Upload
gerald-clark
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Wireless LANsEPL 657
Andreas Pitsillides
1
Contains slides and ideas from Teknillinen Korkeakoulou, Finland: Wireless personal, local, metropolitan, and wide area networks, S-72.3240, andEntNet@Supercom2004 WLAN tutorial, 23/6/2004
Feature Topic on the Future of Wi-Fi
• Wi-Fi is a well researched topic with wide applicability… why study further?
• E.g. call for Papers IEEE Communications Magazine– emerging and future generations of IEEE 802.11 Wi-Fi, such as
Wi-Fi CERTIFIED(tm) ac and WiGig CERTIFIED(tm), will be capable of achieving multiple gigabits per second speeds and be used to do everything from simple web browsing and peer-to-peer sharing, to multimedia streaming, real-time teleconferencing, cable replacement, and wireless docking, to name a few. Coupled with the recent introduction of Wi-Fi CERTIFIED(tm) Passpoint by the Wi-Fi Alliance, users can further enjoy seamless and secure connectivity when roaming between cellular and Wi-Fi and between Wi-Fi networks.
2
Future wi-fi technologies• Topics of interest include, but are not limited to, the
following categories:– - Technological overview of the recent, emerging, and future Wi-Fi
technologies– - PHY-, MAC-, and network-layer architectures and protocols– - Privacy and Security– - Spectrum and Regulatory– - Wi-Fi and cellular interworking– - Implementation and deployment challenges– - Emerging applications and services
3
WIRELESS LAN (WLAN)
• Selected topics• Introduction• WLAN aims• WLAN characteristics• WLAN design goals• Infrared vs radio transmission• Infrastructure-based vs ad-hoc networks• WLAN Standards• IEEE 802.11• WLAN Roaming• WLAN Security• WLAN enhancements• WLAN design issues
• Other technologies (separate slides)
4
Why Wireless LANs (WLANs)• Mobility (portability) and Flexibility • Places where there is no cabling infrastructure /
Hard to wire areas• Reduced cost of wireless systems• Improved flexibility of wireless systems• Cost
– Relatively low cost of deployment – Continual drop in price for WLAN equipment
5
Wireless LAN Applications• LAN Extension• Cross building interconnection• Nomadic access• Ad hoc networks
6
7
Vertical Markets
Factory floor Home
networking Hospital Office workers Retail stores Warehouse Stock market
Airport Hotel Starbuck College campus Convention
Center Miscellaneous
8
Example WLAN deployment - Hotel
Competing Technologies Wired Ethernet (802.3) Phone Line xDSL Power Line
Proposed: Wireless LAN (802.11) Why: Price/Performance and ease of
deployment Current status: almost all major hotel
chains in major (and not so major) cities
Wireless LANs
9
Wireless LAN considerations
• Throughput• Number of nodes• Connection to backbone• Service area• Battery power consumption• Transmission robustness and security• Collocated network operation• License free operation• Handoff/roaming• Dynamic configuration
10
WLANs goal
• A mature market introducing the flexibility of wireless access into office, home, or production environments.
• Typically restricted in their diameter to buildings, a campus, single rooms etc.
• The global goal of WLANs is to replace office cabling, increase flexibility of connection especially for portable devices and, additionally, to introduce a higher flexibility for ad hoc communication in, e.g., group meetings.
11
WLAN characteristics
• Advantages:– very flexible within radio coverage– ad-hoc networks without previous planning possible – wireless networks allow for the design of small,
independent devices – more robust against disasters (e.g., earthquakes, fire)
12
WLAN characteristics• Disadvantages:
– typically lower bandwidth compared to wired networks (~11 – 300 Mbit/s) due to limitations in radio transmission, higher error rates due to interference, and higher delay/delay variation due to extensive error correction and error detection mechanisms
• offer lower QoS– a number of proprietary solutions, especially for
higher bit-rates, and standards take their time (e.g., IEEE 802.11n)
• standardized functionality plus many enhanced features• additional features only work in a homogeneous
environment (i.e., when adapters from same vendors used) – products have to follow many national restrictions if
working wireless, it takes a very long time to establish global solutions
13
WLAN design goals• global, seamless operation of WLAN products• low power for battery use (special power saving
modes and power management functions)• no special permissions or licenses needed (license-
free band)• robust transmission technology• easy to use for everyone, simple management• protection of investment in wired networks (support
the same data types and services)• security – no one should be able to read other’s
data, privacy – no one should be able to collect user profiles, safety – low radiation
14
Known problems with WLANs• Wireless link characteristics: media is error prone and
the bit error rate (BER) is very high compared to the BER of wired networks.
• Carrier Sensing/collision detection is difficult in wireless networks because a station is incapable of listening to its own transmissions in order to detect a collision (more later).
• The Hidden Terminal problem also decreases the performance of a WLAN (more later).
• Mobility (variation in link reliability, seamless connections required, battery limitations) (more later)
15
Wireless Link Characteristics
Differences from wired link ….– decreased signal strength: radio signal attenuates as it
propagates through matter (path loss)– interference from other sources: standardized wireless network
frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); also devices (e.g. motors) interfere as well (noise)
– multipath propagation: radio signal reflects off objects, arriving at destination at slightly different times (channel quality varies over time)
– shared with other technologies and spectrum users– more difficult security (shared medium)
…. make communication across (even a point to point) wireless link much more “difficult”
16
Wireless LAN Radio Technology• Infrared (IR) LANs• Spread spectrum LANs• Narrow band microwave• Laser beam
17
18
ISM frequency bands
ISM (Industrial, Scientific and Medical) frequency bands:
• 900 MHz band (902 … 928 MHz) • 2.4 GHz band (2.4 … 2.4835 GHz)• 5.8 GHz band (5.725 … 5.850 GHz)
Anyone is allowed to use radio equipment for transmitting in these bands (provided specific transmission power limits are not exceeded) without obtaining a license.
WLAN Standards
• Several WLAN standards, e.g.:– IEEE 802.11b offering 11 Mbit/s at 2.4 GHz– The same radio spectrum is used by Bluetooth
• A short-range technology to set-up wireless personal area networks with gross data rates less than 1 Mbit/s
– IEEE 802.11a, operating at 5 GHz and offering gross data rates of 54 Mbit/s
– IEEE 802.11g offering up to 54 Mbit/s at 2.4 GHz. – IEEE 802.11n up and coming standard up to 300 Mbit/s
(two spatial streams; 600 Mbit/s with 4 spatial streams)– …
19
WLAN Standards
20
WirelessLAN
2.4 GHz 5 GHz
802.11(2 Mbps)
802.11b(11 Mbps)
802.11g(22-54 Mbps)
HiSWANa(54 Mbps)
802.11a(54 Mbps)
HiperLAN2(54 Mbps)
HomeRF 2.0(10 Mbps)
Bluetooth(1 Mbps)
HomeRF 1.0(2 Mbps)
802.11e(QoS)
802.11i(Security)
802.11f(IAPP)
802.11h(TPC-DFS)
802.11n(300Mb/sec)
802.11 Protocols under development
21
IEEE 802 standardisation framework
802.1
Manage-ment
802.3
MAC
802.3
PHY
802.5
MAC
802.5
PHY
802.11
PHY
802.11a
PHY
802.11b
PHY
802.11g
PHY
802.2 Logical Link Control (LLC)
802.11 Medium Access Control (MAC)
CSMA/CD(Ethernet)
CSMA/CA
Token Ring
CSMA/CA (Wireless LAN) 802.11n(300Mb/sec)
Many more protocols recently developed or under development
22
A recent call for papers (CFPs):
A new generation of Wireless Local Area Networks (WLANs) is going to make its appearance in the upcoming years, with the IEEE 802.11aa (Robust Audio Video Transport Streaming), IEEE 802.11ac (Very-high throughput < 6GHz), IEEE 802.11af (TV White Spaces) and IEEE 802.11ad (Very-high throughput ~60 GHz), as examples of the most expected ones. Nevertheless, all next-generation standards will consider some of the most significant advances on the wireless communication and networking area in the last decade, developed by a highly active community, in both academia and industry.
