1
Reti di Accesso e di Trasporto(Reti di Accesso)
Ing. Stefano Salsanoe-mail: [email protected]
AA2009/10 – Blocco 7 (v4)
2
Introduction to 802.11 Wireless LANsIntroduction to 802.11 Wireless LANs
Quote from Matthew Gast - 802.11® Wireless Networks The Definitive Guide – apr. 2005, 2nd edition
At this point, there is no way to prevent the spread of Wi-Fi.
In the years since the first edition of [his] book, wireless networking has gone from an interesting toy to a must-have
technology.
[…]
[Wireless networking] seems poised to continue its march towards the standard method of network connection,
replacing "Where's the network jack?" with "Do you have Wi-Fi?" as the question to ask about network access.
3
WLAN historyWLAN history
• Original goal: » Deploy “wireless Ethernet”
» First generation proprietary solutions (end ’80, begin ’90):
» WaveLAN (AT&T)
» HomeRF (Proxim)
» Abandoned by major chip makers (e.g. Intel: dismissed HomeRF in april 2001)
• IEEE 802.11 Committee formed in 1990» Charter: specification of MAC and PHY for WLAN
» First standard: june 1997
» 1 and 2 Mbps operation
» Reference standard: september 1999
» Multiple Physical Layers
» Two operative Industrial, Scientific & Medical (ISM) shared unlicensed band � 2.4 GHz: Legacy; 802.11b/g
� 5 GHz: 802.11a
• 1999: Wireless Ethernet Compatibility Alliance (WECA) certification» Later on named Wi-Fi
» Boosted 802.11 deployment!!
4
WLAN data ratesWLAN data rates
• Legacy 802.11» Work started in 1990; standardized in 1997
» 1 mbps & 2 mbps
• The 1999 revolution: PHY layer impressive achievements» 802.11a: PHY for 5 GHz
» published in 1999
» Products available since early 2002
» 802.11b: higher rate PHY for 2.4 GHz
» Published in 1999
» Products available since 1999
» Interoperability tested (wifi)
• 2003: extend 802.11b» 802.11g: OFDM for 2.4 GHz – 54mbps
» Published in june 2003
» Backward compatibility with 802.11b Wi-Fi
• 2009: 802.11n
» Launched in september 2003
» Uses “MIMO” multipe input multiple output
» Up to 600 Mbps (with 4 antennas each side)
1, 2, 5.5, 11; 6, 9, 12, 18, 24, 36, 48, 54
2.4 GHzDSSS, HR-DSSS, OFDM
802.11g
6, 9, 12, 18, 24, 36, 48, 54
5.2, 5.5 GHz
OFDM802.11a
1, 2, 5.5, 11,
22, 33, 44
2.4 GHzDSSS, HR-DSSS, (PBCC)
"802.11b+" non-standard
1, 2, 5.5, 11
2.4 GHzDSSS, HR-DSSS
802.11b
1, 22.4 GHz, IR
FHSS, DSSS, IR
802.11 legacy
Data RatesMbps
Freq. Band
Transfer Method
Standard
5
Why multiple rates?“Adaptive” (?) coding/modulation
Why multiple rates?“Adaptive” (?) coding/modulation
Example: 802.11a case
6
PHY distance/rate tradeoffsPHY distance/rate tradeoffs
0.0
20.0
40.0
60.0
80.0
100.0
120.0
140.0
Dis
tan
ce
(m
)
54Mbps36Mbps24Mbps12Mbps6Mbps 11Mbps5.5Mbps1Mbps
2.4 GHz OFDM (.11g)
5 GHz OFDM (.11a)
2.4 GHz (.11b)
7
Coverage performance Cisco Aironet 350 Access Point
Coverage performance Cisco Aironet 350 Access Point
11 Mb/s DSSfrom ~30 to ~45 mt
5.5 Mb/s DSSfrom ~45 to ~76 mt
2 Mb/s DSSfrom ~76 to ~107 mt
Configurable TX power:50, 30, 20, 5, 1 mW(100 mW outside Europe)
Greater TX power, faster battery consumptions!
Question: how to select transmission rate?
