EPL 657 Andreas Pitsillides

EPL 657 Andreas Pitsillides
Wireless LANs EPL 657 Andreas Pitsillides Contains slides and ideas from Teknillinen Korkeakoulou, Finland: Wireless personal, local, metropolitan, and wide area networks, S , and WLAN tutorial, 23/6/2004

Feature Topic on the Future of Wi-Fi
Wi-Fi is a well researched topic with wide applicability… why study further? E.g. call for Papers IEEE Communications Magazine emerging and future generations of IEEE Wi-Fi, such as Wi-Fi CERTIFIED(tm) ac and WiGig CERTIFIED(tm), will be capable of achieving multiple gigabits per second speeds and be used to do everything from simple web browsing and peer-to-peer sharing, to multimedia streaming, real-time teleconferencing, cable replacement, and wireless docking, to name a few. Coupled with the recent introduction of Wi-Fi CERTIFIED(tm) Passpoint by the Wi-Fi Alliance, users can further enjoy seamless and secure connectivity when roaming between cellular and Wi-Fi and between Wi-Fi networks.

Future wi-fi technologies
Topics of interest include, but are not limited to, the following categories: - Technological overview of the recent, emerging, and future Wi-Fi technologies - PHY-, MAC-, and network-layer architectures and protocols - Privacy and Security - Spectrum and Regulatory - Wi-Fi and cellular interworking - Implementation and deployment challenges - Emerging applications and services

WIRELESS LAN (WLAN) Selected topics Introduction WLAN aims
WLAN characteristics WLAN design goals Infrared vs radio transmission Infrastructure-based vs ad-hoc networks WLAN Standards IEEE WLAN Roaming WLAN Security WLAN enhancements WLAN design issues Other technologies (separate slides)

Why Wireless LANs (WLANs)
Mobility (portability) and Flexibility Places where there is no cabling infrastructure / Hard to wire areas Reduced cost of wireless systems Improved flexibility of wireless systems Cost Relatively low cost of deployment Continual drop in price for WLAN equipment

Wireless LAN Applications
LAN Extension Cross building interconnection Nomadic access Ad hoc networks

Vertical Markets Factory floor Airport Home networking Hotel Hospital
Office workers Retail stores Warehouse Stock market Airport Hotel Starbuck College campus Convention Center Miscellaneous

Example WLAN deployment - Hotel
Competing Technologies Wired Ethernet (802.3) Phone Line xDSL Power Line Proposed: Wireless LAN (802.11) Why: Price/Performance and ease of deployment Current status: almost all major hotel chains in major (and not so major) cities

Wireless LANs

Wireless LAN considerations
Throughput Number of nodes Connection to backbone Service area Battery power consumption Transmission robustness and security Collocated network operation License free operation Handoff/roaming Dynamic configuration

WLANs goal A mature market introducing the flexibility of wireless access into office, home, or production environments. Typically restricted in their diameter to buildings, a campus, single rooms etc. The global goal of WLANs is to replace office cabling, increase flexibility of connection especially for portable devices and, additionally, to introduce a higher flexibility for ad hoc communication in, e.g., group meetings.

WLAN characteristics Advantages: very flexible within radio coverage
ad-hoc networks without previous planning possible wireless networks allow for the design of small, independent devices more robust against disasters (e.g., earthquakes, fire)

WLAN characteristics Disadvantages:
typically lower bandwidth compared to wired networks (~11 – 300 Mbit/s) due to limitations in radio transmission, higher error rates due to interference, and higher delay/delay variation due to extensive error correction and error detection mechanisms offer lower QoS a number of proprietary solutions, especially for higher bit-rates, and standards take their time (e.g., IEEE n) standardized functionality plus many enhanced features additional features only work in a homogeneous environment (i.e., when adapters from same vendors used) products have to follow many national restrictions if working wireless, it takes a very long time to establish global solutions

WLAN design goals global, seamless operation of WLAN products
low power for battery use (special power saving modes and power management functions) no special permissions or licenses needed (license-free band) robust transmission technology easy to use for everyone, simple management protection of investment in wired networks (support the same data types and services) security – no one should be able to read other’s data, privacy – no one should be able to collect user profiles, safety – low radiation

Known problems with WLANs
Wireless link characteristics: media is error prone and the bit error rate (BER) is very high compared to the BER of wired networks. Carrier Sensing/collision detection is difficult in wireless networks because a station is incapable of listening to its own transmissions in order to detect a collision (more later). The Hidden Terminal problem also decreases the performance of a WLAN (more later). Mobility (variation in link reliability, seamless connections required, battery limitations) (more later)

Wireless Link Characteristics
Differences from wired link …. decreased signal strength: radio signal attenuates as it propagates through matter (path loss) interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); also devices (e.g. motors) interfere as well (noise) multipath propagation: radio signal reflects off objects, arriving at destination at slightly different times (channel quality varies over time) shared with other technologies and spectrum users more difficult security (shared medium) …. make communication across (even a point to point) wireless link much more “difficult”

Wireless LAN Radio Technology
Infrared (IR) LANs Spread spectrum LANs Narrow band microwave Laser beam

ISM frequency bands ISM (Industrial, Scientific and Medical) frequency bands: 900 MHz band (902 … 928 MHz) 2.4 GHz band (2.4 … GHz) 5.8 GHz band (5.725 … GHz) Anyone is allowed to use radio equipment for transmitting in these bands (provided specific transmission power limits are not exceeded) without obtaining a license.

WLAN Standards Several WLAN standards, e.g.:
IEEE b offering 11 Mbit/s at 2.4 GHz The same radio spectrum is used by Bluetooth A short-range technology to set-up wireless personal area networks with gross data rates less than 1 Mbit/s IEEE a, operating at 5 GHz and offering gross data rates of 54 Mbit/s IEEE g offering up to 54 Mbit/s at 2.4 GHz. IEEE n up and coming standard up to 300 Mbit/s (two spatial streams; 600 Mbit/s with 4 spatial streams) …

WLAN Standards 802.11 Protocols under development Wireless LAN 2.4 GHz
(2 Mbps) 802.11b (11 Mbps) 802.11g (22-54 Mbps) HiSWANa (54 Mbps) 802.11a (54 Mbps) HiperLAN2 (54 Mbps) HomeRF 2.0 (10 Mbps) Bluetooth (1 Mbps) HomeRF 1.0 (2 Mbps) 802.11e (QoS) 802.11i (Security) 802.11f (IAPP) 802.11h (TPC-DFS) 802.11n (300Mb/sec) Protocols under development

IEEE 802 standardisation framework
802.1 Manage-ment Logical Link Control (LLC) 802.3 MAC 802.5 MAC Medium Access Control (MAC) CSMA/CA 802.3 PHY 802.5 PHY 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY CSMA/CD (Ethernet) Token Ring CSMA/CA (Wireless LAN) 802.11n (300Mb/sec) Many more protocols recently developed or under development

Recent IEEE 802 standardisation efforts
A recent call for papers (CFPs): A new generation of Wireless Local Area Networks (WLANs) is going to make its appearance in the upcoming years, with the IEEE aa (Robust Audio Video Transport Streaming), IEEE ac (Very-high throughput < 6GHz), IEEE af (TV White Spaces) and IEEE ad (Very-high throughput ~60 GHz), as examples of the most expected ones. Nevertheless, all next-generation standards will consider some of the most significant advances on the wireless communication and networking area in the last decade, developed by a highly active community, in both academia and industry. This special issue requests papers that advance the state-of-the-art of the recent and on-going IEEE standards (i.e., IEEE p, IEEE s, IEEE aa, IEEE ac, IEEE ad, IEEE ae, IEEE ah, IEEE af, IEEE ai, etc.), as well as present mechanisms and solutions, from MAC or above layers, that could be readily transferred to the not-yet finished standards or their future amendments.

