Wireless LAN

Contents
IEEE 802.11 WLAN
Introduction MAC 802.11e MAC enhancements Roaming Physical layer

IEEE 802.11 WLAN Standards Family

IEEE 802.11 MAC

Mac OSI Layer 2 (Data Link)

802.11 FHSS

802.11 DSSS

802.11a OFDM

802.11b HR/DSSS

PHY OSI Layer 1 (Physical)

802.11 Physical Layer

Family of IEEE 802.11 standards:
unlicensed frequency spectrum: 900Mhz, 2.4Ghz, 5.1Ghz, 5.7Ghz

300 MHz

5.15-5.35 GHz 5.725-5.825 GHz

and 802.11b/g

802.11a

The IEEE 802.11 Releases

Protocol Release Data Legacy 802.11a 802.11b 802.11g 802.11n 1997 1999 1999 2003 2008 Freq. 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz 2.4/5 GHz Rate (typical) 1 Mbps 25 Mbps 6.5 Mbps 25 Mbps Rate (max) 2Mbps ? 54 Mbps 11 Mbps 54 Mbps ~30 m ~30 m ~30 m ~50 m Range (indoor)

200 Mbps 540 Mbps

802.11: Terminology
802.11 LAN 802.x LAN

Architecture similar to cellular:

networks station (STA)
terminal with access mechanisms to the wireless medium and radio contact to the access point

STA1

BSS1 Access Point Portal

access point (AP)

station integrated into the wireless LAN and the distribution system

Distribution System ESS BSS2 Access Point

basic service set (BSS)

group of stations using the same AP

portal
bridge to other (wired) networks

distribution system
interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS 6

STA2

802.11 LAN

STA3

WLAN Topology Ad-Hoc Network

WLAN Topology Infrastructure

DS (Distribution System) Services

Association
Each station must initially invoke the association service with an AP before it can send information through the DS

Disassociation
Association termination notice from station or AP

Re-association
Initiated by a mobile station Enables a station to change its current state of association Allowing station to move from one BSS to another within an ESS

Re-Association

DS Services (cont.)
Distribution
Delivery of MAC frames from station in one BSS to station in another BSS

Integration
Delivery of MAC frames through a portal between a DS and non IEEE 802.11 LAN (the integration function performs all required media or address space translations)

IEEE 802.11 Medium Access Control

MAC layer covers three functional areas:
Accessing the wireless medium Joining a network Authentication and Privacy

Accessing the Wireless Medium

Distributed Coordination Function (DCF)
Distributed access protocol Contention-Based CSMA/CA (CSMA with Collision Avoidance) Suited for ad hoc network Mandatory

Point Coordination Function (PCF)

Centralized access protocol Contention-Free Priority based access Suited for time bound services like RT multimedia Optional (Alternative access method on top of DCF)

Carrier Sense Mechanisms

Both physical and virtual carrier sense Virtual carrier sense
The Duration field of MACs frames announces a stations impending use of the medium The MAC coordination place the Duration information in the stations NAV (network allocation vector) if the value is greater than the current NAV The NAV operates like timer (counting down to 0)

Physical carrier sense

Once the NAV=0, the station can transmit if the PHY coordination indicated a clear channel

DCF MAC Flowchart

Wait to receive a frame NO

NAV=0 ? YES Sense the medium

Medium idle ? YES Transmit frame

NO

Random backoff time

YES Collision ? NO Frame transmission successful

Error Recovery Mechanisms

Bit errors due to transmission impairments such as interference and collisions ARQ
Retransmission of frames after a period of time if no ACK is received from the destination # of retrans. for short frames: aShortRetryLimit # of retrans. for long frames: aLongRetryLimit The values are MIB attributes

4 frame exchange for enhanced reliability

Source issues request to send (RTS) Destination responds with clear to send (CTS) Source transmits data Destination responds with ACK

Interframe Space (IFS)

