1 Tecnologie e Protocolli per Internet 1 Prof. Stefano Salsano e-mail: [email protected]AA2011/12 – Blocco 3 2 Introduction to 802.11 Wireless LANs Introduction to 802.11 Wireless LANs Quote from Matthew Gast - 802.11® Wireless Networks The Definitive Guide – apr. 2005, 2nd edition At this point, there is no way to prevent the spread of Wi-Fi. In the years since the first edition of [his] book, wireless networking has gone from an interesting toy to a must-have technology. […] [Wireless networking] seems poised to continue its march towards the standard method of network connection, replacing "Where's the network jack?" with "Do you have Wi-Fi?" as the question to ask about network access.
40
Embed
Introduction to 802.11 Wireless LANs · Introduction to 802.11 Wireless LANs ... / ID Address 1 Address 2 Address 3 Sequence Control Address 4 Data Frame check sequence 2 2 6 6 6
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
» IBSS set up for a specificpurpose and for short time (e.g. meeting)
» That’s why they are alsocalled “ad hoc networks”
AP
Network infrastructure
BSS: group of stations that can communicate with each other
20
Frame Forwarding in a BSSFrame Forwarding in a BSS
AP
Network infrastructure
BSS: AP = relay functionNo direct communication allowed!
IBSS: direct communicationbetween all pairs of STAs
21
Why AP = relay function?Why AP = relay function?
• Management:» Mobile stations do NOT neet to maintain neighbohr relationship with other
MS in the area
» But only need to make sure they remain properly associated to the AP
» Association = get connected to (equivalent to plug-in a wire to a bridge ☺☺☺☺)
• Power Saving:» APs may assist MS in their power saving functions
» by buffering frames dedicated to a (sleeping) MS when it is in PS mode
• Security:» AP may manage security and authenticate users
• Obvious disadvantage: use channel bandwidth twice…
22
Addressing in IBSS (ad hoc)Addressing in IBSS (ad hoc)
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
SA
Address 3
BSSID
Sequence
ControlData FCS
SA = Source AddressDA = Destination Address
BSSID = Basic Service Set IDentifierused for filtering frames at reception (does the frame belong to OUR cell?)format: 6 bytes random MAC address with Universal/Local bit set to 1
SA
DA
23
Addressing in a BSS?Addressing in a BSS?
X
AP
DA
SA
24
Addressing in a BSS!Addressing in a BSS!
AP
Distribution system
Frame must carry following info:1) Destined to DA2) But through the APWhat is the most general addressing structure?
DASA
25
Addressing in a BSS (to AP)Addressing in a BSS (to AP)
Frame
Control
Duration
/ ID
Address 1
BSSID
Address 2
SA
Address 3
DA
Sequence
ControlData FCS
AP
Distribution system
DASA
BSSID
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 0
Address 2 = wireless TxAddress 1 = wireless Rx
Address 3 = dest
BSSID = AP MAC address
26
Addressing in a BSS (from AP)Addressing in a BSS (from AP)
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
BSSID
Address 3
SA
Sequence
ControlData FCS
AP
Distribution system
DASA
BSSID
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1
Address 2 = wireless TxAddress 1 = wireless Rx
Address 3 = src
27
From AP: do we really need 3 addresses?From AP: do we really need 3 addresses?
AP
Distribution system
DASA
BSSID
DA correctly receives frame, and send 802.11 ACK to … BSSID (wireless transmitted)
DA correctly receives frame, and send higher level ACK to … SA (actual transmitter)
28
ESS - Extended Service SetESS - Extended Service Set
AP1
AP2 AP3 AP4
BSS1
BSS2 BSS3 BSS4
ESS: created by merging different BSS through a network infrastructure(possibly overlapping BSS – to offer a continuous coverage area)
Stations within ESS MAY communicate each other via Layer 2 proceduresAPs acting as bridgesMUST be on a same LAN or switched LAN or VLAN (no routers in between)
29
Service Set IDentifier (SSID)Service Set IDentifier (SSID)
• name of the WLAN network » Plain text (ascii), up to 32 char
• Assigned by the network administrator
» All BSS in a same ESS have same SSID
• Typically (but not necessarily) istransmitted in periodic management frames (beacon)
» Disabling SSID transmission = a (poor!) security mechanism
» Typical: 1 broadcast beacon every 100 ms (configurable by sysadm)
» Beacon may transmit a LOT of other info (see example – a simple one!)
