Friday 29 June 2012

Wireless Control Frames + Client->AP communication

Here's just a little note at the start of this post about Client and AP communication because I don't want to create a separate post but can't really fit it anywhere else:
Client to AP communication:

  1. Beacons are sent from the AP to make it's presence known
  2. The client sends a probe request
  3. The AP sends a probe response
  4. The client sends authentication information
  5. The client sends an association request
  6. The AP sends an association response
  7. Data is transferred
  8. The AP or Client will disassociate and de-authenticate when they are done
Control Frames:
ACK - When DCF (Distributed Co-ordination Function) is in use, whereby everyone co-ordinates the media access, an ACK is sent in response by the AP to every frame without a CRC error. It is 13 bytes long and only contains a DA (Destination address); the client assumes it is from the AP which it sent the frame to. 
RTS - Request to Send are used when a host wants to send a frame to the AP. The RTS has a source address (SA) and DA, a duration (for the whole transmission including a SIFS, the CTS, another SIFS, the data frame, another SIFS and finally an ACK). 
CTS - Clear to Send only has a DA, the duration (for the remaining, including SIFS, data frame, SIFS and the ACK).
RTS and CTS are protection mechanisms used in the following scenarios:
1) When using 802.11b and 802.11g devices the g host sends a RTS and CTS at 802.11b speeds so the 802.11b hosts know a transmission is about to occur.
2) RTS/CTS is also used in a hidden network, if 2 hosts are so far away from each other that they cannot detect each other. Because the AP is centrally located it sends out a CTS to each AP in turn.

The 802.11 header has the field 'frame control', which contains a bit which can be used to denote if power saving mode is being used. The host sends an empty frame, called a null function, with the power saving bit turned on if it is alerting the AP that it is going into power saving mode. A clock is set to wake it up later. The AP buffers all frames for the host and keeps track of each sleeping host. The TIM (Traffic Indication Map) is used by the AP, sent to a host, if it is buffering packets. The Host receives the TIM, and replies so that the AP can send the buffered packets. Power saving mode is not often used because it doesn't save much battery life and adds a lot of overhead onto the network.

Thursday 28 June 2012

Wireless Frame Transmission - Inc. CSMA/CA

802.11 half duplex uses Carrier Sense Multi Access / Collision Avoidance (CSMA/CA) to ensure than collisions do not happen on the wireless network.
When a host wants to send a frame it picks a random number between 0 and 31 and counts down, 802.11b counts down in 20microsecond intervals, 802.11a and g count in 9 microsecond intervals. This is called the back off timer.
While another host is transmitting on the frequency the host stops counting, waits a length of time based on a mathematical algorithm and then continues it's count down. If the frequency is clear it then can transmit. The total time of this waiting plus the back off timer is called the contention window. The length of time calculated by the mathematical algorithm is called the NAV (Network Allocation Vector). So in actually the host doesn't stop counting and wait it just adds the NAV value onto the time it is counting down.
At the end of all this waiting the host needs to do one final check that the frequency is clear, this is called the Clear Channel Assignment (CCA). This all happens for each frame being sent.
If the frame transmission fails the process must start again, but the host picks a new random number between 0 and 127, then 0 and 255 for the 3rd attempt and 0 and 1023 for the final. After this it gives up.
After the frame is received the AP must send back an acknowledgement. This is sent with a higher priority to ensure that it gets sent and the host doesn't attempt to resend the original frame.
SIFS (Short Interframe Space) = High priority used for ACKs
DIFS = (Distributed Interfame Space) Standard priority used for normal frames

802.11n

802.11n is different in many ways to the older standard 802.11abg.

The way that information is sent at the physical layer is different, in fact items such as reflection and interference can be turned into an advantage instead of an issue.
2 channels are combined to make 40MHz channels rather than the 20 MHz channels of 802.11abg. 802.11n is also able to do away with the side channels which are used for protection, freeing up an additional 11 Mbps for a maximum of 119Mbps per 40MHz channel.
802.11n introduces MAC efficiency. 802.11 needs to acknowledge every frame where as 802.11n can send a number of frames and only have one acknowledgement.
MIMO - This uses multiple input and output antennas so that several frames are sent by several antennas over several paths, the frames are then recombined by the receiving antennas to optimise throughput and multipath resistance. This is known as spatial multiplexing. MIMO works when there are multiple radios on each side. However it can also provide benefits to non-802.11n single radio clients:
Transmit Beam Forming - several beams are sent from the 802.11n device to the non 802.11n client. the client can use the best one.
Maximum Radio Combining - This is similar but in the reverse direction. Multiple signals are sent from the client to the 802.11n AP in phase so that it adds strength to the signal. MRC doesn't resolve multipath in anyway, and in fact is affected by it as normal so it is nowhere near as good as MIMO.
MIMO has 3 critical advantages:

