates and terms it gives today for small-size hotspots. The company just announced one such agreement--iPass customers can now access Pittsburgh's metro Wi-Fi network operated by U.S. Wireless Online.

Hawkins wouldn't disclose details for other near-term arrangements in North America but he did tell us that iPass has established a roaming agreement with The Cloud, a leading European wireless network operator that provides coverage in the United Kingdom, Sweden and Germany.For more on iPass' offerings, including an evaluation of its iPassConnect service, see Taking Advantage of Wide-Area Wireless .

A substantially more advanced concept, suggested by Stephen Rayment, CTO of wireless mesh gear provider BelAir Networks, is the idea of roaming from the inside out--an organization's WLAN is extended from the inner sanctums of the office to the metro Wi-Fi mesh, so that as employees move around the city they retain secure and speedy access to corporate resources. This requires provisioning the corporate SSID and security parameters into the metro Wi-Fi network, shuttling traffic over a separate VLAN, and funneling it into the corporate network.

Although technically feasible, this scheme is unlikely to pass muster with the chief security officer anytime soon. The comfort level is just not there: We're talking metro Wi-Fi operators, not regional carriers or well-established fiber-based service providers. There's no reason for the CSO to trust these newbies, most of which know nothing about serving the enterprise space.

The inverse, roaming from the outside in, involves replicating the metro Wi-Fi configuration in the office network and transporting the metro Wi-Fi traffic on the corporate network to the service provider's core. Visitors could take advantage of the metro-scale wireless network, relieving the organization of the need to provide guest Internet access. This model also fits larger campuses, such as universities, where the city might not necessarily build out wireless service into the school's open area, but coverage would flow seamlessly from campus edge to core.

Metro MayhemFor IT, making use of citywide Wi-Fi networks presents challenges, especially surrounding security. Many enterprises still have concerns about deploying closed enterprise WLANs--a shared public environment will give these security groups palpitations. It's tempting to default to more expensive and slower--but better understood-- 3G connectivity for mobile users who need to work with sensitive data. But with a properly implemented remote access policy, metro Wi-Fi can be just as secure as 3G.

Currently, 3G network security is based on the fact that consumers can't use commodity gear to sniff these wireless signals, and that link layer encryption hasn't been exploited to the same extent as WEP and WPA. EarthLink also has reportedly committed to providing secure Layer 2 access on its metro Wi-Fi deployments using EAP-TTLS, a security mechanism that authenticates the server and, within a tunnel, exchanges user credentials and session keys.

This security is implemented using a bridge: The user places the device by an outside-facing window and plugs in his home network, which could include a personal Wi-Fi router. Although EAP-TTLS is not supported natively by Windows, Intel's Centrino and Cisco Systems' clients support it, as do most other cards using third-party supplicants from Funk Software (now owned by Juniper Networks) and Meetinghouse (now owned by Cisco).

Layer 2 encryption notwithstanding, administrators and security personnel should require remote users to employ a VPN, whether IPsec, SSL or a mobile VPN such as NetMotion, and maintain current antivirus definitions and firewall rules in order to access internal resources.

The other half of the security challenge is implementing and enforcing wireless connection policies from within the office. Organizations that find themselves within metro Wi-Fi zones could have security holes as wireless users in the office associate to the outside network. Some will do so accidentally. Of greater concern are those who intentionally associate to the outside metro Wi-Fi network to bypass corporate proxy servers, firewall restrictions or a content filtering system, or to funnel out corporate information without detection by extrusion prevention technologies.Wireless IDS/IPS systems, as an overlay or integrated into the existing wireless network, can lessen those threats by containing or mitigating corporate wireless clients that connect to neighboring access points. We recently reviewed these systems; see "WIDPS Overlays Provide Ultratight Security" .

IT's A Mesh

Most planned and deployed metro Wi-Fi networks are based on mesh technology from vendors such as BelAir, Motorola, Nortel Networks, SkyPilot, Strix Systems and Tropos, with the last credibly claiming the most deployments. EarthLink, for example, has chosen Tropos as its mesh partner and Canadian firm DragonWave as its backhaul partner.