(STA does not explicitly know its distance from AP)
More later (implementation-dependent ☺☺☺☺)
8
WLAN NIC addressesWLAN NIC addresses
• Same as Ethernet NIC
» 48 bits = 2 + 46
• Ethernet & WLAN addresses do coexist
» undistinguishable, in a same (Layer-2) network
» role of typical AP = bridge� (to be precise: when the AP act as “portal” in 802.11 nomenclature)
802 IEEE
48 bit addresses
1 bit = individual/group
1 bit = universal/local
46 bit address
AP
192.168.1.3200:0a:e6:f8:03:ad
AP
192.168.1.43
00:06:6e:00:32:1a 192.168.1.5200:82:00:11:22:33
C:>arp -a
192.168.1.32 00-0a-e6-f8-03-ad dinamico
192.168.1.43 00-06-6e-00-32-1a dinamico
192.168.1.52 00-82-00-11-22-33 dinamico
9
Protocol stackProtocol stack
802.2 Logical Link Control
802.3
MAC
802.3
PHY
DATA LINK LAYER
LLC sublayerLLC
MAC
802
overview
&
architecture
802.1
management
&
bridging
802.11 MAC…
…
…
…
…802.11
FHSS PHY
802.11DSSS PHY
802.11aOFDM PHY
802.11bHR-DSSS
PHY
802.11gExtended
Rate PHY
DATA LINK LAYER
MAC sublayer
PHYSICAL LAYER
802.11: “just” another 802 link layer ☺☺☺☺
10
802.11 MAC Data Frame802.11 MAC Data Frame
PHY IEEE 802.11 Data 0 - 2312 FCS
Protocol
versionType Sub Type info
2 2 12
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
Frame
Control
Duration
/ IDAddress 1 Address 2 Address 3
Sequence
ControlAddress 4 Data
Framecheck
sequence
2 2 2 40-23126666
Fragment
numberSequence number
4 12
MAC overhead:
- 28 bytes (24 header + 4 FCS) or
- 34 bytes (30 header + 4 FCS)
DETAILS AND EXPLANATION LATER ON
11
EncapsulationEncapsulation
Identical
To 802.3/LLC
encapsulation
802.11 MAC frame: no “type” field (such as Ethernet II)!!
LLC encapsulation mandatory
12
Crossing a wireless bridge / 1Crossing a wireless bridge / 1
ETH/802.11
bridge
802.11/ETH
bridge
typeSRCDEST P
typeSRCDEST P
AA AA 03 00.00.00802.11 MAC header Type P
13
Crossing a wireless bridge / 2Crossing a wireless bridge / 2
ETH/802.11
bridge
802.11/ETH
bridge
AA AA 03 00.00.00LenSRCDEST Type P
typeSRCDEST P
AA AA 03 00.00.00802.11 MAC header Type PType P
14
Why Ethernet Tunnel?(just needed in very special cases: IPX, AARP)
Why Ethernet Tunnel?(just needed in very special cases: IPX, AARP)
AA AA 03 00.00.00LenSRCDESC Type
ETH/802.11
bridge
802.11/ETH
bridge
P
AA AA 03 00.00.00LenSRCDESC Type P
TypeSRCDESC P ?????Some protocols
MUST have this
Encapsulation:
-Novell IPX
(Type 0x8137)
- Apple-Talk ARP
(Type 0x80F3)
15
Handling 802.11 framesHandling 802.11 frames
Ethernet-like driver interfacesupports virtually all protocol stacks
Maximum Data limited to 1500 octets
Frame translationIEEE Std 802.1H
IEEE 802.3 frames: translated to 802.11
Ethernet Types 8137 (Novell IPX)
and 80F3 (AARP)
encapsulated via Ethernet Tunnel
In general, any protocol listed in the “selective translation table” of the bridge
All other Ethernet Types:
encapsulated via RFC 1042 SNAP
Transparent bridging to Ethernet
Platform
Computer
Platform
Computer
PC-Card
Hardware
PC-Card
HardwareRadio Hardware
Radio Hardware
WMAC controller withStation Firmware
(WNIC-STA)
WMAC controller withStation Firmware
(WNIC-STA)
Driver Software(STADr)
Driver Software(STADr)
802.11 frame format
802.3 frame format
Ethernet V2.0 / 802.3frame format
Protocol StackProtocol Stack
Bridge
Software
BridgeSoftware
PC-Card
Hardware
PC-Card
HardwareRadio
Hardware
Radio Hardware
WMAC controller withAccess Point Firmware
(WNIC-AP)
WMAC controller withAccess Point Firmware
(WNIC-AP)
Driver Software(APDr)
Driver Software(APDr)
802.11 frame format
802.3 frame format
Ethernet V2.0 / 802.3
frame format
Kernel Software (APK)Kernel Software (APK)
Bridge
Hardware
Bridge
HardwareEthernetInterface
EthernetInterface
STA AP
16
http://www.ieee802.org/1/files/public/docs2009/H-nolish-draftintro-0109-v01.ppt
Ethernet/802.3 is a data link standard. A data link may support multiple
network layer protocols, such as IP, IPX, ARP, whatever. There needs to be a
mechanism that demultiplexes a frame’s contents so that its contents are directed
to the proper protocol handler upon reception at a station. These mechanisms are
different for different variants of Ethernet and 802.n standards. 802.1H describes
how the protocol selection function is modified when transferring a frame
between two different 802.n data links.
RFC 1042 was the first attempt to solve the Ethernet/802.3 interworking issue
Frames transiting to an 802.3 network would have an RFC 1042 header added to
them. Frames transiting an Ethernet network would have the RFC 1042
encapsulation removed
17
Certain protocols are interpreted differently on an end station depending upon if
they are raw EtherType or LLC/SNAP encapsulated. Thus a frame transiting
between two Ethernet LANS via an intervening 802.3 LAN would always lose its
LLC/SNAP encapsulation, thus changing the meaning of the data flow between
the end stations.
802.1H Defines the Bridge Tunnel Service. The basic concept is that certain
protocols are encapsulated using the Bridge-Tunnel encapsulation for transit
across an 802.3 network.