This special issue requests papers that advance the state-of-the-art of the recent and on-going IEEE 802.11 standards (i.e., IEEE 802.11p, IEEE 802.11s, IEEE 802.11aa, IEEE 802.11ac, IEEE 802.11ad, IEEE 802.11ae, IEEE 802.11ah, IEEE 802.11af, IEEE 802.11ai, etc.), as well as present mechanisms and solutions, from MAC or above layers, that could be readily transferred to the not-yet finished standards or their future amendments.
Recent IEEE 802 standardisation efforts
23
IEEE 802 wireless network technology options
Network definition
Wireless personal area network (WPAN)
Low-rate WPAN (LR-WPAN)
Wireless local area network (WLAN)
Wireless metroplitan area network (WMAN)
IEEE standard
IEEE 802.15.1
IEEE 802.15.4
IEEE 802.11
IEEE 802.16
Known as
Bluetooth
ZigBee
WiFi
WiMAX
IEEE 802.11 standard
• As the standards number indicates, this standard belongs to the group of 802.x LAN standards.
• This means that the standard specifies the physical and medium access layer adapted to the special requirements of wireless LANs, but offers the same interface as the others to higher layers to maintain interoperability.
• The primary goal of the standard was the specification of a simple and robust WLAN which offers time-bounded and asynchronous services.
24
IEEE 802.11 Wireless LAN
• 802.11b– 2.4-5 GHz unlicensed spectrum– up to 11 Mbps– direct sequence spread spectrum (DSSS)
in physical layer• all hosts use same chipping code
• 802.11a – 5-6 GHz range– up to 54 Mbps
• Shading is much more severe compared to 2.4 GHz
• Depending on the SNR, propagation conditions and distance between sender and receiver, data rates may drop fast
• 802.11g – 2.4-5 GHz range– up to 54 Mbps– Benefits from the better
propagation characteristics at 2.4 GHz compared to 5 GHz
• Backward compatible to 802.11b
• 802.11n: multiple antennae– 2.4-5 GHz range– typically 200++ Mbps
• IEEE 802.11e– MAC enhancements for
providing some QoS• Some QoS guarantees can be
given only via polling using PCF
25
all use CSMA/CA for multiple access all have base-station and ad-hoc network versions
Characteristics of selected wireless link standards
26
Indoor10-30m
Outdoor50-200m
Mid-rangeoutdoor
200m – 4 Km
Long-rangeoutdoor
5Km – 20 Km
.056
.384
1
4
5-11
54
IS-95, CDMA, GSM 2G
UMTS/WCDMA, CDMA2000 3G
802.15
802.11b
802.11a,g
UMTS/WCDMA-HSPDA, CDMA2000-1xEVDO 3G cellularenhanced
802.16 (WiMAX)
802.11a,g point-to-point
200 802.11n
Dat
a ra
te (
Mbp
s)
data
Infrastructure-based vs ad-hoc wireless networks
• Infrastructure networks provide access to other networks.• Communication typically takes place only between the
wireless nodes and the access point, but not directly between the wireless nodes.
• The access point does not just control medium access, but also acts as a bridge to other wireless or wired networks.
27
APAP
AP
wired network
AP: Access PointInfrastructure-based wireless networks
Infrastructure-based vs ad-hoc wireless networks• Several wireless networks may form one logical wireless
network:– The access points together with the fixed network in between can
connect several wireless networks to form a larger network beyond actual radio coverage.
• Network functionality lies within the access point (controls network flow), whereas the wireless clients can remain quite simple.
• Can use different access schemes with or without collision.– Collisions may occur if medium access of the wireless nodes and the
access point is not coordinated.• If only the access point controls medium access, no collisions are possible.
– Useful for quality of service guarantees (e.g., minimum bandwidth for certain nodes)
– The access point may poll the single wireless nodes to ensure the data rate.
28
Infrastructure-based vs ad-hoc wireless networks
• Infrastructure-based wireless networks loose some of the flexibility wireless networks can offer in general:– They cannot be used for disaster relief in cases where no
infrastructure is left.
29
Infrastructure-based vs ad-hoc wireless networks
• No need of any infrastructure to work– greatest possible flexibility
• Each node communicate with other nodes, so no access point controlling medium access is necessary.– The complexity of each node is much higher
• implement medium access mechanisms and forwarding data
30
Ad-hoc wireless networks
Infrastructure-based vs ad-hoc wireless networks
• Nodes within an ad-hoc network can only communicate if they can reach each other physically– if they are within each other’s radio range– if other nodes can/want to forward the message
• IEEE 802.11 WLANs are typically infrastructure-based networks, which additionally support ad-hoc networking
• Bluetooth is a typical wireless ad-hoc network
31
Elements of a wireless network
32
network infrastructure
wireless hosts laptop, PDA, IP phone run applications may be stationary (non-
mobile) or mobile– wireless does not always
mean mobility
Elements of a wireless network
33
network infrastructure
base station typically connected to
wired network relay - responsible for
sending packets between wired network and wireless host(s) in its “area”– e.g., cell towers,
802.11 access points
Elements of a wireless network
34
network infrastructure
wireless link typically used to connect
mobile(s) to base station also can be used as
backbone links multiple access protocol
coordinates link access various data rates,
transmission distance
Elements of a wireless network
35
network infrastructure
infrastructure mode base station connects
mobiles into wired network
handoff: mobile changes base station
Elements of a wireless network
36
Ad hoc mode no base stations nodes can only transmit to
other nodes within link coverage
nodes organize themselves into a network: route among themselves
Node disconnected from the rest of the ad-hoc network
WLAN components
Figure 2.11 Photographs of popular 802.11b WLAN equipment. Access points and a client card are shown on top, and PCMCIA Client card is shown on left and WLAN router on right. (Courtesy of Cisco Systems, Inc.)
37
IEEE 802.11 terminology
38
Basic Service Set (BSS)– group of stations using same radio frequency
Access Point (AP)– station integrated into the wireless LAN and
the distribution systemStation (STA)
– terminal with access mechanisms to wireless medium and radio contact to access point
Portal– bridge to other (wired) networks
Distribution System (DS)– interconnection network to form one logical
network Extended Service Set (EES)
– based on several BSS
Distribution System
Portal
802.x LAN
Access Point
802.11 LAN
BSS2
802.11 LAN
BSS1
Access Point
STA1
STA2 STA3
ESS
System Architecture of an infrastructure network
IEEE 802.11 BSS
• IEEE 802.11 allows the building of ad hoc networks between stations, thus forming one or more BSSs.– In this case, a BSS comprises a group of stations using the
same radio frequency. – Several BSSs can either be formed via the distance
between the BSSs or by using different carrier frequencies.
39
Distribution System (DS)
• Used to interconnect wireless cells (multiple BSS to form an ESS)
• Allows multiple mobile stations to access fixed resources
• Interconnects 802.11 technology
40
Access Points (AP)• Allows stations to associate with it• Supports Distributed Coordination Function (DCF)
and Point Coordination Function (PCF)• Provides management features
– Join/Associate with BSS– Time synchronisation (beaconing)– Power management
• all traffic flows through APs• Supports roaming
41
IEEE standard 802.11
42
mobile terminal
access point
fixedterminal
application
TCP
802.11 PHY
802.11 MAC
IP
802.3 MAC
802.3 PHY
application
TCP
802.3 PHY
802.3 MAC
IP
802.11 MAC
802.11 PHY
LLC
infrastructurenetwork
LLC LLC
IEEE 802.11 protocol
• Protocol architecture aims– Applications should not notice any difference apart from
the lower bandwidth and perhaps higher access time from the wireless LAN.
• WLAN behaves like, perhaps a ‘slower’, wired LAN.
– Consequently, the higher layers (application, TCP, IP) look the same for the wireless node as for the wired node.
– The differences are in physical and link layer • different media and access control
43
IEEE 802.11 protocol
– The physical layer provides a carrier sense signal, handles modulation and encoding/decoding of signals.
– The basic tasks of the MAC-medium access control protocol comprise medium access, fragmentation of user data, and encryption.
• The standard also specifies management layers.– The MAC management supports the association and re-
association of a station to an access point and roaming between different APs.
– Furthermore, it controls authentication mechanisms, encryption, synchronization of a station with regard to an AP, and power management to save battery power.