The spacing intervals defer a stations access to the medium and provides various level of priorities Each interval defines the time between the end of the last symbol of the previous frame to the beginning of the first symbol of the next frame SIFS - Short Inter Frame Spacing
Highest priority for ACK, CTS, subsequent MAC SDU of a fragment burst

PIFS - Point Inter Frame Spacing

Used by centralized controller in PCF scheme

DIFS - Distributed Inter Frame Spacing

Used for ordinary data & management frames

DIFS > PIFS > SIFS

RTS-CTS-DATA-ACK

DIFS: Distributed IFS RTS: Request To Send SIFS: Short IFS CTS: Clear To Send ACK: Acknowledgement NAV: Network Allocation Vector DCF: Distributed Coordination Function

RTS/CTS
A duration field in the RTS frame is the:
time needed to transmit the frame + 1 CTS time + 1 ACK time + 3 SIFS intervals

After receiving RTS the station ACK with CTS A duration field in the CTS frame is the:
Duration field in the RTS The CTS time and its SIFS interval

A station can be configured to send RTS:

Always Never Only on frames longer than a specified length

RTS/CTS over-perform basic access when:

The network utilization is high and the frame is long (multi-fragments) There is a high probability of hidden stations

Using RTS/CTS

To guard against collisions based on hidden nodes and high utilization:

B should send an RTS frame to the AP, requesting service for a certain amount of time If the AP approves, it will broadcast a CTS frame As a result all stations will not attempt to access the medium for the specified amount of time
AP The barrier between A and B causes a collision when A attempts to access the medium while B is transmitting a frame to the AP Station A Barrier Station B

Fragmentation
Frames over a specified size (fragmentation threshold) should be divided into multiple transmissions
Shorter frames reduce the likelihood of interference The frame header contains a sequence control field that show the order of the fragments

The fragment transmissions are separated by SIFS interval

Each fragment has its own CRC Ack is transmitted for each fragment

If an error occurs on a fragment subsequent fragments are not transmitted The back-off rules apply to fragmented frame Broadcast & multicast frames are not fragmented

Point Coordination Function (PCF)

A Point Coordinator (PC) resides in the AP to control the transmission of frames from stations If the medium is idle after PIFS interval, the PC can send a beacon frame that include the CFPE (Contention Free Parameter Element) When stations receive the beacon, they update their NAV with the length of the CF period (found in the CFPE) A risk of collisions exists when overlapping PCs are present on the same PHY
The PC utilizes a random backoff time if it experiences a busy medium when attempting to transmit the initial beacon

PCF (cont.)
After sending a beacon & waiting SIFS interval, the PC can transmit:
Data Frame - if the PC doesnt receive an ACK frame from the recipient, the PC can retransmit the UnACK frame CF Poll frame granting a particular station permission to transmit a single frame Data+CF Poll frame data frame + polling the same station (piggybacking) CF End frame identifying the end of the CF period: - the CF period expired - the PC has no further frames to transmit and no station to poll

Power Management
Enables stations to go into Sleep mode to conserve power
Supported with the use of AP Not available when implementing ad hoc network

Power management implementation :

The AP will maintain a record of the stations currently working in Sleep mode (by monitoring the power management bit in the MAC header) The AP will buffer packets addressed for stations in Sleep mode (the Traffic Indication Map indicate which stations have buffered frames) When a station wakes from a sleep mode, it transmits a PS-Poll frame to the AP to retrieve the buffered frames

Station Synchronization
The AP periodically transmit beacon frames:
The beacon frames contains physical layer information such as the frequency hopping pattern and the APs clock value (Timing Synchronization Function) Each station updates its clock accordingly (so the station knows when to wake up to receive beacons if in Sleep mode)

If the network is independent BSS (no AP), all stations periodically send beacons for synchronization

Joining a Network
Discovery phase: passive or active scanning Passive scanning
A station listen to each channel for a specific period of time (typical time: 10 sec) to detect beacon frames The station can negotiate a connection by proceeding with authentication and association processes

Active scanning
The station sends a Probe frame indicating the identifiers of the network that the station wants to join The station wait for a Probe response that identifies the presence of the desired network

Joining a Network (cont.)