IEEE 802 wireless network technology options
Network definition Wireless personal area network (WPAN) Low-rate WPAN (LR-WPAN) Wireless local area network (WLAN) Wireless metroplitan area network (WMAN) IEEE standard IEEE IEEE IEEE IEEE Known as Bluetooth ZigBee WiFi WiMAX

IEEE standard As the standards number indicates, this standard belongs to the group of 802.x LAN standards. This means that the standard specifies the physical and medium access layer adapted to the special requirements of wireless LANs, but offers the same interface as the others to higher layers to maintain interoperability. The primary goal of the standard was the specification of a simple and robust WLAN which offers time-bounded and asynchronous services.

IEEE 802.11 Wireless LAN all use CSMA/CA for multiple access
802.11b 2.4-5 GHz unlicensed spectrum up to 11 Mbps direct sequence spread spectrum (DSSS) in physical layer all hosts use same chipping code 802.11a 5-6 GHz range up to 54 Mbps Shading is much more severe compared to 2.4 GHz Depending on the SNR, propagation conditions and distance between sender and receiver, data rates may drop fast 802.11g 2.4-5 GHz range up to 54 Mbps Benefits from the better propagation characteristics at 2.4 GHz compared to 5 GHz Backward compatible to b 802.11n: multiple antennae typically Mbps IEEE e MAC enhancements for providing some QoS Some QoS guarantees can be given only via polling using PCF all use CSMA/CA for multiple access all have base-station and ad-hoc network versions

Characteristics of selected wireless link standards
200 802.11n 54 802.11a,g 802.11a,g point-to-point data 5-11 802.11b (WiMAX) 4 3G cellular enhanced UMTS/WCDMA-HSPDA, CDMA2000-1xEVDO Data rate (Mbps) 1 802.15 .384 UMTS/WCDMA, CDMA2000 3G .056 IS-95, CDMA, GSM 2G Indoor 10-30m Outdoor 50-200m Mid-range outdoor 200m – 4 Km Long-range outdoor 5Km – 20 Km

Infrastructure-based vs ad-hoc wireless networks
AP wired network AP: Access Point Infrastructure-based wireless networks Infrastructure networks provide access to other networks. Communication typically takes place only between the wireless nodes and the access point, but not directly between the wireless nodes. The access point does not just control medium access, but also acts as a bridge to other wireless or wired networks.

Several wireless networks may form one logical wireless network: The access points together with the fixed network in between can connect several wireless networks to form a larger network beyond actual radio coverage. Network functionality lies within the access point (controls network flow), whereas the wireless clients can remain quite simple. Can use different access schemes with or without collision. Collisions may occur if medium access of the wireless nodes and the access point is not coordinated. If only the access point controls medium access, no collisions are possible. Useful for quality of service guarantees (e.g., minimum bandwidth for certain nodes) The access point may poll the single wireless nodes to ensure the data rate.

Infrastructure-based wireless networks loose some of the flexibility wireless networks can offer in general: They cannot be used for disaster relief in cases where no infrastructure is left.

No need of any infrastructure to work greatest possible flexibility Each node communicate with other nodes, so no access point controlling medium access is necessary. The complexity of each node is much higher implement medium access mechanisms and forwarding data

Nodes within an ad-hoc network can only communicate if they can reach each other physically if they are within each other’s radio range if other nodes can/want to forward the message IEEE WLANs are typically infrastructure-based networks, which additionally support ad-hoc networking Bluetooth is a typical wireless ad-hoc network

Elements of a wireless network
wireless hosts laptop, PDA, IP phone run applications may be stationary (non-mobile) or mobile wireless does not always mean mobility network infrastructure

base station typically connected to wired network relay - responsible for sending packets between wired network and wireless host(s) in its “area” e.g., cell towers, access points network infrastructure

wireless link typically used to connect mobile(s) to base station also can be used as backbone links multiple access protocol coordinates link access various data rates, transmission distance network infrastructure

infrastructure mode base station connects mobiles into wired network handoff: mobile changes base station network infrastructure

Ad hoc mode no base stations nodes can only transmit to other nodes within link coverage nodes organize themselves into a network: route among themselves Node disconnected from the rest of the ad-hoc network

WLAN components Fig. 2.11 Figure Photographs of popular b WLAN equipment. Access points and a client card are shown on top, and PCMCIA Client card is shown on left and WLAN router on right. (Courtesy of Cisco Systems, Inc.)

IEEE terminology System Architecture of an infrastructure network Basic Service Set (BSS) group of stations using same radio frequency Access Point (AP) station integrated into the wireless LAN and the distribution system Station (STA) terminal with access mechanisms to wireless medium and radio contact to access point Portal bridge to other (wired) networks Distribution System (DS) interconnection network to form one logical network Extended Service Set (EES) based on several BSS Distribution System Portal 802.x LAN Access Point LAN BSS2 BSS1 STA1 STA2 STA3 ESS

IEEE BSS IEEE allows the building of ad hoc networks between stations, thus forming one or more BSSs. In this case, a BSS comprises a group of stations using the same radio frequency. Several BSSs can either be formed via the distance between the BSSs or by using different carrier frequencies.

Distribution System (DS)
Used to interconnect wireless cells (multiple BSS to form an ESS) Allows multiple mobile stations to access fixed resources Interconnects technology

Access Points (AP) Allows stations to associate with it
Supports Distributed Coordination Function (DCF) and Point Coordination Function (PCF) Provides management features Join/Associate with BSS Time synchronisation (beaconing) Power management all traffic flows through APs Supports roaming

IEEE standard 802.11 mobile terminal access point fixed terminal
application TCP PHY MAC IP 802.3 MAC 802.3 PHY LLC infrastructure network

IEEE 802.11 protocol Protocol architecture aims
Applications should not notice any difference apart from the lower bandwidth and perhaps higher access time from the wireless LAN. WLAN behaves like, perhaps a ‘slower’, wired LAN. Consequently, the higher layers (application, TCP, IP) look the same for the wireless node as for the wired node. The differences are in physical and link layer different media and access control

IEEE 802.11 protocol The standard also specifies management layers.
The physical layer provides a carrier sense signal, handles modulation and encoding/decoding of signals. The basic tasks of the MAC-medium access control protocol comprise medium access, fragmentation of user data, and encryption. The standard also specifies management layers. The MAC management supports the association and re-association of a station to an access point and roaming between different APs. Furthermore, it controls authentication mechanisms, encryption, synchronization of a station with regard to an AP, and power management to save battery power.