44
IEEE 802.11 • Physical layer
– Includes the provision of the Clear Channel Assessment-CCA signal (energy detection).
– This signal is needed for the MAC mechanisms controlling medium access and indicates if the medium is currently idle.
– A number of physical channels
45
Logical Link Control (LLC)
802.11 infrared
802.11 FHSS
802.11 DSSS
802.11a OFDM
802.11b HR-DSSS
802.11g OFDM
Media Access Control (MAC)
Physical layer
46
Wireless Transmission
Infrared (IR)
Radio Frequency (RF)
Spread Spectrum
Frequency Hopping
Direct Sequence
Orthogonal Frequency Division Multiplexing
Infrared vs radio transmission
47
Infrared light uses IR diodes, diffuse light reflected
at walls, furniture etc, or directed light if a LOS exists btn sender and receiver
Advantages simple, cheap, available in many
mobile devices (PDAs, laptops, mobile phones)
no licenses needed
Disadvantages interference by sunlight, heat sources
etc. many things shield or absorb IR light cannot penetrate obstacles (e.g.,
walls) low bandwidth (~115kbit/s, 4Mbit/s)
Example IrDA (Infrared Data Association)
interface available everywhere
Radio typically using the license free frequency
band at 2.4 GHz
Advantages– experience from wireless WAN
(microwave links) and mobile phones can be used
– coverage of larger areas possible (radio can penetrate (thinner) walls, furniture)
– higher transmission rates (~11 – 54 Mbit/s)
Disadvantages– very limited license free frequency
bands – shielding more difficult, interference with
other senders, or electrical devices
Example– IEEE 802.11, HIPERLAN, Bluetooth
48
Example WLAN physical layer
802.11
PHY
802.11a
PHY
802.11b
PHY
802.11g
PHY
802.11 Medium Access Control (MAC)
CSMA/CA
802.11g is the most popular physical layer, operating in the same band as 802.11b
ISM band: 2.4 … 2.4835 GHz
The signal format is OFDM (Orthogonal Frequency Division Multiplexing)
Data rates supported: various bit rates from 6 to 54 Mbit/s (same as 802.11a)
49
The ISM band at 2.4 GHz can be used by anyone as long as (in Europe...)
Transmitters using FH (Frequency Hopping) technology:
• Total transmission power < 100 mW • Power density < 100 mW / 100 kHz
Transmitters using DSSS technology:
• Total transmission power < 100 mW • Power density < 10 mW / 1 MHz
ETSI EN 300 328-1 requirements
ISM frequency band at 2.4 GHz
50
802.11 spectrum at 2.4 GHz
Divided into overlapping channels. For e.g. the 2.4000–2.4835 GHz band is divided into 13 channels each of width 22 MHz but spaced only 5 MHz apart, with channel 1 centred on 2.412 GHz and 13 on 2.472 GHz Availability of channels is regulated by country (e.g. Japan adds a 14th channel 12 MHz above channel 13). 3 channels are non overlappingGiven the separation between channels 1, 6, and 11, the signal on any channel should be sufficiently attenuated to minimally interfere with a transmitter on any other channel.
51
Recall: Free-space loss is dependent on frequency
The free-space loss L of a radio signal is:2 2
4 4d dfL
c
where d is the distance between transmitter and receiver, is the rf wavelength, f is the radio frequency, and c is the speed of light. The formula is valid for d >> , and does not take into account antenna gains (=> Friis formula) or obstucting elements causing
additional loss.
52
Free-space loss examples
For example, when d is 10 or 100 m, the free-space loss values (in dB) for the different ISM bands are:
d = 10 m d = 100 m
f = 900 MHz
f = 2.4 GHz
f = 5.8 GHz
L = 51.5 dB L = 71.5 dB
L = 60.0 dB L = 80.0 dB
L = 67.7 dB L = 87.7 dB
53
Network
IEEE 802.15.1 WPAN (Bluetooth)
IEEE 802.15.4 LR-WPAN (ZigBee)
IEEE 802.11 WLAN (WiFi)
IEEE 802.16 WMAN (WiMAX)
Maximum data rate
1 Mbit/s (Bluetooth v. 1.2)3 Mbit/s (Bluetooth v. 2.0)
250 kbit/s
11 Mbit/s (802.11b)54 Mbit/s (802.11g)300+ Mbit/s (802.11n)
134 Mbit/s
Maximum channel data rates
54
Network
IEEE 802.15.1 WPAN (Bluetooth)
IEEE 802.15.4 LR-WPAN (ZigBee)
IEEE 802.11 WLAN (WiFi)
IEEE 802.16 WMAN (WiMAX)
Modulation / spreading method
Gaussian FSK / FHSS
Offset-QPSK / DSSS
DQPSK / DSSS (802.11b) 64-QAM / OFDM (802.11g)
128-QAM / single carrier64-QAM / OFDM
Modulation / Signal spreading
Rate Adaptation• base station and mobile
dynamically change transmission rate (physical layer modulation technique) as mobile moves, SNR varies
55
802.11: advanced capabilities
QAM256 (8 Mbps)QAM16 (4 Mbps)
BPSK (1 Mbps)
10 20 30 40SNR(dB)
BE
R
10-1
10-2
10-3
10-5
10-6
10-7
10-4
operating point
1. As node moves away from base station SNR decreases, BER increase
2. When BER becomes too high, switch to lower transmission rate but with lower BER
IEEE 802.11: MAC overview
• Two basic access mechanisms have been defined for IEEE 802.11– CSMA/CA (mandatory) summarized as distributed
coordination function (DCF)• Optional method (RTS/CTS) avoiding the hidden terminal problem
– A contention-free polling method for time-bounded service called point coordination function (PCF)
• access point polls terminals according to a list
– DCF only offers asynchronous service, while PCF offers both asynchronous and time-bounded service, but needs the access point to control medium access and to avoid contention.
– only asynchronous data service in ad-hoc network mode
56
IEEE 802.11: MAC overview
• Within the MAC layer, Distributed Coordination Function (DCF) (asynchronous service) is used as a fundamental access method, while Point Coordination Function (PCF) (synchronous service) is optional.
– DCF is also known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol. It is an asynchronous access method based on the contention for the usage of shared channels. A contention-free access mechanism is provided through the RTS/CTS (Request to Send/Clear to Send) exchange.
– PCF is used for time-bounded transfer of data
57
IEEE 802.11: MAC overview• most important differences between WLAN and LAN
protocol design is the impossibility to detect all collisions. – difficult to receive (sense collisions) when transmitting due to weak
received signals (fading) • with receiving and sending antennas immediately next to each other, a
station is unable to see any signal but its own. • As a result, the complete packet will be sent before the incorrect
checksum reveals that a collision has happened. • Furthermore, receiver and transmitter mostly not on at the same time
– can’t sense all collisions in any case: hidden terminal, fading
58
AB
CA B C
A’s signalstrength
space
C’s signalstrength
59
Hidden Station Problem
A B C
A is talking to B.
C does not know this communication and starts talking to B. Collisions.
60
Utmost importance that number of collisions be limited to the absolute minimum.
DCFs CSMA/CA (CA-Collision Avoidance) is the MAC method used in a WLAN. (Wireless stations cannot detect collisions, i.e. the whole packet will be transmitted anyway).
