IEEE 802.11 Overview

Mustafa Ergenergen@eecs.berkeley.eduUC Berkeley

Wireless Market Segments

Wireless Market Segments & Partners

Fixed

Mobile

Broadband Multiservice

2G+Cellular

3GCellular

Residential/Premise/ Campus

LMDS

MMDS

Cisco/Bosch

DataServices

GPRSMobile IP

PacketData/Voice

UMTS

BLUETOOTH

IEEE802.11

Wireless InternetworkingOverview

Standardization of Wireless NetworksWireless networks are standardized by IEEE.Under 802 LAN MAN standards committee.

IEEE 802.11 OverviewAdopted in 1997.Defines;MAC sublayer MAC management protocols and servicesPhysical (PHY) layersIR FHSSDSSS GoalsTo deliver services in wired networksTo achieve high throughputTo achieve highly reliable data deliveryTo achieve continuous network connection.

ComponentsStationBSS - Basic Service SetIBSS : Infrastructure BSS : QBSSESS - Extended Service SetA set of infrastrucute BSSs.Connection of APsTracking of mobilityDS Distribution SystemAP communicates with another

ServicesStation services: authentication, de-authentication, privacy, delivery of dataDistribution Services ( A thin layer between MAC and LLC sublayer)associationdisassociationreassociationdistributionIntegration

A station maintain two variables: authentication state (=> 1) association state (

Ex.

Medium Access ControlFunctionality;Reliable data deliveryFairly control access Protection of dataDeals;Noisy and unreliable mediumFrame exchange protocol - ACKOverhead to IEEE 802.3 - Hidden Node Problem RTS/CTSParticipation of all stationsReaction to every frame

MACRetry CountersShort retry counterLong retry counterLifetime timerBasic Access MechanismCSMA/CABinary exponential back-offNAV Network Allocation VectorTiming Intervals: SIFS, Slot Time, PIFS, DIFS, EIFSDCF OperationPCF Operation

DCF Operation

PCF OperationPoll eliminates contentionPC Point CoordinatorPolling ListOver DCFPIFSCFP Contention Free PeriodAlternate with DCFPeriodic Beacon contains length of CFPCF-Poll Contention Free PollNAV prevents during CFPCF-End resets NAV

Frame TypesProtocol VersionFrame Type and Sub TypeTo DS and From DSMore Fragments Retry Power Management More Data WEPOrder

FCDuration/IDAddress 1

Address 2

Address 3

SequenceControl

Address4

DATA

FCS

22666260-23124 bytesNAV informationOrShort Id for PS-Poll

BSSID BSS IdentifierTA - Transmitter RA - ReceiverSA - SourceDA - Destination

IEEE 48 bit addressIndividual/Group Universal/Local46 bit address

MSDUSequence NumberFragment Number

CCIT CRC-32 Polynomial

Upper layer data2048 byte max256 upper layer header

Frame SubtypesRTSCTSACKPS-PollCF-End & CF-End ACK

DataData+CF-ACKData+CF-PollData+CF-ACK+CF-PollNull FunctionCF-ACK (nodata)CF-Poll (nodata)CF-ACK+CF+Poll

BeaconProbe Request & ResponseAuthenticationDeauthenticationAssociation Request & ResponseReassociation Request & ResponseDisassociationAnnouncement Traffic Indication Message (ATIM)

CONTROLDATAMANAGEMENT

Other MAC OperationsFragmentationSequence control fieldIn burstMedium is reservedNAV is updated by ACKPrivacyWEP bit set when encrypted.Only the frame body.Medium is reservedNAV is updated by ACKSymmetric variable keyWEP DetailsTwo mechanismDefault keysKey mappingWEP header and trailerKEYID in header ICV in trailer dot11UndecryptableCountIndicates an attack.dot11ICVErrorCountAttack to determine a key is in progress.

MAC ManagementInterference by users that have no concept of data communication. Ex: Microwave

Interference by other WLANs

Security of data

Mobility

Power Management

AuthenticationAuthenticationProve identity to another station.Open system authenticationShared key authenticationA sendsB responds with a textA encrypt and send backB decrypts and returns an authentication management frame.May authenticate any number of station.Security ProblemA rogue APSSID of ESSAnnounce its presence with beaconing

A active rogue reach higher layer data if unencrypted.

AssociationAssociationTransparent mobilityAfter authenticationAssociation request to an APAfter established, forward dataTo BSS, if DA is in the BSS.To DS, if DA is outside the BSS.To AP, if DA is in another BSS.To portal, if DC is outside the ESS.Portal : transfer point : track mobility. (AP, bridge, or router) transfer 802.1hNew AP after reassociation, communicates with the old AP.

