SAMPIETRO, Angelo (Via Amedei 2, Milano, I-20123, IT)
DE CARNE, Nicola (Via Amedei 2, Milano, I-20123, IT)
SAMPIETRO, Angelo (Via Amedei 2, Milano, I-20123, IT)
CLAIMS
1. Wireless local area network comprising
- a plurality of access nodes (12a, 12b) arranged to supply communication services to a plurality of client type devices (14); characterised by
- a server node (15, 51) connected to an access node (12b) of said plurality (12a, 12b) and arranged to configure said plurality of access nodes (12a, 12b) by means of a communication protocol (53) comprising a limited number of commands and through said access node (12b) .
2. Local area network according to claim 1 characterised in that said communication protocol comprises commands for said plurality of access nodes (12a, 12b) arranged respectively to:
- set up (SET) variable values;
- request (GET) variable values;
- execute real time operations (REALTIME) .
3. Local area network according to any one of previous claims characterised in that said server node (15) is a client terminal of an Internet network (18) and is connected to said access node (12b) through said Internet network.
4. Local area network according to any one of previous claims characterised in that said plurality of access nodes (12a, 12b) comprises
- at least one gateway type access node (12b) arranged to receive said configuration commands from said server node (15);
- at least one client type access node (12a) arranged to receive said configuration commands from said gateway type access node (12b) .
5. Configuration server for a wireless local area network having a plurality of access nodes (12a, 12b) arranged to I b supply communication services to a plurality of client type devices (14), characterised in that it comprises
- connection means (19) arranged to be connected to an access node (12b) of said plurality; - at least one configuration program module (51) arranged to operate the configuration of said plurality of access nodes (12a, 12b) by means of a communication protocol (53) comprising a limited number of * commands and through said connection means (19) . 6. Configuration server according to claim 5 characterised in that said communication protocol comprises commands for said plurality of access nodes (12a, 12b) arranged respectively to:
- set up (SET) variable values; - request (GET) variable values;
- execute real time operations (REALTIME) .
7. Configuration server according to claim 5 or 6 characterised in that said connection means comprises
- a connection to an Internet network (18) . 8. Configuration server according to any one of claims 5 to 7 characterised in that said configuration program module (51) is associated to a
VPN type security module arranged to interface said plurality of access nodes (12a, 12b) in a secure way. 9. Access node of a wireless local area network arranged to co-operate with a configuration server (15) as claimed in claims 5 to 8, characterised by connection means (19) arranged to be connected to the configuration server (15); - first configuration program means (33) arranged to receive from said configuration server (15) through said connection means (19) configuration commands by means, of a communication protocol (53) comprising a limited number of commands; - second configuration program means (31) configurable for transferring said configuration commands of said communication protocol (53) to further access nodes (12a) . 10. Access node according to claim 9 characterised in that said communication protocol comprises commands arranged respectively to:
- set up (SET) variable values;
- request (GET) variable values;
- execute real time operations (REALTIME) . 11. Method for configuring a wireless local area network having a plurality of access nodes (12a, 12b) arranged to supply communication services to a plurality of client type devices (14) , the method being characterised by the steps of
- providing a server node (15) connected to an access node (12b) of said plurality (12a, 12b)\;
- providing a communication protocol (53) comprising a limited number of commands;
- operate by using said server node (15) the configuration of said plurality of access nodes (12a, 12b) by means of said communication protocol and of said access node (12b) connected to said server node (15) .
12. Method according to claim 11 characterised in that said step of providing a communication protocol (53) comprises the step of providing commands arranged respectively to: - set up (SET) variable values;
- request (GET) variable values;
- execute real time operations (REALTIME) .
13. A computer program product .directly loadable in the internal memory of a computer and including software code portions arranged to perform, when the product is run on a computer, the method of any of claims 11 to 12.
14. A computer program product as claimed in claim 13 embodied in a computer-readable medium. |
"Wireless LAN, server for wireless LAN, communication module for wireless LAN"
Technical Field The present invention relates, in general, to a wireless
LAN (Local Area Network) , to a server for wireless LAN and to a communication module for wireless LAN.
In particular, the present invention relates to a W-LAN
(Wireless-LAN) that uses the IEEE 802.11 Standard. Background Art
Wireless local area networks are known, in particular W-
LANs are known that use the IEEE 802.11 Standard to which reference is made for the sake of simplicity from now on.