  • It has better sensitivity for the stationary client when receiving, using beam forming
  • It provides better sensitivity for the AP receiving by using MRC
  • Both of the above translates into higher datarate

Wednesday 27 June 2012

Wireless Transmission Methods

Wireless LANs use a method of transmission called Spread Spectrum. The alternative method is narrow band as used by radio stations. Narrowband uses a single frequency but a very high power level. Spread Spectrum works in an opposite way, this is because it is likely in the unlicensed wireless space that other devices will cause interference. The signal is spread across a number of frequencies and the receiver is set to listen on the same frequencies, this reduces the interference degradation and reduces the power required to send the signal.

There are two types of Spread Spectrum:
Frequency Hopping Spread Spectrum (FHSS)
Direct Sequence Spread Spectrum (DSSS)

Encoding is the process of transforming a single digit into a sequence of symbols to be transmitted so that if part of the sequence is lost it can still be understood at the receiving end. Modulation is a method through which symbols are represented on the wave.

WLANs today use DSSS, or a version of it. FHSS is used by some cordless phones and Bluetooth. FHSS is not preferred and causes interference with WLANs because it utilizes 75 channels in the spectrum and hops between them, it must use all 75 channels, which is just for 300-400ms. FHSS uses GFSK to encode data (2 level GFSK uses 2 frequencies, 4 level uses 4). FHSS uses little power and mitigates interference by "dancing" around it. DSSS gets around interference by sending a redundant bit pattern (Sequence) for each bit sent, so that if any of the bit pattern is lost we've got a good chance of recovering it, this does of course amount to large overhead. Chips or PN (Pseudorandom Noise) codes is the redundant information coded into each signal. There is 11 bits per bit to be sent. This is really basic 802.11 to achieve 1 and 2mbps.

802.11a and g uses Orthogonal Frequency Division Multiplexing (OFDM). OFDM resists multipath problems by carrying data in 52 sub carriers within the 20MHz radio channel. 48 are for data and 4 are pilot for monitoring interference and path shifts. The carrier is 20MHz and can be bigger, which just means more throughput. Each carrier (or tone) is considered independent to other tones and interference will only degrade that tone, meaning less redundant chips.

Antennas and Misc Information

The radiation pattern created by an antenna depends on the physical characteristics of that antenna, for example the size and shape as well as the materials the antenna is made of. The pattern created is 3 dimensional but the way we draw it is by looking at 2 different views, the H-Plane and E-Plane. The H-Plane is the view from directly above the antenna, so the antenna is in the middle and the radiated pattern shows in front and behind the antenna, as well as left and right. The standard doughnut shape would look like a circle on the H-Plane. This is the horizontal plane, there is no vertical information shown just forwards, back, left and right.
The other plane is the E Plane (often referred to as the vertical plane). It is looking directly at the side of the antenna. So the view you would see is the radiation pattern upwards, downwards and in front and behind, nothing from side to side.

The strength of this pattern is given in dBi. A vendor will pick a reference point where the signal strength is strongest, and assign it a value of 0dB. The other points have -xdB values to show how much the signal is decreased in a given direction.

Polarization is the direction the wave moves and there are 3 options: Vertical (up and down), Horizontal (left and right) as well as circular (the wave circles as it moves forwards). Antennas can use any type of polarisation but it should the same on both ends to prevent signal degradation.

Diversity is implemented by placing multiple antennas on a device. When an AP receives a frame from a client it uses the preamble of the frame to test both antennas signal and then switches the rest of the frame to the antenna with the best signal. This also solves the multipath problem because multipath very rarely affects both antennas equally, so if multipath is affecting one antenna the other one is probably fine or at least not as badly affected.

Antenna types:
Omnidirectional antennas send a signal of the same strength in all directions. But note this is only on the H-Plane, this is why the classic shape is a doughnut, less signal is propagated vertically compared to horizontally. A high gain omnidirectional antenna takes this concept even further, squashing the doughnut down to increase the horizontal directions and reducing the vertical.