When bridged to a non-802.3 network, the frames are de-encapsulated before
transiting to the non-802.3 network. However, frames with Bridge-Tunnel
encapsulation are not de-encapsulated but are sent using the RFC 1042
encapsulation.
This preserves the distinction between LLC/SNAP and raw Ethertype frames
across the 802.3 network.
18
802.11 Network ArchitectureAnd related addressing
19
Basic Service Set (BSS)Basic Service Set (BSS)
• Infrastructure BSS
» or, simply, BSS
» Stations connected through AP
» Typically interconnetted to a
(wired) network infrastructure
• Independent BSS (IBSS)
» Stations communicate directly with each other
» Smallest possible IBSS: 2 STA
» IBSS set up for a specificpurpose and for short time (e.g. meeting)
» That’s why they are alsocalled “ad hoc networks”
AP
Network infrastructure
BSS: group of stations that can communicate with each other
20
Frame Forwarding in a BSSFrame Forwarding in a BSS
AP
Network infrastructure
BSS: AP = relay function
No direct communication allowed!IBSS: direct communication
between all pairs of STAs
21
Why AP = relay function?Why AP = relay function?
• Management:» Mobile stations do NOT neet to maintain neighbohr relationship with other
MS in the area
» But only need to make sure they remain properly associated to the AP
» Association = get connected to (equivalent to plug-in a wire to a bridge ☺☺☺☺)
• Power Saving:» APs may assist MS in their power saving functions
» by buffering frames dedicated to a (sleeping) MS when it is in PS mode
• Security:» AP may manage security and authenticate users
• Obvious disadvantage: use channel bandwidth twice…
22
Addressing in IBSS (ad hoc)Addressing in IBSS (ad hoc)
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
SA
Address 3
BSSID
Sequence
ControlData FCS
SA = Source Address
DA = Destination Address
BSSID = Basic Service Set IDentifierused for filtering frames at reception (does the frame belong to OUR cell?)
format: 6 bytes random MAC address with Universal/Local bit set to 1
SA
DA
23
Addressing in a BSS?Addressing in a BSS?
X
AP
DA
SA
24
Addressing in a BSS!Addressing in a BSS!
AP
Distribution system
Frame must carry following info:1) Destined to DA2) But through the APWhat is the most general addressing structure?
DASA
25
Addressing in a BSS (to AP)Addressing in a BSS (to AP)
Frame
Control
Duration
/ ID
Address 1
BSSID
Address 2
SA
Address 3
DA
Sequence
ControlData FCS
AP
Distribution system
DASA
BSSID
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 0
Address 2 = wireless Tx
Address 1 = wireless RxAddress 3 = dest
BSSID = AP MAC address
26
Addressing in a BSS (from AP)Addressing in a BSS (from AP)
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
BSSID
Address 3
SA
Sequence
ControlData FCS
AP
Distribution system
DASA
BSSID
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1
Address 2 = wireless TxAddress 1 = wireless RxAddress 3 = src
27
From AP: do we really need 3 addresses?From AP: do we really need 3 addresses?
AP
Distribution system
DASA
BSSID
DA correctly receives frame, and send 802.11 ACK to … BSSID (wireless transmitted)
DA correctly receives frame, and send higher level ACK to … SA (actual transmitter)
28
ESS - Extended Service SetESS - Extended Service Set
AP1
AP2 AP3 AP4
BSS1
BSS2 BSS3 BSS4
ESS: created by merging different BSS through a network infrastructure(possibly overlapping BSS – to offer a continuous coverage area)
Stations within ESS MAY communicate each other via Layer 2 proceduresAPs acting as bridgesMUST be on a same LAN or switched LAN or VLAN (no routers in between)
29
Service Set IDentifier (SSID)Service Set IDentifier (SSID)
• name of the WLAN network
» Plain text (ascii), up to 32 char
• Assigned by the network
administrator
» All BSS in a same ESS have same SSID
• Typically (but not necessarily) is
transmitted in periodic management
frames (beacon)
» Disabling SSID transmission = a (poor!) security mechanism
» Typical: 1 broadcast beacon every 100 ms
(configurable by sysadm)
» Beacon may transmit a LOT of other info (see example – a simple one!)
