Introduction to 802.11 Wireless LANstwiki.di.uniroma1.it/pub/Reti_Avanzate/WebHome/wlan.pdf ·...
Transcript of Introduction to 802.11 Wireless LANstwiki.di.uniroma1.it/pub/Reti_Avanzate/WebHome/wlan.pdf ·...
1
Giuseppe Bianchi
Introduction to 802.11 Introduction to 802.11 Wireless LANsWireless LANs
Quote from Matthew Gast - 802.11® Wireless Networks The Definitive Guide – apr. 2005, 2nd edition
At this point, there is no way to prevent the spread of Wi-Fi. In the years since the first edition of [his] book, wireless networking has gone from an interesting toy to a must-have technology. […] [Wireless networking] seems poised to continue its march towards the standard method of network connection, replacing "Where's the network jack?" with "Do you have Wi-Fi?" as the question to ask about network access.
Giuseppe Bianchi
WLAN historyWLAN history� Original goal:
� Deploy “wireless Ethernet”� First generation proprietary solutions (end ’80, begin ’90):
� WaveLAN (AT&T)� HomeRF (Proxim)
� Abandoned by major chip makers (e.g. Intel: dismissed HomeRF in april 2001)
� IEEE 802.11 Committee formed in 1990� Charter: specification of MAC and PHY for WLAN� First standard: june 1997
� 1 and 2 Mbps operation� Reference standard: september 1999
� Multiple Physical Layers� Two operative Industrial, Scientific & Medical (ISM) shared unlicensed band
» 2.4 GHz: Legacy; 802.11b/g
» 5 GHz: 802.11a
� 1999: Wireless Ethernet Compatibility Alliance (WECA) certification� Later on named Wi-Fi � Boosted 802.11 deployment!!
2
Giuseppe Bianchi
WLAN data ratesWLAN data rates� Legacy 802.11
� Work started in 1990; standardized in 1997� 1 mbps & 2 mbps
� The 1999 revolution: PHY layer impressive achievements� 802.11a: PHY for 5 GHz
� published in 1999� Products available since early 2002
� 802.11b: higher rate PHY for 2.4 GHz � Published in 1999� Products available since 1999� Interoperability tested (wifi)
� 2003: extend 802.11b� 802.11g: OFDM for 2.4 GHz
� Published in june 2003� Products available, though no extensive interoperability
testing yet� Backward compatibility with 802.11b Wi-Fi
� 2009: 802.11n (oct 2009)� MIMO, 2x bandwidth (40 MHz)� Practical: up to 144.4 mbps (but 600=150x4 possible)
� Ongoing: 802.11ac/ad (1gbps, 2011 - ???)
Standard Transfer Method
Freq. Band
Data Rates Mbps
802.11 legacy FHSS, DSSS, IR
2.4 GHz, IR
1, 2
802.11b DSSS, HR-DSSS
2.4 GHz 1, 2, 5.5, 11
"802.11b+" non-standard
DSSS, HR-DSSS, (PBCC)
2.4 GHz 1, 2, 5.5, 11,22, 33, 44
802.11a OFDM 5.2, 5.5 GHz
6, 9, 12, 18, 24, 36, 48, 54
802.11g DSSS, HR-DSSS, OFDM
2.4 GHz 1, 2, 5.5, 11; 6, 9, 12, 18, 24, 36, 48, 54
Giuseppe Bianchi
Why multiple rates?Why multiple rates?“Adaptive” (?) coding/modulation“Adaptive” (?) coding/modulation
Example: 802.11a case
3
Giuseppe Bianchi
PHY distance/rate tradeoffsPHY distance/rate tradeoffs(open office)(open office)
0.0
20.0
40.0
60.0
80.0
100.0
120.0
140.0
Dis
tan
ce (m
)
54Mbps36Mbps24Mbps12Mbps6Mbps 11Mbps5.5Mbps1Mbps
2.4 GHz OFDM (.11g)
5 GHz OFDM (.11a)
2.4 GHz (.11b)
Giuseppe Bianchi
Coverage performance Coverage performance Cisco Aironet 350 Access PointCisco Aironet 350 Access Point
11 Mb/s DSSfrom ~30 to ~45 mt
5.5 Mb/s DSSfrom ~45 to ~76 mt
2 Mb/s DSSfrom ~76 to ~107 mt
Configurable TX power:50, 30, 20, 5, 1 mW(100 mW outside Europe)
Greater TX power, faster battery consumptions!