IEEE 802.11 Physical layer Logical Link Control (LLC)
Includes the provision of the Clear Channel Assessment-CCA signal (energy detection). This signal is needed for the MAC mechanisms controlling medium access and indicates if the medium is currently idle. A number of physical channels Logical Link Control (LLC) 802.11 infrared FHSS DSSS 802.11a OFDM 802.11b HR-DSSS 802.11g Media Access Control (MAC)

Division Multiplexing
Physical layer Wireless Transmission Infrared (IR) Radio Frequency (RF) Spread Spectrum Frequency Hopping Direct Sequence Orthogonal Frequency Division Multiplexing

Infrared vs radio transmission
typically using the license free frequency band at 2.4 GHz Advantages experience from wireless WAN (microwave links) and mobile phones can be used coverage of larger areas possible (radio can penetrate (thinner) walls, furniture) higher transmission rates (~11 – 54 Mbit/s) Disadvantages very limited license free frequency bands shielding more difficult, interference with other senders, or electrical devices Example IEEE , HIPERLAN, Bluetooth Infrared light uses IR diodes, diffuse light reflected at walls, furniture etc, or directed light if a LOS exists btn sender and receiver Advantages simple, cheap, available in many mobile devices (PDAs, laptops, mobile phones) no licenses needed Disadvantages interference by sunlight, heat sources etc. many things shield or absorb IR light cannot penetrate obstacles (e.g., walls) low bandwidth (~115kbit/s, 4Mbit/s) Example IrDA (Infrared Data Association) interface available everywhere

802.11 Medium Access Control (MAC)
Example WLAN physical layer 802.11g is the most popular physical layer, operating in the same band as b The signal format is OFDM (Orthogonal Frequency Division Multiplexing) Data rates supported: various bit rates from 6 to 54 Mbit/s (same as a) Medium Access Control (MAC) CSMA/CA 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY ISM band: 2.4 … GHz

ISM frequency band at 2.4 GHz
The ISM band at 2.4 GHz can be used by anyone as long as (in Europe...) Transmitters using FH (Frequency Hopping) technology: Total transmission power < 100 mW Power density < 100 mW / 100 kHz ETSI EN requirements Transmitters using DSSS technology: Total transmission power < 100 mW Power density < 10 mW / 1 MHz

802.11 spectrum at 2.4 GHz Divided into overlapping channels.
For e.g. the –2.4835 GHz band is divided into 13 channels each of width 22 MHz but spaced only 5 MHz apart, with channel 1 centred on 2.412 GHz and 13 on 2.472 GHz Availability of channels is regulated by country (e.g. Japan adds a 14th channel 12 MHz above channel 13). 3 channels are non overlapping Given the separation between channels 1, 6, and 11, the signal on any channel should be sufficiently attenuated to minimally interfere with a transmitter on any other channel.

Recall: Free-space loss is dependent on frequency
The free-space loss L of a radio signal is: where d is the distance between transmitter and receiver, l is the rf wavelength, f is the radio frequency, and c is the speed of light. The formula is valid for d >> l , and does not take into account antenna gains (=> Friis formula) or obstucting elements causing additional loss.

Free-space loss examples
For example, when d is 10 or 100 m, the free-space loss values (in dB) for the different ISM bands are: d = 10 m d = 100 m f = 900 MHz L = 51.5 dB L = 71.5 dB f = 2.4 GHz L = 60.0 dB L = 80.0 dB f = 5.8 GHz L = 67.7 dB L = 87.7 dB

Maximum channel data rates
Network IEEE WPAN (Bluetooth) IEEE LR-WPAN (ZigBee) IEEE WLAN (WiFi) IEEE WMAN (WiMAX) Maximum data rate 1 Mbit/s (Bluetooth v. 1.2) 3 Mbit/s (Bluetooth v. 2.0) 250 kbit/s 11 Mbit/s (802.11b) 54 Mbit/s (802.11g) 300+ Mbit/s (802.11n) 134 Mbit/s

Modulation / Signal spreading
Network IEEE WPAN (Bluetooth) IEEE LR-WPAN (ZigBee) IEEE WLAN (WiFi) IEEE WMAN (WiMAX) Modulation / spreading method Gaussian FSK / FHSS Offset-QPSK / DSSS DQPSK / DSSS (802.11b) 64-QAM / OFDM (802.11g) 128-QAM / single carrier 64-QAM / OFDM

802.11: advanced capabilities
Rate Adaptation base station and mobile dynamically change transmission rate (physical layer modulation technique) as mobile moves, SNR varies 10-1 QAM256 (8 Mbps) 10-2 QAM16 (4 Mbps) BPSK (1 Mbps) 10-3 operating point BER 10-4 10-5 10-6 10-7 10 20 30 40 SNR(dB) 1. As node moves away from base station SNR decreases, BER increase 2. When BER becomes too high, switch to lower transmission rate but with lower BER

IEEE : MAC overview Two basic access mechanisms have been defined for IEEE CSMA/CA (mandatory) summarized as distributed coordination function (DCF) Optional method (RTS/CTS) avoiding the hidden terminal problem A contention-free polling method for time-bounded service called point coordination function (PCF) access point polls terminals according to a list DCF only offers asynchronous service, while PCF offers both asynchronous and time-bounded service, but needs the access point to control medium access and to avoid contention. only asynchronous data service in ad-hoc network mode

IEEE : MAC overview Within the MAC layer, Distributed Coordination Function (DCF) (asynchronous service) is used as a fundamental access method, while Point Coordination Function (PCF) (synchronous service) is optional. DCF is also known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. It is an asynchronous access method based on the contention for the usage of shared channels. A contention-free access mechanism is provided through the RTS/CTS (Request to Send/Clear to Send) exchange. PCF is used for time-bounded transfer of data

IEEE : MAC overview most important differences between WLAN and LAN protocol design is the impossibility to detect all collisions. difficult to receive (sense collisions) when transmitting due to weak received signals (fading) with receiving and sending antennas immediately next to each other, a station is unable to see any signal but its own. As a result, the complete packet will be sent before the incorrect checksum reveals that a collision has happened. Furthermore, receiver and transmitter mostly not on at the same time can’t sense all collisions in any case: hidden terminal, fading A B C A’s signal strength space C’s signal

Hidden Station Problem
C A is talking to B. C does not know this communication and starts talking to B.  Collisions.

CSMA/CA rule: backoff before collision
IEEE : MAC overview Utmost importance that number of collisions be limited to the absolute minimum. DCFs CSMA/CA (CA-Collision Avoidance) is the MAC method used in a WLAN. (Wireless stations cannot detect collisions, i.e. the whole packet will be transmitted anyway). Basic CSMA/CA operation: If medium is free, then Wait a specified time (DIFS), Transmit frame If medium busy, then backoff CSMA/CA rule: backoff before collision

IEEE 802.11: MAC overview CSMA/CA protocol basics:
medium can be busy or idle (detected by the CCA Clear Channel Assessment-CCA signal of the physical layer) If medium busy this can be due to data frames or other control frames during a contention phase several nodes try to access medium optionally, the standard allows for collision free operation through small reservation packets (RTS, CTS)

IEEE 802.11: MAC overview Define (802.11b):
slot = 20 ms (9 or 20 ms for g) Short inter-frame spacing (SIFS) = 10 ms (16 ms for a) shortest waiting time for medium access defined for short control messages (e.g., ACK of data packets) DCF inter-frame spacing (DIFS) = 50 ms (28 ms for g) longest waiting time used for asynchronous data service within a contention period DIFS=SIFS + two slot times PCF inter-frame spacing (PIFS) an access point polling other nodes only has to wait PIFS for medium access (for a time-bounded service) PIFS=SIFS + one slot time (30 ms for b) The standard defines also two control frames: RTS: Request To Send CTS: Clear To Send

Interframe Spacing (IFS) and priorities
SIFS (Short IFS) ACK, CTS, Poll Messages, Poll responses, CF-End PIFS (PCF IFS) PCF operation mode, including Beacon, Retransmitted poll messages DIFS (DCF IFS) DCF operation mode, including back-off, RTS EIFS (Extended IFS) After detection of erroneous frame High to low priority Shorter to longer time

IEEE 802.11: CSMA/CA Collision Avoidance
idea is to prevent collisions at the moment they are most likely to occur , i.e. when the bus is released (since many stations may compete then). In the event medium is sensed busy, all clients are forced to wait for a random number of timeslots and then sense the medium again, before starting a transmission. If the medium is sensed to be busy, the client freezes its timer until it becomes free again. Thus, the chance of two clients starting to send simultaneously is reduced.