Such networks comprise, typically, one or more access points or access nodes, preferably interconnected to one another, arranged to supply network services or "serve" a plurality of user devices (clients) in a determined area.
In known WLANs at least one of the access points is connected to a network server so as to put the WLAN in communication with other network types, for instance the INTERNET network. A problem common to all the WLANs is that the configuration of the access points of a WLAN, such as by means of:
- parameters set up (provisioning) on each single access point;
- analysis of single access points;
- configuration tracing (assurance) of every single access point;
- firmware upgrade of every single access point, requires, according to the background art, intervention by an operator who, by positioning himself near the single access point, directly accesses it and configures it properly. Such a solution obviously involves serious losses of time as well as insufficient reliability, the configuration of the
access points depending somehow on the ability of the single operator to carry out the interventions in place.
In the networks field, in particular in the Internet networks field, network servers are known arranged to configure remote nodes.
In such fields, for configuring remote nodes network servers use standardised communication protocols, such as the SNMP protocol (Simple Network Management Protocol) . As known, such protocol type is typically very heavy, having a high number of control information respect to the data to be transmitted (i.e. low transmission efficiency), and it is also very demanding for the network and not reliable, because it uses as transmission protocol the UDP protocol (User Datagram Protocol) which does n x ot guarantee data delivery except by means of retransmission.
Obviously, the same type of considerations can be made for other types of standardised protocols that allow network servers to configure remote nodes.
In summary, the Applicant has found that the background art, in general in the field of wireless local area networks, and, in particular in the field of WLANs, does not teach tools for remotely configuring the access nodes or access points of the wireless local area network and that the teaching coming from the field of networks in general is not usable for remotely configuring the access nodes of the wireless local area network in a simple and effective way. Disclosure of the Invention
The object of the present invention is thus a wireless local area network that does not incur the above-outlined problems of low configuration efficiency and unreliability.
Such an object is achieved by means of the wireless local area network and apparatus as claimed.
The present invention relates also to a method for configuring a wireless local area network as well as to a
computer program product loadable in the memory of at least one computer and including software code portions for performing the steps of the method of the invention when the product is run on at least one computer. As used here, the reference to such a computer program product is meant as equivalent to the reference to a computer readable medium containing instructions for controlling a computer system so as to co-ordinate execution of the method according to the invention. Reference to "at least one computer" is meant to highlight the possibility for the method of the invention to be carried out in a decentralised manner over a plurality of computers. Claims are an integral part of the teaching of the present invention. According to a preferred embodiment the wireless local area network comprises a server node arranged to configure a plurality of access nodes by using a communication protocol having a limited number of commands .
According to a further feature of the present invention, the communication protocol only comprises commands arranged, respectively, to set up variable lvalues on the single access nodes, to request variable values and to execute real time operations .
According to another feature of the present invention, the network comprises access nodes having gateway functionality and arranged to be directly configured by the server node as well as access nodes having client functionality and arranged to be configured through the access nodes having gateway functionality. Brief Description of Drawings
These and further features and advantages of the present invention will appear more clearly from the following detailed description of a preferred embodiment, provided by way of non-limiting example with * reference to the attached
drawings, wherein components designated by same or similar reference numerals indicate components having same or similar functionality and construction and wherein:
Fig. 1 shows a wireless local area network according to present invention;
Fig. 2 shows a physical diagram of an access node of the network of Fig. 1.
Best mode for Carrying Out the Invention
With reference to Fig. 1 a wireless local area network (network) 10, according to the present invention, for instance a W-LAN that uses the IEEE 802.11 standard, comprises one or more access nodes of client type (first-type or client access nodes) 12a, configured for supplying, in a known way, access and communication services to a plurality of user devices (clients) 14, a 4 t least one access node of gateway type (second-type or server access nodes) 12b configured both for supplying access and communication services, in a known way, to a plurality of user devices
(clients) 14, and for transferring (when in gateway functionality) , as it will be disclosed later on in detail, configuration parameters from a server node (server) 15 to one of the first-type access nodes 12a.
Clients 14, of known type, for instance personal computers or electronic organisers, are configured so as to exchange information with the access nodes, 12a and 12b respectively, by using, for instance, the IPv4 (Internet
Protocol Version 4) communication protocol.
Server 15 is preferably connected to a wide area network
18, for instance an Internet network, and comprises program modules, of known type, for allowing information exchange between clients 14 of- the network 10 and user devices connected to the wide area network 18.