Question: how to select transmission rate? (STA does not explicitly know its distance from AP)
More later (implementation-dependent ☺)
4
Giuseppe Bianchi
WLAN NIC addressesWLAN NIC addresses
� Same as Ethernet NIC� 48 bits = 2 + 46
� Ethernet & WLAN addresses do coexist� undistinguishable, in a same (Layer-2) network
� role of typical AP = bridge» (to be precise: when the AP act as “portal” in 802.11
nomenclature)
802 IEEE 48 bit addresses
1 bit = individual/group1 bit = universal/local
46 bit address
AP
192.168.1.3200:0a:e6:f8:03:ad
AP
192.168.1.4300:06:6e:00:32:1a 192.168.1.52
00:82:00:11:22:33
C:>arp -a192.168.1.32 00-0a-e6-f8-03-ad dinamico192.168.1.43 00-06-6e-00-32-1a dinamico192.168.1.52 00-82-00-11-22-33 dinamico
Giuseppe Bianchi
Protocol stackProtocol stack
802.2 Logical Link Control
802.3MAC
802.3PHY
DATA LINK LAYERLLC sublayerLLC
MAC
802overview
&architecture
802.1management
&bridging
802.11 MAC……………
802.11FSSS PHY
802.11DSSS PHY
802.11aOFDM PHY
802.11bHR-DSSS
PHY
802.11gExtended
Rate PHY
DATA LINK LAYERMAC sublayer
PHYSICAL LAYER
802.11: “just” another 802 link layer ☺
5
Giuseppe Bianchi
802.11 MAC Data Frame802.11 MAC Data Frame
PHY IEEE 802.11 Data 0 - 2312 FCS
Protocolversion
Type Sub Type info
2 2 12
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
FrameControl
Duration/ ID
Address 1 Address 2 Address 3SequenceControl
Address 4 DataFramecheck
sequence
2 2 2 40-23126666
Fragmentnumber
Sequence number
4 12
MAC header: - 28 bytes (24 header + 4 FCS) or- 34 bytes (30 header + 4 FCS)
DETAILS AND EXPLANATION LATER ON
Giuseppe Bianchi
EncapsulationEncapsulation
Identical To 802.3/LLC encapsulation
802.11 MAC frame: no “type” field (such as Ethernet II)!!LLC encapsulation mandatory
6
Giuseppe Bianchi
Crossing a wireless bridge / 1Crossing a wireless bridge / 1
ETH/802.11bridge
802.11/ETHbridge
typeSRCDEST P
typeSRCDEST P
AAAA 03 00.00.00802.11 MAC header Type P
Giuseppe Bianchi
Crossing a wireless bridge / 2Crossing a wireless bridge / 2
ETH/802.11bridge
802.11/ETHbridge
AAAA 03 00.00.00LenSRCDEST Type P
typeSRCDEST P
AAAA 03 00.00.00802.11 MAC header Type PType P
7
Giuseppe Bianchi
Why Ethernet Tunnel?Why Ethernet Tunnel?(just needed in very special cases: IPX, AARP)(just needed in very special cases: IPX, AARP)
AAAA 03 00.00.00LenSRCDESC Type
ETH/802.11bridge
802.11/ETHbridge
P
AAAA 03 00.00.00LenSRCDESC Type P
TypeSRCDESC P ?????Some protocols
MUST have this
Encapsulation:
-Novell IPX
(Type 0x8137)
- Apple-Talk ARP
(Type 0x80F3)
Giuseppe Bianchi
Handling 802.11 framesHandling 802.11 frames
� Ethernet-like driver interface� supports virtually all protocol stacks� Maximum Data limited to 1500
octets
� Frame translation� IEEE Std 802.1H
� IEEE 802.3 frames: translated to 802.11
� Ethernet Types 8137 (Novell IPX) and 80F3 (AARP) encapsulated via Ethernet Tunnel
» In general, any protocol listed in the “selective translation table” of the bridge
� All other Ethernet Types: encapsulated via RFC 1042 SNAP
� Transparent bridging to Ethernet
Platform Computer
PC-Card Hardware
Radio Hardware
WMAC controller withStation Firmware
(WNIC-STA)
Driver Software(STADr)
802.11 frame format
802.3 frame format
Ethernet V2.0 / 802.3frame format
Protocol Stack
BridgeSoftware
PC-Card Hardware
Radio Hardware
WMAC controller withAccess Point Firmware
(WNIC-AP)
Driver Software(APDr)
802.11 frame format
802.3 frame format
Ethernet V2.0 / 802.3frame format
Kernel Software (APK)
BridgeHardwareInterface
EthernetInterface
STA AP
8
Giuseppe Bianchi
802.11 Network Architecture802.11 Network ArchitectureAnd related addressingAnd related addressing
Giuseppe Bianchi
Basic Service Set (BSS)Basic Service Set (BSS)group of stations that can communicate with each othergroup of stations that can communicate with each other
� Infrastructure BSS
� or, simply, BSS
� Stations connected through AP
� Typically interconnetted to a
(wired) network infrastructure
� Independent BSS (IBSS)
� Stations communicate directly
with each other
� Smallest possible IBSS: 2
STA
� IBSS set up for a specific
purpose and for short time
(e.g. meeting)
�That’s why they are also called ad hoc networks
AP
Network infrastructure
9
Giuseppe Bianchi
Frame Forwarding in a BSSFrame Forwarding in a BSS
AP
Network infrastructure
BSS: AP = relay functionNo direct communication allowed!
IBSS: direct communicationbetween all pairs of STAs
Giuseppe Bianchi
Why AP = relay function?Why AP = relay function?
� Management:� Mobile stations do NOT neet to maintain neighbohr relationship with
other MS in the area�But only need to make sure they remain properly associated to the
AP�Association = get connected to (equivalent to plug-in a wire to a
bridge ☺)
� Power Saving:� APs may assist MS in their power saving functions
�by buffering frames dedicated to a (sleeping) MS when it is in PS mode
� Obvious disadvantage: use channel bandwidth twice…
10
Giuseppe Bianchi
Addressing in IBSS (ad hoc)Addressing in IBSS (ad hoc)
FrameControl
Duration/ ID
Address 1DA
Address 2SA
Address 3BSSID
SequenceControl
Data FCS
SA = Source AddressDA = Destination AddressBSSID = Basic Service Set IDentifier
used for filtering frames at reception (does the frame belong to OUR cell?)format: 6 bytes random MAC address with Universal/Local bit set to 1
SA
DA
Giuseppe Bianchi
Addressing in a BSS?Addressing in a BSS?
X
AP
DA
SA
11
Giuseppe Bianchi
Addressing in a BSS!Addressing in a BSS!