Basic CSMA/CA operation:
1) If medium is free, then Wait a specified time (DIFS),Transmit frame
2) If medium busy, then backoff
CSMA/CA rule: backoff before
collision
IEEE 802.11: MAC overview
IEEE 802.11: MAC overview
• CSMA/CA protocol basics:– medium can be busy or idle (detected by the CCA Clear
Channel Assessment-CCA signal of the physical layer)• If medium busy this can be due to data frames or other control
frames
– during a contention phase several nodes try to access medium
– optionally, the standard allows for collision free operation through small reservation packets (RTS, CTS)
61
• Define (802.11b): – slot = 20 s (9 or 20 s for 802.11g)– Short inter-frame spacing (SIFS) = 10 s (16 s for 802.11a)
• shortest waiting time for medium access• defined for short control messages (e.g., ACK of data packets)
– DCF inter-frame spacing (DIFS) = 50 s (28 s for 802.11g) • longest waiting time used for asynchronous data service within a
contention period DIFS=SIFS + two slot times– PCF inter-frame spacing (PIFS)
• an access point polling other nodes only has to wait PIFS for medium access (for a time-bounded service) PIFS=SIFS + one slot time (30 s for 802.11b)
• The standard defines also two control frames:– RTS: Request To Send– CTS: Clear To Send
62
IEEE 802.11: MAC overview
Interframe Spacing (IFS) and priorities
• SIFS (Short IFS)– ACK, CTS, Poll Messages, Poll responses, CF-End
• PIFS (PCF IFS)– PCF operation mode, including Beacon,
Retransmitted poll messages
• DIFS (DCF IFS)– DCF operation mode, including back-off, RTS
• EIFS (Extended IFS)– After detection of erroneous frame
63
IEEE 802.11: CSMA/CA
• Collision Avoidance– idea is to prevent collisions at the moment they are
most likely to occur , i.e. when the bus is released (since many stations may compete then).
– In the event medium is sensed busy, all clients are forced to wait for a random number of timeslots and then sense the medium again, before starting a transmission.
– If the medium is sensed to be busy, the client freezes its timer until it becomes free again.
Thus, the chance of two clients starting to send simultaneously is reduced.
64
IEEE 802.11: CSMA/CA
– the overhead introduced by the Collision Avoidance delays should be as small as possible.
– the protocol should keep the number of collisions to a minimum, even under the highest possible load.
• To this end, the range of the random delay, or the contention window, is set to vary with the load.
• In the case of a collision, the congestion window (CW) is doubled progressively: 15, 31, 63,...1023, until a successful transmission occurs and the delay is reset to the minimal value.
• From the number CW (= 15 / 31 … 1023 slots) the random backoff bn (in terms of slots) is chosen in such a way that bn is uniformly distributed between 15/31 … CW.
• Since it is unlikely that several stations will choose the same value of bn, collisions are rare.
• The 802.11 standard does not fix the minimum and maximum values of the contention window. However, it does advise a minimum of 15 or 31 and a maximum of 1023.
65
IEEE 802.11: CSMA/CA • Broadcast data transfer (DCF)
66
t
medium busy
DIFSDIFS
next frame
contention window(randomized back-offmechanism)
slot timedirect access if medium is free DIFS
– station ready to send starts sensing the medium (Carrier Sense based on CCA-Clear Channel Assessment)
– if the medium is busy, the station has to wait for a free DIFS, then the station must additionally wait a random back-off time (collision avoidance)
– if another station occupies the medium during the back-off time of the station, the back-off timer stops (fairness – during the next phase this node will continue its timer from where it stopped)
– if the medium is free for the duration of a Distributed Coordination Function Inter-Frame Space (DIFS), then station can start sending
IEEE 802.11 : CSMA/CA
• E.g. Unicast data transfer
67
DIFS
data
ACK
otherstations
receiver
sender
t
data
DIFS
waiting time
contention
SIFS
– station has to wait for DIFS before sending data
– receivers acknowledge after waiting for a duration of a Short Inter-Frame Space (SIFS), if the packet was received correctly
Channel sensed busy
EE802.11: Exponential backoff mechanism
68
binary exponential backoff: After k collisions, a random number of slot times between 15 and 2k+5-1 is chosen. So, for the first collision, each sender might wait between 15 or 31 slot times. After the second collision, the senders might wait between 15 and 63 slot times, and so forth.
As the number of retransmission attempts increases, the number of possibilities for delay increases .
Note that the suggested minimum window is normally set at 15 (or 31) at start, so as to have some initial non-zero random delay and there is a max number prior to declaring the transmission not possible
69
Contention window (CW) for 802.11b
If transmission of a frame was unsuccessful and the frame is allowed to be retransmitted, before each retransmission the Contention Window (CW) from which bn is chosen (at random, starting from 15 or 31) is increased.
DIFS … CW = 25-1 = 31 slots (slot = 20 s)
Initial attempt
DIFS …CW = 26-1 = 63 slots1st retransm.
DIFSCW = 210-1 = 1023 slots
5th (and further) retransmissions
:
…
CW802.11b802.11b
EE802.11: Exponential backoff mechanism
:
70
Contention window (CW) for 802.11g
In the case of 802.11g operation, the initial CW length is 15 slots. The slot duration is 9 s. The backoff operation of 802.11g is substantially faster than that of 802.11b.
DIFS … CW = 24-1 = 15 slots (slot = 9 s)
Initial attempt
DIFS …CW = 25-1 = 31 slots1st retransm.
DIFSCW = 210-1 = 1023 slots
6th (and further) retransmissions
:
…
CW802.11g802.11g
EE802.11: Exponential backoff mechanism
:
71
Selection of random backoff
From the number CW (= 15 / 31 … 2k+5-1 slots) the random backoff bn (in terms of slots) is chosen in such a way that bn is uniformly distributed between 0 … CW.
Since it is unlikely that several stations will choose the same value of bn, collisions are rare.
The next slides show wireless medium access in action. The example involves four stations: A, B, C and D. ”Sending a packet” means ”Data+SIFS+ACK” sequence. Note how the backoff time may be split into several parts.
EE802.11: Exponential backoff mechanism
72
Wireless medium access example
Station A
Station B
Station C
Station D
DIFS
Defer
Defer
Contention Window
Backoff
1) While station A is sending a packet, stations B and C also wish to send packets, but have to wait (defer + backoff)
2) Station C is ”winner” (backoff time expires first) and starts sending packet
2
1
ACK
Data+SIFS+ACK
EE802.11: Exponential backoff mechanism
73
Wireless medium access example
Station A
Station B
Station C
Station D
DIFS DIFS
Defer
3) Station D also wishes to send a packet
4) When medium becomes idle plus DIFS elapses,
station B continues to count down and station D draws a CW number D(bn)
station B is ”winner” After its CW counts down to zero it starts sending packet
3
4
ACK
EE802.11: Exponential backoff mechanism
74
Wireless medium access example
Station A
Station B
Station C
Station D
DIFS
5) Station D counts down to 0 and then starts sending packet. Now there is no competition.
DIFS
5
ACK
EE802.11: Exponential backoff mechanism
75
No shortcuts for any station…
DIFS SIFS DIFS
ACK (B=>A)
Transmitted frame
(A=>B)
Next frame
(A=>B)
Backoff
When a station wants to send more than one frame, it has to use the backoff mechanism like any other station (of course it can ”capture” the channel by sending a long frame, for instance using fragmentation).
EE802.11: Exponential backoff mechanism
Avoiding collisions (using extra signalling). How?
idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames
• sender first transmits small request-to-send (RTS) packets to BS using CSMA– RTS packets may still collide with each other (but they are very short)
• BS broadcasts clear-to-send CTS in response to RTS• CTS heard by all nodes
– sender transmits data frame– other stations defer transmissions. For how long?
76
avoid data frame collisions completely using small reservation packets!
IEEE 802.11: MAC overview
77
Network Allocation Vector (NAV)
Each RTS frame includes the duration of the time it needs to occupy the channel.
NAV: a timer on other stations which have to wait NAV before checking if the channel/medium is free.
When a station (WS1) sends RTS (or CTS), other stations on the system start NAV (WS2 and WS3 in example below)
RTSRTS
WS3 WS1 WS2
78
Hidden Station Problem (Solution)
B CA
RTS/NAV RTS/NAV
CTS
Data CTS/NAV
B accepts RTS from A and rejects RTS from C.
CTS from B (actually BS) to A is also received on C which starts the NAV timer in CTS.
A and C want to send to B B can hear A and CA and C cannot hear each other
79
Busy Medium
Physically busy: a station senses the wireless medium to determine if it is busy.
Virtually busy: a station receives a control message (RTS or CTS) which indicates the wireless medium is busy for the duration of the NAV timer. All stations must monitor the headers of all frames
they receive and store the NAV value in a counter. The counter decrements in steps of one microsecond.
When the counter reaches zero, the channel is available again.
IEEE 802.11 • Sending unicast packets with RTS/CTS control frames
80
SIFS
DIFS
data
ACK
totherstations
receiver
senderdata
DIFS
defer access contention
RTS
CTSSIFS SIFS
NAV (RTS)=3SIFS+CTS+data+ACKNAV (CTS)=2SIFS+data+ACK
– station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium and the ACK related to it).