In the preferred embodiment, server 15, for instance a personal computer of known type, comprises stored on it a
configuration engine (server module or element manager) 51 arranged, as it will be disclosed later on in detail, to configure first-type and second-type access nodes, 12a and 12b respectively, of the network 10 by using a communication protocol (element manager protocol) 53, developed in the design phase of the network, and directed to optimise the local are network 10 configurability.
First-type and second-type ■ access nodes, 12a and 12b respectively, according to the present exemplary embodiment, comprise, for instance, the same hardware and are configurable, by means of program modules develop during the design phase of the network 10, for operating either as first-type access nodes 12a or second-type access nodes 12b, according to the specific configuration requirements of the network 10.
In particular, the first-type and second-type access nodes, from now on simply referred to as access nodes, 12a and 12b, unless otherwise specified, comprise a main board 21 (Fig. 1, Fig. 2) arranged for being connected to Internet, for instance a board Routerboard Model 532A by the Company MikroTik with operating system Linux version 2.4 connectable to Internet according to the IPv(? Standard, a first network board 23 arranged to carry out wireless connections according to the IPv6 standard at least to other access nodes, for instance a board Model CM9 by the Company Wistron, and a second network board 25 arranged to carry out wireless connections according to the IPv4 standard to clients 14, for instance a board Model NL2511-MP PLUS by the Company Senao. Network boards, 23 and 25, are connected in a known way to the main board 21 through a BUS 28, for instance a mini-PCI (Peripheral Component Interconnect) BUS.
According to the preferred embodiment, access nodes 12a and 12b comprise an agent program module (agent module) 33, developed during the design phase of the network 10 and
stored, for instance, on the main board 21, arranged to manage, through the first network board 23 and by using the communication protocol 53, configuration data coming from the server 15. The second-type access nodes 12b are connected to Internet, for instance by means of a connection cable 19, and comprise a agent-server program module (agent-server module) 31, developed during the design phase of the network 10 and stored, for instance, on the main board 21, arranged to manage configuration data and/or send configuration data, coming through the cable 19 from the server 15, to others first-type access nodes 12a, by means of the first network board 23 and by using the communication protocol 53.
In the preferred embodiment the communication protocol (protocol) 53 comprises a limited set of commands and associated messages arranged fort allowing to configure the access nodes of the WLAN.
For instance, the protocol comprises a limited number of configuration commands to be executed by the access nodes, 12a and/or 12b, for modifying parameters or configuration files present on the access nodes 12a and 12b. Still more preferably the provided configuration commands are:
- GET for requesting variable values; - SET for requesting to set up variable values;
- REALTIME for requesting execution of a real-time command on the access node.
The above described commands allow to execute provisioning, assurance, upgrade and analysis- functions on the singles access nodes of the network 10.
As a matter of fact, Applicant believes that in order to configure the access nodes of a network it is sufficient to have a limited number of commands and, in particular, of commands similar to those indicated above.
Preferably, commands are transmitted by means of messages, these too being in limited number, written, for instance, according to XML (extensible Markup Language) format; such messages are, for instance, in a standardised form of the type: <request>
<reqType>GET</reqType> <elementIp>10.20.33.12</elementlp> <name>/proc/net/arp</name> <regexp>[ !CDATA[ ( ( [0-9A-F] {2} :*) {6}) ]</regexρ> <delimeter>, </delimeter> <value></value> </request> wherein the field: - ReqType: contains GET/SET/REALTIME commands;
- Elementlp: contains the IPv6 address of the access node;
- Name: contains, in case of GET or SET commands, the name of the file to be set; in case of REALTIME command it contains the command to be executed; - Regexp: contains a regular expression to be used for formatting variables present on the access nodes before sending them back to the element manager;
- Delimiter: indicates a delimiter if the variables are more than one; - Value: contains, in case of SET command, the variable to be written in the file "name", in case of REALTIME command it contains the arguments to be used for starting the command "name"; for instance, in case of SET command, a "value" set to 2 indicates firmware upgrade; a "value" set to 1 indicates a reboot; a "value" set to 3 indicates to repeat the provisioning (i.e. to cancel the configuration file of the agent module 33 and to activate the reboot of the access node, 12a or 12b) ; a "value" set to 4 indicates to carry out a restart of the agent module 33.