AP
Distribution system
Frame must carry following info:1) Destined to DA2) But through the APWhat is the most general addressing structure?
DASA
Giuseppe Bianchi
Addressing in a BSS (to AP)Addressing in a BSS (to AP)
FrameControl
Duration/ ID
Address 1BSSID
Address 2SA
Address 3DA
SequenceControl
Data FCS
AP
Distribution system
DASA
BSSID
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
1 0
Address 2 = wireless TxAddress 1 = wireless RxAddress 3 = dest
BSSID = AP MAC address
12
Giuseppe Bianchi
Addressing in a BSS (from AP)Addressing in a BSS (from AP)
FrameControl
Duration/ ID
Address 1DA
Address 2BSSID
Address 3SA
SequenceControl
Data FCS
AP
Distribution system
DASA
BSSID
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
0 1
Address 2 = wireless TxAddress 1 = wireless RxAddress 3 = src
Giuseppe Bianchi
From AP: do we really need 3 From AP: do we really need 3 addresses?addresses?
AP
Distribution system
DASA
BSSID
DA correctly receives frame, and send 802.11 ACK to … BSSID (wireless transmitted)
DA correctly receives frame, and send higher level ACK to … SA (actual transmitter)
13
Giuseppe Bianchi
Extended Service SetExtended Service Set
AP1
AP2 AP3 AP4
BSS1
BSS2 BSS3 BSS4
ESS: created by merging different BSS through a network infrastructure(possibly overlapping BSS – to offer a continuous coverage area)
Stations within ESS MAY communicate each other via Layer 2 proceduresAPs acting as bridgesMUST be on a same LAN or switched LAN or VLAN (no routers in between)
Giuseppe Bianchi
Service Set IDentifier (SSID)Service Set IDentifier (SSID)
� name of the WLAN network � Plain text (ascii), up to 32 char
� Assigned by the network administrator� All BSS in a same ESS have
same SSID� Typically (but not
necessarily) is transmitted in periodic management frames (beacon)� Disabling SSID transmission =
a (poor!) security mechanism� Typical: 1 broadcast beacon
every 100 ms (configurable by sysadm)
� Beacon may transmit a LOT of other info (see example – a simple one!)
IEEE 802.11 wireless LAN management frameFixed parameters (12 bytes)
Timestamp: 0x00000109EAB69185Beacon Interval: 0,102400 [Seconds]Capability Information: 0x0015
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... .... .... 01.. = CFP participation capabilities: Point coordinator at AP for delivery and polling (0x0001)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..0. .... = Short Preamble: Short preamble not allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... .0.. .... .... = Short Slot Time: Short slot time not in use
..0. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation not allowedTagged parameters
Tag Number: 0 (SSID parameter set)Tag length: 4Tag interpretation: WLAN
Tag Number: 1 (Supported Rates)Tag length: 4Tag interpretation: Supported rates: 1,0(B) 2,0(B) 5,5 11,0 [Mbit/sec]
Tag Number: 6 (IBSS Parameter set)Tag length: 1Tag interpretation: ATIM window 0x2
Tag Number: 5 ((TIM) Traffic Indication Map)Tag length: 4Tag interpretation: DTIM count 0, DTIM period 1,
Bitmap control 0x0, (Bitmap suppressed)
14
Giuseppe Bianchi
The concept of Distribution SystemThe concept of Distribution System� “Logical” architecture
component� Provides a “service”� DSS = Distribution
System Service
� Standard does NOT say how it is implemented� Specified only which
functions it provides � Association� Disassociation� Reassociation� Integration� Distribution
� Association/disassociation� Registration/de-registration of a STA to an AP
� Equivalent to “plugging/unplugging the wire” to a switch
� DS uses this information to determine which AP send frames to
� Reassociation� i.e. handling STA mobility in a same ESS!
� Distribution� An AP receives a frame on its air interface (e.g. STA 2)
� It gives the message to the distribution service (DSS) of the DS
� The DSS has the duty to deliver the frame to the proper destination (AP)
� Integration� Must allow the connection to non 802.11 LANs� Though, in practice, non 802.11 LANs are Ethernet
and no “real portals” are deployed
Giuseppe Bianchi
DS, againDS, again
AP1 AP2 AP3
Association
IAPP/proprietary IAPP/proprietary
Distribution system (physical connectivity + logical service support)
MSs in a same ESS need to1) communicate each other2) move through the ESS
� Typical implementation (media)� Switched Ethernet Backbone� But alternative “Distribution Medium” are
possible� E.g. Wireless Distribution System (WDS)
� Implementation duties� an AP must inform other APs of associated
MSs MAC addresses
� Standardization� From 1997: tentative to standardize an IAPP� Finalized as “working practice standard” in
802.11F (june 2003)� Nobody cared!
� Plenty of proprietary solutions� Must use APs from same vendor in whole ESS
� Current trends (2004+):� Centralized solutions (see Aruba, Cisco, Colubris)
� Include centralized management, too!� Current attempt: convergence to CAPWAP?