IEEE 802.11 wireless LAN management frame
Fixed parameters (12 bytes)
Timestamp: 0x00000109EAB69185
Beacon Interval: 0,102400 [Seconds]
Capability Information: 0x0015
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... .... .... 01.. = CFP participation capabilities: Point coordinator at
AP for delivery and polling (0x0001)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..0. .... = Short Preamble: Short preamble not allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... .0.. .... .... = Short Slot Time: Short slot time not in use
..0. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation not allowed
Tagged parameters
Tag Number: 0 (SSID parameter set)
Tag length: 4
Tag interpretation: WLAN
Tag Number: 1 (Supported Rates)
Tag length: 4
Tag interpretation: Supported rates: 1,0(B) 2,0(B) 5,5 11,0 [Mbit/sec]
Tag Number: 6 (IBSS Parameter set)
Tag length: 1
Tag interpretation: ATIM window 0x2
Tag Number: 5 ((TIM) Traffic Indication Map)
Tag length: 4
Tag interpretation: DTIM count 0, DTIM period 1,
Bitmap control 0x0, (Bitmap suppressed)
30
The concept of Distribution SystemThe concept of Distribution System
“Logical” architecture componentProvides a “service”
DSS = Distribution System Service
Standard does NOT say how it is implemented
Specified only which functions it provides
Association
Disassociation
Reassociation
Integration
Distribution
Association/disassociationRegistration/de-registration of a STA to an APEquivalent to “plugging/unplugging the wire” to a switchDS uses this information to determine which AP send
frames to
Reassociationi.e. handling STA mobility in a same ESS!
DistributionAn AP receives a frame on its air interface (e.g. STA 2)It gives the message to the distribution service (DSS) of the
DSThe DSS has the duty to deliver the frame to the proper
destination (AP)
IntegrationMust allow the connection to non 802.11 LANs
Though, in practice, non 802.11 LANs are Ethernet and no “real portals” are deployed
31
DS, againDS, again
AP1 AP2 AP3
Association
IAPP/proprietary IAPP/proprietary
Distribution system (physical connectivity + logical service support)
MSs in a same ESS need to1) communicate each other2) move through the ESS
Typical implementation (media)Switched Ethernet BackboneBut alternative “Distribution Medium” are
possibleE.g. Wireless Distribution System (WDS)
Implementation dutiesan AP must inform other APs of associated
MSs MAC addresses
StandardizationFrom 1997: tentative to standardize an IAPPFinalized as “working practice standard” in 802.11F
(june 2003)Nobody cared!
Plenty of proprietary solutionsMust use APs from same vendor in whole ESS
Current trends (2004+):Centralized solutions (see Aruba, Cisco, Colubris)
Include centralized management, too!Current attempt: convergence to CAPWAP?
32
Addressing in an ESSAddressing in an ESS
AP
Distribution System
DA
SA
BSSID#1
Frame
Control
Duration
/ ID
Address 1
BSSID#1
Address 2
SA
Address 3
DA
Sequence
ControlData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 0
AP
DA
idea: DS will be able to forward frame to dest(either if fixed or wireless MAC)
Same approach! Works in general, even if DA in different BSS
33
Addressing in an ESSAddressing in an ESS
Same approach! Works in general, even if DA in different BSS
AP
Distribution System
DASA
BSSID#2
AP
DA
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
BSSID#2
Address 3
SA
Sequence
ControlData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1
34
Wireless Distribution SystemWireless Distribution System
AP1 AP2 AP3
DS medium:- not necessarily an ethernet backbone!- could be the 802.11 technology itself
Resulting AP = wireless bridge
35
Addressing within a WDSAddressing within a WDS
AP
Wireless Distribution System
SA
TA
AP
DA
Frame
Control
Duration
/ ID
Address 1
RA
Address 2
TA
Address 3
DA
Sequence
Control
Address 4
SAData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 1
RA
Address 4: initially forgotten? ☺
36
Addressing: summaryAddressing: summary
Wireless DS
To AP
From AP
IBSS
Function
SADATARA11
N/ADASARA = BSSID01
N/ASABSSIDRA = DA10
N/ABSSIDSARA = DA00
Address 4Address 3Address 2Address 1From DSTo DS
Receiver Transmitter
BSS Identifier (BSSID)unique identifier for a particular BSS. In an infrastructure BSSID it is the MAC address of the AP.