In the preferred embodiment the protocol as described allows to execute configuration functions such as provisioning, assurance, upgrade* and analysis on the single access nodes of the network 10. For instance the operation of setting up configuration parameters (provisioning) on every single access node, 12a or 12b, provides that, following a specific initiative of the server 15 or a "PROVISIONING" message (request) coming from an access node, 12a or 12b, wherein the request, for instance, is in the form of: <request>
<reqType>PROVISIONING</reqType> <elementIp>10.20.33.12</elementlp> <sn>SC_345567MM</sn> </request> the server 15 transmits to the -single access node, 12a or 12b, messages comprising a set of variables in the form of: <config>
<request> <reqType>SET</reqType>
<elementIp>10.20.33.12</elementlp> <name>keepaliveTimeout . cfg</name> <regexp></regexp> <delimeterx/delimeter> <value>60</value>
<accessType>R or RW</accessType> </request>
</config> The agent module 33 of the single access node, 12a or 12b, following the received message, creates the file indicated in the "name" field and writes therein the text comprised in the "value" field. Moreover the agent module 33 further stores in a file, having for instance the name
"main. conf", all the variables and the access type thereto. Obviously, in other embodiments the agent module 33 could store the variables in more than one file according to the provided access type. At the end of the provisioning operation, the agent module 33 responds with a "PROVISIONING OK" message in the form: <request>
<elementIp>10.20.33.12</elementlp>
<sn>SC_345567MM</sn> <retCode>0</retCode>
<infoMessage>PROVISIONING OK</infoMessage> </request> and, for instance, it forces a reboot of the access node, 12a or 12b. In summary, at the end of the provisioning operation the access node will comprise:
- a file (main.conf) in which all the names of the variable to be read and/or written are included;
- a set of files created for the variables to be written so that such variables can be applied to the access node, 12a or
12b.
For instance the configuration tracing operation (assurance) of every single access node, 12a or 12b, provides that, following a specific initiative of the server 15, wherein the request, for instance, is in the form: <request>
<reqType>GET</reqType> <elementIp>10.20.33.12</elementlp> <name>/var/adm/messages</name> <regexp></regexp>
<delimeterX/delimeter> <value></value> </request>
the agent module 33 responds with a message in which the requested file is included.
For instance, the configuration upgrade operation (firmware upgrade) of very single access node, 12a or 12b, provides that the server 15, after fetching, for instance, a new firmware to be stored on single access nodes, 12a or 12b, sets, by means of a sequence of "SET" type commands, the variables on single access nodes, 12a or 12b, by means of messages of the type: <request>
<reqType>SET</reqType> <elementIp>10.20.33.12</elementlp> <name>reboot . cfg</name> <regexp></regexp> <delimeterX/delimeter>
<value>2</value> </request> and forces a reboot of the access* node, 12a or 12b, as in the case of the provisioning operation. The described protocol, as easily comprehensible to a technician in the field, further allows to set up in the access nodes, 12a and 12b, by means of SET commands, the public and private keys of the WLAN.
For completeness, an example of a message usable for setting up a private key in an access node is reported hereunder: <request>
<reqType>SET</reqType> <elementIp>10.20.33.12</elementIp> <name>agent-key.pem</name> <regexp></regexp>
<delimeter></delimeter>
<value> — -BEGIN RSA PRIVATE KEY
MIICWwIB AAKBgQCcTs+YSzZpkόπOOvklWbSDmONFfSQmG/zFWHvPqLRJZβShbkK DKFB3h41f4hFLx6ZkKZE8qe70MvfQrvqFcflNTbq81yUyNgG9y7PX/gZXlwf kCuo DCESIcMhQQRδirzdthSQkiDPs/FNClHrvMwlAsqELOVsFlGjSesSVZRenQI DAQAB
AoGAGsqDWKDguaSdUόtl+SAEKlIlDAymlFEQdyjGFXyl β YUβNHBQLAHILgMFRcYb
2SIEiERSv+47h3uYBrQUQt80xya31frooWPm5BOKwQqaik6BkMdaf5ClJ 7B0+eRGt
OGnE+sCkZIaδXKqtdMqeuK β RS+EVNMPOUlaARHPCSaeldOCQQDNbgPQsόlcSlzz
5IZTi5oUrj6JY4FrhAbgH0tgoD2k3vkCeJ31GH2ibU59fii01esuuYliG ctVtvIonV psfirmO27AkEAwskjnJxtEt/ItQneDUje2NPGBkOKWjDVGgSA46TacJpyJSL brv63 gXη9NMy£Ltxa84jkIniNfrolqA^iyxλwJAUliTplasVWAgZR/JFodgj5q OApVC3
A4irXp3idmdQejIFePFMlZ81g+L8+7OwuWsJOlJAC0eDkzJPtKiBNSfTx QJAUPef
D/iN9myDV420eb0ytNrC09O7bOYjjt8UXIwoKOpqTDmDK+jBitb0bs5iJ Cm2aeQz zl819WnKZ41vfLtsBRfQJAXlyLrgZ5VM3nHBn9McvTJZhrqx+5rWt2PfUqAH RDrXTI
X7uHiYW9lectagov0mCR7oy9RWbiPx7bHF/wYXoqOg= END RSA PRIVATE KEY- — </value>
</request>
In summary, the described protocol 53, though using a limited set of commands and messages, allows to completely configure the network.