15
Giuseppe Bianchi
Addressing in an ESSAddressing in an ESSSame approach! Works in general, Same approach! Works in general,
even if DA in different BSSeven if DA in different BSS
AP
Distribution System
DA
SA
BSSID#1
FrameControl
Duration/ ID
Address 1BSSID#1
Address 2SA
Address 3DA
SequenceControl
Data FCS
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
1 0
AP
DA
(unprecise! No portal here) idea: DS will be able to forward frame to dest(either if fixed or wireless MAC)
Giuseppe Bianchi
Addressing in an ESSAddressing in an ESSSame approach! Works in general, Same approach! Works in general,
even if DA in different BSSeven if DA in different BSS
AP
Distribution System
DASA
BSSID#2
AP
DA
FrameControl
Duration/ ID
Address 1DA
Address 2BSSID#2
Address 3SA
SequenceControl
Data FCS
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
0 1
16
Giuseppe Bianchi
Wireless Distribution SystemWireless Distribution System
AP1 AP2 AP3
DS medium:- not necessarily an ethernet backbone!- could be the 802.11 technology itself
Resulting AP = wireless bridge
Giuseppe Bianchi
Addressing within a WDSAddressing within a WDS
AP
Wireless Distribution System
SA
TA
AP
DA
FrameControl
Duration/ ID
Address 1RA
Address 2TA
Address 3DA
SequenceControl
Address 4SA
Data FCS
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
1 1
RA
Address 4: initially forgotten? ☺
17
Giuseppe Bianchi
Addressing: summaryAddressing: summary
Function To DS From DS Address 1 Address 2 Address 3 Address 4
IBSS 0 0 RA = DA SA BSSID N/A
From AP 0 1 RA = DA BSSID SA N/A
To AP 1 0 RA = BSSID SA DA N/A
Wireless DS 1 1 RA TA DA SA
Receiver Transmitter
� BSS Identifier (BSSID)� unique identifier for a particular BSS. In an infrastructure BSSID it is the MAC address of the AP. In IBSS, it is
random and locally administered by the starting station. (uniqueness)� Transmitter Address (TA)
� MAC address of the station that transmit the frame to the wireless medium. Always an individual address.� Receiver Address (RA)
� to which the frame is sent over wireless medium. Individual or Group.� Source Address (SA)
� MAC address of the station who originated the frame. Always individual address.
� May not match TA because of the indirection performed by DS of an IEEE 802.11 WLAN. SA field is considered by higher layers.
� Destination Address (DA)� Final destination . Individual or Group.
� May not match RA because of the indirection.
Giuseppe Bianchi
802.11 MAC802.11 MACCSMA/CA Distributed Coordination FunctionCSMA/CA Distributed Coordination Function
Carrier Sense Multiple AccessCarrier Sense Multiple AccessWith Collision AvoidanceWith Collision Avoidance
18
Giuseppe Bianchi
Wireless Medium UnreliabilityWireless Medium Unreliability
11 Mbps 802.11b outdoor measurements - Roma 2 Campus - roof nodes
Giuseppe Bianchi
Must rely on explicit ACKsMust rely on explicit ACKs
�Successful DATA transmission:
�ONLY IF an ACK is received
�ACK transmission provided by MAC layer
�Immediate retransmission» Don’t get confused with higher layer rtx
�DATA-ACK exchange:
�Also called two-way handshake
�Or Basic Access Mechanism
SENDER RECEIVER
DATA
ACK
19
Giuseppe Bianchi
Possible errorsPossible errors� Three causes of insuccess
� PHY Error�Receiver cannot synchronize with transmitted frame
» preamble + SFD needed�or cannot properly read Physical Layer Control Protocol (PLCP) header
» PLCP header contains the essential information on employed rate» Without it receiver cannot know how to demodulate/decode received frame!
� CRC32 error�MAC frame (MAC Header + Payload) CRC failures
» The greater the rate, the higher the SNR required to correctly transmit
� ACK Error�Transmitter does not receive ACK
» ACK corrupted by PHY or CRC32 errors� It IS an error: though data frame was correctly received, transmitted does not know
» Introduce issue of duplicated frames at the receiver
PHY MAC header Payload FCS
Preamble SFD PLCP hdr
Giuseppe Bianchi
Wireless errorsWireless errors11 Mbps 802.11b/g OUTDOOR measurements - Roma 2 Campus - roof nodes
PHY errors CANNOT be reduced through automatic rate fallback mechanisms
An (apparent) paradox: 802.11b@11mbps outdoor outperforms 802.11g@6mbps !!!but it is NOT a paradox ☺ since most 802.11g errors are PHY (unrelated with rate)…
802.11b@11Mbps 802.11g@6Mbps
20
Giuseppe Bianchi
Must forget Collision Detection!Must forget Collision Detection!
� One single RF circuitry� Either TX or RX…� Half-duplex
� Even if two simultaneous TX+RX: large difference (100+ dB!) in TX/RX signal power � Impossible to receive while transmitting
� On a same channel, of course
� Collision detection at sender: meaningless in wireless!� Ethernet = collision detection at sender� Wireless = large difference in the interference
power between sender & receiver!
� Collision OCCURS AT THE RECEIVER
STA
tx
rx
CA B
A detects a very low interference(C is far)no “collision”
B detects a disructive interference(C is near)collision occurs
Giuseppe Bianchi
Distributed Coordination Distributed Coordination Function BasicsFunction Basics
21
Giuseppe Bianchi
802.11 MAC802.11 MAC
DISTRIBUTED COORDINATION FUNCTION
DCF(CSMA/CA)
POINT COORDINATION
FUNCTION
PCF(polling)
Intended for Contention-Free Services
Used for all other services, and used as basis for PCF
PCF: baiscally never user / supported!!
Giuseppe Bianchi
802.11 MAC evolution 802.11 MAC evolution (802.11e, finalized in december 2005)(802.11e, finalized in december 2005)
DCF
PCF(polling)
Intended for Contention-Free Services
Used for service differentiation (priorities)
All enhancements rely on DCF basic operation!