Dual Patch antennas are essentially 2 antennas placed back to back, the idea being to radiate in two directions, a good example of this placement would be in the middle of a corridor.

Semidirectional antennas focus the signal but not completely. It is still relatively broad coverage but aimed in a direction. Types of semidirectional antennas include patch and Yagi. Patch is half of the dual patch and Yagi is more focused.

Highly Directional antennas are very focused in a single direction, an example of this is Cisco's parabolic dish.

The accessories which can affect the EIRP include:
Attenuators - These are placed between the radio and antenna to reduce the dB.
Amplifiers - Amplifiers boost the signal and is known as active gain, rather than the passive gain on the antenna. These should be placed as close to the antenna as possible for maximum gain.
Lightning arrestors - These are used to protect the system components and connection back to the wired network from a lightning strike. Another option to installing a lighting arrestor is to install a small run of fibre cable between the AP and network because fibre cable doesn't conduct electricity. Lightning arrestors don't protect from a direct strike, the fibre cable will help more but it has to be at least 1m long.
Splitters - These are used to send signal out more than one antenna, or to receive signal from more than 1 antenna. The downsides of a splitter includes up to 4dB of loss introduced, and the throughput will be halved.
Cables and connectors - As well as increasing the flexibility of antenna placement cables and connections also add loss

Tuesday 26 June 2012

Measuring Signal Strength - RSSI and SNR

RSSI is the received signal strength and it is measured as a grade value ranging from 0 to 100. Each grade value has an equivlient dBM. RSSI are negative and represent the level of signal loss which can be experienced between the transmitter and receiver with the receiver still being able to receive the signal correctly. Because RSSI is relative and based on grades the RSSI figures cannot always be compared between manufacturers equipment, one may use grades from 0 to 50 and another may use from 0 to 100.

Signal to noise ratio (SNR) is the amount of signal compared to the amount of surrounding noise. A higher value is better for SNR because there is more signal compared to noise.

Measuring Signal Strength:
Signal strength can be measured using two types of values; relative and absolute. The absolute value is a static measurement which is taken at a point in time, which compared to the relative measurement is based on a change from one value to another. Relative measurements are easier so you will most often see these used when describing the signal power.

The measures for absolute measurements include:
Watt - which is the energy spent / emitted / consumed per second. 1 Watt is 1 Joule of energy per second. 1 Watt is also 1 volt with 1 ampere of power. This is confusing and I don't fully understand it! However I'm hoping it will become more apparent through my wireless journey
Milliwatt (mW) - 1W = 1000 mW

The values used for relative measurements are:
Decibel (dB) - A decibel is either a positive or negative change.
Decibel referenced against an isotropic antenna (dBi) - An isotropic antenna doesn't really exist, it is a theoretical antenna which we use as a reference to compare one antenna to another. The isotropic antenna gives out spherical waves which are equal in all directions. Essentially the higher dBi, the higher the gain, and the more acute the angle of coverage.

Decibel referenced against a dipole antenna (dBd) - Dipole antennas do exist and give the classic wireless "doughnut" shape. dBi and dBd can be compared, dBi = dBd + 2.14

Decibel referenced against a milliwatt (dBm) - The arbitrator reference point is 1 milliwatt, so 1 milliwatt = 0dBm, or no change from the reference.

And now the maths, Calculating EIRP (Effective Isotropic Radiated Power):
If the dB is increased by 3, double the Transmit power (Tx)
If the dB is reduced by 3, half the Tx power
If the dB is increased by 10, 10x the Tx power
If the dB is reduced by 10, 1/10 the Tx Power

For example, if a radio transmitter emits a signal at 100mW and an amplifier introduces 3dB gain the signal will double to 200mW. Expanding this if the antenna has 10dB gain then the Tx signal will increase to 2000mW.

EIRP is the amount of signal (or power) leaving the antenna. This consists of connectors, cables, antenna and other factors.

EIRP = Tx Power (dBm) + Antenna Gain (dBi) - Cable Loss (dB)

As a rule of thumb for cable loss 50ft = 3.35dB loss, 100ft = 6.7dB loss.

Here is an example:
Start with Tx Power - +20dBm = 100mW
Add antenna gain - +10dBi = 1000mW
Total power - +30dBm = 1000mW or 1W
Subtract 100ft cable loss (power in half twice) - -6.7dB = 250mW
Total power minus cable loss = 23.3dB = 250mW

Phew that was a long post!