– Every node receiving this RTS now has to set its net allocation vector – it specifies the earliest point at which the node can try to access the medium again
– acknowledgement via CTS after SIFS by receiver (if ready to receive)– sender can now send data at once, acknowledgement via ACK– Other stations store medium reservations distributed via RTS and CTS
81
Collision Avoidance: RTS-CTS exchange
APA B
time
RTS(A)RTS(B)
RTS(A)
CTS(A) CTS(A)
DATA (A)
ACK(A) ACK(A)
reservation collision
defer
802.11 MAC Timing
82
83
Masters thesis
http://eeweb.poly.edu/dgoodman/fainberg.pdf
Note that DIFS should had been part of the idle time
Example calculation of throughput
84
85
Point Coordination Function (PCF)
Optional and implemented on top of DCF. Must be running in conjunction with DCF.
A single Access Point (AP) controls access to the medium, and a Point Coordinator Agent resides in the AP.
AP sends a beacon message and all stations stop DCF.
AP polls each station for data, and after a given time interval moves to the next station.
Guaranteed maximum latency No station is allowed to transmit unless it is polled. AP could have a priority scheme for stations, and
support time-sensitive applications.
86
PCF (cont.)
B PCF busy B PCFDCF
NAV NAV
B: beacon message
Contention free period (CFP)
Contention period (CP)
repetition interval
DCF
87
Additional WLAN Features
Positive Acknowledgement Sequence Control Fragmentation
Large frames vs. small frames Error-prone medium
IEEE 802.11 framing and addressing
88
89
Internetrouter
AP
H1 R1
AP MAC addr H1 MAC addr R1 MAC addr
address 1 address 2 address 3
802.11 frame
R1 MAC addr H1 MAC addr
dest. address source address
802.3 frame
802.11 frame: addressing
802.11 frame: addressing
90
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
Address 2: MAC addressof wireless host or AP transmitting this frame
Address 1: MAC addressof wireless host or AP to receive this frame
Address 3: MAC addressof router interface to which AP is attached
Address 4: see later
91
Recall: Routing in a (W)LAN
Recall: Routing in a (W)LAN is based on MAC addresses. A router performs mapping between these two address types (IP-MAC):
IP network(W)LAN
RouterRouter ServerServer(W)LAN device
(W)LAN device
00:90:4B:00:0C:72 124.2.10.57
00:90:4B:00:0C:72
124.2.10.57
92
Recall: Address allocation
MAC addresses associated with hardware devices.
IP addresses can be allocated to (W)LAN devices either on a permanent basis or dynamically from an address pool using the Dynamic Host Configuration Protocol (DHCP).
The DHCP server may be a separate network element (or for example integrated into a RADIUS server that offers a set of additional features), or may be integrated with the address-mapping router and/or access point.
RADIUS = Remote Authentication Dial-In User Service
93
Recall: Network Address Translation (NAT)
Recall:
On (W)LAN side of network address translator (NAT device), different (W)LAN users are identified using private (reusable, globally not unique) IP addresses.
On Internet side of NAT device, only one (globally unique) IP address is used. Users are identified by means of different TCP/UDP port numbers.
In client - server type of communication, application on the server is usually behind a certain TCP/UDP port number (e.g. 80 for HTTP) whereas clients can be allocated port numbers from a large address range.
94
Recall: NAT example
IP network(W)LAN
ServerServerNAT
device
NAT device
10.2.1.57
User 1User 1
User 2User 2
User 1 IP address
User 2 IP address 10.2.1.58
IP address for all users in (W)LAN:
124.0.6.12
14781User 1 TCP port number
User 2 TCP port number 14782
95
Case study: ADSL WLAN router
1) The ADSL connection to the wide area network (WAN) is allocated a globally unique IP address using DHCP.
2) We assume that the router has NAT functionality. Behind the router, in the private LAN network, wireless and cabled LAN devices are allocated private IP addresses, again using DHCP (this is a kind of "double DHCP" scenario).
Although routing in the LAN is based on MAC addresses, the IP applications running on the LAN devices still need their own "dummy" IP addresses.
96
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
802.11 frame: more
duration of reserved transmission time (RTS/CTS)
frame seq #(for Reliable Data Transfer)
frame type(RTS, CTS, ACK, data)
TypeFromAP
SubtypeToAP
More frag
WEPMoredata
Powermgt
Retry RsvdProtocolversion
2 2 4 1 1 1 1 1 11 1
97
802.11 Frame Format
Q: Why do we need four address fields in 802.11?
Ref. IEEE 802.11 standards
Frame Contro
l
Duration ID
Address 1
Address 2
Address 3
Sequence
Control
Address 4
Frame Body (0 – 2312 bytes) FCS
22 6 6 6 62
4
98
802.11 Addresses
DS: Distribution System BSSID: Basic Service Set ID
DA: Destination Address SA: Source Address
To DS
From DS
Address 1
Address 2
Address 3
Address 4
0 0 DA SA BSSID N/A
0 1 DA Sending AP
SA N/A
1 0 Receiving AP
SA DA N/A
1 1 Receiving AP
Sending AP
DA SA
99
Case - 00
11-22-33-01-01-01 11-22-33-02-02-02
A4: not used
A3: BSS ID
A2: 11-22-33-02-02-02
A1: 11-22-33-01-01-01 DA
SA
100
Case – 01 (wired to wireless)
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
DA: 11-22-33-01-01-01
A4: not used
A3: 11-22-33-02-02-02
A2: 99-88-77-09-09-09
A1: 11-22-33-01-01-01
wired 802.3
wireless 802.11
SA: 11-22-33-02-02-02
Sending AP
DA
SA
101
Case – 10 (wireless to wired)
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
A4: not used
A3: 11-22-33-02-02-02
A2: 11-22-33-01-01-01
A1: 99-88-77-09-09-09
wired 802.3
wireless 802.11
Receiving AP
DA
SA
102
Case – 11 (via wireless)
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
A4: 11-22-33-01-01-01
A3: 11-22-33-02-02-02
A2: 99-88-77-09-09-09
A1: 99-88-77-08-08-08
SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
99-88-77-08-08-08
wired 802.3
wireless 802.11
wired 802.3
103
Wireless Bridge
Wireless Bridge
Ethernet Backbone
Wireless Bridge
Building A Building B
Ethernet Backbone
Case 11
IEEE 802.11 management issues: synchronisation, power management, and
roaming
104
MAC management
• Synchronization - finding and staying with a WLAN - synchronization functions
• Power Management- sleeping without missing any messages- power management functions
• Roaming - functions for joining a network- changing access points- scanning for access points
• Management information base (MIB)
105
IEEE 802.11 association, roaming, synchronisation
• Stations can select an AP and associate with it.• The APs support roaming (i.e. changing access
points), the distribution system (DS) then handles data transfer between the different APs.
• Furthermore, APs provide synchronization within a BSS, support power management, and can control medium access to support time-bounded service.
106
Scanning• Scanning is required for many functions
- finding and joining a network- finding a new access point during roaming
• Passive scanning- find networks simply by listening for beacons
• Active scanning - on each channel send a probe and wait
for probe response
802.11: passive/active scanning
108
AP 2AP 1
H1
BBS 2BBS 1
122
3 4
Active Scanning: (1) Probe Request frame broadcast
from H1(2) Probes response frame sent from
APs(3) Association Request frame sent:
H1 to selected AP (4) Association Response frame
sent: AP to H1
AP 2AP 1
H1
BBS 2BBS 1
1
23
1
Passive Scanning: (1) beacon frames sent from APs(2) association Request frame sent:
H1 to selected AP (3) association Response frame sent:
AP to H1
802.11: Channels, association• 802.11b: 2.4GHz-2.485GHz spectrum divided into 13
channels (EU, USA 11 channels) at different frequencies– AP admin chooses frequency for AP– interference possible: channel can be same as that
chosen by neighboring AP!