Dead ☺
HCF Controlled Channel Access
HCCA(scheduling)
Enhanced Distributed ChannelAccess
EDCA(prioritized CSMA)
Legacy
HYBRID COORDINATION FUNCTION
HCF
22
Giuseppe Bianchi
Carrier Sense Multiple AccessCarrier Sense Multiple Access� Station may transmit ONLY IF senses channel IDLE for a
DIFS time� DIFS = Distributed Inter Frame Space
� Key idea: ACK replied after a SIFS < DIFS� SIFS = Short Inter Frame Space
� Other stations will NOT be able to access the channel during the handshake� Provides an atomic DATA-ACK transaction
DIFSDATA
SIFS ACK
TX
RX
Packet arrival
OTHERSTA
DIFS
Packet arrival
Must measure a whole DIFS
OK!
Giuseppe Bianchi
DATA/ACK frame formatDATA/ACK frame format
FrameControl
Duration/ ID
Address 1 Address 2 Address 3SequenceControl
Address 4 DataFramecheck
sequence
2 2 2 40-23126666
FrameControl
Duration/ ID
Address (RA)Framecheck
sequence
2 2 46
DATA frame: 28 (or 34) bytes + payload
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
ACK frame: 14 bytes – No need for TA address (the station receiving the ACK knows who’s this from)!!
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
0 1Type = Control (01)SubType = ACK (1101)1 1 0 1
Type = Data (10)SubType = Data (0000)
1 0 0 0 0 00 0
0 0 0 0 0 0 0 00 x
x x x x x xx x
23
Giuseppe Bianchi
Grasping wiGrasping wi--fi (802.11b) numbersfi (802.11b) numbers
� DIFS = 50 µµµµs� Rationale: 1 SIFS + 2 slot-times
�Slot time = 20 µs, more later
PHY MAC header 24 (30) Payload FCS
� SIFS = 10 µµµµs� Rationale: RX_TX turnaround time
�The shortest possible!
� DATA frame: TX time = f(rate)� Impressive PHY overhead!
� 192 µs per every single frame� Total data frame time (1500 bytes)
� @1 Mbps: 192+12288= 12480 µs » PHY+MAC overhead = 3.3%
� @11 Mbps: 192+ 1117.1 = 1309.1 µs» PHY+MAC overhead = 16.%
� Overhead increases for small frames!� ACK frame: TX at basic rate
� Typically 1 mbps but 2 mbps possible…� ACK frame duration (1mbps): 304 µs
Preamble SFD PLCP hdr
128 16 48
1 mbps DBPSK
192 µs
(28+payload) [bytes] x 8 / TX_rate [mbps] = µs
PHY ACK 14
192 µs
DATA
ACK
112 µs
Giuseppe Bianchi
And when an ACK is “hidden”?And when an ACK is “hidden”?
SENDER RECEIVERSTA
1) Sender TX Receiver RX
STA defers
BUSY DETECT (DATA)
SENDER RECEIVERSTA
2)Receiver ACKs(after SIFS)STA cannot hear…
SIFSACK
STA STA TX!DIFS
SENDER RECEIVERSTA
3)STA tranmitsAnd destroys ACK!
24
Giuseppe Bianchi
The Duration FieldThe Duration Field
FrameControl
Duration/ ID
Address 1 Address 2 Address 3SequenceControl
Address 4 DataFramecheck
sequence
2 2 2 40-23126666
0# microseconds1514131211109876543210
When bit 15 = 1 � NOT used as duration (used by power-saving frames to specify station ID)
DIFSDATA
SIFS ACK
OTHERSTA
Physical carrier sensing
NAV (data)
� Allows “Virtual Carrier Sensing”� Other than physically sensing the channel, each station keeps a Network
Allocation Vector (NAV)
� Continuously updates the NAV according to information read in the duration field of other frames
Virtual carrier sensing
Giuseppe Bianchi
And when a terminal is “hidden”?And when a terminal is “hidden”?
RECEIVER SENDERSTA
… this can be “solved” by increasing the sensitiveness of the Carrier Sense…Quite stupid, though (LOTS of side effects – out of the goals of this lecture)
SENDERSTA
… this can’s be “solved” by any means!
RECEIVER
� The Hidden Terminal Problem� SENDER and STA cannot hear each
other� SENDER transmits to RECEIVER� STA wants to send a frame
� Not necessarily to RECEIVER…
� STA senses the channel IDLE� Carrier Sense failure
� Collision occurs at RECEIVER� Destroys a possibly very long
TX!!
25
Giuseppe Bianchi
DIFSDATA
SIFS ACK
TX
RX
Packet arrival
RTS
SIFS CTS SIFS
The RTS/CTS solutionThe RTS/CTS solution
TX
RX
hidden
others
RTS
NAV (RTS)
RTS/CTS: carry the amount of time the channelwill be BUSY. Other stations may update a Network Allocation Vector, and defer TX
even if they sense the channel idle (Virtual Carrier Sensing)
CTS CTS
NAV (CTS)
(Update NAV)
Giuseppe Bianchi
RTS/CTS framesRTS/CTS frames
FrameControl
Duration/ ID
Address (RA)Framecheck
sequence
2 2 46
CTS frame: 14 bytes (same as ACK)
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
0 1Type = Control (01)SubType = CTS (1100)1 1 0 0
FrameControl
Duration/ ID
Address 1 (RA)Framecheck
sequence
2 2 46
RTS frame: 20 bytes
Protocolversion
Type
2 2
Sub TypeTo DS
FromDS
MoreFrag
RetryPwr
MNGMoreData
WEP Order
4 1 1 1 1 1 1 1 1
Type = Control (01)SubType = RTS (1011)
Address 2 (TA)
6
0 0 0 0 0 0 0 00 x
0 1 1 0 1 10 0 0 0 0 0 0 00 x
26
Giuseppe Bianchi
RTS/CTS and performanceRTS/CTS and performance
RTS/CTS cons: larger overheadRTS/CTS pros: reduced collision durationESPECIALLY FOR LONG PACKETSLong � packet > RTS_Threshold (configurable)
TODAY higher rates � No more significant
Giuseppe Bianchi
Issues with “duration” readingIssues with “duration” reading
RX
TXC
�“Duration” field in MAC header�Coded at same rate as payload
�Must receive whole MAC frame correctly
11 Mbps tx
11 mbpsrange
5.5 mbpsrange
2 mbpsrange
1 mbpsrange
� C cannot read TX frame� No way to know duration value
27
Giuseppe Bianchi
ACK may be hidden once again!ACK may be hidden once again!
