PART 6 IEEE 802.11 Wireless LANs

Lecture 6.1 Introduction

Giuseppe Bianchi, Ilenia Tinnirello WLAN History è Original goal: Deploy “wireless Ethernet” First generation proprietary solutions (end ’80, begin ’90) WaveLAN (AT&T)) HomeRF (Proxim) Abandoned by major chip makers (e.g. Intel: dismissed in april 2001) è IEEE 802.11 Committee formed in 1990 Charter: specification of MAC and PHY for WLAN First standard: june 1997 1 and 2 Mbps operation Reference standard: september 1999 Multiple Physical Layers Two operative Industrial, Scientific & Medical unlicensed bands » 2.4 GHz: Legacy; 802.11b/g » 5 GHz : 802.11a è 1999: Wireless Ethernet Compatibility Alliance (WECA) certification Later on named Wi-Fi Boosted 802.11 deployment!! Giuseppe Bianchi, Ilenia Tinnirello WLAN data rates

è Legacy 802.11 Standard Transfer Frequenc Data Work started in 1990; standardized Method y Band Rates in 1997 Mbps 1 mbps & 2 mbps è The 1999 revolution: PHY 802.11 legacy FHSS, 2.4 GHz, 1, 2 layer impressive DSSS, IR IR achievements 802.11a: PHY for 5 GHz 802.11b DSSS, 2.4 GHz 1, 2, 5.5, Published in 1999 HR-DSSS 11 Products available since early 2003 802.11b: higher rated PHY for 2.4 "802.11b+" DSSS, 2.4 GHz 1, 2, 5.5, GHz non-standard HR- 11, Published in 1999 DSSS, 22, 33, 44 Products available since 1999 (PBCC) Interoperability tested (wifi) 802.11a OFDM 5.2, 5.5 6, 9, 12, è 2003: extend 802.11b GHz 18, 24, 36, 802.11g: OFDM for 2.4 GHz 48, 54 Published in june 2003 802.11g DSSS, 2.4 GHz 1, 2, 5.5, Products available, though no HR- 11; 6, 9, extensive interoperability testing yer DSSS, 12, 18, 24, Backward compatiblity with OFDM 36, 48, 54 802.11b Wi-Fi Giuseppe Bianchi, Ilenia Tinnirello Why multiple rates? “Adaptive” coding/modulation

Example: 802.11a case

Giuseppe Bianchi, Ilenia Tinnirello PHY distance/rate tradeoffs (open office)

140.0 5 GHz OFDM (.11a) 120.0 2.4 GHz OFDM (.11g)

)) 100.0

mm 2.4 GHz (.11b) ((

ee 80.0 cc nn aa tt ss 60.0 ii DD 40.0

20.0

0.0 1Mbps 5.5Mbps 6Mbps 11Mbps 12Mbps 24Mbps 36Mbps 54Mbps

Giuseppe Bianchi, Ilenia Tinnirello Coverage performance Cisco Aironet 350 Access Point

11 Mb/s DSS da ~30 a ~45 metri

5.5 Mb/s DSS da ~45 a ~76 metri Configurable TX power: 50, 30, 20, 5, 1 mW 2 Mb/s DSS (100 mW outside Europe) da ~76 a ~107 metri

Greater TX power, faster battery consumptions!

Question: how to select transmission rate? STA does not explicitly know its distance from AP. More later (implementation-dependent)

Giuseppe Bianchi, Ilenia Tinnirello WLAN NIC addresses

è Same as Ethernet NIC 802 IEEE 48 bits = 2 + 46 48 bit address è Ethernet & WLAN addresses do coexist Undistinguishable, in a same (Layer-2) network 1 bit = individual/group 1 bit = universal/local Role of typical AP = bridge 46 bit adress » To be precise: when the AP acts as “portal” in 802.11 nomenclature

C:> arp –a 192.168.1.32 00.0a.e6.f7.03.ad dinamico 192.168.1.43 00.06.00.32.1a dinamico 192.168.1.52 00.82.00.11.22.33

Giuseppe Bianchi, Ilenia Tinnirello Protocol stack

è 802.11: “just” another 802 link layer J

Giuseppe Bianchi, Ilenia Tinnirello On which bandwidths?

è Classical approach: narrow frequency band, much power as possible into the signal (noise reduction based on brute force) Authority must impose rulse on how RF spectrum is used. Licenses restrict frequencies and transmission power è However.. Several bands have been reserved for unlicensed use To allow consumer market for home use, bands for “industrial, scientific and medical” equipment (ISM bands): e.g. 2.4 Ghz, 5 Ghz Limitations only on transmitted power “unlicensed” does not mean “plays well with others”

W IFI W O R KS O N U N LICEN S ED B A N D W ID T H S !

Giuseppe Bianchi, Ilenia Tinnirello The 2.4 (wifi) GHz spectrum è 2.4 GHz bandwidth: 2.400-2.483,5 è Europe (including Italy): 13 channels (each 5 MHz) - 2.412 – 2.417 – - 2.422 – 2.427 – …… – 2.472 Channel spectrum: (11 MHz chip clock)

2412 2437 2462 Giuseppe Bianchi, Ilenia Tinnirello DSSS Frequency Channel Plan

Giuseppe Bianchi, Ilenia Tinnirello The 5.0 (OFDM) GHz spectrum

è US regulation: 3 x 100 MHz channels 5.150-5.250 (40 mW) 5.250-5-350 (200 mW) 5.725-5.825 (800 mW) Operating 20 MHz channels 5.180, 5.200, 5.220, 5.240 5.260, 5.280, 5.300, 5.320 5.745, 5.765, 5.785, 5.805

20 MHz / 64 subcarriers = 0.3125 MHz per subcarriers (52 used)

Giuseppe Bianchi, Ilenia Tinnirello 802.11 MAC Data Frame

MAC header: -28 bytes (24 header + 4 FCS) or - 34 bytes (30 header + 4 FCS)

PHY IEEE 802.11 Data 0 - 2312 FCS

Frame Duration Sequence Frame Address 1 Address 2 Address 3 Address 4 Data check Control / ID Control sequence 2 2 6 6 6 2 6 0-2312 4

Protocol Fragment Type Sub Type info Sequence number version number 2 2 12 4 12

To From More Pwr More Sub Type Retry WEP Order DS DS Frag MNG Data 4 1 1 1 1 1 1 1 1

Details and explanation later on! Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN

Lecture 6.2 Wireless LAN Networks and related Addressing

Giuseppe Bianchi, Ilenia Tinnirello Basic Service Set (BSS) group of stations that can communicate with each other

è Infrastructure BSS è Independent BSS or, simply, BSS or IBSS Stations connected Stations connected in through AP ad-hoc mode

Network infrastructure

AP

Giuseppe Bianchi, Ilenia Tinnirello Frame Forwarding in a BSS

Network infrastructure

AP

BSS: AP = relay function IBSS: direct communication No direct communication allowed! between all pairs of STAs

Giuseppe Bianchi, Ilenia Tinnirello Why AP = relay function?

è Management: Mobile stations do NOT neet to maintain neighbohr relationship with other MS in the area But only need to make sure they remain properly associated to the AP Association = get connected to (equivalent to plug-in in a wire to a bridge J ) è Power Saving: APs may assist MS in their power saving functions by buffering frames dedicated to a (sleeping) MS when it is in PS mode

è Obvious disadvantage: use channel bandwidth twice…

Giuseppe Bianchi, Ilenia Tinnirello Extended Service Set

BSS1

AP1

BSS2 BSS3 BSS4

AP2 AP3 AP4

ESS: created by merging different BSS through a network infrastructure (possibly overlapping BSS – to offer a continuous coverage area)

Stations within ESS MAY communicate each other via Layer 2 procedures APs acting as bridges MUST be on a same LAN or switched LAN or VLAN (no routers in between)

Giuseppe Bianchi, Ilenia Tinnirello The concept of Distribution System

Distribution system (physical connectivity + logical service support)

AP1 AP2 AP3

MSs in a same ESS need to 1) communicate each other 2) move through the ESS

No standard implementation, but set of services: Association, disassociation, reassociation, Integration, distribution

Basically. DS role: - track where an MS is registrered within an ESS area - deliver frame to MS

Giuseppe Bianchi, Ilenia Tinnirello Association and DS

AP1 AP2 AP3 IAPP IAPP

Association

è Typical implementation (media) DS implementation: Switched ethernet backbone - an AP must inform other APs But alternative “distribution medium” are of associated MSs MAC possible addresses E.g. wireless distribution system (WDS) - proprietary implementation no interoperability - standardized protocol IAPP (802.11f) in june 2003 Current trend: - Centralized solutions (Cisco, Aruba)- CAPWAP? Giuseppe Bianchi, Ilenia Tinnirello Wireless Distribution System

AP1 AP2 AP3

DS medium: - not necessarily an ethernet backbone! - could be the 802.11 technology itself

Resulting AP = wireless bridge

Giuseppe Bianchi, Ilenia Tinnirello Addresses

è At least three addresses Receiving station Transmitting station BSS address To make sure a frame is valid within the considered BSS For filtering purpose (filter frame within a BSS)

Giuseppe Bianchi, Ilenia Tinnirello BSSID

è Address of a BSS 802 IEEE Infrastructure mode: 48 bit addresses AP MAC address 1 bit = individual/group 1 bit = universal/local Ad-hoc mode: 46 bit address Random value » With universal/local bit set to 1 Generated by STA initiating the IBSS

Giuseppe Bianchi, Ilenia Tinnirello Addressing in an IBSS

SA

DA

Frame Duration Address 1 Address 2 Address 3 Sequence Address 4 Data FCS Control / ID DA SA BSSID Control ---

SA = Source Address DA = Destination Address

Giuseppe Bianchi, Ilenia Tinnirello Addressing in a BSS?

AP

SA

X DA

Giuseppe Bianchi, Ilenia Tinnirello Addressing in a BSS!

Distribution system AP

SA DA

Frame must carry following info: 1) Destined to DA 2) But through the AP What is the most general addressing structure? Giuseppe Bianchi, Ilenia Tinnirello Addressing in a BSS (to AP)

Distribution system AP Address 2 = wireless Tx Address 1 = wireless Rx BSSID Address 3 = dest

SA DA

Frame Duration Address 1 Address 2 Address 3 Sequence Address 4 Data FCS Control / ID BSSID SA DA Control ---

1 0 Protocol To From More Pwr More Type Sub Type Retry WEP Order version DS DS Frag MNG Data 2 2 4 1 1 1 1 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello Addressing in an ESS

Distribution System AP AP

BSSID

DA DA

Idea: DS will be able to forward frame to dest SA (either if fixed or wireless MAC)

Frame Duration Address 1 Address 2 Address 3 Sequence Address 4 Data FCS Control / ID BSSID SA DA Control ---

1 0 Protocol To From More Pwr More Type Sub Type Retry WEP Order version DS DS Frag MNG Data 2 2 4 1 1 1 1 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello Addressing in a BSS (from AP)

Distribution system AP Address 2 = wireless Tx Address 1 = wireless Rx BSSID Address 3 = src

SA DA

Frame Duration Address 1 Address 2 Address 3 Sequence Address 4 Data FCS Control / ID DA BSSID SA Control ---

0 1 Protocol To From More Pwr More Type Sub Type Retry WEP Order version DS DS Frag MNG Data 2 2 4 1 1 1 1 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello From AP: do we really need 3 addresses?

Distribution system AP

BSSID

SA DA

DA correctly receives frame, and send 802.11 ACK to … BSSID (wireless transmitted)

DA correctly receives frame, and send higher level ACK to … SA (actual transmitter)

Giuseppe Bianchi, Ilenia Tinnirello Addressing within a WDS Wireless Distribution System

AP AP

TA RA

Address 4: initially forgotten… DA SA

Frame Duration Address 1 Address 2 Address 3 Sequence Address 4 Data FCS Control / ID RA TA DA Control SA

1 1 Protocol To From More Pwr More Type Sub Type Retry WEP Order version DS DS Frag MNG Data 2 2 4 1 1 1 1 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello Addressing: summary Receiver Transmitter Function To DS From DS Address 1 Address 2 Address 3 Address 4

IBSS 0 0 RA = DA SA BSSID N/A From AP 0 1 RA = DA BSSID SA N/A To AP 1 0 RA = BSSID SA DA N/A Wireless DS 1 1 RA TA DA SA

è BSS Identifier (BSSID) unique identifier for a particular BSS. In an infrastructure BSSID it is the MAC address of the AP. In IBSS, it is random and locally administered by the starting station. (uniqueness) è Transmitter Address (TA) MAC address of the station that transmit the frame to the wireless medium. Always an individual address. è Receiver Address (RA) to which the frame is sent over wireless medium. Individual or Group. è Source Address (SA) MAC address of the station who originated the frame. Always individual address. May not match TA because of the indirection performed by DS of an IEEE 802.11 WLAN. SA field is considered by higher layers. è Destination Address (DA) Final destination . Individual or Group. May not match RA because of the indirection. Giuseppe Bianchi, Ilenia Tinnirello Service Set IDentifier (SSID)

è Name of the WLAN network Plain text (ascii), up to 32 char è Assigned by the network administrator All BSS in a same ESS have same SSID è Typically (but not necessarily) is transmitted in periodic management frames (beacon) Typical: 1 broadcast beacon every 100 ms (configurable by sysadm) Beacon may transmit a LOT of other info

Beacon example

Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN

Lecture 6.3 Network Management

Giuseppe Bianchi, Ilenia Tinnirello Management Operations

è Wireless is not always an advantage Medium unreliable, lack of physical boundaries, power consumption è How to join, build, connect, move nodes, save energies, … All these issues are faced by the management procedures, which can be customized Different vendor offers: very simple products vs. feature-rich products

Giuseppe Bianchi, Ilenia Tinnirello Scanning

è Before joining a network, you have to find it!! The discovery operation is called scanning è Several parameters can be specified by the user BSSType (independent, infrastucture, both) BSSID (individual, Broadcast) SSID (network name) ScanType (active, passive) Channel List Probe Delay (to start the active scanning in each channel) MinChannelTime, MaxChannelTime

Giuseppe Bianchi, Ilenia Tinnirello Passive Scanning

è Saves battery, since it requires listening only è Scanning report based on beacon frames heard while sweeping channel to channel

AP2

AP1 AP3 Found AP1, AP3

Giuseppe Bianchi, Ilenia Tinnirello Active Scanning è Probe Request Frames used to solicit responses from a network, when the ProbeDelay time expires If the medium is detected busy during the MinChannelTime, wait until the MaxChanneltime expires One station in each BSS is responsible to send Probe Responses (station which transmitted the last beacon frame)

Giuseppe Bianchi, Ilenia Tinnirello Joining

è A scan report is generated after each scan, reporting BSSID, SSID, BSSType, Beacon Interval DTIM period Timing Parameters (Timestamp) PHY Parameters, BSSBasicRateSet è Joing: before associating, select a network (often it requires user action) è and after?

Giuseppe Bianchi, Ilenia Tinnirello Authentication

è What does authentication do? prove the identity of the new node è On wired network, it is implicitely provided by phisical access, but everybody can access wireless medium! è Two major approaches: Open-system Shared-key

Giuseppe Bianchi, Ilenia Tinnirello Authentication (2)

è It can work in both ad-hoc and infrastucture modes, but it is not bi- lateral (mutual) 802.11 authentication implicitely assumes that access points are under the control of the network administrators and do not have to prove their identity The network is no under obligation to authenticate itself, then man-in-the-middle attacks are possible

Giuseppe Bianchi, Ilenia Tinnirello Open-System Authentication

è Accept Everybody 2way handshake; the station simply informs about its identity The identity is represented by the MAC address (not by the user) è Address filtering Often used with open-system List with authorized MAC addresses provided by the network administrator Better than nothing.. But MAC addresses can be software programmable! Moreover, the authorization lists have to be transferred in all the APs

Giuseppe Bianchi, Ilenia Tinnirello Shared-Key Authentication

è Can be used only with some products implementing the WEP (Wireless Encryption Protocol) è Before accepting the user, the authenticator has to verify that he knows a secret How? Ask for the secret? NO, attackers can listen! Ask for decoding a challenge text and compare the answer (which has to be encrypted) with the local decryption.

Giuseppe Bianchi, Ilenia Tinnirello How does WEP work?

è very basic ideas.. Symmetric cipher: the same keystream is used for XOR coding and XOR decoding

010101010111 data 000100101001 keystream

010001111110 coded data 000100101001 keystream

010101010111 recovered data

Giuseppe Bianchi, Ilenia Tinnirello Keystream

è Both the transmitter and the receiver has to know the keystream; long data transfer requires long keystrem è How to distribute and manage long totally random keystreams? Keystream = pseudorandom sequence obtained from a short key + Initialization Vector = f( key, IV) Function f is called RC4 and it is an intellectual property no more safe, after 2001! Standard key length of only 40 bits + 24 bit for the IV

Giuseppe Bianchi, Ilenia Tinnirello Is cryptography enough?

è Not only confidentiality problems, but also integrity problems We do not have only to protect our data against not authorized receivers, but also we have to be sure that nobody changes our data Even if we do not know the keystream, if we change the encrypted payload, we destroy the exact information delivery è Integrity-Check-Value: a “summary” of the payload, appended to the payload for checking the integrity of the data after decrypting è E.g. payload = “Siamo nel mese di ottobre” ICV = “snmdo”

xxxxxx = crypt(“siamo nel mese di ottobre snmdo”) decrypt(xxxxyy) = “siamo inc qwer di ottobre snmdo” “snmdo: is not the payload summary!

Giuseppe Bianchi, Ilenia Tinnirello WEP Features

Frame header IV Frame body ICV FCS 32 bits 24 bits encrypted è extra overhead of 24+32 bits è Since the payload often starts with an LLC frame, whose first byte is known, the first byte of encryption can be understood.. è the ICV should be obtained by an hash unpredictable function, but in the WEP definition it is cyclic redundancy check CRC is not cryptographically secure, because single bit alterations can be predicted with high probability è Key cannot be considered secure, since they are statically entered, accessible by users and rarely changed Giuseppe Bianchi, Ilenia Tinnirello Enhanced encryption

è WEP limits: Manual key setting (shared in the whole network) Limited IV space (24 bits = 224 packets = 16.8 M) è WPA: Still based on RC4, but with dynamic and automatic key management! IV long 48 bits per-packet key Message Integrity Code (8 bytes) before ICV è WPA2: change RC4 with AES

Giuseppe Bianchi, Ilenia Tinnirello WPA/TKIP: Temporal Key Integrity Protocol è Still based on RC4 for compatibility reasons WEP: f(Secret Key+IV)=keystream TKIP: f(Secret Key+IV) = Secret Key Generator Dynamic keys of 128 bits Different keys for each session

Giuseppe Bianchi, Ilenia Tinnirello Other authentication mechanisms

è 802.1x: does not define its own security protocols, but reuse existing protocols Too many researches with specific standardized functions; Standardizes the protocol messages and operations, in general terms: e.g. consider an ICV, without chosing a fiexd a priori hash function; the hash an cypher functions are negotiated è Three principal roles: Supplicant – a device requesting access to the controlled port Authenticator – the point of attachment to the LAN infrastructure (e.g., .11 AP) Authentication server – verifying the credentials of the supplicant (e.g., RADIUS server) è After successful authentication, a controlled port is opened

Giuseppe Bianchi, Ilenia Tinnirello Association

è After that we choose a network and we authenticate, we can finally send an “association” message The message is required for tracking the host position in the ESS Not used for ad hoc networks Re-association after hand-over

Giuseppe Bianchi, Ilenia Tinnirello And to be found?

è It is required to periodically transmit a beacon! In infrastructure: beacon transmissions managed by the AP In ad-hoc: each station contend for the beacon and leave the contention after the first observed beacon è The beacon frames are periodically scheduled, but contend as normal frames Deterministic scheduling

Random transmission delays Giuseppe Bianchi, Ilenia Tinnirello What information is carried by beacons?

è Timestamp (8 bytes): in Transmission Units TU (=1024 us) to synchronize stations è Beacon Interval (2 bytes): beacon scheduling interval è Capability Info (2 bytes): bit map to activate/deactivate some network features è SSID (variable size): network name set by the operators Element ID, Length, Information for every variable size field

OPTIONAL: è FH ParameterSet (7 bytes) è DS ParameterSet (2 bytes) è CF ParameterSet (8 bytes) è IBSS ParameterSet (4 bytes) è Traffic Indicator Map TIM (variable size): to indicate which stations have buffered frames; some TIM are Delivery TIM for broadcast traffic

Giuseppe Bianchi, Ilenia Tinnirello Why Timestamps for Synchronization?

To allow power-saving modes, which are based on periodic wake-up of doze stations!

Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN

Lecture 6.4 Medium Access Control Protocols: DCF

Giuseppe Bianchi, Ilenia Tinnirello Wireless Ethernet

è 802.3 (Ethernet) CSMA/CD A B Carrier Sense Multiple Access C Collision Detect è Both A and C sense the channel idle at the same time they send at the same time. è 802.11(wireless LAN) è Collision can be detected at sender in CSMA/CA Ethernet. è (Distributed Coordination Function) Why this is not possible in 802.11? 1. Either TX or RX (no simultaneous Carrier Sense Multiple Access RX/TX) Collision Avoidance 2. Large amount of power difference in Tx and Rx (even if simultaneous tx- rx, no possibility in rx while tx-ing) 3. Wireless medium = additional problems vs broadcast cable!! Giuseppe Bianchi, Ilenia Tinnirello Hidden Terminal Problem è Large difference in signal strength; physical channel impairments (shadowing) It may result that two stations in the same area cannot communicate è Hidden terminals A and C cannot hear each other A transmits to B C wants to send to B; C cannot receive A;C senses “idle” medium (Carrier Sense fails) Collision occurs at B. A cannot detect the collision (Collision Detection fails). A is “hidden” to C.

A B C Giuseppe Bianchi, Ilenia Tinnirello 802.11 MAC approach è Still based on Carrier Sense: Listen before talking è But collisions can only be inferred afterwards, at the receiver Receivers see corrupted data through a CRC error Transmitters fail to get a response è Two-way handshaking mechanism to infer collisions DATA-ACK packets

packet

TX ACK RX

Giuseppe Bianchi, Ilenia Tinnirello Channel Access details è A station can transmit only if it senses the channel IDLE for a DIFS time DIFS = Distributed Inter Frame Space Packet arrival DIFS TX DATA

RX SIFS ACK

What about a station arriving in this frame time?

è Key idea: DATA and ACK separated by a different Inter Frame Space SIFS = Short Inter Frame Space Second station cannot hear a whole DIFS, as SIFS

è DIFS = 50 ms è SIFS = 10 ms

Giuseppe Bianchi, Ilenia Tinnirello Why backoff? DIFS DATA STA1 SIFS ACK

DIFS STA2

STA3 Collision!

RULE: when the channel is initially sensed BUSY, station defers transmission; But when it is sensed IDLE for a DIFS, defer transmission of a further random time (BACKOFF TIME)

Giuseppe Bianchi, Ilenia Tinnirello Slotted Backoff DIFS STA2 w=7 Extract random number in range (0, W-1) Decrement every slot-time s w=5 STA3

Note: slot times are not physically delimited on the channel! Rather, they are logically identified by every STA

Slot-time values: 20ms for DSSS (wi-fi) Accounts for: 1) RX_TX turnaround time 2) busy detect time 3) propagation delay

Giuseppe Bianchi, Ilenia Tinnirello Backoff freezing

è When STA is in backoff stage: It freezes the backoff counter as long as the channel is sensed BUSY It restarts decrementing the backoff as the channel is sensed IDLE for a DIFS period

STATION 1 DIFS DATA DIFS SIFS ACK

STATION 2 DIFS BUSY medium DIFS SIFS ACK 6 5 Frozen slot-time 4 3 2 1

Giuseppe Bianchi, Ilenia Tinnirello Backoff rules è First backoff value:

Extract a uniform random number in range (0,CWmin) è If unsuccessful TX:

Extract a uniform random number in range (0,2×(CWmin+1)-1) è If unsuccessful TX: 2 Extract a uniform random number in range (0,2 ×(CWmin+1)-1) m è Etc up to 2 ×(CWmin+1)-1 Exponential Backoff! CWmin = 31 CWmax = 1023 (m=5)

Giuseppe Bianchi, Ilenia Tinnirello Throughput vs CWmin

P=1000 bytes

Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS

è Request-To-Send / Clear-To-Send è 4-way handshaking Versus 2-way handshaking of basic access mechanism è Introduced for two reasons Combat hidden terminal Improve throughput performance with long packets

Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS and hidden terminals Packet arrival DIFS TX RTS DATA

RX SIFS CTS SIFS SIFS ACK others NAV (RTS) NAV (CTS) RX

RTS CTS CTS RTS/CTS: carry the amount of time the channel will be BUSY. Other stations may update a TX hidden Network Allocation Vector, and defer TX (Update NAV) even if they sense the channel idle (Virtual Carrier Sensing) Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS and performance

RTS/CTS cons: larger overhead RTS/CTS pros: reduced collision duration

Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS throughput

RTS/CTS convenient with long packets and large number of terminals (collision!); Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS more robust to number of users and CWmin settings Giuseppe Bianchi, Ilenia Tinnirello Relation between IFS

PIFS used by Point Coordination Function - Time-bounded services - Polling scheme PCF Never deployed SIFS Slot Time Parameters DIFS (msec) CWmin CWmax (msec) (msec) 802.11b 10 50 20 31 1023 PHY Giuseppe Bianchi, Ilenia Tinnirello EIFS §   §¢¨ © ¢¡ £     ¡ ¢¨ £ £ ¨ ¡ ¡  ¦ ¤¥  ¢¨ ¢¨ £ £ £ £ ¡  ¡   §   §     ¨ ¡ ¤    ¢ ¢¨  £ £ £ ¡   ¢  £ £ ¨ ¡  ¡ ¡     ¨ ¡  ¢¨  £ £ £  ¡ ¢¡   ¢ £   ¡ ¡

  £ ¨  §  

Giuseppe Bianchi, Ilenia Tinnirello Time in microseconds. Update the NAV time in the neighborhood Data Frame formats

PHY IEEE 802.11 Data 0 - 2312 FCS

Frame Duration Sequence Frame Address 1 Address 2 Address 3 Address 4 Data check Control / ID Control sequence 2 2 6 6 6 2 6 0-2312 4

Protocol Fragment Type Sub Type info Sequence number version number 2 2 12 4 12

To From More Pwr More Sub Type Retry WEP Order DS DS Frag MNG Data 4 1 1 1 1 1 1 1 1

Giuseppe Bianchi, Ilenia Tinnirello Why NAV (i.e. protect ACK)?

TX C

RX

Station C receives frame from station TX Station C IS NOT in reach from station RX But sets NAV and protects RX ACK

Giuseppe Bianchi, Ilenia Tinnirello Why EIFS (i.e. protect ACK)?

TX C

RX

Station C DOES NOT receive frame from station TX but still receives enough signal to get a PHY.RXEND.indication error

Station C IS NOT in reach from station RX But sets EIFS (!!) and protects RX ACK

Giuseppe Bianchi, Ilenia Tinnirello Frame formats

DATA FRAME (28 bytes excluded address 4) Frame Duration Sequence Address 1 Address 2 Address 3 Address 4 Data FCS Control / ID Control

RTS (20 bytes) Frame Duration RA TA FCS Control

CTS / ACK (14 bytes) Frame Duration RA FCS Control

Giuseppe Bianchi, Ilenia Tinnirello DCF overhead E[ payload] Sstation = E[TFrame _Tx ] + DIFS + CWmin / 2

TFrame_Tx = TMPDU + SIFS +TACK

TFrame_Tx = TRTS + SIFS +TCTS + SIFS +TMPDU + SIFS +TACK

TMPDU = TPLCP + 8∂(28 + L) / RMPDU _Tx

TACK = TPLCP + 8∂14/ RACK _Tx

TRTS = TPLCP + 8∂20/ RRTS _Tx

TCTS = TPLCP + 8∂14 / RCTS _Tx

Giuseppe Bianchi, Ilenia Tinnirello DCF overhead (802.11b)

RTS/CTS

Basic

RTS/CTS

Basic

0 2000 4000 6000 8000

Tra nsmssion Time (use c )

DIFS Ave Backoff RTS+SIFS CTS+SIFS Payload+SIFS ACK

Giuseppe Bianchi, Ilenia Tinnirello DCF overhead (802.11b) ¨ § £¢ 

¦ £¢ 

£¢ ¥ 

¤ £¢

© £¢ ¡ + * £¢  ) .0/ ,- 3 12 ( 45 ' &  £¢ % .0/ 67 3 2 1 45  £¢

.0/ ,- 3 2 8 8 5 4 $ ¨ £¢ .0/ 67 3 2 8 8 5 4

#     !     "

Giuseppe Bianchi, Ilenia Tinnirello Fragmentation

è Splits message (MSDU) into è Each fragment reserves channel several frames (MPDU) for next one Same fragment size NAV updated fragment by fragment except the last one è Missing ACK for fragment x è Fragmentation burst Release channel (automatic) Fragments separated by SIFS Backoff Channel cannot be captured by Restart from transmission of fragment x someone else Each fragment individually ACKed

Giuseppe Bianchi, Ilenia Tinnirello Why Fragmentation?

è High Bit Error Rate (BER) Increases with distance The longer the frame, the lower the successful TX probability High BER = high rts overhead & increased rtx delay Backoff window increases: cannot distinguish collisions from tx error!

Giuseppe Bianchi, Ilenia Tinnirello Fragment and sequence numbers DATA FRAME (28 bytes excluded address 4) Frame Duration Sequence Address 1 Address 2 Address 3 Address 4 Data FCS Control / ID Control

More Retry Fragment Frag Sequence number number 4 12 1 1 è Fragment number Increasing integer value 0-15 (max 16 fragments since 4 bits available) Essential for reassembly è More fragment bit (frame control field) set to: 1 for intermediate fragments 0 for last fragment è Sequence Number Used to filter out duplicates Unlike Ethernet, duplicates are quite frequent! Retransmissions are a main feature of the MAC è Retry bit: helps to distinguish retransmissions Set to 0 at transmission of a new frame Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN

Lecture 6.4bis Medium Access Control Protocols: PCF

Giuseppe Bianchi, Ilenia Tinnirello PCF vs DCF

PCF

DCF

PHY

PCF deployed on TOP of DCF Backward compatibility

Giuseppe Bianchi, Ilenia Tinnirello PCF

è Token-based access mechanism Polling è Channel arbitration enforced by a “point Coordinator” (PC) Typically the AP, but not necessarily è Contention-free access No collision on channel

è PCF deployment: minimal!! Optional part of the 802.11 specification As such, almost never deployed But HCCA (PCF extension in 802.11e) is getting considerable attention…

Giuseppe Bianchi, Ilenia Tinnirello PCF frame transfer

SIFS

Polling strategy: very elementary!! - send polling command to stations with increasing Association ID value… - (regardless whether they might have or not data to transmit)

Giuseppe Bianchi, Ilenia Tinnirello