IEEE 802.11 Overview

Rong-Hong Jan

Dept of Computer and Information Science

National Chiao Tung University

IEEE 802.11 Overview

市場趨勢國內廠商應用範疇

Overview - 市場趨勢 (I) 演進：

– 802.11 → 802.11b → 802.11a → 802.11g → …………802.11n

– 中國大陸的自有無線通訊協定 WAPI 產值：

– 2003 年世界 WLAN 晶片市場排名

註二：

Agere

：原第二名

註一：G

lobespanVirata

：原第一

名

Overview - 市場趨勢 (II) 產值：

– 2003 年台灣無線通訊設備產值 NT$ 2,000 億 ( 海內外生產加總 )

– 較 2002 年成長 87.6%– 在行動電話、 WLAN 與 GPS 、藍芽等產品帶動下，預估 2004 年第 1 季無線通訊設備產值可較去年同期成長 3 成以上。

– 國內廠商在無線通訊產品上佔全球生產比重不斷升高

– 2003 年台灣已佔有全球產量的比重已達到 9成

– 整體產品產值也達 500 億新台幣以上

Overview - 國內廠商 台灣 WLAN 晶片廠商

– 英飛凌上元、瑞昱、益勤、雷凌、集耀… .

台灣 WLAN 系統廠商 – GemTek 、 D-Link 、建漢 、陽慶 、馳元，

ZCOM ， Accton……

Overview - 應用範疇 家電遙控 GPRS ＋ WLAN 急難救援系統 ( 美國 911) 定位與人員追蹤 上網服務 - HotSpots ：

– 醫院– 機場、咖啡廳、校園– ……

IEEE 802.11 Families規格名稱 說 明 規格年份

802.11 MAC; PHY:跳頻、展頻、紅外線 1997

802.11a PHY:OFDM/5.2-Ghz 1999

802.11b PHY:HR-DSSS/2.4-Ghz 1999

802.11c MAC-Bridge(轉至 802.11d) ???

802.11d 不同區域的運作規範 2001

802.11e Qos CookingCooking

802.11f IAPP 2003

802.11g PHY:OFDM+HR-DSSS/2.4-Ghz 2003

802.11h 802.11a extend (HyperLAN) 1999

802.11i Security of 802.11 CookingCooking

802.11n 100Mbps CookingCooking

無線區域網路課程內容安排 - 大綱 (I)

課程大綱– 無線網路的概觀與 802.11 無線區域網路

(Overview)

– 802.11 的媒體擷取控制 (MAC) 與訊框格式– 802.11e : QoS of 802.11

– 802.11 的安全 : WEP ， 802.1X 與 802.11i

– 802.11 的管理機制– 競爭與非競爭的媒體控制機制

無線區域網路課程內容安排 - 大綱 (II)

– 實體層的簡介– 802.11f IAPP (Inter Access Points Protocol)

– 802.11 網路佈建與管理– 網路分析與效能調整– 802.11 隨意無線區域網路路由方法

無線網路的概觀與 802.11 無線區域網路 (Overview)

Wireless vs wired

Bluetooth, 802.11, GSM, GPRS, UTML

Wireless – Mobility - Security

802.11 serials

– Infrastructure

– Ad hoc

Types of Networks

Independent networks (indep. basic

service set, IBSS), also known as ad

hoc networks.

Infrastructure networks

Two advantages for infrastructure networks

– The mobile stations need not to maintain

neighbor relationships.

– Access points assist with stations

attempting to save power.

In an infrastructure network, stations must

associate with an AP to obtain network

services. (equivalent to plug in the network

cable)

An extended service set (ESS) is created by

chaining BSSs together with a backbone

network.

802.11 的媒體擷取控制 (MAC)與訊框格式

MAC accessing modes

CSMA/CA & NAV

Inter-frame spaces

DCF operation/ Backoff

Fragmentation & De-fragmentation

Frame Format

RTS/CTS & Power Saving sequence

802.11 adapts Ethernet-style

networking to radio links.– Ethernet CSMA/CD

– 802.11 CSMA/CA

Challenges for the MAC– RF link quality: 802.11b uses unlicensed ISM

bands as its radio link. It must assume that

interference will exist and work around it.

– ACK is required.

MAC Access Modes Distributed coordination function

(DCF): Ethernet-like. CSMA/CA. DCF may use CTS/RTS to reduce the possibility of collisions.

Point coordination function (PCF): Contention-free services. Special stations called point coordinators are used to ensure contention-free. The coordinators reside in AP. PCF is only for infrastructure mode and not widely implemented.

Contention-based access using the DCF

Contention-based access using the DCF

Contention-based access using the DCF

Carrier-Sensing Functions and the Network Allocation Vector

Two types of carrier-sensing functions:

the physical carrier-sensing and virtual

carrier-sensing functions.

The virtual carrier-sensing is provided by

the Network Allocation Vector (NAV)

The NAV is carried in the frame headers

on the MAC frames (e.g., RTS, CTS,

Beacon, Probe, Association, and so on)

Frame Format

Fields are transmitted from left to

right, and the most significant bits

appear last.