IEEE : CSMA/CA the overhead introduced by the Collision Avoidance delays should be as small as possible. the protocol should keep the number of collisions to a minimum, even under the highest possible load. To this end, the range of the random delay, or the contention window, is set to vary with the load. In the case of a collision, the congestion window (CW) is doubled progressively: 15, 31, 63, , until a successful transmission occurs and the delay is reset to the minimal value. From the number CW (= 15 / 31 … 1023 slots) the random backoff bn (in terms of slots) is chosen in such a way that bn is uniformly distributed between 15/31 … CW. Since it is unlikely that several stations will choose the same value of bn, collisions are rare. The standard does not fix the minimum and maximum values of the contention window. However, it does advise a minimum of 15 or 31 and a maximum of 1023.

IEEE 802.11: CSMA/CA Broadcast data transfer (DCF)
contention window (randomized back-off mechanism) DIFS DIFS medium busy slot time next frame t direct access if medium is free  DIFS station ready to send starts sensing the medium (Carrier Sense based on CCA-Clear Channel Assessment) if the medium is free for the duration of a Distributed Coordination Function Inter-Frame Space (DIFS), then station can start sending if the medium is busy, the station has to wait for a free DIFS, then the station must additionally wait a random back-off time (collision avoidance) if another station occupies the medium during the back-off time of the station, the back-off timer stops (fairness – during the next phase this node will continue its timer from where it stopped)

IEEE 802.11 : CSMA/CA E.g. Unicast data transfer
DIFS data other stations receiver sender t SIFS ACK DIFS data contention Channel sensed busy waiting time station has to wait for DIFS before sending data receivers acknowledge after waiting for a duration of a Short Inter-Frame Space (SIFS), if the packet was received correctly

EE802.11: Exponential backoff mechanism
binary exponential backoff: After k collisions, a random number of slot times between 15 and 2k+5-1 is chosen. So, for the first collision, each sender might wait between 15 or 31 slot times. After the second collision, the senders might wait between 15 and 63 slot times, and so forth. As the number of retransmission attempts increases, the number of possibilities for delay increases . Note that the suggested minimum window is normally set at 15 (or 31) at start, so as to have some initial non-zero random delay and there is a max number prior to declaring the transmission not possible Back-off time As in case of Ethernet, the random back-off time serves to avoid having multiple users to begin transmission at the same time. The random back-off time is set as follows Random_back_off_time = INT(CW*Random())*Slot time, Where INT is an integer function, CW is an integer between CW_min and CW_max and Random() is a random number generator. If the current packet has its first transmission, CW is set to CW_min. After each collision of this packet, CA mechanism doubles CW until it reaches CW_max as in case of Ethernet. This is called as exponential back-off algorithm. Suggested values are: CW_min = 31 and CW_max = 255. Why not use fixed size CW? The reason is that when a user experiences a collision, it has no idea how many users are involved in the collision. If there are only few colliding packets, it would make sense to choose the random back-off time from a small set of small values, i.e. CW is small. But if many users are involved in a collision, then it makes sense to choose the back-off time from a larger, more dispersed set of values, i.e. CW is large. Otherwise, if several users selected the back-off time from a small set of values, more than one user would choose the same back-off value with high probability. This results that the probability of a new collision is high.

Contention window (CW) for 802.11b
EE802.11: Exponential backoff mechanism Contention window (CW) for b If transmission of a frame was unsuccessful and the frame is allowed to be retransmitted, before each retransmission the Contention Window (CW) from which bn is chosen (at random, starting from 15 or 31) is increased. 802.11b CW … Initial attempt DIFS CW = 25-1 = 31 slots (slot = 20 ms) … 1st retransm. DIFS CW = 26-1 = 63 slots : : 5th (and further) retransmissions … CW = = 1023 slots DIFS

Contention window (CW) for 802.11g
EE802.11: Exponential backoff mechanism Contention window (CW) for g In the case of g operation, the initial CW length is 15 slots. The slot duration is 9 ms. The backoff operation of g is substantially faster than that of b. 802.11g CW … Initial attempt DIFS CW = 24-1 = 15 slots (slot = 9 ms) … 1st retransm. DIFS CW = 25-1 = 31 slots : : 6th (and further) retransmissions … CW = = 1023 slots DIFS

Selection of random backoff
EE802.11: Exponential backoff mechanism Selection of random backoff From the number CW (= 15 / 31 … 2k+5-1 slots) the random backoff bn (in terms of slots) is chosen in such a way that bn is uniformly distributed between 0 … CW. Since it is unlikely that several stations will choose the same value of bn, collisions are rare. The next slides show wireless medium access in action. The example involves four stations: A, B, C and D. ”Sending a packet” means ”Data+SIFS+ACK” sequence. Note how the backoff time may be split into several parts.

Wireless medium access example
EE802.11: Exponential backoff mechanism Wireless medium access example Data+SIFS+ACK Contention Window While station A is sending a packet, stations B and C also wish to send packets, but have to wait (defer + backoff) Station C is ”winner” (backoff time expires first) and starts sending packet Station A ACK Defer Station B 1 Backoff Defer Station C 2 Station D DIFS

EE802.11: Exponential backoff mechanism Wireless medium access example 3) Station D also wishes to send a packet 4) When medium becomes idle plus DIFS elapses, station B continues to count down and station D draws a CW number D(bn) station B is ”winner” After its CW counts down to zero it starts sending packet Station A Station B 4 Station C ACK 3 Station D Defer DIFS DIFS

EE802.11: Exponential backoff mechanism Wireless medium access example 5) Station D counts down to 0 and then starts sending packet. Now there is no competition. Station A Station B ACK Station C 5 Station D DIFS DIFS

EE802.11: Exponential backoff mechanism
No shortcuts for any station… Transmitted frame (A=>B) Next frame (A=>B) Backoff ACK (B=>A) DIFS SIFS DIFS When a station wants to send more than one frame, it has to use the backoff mechanism like any other station (of course it can ”capture” the channel by sending a long frame, for instance using fragmentation).

IEEE : MAC overview Avoiding collisions (using extra signalling). How? idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames sender first transmits small request-to-send (RTS) packets to BS using CSMA RTS packets may still collide with each other (but they are very short) BS broadcasts clear-to-send CTS in response to RTS CTS heard by all nodes sender transmits data frame other stations defer transmissions. For how long? avoid data frame collisions completely using small reservation packets!

Network Allocation Vector (NAV)
Each RTS frame includes the duration of the time it needs to occupy the channel. NAV: a timer on other stations which have to wait NAV before checking if the channel/medium is free. When a station (WS1) sends RTS (or CTS), other stations on the system start NAV (WS2 and WS3 in example below) RTS RTS WS3 WS1 WS2

Hidden Station Problem (Solution)
B can hear A and C A and C cannot hear each other A and C want to send to B A B C RTS/NAV RTS/NAV CTS from B (actually BS) to A is also received on C which starts the NAV timer in CTS. B accepts RTS from A and rejects RTS from C. CTS CTS/NAV Data

Busy Medium Physically busy: a station senses the wireless medium to determine if it is busy. Virtually busy: a station receives a control message (RTS or CTS) which indicates the wireless medium is busy for the duration of the NAV timer. All stations must monitor the headers of all frames they receive and store the NAV value in a counter. The counter decrements in steps of one microsecond. When the counter reaches zero, the channel is available again.