In IBSS, it is random and locally administered by the starting station. (uniqueness)
Transmitter Address (TA)MAC address of the station that transmit the frame to the wireless medium. Always an individual
address.
Receiver Address (RA)to which the frame is sent over wireless medium. Individual or Group.
Source Address (SA) MAC address of the station who originated the frame. Always individual address. May not match TA because of the indirection performed by DS of an IEEE 802.11 WLAN. SA field
is considered by higher layers.
Destination Address (DA)Final destination . Individual or Group. May not match RA because of the indirection.
37
802.11 MACCSMA/CA Distributed Coordination
Function
Carrier Sense Multiple AccessCarrier Sense Multiple Access
With Collision AvoidanceWith Collision Avoidance
38
Wireless Medium UnreliabilityWireless Medium Unreliability
PHY errors CANNOT be reduced through automatic rate fallback mechanisms
An (apparent) paradox: 802.11b@11mbps outdoor outperforms 802.11g@6mbps !!!but it is NOT a paradox ☺☺☺☺ since most 802.11g errors are PHY (unrelated with rate)…
802.11b@11Mbps 802.11g@6Mbps
42
Must forget Collision Detection!Must forget Collision Detection!
• One single RF circuitry» Either TX or RX…
» Half-duplex
• Even if two simultaneous TX+RX: large difference (100+ dB!) in TX/RX signal power
» Impossible to receive while transmitting
» On a same channel, of course
• Collision detection at sender: meaningless in wireless!
» Ethernet = collision detection at sender
» Wireless = large difference in the interference power between sender & receiver!
» Collision OCCURS AT THE RECEIVER
STA
tx
rx
CA B
A detects a very low interference
(C is far)no “collision”
B detects a disructive interference(C is near)
collision occurs
43
Distributed Coordination Function Basics
Distributed Coordination Function Basics
44
802.11 MAC802.11 MAC
DISTRIBUTED COORDINATION FUNCTION
DCF(CSMA/CA)
POINT
COORDINATION FUNCTION
PCF(polling)
Intended forContention-Free
ServicesUsed for all other services,
and used as basis for PCF
PCF: baiscally never user / supported!!
45
802.11 MAC evolution(802.11e, finalized in december 2005)
802.11 MAC evolution(802.11e, finalized in december 2005)
DCF
PCF(polling)
Intended for
Contention-FreeServices
Used for service
differentiation(priorities)
All enhancements rely on DCF basic operation!
Dead ☺
HCF ControlledChannel Access
HCCA(scheduling)
Enhanced DistributedChannelAccess
EDCA(prioritized CSMA)
Legacy
HYBRID COORDINATION FUNCTION
HCF
46
Carrier Sense Multiple AccessCarrier Sense Multiple Access
• Station may transmit ONLY IF senses channel IDLE for a DIFS time» DIFS = Distributed Inter Frame Space
• Key idea: ACK replied after a SIFS < DIFS» SIFS = Short Inter Frame Space
• Other stations will NOT be able to access the channel during thehandshake
» Provides an atomic DATA-ACK transaction
DIFSDATA
SIFS ACK
TX
RX
Packetarrival
OTHER
STA
DIFS
Packetarrival
Must measure
a whole DIFS
OK!
47
DATA/ACK frame formatDATA/ACK frame format
Frame
Control
Duration
/ IDAddress 1 Address 2 Address 3
Sequence
ControlAddress 4 Data
Framecheck
sequence
2 2 2 40-23126666
Frame
Control
Duration
/ IDAddress (RA)
Framecheck
sequence
2 2 46
DATA frame: 28 (or 34) bytes + payload
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
ACK frame: 14 bytes – No need for TA address (the station receiving the ACK knows who’s this from)!!
• ACK frame: TX at basic rate» Typically 1 mbps but 2 mbps possible…
» ACK frame duration (1mbps): 304 µµµµs
Preamble SFD PLCP hdr
128 16 48
1 mbps DBPSK
192 µs
(28+payload) [bytes] x 8 / TX_rate [mbps] = µs
PHY ACK 14
192 µs
DATA
ACK
112 µs
49
And when an ACK is “hidden”?And when an ACK is “hidden”?