IEEE 802.11 wireless LAN management frame
Fixed parameters (12 bytes)
Timestamp: 0x00000109EAB69185Beacon Interval: 0,102400 [Seconds]
Capability Information: 0x0015
.... .... .... ...1 = ESS capabilities: Transmitter is an AP
.... .... .... ..0. = IBSS status: Transmitter belongs to a BSS
.... .... .... 01.. = CFP participation capabilities: Point coordinator at
AP for delivery and polling (0x0001)
.... .... ...1 .... = Privacy: AP/STA can support WEP
.... .... ..0. .... = Short Preamble: Short preamble not allowed
.... .... .0.. .... = PBCC: PBCC modulation not allowed
.... .... 0... .... = Channel Agility: Channel agility not in use
.... .0.. .... .... = Short Slot Time: Short slot time not in use
..0. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation not allowed
Tagged parametersTag Number: 0 (SSID parameter set)
Tag length: 4
Tag interpretation: WLAN
Tag Number: 1 (Supported Rates)
Tag length: 4
Tag interpretation: Supported rates: 1,0(B) 2,0(B) 5,5 11,0 [Mbit/sec]
Tag Number: 6 (IBSS Parameter set)
Tag length: 1
Tag interpretation: ATIM window 0x2
Tag Number: 5 ((TIM) Traffic Indication Map)Tag length: 4
Tag interpretation: DTIM count 0, DTIM period 1,
Bitmap control 0x0, (Bitmap suppressed)
30
The concept of Distribution SystemThe concept of Distribution System
“Logical” architecture componentProvides a “service”
DSS = Distribution System Service
Standard does NOT say how it is implemented
Specified only which functions it provides
Association
Disassociation
Reassociation
Integration
Distribution
Association/disassociationRegistration/de-registration of a STA to an APEquivalent to “plugging/unplugging the wire” to a switchDS uses this information to determine which AP send
frames to
Reassociationi.e. handling STA mobility in a same ESS!
DistributionAn AP receives a frame on its air interface (e.g. STA 2)It gives the message to the distribution service (DSS) of the
DSThe DSS has the duty to deliver the frame to the proper
destination (AP)
IntegrationMust allow the connection to non 802.11 LANs
Though, in practice, non 802.11 LANs are Ethernet and no “real portals” are deployed
31
DS, againDS, again
AP1 AP2 AP3
Association
IAPP/proprietary IAPP/proprietary
Distribution system (physical connectivity + logical service support)
MSs in a same ESS need to1) communicate each other
2) move through the ESS
Typical implementation (media)Switched Ethernet Backbone
But alternative “Distribution Medium” are possible
E.g. Wireless Distribution System (WDS)
Implementation dutiesan AP must inform other APs of associated
MSs MAC addresses
StandardizationFrom 1997: tentative to standardize an IAPP
Finalized as “working practice standard” in 802.11F (june 2003)
Nobody cared!
Plenty of proprietary solutionsMust use APs from same vendor in whole ESS
Current trends (2004+):Centralized solutions (see Aruba, Cisco, Colubris)
Include centralized management, too!Current attempt: convergence to CAPWAP?
32
Addressing in an ESSAddressing in an ESS
AP
Distribution System
DA
SA
BSSID#1
Frame
Control
Duration
/ ID
Address 1
BSSID#1
Address 2
SA
Address 3
DA
Sequence
ControlData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 0
AP
DA
idea: DS will be able to forward frame to dest
(either if fixed or wireless MAC)
Same approach! Works in general, even if DA in different BSS
33
Addressing in an ESSAddressing in an ESS
Same approach! Works in general, even if DA in different BSS
AP
Distribution System
DASA
BSSID#2
AP
DA
Frame
Control
Duration
/ ID
Address 1
DA
Address 2
BSSID#2
Address 3
SA
Sequence
ControlData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1
34
Wireless Distribution SystemWireless Distribution System
AP1 AP2 AP3
DS medium:- not necessarily an ethernet backbone!
- could be the 802.11 technology itself
Resulting AP = wireless bridge
35
Addressing within a WDSAddressing within a WDS
AP
Wireless Distribution System
SA
TA
AP
DA
Frame
Control
Duration
/ ID
Address 1
RA
Address 2
TA
Address 3
DA
Sequence
Control
Address 4
SAData FCS
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
1 1
RA
Address 4: initially forgotten? ☺
36
Addressing: summaryAddressing: summary
Wireless DS
To AP
From AP
IBSS
Function
SADATARA11
N/ADASARA = BSSID01
N/ASABSSIDRA = DA10
N/ABSSIDSARA = DA00
Address 4Address 3Address 2Address 1From DSTo DS
Receiver Transmitter
BSS Identifier (BSSID)unique identifier for a particular BSS. In an infrastructure BSSID it is the MAC address of the AP.
In IBSS, it is random and locally administered by the starting station. (uniqueness)
Transmitter Address (TA)MAC address of the station that transmit the frame to the wireless medium. Always an individual
address.
Receiver Address (RA)to which the frame is sent over wireless medium. Individual or Group.
Source Address (SA) MAC address of the station who originated the frame. Always individual address.
May not match TA because of the indirection performed by DS of an IEEE 802.11 WLAN. SA fieldis considered by higher layers.
Destination Address (DA)Final destination . Individual or Group. May not match RA because of the indirection.
37
802.11 MACCSMA/CA Distributed Coordination
Function
Carrier Sense Multiple AccessCarrier Sense Multiple Access
With Collision AvoidanceWith Collision Avoidance
38
Wireless Medium UnreliabilityWireless Medium Unreliability
11 Mbps 802.11b outdoor measurements - Roma 2 Campus - roof nodes
39
Must rely on explicit ACKsMust rely on explicit ACKs
• Successful DATA transmission:» ONLY IF an ACK is received
• ACK transmission provided by MAC layer» Immediate retransmission
� Don’t get confused with higher layer rtx
• DATA-ACK exchange:» Also called two-way handshake
» Or Basic Access Mechanism
SENDER RECEIVER
DATA
ACK
40
Possible errorsPossible errors
• Three causes of insuccess
» PHY Error
» Receiver cannot synchronize with transmitted frame� preamble + SFD needed
» or cannot properly read Physical Layer Control Protocol (PLCP) header� PLCP header contains the essential information on employed rate
� Without it receiver cannot know how to demodulate/decode received frame!
