Wireless LAN 802.11
Muhammad Jaseemuddin
Ryerson University
IEEE 802.11 WLAN Standard
LLC Layer - IEEE 802.2
Application
MAC Layer - IEEE 802.11
Presentation
•
•
•
•
•
•
Session
Carrier Sense Multiple Access (CSMA)
Virtual Collision Detection (VCD)
Asynchronous Data Service
Time-bounded Service
Error Correction, Access Control
Encryption, Roaming, Power Saving
Transport
PHY Layer - IEEE 802.11 Radio
Network
Data Link
Physical
LLC
MAC
•
•
•
•
•
900MHz, 2.4GHz & 5.8GHz
Frequency Hopping Spread Spectrum
Direct Sequence Spread Spectrum
1, 2, 5.5 & 11Mbps Data Rates
100-500m Transmission Range
Ad-Hoc Network
STA1
STA2
STA3
• Basic Service Set (BSS) - BSSID
Infrastructure Network
Distribution System
STA1
STA2
BSS1
STA
BSS2
• Cellular Structure
– Cells operating in different frequency channel
• Roaming across BSS through Distribution System
Radio Frequency Spectrum
• The Industrial Scientific and Medical (ISM) Bands
in N. America
900MHz 928MHz
2.4000GHz
900MHz
2.4835GHz
5.725GHz
2.4GHz
5.850GHz
5.8GHz
FHSS – IEEE 802.11 PHY
• 802.11 divides ISM band into a series of 1-MHz
channels
• Approximately 99% of the radio energy is confined
to the channel
• Channel sequence starts from 2.400 GHZ with a step
of 1 goes up to 2.495 for total 95 channels
• In NA 78 channels are permitted from channel 2
(2.402) to channel 79 (2.479)
• An FH pattern Fxconsists of a permutation of all 79
channels, given as
– Fx = {fx(1), fx(2), … , fx(79)}
• Where Fx is the FH pattern
• fx(i) is the channel number for the ith frequency in the xth FH
pattern
– fx(i) = [b(i) + x] mod(79) + 2
• The sequences are designed to ensure some
minimum distances between the frequencies of the
contiguous hops
– 6-MHZ gap in NA
FHSS PHY
• The FH patterns are divided into three sets
• The sets are defined to avoid prolonged collision
periods between different sequences in a set
• Each set contains 26 patterns for NA
– S1: x = {0,3,6,9,12,15,18,21, … , 72, 75}
– S2: x = {1,4,7,10,13,16,19,22, … , 73,76}
– S3: x = {2,5,8,11,14,17,20,23, … , 74,77}
• 2.5 hops per second yields maximum dwell time to
be 390 TUs ~ 0.4 second
• Beacon Frame contains time stamp and FH
Parameter Set element
– Hop Set #
– Hop pattern #
– Hop index
• All STAs in the IBSS synchronized their clock with
the TBTT using beacon advertised timestamp
• They all tuned to the same FH pattern advertised in
the beacon
• Hop occurs when the timestamp modulo dwell time
becomes zero
DSSS – IEEE 802.11b PHY
• It requires more power to achieve the same throughput than
the FH SS
• It is readily adaptable to much higher data rate
• 802.11 adopted 11-bit Barker code
– {+1 –1 +1 +1 –1 +1 +1 +1 –1 –1 –1}
– It is tolerant to multipath delay spread
• Each data bit is encoded using the entire Barker word as the
chipping sequence
• The DS PHY has 14 channels each 5MHz wide
– Channel 1: 2.412 GHz, channel 2: 2.417 GHz and so on up
to channel 14: 2.484 GHz
– In NA 11 channels are allowed: 1-11 (2.412 – 2.462 GHz)
• Within a channel most of the energy is spread across a 22-MHz
band
• To prevent interference caused by networks operating in
adjacent channels 802.11 IBSSes are required to operate on
center frequencies that are 22-MHz apart
– With 5-MHz channel spacing it means the adjacent IBSSes
must operate with 5 channels apart
– Typically they are configured at channels 1,6 and 11
– Only three IBSSes can be adjacent
DS Channels (22 MHz Wide)
Channel Center
Frequency
NA-ANZ
ETSI
Japan
1
2
3
4
5
6
7
8
9
10
11
12
13
14
x
x
x
x
x
x
x
x
x
x
x
-
x
x
x
x
x
x
x
x
x
x
x
x
x
-
x
x
x
x
x
x
x
x
x
x
x
x
x
x
2412
2417
2422
2427
2432
2437
2442
2447
2452
2457
2462
2467
2472
2484
Source: CISCO WLAN Adapters Software Guide
802.11 DS PHY
• 802.11 was announced in 1997 allowed 1
or 2 bits encoding per Barker word
resulting into 1-2 Mbps
– The system is capable of processing 1
million chips per second
• 802.11b as announced in 1999 allowing 5
or 8 bits encoding per Barker word
resulting into 5.5 to 11 Mbps bandwidth
– Using different encoding technique
Medium Access Control
• Why not CSMA/CA?