SENDER RECEIVERSTA
1)Sender TX
Receiver RX
STA defers
BUSY DETECT (DATA)
SENDER RECEIVERSTA
2)Receiver ACKs
(after SIFS)STA cannot hear…
SIFSACK
STASTA TX!DIFS
SENDER RECEIVERSTA
3)STA tranmits
And destroys ACK!
50
The Duration FieldThe Duration Field
Frame
Control
Duration
/ IDAddress 1 Address 2 Address 3
Sequence
ControlAddress 4 Data
Framecheck
sequence
2 2 2 40-23126666
0# microseconds
1514131211109876543210
When bit 15 = 1 � NOT used as duration(used by power-saving frames to specify station ID)
DIFSDATA
SIFS ACK
OTHER
STA
Physical carrier sensing
NAV (data)
• Allows “Virtual Carrier Sensing”» Other than physically sensing the channel, each station keeps a Network
Allocation Vector (NAV)» Continuously updates the NAV according to information read in the duration
field of other frames
Virtual carrier sensing
51
Issues with “duration” readingIssues with “duration” reading
RX
TXC
• “Duration” field in MAC header» Coded at same rate as payload» Must receive whole MAC frame correctly
11 Mbps tx
11 mbps
range5.5 mbps
range
2 mbps
range
1 mbps
range
• C cannot read TX frame» No way to know duration value
52
ACK may be hidden once again!ACK may be hidden once again!
RX
TXC
• C hidden from RX» Carrier sense remains IDLE during RX����TX ACK
» NAV could not be updated» May transmit after a DIFS» Destroying ACK!
ACK transm
Se si verifica la situazione mostrata nella slide precedente la stazione C non riuscirebbead allocare correttamente il NAV e la sua trasmissione si può sovrapporre all’ACK
53
EIFS = protect ACKEIFS = protect ACK
RX
TXC
• C cannot read data frame» CRC32 error» Most of PHY errors
11 Mbps tx
11 mbpsrange
5.5 mbps
range
2 mbpsrange
1 mbpsrange
• If planning to transmit:» No more after a DIFS» But after a LONGER interval of time
» Sufficiently long to protect ACK transmission
Quindi nel caso in cui la stazione C abbia un problema sulla ricezione di una trama, imposta un timer più lungo, chiamato EIFS prima di iniziare a trasmettere
54
EIFSEIFS
Data ACKNAV
SourcestationDestination stationOther stations receiving Data frame correctlyOther stationsreceiving Data frameincorectly
DIFSSIFS
EIFSBack- offBack- offBack- off
55
And when a terminal is “hidden”?And when a terminal is “hidden”?
RECEIVERSENDER STA
… this can be “solved” by increasing the sensitiveness of the Carrier Sense…Quite stupid, though (LOTS of side effects – out of the goals of this lecture)
SENDER STA
… this can’t be “solved”
by any means!
RECEIVER
• The Hidden Terminal Problem» SENDER and STA cannot hear each
other» SENDER transmits to RECEIVER» STA wants to send a frame
» Not necessarily to RECEIVER…» STA senses the channel IDLE
» Carrier Sense failure» Collision occurs at RECEIVER
• Destroys a possibly very long TX!!
56
DIFSDATA
SIFS ACK
TX
RX
Packetarrival
RTS
SIFS CTS SIFS
The RTS/CTS solutionThe RTS/CTS solution
TX
RX
hidden
others
RTS
NAV (RTS)
RTS/CTS: carry the amount of time the channel
will be BUSY. Other stations may update a
Network Allocation Vector, and defer TX
even if they sense the channel idle
(Virtual Carrier Sensing)
CTS CTS
NAV (CTS)
(Update NAV)
data
57
RTS/CTS framesRTS/CTS frames
Frame
Control
Duration
/ IDAddress (RA)
Framecheck
sequence
2 2 46
CTS frame: 14 bytes (same as ACK)
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1Type = Control (01)
SubType = CTS (1100)1 1 0 0
Frame
Control
Duration
/ IDAddress 1 (RA)
Framecheck
sequence
2 2 46
RTS frame: 20 bytes
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
Type = Control (01)SubType = RTS (1011)
Address 2 (TA)
6
0 0 0 0 0 0 0 00 x
0 1 1 0 1 10 0 0 0 0 0 0 00 x
58
RTS/CTS and performanceRTS/CTS and performance
RTS/CTS cons: larger overhead
RTS/CTS pros: reduced collision duration
ESPECIALLY FOR LONG PACKETSLong ���� packet > RTS_Threshold (configurable)
TODAY higher rates � No more significant
59
Why backoff?Why backoff?