IEEE 802.11 Sending unicast packets with RTS/CTS control frames
DIFS RTS data t other stations receiver sender SIFS SIFS SIFS CTS ACK DIFS NAV (RTS)=3SIFS+CTS+data+ACK data NAV (CTS)=2SIFS+data+ACK contention defer access station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium and the ACK related to it). Every node receiving this RTS now has to set its net allocation vector – it specifies the earliest point at which the node can try to access the medium again acknowledgement via CTS after SIFS by receiver (if ready to receive) sender can now send data at once, acknowledgement via ACK Other stations store medium reservations distributed via RTS and CTS

Collision Avoidance: RTS-CTS exchange
B AP RTS(A) RTS(B) reservation collision RTS(A) CTS(A) DATA (A) ACK(A) defer time

MAC Timing

Example calculation of throughput
Masters thesis Note that DIFS should had been part of the idle time

Point Coordination Function (PCF)
Optional and implemented on top of DCF. Must be running in conjunction with DCF. A single Access Point (AP) controls access to the medium, and a Point Coordinator Agent resides in the AP. AP sends a beacon message and all stations stop DCF. AP polls each station for data, and after a given time interval moves to the next station. Guaranteed maximum latency No station is allowed to transmit unless it is polled. AP could have a priority scheme for stations, and support time-sensitive applications.

PCF (cont.) B: beacon message repetition interval Contention
free period (CFP) Contention period (CP) DCF DCF B PCF busy B PCF NAV NAV B: beacon message

Additional WLAN Features
Positive Acknowledgement Sequence Control Fragmentation Large frames vs. small frames Error-prone medium

IEEE 802.11 framing and addressing

802.11 frame: addressing Internet router H1 R1 AP
AP MAC addr H1 MAC addr R1 MAC addr address 1 address 2 address 3 frame H1 R1 R1 MAC addr H1 MAC addr dest. address source address 802.3 frame

802.11 frame: addressing 6 0 - 2312 Address 4: see later
control duration address 1 2 4 3 payload CRC 6 seq Address 4: see later Address 1: MAC address of wireless host or AP to receive this frame Address 3: MAC address of router interface to which AP is attached Address 2: MAC address of wireless host or AP transmitting this frame

Recall: Routing in a (W)LAN
Recall: Routing in a (W)LAN is based on MAC addresses. A router performs mapping between these two address types (IP-MAC): (W)LAN IP network (W)LAN device Router Server 00:90:4B:00:0C:72  00:90:4B:00:0C:72

Recall: Address allocation
MAC addresses associated with hardware devices. IP addresses can be allocated to (W)LAN devices either on a permanent basis or dynamically from an address pool using the Dynamic Host Configuration Protocol (DHCP). The DHCP server may be a separate network element (or for example integrated into a RADIUS server that offers a set of additional features), or may be integrated with the address-mapping router and/or access point. RADIUS = Remote Authentication Dial-In User Service

Recall: Network Address Translation (NAT)
On (W)LAN side of network address translator (NAT device), different (W)LAN users are identified using private (reusable, globally not unique) IP addresses. On Internet side of NAT device, only one (globally unique) IP address is used. Users are identified by means of different TCP/UDP port numbers. In client - server type of communication, application on the server is usually behind a certain TCP/UDP port number (e.g. 80 for HTTP) whereas clients can be allocated port numbers from a large address range.

Recall: NAT example (W)LAN IP network User 1 NAT device Server User 2
IP address for all users in (W)LAN: Server User 2 User 1 IP address User 2 IP address User 1 TCP port number User 2 TCP port number 14781 14782

Case study: ADSL WLAN router
1) The ADSL connection to the wide area network (WAN) is allocated a globally unique IP address using DHCP. 2) We assume that the router has NAT functionality. Behind the router, in the private LAN network, wireless and cabled LAN devices are allocated private IP addresses, again using DHCP (this is a kind of "double DHCP" scenario). Although routing in the LAN is based on MAC addresses, the IP applications running on the LAN devices still need their own "dummy" IP addresses.

802.11 frame: more frame seq # (for Reliable Data Transfer)
duration of reserved transmission time (RTS/CTS) frame control duration address 1 2 4 3 payload CRC 6 seq Type From AP Subtype To More frag WEP data Power mgt Retry Rsvd Protocol version 2 4 1 frame type (RTS, CTS, ACK, data)

802.11 Frame Format Q: Why do we need four address fields in 802.11? 2
6 6 6 2 6 Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 4 Frame Body (0 – 2312 bytes) FCS Ref. IEEE standards Q: Why do we need four address fields in ?

802.11 Addresses To DS From Address 1 Address 2 Address 3 Address 4 DA
DA SA BSSID N/A 1 Sending AP Receiving AP DS: Distribution System BSSID: Basic Service Set ID DA: Destination Address SA: Source Address

Case - 00 11-22-33-01-01-01 11-22-33-02-02-02 A1: 11-22-33-01-01-01 DA
SA A3: BSS ID A4: not used

Case – 01 (wired to wireless)
802.11 wired 802.3 DA A1: DA: Sending AP A2: SA: SA A3: A4: not used

Case – 10 (wireless to wired)
802.3 wireless 802.11 Receiving AP A1: DA: SA A2: SA: DA A3: A4: not used

Case – 11 (via wireless) wired wireless wired 802.3 802.11 802.3
A1: DA: DA: A2: SA: SA: A3: A4:

Wireless Bridge Building B Building A Case 11 Ethernet Backbone

IEEE 802.11 management issues: synchronisation, power management, and roaming

MAC management Synchronization finding and staying with a WLAN - synchronization functions Power Management sleeping without missing any messages - power management functions Roaming functions for joining a network - changing access points scanning for access points Management information base (MIB)

IEEE 802.11 association, roaming, synchronisation
Stations can select an AP and associate with it. The APs support roaming (i.e. changing access points), the distribution system (DS) then handles data transfer between the different APs. Furthermore, APs provide synchronization within a BSS, support power management, and can control medium access to support time-bounded service.

Scanning Scanning is required for many functions - finding and joining a network - finding a new access point during roaming Passive scanning find networks simply by listening for beacons Active scanning on each channel send a probe and wait for probe response

802.11: passive/active scanning
BBS 1 BBS 1 BBS 2 BBS 2 AP 1 AP 2 AP 1 1 AP 2 1 1 2 2 2 3 3 4 H1 H1 Passive Scanning: beacon frames sent from APs association Request frame sent: H1 to selected AP association Response frame sent: AP to H1 Active Scanning: Probe Request frame broadcast from H1 Probes response frame sent from APs Association Request frame sent: H1 to selected AP Association Response frame sent: AP to H1

802.11: Channels, association
802.11b: 2.4GHz-2.485GHz spectrum divided into 13 channels (EU, USA 11 channels) at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as that chosen by neighboring AP! host: must associate with an AP scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address selects AP to associate with may perform authentication will typically run DHCP to get IP address in AP’s subnet

Synchronization Timing synchronization function (TSF)
Used for power management beacons sent at well known intervals all station timers in BSS are synchronized B busy beacon Value of time stamp Access point medium Beacon interval t

Power Management Mobile devices are battery powered - power management is important for mobility power management protocol - allows transceiver to be off as much as possible is transparent to existing protocols

Power management approach
Allow idle stations to go to sleep - station’s power save mode stored in AP APs buffer packets for sleeping stations - AP announces which stations have frames buffered - traffic indication map (TIM) sent with every beacon Power saving stations wake up periodically