RF Frequency Behaviours - Absorption, Reflection, Refraction, Diffraction, Scattering

There are a number of different factors which can affect wireless signal:
Absorption - When a signal passes through an object a portion of the strength is absorbed as heat, so the signal strength will weaker when it comes out the other side (the amplitude is reduced).

Reflection - This is when a signal hits an object and is reflected off at an angle (which depends on the angle it hit the object at). An amount of the energy is absorbed in the process. A possible outcome of reflection is multipath where several different signals reach the receiver each taking a different path, often arriving later, out of phase of the main stream. Degraded signals arriving is referred to as downfade (120 - 170 degrees). It is also possible to nullify the signal if the angle is correct (180 degrees). Finally it is also possible if the signal goes full circle (360 degrees) it arrives back in phase and the signal is boosted, this is upfade.
Multipath will often degrade the signal, however 802.11n can use it to it's advantage. Multipath can also be called fading.

Refraction - This happens when a signal passes through an object and comes out at a different angle that it went in at. The most common reason for this to occur is passing through different mediums, such as from dry air to wet air.

Diffraction - This is essentially the signal bending round an object. Diffraction commonly cause blind spots where the signal has bent around an object, think of light and an objects shadow.

Scattering - This is similar to refraction but it is more unpredictable. It happens when a signal hits and object and is scattered in many unpredictable directions. This is caused by the properties of the object, common object which causes scattering are: dust, humidity, micro-droplets of water, uneven surfaces, density fluctuations.


RF Signal Basics - Frequency, Wavelength, Amplitude

The frequency of a wireless signal is how often the signal occurs, 1Hz is 1 cycle per second. A cycle is a complete wave, from peak to dip back to the starting peak. The wavelength is the size of each cycle, and which dictates the frequency, the smaller the cycles the more cycles per second. 2 cycles per second = 2Hz, 7 cycles per second = 7Hz etc.

1Hz = 1 cycle per second
1MHz = 1 million cycles a second
1Ghz = 1 billion cycles a second

Lower frequencies can travel further, but they offer less bandwidth.

Amplitude is the strength of the signal. Amplitude reflects the amount of energy injected into one cycle and has a large effect on the signal strength. The increase in RF signal strength is referred to as the gain. The disadvantage of amps is that the signal can be distorted and / or damage the receiver if too much power is pushed into it.

Attenuation is the gradual loss of signal strength

The electrical fields emitted by antennas are called beams or lobes

Wireless Topologies Inc. Workgroup Bridges

Just a quick post to cement in my head the differences in wireless topologies The topologies are:
IBSS (Adhoc), BSS, ESS

IBSS (Independant Basic Service Set) is the adhoc method of wireless connections. WIFI clients communicate directly using their wireless adapters without the use of an access point.

BSS (Basic Service Set) is where wireless clients communicate through a single access point.
A confusing point here is the term Infrastructure Basic Service Set (not to be confused with Independent Basic Service Set). The addition of the word infrastructure implies a connection back to the network, known as the Distribution System (DS). It is common place to use these two terms in place of each other, BSS and Infrastructure BSS.

ESS (Extended Service Set) is essentially multiple access points providing the same SSID allowing clients to roam around the network without loosing the connection. The access points should have a 10 - 20% overlap.

Workgroup Bridges (WGB):
If a group of hosts need to connect to the wireless network but they do not have wireless access themselves a workgroup bridge is used. The bridge provides a wired connection for the host devices and a wireless connection back into the wireless network. The wired and wireless connections are bridged. There are two types of WGB in the Cisco world - universal (uWGB) and autonomous (aWGB).

A aWGB provides a single wireless connection for multiple wired clients and also appears as a non-standard client on the wireless network. Note this is a Cisco proprietary type of WGB.

uWGB is a non-proprietary version which can be used to connect to Cisco or non-Cisco APs. The bridge appears as a normal client to the AP. uWGB supports a single client only.

Thursday 21 June 2012

Bringing Back the Home Network

I've got a few bits of kit left at home, I used to have much more, but it's all gone one way or another. But I'm actively making a push to restore it and get it back into service!

The 2 bits I've got left are:
Cisco 877W
Cisco 2611XM voice gateway

Seems silly, I've had this equipment for ages now and never really got it up and running (Primarily due to me being lazy!) partially due to it taking up time which I never seem to have. So here is my declaration! It's out on the internet (or at least on my humble little blog) I will get my Home Network back to a decent standard. I need to get rid of the consumer class equipment and bring it back to decent enterprise class kit so that I can practice, play and study. I'm getting back into my craft!