• host: must associate with an AP– scans channels, listening for beacon frames containing
AP’s name (SSID) and MAC address– selects AP to associate with– may perform authentication– will typically run DHCP to get IP address in AP’s subnet
109
Synchronization• Timing synchronization function (TSF)• Used for power management
– beacons sent at well known intervals– all station timers in BSS are synchronized
110
B
busybusy
B B
busy busy
B
B beacon Value of time stamp
Accesspointmedium
Beacon interval
B
t
Power Management• Mobile devices are battery powered
- power management is important for mobility
• 802.11 power management protocol- allows transceiver to be off as much as possible - is transparent to existing
protocols
Power management approach• Allow idle stations to go to sleep -
station’s power save mode stored in AP• APs buffer packets for sleeping stations -
AP announces which stations have frames buffered
- traffic indication map (TIM) sent with every beacon
• Power saving stations wake up periodically
113
802.11: Power management approach
node-to-AP: “I am going to sleep until next beacon frame”– AP knows not to transmit frames to this node– node wakes up before next beacon frame
beacon frame: contains list of mobiles with AP-to-mobile frames waiting to be sent– node will stay awake if AP-to-mobile frames
to be sent; otherwise sleep again until next beacon frame
802.11: beacon frames• Each beacon frame carries the following information in
the frame body:– Beacon interval. amount of time between beacon transmissions. Before a
station enters power save mode, station needs the beacon interval to know when to wake up to receive the beacon.
– Timestamp. After receiving beacon frame, station uses timestamp value to update its local clock. Enables synchronization among all stations associated with the same access point.
– Service Set Identifier (SSID). The SSID identifies a specific WLAN. Before associating with a particular WLAN, a station must have the same SSID as the access point. By default, access points include the SSID in the beacon frame to enable sniffing functions to identify the SSID and automatically configure the WLAN NIC with the proper SSID.
– Supported rates. For example, a beacon may indicate that only 1, 2, and 5.5Mbps data rates are available. As a result, an 802.11b station would stay within limits and not use 11 Mbps. With this information, stations can use performance metrics to decide which access point to associate with.
114
802.11: beacon frames– Parameter Sets. The beacon includes information about the specific
signalling methods (such as frequency hopping spread spectrum, direct sequence spread spectrum, etc.). For example, a beacon would include in the appropriate parameter set the channel number that an 802.11b access point is using. Likewise, a beacon belonging to frequency hopping network would indicate hopping pattern and dwell time.
– Capability Information. This signifies requirements of stations that wish to belong to the wireless LAN that the beacon represents. For example, this information may indicate that all stations must use wired equivalent privacy (WEP) in order to participate on the network.
– Traffic Indication Map (TIM). An access point periodically sends the TIM within a beacon to identify which stations using power saving mode have data frames waiting for them in the access point's buffer. The TIM identifies a station by the association ID that the access point assigned during the association process.
115
802.11: beacon frames and probe response frames• 802.11 probe response frame
– similar to a beacon frame, except without TIM info and are only sent in response to a probe request.
– A station may send a probe request frame to trigger a probe response when the station needs to obtain information from another station.
– A radio NIC, for instance, will broadcast a probe request when using active scanning to determine which access points are within range for possible association.
– Some sniffing software (e.g., NetStumbler) tools send probe requests so that access points will respond with desired info.
116
WLAN Roaming
118
Corporate Network
AccessPoint
A
Laptop A(with WLAN card)
Laptop B(with WLAN card)
Laptop C(with WLAN card)
Moving to Access Point B
Computer Computer Computer
WLAN Roaming
AccessPoint
B
Laptop D(with WLAN card)
Laptop E(with WLAN card)
Laptop C(with WLAN card)
Registering to Access Point B
Reassocia
tion
Req
uest
Reassocia
tion
Resp
on
se
Mobile stations may move beyond the
coverage area of their AP
but within range of another AP
Re association allows station to continue operation.
WLAN Roaming
• No or bad connection? Then perform:– Scanning
• scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer
– Reassociation Request• station sends a request to one or several AP(s)
– Reassociation Response• success: AP has answered, station can now participate• failure: continue scanning
– AP accepts Reassociation Request• signal the new station to the distribution system• the distribution system updates its data base (i.e., location
information)• typically, the distribution system now informs the old AP so it
can release resources
119
Roaming approach• Station decides that link to its current AP is poor• Station uses scanning function to find another AP• Station sends Re-association Request to new AP• If AP accepts Re-association Request
- AP indicates Re-association to the distributed system
- Distributed system information is updated
• If Re-association Response is successful - then station has roamed to the
new AP - else station scans for another AP
Joining a network• Phase 1
– Scanning• Active (probe)• Passive (beacon)
• Phase 2– Authentication (more later)
• Open system• Some admission scheme / shared key
• Phase 3– Association or Reassociation (allows mobility/roaming
more later)
121
WLAN Roaming• L2 handover
– If handover from one AP to another belonging to the same subnet, then handover is completed at L2
• L3 handover– If new AP is in another domain, then the
handover must be completed at L3, due to the assignment of an IP belonging to the new domain – hence routing to the new IP.
• Mobile IP deals with these issues – more later
122
• H1 remains in same IP subnet: IP address can remain same
• switch: which AP is associated with H1?– self-learning: switch will
see frame from H1 and “remember” which switch port can be used to reach H1
123
hub or switch
AP 2
AP 1
H1 BBS 2
BBS 1
802.11: mobility within same subnet
router
124
Distribution system (DS) - IAPP
DS is the mechanism by which APs and other nodes in the wired IP subnetwork communicate with each other.
AP AP
RouterDistribution System (DS)
This communication, using the Inter-Access Point Protocol (IAPP), is essential for link-layer mobility (=> stations can seamlessly move between different BSS networks).
External network (LAN or
Internet)
125
Distribution system (cont.)
For instance, when a wireless station moves from one BSS to another, all nodes must update their databases, so that the DS can distribute packets via the correct AP.
AP 1 AP 2
Router
WS
AP 1, AP 2 and router: update your databases!
Packets for this WS will now be routed via AP 2.
Distribution System (DS)
WS moves to another BSS
126
Basic routing example
When WS associates with AP 2, the router in charge of the IP subnet addressing obtains an IP address from the DHCP (Dynamic Host Configuration Protocol) server.
Router
AP 1 AP 2
Distribution System (DS)
DHCP Server
Association
Fetch IP address
1
2
1
2
External network (LAN or
Internet)
WS
127
Basic routing example (cont.)
The router must maintain binding between this IP address and the MAC address of the wireless station.
Router
AP 1 AP 2
Distribution System (DS) External network (LAN or
Internet)124.2.10.57
00:90:4B:00:0C:72
00:90:4B:00:0C:72 WS
128
Basic routing example (cont.)Basic routing example (cont.)
The globally unique MAC address of the wireless station is used for routing the packets within the IP subnetwork (DS + attached BSS networks).
Router
AP 1 AP 2
Distribution System (DS) External network (LAN or
Internet)124.2.10.57
00:90:4B:00:0C:72
00:90:4B:00:0C:72 WS
129
Basic routing example (cont.)Basic routing example (cont.)
The dynamic and local IP address of the wireless station is only valid for the duration of attachment to the WLAN and is used for communicating with the outside world.
Router
AP 1 AP 2
Distribution System (DS) External network (LAN or
Internet)124.2.10.57
00:90:4B:00:0C:72
00:90:4B:00:0C:72 WS
130
Basic routing example (cont.)Basic routing example (cont.)
The router must also know (and use) the MAC address of the access point via which the packets must be routed. For this purpose, a special protocol (IAPP) is needed!
Router
AP 1 AP 2
Distribution System (DS) External network (LAN or
Internet)124.2.10.57
00:90:4B:00:0C:7200:03:76:BC:0D:12
00:90:4B:00:0C:72
00:03:76:BC:0D:12
WS
131
IAPP (Inter-Access Point Protocol)
IAPP (defined in IEEE 802.11f) offers mobility in the Data link layer (within an ESS = Extended Service Set).
Router
AP 1 AP 3
Distribution System (DS) External network (LAN or
Internet)AP 2
IAPP: APs must be able to communicate with each other when the station moves around in the WLAN
12
132
In addition to IAPP …
IAPP alone is not sufficient to enable seamless handovers in a WLAN. The stations must be able to measure the signal strengths from surrounding APs and decide when and to which AP a handover should be performed (no 802.11 standardised solutions are available for this operation).