802.11: Power management approach
node-to-AP: “I am going to sleep until next beacon frame” AP knows not to transmit frames to this node node wakes up before next beacon frame beacon frame: contains list of mobiles with AP-to-mobile frames waiting to be sent node will stay awake if AP-to-mobile frames to be sent; otherwise sleep again until next beacon frame

802.11: beacon frames Each beacon frame carries the following information in the frame body: Beacon interval. amount of time between beacon transmissions. Before a station enters power save mode, station needs the beacon interval to know when to wake up to receive the beacon. Timestamp. After receiving beacon frame, station uses timestamp value to update its local clock. Enables synchronization among all stations associated with the same access point. Service Set Identifier (SSID). The SSID identifies a specific WLAN. Before associating with a particular WLAN, a station must have the same SSID as the access point. By default, access points include the SSID in the beacon frame to enable sniffing functions to identify the SSID and automatically configure the WLAN NIC with the proper SSID. Supported rates. For example, a beacon may indicate that only 1, 2, and 5.5Mbps data rates are available. As a result, an b station would stay within limits and not use 11 Mbps. With this information, stations can use performance metrics to decide which access point to associate with.

802.11: beacon frames Parameter Sets. The beacon includes information about the specific signalling methods (such as frequency hopping spread spectrum, direct sequence spread spectrum, etc.). For example, a beacon would include in the appropriate parameter set the channel number that an b access point is using. Likewise, a beacon belonging to frequency hopping network would indicate hopping pattern and dwell time. Capability Information. This signifies requirements of stations that wish to belong to the wireless LAN that the beacon represents. For example, this information may indicate that all stations must use wired equivalent privacy (WEP) in order to participate on the network. Traffic Indication Map (TIM). An access point periodically sends the TIM within a beacon to identify which stations using power saving mode have data frames waiting for them in the access point's buffer. The TIM identifies a station by the association ID that the access point assigned during the association process.

802.11: beacon frames and probe response frames
similar to a beacon frame, except without TIM info and are only sent in response to a probe request. A station may send a probe request frame to trigger a probe response when the station needs to obtain information from another station. A radio NIC, for instance, will broadcast a probe request when using active scanning to determine which access points are within range for possible association. Some sniffing software (e.g., NetStumbler) tools send probe requests so that access points will respond with desired info.

Multicast/broadcast A delivery traffic indication message is a kind of traffic indication message (TIM) which informs the clients about the presence of buffered multicast/broadcast data on the access point. TIM interval DTIM interval D B T T d Access point busy busy busy busy medium p d station t DTIM - Delivery Traffic Indication Message Interval Broadcast/ multicast Data transmission to/from the station B p PS poll d

Reassociation Request Reassociation Response
WLAN Roaming Mobile stations may move beyond the coverage area of their AP but within range of another AP Re association allows station to continue operation. Reassociation Request Reassociation Response

WLAN Roaming No or bad connection? Then perform: Scanning
scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer Reassociation Request station sends a request to one or several AP(s) Reassociation Response success: AP has answered, station can now participate failure: continue scanning AP accepts Reassociation Request signal the new station to the distribution system the distribution system updates its data base (i.e., location information) typically, the distribution system now informs the old AP so it can release resources

Roaming approach Station decides that link to its current AP is poor
Station uses scanning function to find another AP Station sends Re-association Request to new AP If AP accepts Re-association Request AP indicates Re-association to the distributed system Distributed system information is updated If Re-association Response is successful then station has roamed to the new AP - else station scans for another AP

Joining a network Phase 1 Phase 2 Phase 3 Scanning
Active (probe) Passive (beacon) Phase 2 Authentication (more later) Open system Some admission scheme / shared key Phase 3 Association or Reassociation (allows mobility/roaming more later)

WLAN Roaming L2 handover L3 handover
If handover from one AP to another belonging to the same subnet, then handover is completed at L2 L3 handover If new AP is in another domain, then the handover must be completed at L3, due to the assignment of an IP belonging to the new domain – hence routing to the new IP. Mobile IP deals with these issues – more later

802.11: mobility within same subnet
H1 remains in same IP subnet: IP address can remain same switch: which AP is associated with H1? self-learning: switch will see frame from H1 and “remember” which switch port can be used to reach H1 router hub or switch BBS 1 AP 1 AP 2 H1 BBS 2

Distribution system (DS) - IAPP DS is the mechanism by which APs and other nodes in the wired IP subnetwork communicate with each other. Distribution System (DS) Router External network (LAN or Internet) AP AP This communication, using the Inter-Access Point Protocol (IAPP), is essential for link-layer mobility (=> stations can seamlessly move between different BSS networks).

Distribution system (cont.) For instance, when a wireless station moves from one BSS to another, all nodes must update their databases, so that the DS can distribute packets via the correct AP. Distribution System (DS) Router AP 1 AP 2 AP 1, AP 2 and router: update your databases! Packets for this WS will now be routed via AP 2. WS WS moves to another BSS

Basic routing example When WS associates with AP 2, the router in charge of the IP subnet addressing obtains an IP address from the DHCP (Dynamic Host Configuration Protocol) server. External network (LAN or Internet) Distribution System (DS) Router AP 1 AP 2 2 1 Association Fetch IP address 1 DHCP Server WS 2

Basic routing example (cont.) The router must maintain binding between this IP address and the MAC address of the wireless station. External network (LAN or Internet) Distribution System (DS) Router  00:90:4B:00:0C:72 AP 1 AP 2 00:90:4B:00:0C:72 WS

Basic routing example (cont.) The globally unique MAC address of the wireless station is used for routing the packets within the IP subnetwork (DS + attached BSS networks). External network (LAN or Internet) Distribution System (DS) Router  00:90:4B:00:0C:72 AP 1 AP 2 00:90:4B:00:0C:72 WS

Basic routing example (cont.) The dynamic and local IP address of the wireless station is only valid for the duration of attachment to the WLAN and is used for communicating with the outside world. External network (LAN or Internet) Distribution System (DS) Router  00:90:4B:00:0C:72 AP 1 AP 2 00:90:4B:00:0C:72 WS

Basic routing example (cont.) The router must also know (and use) the MAC address of the access point via which the packets must be routed. For this purpose, a special protocol (IAPP) is needed! External network (LAN or Internet) Distribution System (DS) Router 00:03:76:BC:0D:12  00:90:4B:00:0C:72 00:03:76:BC:0D:12 AP 1 AP 2 00:90:4B:00:0C:72 WS

IAPP (Inter-Access Point Protocol)
IAPP (defined in IEEE f) offers mobility in the Data link layer (within an ESS = Extended Service Set). External network (LAN or Internet) Distribution System (DS) Router AP 1 AP 2 AP 3 1 2 IAPP: APs must be able to communicate with each other when the station moves around in the WLAN

In addition to IAPP … IAPP alone is not sufficient to enable seamless handovers in a WLAN. The stations must be able to measure the signal strengths from surrounding APs and decide when and to which AP a handover should be performed (no standardised solutions are available for this operation). In networks, a handover means reassociating with the new AP. There may be two kinds of problems: will handover work when APs are from different vendors? will handover work together with security solutions?