Symmetric Key Algorithms

This is something which I should really know, and every time I hear it and look it up I do know it, I just couldn't recite it if someone asked. So here's a description to read a few times and hopefully cement it there a little more!

Symmetric Key Algorithms use the same keys for both the encryption of plain text and the decryption of cipher text. I.E. the same key is used to be encrypt and decrypt. In practice it is a shared secret password, which both parties know.

Friday 15 June 2012

Juniper WLC Cluster Licensing - How does this work!

THIS IS NOW INCORRECT. SEE THE NEW POST - ThWh 26/04/2013
http://twhittle1.blogspot.co.uk/2013/04/juniper-wlc-licensing-cluster-update.html

I've left this here for the sake of keeping previous information, this may even apply if you are running old code but as above, please note there is an updated post on Juniper WLAN licensing

So I'm working with some WLC controllers and a thought strikes, if I cluster these together, how does the licensing work? Is it one big pool? Is it individual? Or something different? Well I've done a bit of research and here is the answer:

Each WLC in a cluster has it's own license count. There is no shared pool. If a WLC has licenses for up to 96 WLAs this is how many it will be able to manage. Therefore to achieve redundancy you need to ensure that if an WLC was to fail there would be enough licenses left between the remaining WLC to pick up the load.

For example:
A 3 WLC880R cluster has to support 192 WLA access points. You cannot just divide 192 by 3 (=64) and license each controller for 64 APs because you would not have a redundant WLAN. If a single controller failed then there would only be 128 total licenses remaining between the 2 remaining controllers. This means that you need at least 96 licenses on each controller so that if any single WLC failed the remaining 2 would have 192 licenses between then, enough for each WLA.

The formula that Juniper gives to work it out is:
Maximum Redundancy Capacity == total cluster MP license - largest MX capacity

However I prefer to think of it as:
Min No. Licenses per controller = No. Total APs / (Number of Controllers -1)

Thursday 14 June 2012

A one liner on Traffic Engineering (TE)

An element of Traffic Engineering is ensuring that a specific path is followed (or avoided). For example in an MPLS environment certain nodes or links can be coloured. If the main path fails the backup path knows which specific links or nodes to follow (or avoid) based on the colouring plan. This ensures that connections that are part of a protected circuit will never travel through a common (busy) point.

Traffic Engineering also allows available bandwidth to be reserved along a path.

Ok slightly more than a one liner but its still quick...

Tuesday 12 June 2012

Proxies: Forward and Reverse

A proxy server is an intermediate device which sits between two objects, a common example is clients and a single or set of resources.

There are many different types of proxies but the ones I want to talk about here are forward and reverse proxies:
Forward Proxy:
A forward proxy is used to grant access to a collection of clients to a resource, for example the Internet. A client sends the request to the proxy server naming the destination server, so the client much be configured to know about the proxy in place. The proxy then requests the content from the destination server and returns it to the client.

Reverse Proxy:
A reverse proxy appears to the client as an ordinary server, there is no special configuration required on the client. The reverse proxy receives the request from the client and then decides where to send the request to, usually within a pool of resources, it returns the content as though it was the destination server. An example of a reverse proxy would be as a load balancer for a pool of resources.

Thursday 7 June 2012

Extreme's Universal Port

So this is an interesting feature. Essentially Universal port is "automated edge port provisioning". The following triggers can be used: Time of Day, user authentication, device authentication, identity management, Event Management Systems (EMS). 

Profiles are configured on ports, either locally on the switch, or administered by Ridgeline (Extreme Network Management Software) and activated on the triggers.

XOS supports 3 types of authentication: MAC address based, Web based (username and password), or 802.1x.

Examples of universal port in action are:
Shutting down Phones or other services out of working hours - E.G. 7pm till 7am phones and wireless services power off.
Automatic port parameters provisioning - provisioning of VLANs, QoS, etc for users. This is
great for mobile users too who keep moving ports as their settings go with them.
Broadcast control - If a port detects broadcast traffic, genuine or malformed from a bad NIC, the port can be shut down or rate limited.

This seems like a useful simple little feature and it's mostly self explanatory. Extreme claims you can write the scripts in most languages as well so theoretically easy to implement with loads of possibilities.