Some wireless vendors will tell you that the war of the ‘fat’ vs ‘thin’ access point has already been won, and it’s all over for the so-called fat APs. Which is a nonsense: you only need to look at the numbers of APs Cisco — one of the proponents of fat or intelligent APs — is shipping to see that.

Look beyond that, and you can see huge numbers of D-Link and Netgear APs sold into homes and small offices. Those devices are really cheap, and do such a lot, that anyone buying a thin AP based solution is bound to say "Hey! These things may be thin, but they are not cheap."

Some vendors claim to have a half-way model, the integrated AP, the most visible example in the UK being Trapeze Networks’ Mobility Point (MP) (reviewed here, though systems from Airespace, Aruba, Meru and others are worth a mention. But what are the different kinds, how do they fit into your network, and what are the benefits and limitations of each?

Traditional Access Points
The first generation of usable, business-class APs were what we’re now calling fat, smart, or intelligent APs (take your pick, they all mean the same thing). These APs are designed to have everything onboard that is needed so that they can be connected to any Ethernet switch. The switch doesn’t need to know anything about wireless. All it sees is something that looks pretty much like a bridge, hanging off one of its user ports.

These APs aren’t restricted to just supporting 802.11. Typically, they also support security and management features and, depending on the vendor, extra functionality to cope with fast roaming, for instance.

Examples in this space are Cisco and Colubris. Cisco, with its Structured Wireless-Aware Network (SWAN) architecture is moving to add wireless intelligence to its switches and routers, but it’s showing no signs of taking anything away from its 1100 and 1200 series of APs. Quite the reverse—SWAN also includes extra domain services functionality for the IOS software running on the APs to provide fast Layer 2 roaming (Layer 3 is done using Proxy Mobile IP, also running on the AP — see Roamingthe Hard Way) and local authentication.

Colubris also supports the intelligent AP approach, with its newest release including an embedded VPN server for security, and Proxy Mobile IP, the same as Cisco, for Layer 3 roaming.

Take the intelligence away
Although these offerings do have management systems for configuration and monitoring the WLAN, the approach of the manufacturers who have adopted the thin AP approach has been to beef up these management systems, and take as much intelligence as possible out of the AP itself.

You can see the reasoning. WLANs have become much more mainstream: companies are installing them as overlay networks over all their buildings, not just in conference rooms and breakout spaces. Which means the potential for hundreds to be deployed in a reasonably large office. If they’re cheap enough.

When thin-AP solutions were first considered, the cost argument was that, by removing the clever stuff, and consolidating it into a few WLAN switches, it should be possible to keep the APs down almost at a consumables level in terms of cost.

The difficulty is that, while "enterprise" APs such as Cisco's and Colubris' have remained high in price, other access points, based to a large extent on the same silicon, have tumbled due to a big consumer market. Just as thin terminals (Java based desktop systems) could not keep up with the crash in PC prices, thin APs all look expensive compared with functional SOHO APs.

Thin AP vendors have had to move to a "total cost of ownership" argument, at the same time as having to deal with complexities and possible standards issues within the definition of a thin AP.

How thin?
The complication now is in just how ‘thin’ you make the AP. Some thin APs have to be directly connected to their controlling WLAN switch. They have no console port and no IP address, so need a Layer 2 connection to the switch.

This is pretty limiting in terms of designing your network, especially if you already have perfectly good LAN switches in your wiring closets. So some vendors have put a bit of intelligence back into the AP, so that it can communicate with a WLAN switch over intervening Layer 2 LAN switches or even Layer 3 boundaries. This in effect means that the clever part of the WLAN installation can more or less be consolidated into a few devices that can be installed in the core of your network.

These are what the standards bodies are terming Access Controllers (ACs), and it’s the communication between them and APs that they are trying to standardise in the CAPWAP specification (to be covered in a future article). Without a standard, you’re going to be tied to getting your APs from the same manufacturer as your WLAN switch/router/AC, since the way they talk to each other will be different.

You’ll see that all of the vendors in this space, such as Airespace, Trapeze and Chantry, claim that you can install third party APs—but you’ll not get the central management and control. Gateways, such as Bluesocket’s (see Roaming the Hard Way) do allow for mixed APs, since they in effect ignore them, and set up an IPSec tunnel from the end client (the Bluesocket solution is reviewd here).

So what sort of things have been taken out of the thinner APs, and what impact does this have?

While the fat APs carry out all wired to wireless packet format conversion, encryption, QoS application and RF stats monitoring, the very thinnest APs pass all of this to their central controller, and act basically just as a media converter. The so-called integrated APs, such as Trapeze’s Mobility Points, leave the RF monitoring, application of QoS (i.e. queuing) and packet conversion on the AP, and centralise things like access lists, configuration and AP to AP forwarding.

This is one of the reasons that Layer 3 roaming is given as less of an issue for these type of APs, since the communication is between switches, so you need far less in the way of tunnels to get traffic to its home subnet. The claim being that that makes this method more scaleable. The counter claim is that, because the WLAN switches have to control APs, there is a limit as to how many each can manage, so again you may run into sizing issues. In both fat and thin AP deployments, chances are you’ll have some sort of tunnelling mechanism running over your network, to pass user traffic or AP-AC communications.

It has to be said that, since technologies are developing to cope with all the technical requirements (and they all seem pretty non-standard at the minute), what’s going to swing everything in favour of the thin or integrated AP will be cost and interoperability. A couple of clever controllers and lots of cheap APs will be significantly more cost-effective for larger WLAN deployments. But until the CAPWAP standard is finalised—and it’ll be a couple of years at current progress ratesbefore you see any properly compliant products—there’ll be no guarantee that you can buy off-the-shelf APs and have them work together, so you’ll be, in the short term at least, potentially even more tied into one vendor than you would be going the intelligent AP route.