» CRC32 error
» MAC frame (MAC Header + Payload) CRC failures� The greater the rate, the higher the SNR required to correctly transmit
» ACK Error
» Transmitter does not receive ACK� ACK corrupted by PHY or CRC32 errors
» It IS an error: though data frame was correctly received, transmitted does not
know� Introduce issue of duplicated frames at the receiver
PHY MAC header Payload FCS
Preamble SFD PLCP hdr
41
Wireless errors
11 Mbps 802.11b/g OUTDOOR measurements - Roma 2 Campus - roof nodes
PHY errors CANNOT be reduced through automatic rate fallback mechanisms
An (apparent) paradox: 802.11b@11mbps outdoor outperforms 802.11g@6mbps !!!
but it is NOT a paradox ☺☺☺☺ since most 802.11g errors are PHY (unrelated with rate)…
802.11b@11Mbps 802.11g@6Mbps
42
Must forget Collision Detection!Must forget Collision Detection!
• One single RF circuitry» Either TX or RX…
» Half-duplex
• Even if two simultaneous TX+RX: large difference (100+ dB!) in TX/RX signal power
» Impossible to receive while transmitting
» On a same channel, of course
• Collision detection at sender: meaningless in wireless!
» Ethernet = collision detection at sender
» Wireless = large difference in the interference power
between sender & receiver!
» Collision OCCURS AT THE RECEIVER
STA
tx
rx
CA B
A detects a very low interference
(C is far)
no “collision”
B detects a disructive interference(C is near)
collision occurs
43
Distributed Coordination Function Basics
Distributed Coordination Function Basics
44
802.11 MAC802.11 MAC
DISTRIBUTED COORDINATION FUNCTION
DCF(CSMA/CA)
POINT COORDINATION
FUNCTION
PCF(polling)
Intended forContention-FreeServices
Used for all other services, and used as basis for PCF
PCF: baiscally never user / supported!!
45
802.11 MAC evolution(802.11e, finalized in december 2005)
802.11 MAC evolution(802.11e, finalized in december 2005)
DCF
PCF(polling)
Intended forContention-FreeServices
Used for service differentiation(priorities)
All enhancements rely on DCF basic operation!
Dead ☺
HCF Controlled
Channel Access
HCCA(scheduling)
Enhanced Distributed
ChannelAccess
EDCA(prioritized CSMA)
Legacy
HYBRID COORDINATION FUNCTION
HCF
46
Carrier Sense Multiple AccessCarrier Sense Multiple Access
• Station may transmit ONLY IF senses channel IDLE for a DIFS time» DIFS = Distributed Inter Frame Space
• Key idea: ACK replied after a SIFS < DIFS» SIFS = Short Inter Frame Space
• Other stations will NOT be able to access the channel during thehandshake
» Provides an atomic DATA-ACK transaction
DIFSDATA
SIFS ACK
TX
RX
Packetarrival
OTHER
STA
DIFS
Packetarrival
Must measure
a whole DIFS
OK!
47
DATA/ACK frame formatDATA/ACK frame format
Frame
Control
Duration
/ IDAddress 1 Address 2 Address 3
Sequence
ControlAddress 4 Data
Framecheck
sequence
2 2 2 40-23126666
Frame
Control
Duration
/ IDAddress (RA)
Framecheck
sequence
2 2 46
DATA frame: 28 (or 34) bytes + payload
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
ACK frame: 14 bytes – No need for TA address (the station receiving the ACK knows who’s this from)!!
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1Type = Control (01)
SubType = ACK (1101)1 1 0 1
Type = Data (10)SubType = Data (0000)
1 0 0 0 0 00 0
0 0 0 0 0 0 0 00 x
x x x x x xx x
48
Grasping wi-fi (802.11b) numbersGrasping wi-fi (802.11b) numbers
• DIFS = 50 µµµµs» Rationale: 1 SIFS + 2 slot-times
» Slot time = 20 µµµµs, more later
PHY MAC header 24 (30) Payload FCS
• SIFS = 10 µµµµs» Rationale: RX_TX turnaround time
» The shortest possible!
• DATA frame: TX time = f(rate)• Impressive PHY overhead!
» 192 µµµµs per every single frame
• Total data frame time (1500 bytes)» @1 Mbps: 192+12288= 12480 µµµµs
� PHY+MAC overhead = 3.3%
» @11 Mbps: 192+ 1117.1 = 1309.1 µµµµs� PHY+MAC overhead = 16.%
» Overhead increases for small frames!
• ACK frame: TX at basic rate» Typically 1 mbps but 2 mbps possible…
» ACK frame duration (1mbps): 304 µµµµs
Preamble SFD PLCP hdr
128 16 48
1 mbps DBPSK
192 µs
(28+payload) [bytes] x 8 / TX_rate [mbps] = µs
PHY ACK 14
192 µs
DATA
ACK
112 µs
49
And when an ACK is “hidden”?And when an ACK is “hidden”?