Some vendors enable to setup each radio card so that it associates with a preferred AP even if its signal is lower than the signals from other APs
May be useful if theres a need to regulate the traffic through a particular AP

The station can also broadcasts probes causes all networks within reach to respond
With independent BSS (no AP), the station that generated the last beacon frame will respond

WLAN Load Balancing

Hub
Load Balancing: Station can maintain a table of all APs it can hear

Beacon

Beacon

Beacon
Beacons can carry AP load information to help the Station determine if it should roam to a less loaded AP

Two types of authentication:

802.11 Authentication & Privacy

Open system authentication (default) simply announces the desire to associate Shared key authentication (optional) provides a higher degree of security (based on WEP), ensuring that the requesting station is authentic

Optional private frame transmission based on WEP (wired equivalent privacy)

Symmetric encryption

Authentication

Private Frame Transmission

1. 2. 3. The sending station generates 32 bits ICV (integrity check value) that is sent with the frame (to guard against unauthorized data modification) The WEP process inputs the shared encryption key into a PRNG to create a key sequence with length = plaintext

+ ICV

WEP creates ciphertext by: (plaintext + ICV )key sequence 4. The receiving station WEP process deciphers the ciphertext using the shared key that generates the same key sequence used initially to encrypt the frame 5. The station calculates the ICV and ensures that it matches the frames ICV (if not a failure indication is sent) NOTE: only the shared key must be available to each station

WEP Encryption/Decryption

PRNG: pseudo-random number generator

MAC Frame Format

2
Frame Control

6 Addr 2

6 Addr 3

2
Sequence Control

6 Addr 4

Variable Frame Body

4 CRC

Duration Addr 1 ID

802.11 MAC Header

Bits: 2

Protocol Version

Type SubType

To

From More Pwr Retry Frag Mgt DS DS

More WEP Order Data

Frame Control Field

Frame Control Field: Type

Data Frames Control Frames
RTS,CTS,ACK, CF End and Power-Save POLL

Management Frames
Authentication and De-Authentication Association, Re-Association, and Disassociation Beacon and Probe frames ATIM (announcement traffic indication message) sent by AP (during the ATIM windows which follows a beacon transmission) with buffered frames for another stations to alert them to stay awake long enough to receive their respective frames. The Subtype field defines the function of the frame

Frame Control Field (cont.)

To DS 1 if destined for the DS From DS 1 if leaving the DS More frag 1 if another fragment of the same MAC SDU follows Retry 1 if it is a frame retransmission Power management 1 if the sending station will be in a power save (sleep) mode after the current frame exchange sequence (A receiving station can use this information to adjust transmission to avoid waking up sleeping stations) More data 1 if the sending station has additional MAC SDU WEP - 1 if the data bits have been encrypted Order - 1 indicates that frames must be processed in order

Addresses
The Address fields contains different types of addresses, depending on the type of the frame being sent 802.11 makes use of the same 48-bit MAC address that is compliant to the entire 802 LAN family 802.11 defines the following address types:
Destination address the final address of the MSDU Source address the address of the MSDU initiator Receiver address the address of the AP that is to receive the frame next Transmitter address the address of the AP sending the frame (used only in wireless bridging)

Multicast and broadcast addresses are also supported

Address Fields: Data frames

Function IBSS From AP To AP Wireless DS To DS 0 0 1 1 From DS 0 1 0 1 Address 1 (rcvr) DA DA BSSID RA Address 2 (tr ) SA BSSID SA TA Address 3 BSSID SA DA DA Address 4 N/A N/A N/A SA

DA: Destination Address SA: Source Address TA: Transmitter Address RA: Receiver Address BSSID: basic service set identifier, also known as network ID is the AP address

Address Fields: Examples

RA(BSSID)
A to B From A to the DS: AP B to A From AP to A:

TA(BSSID)
AP

Station A

Station B DS

SA/TA

DA

Station A

Station B DS

RA/DA

SA

Example: To AP

Example: From AP

A to B From AP to AP: AP Station A 802.11 AP

TA

RA
Station B DS

SA DA

Example: Wireless distribution system

802.11 MAC Header (cont.)

Sequence control
The leftmost 4 bits are the Fragment Number The next 12 bits are the Sequence Number Filtering duplicate frames by monitoring the sequence and fragment numbers The destination send ACK even if the frame is discarded due to duplicate filtering

Frame body
Variable length payload The receiving station will determine the frame length from a field within the Physical layer header

Limiting Multicast Traffic

A DTIM (delivery traffic indication message) determines how often the MAC layer forwards multicast traffic:
The parameter is necessary to accommodate stations using Power Save mode The DTIM can be set via the AP The DTIM timer is always a multiple of the TIM timer If DTIM=2, the AP will save all multicast frames for the BSS and forward them after every second beacon Tradeoff between power and delay

IEEE 802.11e MAC Enhancements

IEEE 802.11e
Improvements to the original 802.11 MAC to support QoS Two new modes of operation
EDCF Enhanced Distributed Coordination Function HCF Hybrid Coordination Function

Both EDCF and HCF support 8 priority levels

EDCF
EDCF is a per-class basis DCF MAC Each traffic class can access the medium after detecting that the channel is idle for an AIFS (arbitration interframe space)
AIFS DIFS AIFS can be chosen individually for each traffic class

The min & max CW (collision window) can be selected on a per-traffic-class basis When a collision is detected, the value of CW is increased by a per-traffic-class factor
A value of 1 gives a CW that stay constant A value of 2 (default) gives a binary exponential backoff (identical to DCF)

EDCF cont.
Within a station, the 8 classes have independent transmission queues Virtual collision
Virtual collision if the back-off counter of multiple classes in a single station reaches 0 in the same time The transmit opportunity is given to the class with the highest priority Others back off as if a collision on the medium occurred

The QoS parameters, which are provided on a per-traffic-class basis, can be adapted over time

HCF
Extension of the PCF polling
A QoS CF-Poll is used to give a particular station the opportunity to transmit

A QoS control field has been added to the MAC frame

Enables stations to send queue length per traffic class to the HC Per station/per-traffic-class queue length data are collected to reflect the current snapshot of the IBSS

When a station is polled, the HC doesnt specify a particular traffic class

Leaving the decision to the station The station scheduling algorithm can be very different from the HC scheduling algorithm

Additional Improvements of the Legacy 802.11 MAC

802.11e station that obtain medium access has a limited time to use the radio resources (transmission opportunity)
Block Acknowledgement a station can optionally deliver number of frames (block) during one transmission opportunity. The Ack will be sent at the end of the block

A frame exchange is initiated only if it can be completed before the upcoming beacon 802.11e station is allowed to transmit frame directly to another station
802.11e station needs to establish a direct link with another 802.11e station using the Direct Link Protocol before initiating direct frame transmissions

Roaming

Roaming Protocols
Roaming enables wireless users to move from cell to cell (in ESS) seamlessly The original 802.11 doesnt provide specifications for roaming
It is up to the radio LAN vendors This forces users to standardize one particular vendor for APs

Through collaboration of companies led by Lucent, the IAPP specification provides a common roaming protocol

Inter-Access Point Protocol (IAPP)

Based on DS interfaces of APs IAPP operates between APs using TCP/IP and UDP/IP Interoperability tests show that IAPP works with a variety of APs
IEEE 802.11f

WECA (Wireless Ethernet Compatibility Alliance) includes interoperable roaming as a requirement to receiving Wi-Fi certification

IAPP (cont.)
IAPP defines 2 basic protocols:
Announce protocol Handover protocol

Announce protocol
Informs other APs about a new active AP Informs other APs of network-wide configuration information

Handover protocol
Informs an AP that one of its station has reassociated with a different AP The old AP forwards buffered frames for the station to the new AP The new AP updates filter tables to ensure that the bridging will forward frames appropriately

IEEE 802.11 Physical Layer

Physical Layer Architecture

The physical layer is divides into 2 sublayers
PLCP Physical Layer Convergence Protocol PMD Physical Medium Dependent

PLCP is the glue between the MAC and the radio transmission
The PLCP adds its own header The header includes preamble for sychronization and signal information (e.g., data rate, length of MAC frame)

PMD is responsible for transmitting any bit it receives from the PLCP into the air using the antenna

Where Does WLAN Fit?