Address FilteringMore than one WLANThree AddressesReceiver examine the DA, BSSIDPrivacy MAC FunctionWEP Mechanism

Power ManagementIndependent BSSDistributedData frame handshakeWake up every beacon.Awake a period of ATIM after each beacon.Send ACK if receive ATIM frame & awake until the end of next ATIM.Estimate the power saving station, and delay until the next ATIM.Multicast frame : No ACK : optionalOverheadSenderAnnouncement frameBuffer Power consumption in ATIMReceiverAwake for every Beacon and ATIM

Power ManagementInfrastructure BSSCentralized in the AP.Greater power savingMobile Station sleeps for a number of beacon periods.Awake for multicast indicated in DTIM in Beacon.AP buffer, indicate in TIMMobile requests by PS-Poll

SynchronizationTimer Synchronization in an Infrastructure BSSBeacon contains TSFStation updates its with the TSF in beacon.

Timer Synchronization in an IBSSDistributed. Starter of the BSS send TSF zero and increments.Each Station sends a BeaconStation updates if the TSF is bigger.Small number of stations: the fastest timer value Large number of stations: slower timer value due to collision.

Synchronization with Frequency Hopping PHY LayersChanges in a frequency hopping PHY layer occurs periodically (the dwell meriod).Change to new channel when the TSF timer value, modulo the dwell period, is zero

Scanning & JoiningScanningPassive Scanning : only listens for Beacon and get info of the BSS. Power is saved.Active Scanning: transmit and elicit response from APs. If IBSS, last station that transmitted beacon responds. Time is saved. Joining a BSSSyncronization in TSF and frequency : Adopt PHY parameters : The BSSID : WEP : Beacon Period : DTIM

Combining Management ToolsCombine Power Saving Periods with ScanningInstead of entering power saving mode, perform active scanning.Gather information about its environments.

PreauthenticationScans and initiate an authenticationReduces the time

The Physical LayerPLCP: frame exchange between the MAC and PHYPMD: uses signal carrier and spread spectrum modulation to transmit data frames over the media.Direct Sequence Spread Spectrum (DSSS) PHY2.4 GHz : RF : 1 2 MbpsThe Frequency Hopping Spread Spectrum (FHSS) PHY110KHz deviation : RF : PMD controls channel hopping : 2 MbpsInfrared (IR) PHYIndoor : IR : 1 and 2 MbpsThe OFDM PHY IEEE 802.11a5.0 GHz : 6-54 Mbps : High Rate DSSS PHY IEEE 802.11b2.4 GHz : 5.5 Mbps 11 Mbps :

IEEE 802.11EEDCF - Enhanced DCFHCF - Hybrid Coordination FunctionQBSSHC Hybrid ControllerTC Traffic CategoriesTXOP Transmission Opportunity granted by EDCF-TXOP or HC- poll TXOPAIFS Arbitration Interframe Space

IEEE 802.11E

IEEE 802.11E Backoff

IEEE 802.11 ProtocolsIEEE 802.11aPHY Standard : 8 channels : 54 Mbps : Products are available.IEEE 802.11bPHY Standard : 3 channels : 11 Mbps : Products are available.IEEE 802.11dMAC Standard : operate in variable power levels : ongoingIEEE 802.11eMAC Standard : QoS support : Second half of 2002.IEEE 802.11fInter-Access Point Protocol : 2nd half 2002IEEE 802.11gPHY Standard: 3 channels : OFDM and PBCC : 2nd half 2002IEEE 802.11hSupplementary MAC Standard: TPC and DFS : 2nd half 2002IEEE 802.11iSupplementary MAC Standard: Alternative WEP : 2nd half 2002

APPENDIX

The Basics of WLANs

PAN

LAN

WAN

Access speed

1-2mb

11mb

>56kb

Range

10m

100-400m

global

Standard

IEEE 802.11b

GPRS

1xRTT

Scalability

Low

device specific

Medium

ethernet

High

regional

Infrastructure

Architecture

FHSS

DSSS

cellular

EMBED Word.Picture.8

_1031722700.doc

WLAN Pending Issues

Why 802.11a?Greater bandwidth (54Mb)Less potential interference (5GHz)More non-overlapping channelsWhy 802.11b?Widely availableGreater range, lower power needsWhy 802.11g?Faster than 802.11b (24Mb vs 11Mb)

Deployment Issues

Re-purpose Symbol APs for secure admin services

Deploy 802.11b with 802.11a in mind (25db SNR for all service areas)

Delay migration to 802.11a until dual function (11b & 11a) cards become available

Frequency Bands- ISMExtremelyLowVeryLowLowMediumHighVeryHighUltraHighSuperHighInfraredVisibleLightUltra-violetX-RaysAudioAM BroadcastShort Wave RadioFM BroadcastTelevisionInfrared wireless LAN902 - 928 MHz26 MHz

Cellular (840MHz)NPCS (1.9GHz)2.4 - 2.4835 GHz83.5 MHz(IEEE 802.11)5 GHz(IEEE 802.11)HyperLANHyperLAN2Industrial, Scientific, and Medical (ISM) bandsUnlicensed, 22 MHz channel bandwidth