SENDER RECEIVERSTA
1)Sender TX
Receiver RX
STA defers
BUSY DETECT (DATA)
SENDER RECEIVERSTA
2)Receiver ACKs(after SIFS)
STA cannot hear…
SIFSACK
STASTA TX!DIFS
SENDER RECEIVERSTA
3)STA tranmits
And destroys ACK!
50
The Duration FieldThe Duration Field
Frame
Control
Duration
/ IDAddress 1 Address 2 Address 3
Sequence
ControlAddress 4 Data
Framecheck
sequence
2 2 2 40-23126666
0# microseconds
1514131211109876543210
When bit 15 = 1 � NOT used as duration(used by power-saving frames to specify station ID)
DIFSDATA
SIFS ACK
OTHER
STA
Physical carrier sensing
NAV (data)
• Allows “Virtual Carrier Sensing”» Other than physically sensing the channel, each station keeps a Network
Allocation Vector (NAV)» Continuously updates the NAV according to information read in the duration
field of other frames
Virtual carrier sensing
51
And when a terminal is “hidden”?And when a terminal is “hidden”?
RECEIVERSENDER STA
… this can be “solved” by increasing the sensitiveness of the Carrier Sense…Quite stupid, though (LOTS of side effects – out of the goals of this lecture)
SENDER STA
… this can’t be “solved”
by any means!
RECEIVER
• The Hidden Terminal Problem» SENDER and STA cannot hear each
other
» SENDER transmits to RECEIVER
» STA wants to send a frame
» Not necessarily to RECEIVER…» STA senses the channel IDLE
» Carrier Sense failure
» Collision occurs at RECEIVER
• Destroys a possibly very long TX!!
52
DIFSDATA
SIFS ACK
TX
RX
Packetarrival
RTS
SIFS CTS SIFS
The RTS/CTS solutionThe RTS/CTS solution
TX
RX
hidden
others
RTS
NAV (RTS)
RTS/CTS: carry the amount of time the channel
will be BUSY. Other stations may update a
Network Allocation Vector, and defer TX
even if they sense the channel idle
(Virtual Carrier Sensing)
CTS CTS
NAV (CTS)
(Update NAV)
data
53
RTS/CTS framesRTS/CTS frames
Frame
Control
Duration
/ IDAddress (RA)
Framecheck
sequence
2 2 46
CTS frame: 14 bytes (same as ACK)
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
0 1Type = Control (01)SubType = CTS (1100)1 1 0 0
Frame
Control
Duration
/ IDAddress 1 (RA)
Framecheck
sequence
2 2 46
RTS frame: 20 bytes
Protocol
versionType
2 2
Sub TypeTo
DS
From
DS
More
FragRetry
Pwr
MNG
More
DataWEP Order
4 1 1 1 1 1 1 1 1
Type = Control (01)SubType = RTS (1011)
Address 2 (TA)
6
0 0 0 0 0 0 0 00 x
0 1 1 0 1 10 0 0 0 0 0 0 00 x
54
RTS/CTS and performanceRTS/CTS and performance
RTS/CTS cons: larger overhead
RTS/CTS pros: reduced collision duration
ESPECIALLY FOR LONG PACKETSLong ���� packet > RTS_Threshold (configurable)
TODAY higher rates � No more significant
55
Issues with “duration” readingIssues with “duration” reading
RX
TXC
• “Duration” field in MAC header» Coded at same rate as payload
» Must receive whole MAC frame correctly
11 Mbps tx
11 mbps
range5.5 mbps
range
2 mbps
range
1 mbps
range
• C cannot read TX frame» No way to know duration value
56
ACK may be hidden once again!ACK may be hidden once again!
RX
TXC
• C hidden from RX» Carrier sense remains IDLE during RX����TX ACK
» NAV could not be updated» May transmit after a DIFS» Destroying ACK!
ACK transm
57
EIFS = protect ACKEIFS = protect ACK
RX
TXC
• C cannot read data frame» CRC32 error» Most of PHY errors
11 Mbps tx
11 mbps
range5.5 mbpsrange
2 mbps
range
1 mbps
range
• If planning to transmit:» No more after a DIFS» But after a LONGER interval of time
» Sufficiently long to protect ACK transmission
58
EIFSEIFS
Data ACKNAV
SourcestationDestination stationOther stations receiving Data frame correctlyOther stationsreceiving Data frameincorectly
DIFSSIFS
EIFSBack- offBack- offBack- off
59
Why backoff?Why backoff?
DIFSDATA
SIFS ACK
STA1
STA2
STA3
DIFS
Collision!
RULE: when the channel is initially sensed BUSY, station defers transmission;
THEN,when channel sensed IDLE again for a DIFS, defer transmission of a
further random time (Collision Avoidance)
60
Slotted BackoffSlotted Backoff
STA2
STA3
DIFS
Extract random number
in range (0, W-1)
Decrement every slot-time σ
w=7
w=5
Note: slot times are not physically delimited on the channel!