– Collision detection is difficult in radio
environment
– Stations may interfere from other LANs
(BSS)
– Hidden node problem
• Distributed Co-ordinated Function (DCF)
– For asynchronous data service
– CSMA/CA
– Virtual Collision Detection (VCD)
• Point Co-ordinated Function (PCF)
– For time-bounded data service
– Access Point (AP) serves as the co-ordinator
Carrier Sensing
• Two carrier sensing mechanisms are
defined
– A physical carrier sensing
• Depending upon the PHY layer, it senses the
availability of the carrier frequency
– A virtual carrier sensing
• This is a logical carrier sensing at the MAC layer
• Every packet (with some exceptions) announces
the duration for which the current transmission
will hold the channel – it is called Network
Allocation Vector (NAV)
• All stations monitoring the channel read the MAC
header, which contains the NAV. They all
“backoff” for NAV microseconds before starting
the contention for the next transmission
Virtual Carrier Sensing
DIFS
Sender
Unicast Frame
SIFS
ACK
DIFS
NAV
Data
Access to medium is deferred
• Every unicast frame contains NAV value, which
indicates the time in microseconds this transaction
will take including the time for ACK
• All other monitoring stations will next sense the
medium after NAV and the subsequent DIFS
Basic Transmission Algorithm
NAV=0?
Sense the medium
(perform physical channel
assessment)
Medium
Idle?
Transmit Frame
Collision?
Random
Backoff
Time
Medium Acces and IFS
DIFS
DIFS
medium busy
PIFS
SIFS
next frame
contention
time
SIFS
PIFS
DIFS
For DSS
Slot time
Short Inter-Frame Spacing
PCF Inter-Frame Spacing = SIFS + slot time
DCF Inter-Frame Spacing = SIFS + 2*slot time
SIFS = 10 µs
Slot time = 20 µs
aCWmin = 31
aCWmax = 1023
• Exponential Back-off
– random back-off time within a contention window [0, CW]
– contention window size increases with retransmission
– back-off time = random() * slot time
– random() = a pseuodo random integer in [0,CW]
– aCWmin <= CW <= acWmax, CW starts with aCWmin and
increases by every retransmission upto aCWmax, and is reset after
successful transmission
DSS Contention Window
Initial Transmission
medium busy
1st Retransmission
medium busy
2nd Retransmission
medium busy
DIFS
DIFS
DIFS
DIFS
3rd Retransmission
medium busy
DIFS
4th Retransmission
5th Retransmission
6th Retransmission
medium busy
DIFS
medium busy
DIFS
CW = 31 slots
……
time
CW = 63 slots
……
time
CW = 127 slots
……
CW = 255 slots
time
……
CW = 511 slots
time
……
CW = 1023 slots
time
……
CW = 1023 slots
time
Transmission Mode (CSMA/CA)
DIFS
DIFS
DIFS
boe bor
Station 1
boe busy
boe busy
boe bor
boe busy
boe bor
busy
Station 4
Station 5
boe bor
boe busy
Station 2
Station 3
DIFS
boe bor
Source: Mobile Communications - Jochen Schiller
The “Hidden Node Problem”
• The ‘Hidden Node’ problem occurs when two
clients exist that can both connect to an AP
but cannot see each other
– This can cause as much as 40% data loss through
collisions and re-transmissions.
– Using VCD (the RTS/CTS mechanism) avoids these
problems.
Collision
STA1
Maximum Range
Access Point
STA2
Maximum Range
Transmission Mode (VCD)
• Virtual Collision Detection
– With the RTS threshold set (valid range 1-2304 Bytes, 128
Bytes recommended), this becomes CSMA/CA with VCD.