IEEE 802.11i Enhanced Security

DescriptionEnhancements to the 802.11 MAC standard to increase the security; addresses new encryption methods and upper layer authenticationImportanceHigh: weakness of WEP encryption is damaging the 802.11 standard perception in the marketRelated standardsThis applies to 802.11b, 802.11a and 802.11g systems. 802.1x is key reference for upper layer authentication Status + RoadmapEnhanced encryption software will replace WEP software; This is on a recommended best practice /voluntary basis; development in TgI: first draft Mar 2001; next draft due Mar 2002; stable draft: July 2002; final standard: Jan 2003Products affectedClient and AP cards (Controller chip, Firmware, Driver) AP kernel, RG kernel, BG kernelAgeres activityActively proposing WEP improvement methods, participating in all official/interim meetingsKey playersAgere/Microsoft/Agere/Cisco/Atheros/Intel/3Com/Intersil/Symbol/Certicom/RSA/FunkKey issuesMode of AES to use for encryption (CTR/CBC [CBC MIC] or OCB [MIC and Encryption function])

IEEE 802.1X - Port Based Control

DescriptionA framework for regulating access control of client stations to a network via the use of extensible authentication methodsImportanceHigh: forms a key part of the important 802.11i proposals for enhanced securityRelated standardsThis applies to 802.11b, 802.11a and 802.11g systemsStatus + RoadmapStandard available Spring 2001Products affectedSupported in AP-2000, AP-1000/500, Clients (MS drivers for XP/2000 beta)Ageres activityAdding EAP auth types to productsKey playersMicrosoft/Cisco/Certicom/RSA/FunkKey issuesHome in IETF for EAP method discussions

IEEE 802.1p - Traffic Class

ReferenceIEEE 802.1p (Traffic Class and Dynamic Multicast Filtering)DescriptionA method to differentiate traffic streams in priotity classes in support of quality of service offeringImportanceMedium: forms a key part of the 802.11e proposals for QoS at the MAC levelRelated standardsThis applies to 802.11b, 802.11a and 802.11g systems; is an addition to the 802.1d Bridge standard (annex H).Status + RoadmapFinal standard; incorporated in 1998 edition of 802.1d (annex H)Products affectedClient and AP cards (Driver); AP kernel, RG kernel, BG kernelAgeres activityInvestigating implementation optionsKey playersN/AKey issuesN/A

Glossary of 802.11 Wireless Terms, cont.BSSID & ESSID: Data fields identifying a stations BSS & ESS.Clear Channel Assessment (CCA): A station function used to determine when it is OK to transmit.Association: A function that maps a station to an Access Point.MAC Service Data Unit (MSDU): Data Frame passed between user & MAC.MAC Protocol Data Unit (MPDU): Data Frame passed between MAC & PHY.PLCP Packet (PLCP_PDU): Data Packet passed from PHY to PHY over the Wireless Medium.

Overview, 802.11 ArchitectureSTASTASTASTASTASTASTASTAAPAPESSBSSBSSBSSBSSExisting Wired LANInfrastructure NetworkAd Hoc NetworkAd Hoc Network

Frequency Hopping and Direct Sequence Spread Spectrum TechniquesSpread Spectrum used to avoid interference from licensed and other non-licensed users, and from noise, e.g., microwave ovensFrequency Hopping (FHSS)Using one of 78 hop sequences, hop to a new 1MHz channel (out of the total of 79 channels) at least every 400millisecondsRequires hop acquisition and synchronizationHops away from interferenceDirect Sequence (DSSS)Using one of 11 overlapping channels, multiply the data by an 11-bit number to spread the 1M-symbol/sec data over 11MHzRequires RF linearity over 11MHzSpreading yields processing gain at receiverLess immune to interference

802.11 Physical LayerPreamble Sync, 16-bit Start Frame Delimiter, PLCP Header including 16-bit Header CRC, MPDU, 32-bit CRCFHSS2 & 4GFSKData Whitening for Bias Suppression32/33 bit stuffing and block inversion7-bit LFSR scrambler80-bit Preamble Sync pattern32-bit HeaderDSSSDBPSK & DQPSKData Scrambling using 8-bit LFSR128-bit Preamble Sync pattern48-bit Header

802.11 Physical Layer, cont. Antenna DiversityMultipath fading a signal can inhibit receptionMultiple antennas can significantly minimizeSpacial Separation of OrthoganalityChoose Antenna during Preamble Sync patternPresence of Preamble Sync patternPresence of energyRSSI - Received Signal Strength IndicationCombination of bothClear Channel AssessmentRequire reliable indication that channel is in use to defer transmissionUse same mechanisms as for Antenna DiversityUse NAV information

Performance, Theoretical Maximum ThroughputThroughput numbers in Mbits/sec:Assumes 100ms beacon interval, RTS, CTS used, no collisionSlide courtesy of Matt Fischer, AMD

1 Mbit/sec

2 Mbit/sec

MSDU size

(bytes)

DS

FH (400ms hop time)

DS

FH (400ms hop time)

128

0.364

0.364

0.517

0.474

512

0.694

0.679

1.163

1.088

512

(frag size = 128)

0.503

0.512

0.781

0.759

2304

0.906

0.860

1.720

1.624

*Same organization that came up with IEEE 802.3 Ethernet,which is responsible for success of Internet**************