Rather, they are logically identified by every STA
Slot-time values: 20µs for DSSS (wi-fi)Accounts for: 1) RX_TX turnaround time
2) busy detect time
3) propagation delay
61
Backoff freezingBackoff freezing
• When STA is in backoff stage:» It freezes the backoff counter as long as the channel is sensed
BUSY
» It restarts decrementing the backoff as the channel is sensed IDLE for a DIFS period
DIFS DATA
SIFS ACK
STATION 1
DIFS
SIFS ACK 6 5
DIFS
Frozen slot-time 4
BUSY medium
STATION 2
DIFS
3 2 1
62
Why backoff betweenconsecutive tx?
Why backoff betweenconsecutive tx?
• A listening station would never find a slot-time after the DIFS (necessary to decrement the backoff counter)
• Thus, it would remain stuck to the current backoff counter valueforever!!
DIFS DATA
SIFS ACK
S 1
DIFS
6 5
DIFS
Frozen slot-time 4
BUSY medium
S 2
DIFS
3
DATA
SIFS ACK
DIFS
BUSY medium DIFS
63
Backoff rulesBackoff rules
• First backoff value:» Extract a uniform random number in range (0,CWmin)
• If unsuccessful TX:» Extract a uniform random number in range (0,2×(CWmin+1)-1)
• If unsuccessful TX:» Extract a uniform random number in range (0,22×(CWmin+1)-1)
• Etc up to 2m×(CWmin+1)-1
Exponential Backoff!
For 802.11b:
CWmin = 31
CWmax = 1023 (m=5)
64
Further backoff rulesFurther backoff rules
• Truncated exponential backoff
» After a number of attempts, transmission fails and frame is dropped
» Backoff process for new frame restarts from CWmin
» Protects against cannel capture
» unlikely when stations are in visibility, but may occur in the case of hidden stations
• Two retry limits suggested:
» Short retry limit (4), apply to frames below a given threshold
» Long retry limit (7), apply to frames above given threshold
» (loose) rationale: short frames are most likely generated by real time stations
» Of course not true in general; e.g. what about 40 bytes TCP ACKs?
65
DCF OverheadDCF Overhead
66
802.11b parameters (summary)802.11b parameters (summary)
PIFS used by Point Coordination Function- Time-bounded services- Polling scheme
PCF Never deployed
102331205010802.11b PHY
CWmaxCWminSlot Time
(µµµµsec)DIFS (µµµµsec)
SIFS
(µµµµsec)Parameters
67
DCF overheadDCF overhead
min_
[ ]
[ ] / 2station
Frame Tx
E payload
E T DIFS CWS =
+ +
_Frame Tx MPDU ACKT T SIFS T= + +
TxCTSPLCPCTS
TxRTSPLCPRTS
TxACKPLCPACK
TxMPDUPLCPMPDU
RTT
RTT
RTT
RLTT
_
_
_
_
/148
/208
/148
/)28(8
⋅+=
⋅+=
⋅+=
+⋅+=
_Frame Tx RTS CTS MPDU ACKT T SIFS T SIFS T SIFS T= + + + + + +
68
Example: maximum achievable throughput for802.11b
Example: maximum achievable throughput for802.11b
DATA SIFS
ACK
DIFS
backoff
DATA
Cycle time
• Data Rate = 11 mbps; ACK rate = 1 mbps• Payload = 1500 bytes
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
07.631050304101303
81500
310202
31][
50;10
3041/148192
130311/)150028(8192
=++++
×=
=×=
==
=⋅+=
≈+⋅+=
• Data Rate = 11 mbps; ACK rate = 1 mbps• Payload = 576 bytes
MbpsThr
BackoffE
DIFSSIFS
T
T
ACK
MPDU
53.33105030410631
8576
310202
31][
50;10
3041/148192
63111/)57628(8192
=++++
×=
=×=
==
=⋅+=
≈+⋅+=
REPEAT RESULTS FOR RTS/CTS ���� Not viable (way too much overhead) at high rates!
69
DCF overhead (802.11b)DCF overhead (802.11b)
0 2000 4000 6000 8000
Tra nsmssion Time (use c )
Basic
RTS/CTS
Basic
RTS/CTS
DIFS Ave Backoff RTS+SIFS CTS+SIFS Payload+SIFS ACK
70
DCF overhead (802.11b)DCF overhead (802.11b)
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
100 300 500 700 900 1100 1300 1500 1700 1900 2100 2300Payload Size (Bytes)
Normalized Throughput
BAS-2M bps
RTS-2M bps
BAS-11M bps
RTS-11M bps
71
802.11 multi rate operations and “performance anomaly”
802.11 multi rate operations and “performance anomaly”
72
Multi-rate operationMulti-rate operation
• Rate selection: proprietary mechanism!» Result: different chipsets operate widely different
• Two basic approaches» Adjust rate according to measured link quality (SNR estimate)
» How link quality is computed is again proprietary!
» Adjust rate according to frame loss
» How many retries? Step used for rate reduction? Proprietary!
» Problem: large amount of collisions (interpreted as frame loss) forces rate adaptation
73
Performance AnomalyPerformance Anomaly
• Question 1:» Assume that throughput measured for a single 11 mbps greedy
station is approx 6 mbps. What is per-STA throughput when two 11 mbps greedy stations compete?