Before the days of mesh systems for metro Wi-Fi, a weatherproofed AP was tied to another radio with a directional antenna that backhauled traffic in PTMP form. This required that every backhaul radio have line of sight to the base station, not always practical in areas with mature trees or tall buildings.

Mesh nodes don't require line of sight to a central tower. Instead, nodes are placed close enough that the backhaul radio can communicate with one or more neighboring nodes. Depending on mesh routing algorithm and configuration, traffic traverses from one node to the next until it reaches a gateway node that backhauls the traffic over a PTMP link to the service provider's core network (see First Generation Mesh diagram, at right).

Placing nodes in relatively close proximity creates some resiliency and self-healing capabilities. But multiple gateway nodes are installed for more reasons than redundant access to the service provider's core network. Besides the obvious capacity requirements, gateway nodes also reduce the number of intermediate hops from any client to the Internet. Deployments with "good" coverage--say, 95 percent outdoor coverage, 85 percent of indoor rooms that have out outside-facing walls--typically require 25 nodes per square mile, and some deployments cover dozens of square miles.

If the target hop count were three or fewer, and each node could communicate to eight adjacent nodes, one gateway node would have to be deployed in the center of each square mile. Tropos clusters just three to seven nodes, then backhauls that traffic using a PTMP system. From there, traffic is transported over a wireline network to the central interconnection point.

These same PTMP systems are used to provide businesses with a wireless alternative to wired broadband service. EarthLink labels this its "capacity injection layer," a marketing term to connote how it provides higher speeds and is separate from the horizontal communication occurring within a mesh cluster.

Fixed-wireless business connections skip the mesh traversal and connect directly to PTMP or even a PTP (point-to-point) base station. This avoids the vagaries and limitations of meshed access and offers the capability to scale up to higher-capacity units, if necessary, but line of sight is still required.In many ways, this is the same kind of business that WISP (wireless ISP) TowerStream has targeted in Chicago, Los Angeles and New York. Proprietary gear by Alvarion, DragonWave and Motorola's Canopy form the bulk of current installations, though in the future standards-based WiMAX could stand in.

Clash Of The Channels

All mesh vendors claim increased power output and receive sensitivity, either through amplification or specialized antenna technology, such as directional arrays or beam-forming. Combine these devices with the proliferation of residential access points and metro Wi-Fi gear tuned to the highest FCC-allowable power levels for their client and backhaul links, and it's not hard to imagine RF congestion affecting the outer edges of enterprise WLANs.

For example, EnGenius heavily markets its ECB-3220, a wireless bridge that outputs at an enormously high power level, over 400 mW. This bridge is a technically appropriate device for consumers or small enterprises to tap into a metro Wi-Fi configuration.

As long as "take rates"--the percentage of people using a service--remain moderate and overall bandwidth levels low, smaller shops should be able to avoid co-channel interference by switching to an unused, non-overlapping channel. But most enterprise deployments use all three channels in the 2.4-GHz range.Although this problem shouldn't be overstated, it's another incentive for enterprises to pursue wireless networks designed around the large number of 802.11a channels in the 5-GHz range and work with the group that manages their local metro Wi-Fi networks to make sure they're mindful of businesses when deciding node placement and antenna positioning.

Wi-Fi Flexes Its Technical Muscle

Wi-Fi has a variety of advantages over 3G and WiMAX. First, because it uses unlicensed spectrum, it has several hundred megahertz between the ISM and UNII bands, rather than the 10 to 100 or so megahertz that a conventional wireless service provider might own in any single market.

Second, Wi-Fi's allowable output power, frequency characteristics and antenna location mounts are such that they constrain cell size, which leads to a lower number of PoPs per cell. Metro Wi-Fi networks use many more 802.11 radios per square mile than a mobile WiMAX or 3G base station, resulting in several orders of magnitude higher speeds per comparable area. Small cells mean higher spectral reuse patterns, increasing overall system capacity.