DIFS
SIFS
RTS
Sender
Data
SIFS
SIFS
ACK
CTS
Receiver
DIFS
NAV (RTS)
Other STA
Data
NAV (CTS)
– When Mobile Units hear a CTS that is not for them, they back
off for the duration specified
Point Co-ordination Function (PCF)
CFP Repetition Interval
CFP
B
PCF
NAV
CFP Repetition Interval
CFP
CP
DCF
B
PCF
CP
DCF
NAV
Co-existence of PCF and DCF
• Beacon marks the beginning of Contention Free Period (CFP)
• it contains the CFP maximum duration, which is used by other stations to set
their NAV
• the CFP max duration must be at least equivalent to the transmission time a
frame of maximum size
Frames Exchanged during PCF
• Data
– Vanilla data transmission
• CF-Ack
– Acknowledging the data transmitted in the previous frame
• CF-Poll
– Polling a station to transmit the data frame
• Data + CF-Ack
– Data is destined to any station and CF-Ack is to
acknowledge the data received in the previous frame
• Data + CF-Poll
– Data is destined to the same station that is polled
• CF-Ack + CF-Poll
– CF-Ack is to acknowledge the data received in the previous
frame and CF-Poll is to poll the next station in the poling list
• Data + CF-Ack + CF-Poll
– Data and CF-Ack are for the same station, and CF-Ack is to
acknowledge the data received in the previous frame
• CF-End
– Marks the end of contention period
• CF-End + CF-Ack
– CF-End also contains acknowledgment for potentially the
last data received
• Any management frame
PCF – An Example
PIFS
SIFS
AP
B
P1
SIFS
SIFS
D2
CFend
CFA2
Station
NAV
CFP Max Duration
Contention Free Period (CFP)
Released by AP
PCF Foreshortening
CP Begins
DIFS
Frame
Expected
CFP Start
CFP
PIFS
B
Frame
ACK
ACK
SIFS
CFP Foreshortening
SIFS
CP
Actual CFP
Start
CFP End
CFP Max Duration
• Since the next time when a station is expected to be polled for data transfer may
vary from its intended time, a hard bound on the data delivery time cannot be
guaranteed
• near isochronous service
PCF – More Operations
AP
Data + CFP1
STA1
Data + CFA1
PCF continues
SIFS
STA1
Stations
SIFS
Data + CFA1
STA2
Data +
AP
Data + CFA1 + CFP2
SIFS
CFA2
PCF continues
MAC Frame
Frame
Control
Duration
ID
Address
1
Address
2
Address
3
Seq.
Ctrl
Address
4
Data
CRC
MAC Frame Control
Prot.
Version
Type
Subtype
To
DS
From
DS
More
Frag.
Retry
Power
Mgmt
More
Data
WEP
Order
• Type
00
01
10
11
Management Frame
Control Frame
Data Frame
Reserved
• Sub-type
Management
Association Req, Resp; Reassociation Req, Resp; Disassociation
Probe Req, Resp; Beacon; ATIM; Authentication; Deauthentication
Control
PS Poll; RTS; CTS; ACK; CF End; CF End + CF ACK
Data
Data; Data + CF Ack; Data + CF Poll; Data + CF ACK + CF Poll
CF ACK; CF Poll; CF ACK + CF Poll
Address Assignment
to DS
from DS
Address
1
Address
2
Address
3
Address
4
Comments
0
0
DA
SA
BSSID
-
Ad hoc
0
1
DA
BSSID
SA
-
From AP
1
0
BSSID
SA
DA
-
To AP
1
1
RA
TA
DA
SA
Within DS
• Address 1
– Receiver
• The node that receives the frame over the air and is responsible for
acknowledging the reception
• Address 2
– Transmitter
• The node the transmits the frame over the air and is responsible for
retransmission in case of no acknowledgment
• Address 3 and 4 take different values depending upon the mode of operation
• BSSID
– BSSID uniquely identifies a BSS
– In infrastructure mode BSSID is the MAC address of the wireless
interface of the AP that is creating the BSS
– In case of ad-hoc mode BSSID is a 48-bit number in the MAC address
format, which is composed of 46-bit randomly generated number and
local/universal bit is set to 1 and the group bit is set to 0
Address Assignment - Scenarios
STA
STA
AP
AP
To Distribution System
A1(RA)=BSSID (AP’s MAC)
A2(TA)=SA=STA’s MAC
A3(DA)=FN’s MAC
Within Wireless Distribution
System (A to B)
A1(RA)=AP2’s MAC
A2(TA)=AP1’s MAC
A3(DA)=B’s MAC
A4(SA)=A’s MAC
From Distribution System
A1(RA)=DA=STA’s MAC
A2(TA)=BSSID (AP’s MAC)
A3(SA)=FN’s MAC
FN
FN
DS2
DS1
A
AP1
AP2
B
Fragmentation
DIFS
Sender
Frag 2
SIFS
Frag 3
SIFS
ACK3
ACK2
ACK1
Receiver
SIFS
SIFS
SIFS
Frag 1
NAV= F3+2*ACK+3*SIFS
Other STA
NAV= F2+2*ACK+3*SIFS
NAV= F2+ACK+2*SIFS
NAV= F2+ACK+2*SIFS