• Answer 1:» Approx 3 mbps (easy ☺☺☺☺)
• Question 2:» Assume that throughput measured for a single 2 mbps greedy station
is approx 1.7 mbps. What is per-STA throughput when two 2 mbpsgreedy stations compete?
• Answer 2:» Approx 0.85 mbps (easy ☺☺☺☺)
• Question 3:» What is per-STA throughput when one 11 mbps greedy station
compete with one 2 mbps greedy station?
• Answer 3:» ...
74
Understanding Answers 1&2(neclect collision – indeed rare – just slightly reduce computed value)
STA 1 SIFS
ACK
DIFS
backoff
Cycle time
STA 2 SIFS
ACK
DIFS
Frozen backoff
• Data Rate = 11 mbps; ACK rate = 1 mbps
• Payload = 1500 bytes
]_[]2[]1[
81500
][
][]2[]1[
backofftotEDIFSACKSIFSTDIFSACKSIFSTtimecycleE
payloadEThrThr
MPDUMPDU ++++++++
×===
MbpsThr
backofftotE
DIFSSIFS
T
T
ACK
MPDU
3.3310)50304101303(2
81500
310202
31]_[
50;10
3041/148192
130311/)150028(8192
=++++×
×=
=×=
==
=⋅+=
≈+⋅+=
• Data Rate = 2 mbps; ACK rate = 1 mbps
• Payload = 1500 bytes
MbpsThr
backofftotE
DIFSSIFS
T
T
ACK
MPDU
88.0310)50304106304(2
81500
310202
31]_[
50;10
3041/148192
63042/)150028(8192
=++++×
×=
=×=
==
=⋅+=
≈+⋅+=
75
E[tot_backoff] indicato al denominatore deve essere considerato come il totale dei
tempi medi di backoff che si hanno dopo la trasmissione di ogni pacchetto nel
ciclo. Questi tempi di backoff dipendono dal numero di stazioni che stanno
competendo. Possiamo chiamare E[backoff(N)] la durata media dell’intervallo
tra la fine di un pacchetto e l’inizio del successivo, dove N è il numero di stazioni
che stanno competendo.
Quindi nella slide precedente E[tot_backoff] = E[backoff(2)]+ E[backoff(2)]
Come valutare il tempo di backoff quando ci sono più stazioni che competono?
nel caso in cui c'e' una sola stazione, ovviamente di ha:
E[backoff(1)]=SlotTime*CWmin/2=SlotTime*31/2
76
Si supponga che le stazioni A e B si alternino sul canale radio (ed in effetti in
media sia ha che la metà dei pacchetti è di una stazione e metà dell'altra).
La stazione A estrae il suo backoff e inizia a contare all'indietro, prima dello
scadere del backoff B trasmette (dato che abbiamo ipotizzato l'alternanza nelle
trasmissioni) e A sospende il conteggio all'indietro. A riprende il conteggio
all'indietro appena B finisce di trasmettere, finisce il conteggio senza essere
interrrotta (sempre per l'ipotesi dell'alternanza) e poi inizia a trasmettere il
nuovo pacchetto chiudendo il ciclo.
Se guardiamo quello che è successo in un ciclo, dall'inizio della trasmissione di A
all'inizio della trasmissione successiva di A, ci sono stati due periodi di backoff, la
cui durata media è la metà del periodo medio di backoff che la stazione A
avrebbe se trasmettesse in isolamento.
Quindi E[backoff(2)] = E[backoff(1)]/2 e nel caso in esame:
E[tot_backoff]=E[backoff(2)]+E[backoff(2)]=E[backoff(1)]=SlotTime*31/2
Il tutto, ricordiamocelo, nell'ipotesi di trascurare le collisioni !!!
77
Emerging “problem”: long-term fairness!
Emerging “problem”: long-term fairness!
If you have understood the previous example, you easilyrealize that 802.11 provides FAIR access to stations in terms of EQUAL NUMBER of transmissionopportunities in the long term!
But this is INDEPENDENT OF transmission speed!
STA1 STA2 STA1 STA1STA2 STA2
78
Computing answer 3Computing answer 3
STA (2mbps) SIFS
ACK
DIFS
Cycle time
STA 11 SIFS
ACK
DIFS
Frozen backoff
RESULT: SAME THROUGHPUT (in the long term)!!
!!!!!!39.1310)5030410(213036304
81500
]_[]2[]1[
81500
][
][]2[]1[
Mbps
backofftotEDIFSACKSIFSTDIFSACKSIFST
timecycleE
payloadEThrThr
MPDUMPDU
=+++++
×=
=++++++++
×=
===
DRAMATIC CONSEQUENCE: throughput is limited by
STA with slowest rate (lower that the maximum throughputachievable by the slow station)!!
79
Performance anomaly into actionPerformance anomaly into action
Why the network issoooo slow today? We’re so Close, we have a 54 mbps and
“excellent” channel, and we getLess than 1 mbps …
Hahahahahah!!
Poor channel, Rate-fallbacked @ 1mbps ☺