DIFSDATA
SIFS ACK
STA1
STA2
STA3
DIFS
Collision!
RULE: when the channel is initially sensed BUSY, station defers transmission;
THEN,when channel sensed IDLE again for a DIFS, defer transmission of a
further random time (Collision Avoidance)
60
Slotted BackoffSlotted Backoff
STA2
STA3
DIFS
Extract random number
in range (0, W-1)
Decrement every slot-time σ
w=7
w=5
Note: slot times are not physically delimited on the channel!
Rather, they are logically identified by every STA
Slot-time values: 20µs for DSSS (wi-fi)Accounts for: 1) RX_TX turnaround time
2) busy detect time
3) propagation delay
In 802.11 DCF the backoff counter is decremented at the end of the time slot
61
Backoff freezingBackoff freezing
• When STA is in backoff stage:» It freezes the backoff counter as long as the channel is sensed
BUSY
» It restarts decrementing the backoff as the channel is sensed IDLE for a DIFS period
DIFS DATA
SIFS ACK
STATION 1
DIFS
SIFS ACK 6 5
DIFS
Frozen slot-time 4
BUSY medium
STATION 2
DIFS
3 2 1
62
Why backoff betweenconsecutive tx?
Why backoff betweenconsecutive tx?
• A listening station would never find a slot-time after the DIFS (necessary to decrement the backoff counter)
• Thus, it would remain stuck to the current backoff counter valueforever!!
DIFS DATA
SIFS ACK
S 1
DIFS
6 5
DIFS
Frozen slot-time 4
BUSY medium
S 2
DIFS
3
DATA
SIFS ACK
DIFS
BUSY medium DIFS
63
Backoff rulesBackoff rules
• First backoff value:» Extract a uniform random number in range (0,CWmin)
• If unsuccessful TX:» Extract a uniform random number in range (0,2×(CWmin+1)-1)
• If unsuccessful TX:» Extract a uniform random number in range (0,22×(CWmin+1)-1)
• Etc up to 2m×(CWmin+1)-1
Exponential Backoff!
For 802.11b:
CWmin = 31
CWmax = 1023 (m=5)
64
Further backoff rulesFurther backoff rules
• Truncated exponential backoff
» After a number of attempts, transmission fails and frame is dropped
» Backoff process for new frame restarts from CWmin
» Protects against cannel capture
» unlikely when stations are in visibility, but may occur in the case of hidden stations
• Two retry limits suggested:
» Short retry limit (4), apply to frames below a given threshold
» Long retry limit (7), apply to frames above given threshold
» (loose) rationale: short frames are most likely generated by real time stations
» Of course not true in general; e.g. what about 40 bytes TCP ACKs?
Il tutto, ricordiamocelo, nell'ipotesi di trascurare le collisioni !!!
77
Emerging “problem”: long-term fairness!
Emerging “problem”: long-term fairness!
If you have understood the previous example, you easilyrealize that 802.11 provides FAIR access to stations in terms of EQUAL NUMBER of transmissionopportunities in the long term!
But this is INDEPENDENT OF transmission speed!
STA1 STA2 STA1 STA1STA2 STA2
78
Computing answer 3Computing answer 3
STA (2mbps) SIFS
ACK
DIFS
Cycle time
STA 11 SIFS
ACK
DIFS
Frozen backoff
RESULT: SAME THROUGHPUT (in the long term)!!
!!!!!!39.1310)5030410(213036304
81500
]_[]2[]1[
81500
][
][]2[]1[
Mbps
backofftotEDIFSACKSIFSTDIFSACKSIFST
timecycleE
payloadEThrThr
MPDUMPDU
=+++++
×=
=++++++++
×=
===
DRAMATIC CONSEQUENCE: per-station throughput is limited by
STA with slowest rate (lower that the maximum throughputachievable by the slow station)!!
79
Performance anomaly into actionPerformance anomaly into action
Why the network is
soooo slow today? We’re so
Close, we have a 54 mbps and“excellent” channel, and we get