• To deal with interference
– Interference is often in the form of short bursts
– Breaking large frames into fragments (smaller frames) increase
the percentage of reception of undamaged frames
• Fragmentation
– Every fragment is acknowledged individually
– Retransmission of fragments (small frames) are less expensive
– Fragmentation Threshold
• Any frame larger than the threshold undergoes fragmentation
• It is a configurable parameter
– All but non-final ACK contains NAV value
– Final ACK contains NAV value 0
Fragmentation with RTS/CTS
DIFS
Sender
Frag 1
SIFS
Receiver
Other STA
SIFS
SIFS
SIFS
RTS
Frag 2
SIFS
CTS
ACK2
ACK1
NAV= F2+2*ACK+3*SIFS
NAV((RTS)= CTS+F1+ACK+3*SIFS
NAV (CTS)= F1+ACK+2*SIFS
• Fragmentation with RTS/CTS
NAV= F2+ACK+2*SIFS
– Often fragmentation is combined with RTS/CTS
– RTS/CTS provides exclusive access to the medium
Power Management
1
2
3
BSS1
AP
Power Management Frame (Any
frame with PM bit on)
Beacon (TIM )
PS Poll Frame
1
2
3
STA
• Transceivers can be turned off to put the station in power saving mode
to conserve the battery power
• Access points perform following power-management tasks
• it maintains the power management state of every station
• it buffers the frames for the station in sleeping mode
• it announces the buffer status of every station every TIM interval
• powering up the receiver at the sleeping station to receive the buffer
status consumes far less power than if the station periodically polls for
the buffer status
• Station wakes up every listen interval
• listen interval is its contract with the AP that is negotiated at the
association time
• Broadcast/Multicast packets are transmitted every DTIM interval
Power Management – More Data
• Station sens PS-Poll
frame for every frame
buffered at the AP
• AP sets more data bit in
the frame header if more
frames are waiting in the
buffer for transmission
• Station sends
acknowledgment for every
frame
• An unacknowledged
frame is retransmitted
– AP if not received ACK
readvertises the frame in
the next TIM
• Station can turn off PM bit
anytime indicating to the
AP of switchintg its mode
from PS to normal
operation
PS-Poll
AP
STA
Frame, More Data
ACK
PS-Poll
Frame, More Data
ACK
PS-Poll
Frame
ACK
Power Management - Scenario
Beacon
Frames for
Interval
1 and 2
Frames for 1
T
T
Frames for 2
Frames for
1 and 2
No Frames
No Frames
T
T
T
T
AP
STA 1
STA 2
• Listen interval of station 1 is 2 – it wakes up every second beacon interval
• Listen interval of station 2 is 3
• During the fourth beacon interval both stations 1 and 2 contend for the
medium
– Station 1 wins and retrieves the frame from the AP
– Station 2 may next gain access to the medium if no other station
contends for that
• Otherwise if it loses the access to another station then it will remain
awake for the subsequent beacon intervals until it retrieves its frame
from the AP, after that it resumes its normal power saving mode of
operation
Roaming
Registry
AP1
Distribution System
AP2
BSS2
BSS1
STA
STA
• ESS - SSID
• A station can attach to a single AP at any time
• Handoff detection
• active scanning - probe request + response
• passive scanning - beacon
• Mobile initiated handover
• mobile sends association/reassociation request
• The AP responds with Association/Reassociation Response
• it returns Association ID (AID) unique for each registered mobile
Registration Service
• Maintain a table of mappings: <BSSID, IP
Address, UDP Port #>
• Perform
– add in response to add request
– refresh in response to refresh request
• refresh time is 5 minutes
– remove
• in response to deregistration
• if the entry is not refreshed (within 15 minutes)
• Supply mappings in response to query
Handover
Distribution System
Registry
1
2
3
4
0
BSS1
Mobile Unit
0
1
2
3
4
Reassociation Frame
AP lookup
Lookup response
Move Notify
Move Response
Mobile Unit
BSS2
IAPP Packet Format
General Packet Format
IAPP Version
1 byte
Move-notify Packet Format
Add. Length
Command
1 byte
Pad
Data
0-n bytes
MAC Address
Seq. #
Move-response Packet Format Add. Length Pad MAC Address Length Context
CB
Blob