In 802.11 networks, a handover means reassociating with the new AP. There may be two kinds of problems:
• will handover work when APs are from different vendors?
• will handover work together with security solutions?
133
Mobility Management (MM)
There are basically two objectives of Mobility Management:
MM offers seamless handovers when moving from one network/subnetwork/BSS to another
MM makes sure that users or terminals can be reached when they move to another network/subnetwork/BSS
1.
2.
Active network connection – handover Active network connection – handover
Passive user/terminal – reachabilityPassive user/terminal – reachability
134
MM in cellular wireless networks (1)
1. Handover: In a cellular wireless network (e.g. GSM), the call is not dropped when a user moves to another cell. Handovers are based on measurements performed by the mobile terminal and base stations.
BS 1 BS 2
135
MM in cellular wireless networks (2)
VLR HLR
2. Reachability (allows roaming): In a cellular wireless network, the HLR (Home Location Register) knows in which VLR (Visitor Location Register) area the mobile terminal is located. The VLR then uses paging to find the terminal.
Mobile subscriber number points to
HLR points to
Paging
137
MM in three different OSI layers
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model:
Application layerApplication layer
……
……
Transport layerTransport layer
Network layerNetwork layer
Data link layerData link layer
Physical layerPhysical layer
e.g. SIP (Session Initiation Protocol)
e.g. Mobile IP
IAPP (Inter-Access Point Protocol)
Terminal mobility
Personal mobility
Handovers
138
MM in the Data link layer
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model:
Application layerApplication layer
……
……
Transport layerTransport layer
Network layerNetwork layer
Data link layerData link layer
Physical layerPhysical layer
IAPP (IEEE 802.11f):
Seamless roaming within an ESS network (= IP subnet).
Handover is not possible when moving from one ESS network to another.
No reachability solutions.
139
MM in the Network layer
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model:
Application layerApplication layer
……
……
Transport layerTransport layer
Network layerNetwork layer
Data link layerData link layer
Physical layerPhysical layer
Mobile IP:
Seamless roaming between ESS networks (= IP subnetworks).
Handover is possible when moving from one ESS (or WLAN) network to another.
140
MM in the Application layer
Mobility Management (MM) schemes are possible in three different layers of the OSI protocol layer model:
Application layerApplication layer
……
……
Transport layerTransport layer
Network layerNetwork layer
Data link layerData link layer
Physical layerPhysical layer
SIP (or other application layer solutions):
No seamless handovers as such...
However, the terminal can be reached from the outside network, like with Mobile IP.
141
Mobility management summary
Within a WLAN, handovers are possible (based on IAPP + proprietary solutions in equipment), but there is no IEEE-supported reachability solution available.
Handovers between different WLANs require Mobile IP (which offers also reachability). Unfortunately, Mobile IP includes a non-transparent mechanism (Discovering Care-of Address) that must be implemented in all APs.
Global reachability of wireless stations can be achieved using SIP or similar Application layer concepts. SIP does not require changes to APs.
142
IEEE 802.11f
f IAPP
f IAPP
eQoS
eQoS
iSecurity
iSecurity
802.11 basic protocol802.11 basic protocol
hDFS/TCP
hDFS/TCP
dScanning
dScanning
aOFDM 5GHz
aOFDM 5GHz
bDSSS 2.4GHz
bDSSS 2.4GHz
gOFDM 2.4GHz
gOFDM 2.4GHz
The objective: to specify the Inter-Access Point Protocol (IAPP) that enables seamless roaming between different Access Points within an ESS.
Note: 802.11f is not concerned with roaming between ESS networks. For this purpose, non-802.11 solutions must be used.
143
WLAN: Design and Deployment
(part of design exerciseSupplemented with Slides by Mr
Mylonas in Lab part)
144
Wireless LAN Design Several design issues
Business Case – justify your case and cost Product Selection Wireless Access points
Location Frequency/Channel
Security Performance Reliability Management Scalability Miscellaneous
145
Product Selection Wireless Stations
Desktop: PCI or USB Laptop PDA
Wireless Access Points (WAP) Wireless Bridge, if needed:
connecting multiple WLAN segments A wireless bridge does not support end
stations Wireless Repeater: Bridge + AP
A wireless repeater supports end stations Wireless Switch Security Server (RADIUS Server)Ref: http://www.practicallynetworked.com/networking/wireless_bridge.htm
146
Multiple BSS Configuration(different channels/frequencies)
Access Point
Access Point
LAN Backbone
Channel 1
Channel 6
WirelessClients
Access Point
WirelessClients
WirelessClients
Server Channel 11
Access Point
147
Office Design (802.11b) Location and Channel Selection
Channel 1
Channel 1
Channel 1
Channel 6
Channel 11
100 metres
100 metres
Design: One AP or more APs?
148
Dense populations Case study:
1000 users in 100mx100m facility 3 or 4 APs will cover the system (in range) Need more APs in the area than physically required?
to provide Bandwidth that is defined by customer
What side-effects are created, if any? Interference from neighbouring units
Determining Cell Density
• Cell size and throughput-based data rate will affect the cell density (maximum number of users per cell. ).
• To determine cell density for a best-effort network, • determine average throughput per user • divide throughput rate of AP by throughput per user. This provides maximum active transmissions per cell.
• In a best-effort WLAN, data latency does not affect the outcome.
• In general, throughput will be about half the data rate of the access point.
150
Dense Population Area
Reduce Cell size Reduce Antenna
gain or transmitter power to create smaller cell size
100m × 100m area
Pink: Channel 1 Yellow: Channel 6 Green: Channel 11
151
WLAN Performance
802.11b 802.11a 802.11g
Link Rate (max)
11M bps 54M bps 54M bps
UDP 7.1M bps 30.5M bps
30.5M bps
TCP 5.9M bps 24.4M bps
24.4M bps
Ref. “WLAN Testing with IXIA IxChariot,” IXIA White Paper
The test was conducted in a lab environment, and the distance is expected to be less than 10m.
Appears in EntNet@Supercom2004, 06/23/2004
152 Appears in EntNet@Supercom2004, 06/23/2004
WLAN Performance (line rate)
Data Source: Cisco Networking Professional On-Line Live Tech Talk
WLAN Performance
0
10
20
30
40
50
60
0 30 60 90 120 150
Distance (m)
Th
rou
gh
pu
t (M
bp
s)
802.11a
802.11g
802.11b
Determining Cell SizeCell size -- area of coverage provided by an access point.
Size of the cell determined by several factors:•transmit power and receiver sensitivity of the radios in AP and client •antennas used by the AP and client •data rate used •frequency and modulation technique •antenna gain•Environment (e.g. actual coverage characteristics)
Cell size is limited by the device with the weakest RF characteristics
Coverage – design issues
Figure 2.13 A predicted coverage plot for three access points in a modern large lecture hall. (Courtesy of Wireless Valley Communications, Inc., ©2000, all rights reserved.)
154
Figure 2.15 A typical neighborhood where high speed license free WLAN service from the street might be contemplated [Dur98b].
155
Coverage – design issues
Figure 2.16 Measured values of path loss using a street-mounted lamp-post transmitter at 5.8 GHz, for various types of customer premise antenna [from [Dur98], ©IEEE].
156
Coverage – design issues
157
Tools for WLAN planningMany tools are available offering differing functionalities for network design, planning, and monitoringOne example is:http://www.softpedia.com/get/Network-Tools/Network-Monitoring/NetStumbler.shtml Another toolhttp://www.metageek.net/products/inssider/Another is http://www.visiwave.com/index.php/ScrInfoProducts.html?sid=EyUcNeJxwlyKbI46
WLAN security intro
158
WLAN Security• Not so efficient compared with Ethernet security due to the nature of the
medium & the requirements of the users
• Security mechanisms– Service Set Identifiers (SSID)
• Used to name the network and provide initial authentication for each client
– Wired Equivalent Privacy (WEP)• Data encryption technique using shared keys and a pseudorandom number as an
initialization vector
• 64-bit key level encryption BUT several vendors support 128-bit key level
encryption
– Wi-Fi Protected Access (WPA(2)) –replaced WEP• WPA2 uses encryption device which encrypts the network with a 256 bit key
– Also a VPN could operate on top of the WLAN providing increased
security
159
WLAN Security• IEEE newer standards
– 802.11i (Advanced Encryption Standard – AES -
uses a symmetric block data encryption technique)
– 802.1X for port based Network Access Control
• provides an authentication mechanism to devices wishing
to attach to LAN/WLAN (governs Extensible Authentication
Protocol (EAP) encapsulation process that occurs between
clients, wireless APs, and authentication servers (RADIUS)
• EAP allows developers to pass authentication data between
RADIUS servers and wireless APs.