Mobility Management (MM)
There are basically two objectives of Mobility Management: 1. MM offers seamless handovers when moving from one network/subnetwork/BSS to another Active network connection – handover 2. MM makes sure that users or terminals can be reached when they move to another network/subnetwork/BSS Passive user/terminal – reachability

MM in cellular wireless networks (1)
1. Handover: In a cellular wireless network (e.g. GSM), the call is not dropped when a user moves to another cell. Handovers are based on measurements performed by the mobile terminal and base stations. BS 1 BS 2

2. Reachability (allows roaming): In a cellular wireless network, the HLR (Home Location Register) knows in which VLR (Visitor Location Register) area the mobile terminal is located. The VLR then uses paging to find the terminal. Mobile subscriber number points to Paging HLR points to VLR HLR

3. IP services (e.g. based on GPRS): Reachability in this case is kind of a problem. Conventional IP services use the client – server concept where reachability is not an important issue. Typical client - server transaction: Request Server Response Client

MM in three different OSI layers
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model: Application layer e.g. SIP (Session Initiation Protocol) Personal mobility … … Transport layer Network layer e.g. Mobile IP Terminal mobility Data link layer IAPP (Inter-Access Point Protocol) Physical layer Handovers

MM in the Data link layer
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model: Application layer IAPP (IEEE f): Seamless roaming within an ESS network (= IP subnet). Handover is not possible when moving from one ESS network to another. No reachability solutions. … … Transport layer Network layer Data link layer Physical layer

MM in the Network layer Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model: Application layer Mobile IP: Seamless roaming between ESS networks (= IP subnetworks). Handover is possible when moving from one ESS (or WLAN) network to another. … … Transport layer Network layer Data link layer Physical layer

MM in the Application layer
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model: Application layer SIP (or other application layer solutions): No seamless handovers as such... However, the terminal can be reached from the outside network, like with Mobile IP. … … Transport layer Network layer Data link layer Physical layer

Mobility management summary
Within a WLAN, handovers are possible (based on IAPP + proprietary solutions in equipment), but there is no IEEE-supported reachability solution available. Handovers between different WLANs require Mobile IP (which offers also reachability). Unfortunately, Mobile IP includes a non-transparent mechanism (Discovering Care-of Address) that must be implemented in all APs. Global reachability of wireless stations can be achieved using SIP or similar Application layer concepts. SIP does not require changes to APs.

IEEE f The objective: to specify the Inter-Access Point Protocol (IAPP) that enables seamless roaming between different Access Points within an ESS. Note: f is not concerned with roaming between ESS networks. For this purpose, non solutions must be used. f IAPP e QoS i Security basic protocol h DFS/TCP d Scanning a OFDM 5GHz b DSSS 2.4GHz g OFDM 2.4GHz

WLAN: Design and Deployment
(part of design exercise Supplemented with Slides by Mr Mylonas in Lab part)

Wireless LAN Design Several design issues
Business Case – justify your case and cost Product Selection Wireless Access points Location Frequency/Channel Security Performance Reliability Management Scalability Miscellaneous

Product Selection Wireless Stations Wireless Access Points (WAP)
Desktop: PCI or USB Laptop PDA Wireless Access Points (WAP) Wireless Bridge, if needed: connecting multiple WLAN segments A wireless bridge does not support end stations Wireless Repeater: Bridge + AP A wireless repeater supports end stations Wireless Switch Security Server (RADIUS Server) Ref:

Multiple BSS Configuration (different channels/frequencies)
Server Channel 11 Access Point LAN Backbone Access Point Access Point Channel 1 Wireless Clients Wireless Clients Channel 6

Office Design (802.11b) Location and Channel Selection
Design: One AP or more APs? Channel 6 Channel 1 100 metres Channel 1 100 metres Channel 11 Channel 1

Dense populations Case study: 1000 users in 100mx100m facility
3 or 4 APs will cover the system (in range) Need more APs in the area than physically required? to provide Bandwidth that is defined by customer What side-effects are created, if any? Interference from neighbouring units

Determining Cell Density
Cell size and throughput-based data rate will affect the cell density (maximum number of users per cell. ). To determine cell density for a best-effort network, determine average throughput per user divide throughput rate of AP by throughput per user. This provides maximum active transmissions per cell. In a best-effort WLAN, data latency does not affect the outcome. In general, throughput will be about half the data rate of the access point.

Dense Population Area Reduce Cell size
Reduce Antenna gain or transmitter power to create smaller cell size Pink: Channel 1 Yellow: Channel 6 Green: Channel 11 100m × 100m area

Appears in EntNet@Supercom2004, 06/23/2004
WLAN Performance 802.11b 802.11a 802.11g Link Rate (max) 11M bps 54M bps UDP 7.1M bps 30.5M bps TCP 5.9M bps 24.4M bps The test was conducted in a lab environment, and the distance is expected to be less than 10m. Ref. “WLAN Testing with IXIA IxChariot,” IXIA White Paper 151 Appears in 06/23/2004

Appears in EntNet@Supercom2004, 06/23/2004
WLAN Performance (line rate) WLAN Performance 10 20 30 40 50 60 90 120 150 Distance (m) Throughput (Mbps) 802.11a 802.11g 802.11b Data Source: Cisco Networking Professional On-Line Live Tech Talk 152 Appears in 06/23/2004

Determining Cell Size Cell size -- area of coverage provided by an access point. Size of the cell determined by several factors: transmit power and receiver sensitivity of the radios in AP and client antennas used by the AP and client data rate used frequency and modulation technique antenna gain Environment (e.g. actual coverage characteristics) Cell size is limited by the device with the weakest RF characteristics

Coverage – design issues
Figure A predicted coverage plot for three access points in a modern large lecture hall. (Courtesy of Wireless Valley Communications, Inc., ©2000, all rights reserved.) Fig. 2.13

Figure A typical neighborhood where high speed license free WLAN service from the street might be contemplated [Dur98b]. Fig. 2.15

Fig. 2.16 Figure Measured values of path loss using a street-mounted lamp-post transmitter at 5.8 GHz, for various types of customer premise antenna [from [Dur98], ©IEEE].

Tools for WLAN planning
Many tools are available offering differing functionalities for network design, planning, and monitoring One example is: Another tool Another is

WLAN security intro

WLAN Security Security mechanisms
Not so efficient compared with Ethernet security due to the nature of the medium & the requirements of the users Security mechanisms Service Set Identifiers (SSID) Used to name the network and provide initial authentication for each client Wired Equivalent Privacy (WEP) Data encryption technique using shared keys and a pseudorandom number as an initialization vector 64-bit key level encryption BUT several vendors support 128-bit key level encryption Wi-Fi Protected Access (WPA(2)) –replaced WEP WPA2 uses encryption device which encrypts the network with a 256 bit key Also a VPN could operate on top of the WLAN providing increased security

WLAN Security IEEE newer standards
802.11i (Advanced Encryption Standard – AES - uses a symmetric block data encryption technique) 802.1X for port based Network Access Control provides an authentication mechanism to devices wishing to attach to LAN/WLAN (governs Extensible Authentication Protocol (EAP) encapsulation process that occurs between clients, wireless APs, and authentication servers (RADIUS) EAP allows developers to pass authentication data between RADIUS servers and wireless APs. has a number of variants, including: EAP MD5, EAP-TLS, EAP-TTLS, LEAP, and PEAP

WLAN Security Historical value—needs updating
Late-2001 Mid-2002 Q1 2003 Q3 2003 IEEE i 802.1X authentication Enhanced 802.1X key management AES-based Encryption Enhanced support infrastructure Rapid re-keying 802.1X authentication WEP Encryption WEP key tumbling via 802.1X key management WPA - Wi-Fi Protected Access 802.1X Authentication 802.1X key Management TKIP data protection IEEE 802.1X ratified Mutual Authentication Key Management WEP Encryption WEP Attacks go public WPA. Wi-Fi Protected Access introduced in 2003 as an interoperable wireless security specification subset of the IEEE standard. provides authentication capabilities and uses TKIP for data encryption. WPA2. established in 2004 by Wi-Fi Alliance; the certified interoperable version of the full IEEE i specification ratified in June supports IEEE 802.1X/EAP authentication or PSK technology but includes a new advanced encryption mechanism using Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).