By taking as reference the ISO/OSI (International Standard Organisation/Open System Interconnection) model and the Internet protocol suite, in the following Table 1 a diagram representative of the levels occupied by the server module 51, the agent-server module 31 and agent module 33, is reported in which, for completeness, an interface module VPN (Virtual Private Network) of known type is also indicated; such a VPN module is provided, in the preferred embodiment, for securing the connections between the server 15 and the access nodes, 12a and 12b.
TABLE 1
From Table 1 it is self-evident that the server module 51, the agent-server module 31 and the agent module 33 use,
in the preferred embodiment, the TCP protocol (Transmission Control Protocol) as transport protocol and operate in close interaction therewith.
Such a solution, which is the preferred one, guarantees, as easily comprehensible to a technician in the field, a good transmission efficiency and, at the same time, guarantees the safe reception of messages.
As a matter of fact, taking as a measure of the transmission efficiency the relationship: Y/ (X + Y) wherein X is the number of control information and Y is the number of data to be transmitted, it is self-evident that by using the described protocol and network architecture it is possible to obtain a transmission efficiency tending to 1 for configuring network nodes.
The operation of network 10 as described above, in respect of configuration operations, is the following. By taking as reference a starting step of parameters set up (provisioning) it is provided tha't the access nodes, 12a or 12b, once powered on, following a verification, carried out by the agent module 33, of the absence of configuration file on the access node, request the server 15, in a first step, through a "PROVISIONING" message of the described type and by using IPv6 addressing format, the transmit the configuration files.
If the request is carried out by one of the first-type access nodes (client nodes) 12a, such a request is managed by one of the second-type access nodes (gateway node) 12b that, having also gateway functionality, is arranged to transfer the request to the server 15 by using the agent-server module 31.
Following the request, the element manager 51 provides, in a second step, one or more messages including SET commands for the requesting access node, 12a or 12b, by using the protocol 53.
In a third step the server 15, by using the element manager 51, sends the message or the messages including SET commands (the message) to the requesting access node, 12a or 12b, by using the IPv6 addressing. Obviously, if the message is addressed to one of the client nodes 12a, it is provided that one of the gateway nodes 12b receives the message and transfers it to the client node 12a whose address appears in the message, by using the agent- server module 31. As easily comprehensible to a technician in the field, the configuration of access nodes, 12a and 12b, can be carried out also in absence of a configuration request by the access nodes 12a and/or 12b.
The other configuration operations, as easily comprehensible to a technician in the field, follow an operation pattern similar to the one described above.
In the description reference has been made to a server 15 of an Internet type wide area network. In further embodiments the server may also be a client terminal of the Internet network comprising the element manager 51 and the element manager protocol 53. In such further embodiments, however, it is provided that one of the gateway nodes 12b is connected to the Internet network, for instance, by means of the main board 21. According to still further embodiments, the server may also be a terminal directly connected to one of the gateway nodes and comprising the element manager 51 and the element manager protocol 53. Such other embodiments all allow, as easily comprehensible by a technician in the field, to configure all the access nodes of the local network that include an agent module and are reachable by the gateway node.
Obvious changes and variations to the above disclosure are possible, as regards dimensions, shapes, materials,
components, circuit elements, connections and contacts, as well as details of circuitry, of the described construction and operation method without departing from the scope of the invention as defined by the claims that follow.