RX
TXC
� C hidden from RX� Carrier sense remains IDLE during RX�TX ACK
� NAV could not be updated
� May transmit after a DIFS
� Destroying ACK!
ACK transm
Giuseppe Bianchi
EIFS = protect ACKEIFS = protect ACK
RX
TXC
�C cannot read data frame�CRC32 error
�Most of PHY errors
11 Mbps tx
11 mbpsrange
5.5 mbpsrange
2 mbpsrange
1 mbpsrange
� If planning to transmit:� No more after a DIFS
� But after a LONGER interval of time�Sufficiently long to protect
ACK transmission
28
Giuseppe Bianchi
EIFSEIFS
Data
ACK
NAV
Source
station
Destination station
Other stations receiving
Data frame correctly
Other stations
receiving Data frame
incorectly
DIFS
SIFS
EIFS
Back-off
Back-off
Back-off
Giuseppe Bianchi
Why backoff?Why backoff?
DIFSDATA
SIFS ACKSTA1
STA2
STA3
DIFS
Collision!
RULE: when the channel is initially sensed BUSY, station defers transmission;THEN,when channel sensed IDLE again for a DIFS, defer transmission of a further random time (Collision Avoidance)
29
Giuseppe Bianchi
Slotted BackoffSlotted Backoff
STA2
STA3
DIFS
Extract random number in range (0, W-1)Decrement every slot-time σ
w=7
w=5
Note: slot times are not physically delimited on the channel!Rather, they are logically identified by every STA
Slot-time values: 20µs for DSSS (wi-fi)Accounts for: 1) RX_TX turnaround time
2) busy detect time3) propagation delay
Giuseppe Bianchi
Backoff freezingBackoff freezing
�When STA is in backoff stage:
�It freezes the backoff counter as long as the channel is sensed BUSY
�It restarts decrementing the backoff as the channel is sensed IDLE for a DIFS period
DIFS DATA
SIFSACK
STATION 1
DIFS
SIFSACK 6 5
DIFS
Frozen slot-time 4BUSY medium
STATION 2
DIFS3 2 1
30
Giuseppe Bianchi
Why backoff between Why backoff between consecutive tx?consecutive tx?
� A listening station would never find a slot-time after the DIFS (necessary to decrement the backoff counter)
� Thus, it would remain stuck to the current backoff counter value forever!!
DIFS DATA
SIFSACK
S 1
DIFS6 5
DIFS
Frozen slot-time 4
BUSY medium
S 2
DIFS3
DATA
SIFSACK
DIFS
BUSY medium DIFS
Giuseppe Bianchi
Backoff rulesBackoff rules
�First backoff value:
�Extract a uniform random number in range (0,CWmin)
�If unsuccessful TX:
�Extract a uniform random number in range (0,2×(CWmin+1)-1)
�If unsuccessful TX:
�Extract a uniform random number in range (0,22×(CWmin+1)-1)
�Etc up to 2m×(CWmin+1)-1
Exponential Backoff!For 802.11b:
CWmin = 31CWmax = 1023 (m=5)
31
Giuseppe Bianchi
Further backoff rulesFurther backoff rules
� Truncated exponential backoff� After a number of attempts, transmission fails and frame is dropped
� Backoff process for new frame restarts from CWmin
� Protects against cannel capture �unlikely when stations are in visibility, but may occur in the case of
hidden stations� Two retry limits suggested:
� Short retry limit (4), apply to frames below a given threshold
� Long retry limit (7), apply to frames above given threshold
� (loose) rationale: short frames are most likely generated bu realk time stations�Of course not true in general; e.g. what about 40 bytes TCP ACKs?
Giuseppe Bianchi
DCF OverheadDCF Overhead
32
Giuseppe Bianchi
802.11b parameters (summary)802.11b parameters (summary)
PIFS used by Point Coordination Function- Time-bounded services- Polling scheme
PCF Never deployed
ParametersSIFS (µsec)
DIFS (µsec)Slot Time (µsec)
CWmin CWmax
802.11b PHY
10 50 20 31 1023
Giuseppe Bianchi
DCF overheadDCF overhead
min_
[ ]
[ ] / 2station
Frame Tx
E payload
E T DIFS CWS =
+ +
_Frame Tx MPDU ACKT T SIFS T= + +
TxCTSPLCPCTS
TxRTSPLCPRTS
TxACKPLCPACK
TxMPDUPLCPMPDU
RTT
RTT
RTT
RLTT
_
_
_
_
/148
/208
/148
/)28(8
⋅+=
⋅+=
⋅+=
+⋅+=
_Frame Tx RTS CTS MPDU ACKT T SIFS T SIFS T SIFS T= + + + + + +
33
Giuseppe Bianchi
Example: maximum achievable Example: maximum achievable throughput for 802.11bthroughput for 802.11b
DATA SIFSACK
DIFS
backoffDATA
Cycle time
� Data Rate = 11 mbps; ACK rate = 1 mbps� Payload = 1500 bytes
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
07.631050304101303
81500
31020231
][
50;10
3041/148192
130311/)150028(8192
=++++
×=
=×=
===⋅+=
≈+⋅+=
� Data Rate = 11 mbps; ACK rate = 1 mbps� Payload = 576 bytes
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
53.33105030410631
8576
31020231
][
50;10
3041/148192
63111/)57628(8192
=++++
×=
=×=
===⋅+=
≈+⋅+=
REPEAT RESULTS FOR RTS/CTS � Not viable (way too much overhead) at high rates!