Most mesh systems that are the basis for metro Wi-Fi networks are with less than five hops before traffic exits a gateway to the service provider's core network. More hops introduce unnecessary traffic on possibly capacity-constrained wireless backhaul networks and increase the likelihood of latency and jitter from buffering.Latency in a 3G network is measured in the hundreds of milliseconds; Mobile WiMAX drops it to low double-digits, bu t none can match the single-digit latency of metro Wi-Fi. Tax Dollars And Digital Divide

Metro Wi-Fi isn't cheap: The cost to build a municipal mesh wireless network ranges from $50,000 to $100,000 per square mile, according to Gartner, which pegs the cost to operate and maintain these networks at more than $500,000 per year for a midsize city. In the future, advertising sponsorships by local companies or large corporations could dramatically offset these costs--getting such funding just requires some effort on the city's part.

For their trouble, municipalities expect to provide inexpensive broadband Internet for visitors and citizens, as well as address city applications, such as public works and SCADA (Supervisory Control and Data Acquisition) devices like irrigation and sewage systems, water pumps, wells and even traffic signals.

Most cities also are interested in addressing the digital divide--the perceived disparity of some groups in relation to Internet access, or more specifically, broadband Internet access.

But what causes this digital divide? According to a Pew Study late last year, fully one-third of Internet nonusers haven't jumped on the bandwagon because they're "just not interested." No amount of subsidy is going to attract this user segment.Another third said they aren't online because there is no broadband access available. Build-out and coverage requirements by cities will address this complaint. Among the remaining respondents, only 5 percent said that Internet access was too expensive. Confirming this response, the same Pew Study calculated that 49 percent of those with annual household incomes under $30,000 have Internet access.

It can't be emphasized enough that wireless broadband is just one leg in a three-legged stool: Computer ownership through subsidized PCs or laptops, and information literacy through training, form the remaining two legs. We suggest that politicians and social activists ought to shift focus away from affordability and onto educating citizens about their options and building out ubiquitous access.

Politics As Usual? Boston Bucks The Trend

Early on, modest municipal wi-fi deployments were paid for entirely by the local government through equipment certificates, public economic development funds or bonds. But when larger cities demonstrated their interest in metro Wi-Fi, telcos and cable companies cried foul. Lobbyists were hired and campaigns launched insisting that the government ought not to compete with private industry. To address these concerns, municipalities formed public/private partnerships in which nonprofit groups, such as Wireless Philadelphia, raised the cash required to build out the network.

What turned things on their head in Philadelphia was a bold pledge by EarthLink to pay for the entire wireless network and provide services and monies that addressed digital-divide concerns (see "Tax Dollars and Digital Divide"). Residents will pay for service, and EarthLink must wholesale access to its network for other wireless ISPs. EarthLink has signed similar contracts with several other cities. With buildout costs hovering around $75,000 per square mile, capital costs are significant for the operator, but the city's blessing greases the wheels for right-of-way access, pole contracts and all but assures the provider of first-mover advantage.

One important aspect of these metro Wi-Fi agreements was a written guarantee from the city to remain an anchor tenant and purchase services at a set price for a definite time period, providing the operator with a minimum revenue base. The pendulum has started to shift back, however, to a more public-interest-oriented model, with fewer cities promising exclusivity.For example, MetroFi, which operates Portland, Oregon's Wi-Fi project, admitted that it could survive without any revenue from the city. In that strategy, low speeds will be offered for free, sponsored via advertising, while higher speeds without advertising come with a monthly $20 charge. The premise is that subscriber management and support adds so much to operational costs that, if removed, advertising--even a few dollars per user per month--would be enough to support capital and the remaining operational expenses.

The latest announcements in Boston also hint to a throwback to earlier days. Most recently, the city decided to select a local nonprofit group to raise the funds and build out a network infrastructure that can be wholesaled on a nondiscriminatory basis. This design is somewhat familiar to the layered model of broadband deployment found in Europe and in Utah's UTOPIA network: A neutral physical network funded by localities, operated and maintained on a contracted basis to a third party, and available on a wholesale basis to application providers.

Frank Bulk is a contributing editor to NWC. He works for a telecommunications company based in the Midwest. Write to him at [email protected].