802.11e : QoS of 802.11

Traffic differentiation

Hybrid coordination function (HCF)

Contention-based channel access –

EDCF

Controlled channel access

Direct link protocol (DLP)

Burst ACK

802.11 的安全 : WEP ， 802.1X 與 802.11i

WEP operation

RC4 encryption algorithm

EAP (Extensible Authentication

Protocol)

802.1x: Network port authentication

802.1x on wireless LANs

40-bit WEP Key

訊框資料內容(Frame Body)

CRC

檢查碼(ICV)

RC4加密字串(Keystream)

Frame BodyIV header(4 bytes)

Frame header FCS

未加密 已加密 未加密

ICV(4 bytes)

24-bit IV

64-bit RC4 Key

RC4 Algorithm

訊框資料內容(Frame Body)

XOR

Supplicant Authenticator

3:EAPOL-Start

Radius

4:Request/Identity

5:Response/Identity 5:Radius-Access-Request

6:Radius-Access-Challenge

7:Radius-Access-Request

8:Radius-Access-Accept

9:EAPOL-Key(WEP)

8:EAP-Success

7:EAP-Response

6:EAP-Request

EAPOL

RADIUS

1:Association request

2:Association response

802.11

802.11 的管理機制 Infrastructure management

– Scanning ： Passive & Active

– Authentication ： Open system &

Share-key

– Association

– Re-association

IBSS management

Time synchronization

Passive Scanning

Passive scanning saves battery power.

In passive scanning, a station moves to

each channel on the channel list and

waits for Beacon frames.

Active Scanning For each channel in the channel list:– Wait for either an indication of an

incoming frame or ProbeDelay Timer to expire.

If a frame is detected, the channel can be probed.

– Send Probe Request.– Wait for min or max channel time.

(Channel busy or not) Idle min channel time no network Busy max channel time

Probe responses are unicast frames subject to ACK.

Choosing which BSS to join is an

implementation-specific decision and

may even involve user intervention.

– Power level, signal strength.

– Matching parameters

Timer synchronization is an important

task in the joining process.

Association

Association is recordkeeping procedure

that allows the distribution system to track

the location of each mobile station.

After association, an AP must register the

MS on the network so frames for the MS are

delivered to the AP.

How ? (AP may send a gratuitous ARP.)

802.11 forbids associating with more than

one AP.

Associated procedure

Association req & rep are unicast frames.

(ACK is required)

Reassociated procedure

競爭與非競爭的媒體控制機制 PCF vs DCF

PCF operation

PCF frame format

Power saving mode in DCF

Power saving mode in PCF

The PCF allows an 802.11 network to

provide an enforced “fair” access to the

medium. (Likes AP holding the token in a

token-based MAC schemes)

PCF is an optional part of 802.11

Periods of contention-free service arbitrated

by the point coordinator alternate with the

DCF-based services.

A cycle Contention free +contention period

At the beginning of the contention-free period, the AP transmits a Beacon frame and announces CFPMaxDuration.

All stations set NAV to CFP-MD to lock out DCF-based access

實體層的簡介 Physical layer overview

Frequency hopping

– GFSK

Direct sequence spectrum

– Chipping

– DPSK & QPSK

OFDM

802.11f IAPP (Inter Access Points Protocol)

IAPP security risks

IAPP protocol overview

– ADD

– MOVE

– CACHE-Notify

RADIUS protocol usage

IAPP frame format

IAPP IAPP( Inter Access-Point Protocol ) is

designed for the enforcement of unique association throughout a ESS ( Extended Service Set ) and for secure exchange of station's security context between current access point(AP) and new AP during handoff period.

Based on security level, communication session keys between APs are distributed by a RADIUS server.  

Proactive caching

Proactive caching is suggested to avoid

long handoff delay caused by IAPP

communication between two APs as well as

AP and RADIUS server.

With proactive caching, current access

point distributes the security context of the

mobile station to neighboring access points

BEFORE the station actually handoffs.

802.11 網路佈建與管理 The topology archetype

Roaming & Mobility

Spanning multiple locations

Security

Project planning

The site survey

Installation and the final rollout

網路分析與效能調整 Network analysis

Tuning radio management

Tuning power management

Timing operations

Tuning radio management

Beacon interval

– Decreasing passive scanning

more reliable & faster

– Increasing Power-saving capability (listen, DTIM

intervals)

Throughput

802.11 隨意無線區域網路路由方法

MANET

Routing in MANET

Table-Driven Routing Protocols

– DSDV 、 CGSR

Source-Initiated On-Demand Routing

Protocols

– DSR 、 TORA 、 ABR 、 SSR 、 ZRP

On-demand vs. Table-drivenTable-Driven Routing Protocol:

proactive!!continuously evaluate the routesattempt to maintain consistent, up-to-date routing

informationwhen a route is needed, one may be ready immediately

when the network topology changes the protocol responds by propagating updates throughout the

network to maintain a consistent view

Source-Initiated On-Demand Routing Protocol:reactive!!on-demand style: create routes only when it is desired

by the source node route discovery: invoke a route-determination

procedure the procedure is terminated when

a route has been found no route is found after all route permutations are

examined

longer delay: sometimes a route may not be ready for use immediately when data packets come

實驗介紹 實驗大綱

– 分析無線封包 - Ethereal 的使用– 擷取無線封包 - Promiscuous Mode

– AP 韌體的編譯與燒錄– Host AP 安裝與設定– 無線網路與 802.1x 與 RADIUS

– 隨意網路的遶徑實作