WLAN Security - WEP Wired Equivalent Privacy (WEP) –
Least secure - A network that is secured with WEP has been cracked in 3 minutes by the FBI Shared key encryption Stations use the same key for encryption. RC4 encryption algorithm Key: 40 bits or 128 bits User Authentication Not specified in 802.1X VPN

WEP Operation RC4 Key Stream randomly generated Frame Header IV Header
Algorithm Integrity check 24-bit IV 40-bit WEP Key 64-bit RC4 RC4 Key Stream 24-bit IV randomly generated Frame Header IV Header Frame Body ICV Trailer FCS 4 bytes 4 bytes IV: initialization vector ICV: integrity check value

WEP Key Distribution Issue
Key is manually set in the driver. The key cannot be protected from local users. When a user leaves the organization, technically you must change the key information on all stations. What if a station is stolen? For a large organization, there is a need to publish the key which is a security problem.

WEP Design Issue Weakness in the Key Scheduling Algorithm: “ A weakness of RC4 in generating the keystream. Hacker attack: using weak IV to attack a particular byte of the secret portion of the RC4 key. The time to attack is a linear algorithm to the key length. This is a complete break for WEP.

WPA(2)- Wi-Fi Protected Access
WPA intermediate measure to replace WEP pending availability of full IEEE i standard. requires firmware upgrades on wireless NICs and APs. implements much of IEEE i standard--adopts Temporal Key Integrity Protocol (TKIP) TKIP employs per-packet key; dynamically generates new 128-bit key for each packet - prevents types of attacks that compromised WEP WEP used a 40-bit or 128-bit encryption key manually entered on wireless APs and devices and does not change. includes message integrity check to prevent an attacker from capturing, altering and/or resending data packets. WPA2 replaced WPA. implements mandatory elements of IEEE i-- CCMP, AES based encryption mode requires testing and certification by Wi-Fi Alliance

Solutions to Security Issue
Non-standard solutions Layer 3 – VPN Layer 4 – IP Address Control and Firewall Layer 7 –Proxy Standard solutions 802.11i (including 802.1X) 802.1X (including EAP) Extensible Authentication Protocol (EAP)

VPN for WLAN (Layer3) Ethernet VPN Tunnel IP IP Wireless LAN LAN
Gateway LAN Layer 2 tunnel over a layer 3 protocol Ethernet RADIUS server VPN Tunnel IP IP Wireless LAN LAN

Router/Firewall (Layer4)
LAN temp IP Security Server Internet authentication official IP Standard WLAN and DHCP procedure for a temp IP to the wireless station. The temp IP address is used for authentication only. All other traffic is blocked by the router. After user authentication, the station is given an official IP address which can go through the router. May also register the MAC address to reduce the risk of hacker attack.

Proxy/Gateway (Layer-7)
Security Server LAN Proxy Gateway Standard WLAN and DHCP procedure for an IP address to the wireless station. User types any URL and the request is routed to the security server web page. All other traffic is blocked. After entering account info or credit card, the user is authenticated. The gateway authorizes the traffic from the authenticated station. Internet

WLAN New Security Standards 802.1X and 802.11i

Extensible Authentication Protocol (EAP)
EAP is an IETF standard (RFC 2284) and adopted by IEEE as the basis for 802.1X. It is called the port based network access control. (also know as post-based authentication protocol) EAP supports both wired and wireless authentication. MD5 TLS TTLS LEAP PEAP EAP PPP 802.3 802.11 802.5 TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP

EAP Authentication Methods
MD5 (Message Digest 5) - Username/Password. This is similar to MS_CHAP. TLS (Transport Layer Security) - PKI (certificates), strong authentication TTLS (Tunnel TLS) - Username/Password LEAP - Cisco proprietary lightweight EAP. It is to be phased out in favor of PEAP. PEAP – Protected EAP.

802.1X 802.1X authentication involves three parties: a supplicant (client device) , an authenticator (Ethernet switch or wireless AP), and an authentication server typically a host running software supporting the RADIUS and EAP protocols. EAP data is first encapsulated in EAPOL frames between the Supplicant and Authenticator, then re-encapsulated between Authenticator and Authentication server using RADIUS or Diameter.

802.1X Port-Based Network Access Control
EAP over RADIUS EAP over LAN Authentication Server (RADIUS) Authenticator Supplicant Association EAP Request/Identify EAP Response/Identify Challenge (auth request) Response to the challenge success Authenticator may set restrictions on the access.

New Product: Wireless Switch
What is the issue? It is not cost effective to implement 802.1X on all Access points. It is also a management issue. Authenticator (Wireless Switch) RADIUS If a switch supports 802.1X, could it perform the same function? Supplicant

802.11i Security Management EAP over RADIUS EAP over LAN
Authentication Server (RADIUS) Authenticator Supplicant Security discovery capability 802.1X Authentication Key Management Key Distribution encryption Data Protection

802.11i Data Protection (encryption)
Need to replace or improve WEP Wi-Fi Protected Access (WPA) and WPA2 This is included in i. WPA uses TKIP for encryption. Temporal Key Integrity Protocol (TKIP) A wrapper around WEP Use MAC address to create unique key for each station. Change temporal key every 10,000 packets It is interoperable with WEP-only device Advanced Encryption Standard (AES) This is to completely replace WEP. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher

Windows 7 Wireless Adaptor card options
Security Type: WPA(2) shared 802.X open CCKM Encryption Type: TKIP, AES, WEP Network security key: …. Network Authentication: (P)EAP (L) EAP -FAST -SIM –TTLS -AKA

WLAN enhancements

WLAN Performance 802.11b 802.11a 802.11g Link Rate (max) 11M bps
UDP 7.1M bps 30.5M bps TCP 5.9M bps 24.4M bps The test was conducted in a lab environment, and the distance is expected to be less than 10m. Ref. “WLAN Testing with IXIA IxChariot,” IXIA White Paper

WLAN enhancements See paper WLAN enhancements
Performance enhancement of WLANs Methods for improving WLANs performance employ: Enhanced hardware in the Physical Layer to achieve better physical (PHY) layer parameters, such as shorter Slot Time and shorter Short Inter-Frame Space (SIFS). Better tuning of WLAN parameters, such as Fragmentation Threshold and RTS Threshold [2]. Adaptive (rather than basic) back-off algorithms in the MAC layer]. Proxy approaches in the link-layer, such as snoop protocol. Split-connection approaches, such as I-TCP or M-TCP

IEEE 802.11 – enhancements IEEE 802.11e
MAC enhancements for providing some QoS No QoS in the DCF operation mode Some QoS guarantees can be given only via polling using PCF For applications such as audio, video, or media stream, distribution service classes have to be provided For this reason, MAC layer must be enhanced

WLAN new technologies 802.11ac
Based on Xirrus

EPL 657 Andreas Pitsillides

Similar presentations

Presentation on theme: "EPL 657 Andreas Pitsillides"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

EPL 657 Andreas Pitsillides

Similar presentations

Presentation on theme: "EPL 657 Andreas Pitsillides"— Presentation transcript:

Similar presentations

About project

Feedback