• has a number of variants, including: EAP MD5, EAP-TLS,
EAP-TTLS, LEAP, and PEAP
160
162
WLAN Security - WEP
Wired Equivalent Privacy (WEP) – Least secure - A network that is
secured with WEP has been cracked in 3 minutes by the FBI
Shared key encryption Stations use the same key for encryption. RC4 encryption algorithm Key: 40 bits or 128 bits
User Authentication Not specified in 802.11. 802.1X VPN
163
WEP Operation
Frame Header
IV Header
Frame Body
ICV Trailer
FCS
40-bit WEP Key
24-bit IV
64-bit RC4
RC4 Algorithm
RC4 Key Stream
IV: initialization vector ICV: integrity check value
24-bit IVIntegrity
check
4 bytes 4 bytes
randomly generated
164
WEP Key Distribution Issue
Key is manually set in the driver. The key cannot be protected from local
users. When a user leaves the organization,
technically you must change the key information on all stations. What if a station is stolen?
For a large organization, there is a need to publish the key which is a security problem.
165
WEP Design Issue
Weakness in the Key Scheduling Algorithm: “http://www.crypto.com/papers/others/rc4_ksaproc.pdf
A weakness of RC4 in generating the keystream.
Hacker attack: using weak IV to attack a particular byte of the secret portion of the RC4 key.
The time to attack is a linear algorithm to the key length.
This is a complete break for WEP.
166
WPA(2)- Wi-Fi Protected Access WPA intermediate measure to replace WEP pending availability of full
IEEE 802.11i standard. requires firmware upgrades on wireless NICs and APs. implements much of IEEE 802.11i standard--adopts Temporal Key
Integrity Protocol (TKIP) TKIP employs per-packet key; dynamically generates new 128-bit key for each
packet - prevents types of attacks that compromised WEP WEP used a 40-bit or 128-bit encryption key manually entered on wireless APs and
devices and does not change.
includes message integrity check to prevent an attacker from capturing, altering and/or resending data packets.
WPA2 replaced WPA. implements mandatory elements of IEEE 802.11i-- CCMP, AES based encryption
mode requires testing and certification by Wi-Fi Alliance
167
Solutions to Security Issue
Non-standard solutions Layer 3 – VPN Layer 4 – IP Address Control and Firewall Layer 7 –Proxy
Standard solutions 802.11i (including 802.1X) 802.1X (including EAP)
Extensible Authentication Protocol (EAP)
168
VPN for WLAN (Layer3)
LAN
Wireless LAN
LAN
VPN Tunnel
IP
Ethernet
VPN Gateway
RADIUS server
Layer 2 tunnel over a layer 3 protocol
IP
169
Router/Firewall (Layer4)
LAN
Security Server Internet
1. Standard WLAN and DHCP procedure for a temp IP to the wireless station.
2. The temp IP address is used for authentication only. All other traffic is blocked by the router.
3. After user authentication, the station is given an official IP address which can go through the router.
4. May also register the MAC address to reduce the risk of hacker attack.
temp IP
official IP
authentication
170
Proxy/Gateway (Layer-7)
LAN
Proxy Gateway
Security Server
Internet
1. Standard WLAN and DHCP procedure for an IP address to the wireless station.
2. User types any URL and the request is routed to the security server web page. • All other traffic is blocked.
3. After entering account info or credit card, the user is authenticated.
4. The gateway authorizes the traffic from the authenticated station.
171
WLAN New Security Standards 802.1X and 802.11i
172
Extensible Authentication Protocol (EAP)
EAP is an IETF standard (RFC 2284) and adopted by IEEE as the basis for 802.1X. It is called the port based network access control. (also know as post-based authentication protocol)
EAP supports both wired and wireless authentication.
MD5 TLS TTLS LEAP
EAP
PPP 802.3 802.11
PEAP
802.5
TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP
173
EAP Authentication Methods
MD5 (Message Digest 5) - Username/Password. This is similar to MS_CHAP.
TLS (Transport Layer Security) - PKI (certificates), strong authentication
TTLS (Tunnel TLS) - Username/Password LEAP - Cisco proprietary lightweight EAP.
It is to be phased out in favor of PEAP. PEAP – Protected EAP.
174
EAP data is first encapsulated in EAPOL frames between the Supplicant and Authenticator, then re-encapsulated between Authenticator and Authentication server using RADIUS or Diameter.
802.1X
802.1X authentication involves three parties: a supplicant (client device) , an authenticator (Ethernet switch or wireless AP), and an authentication server typically a host running software supporting the RADIUS and EAP protocols.
175
802.1X Port-Based Network Access Control
Authentication Server
(RADIUS)Authenticator
Supplicant
EAP Request/Identify
EAP Response/Identify
EAP over LAN
EAP over RADIUS
Challenge (auth request)
Response to the challengesuccess
Authenticator may set restrictions on the access.
Association
176
New Product: Wireless Switch
RADIUSAuthenticator
(Wireless Switch)
Supplicant
What is the issue? It is not cost effective to implement 802.1X on all Access points. It is also a management issue.
If a switch supports 802.1X, could it perform the same function?
177
802.11i Security Management
Authentication Server
(RADIUS)AuthenticatorSupplicant
EAP over LAN
EAP over RADIUS
Security discovery capability
802.1X Authentication
Key Management Key Distribution
Data Protection
encryption
178
802.11i Data Protection (encryption)
Need to replace or improve WEP Wi-Fi Protected Access (WPA) and WPA2
This is included in 802.11i. WPA uses TKIP for encryption.
Temporal Key Integrity Protocol (TKIP) A wrapper around WEP Use MAC address to create unique key for each
station. Change temporal key every 10,000 packets It is interoperable with WEP-only device
Advanced Encryption Standard (AES) This is to completely replace WEP.
802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher
179
Windows 7 Wireless Adaptor card options
Security Type: WPA(2)shared802.XopenCCKM
Encryption Type: TKIP, AES, WEPNetwork security key: ….
Network Authentication: (P)EAP(L)EAP -FAST -SIM –TTLS
-AKA
WLAN enhancements
180
181
802.11b 802.11a 802.11g
Link Rate (max)
11M bps 54M bps 54M bps
UDP 7.1M bps 30.5M bps
30.5M bps
TCP 5.9M bps 24.4M bps
24.4M bps
WLAN Performance
Ref. “WLAN Testing with IXIA IxChariot,” IXIA White Paper
The test was conducted in a lab environment, and the distance is expected to be less than 10m.
WLAN enhancements• See paper WLAN enhancements
182
Performance enhancement of WLANsMethods for improving WLANs performance employ:
• Enhanced hardware in the Physical Layer to achieve better physical (PHY) layer parameters, such as shorter Slot Time and shorter Short Inter-Frame Space (SIFS).• Better tuning of WLAN parameters, such as Fragmentation Threshold and RTS Threshold [2].• Adaptive (rather than basic) back-off algorithms in the MAC layer].• Proxy approaches in the link-layer, such as snoop protocol.• Split-connection approaches, such as I-TCP or M-TCP
IEEE 802.11 – enhancements
• IEEE 802.11e– MAC enhancements for providing some QoS
• No QoS in the DCF operation mode• Some QoS guarantees can be given only via polling using PCF• For applications such as audio, video, or media stream, distribution
service classes have to be provided– For this reason, MAC layer must be enhanced
183
WLAN new technologies
184
802.11ac
Based on Xirrus http://wifi.xirrus.com/abcs-11ac?elq=502ceecd98ba417d93b3514b0bb15391&elqCampaignId=29