FM Broadcast Short Wave Radio AM Broadcast Audio Television Cellular NPCS (1.9GHz) Infrared Wireless LAN

Extremely Very Low Medium High Very Ultra Super Low Low High High High

Infrared Visible UltraLight Violet

X-Rays

902-928 MHz 26 MHz

2.4-2.4835 GHz 83.5 MHz IEEE 802.11(b)

ISM (Industrial Scientific Medical) Current Product

5 GHz IEEE 802.11(a) Hiperlan1 Hiperlan2

NG WLAN Technology

Older WLAN Product

802.11 divides the ISM band into a series of 1MHz channels

Physical Media Defined by Original 802.11 Standard

Frequency-hopping spread spectrum
Operating in 2.4 GHz ISM band Low cost, power consumption Most tolerant to signal interference

Direct-sequence spread spectrum

Operating in 2.4 GHz ISM band High potential data rates Larger range than FH or IR physical layers

Infrared
Lowest cost Lowest range compared to spread spectrum Doesnt penetrate walls, so no eavesdropping

SS Modulation Schemes
DSSS Direct Spectrum FHSS Frequency Hopping
Hop Dwell Time Channel size
Frequency

5 t 1
Time

Power

4 3 2

Signal After Spreading

Signal Before Spreading

OFDM Orthogonal Frequency Division Multiplexing Available Bandwidth Multiple Carriers (Tones)

Frequency

Amplitude Frequency

IEEE 802.11(a,b,g)
802.11b High Rate DSSS
Operates in 2.4 GHz band Provides data rates of 5.5 and 11 Mbps

802.11g is an extension of the 802.11b

Operates in 2.4 GHZ band Enables data rates of 54Mbps Backward compatible with 802.11b

802.11a OFDM Physical layer

Operates in 5 GHZ band Provides rates of 6, 9 , 12, 18, 24, 36, 48, 54 Mbps

Spread Spectrum
SS spreads a signals power over a wider band of frequencies
Gaining better SNR (process gain) Other transmission & electrical noise, typically narrow in bandwidth, will interfere with only a small portion of the SS signal

SS commonly use 2 methods to spread the signal:

Frequency-hopping Direct Sequence

802.11 Frequency Hopping SS

Hoping the carrier frequency between 2.402GHz to 2.479GHz (FCC and ETSI)
France: 2.448GHZ-2.482GHZ

FCC regulations:
75 or more hopping channels in the band Hopping channels can be no wider than 1MHZ Maximum dwell time: 400ms

If the radio encounter interference on one frequency, it will retransmit the signal on a subsequent hop on another frequency A set of hopping codes that never uses the same frequencies at the same time is considered Orthogonal multiple networks could coexist

802.11 FHSS cont.

Beacon frames on FH networks includes FH Parameter Set element
By receiving a Beacon frame, a station knows everything it needs to synchronize its hopping pattern

The FH PHY uses GFSK:

Frequency shift keying encodes data as a series of frequency changes in a carrier Noise usually changes the amplitude of a signal The basic implementation is 2-level GFSK: in 1MHZ bandwidth 1M symbols are transmitted per second which results in 1Mbps The more sophisticated implementation is 4-level GFSK (2 bits per symbol) in 1MHZ bandwidth 1M symbols are transmitted per second which results in 2Mbps

802.11 FHSS PHY cont.

SIFS time: 28s
The SIFS is used to derive the value of DIFS, PIFS and EIFS

Contention windows size: 15-1023 slots

Each slot time is 50s

Maximum MAC frame: 4095 Bytes

ERROR: syntaxerror OFFENDING COMMAND: --nostringval-STACK: