PART 6 IEEE 802.11 Wireless LANs
Transcript
PART 6 IEEE 802.11 Wireless LANs
PART 6 IEEE 802.11 Wireless LANs Lecture 6.1 Introduction Giuseppe Bianchi, Ilenia Tinnirello WLAN History Ł Original goal: Deploy “wireless Ethernet” First generation proprietary solutions (end ’80, begin ’90) WaveLAN (AT&T)) HomeRF (Proxim) Abandoned by major chip makers (e.g. Intel: dismissed in april 2001) Ł IEEE 802.11 Committee formed in 1990 Charter: specification of MAC and PHY for WLAN First standard: june 1997 1 and 2 Mbps operation Reference standard: september 1999 Multiple Physical Layers Two operative Industrial, Scientific & Medical unlicensed bands » 2.4 GHz: Legacy; 802.11b/g » 5 GHz : 802.11a Ł 1999: Wireless Ethernet Compatibility Alliance (WECA) certification Later on named Wi-Fi Boosted 802.11 deployment!! Giuseppe Bianchi, Ilenia Tinnirello WLAN data rates Ł Ł Legacy 802.11 Work started in 1990; standardized in 1997 1 mbps & 2 mbps The 1999 revolution: PHY layer impressive achievements 802.11a: PHY for 5 GHz Published in 1999 Products available since early 2003 802.11b: higher rated PHY for 2.4 GHz Published in 1999 Products available since 1999 Interoperability tested (wifi) Ł 2003: extend 802.11b 802.11g: OFDM for 2.4 GHz Published in june 2003 Products available, though no extensive interoperability testing yer Backward compatiblity with 802.11b Wi-Fi Standard Transfer Method Frequenc y Band Data Rates Mbps 802.11 legacy FHSS, DSSS, IR 2.4 GHz, IR 1, 2 802.11b DSSS, HR-DSSS 2.4 GHz 1, 2, 5.5, 11 "802.11b+" non-standard DSSS, HRDSSS, (PBCC) 2.4 GHz 1, 2, 5.5, 11, 22, 33, 44 802.11a OFDM 5.2, 5.5 GHz 6, 9, 12, 18, 24, 36, 48, 54 802.11g DSSS, HRDSSS, OFDM 2.4 GHz 1, 2, 5.5, 11; 6, 9, 12, 18, 24, 36, 48, 54 Giuseppe Bianchi, Ilenia Tinnirello Why multiple rates? “Adaptive” coding/modulation Example: 802.11a case Giuseppe Bianchi, Ilenia Tinnirello PHY distance/rate tradeoffs (open office) 140.0 5 GHz OFDM (.11a) 120.0 Distance (m) 2.4 GHz OFDM (.11g) 100.0 2.4 GHz (.11b) 80.0 60.0 40.0 20.0 0.0 1Mbps 5.5Mbps 6Mbps 11Mbps 12Mbps Giuseppe Bianchi, Ilenia Tinnirello 24Mbps 36Mbps 54Mbps Coverage performance Cisco Aironet 350 Access Point 11 Mb/s DSS da ~30 a ~45 metri 5.5 Mb/s DSS da ~45 a ~76 metri Configurable TX power: 50, 30, 20, 5, 1 mW (100 mW outside Europe) 2 Mb/s DSS da ~76 a ~107 metri Greater TX power, faster battery consumptions! ! Giuseppe Bianchi, Ilenia Tinnirello WLAN NIC addresses Ł Same as Ethernet NIC 48 bits = 2 + 46 Ł Ethernet & WLAN addresses do coexist Undistinguishable, in a same (Layer-2) network Role of typical AP = bridge » To be precise: when the AP acts as “portal” in 802.11 nomenclature 802 IEEE 48 bit address 1 bit = individual/group 1 bit = universal/local 46 bit adress C:> arp –a 192.168.1.32 00.0a.e6.f7.03.ad dinamico 192.168.1.43 00.06.00.32.1a dinamico 192.168.1.52 00.82.00.11.22.33 Giuseppe Bianchi, Ilenia Tinnirello Protocol stack Ł 802.11: “just” another 802 link layer J Giuseppe Bianchi, Ilenia Tinnirello On which bandwidths? Ł Classical approach: narrow frequency band, much power as possible into the signal (noise reduction based on brute force) Authority must impose rulse on how RF spectrum is used. Licenses restrict frequencies and transmission power Ł However.. Several bands have been reserved for unlicensed use To allow consumer market for home use, bands for “industrial, scientific and medical” equipment (ISM bands): e.g. 2.4 Ghz, 5 Ghz Limitations only on transmitted power “unlicensed” does not mean “plays well with others Giuseppe Bianchi, Ilenia Tinnirello The 2.4 (wifi) GHz spectrum Ł 2.4 GHz bandwidth: 2.400-2.483,5 Ł Europe (including Italy): 13 channels (each 5 MHz) - 2.412 – 2.417 – - 2.422 – 2.427 – …… – 2.472 Channel spectrum: (11 MHz chip clock) 2412 Giuseppe Bianchi, Ilenia Tinnirello 2437 2462 DSSS Frequency Channel Plan Giuseppe Bianchi, Ilenia Tinnirello The 5.0 (OFDM) GHz spectrum Ł US regulation: 3 x 100 MHz channels 5.150-5.250 (40 mW) 5.250-5-350 (200 mW) 5.725-5.825 (800 mW) Operating 20 MHz channels 5.180, 5.200, 5.220, 5.240 5.260, 5.280, 5.300, 5.320 5.745, 5.765, 5.785, 5.805 20 MHz / 64 subcarriers = 0.3125 MHz per subcarriers (52 used) Giuseppe Bianchi, Ilenia Tinnirello 802.11 MAC Data Frame MAC header: -28 bytes (24 header + 4 FCS) or - 34 bytes (30 header + 4 FCS) PHY Frame Control IEEE 802.11 Duration / ID 2 2 Data 0 - 2312 Address 1 Address 2 6 6 Protocol version Type Sub Type info 2 2 12 Sub Type To DS 4 1 FCS Address 3 Sequence Control 6 Address 4 2 Fragment number 4 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 1 1 1 Details and explanation later on! Giuseppe Bianchi, Ilenia Tinnirello 6 Data 0-2312 Sequence number 12 Frame check sequence 4 PART 6 IEEE 802.11 WLAN Lecture 6.2 Wireless LAN Networks and related Addressing Giuseppe Bianchi, Ilenia Tinnirello Basic Service Set (BSS) group of stations that can communicate with each other Ł Infrastructure BSS or, simply, BSS Stations connected through AP Ł Independent BSS or IBSS Stations connected in ad-hoc mode Network infrastructure AP Giuseppe Bianchi, Ilenia Tinnirello Frame Forwarding in a BSS Network infrastructure AP BSS: AP = relay function No direct communication allowed! Giuseppe Bianchi, Ilenia Tinnirello IBSS: direct communication between all pairs of STAs Why AP = relay function? Ł Management: Mobile stations do NOT neet to maintain neighbohr relationship with other MS in the area But only need to make sure they remain properly associated to the AP Association = get connected to (equivalent to plug-in in a wire to a bridge J ) Ł Power Saving: APs may assist MS in their power saving functions by buffering frames dedicated to a (sleeping) MS when it is in PS mode Ł Obvious disadvantage: use channel bandwidth twice… Giuseppe Bianchi, Ilenia Tinnirello Extended Service Set BSS1 AP1 BSS2 AP2 BSS3 AP3 BSS4 AP4 ESS: created by merging different BSS through a network infrastructure (possibly overlapping BSS – to offer a continuous coverage area) Stations within ESS MAY communicate each other via Layer 2 procedures APs acting as bridges MUST be on a same LAN or switched LAN or VLAN (no routers in between) Giuseppe Bianchi, Ilenia Tinnirello The concept of Distribution System Distribution system (physical connectivity + logical service support) AP1 AP2 AP3 MSs in a same ESS need to 1) communicate each other 2) move through the ESS No standard implementation, but set of services: Association, disassociation, reassociation, Integration, distribution Basically. DS role: - track where an MS is registrered within an ESS area - deliver frame to MS Giuseppe Bianchi, Ilenia Tinnirello Association and DS AP1 AP2 AP3 IAPP IAPP Association Ł Typical implementation (media) Switched ethernet backbone But alternative “distribution medium” are possible E.g. wireless distribution system (WDS) DS implementation: - an AP must inform other APs of associated MSs MAC addresses - proprietary implementation no interoperability - standardized protocol IAPP (802.11f) in june 2003 Current trend: - Centralized solutions (Cisco, Aruba)- CAPWAP? Giuseppe Bianchi, Ilenia Tinnirello Wireless Distribution System AP1 AP2 DS medium: - not necessarily an ethernet backbone! - could be the 802.11 technology itself Resulting AP = wireless bridge Giuseppe Bianchi, Ilenia Tinnirello AP3 Addresses Ł At least three addresses Receiving station Transmitting station BSS address To make sure a frame is valid within the considered BSS For filtering purpose (filter frame within a BSS) Giuseppe Bianchi, Ilenia Tinnirello BSSID Ł Address of a BSS Infrastructure mode: AP MAC address Ad-hoc mode: 802 IEEE 48 bit addresses 1 bit = individual/group 1 bit = universal/local 46 bit address Random value » With universal/local bit set to 1 Generated by STA initiating the IBSS Giuseppe Bianchi, Ilenia Tinnirello Addressing in an IBSS SA DA Frame Control Duration / ID Address 1 DA Address 2 SA Address 3 BSSID SA = Source Address DA = Destination Address Giuseppe Bianchi, Ilenia Tinnirello Sequence Control Address 4 --- Data FCS Addressing in a BSS? AP SA X Giuseppe Bianchi, Ilenia Tinnirello DA Addressing in a BSS! Distribution system AP SA Frame must carry following info: 1) Destined to DA 2) But through the AP What is the most general addressing structure? Giuseppe Bianchi, Ilenia Tinnirello DA Addressing in a BSS (to AP) Distribution system Address 2 = wireless Tx Address 1 = wireless Rx Address 3 = dest AP BSSID SA Frame Control Duration / ID DA Address 1 BSSID Address 2 SA 1 Protocol version Type Sub Type To DS 2 2 4 1 Address 3 DA Sequence Control Address 4 --- 0 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello 1 1 1 Data FCS Addressing in an ESS Distribution System AP AP BSSID DA DA Idea: DS will be able to forward frame to dest (either if fixed or wireless MAC) SA Frame Control Duration / ID Address 1 BSSID Address 2 SA 1 Protocol version Type Sub Type To DS 2 2 4 1 Address 3 DA Sequence Control Address 4 --- 0 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello 1 1 1 Data FCS Addressing in a BSS (from AP) Distribution system Address 2 = wireless Tx Address 1 = wireless Rx Address 3 = src AP BSSID SA Frame Control Duration / ID DA Address 1 DA Address 2 BSSID 0 Protocol version Type Sub Type To DS 2 2 4 1 Address 3 SA Sequence Control Address 4 --- 1 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello 1 1 1 Data FCS From AP: do we really need 3 addresses? Distribution system AP BSSID SA DA DA correctly receives frame, and send 802.11 ACK to … BSSID (wireless transmitted) DA correctly receives frame, and send higher level ACK to … SA (actual transmitter) Giuseppe Bianchi, Ilenia Tinnirello Addressing within a WDS Wireless Distribution System AP AP RA TA Address 4: initially forgotten… DA SA Frame Control Duration / ID Address 1 RA Address 2 TA 1 Protocol version Type Sub Type To DS 2 2 4 1 Address 3 DA Sequence Control Address 4 SA 1 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello 1 1 1 Data FCS Addressing: summary Receiver Transmitter Function To DS From DS Address 1 Address 2 Address 3 Address 4 IBSS 0 0 RA = DA SA BSSID N/A From AP 0 1 RA = DA BSSID SA N/A To AP 1 0 RA = BSSID SA DA N/A Wireless DS 1 1 RA TA DA SA Ł Ł Ł Ł Ł BSS Identifier (BSSID) unique identifier for a particular BSS. In an infrastructure BSSID it is the MAC address of the AP. In IBSS, it is random and locally administered by the starting station. (uniqueness) Transmitter Address (TA) MAC address of the station that transmit the frame to the wireless medium. Always an individual address. Receiver Address (RA) to which the frame is sent over wireless medium. Individual or Group. Source Address (SA) MAC address of the station who originated the frame. Always individual address. May not match TA because of the indirection performed by DS of an IEEE 802.11 WLAN. SA field is considered by higher layers. Destination Address (DA) Final destination . Individual or Group. May not match RA because of the indirection. Giuseppe Bianchi, Ilenia Tinnirello Service Set IDentifier (SSID) Ł Name of the WLAN network Plain text (ascii), up to 32 char Ł Assigned by the network administrator All BSS in a same ESS have same SSID Ł Typically (but not necessarily) is transmitted in periodic management frames (beacon) Typical: 1 broadcast beacon every 100 ms (configurable by sysadm) Beacon may transmit a LOT of other info Beacon example Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN Lecture 6.3 Network Management Giuseppe Bianchi, Ilenia Tinnirello Management Operations Ł Wireless is not always an advantage Medium unreliable, lack of physical boundaries, power consumption Ł How to join, build, connect, move nodes, save energies, … All these issues are faced by the management procedures, which can be customized Different vendor offers: very simple products vs. feature-rich products Giuseppe Bianchi, Ilenia Tinnirello Scanning Ł Before joining a network, you have to find it!! The discovery operation is called scanning Ł Several parameters can be specified by the user BSSType (independent, infrastucture, both) BSSID (individual, Broadcast) SSID (network name) ScanType (active, passive) Channel List Probe Delay (to start the active scanning in each channel) MinChannelTime, MaxChannelTime Giuseppe Bianchi, Ilenia Tinnirello Passive Scanning Ł Saves battery, since it requires listening only Ł Scanning report based on beacon frames heard while sweeping channel to channel AP2 AP1 AP3 Found AP1, AP3 Giuseppe Bianchi, Ilenia Tinnirello Active Scanning Ł Probe Request Frames used to solicit responses from a network, when the ProbeDelay time expires If the medium is detected busy during the MinChannelTime, wait until the MaxChanneltime expires One station in each BSS is responsible to send Probe Responses (station which transmitted the last beacon frame) Giuseppe Bianchi, Ilenia Tinnirello Joining Ł A scan report is generated after each scan, reporting BSSID, SSID, BSSType, Beacon Interval DTIM period Timing Parameters (Timestamp) PHY Parameters, BSSBasicRateSet Ł Joing: before associating, select a network (often it requires user action) Ł and after? Giuseppe Bianchi, Ilenia Tinnirello Authentication Ł What does authentication do? prove the identity of the new node Ł On wired network, it is implicitely provided by phisical access, but everybody can access wireless medium! Ł Two major approaches: Open-system Shared-key Giuseppe Bianchi, Ilenia Tinnirello Authentication (2) Ł It can work in both ad-hoc and infrastucture modes, but it is not bilateral (mutual) 802.11 authentication implicitely assumes that access points are under the control of the network administrators and do not have to prove their identity The network is no under obligation to authenticate itself, then man-in-the-middle attacks are possible Giuseppe Bianchi, Ilenia Tinnirello Open Open--System Authentication Ł Accept Everybody 2way handshake; the station simply informs about its identity The identity is represented by the MAC address (not by the user) Ł Address filtering Often used with open-system List with authorized MAC addresses provided by the network administrator Better than nothing.. But MAC addresses can be software programmable! Moreover, the authorization lists have to be transferred in all the APs Giuseppe Bianchi, Ilenia Tinnirello Shared Shared--Key Authentication Ł Can be used only with some products implementing the WEP (Wireless Encryption Protocol) Ł Before accepting the user, the authenticator has to verify that he knows a secret How? Ask for the secret? NO, attackers can listen! Ask for decoding a challenge text and compare the answer (which has to be encrypted) with the local decryption. Giuseppe Bianchi, Ilenia Tinnirello How does WEP work? Ł very basic ideas.. Symmetric cipher: the same keystream is used for XOR coding and XOR decoding 010101010111 000100101001 data keystream 010001111110 000100101001 coded data keystream 010101010111 recovered data Giuseppe Bianchi, Ilenia Tinnirello Keystream Ł Both the transmitter and the receiver has to know the keystream; long data transfer requires long keystrem Ł How to distribute and manage long totally random keystreams? Keystream = pseudorandom sequence obtained from a short key + Initialization Vector = f( key, IV) Function f is called RC4 and it is an intellectual property no more safe, after 2001! Standard key length of only 40 bits + 24 bit for the IV Giuseppe Bianchi, Ilenia Tinnirello Is cryptography enough? Ł Not only confidentiality problems, but also integrity problems We do not have only to protect our data against not authorized receivers, but also we have to be sure that nobody changes our data Even if we do not know the keystream, if we change the encrypted payload, we destroy the exact information delivery Ł Integrity-Check-Value: a “summary” of the payload, appended to the payload for checking the integrity of the data after decrypting Ł E.g. payload = “Siamo nel mese di ottobre” ICV = “snmdo” xxxxxx = crypt(“siamo nel mese di ottobre snmdo”) decrypt(xxxxyy) = “siamo inc qwer di ottobre snmdo” “snmdo: is not the payload summary! Giuseppe Bianchi, Ilenia Tinnirello WEP Features Frame header IV Frame body ICV FCS 32 bits 24 bits encrypted Ł extra overhead of 24+32 bits Ł Since the payload often starts with an LLC frame, whose first byte is known, the first byte of encryption can be understood.. Ł the ICV should be obtained by an hash unpredictable function, but in the WEP definition it is cyclic redundancy check CRC is not cryptographically secure, because single bit alterations can be predicted with high probability Ł Key cannot be considered secure, since they are statically entered, accessible by users and rarely changed Giuseppe Bianchi, Ilenia Tinnirello Enhanced encryption Ł WEP limits: Manual key setting (shared in the whole network) Limited IV space (24 bits = 224 packets = 16.8 M) Ł WPA: Still based on RC4, but with dynamic and automatic key management! IV long 48 bits per-packet key Message Integrity Code (8 bytes) before ICV Ł WPA2: change RC4 with AES Giuseppe Bianchi, Ilenia Tinnirello WPA/TKIP: Temporal Key Integrity Protocol Ł Still based on RC4 for compatibility reasons WEP: f(Secret Key+IV)=keystream TKIP: f(Secret Key+IV) = Secret Key Generator Dynamic keys of 128 bits Different keys for each session Giuseppe Bianchi, Ilenia Tinnirello Other authentication mechanisms Ł 802.1x: does not define its own security protocols, but reuse existing protocols Too many researches with specific standardized functions; Standardizes the protocol messages and operations, in general terms: e.g. consider an ICV, without chosing a fiexd a priori hash function; the hash an cypher functions are negotiated Ł Three principal roles: Supplicant – a device requesting access to the controlled port Authenticator – the point of attachment to the LAN infrastructure (e.g., .11 AP) Authentication server – verifying the credentials of the supplicant (e.g., RADIUS server) Ł After successful authentication, a controlled port is opened Giuseppe Bianchi, Ilenia Tinnirello Association Ł After that we choose a network and we authenticate, we can finally send an “association” message The message is required for tracking the host position in the ESS Not used for ad hoc networks Re-association after hand-over Giuseppe Bianchi, Ilenia Tinnirello And to be found? Ł It is required to periodically transmit a beacon! In infrastructure: beacon transmissions managed by the AP In ad-hoc: each station contend for the beacon and leave the contention after the first observed beacon Ł The beacon frames are periodically scheduled, but contend as normal frames Deterministic scheduling Random transmission delays Giuseppe Bianchi, Ilenia Tinnirello What information is carried by beacons? Ł Timestamp (8 bytes): in Transmission Units TU (=1024 us) to synchronize stations Ł Beacon Interval (2 bytes): beacon scheduling interval Ł Capability Info (2 bytes): bit map to activate/deactivate some network features Ł SSID (variable size): network name set by the operators Element ID, Length, Information for every variable size field OPTIONAL: Ł FH ParameterSet (7 bytes) Ł DS ParameterSet (2 bytes) Ł CF ParameterSet (8 bytes) Ł IBSS ParameterSet (4 bytes) Ł Traffic Indicator Map TIM (variable size): to indicate which stations have buffered frames; some TIM are Delivery TIM for broadcast traffic Giuseppe Bianchi, Ilenia Tinnirello Why Timestamps for Synchronization? " # & $ ' Giuseppe Bianchi, Ilenia Tinnirello % PART 6 IEEE 802.11 WLAN Lecture 6.4 Medium Access Control Protocols: DCF Giuseppe Bianchi, Ilenia Tinnirello Wireless Ethernet Ł 802.3 (Ethernet) CSMA/CD Carrier Sense Multiple Access Collision Detect A Ł Ł 802.11(wireless LAN) CSMA/CA (Distributed Coordination Function) Carrier Sense Multiple Access Collision Avoidance Ł Ł Giuseppe Bianchi, Ilenia Tinnirello B C Both A and C sense the channel idle at the same time they send at the same time. Collision can be detected at sender in Ethernet. Why this is not possible in 802.11? 1. Either TX or RX (no simultaneous RX/TX) 2. Large amount of power difference in Tx and Rx (even if simultaneous txrx, no possibility in rx while tx-ing) 3. Wireless medium = additional problems vs broadcast cable!! Hidden Terminal Problem Ł Large difference in signal strength; physical channel impairments (shadowing) It may result that two stations in the same area cannot communicate Ł Hidden terminals A and C cannot hear each other A transmits to B C wants to send to B; C cannot receive A;C senses “idle” medium (Carrier Sense fails) Collision occurs at B. A cannot detect the collision (Collision Detection fails). A is “hidden” to C. A B Giuseppe Bianchi, Ilenia Tinnirello C 802.11 MAC approach Ł Still based on Carrier Sense: Listen before talking Ł But collisions can only be inferred afterwards, at the receiver Receivers see corrupted data through a CRC error Transmitters fail to get a response Ł Two-way handshaking mechanism to infer collisions DATA-ACK packets packet TX ACK Giuseppe Bianchi, Ilenia Tinnirello RX Channel Access details Ł A station can transmit only if it senses the channel IDLE for a DIFS time DIFS = Distributed Inter Frame Space Packet arrival TX DIFS DATA SIFS RX ACK What about a station arriving in this frame time? Ł SIFS = Short Inter Frame Space Giuseppe Bianchi, Ilenia Tinnirello DIFS & SIFS in wiwi-fi Ł DIFS = 50 s Ł SIFS = 10 s Giuseppe Bianchi, Ilenia Tinnirello Why backoff? DIFS STA1 DATA SIFS ACK DIFS STA2 STA3 Collision! RULE: when the channel is initially sensed BUSY, station defers transmission; But when it is sensed IDLE for a DIFS, defer transmission of a further random time (BACKOFF TIME) Giuseppe Bianchi, Ilenia Tinnirello Slotted Backoff STA2 DIFS w=7 Extract random number in range (0, W-1) Decrement every slot-time w=5 STA3 Note: slot times are not physically delimited on the channel! Rather, they are logically identified by every STA Slot-time values: 20 s for DSSS (wi-fi) Accounts for: 1) RX_TX turnaround time 2) busy detect time 3) propagation delay Giuseppe Bianchi, Ilenia Tinnirello Backoff freezing Ł When STA is in backoff stage: It freezes the backoff counter as long as the channel is sensed BUSY It restarts decrementing the backoff as the channel is sensed IDLE for a DIFS period STATION 1 DIFS DATA DIFS SIFS ACK STATION 2 DIFS SIFS ACK 6 5 BUSY medium Frozen slot-time 4 Giuseppe Bianchi, Ilenia Tinnirello DIFS 3 2 1 Backoff rules Ł First backoff value: Extract a uniform random number in range (0,CWmin) Ł If unsuccessful TX: Extract a uniform random number in range (0,2×(CWmin+1)-1) Ł If unsuccessful TX: Extract a uniform random number in range (0,22×(CWmin+1)-1) Ł Etc up to 2m×(CWmin+1)-1 Exponential Backoff! CWmin = 31 CWmax = 1023 (m=5) Giuseppe Bianchi, Ilenia Tinnirello Throughput vs CWmin P=1000 bytes Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS Ł Request-To-Send / Clear-To-Send Ł 4-way handshaking Versus 2-way handshaking of basic access mechanism Ł Introduced for two reasons Combat hidden terminal Improve throughput performance with long packets Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS and hidden terminals Packet arrival TX DIFS RTS DATA SIFS CTS SIFS RX others SIFS ACK NAV (RTS) NAV (CTS) RX RTS CTS TX CTS hidden (Update NAV) RTS/CTS: carry the amount of time the channel will be BUSY. Other stations may update a Network Allocation Vector, and defer TX even if they sense the channel idle (Virtual Carrier Sensing) Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS and performance RTS/CTS cons: larger overhead RTS/CTS pros: reduced collision duration Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS throughput RTS/CTS convenient with long packets and large number of terminals (collision!); Giuseppe Bianchi, Ilenia Tinnirello RTS/CTS more robust to number of users and CWmin settings Giuseppe Bianchi, Ilenia Tinnirello Relation between IFS PIFS used by Point Coordination Function - Time-bounded services - Polling scheme PCF Never deployed Parameters SIFS ( sec) DIFS ( sec) Slot Time ( sec) CWmin CWmax 802.11b PHY 10 50 20 31 1023 Giuseppe Bianchi, Ilenia Tinnirello Giuseppe Bianchi, Ilenia Tinnirello EIFS Time in microseconds. Update the NAV time in the neighborhood PHY Frame Control IEEE 802.11 Duration / ID 2 2 Data Frame formats Data 0 - 2312 Address 1 Address 2 6 6 Protocol version Type Sub Type info 2 2 12 Sub Type To DS 4 1 FCS Address 3 Sequence Control 6 2 Fragment number 4 From More Pwr More Retry WEP Order DS Frag MNG Data 1 1 1 1 1 1 Giuseppe Bianchi, Ilenia Tinnirello 1 Address 4 6 Data 0-2312 Sequence number 12 Frame check sequence 4 Why NAV (i.e. protect ACK)? TX RX Station C receives frame from station TX Station C IS NOT in reach from station RX But sets NAV and protects RX ACK Giuseppe Bianchi, Ilenia Tinnirello C Why EIFS (i.e. protect ACK)? TX C RX Station C DOES NOT receive frame from station TX but still receives enough signal to get a PHY.RXEND.indication error Station C IS NOT in reach from station RX But sets EIFS (!!) and protects RX ACK Giuseppe Bianchi, Ilenia Tinnirello Frame formats DATA FRAME (28 bytes excluded address 4) Frame Control Duration / ID Address 1 Address 2 RA TA Address 3 RTS (20 bytes) Frame Control Duration FCS CTS / ACK (14 bytes) Frame Control Duration RA FCS Giuseppe Bianchi, Ilenia Tinnirello Sequence Control Address 4 Data FCS DCF overhead E[ payload ] S station E[TFrame _ Tx ] DIFS CWmin / 2 TFrame _ Tx TMPDU SIFS TACK TFrame _ Tx TRTS TMPDU TPLCP 8 (28 L) / RMPDU _ Tx SIFS TCTS SIFS TMPDU TACK TPLCP 8 14 / RACK _ Tx TRTS TPLCP 8 20 / RRTS _ Tx TCTS TPLCP 8 14 / RCTS _ Tx Giuseppe Bianchi, Ilenia Tinnirello SIFS TACK DCF overhead (802.11b) RTS/CTS Basic RTS/CTS Basic 0 2000 4000 6000 8000 Tra nsmssion Time (use c ) DIFS Ave Bac koff RTS+SIFS CTS+SIFS Giuseppe Bianchi, Ilenia Tinnirello Payload+SIFS ACK Giuseppe Bianchi, Ilenia Tinnirello " ! # 76 ,- 67 ,0/. 0/. 0/. 0/. 882 88 12 12 2 45 3 45 3 45 3 45 3 $ % &' ( ) * + DCF overhead (802.11b) Fragmentation Ł Splits message (MSDU) into several frames (MPDU) Same fragment size except the last one Ł Fragmentation burst Fragments separated by SIFS Channel cannot be captured by someone else Ł Each fragment reserves channel for next one NAV updated fragment by fragment Ł Missing ACK for fragment x Release channel (automatic) Backoff Restart from transmission of fragment x Each fragment individually ACKed Giuseppe Bianchi, Ilenia Tinnirello Why Fragmentation? Ł High Bit Error Rate (BER) Increases with distance The longer the frame, the lower the successful TX probability High BER = high rts overhead & increased rtx delay Backoff window increases: cannot distinguish collisions from tx error! Giuseppe Bianchi, Ilenia Tinnirello Fragment and sequence numbers DATA FRAME (28 bytes excluded address 4) Frame Control Duration / ID Address 1 Address 2 Address 3 More Retry Frag 1 1 Sequence Control Fragment number Address 4 Data FCS Sequence number 4 12 Ł Fragment number Increasing integer value 0-15 (max 16 fragments since 4 bits available) Essential for reassembly Ł More fragment bit (frame control field) set to: 1 for intermediate fragments 0 for last fragment Ł Sequence Number Used to filter out duplicates Unlike Ethernet, duplicates are quite frequent! Retransmissions are a main feature of the MAC Ł Retry bit: helps to distinguish retransmissions Set to 0 at transmission of a new frame Giuseppe Bianchi, Ilenia Tinnirello PART 6 IEEE 802.11 WLAN Lecture 6.4bis Medium Access Control Protocols: PCF Giuseppe Bianchi, Ilenia Tinnirello PCF vs DCF PCF DCF PHY PCF deployed on TOP of DCF Backward compatibility Giuseppe Bianchi, Ilenia Tinnirello PCF Ł Token-based access mechanism Polling Ł Channel arbitration enforced by a “point Coordinator” (PC) Typically the AP, but not necessarily Ł Contention-free access No collision on channel Ł PCF deployment: minimal!! Optional part of the 802.11 specification As such, almost never deployed But HCCA (PCF extension in 802.11e) is getting considerable attention… Giuseppe Bianchi, Ilenia Tinnirello PCF frame transfer SIFS Polling strategy: very elementary!! - send polling command to stations with increasing Association ID value… - (regardless whether they might have or not data to transmit) Giuseppe Bianchi, Ilenia Tinnirello