Giuseppe Bianchi
DCF overhead (802.11b)DCF overhead (802.11b)
0 2000 4000 6000 8000
Tra nsmssion Time (use c )
Basic
RTS/CTS
Basic
RTS/CTS
DIFS Ave Backoff RTS+SIFS CTS+SIFS Payload+SIFS ACK
34
Giuseppe Bianchi
DCF overhead (802.11b)DCF overhead (802.11b)
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
100
300
500
700
900
1100
1300
1500
1700
1900
2100
2300
Payload Size (Bytes)
Norm
alized T
hroughput
BAS-2M bps
RTS-2M bps
BAS-11Mbps
RTS-11Mbps
Giuseppe Bianchi
802.11 MAC 802.11 MAC extrasextras
Selected topics, and for BSS case only (no IBSS)Selected topics, and for BSS case only (no IBSS)
35
Giuseppe Bianchi
Why FragmentationWhy Fragmentation
frame
Radioimpairment
frame
frag0 frag1 frag1 frag2 frag3 frag4 frag5
Radioimpairment
frag0 frag1 frag2 frag3 frag4 frag5
ACK
ACK
ACK
ACK
ACK
ACK
� High Bit Error Rate (BER) � increases with distance � The longer the frame, the lower the successful TX probability� High BER = high rtx overhead & increased rtx delay
� backoff window increase: cannot distinguish collision from tx error!!
Once again ☺: Fragmentation not Viable with “modern” 802.11 rates � not used
Giuseppe Bianchi
FragmentationFragmentation
� splits message (MSDU) into several frames (MPDU)� Same fragment size
�except last one� Fragmentation burst
� Fragments separated by SIFS�channel cannot be captured by
someone else� Each fragment individually ACKed
RTSsender
receiver
Other stations
t
DIFS SIFS SIFS
CTS
frag0SIFS
ACK
SIFS frag1
ACK
SIFS
NAV (RTS)
NAV (CTS)
NAV(frag0)
NAV(ACK)
� Each fragment reserves channel for next one
�NAV updated fragment by fragment
� Missing ACK for fragment x� release channel (automatic)
�ACK_Timeout much longer that SIFS!
� Backoff
� Restart from transmission of fragment x
36
Giuseppe Bianchi
Fragment and sequence numbersFragment and sequence numbers
FrameControl
Duration/ ID
Address 1 Address 2 Address 3SequenceControl
Address 4 DataFramecheck
sequence
2 2 2 40-23126666
DATA frame: 28 (or 34) bytes + payload
Fragmentnumber
Sequence Number
4 12
� Fragment number� Increasing integer value 0�15 (max 16 fragments since 4 bits available)
� Essential for reassembly� More Fragment bit (frame control field) set to:
� 1 for intermediate fragments
� 0 for last fragment� Sequence Number
� Used to filter out duplicates� Unlike Ethernet, hede duplicates are quite frequent! � retransmissions are a main feature of the MAC
� Retry bit: helps to distingush retransmission� Set to 0 at transmission of new frame
� Set to 1 at retransmissions
prot
MoreFrag
Retry
1 1
typ subtypetods
frds
PS
+da
Wor
Giuseppe Bianchi
Power managementPower management� beacons:
� Periodically transmitted� Include timestamp
� To enable STA synchronization
� [….etc etc…]
� Every beacon includes a “Traffic Indication Map” (TIM)� Information element listing the stations for which UNICAST frames are buffered
�Bitmap!! (2008 bits = 251 bytes… transmission split over multiple beacons)� A station may then issue a PS-Poll control frame to enable transmission
� Instead of duration, PS-Poll contains AID (Association IDentifier of the STA: 1…2007)
� What about broadcast & multicast frames� transmitted only after beacons containing a DTIM (Delivery TIM)
� 1 DTIM every X beacon (X configurable)
37
Giuseppe Bianchi
Power management Power management -- exampleexample
STA A
STA B
STA B has set ReceiveDTIM to false to minimize power consumption!…losing broadcast & multicast frames
Giuseppe Bianchi
Point Coordination Function Point Coordination Function
� Token-based access mechanism� Polling
� Channel arbitration enforced by a “point Coordinator” (PC)� Typically the AP, but not necessarily
� Contention-free access� No collision on channel
� PCF deployment: minimal!!� Optional part of the 802.11 specification
� As such, almost never deployed
� HCCA (802.11e) may be considered as PCF extension…
PHY
DCF
PCF
PCF deployed on TOP of DCFBackward compatibility
38
Giuseppe Bianchi
PCF frame transferPCF frame transfer
SIFS
Polling strategy: very elementary!!- send polling command to stations with increasing Association ID value…- (regardless whether they might have or not data to transmit)
Giuseppe Bianchi
MultiMulti--rate operationrate operation
�Rate selection: proprietary mechanism!
�Result: different chipsets operate widely different
�Two basic approaches
�Adjust rate according to measured link quality (SNR estimate)�How link quality is computed is again proprietary!
�Adjust rate according to frame loss�How many retries? Step used for rate reduction? Proprietary!�Problem: large amount of collisions (interpreted as frame loss)
forces rate adaptation
39
Giuseppe Bianchi
Performance AnomalyPerformance Anomaly� Question 1:
� Assume that throughput measured for a single 11 mbps greedy station is approx 6 mbps. What is per-STA throughput when two 11 mbps greedy stations compete?
� Answer 1:� Approx 3 mbps (easy ☺)
� Question 2:� Assume that throughput measured for a single 2 mbps greedy station is approx 1.7 mbps.
What is per-STA throughput when two 2 mbps greedy stations compete?� Answer 2:
� Approx 0.85 mbps (easy ☺)
� Question 3:� What is per-STA throughput when one 11 mbps greedy station compete with one 2 mbps
greedy station?� Answer 3:
� ...
Giuseppe Bianchi
Understanding Answers 1&2Understanding Answers 1&2(neclect collision (neclect collision –– indeed rare indeed rare –– just slightly reduce computed value)just slightly reduce computed value)
STA 1 SIFS
ACKDIFS
backoff
Cycle time
STA 2 SIFS
ACKDIFS
Frozen backoff
� Data Rate = 11 mbps; ACK rate = 1 mbps
� Payload = 1500 bytes
][]2[]1[81500
][][
]2[]1[backoffEDIFSACKSIFSTDIFSACKSIFSTtimecycleE
payloadEThrThr
MPDUMPDU ++++++++×===
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
3.3310)50304101303(2
81500
310202
31][
50;10
3041/148192
130311/)150028(8192
=++++×
×=
=×=
===⋅+=
≈+⋅+=
� Data Rate = 2 mbps; ACK rate = 1 mbps
� Payload = 1500 bytes
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
88.0310)50304106304(2
81500
310202
31][
50;10
3041/148192
63042/)150028(8192
=++++×
×=
=×=
===⋅+=
≈+⋅+=
40
Giuseppe Bianchi
Emerging “problem”: Emerging “problem”: longlong--term fairness!term fairness!
� If you have understood the previous example, you easily realize that
�802.11 provides FAIR access to stations�in terms of EQUAL NUMBER of
transmission opportunities in the long term!
�But this is INDEPENDENT OF transmission speed!
STA1 STA2 STA1 STA1STA2 STA2
Giuseppe Bianchi
Computing answer 3Computing answer 3
STA (2mbps) SIFS
ACKDIFS
Cycle time
STA 11SIFS
ACKDIFS
Frozen backoff
RESULT: SAME THROUGHPUT (in the long term)!!
!!!!!!39.1310)5030410(213036304
81500
][]2[]1[81500
][
][]2[]1[
Mbps
backoffEDIFSACKSIFSTDIFSACKSIFST
timecycleE
payloadEThrThr
MPDUMPDU
=+++++
×=
=++++++++
×=
===
DRAMATIC CONSEQUENCE: throughput is limited bySTA with slowest rate (lower that the maximum throughput achievable by the slow station)!!
41
Giuseppe Bianchi
Performance anomaly into actionPerformance anomaly into action
Why the network is soooo slow today? We’re so Close, we have a 54 mbps and“excellent” channel, and we getLess than 1 mbps …
Hahahahahah!!Poor channel, Rate-fallbacked @ 1mbps ☺
Giuseppe Bianchi
EDCA operationEDCA operation
See details in: See details in: G. Bianchi, I Tinnirello, and L. ScaliaG. Bianchi, I Tinnirello, and L. ScaliaIEEE NETWORK Magazine July/Aug. 2005IEEE NETWORK Magazine July/Aug. 2005
42
Giuseppe Bianchi
Multiple queuesMultiple queues
AC Best-effort
AC Best-effort
AC Back-ground
AC Back-ground
ACVideoAC
VideoAC
VoiceAC
VoiceVirtual collision HandlerVirtual collision Handler
AC Best-effort
AC Best-effort
AC Back-ground
AC Back-ground
ACVideo
ACVideo
ACVoice
ACVoice
Virtual collision HandlerVirtual collision Handler
Wireless Channel
AP�4 “Access Categories”
�Mapping the 8 priority levels provided by 802.1p
�Different parameters�Independently
operated�Collide (virtually) each other!
Giuseppe Bianchi
Differentiation methods in IEEE Differentiation methods in IEEE 802.11e EDCA802.11e EDCA
� Varying time to wait before channel access� Different size of AIFS (arbitrary inter frame space)
� Varying the size of contention windows� Different size of CWmin and CWmax
� Varying the amount of channel accessible time� Different duration of TXOP
43
Giuseppe Bianchi
TXOP differentiationTXOP differentiation
�Effective since it changes the holding time of the channel for each station
�Does not affect collisions
Giuseppe Bianchi
CWmin differentiationCWmin differentiation
� Operates by changing the long-term fairness ratio� The sharing of resources
is inversly proposional to the employed CWmin value�A station with
CWmin/4 will have 4 transmission opportunities versus 1, in average
� Problem: small CWs increase collision level!
Large N = large amount of collisions = = less effective differentiation = penalty in overall thr
44
Giuseppe Bianchi
AIFS differentiationAIFS differentiation
“Protected” slots for green
Light traffic
“Protected” slots for green
Heavy traffic
% of protected slots INCREASES