WLAN clients comprise basically any device that has a wireless interface and actually terminates i.e., sources or sinks data traffi c.. Security and authentication functions to assure th
Trang 11.3 Inside WLAN Devices
This section briefl y describes the “guts” of various WLAN devices In order to test a device,
it is necessary to have at least some basic understanding of how the device works and what is
inside it The description is necessarily fairly superfi cial; the reader is referred to datasheets
and product descriptions for more information (In some cases, even product literature will not
help; there is no substitute for taking a device apart to see what makes it tick.)
1.3.1 Clients
Clients are at the base of the WLAN pyramid, and are the only elements that are actually in
the hands of users WLAN clients comprise basically any device that has a wireless interface
and actually terminates (i.e., sources or sinks) data traffi c Examples of devices that can act as
WLAN clients are: laptops (virtually every laptop shipped today contains a WLAN interface),
PDAs, VoIP telephone handsets, game consoles, bar-code readers, medical monitoring
instruments, point-of-sale (POS) terminals, audiovisual entertainment devices, etc The
number of applications into which WLANs are penetrating grows on a monthly basis; the
WLAN toaster is probably not too far in the future!
The WLAN portion of a client is required to perform the following functions:
1 Association (connection) with a counterpart device, such as an AP (Prior to association,
the client is not permitted to transfer any data.)
2 Security and authentication functions to assure the counterpart device that the client is in
fact who it says it is, and is authorized to connect
3 Protocol stack support, principally of the TCP/IP protocol, so that applications can
transfer data once the connection process is completed and everything is authorized
4 Mobility functions, such as scanning for higher-power APs and “roaming” from AP to AP
when the client is in motion
The counterpart device to which a WLAN client connects is almost always an AP The 802.11
protocol standard does allow a client to connect directly to another client (this is referred
to as “ad hoc” mode), but this mode is almost never used; in fact, ad hoc mode represents a
management and security headache for most IT staff
A “typical” client (insofar as there can be a typical client) comprises two elements: a hardware
network interface card or module, and a large assemblage of fi rmware and software The
following fi gure depicts the general architecture of a client
The network interface card is typically a PCMCIA (PC-Card) or mini-PCI card for a laptop
or PDA, or may be built into an integrated module in the case of phones or bar-code readers
The level of silicon integration for WLAN NICs is extremely high In the most highly
Trang 2integrated form, a NIC may consist simply of a single CMOS chip supporting the RF and
IF functions (up/down conversion, amplifi cation, frequency synthesis and automatic gain
control or AGC), the baseband functions (modulation and demodulation, and digitization),
and the lower layers of the MAC functions (packet formatting, acknowledgements, etc.) In
this case, external passive and small active parts are all that is necessary to create a complete
NIC More commonly, an NIC can comprise two devices: a fully digital MAC and baseband
chip, usually fabricated in CMOS, and a separate RF/IF device that may be fabricated using
silicon–germanium (SiGe) or other high-speed technology Note that most NICs today support
operation in both 2.4 GHz and 5.8 GHz frequency bands (not at the same time) and contain
Figure 1.9: A Typical Client
Laptop Operating System and Software PCMCIA or mini - PCI Client Card
RF/IF Chip
Integrated MAC + Baseband Chip
Diversity Antennas Device Driver
and High-level MAC functions
Firmware MAC
TCP/IP Protocol Stack Applications
Trang 3two separate RF/IF chains, one for each frequency band The chains are frequently integrated
into a single SiGe device, though
The silicon portion of a client normally only performs the lowest layer of the MAC functions:
packet formatting, checking, encryption/decryption, acknowledgements, retransmissions,
and protocol timing The remainder of the MAC functions – typically referred to as the upper
MAC – comprise authentication/association, channel scanning, power management, PHY rate
adaptation, security, and roaming These are almost always implemented using a combination
of fi rmware, device drivers, and operating system software (Many MAC chips integrate a
small ARM or MIPS RISC processor to support some of the fi rmware functions.) In the case
of laptops or Windows CE PDAs, the Windows OS performs a good portion of the upper-layer
802.11 functions In general, the partitioning of functions is done as follows: low-level,
real-time tasks are done by the hardware, mid-level protocol functions by the fi rmware or device
driver, and higher-level, user-visible tasks (such as selecting a specifi c network to associate
with) are carried out by the operating system and the WLAN card management processes
running under it
1.3.2 Access Points
APs form the essential counterpart to clients in almost every modern WLAN APs comprise
exactly what their name implies: they provide points at which clients can gain access to the
wired infrastructure, bridging between the wireless (RF) world and the Ethernet domain
While in a home environment the number of APs may almost equal the number of clients
(it is not unusual to fi nd home WLANs consisting of exactly one client and one AP), in
typical enterprise installations the clients outnumber the APs by a factor of 5 or more
Enterprise equipment vendors usually recommend that no more than 6 to 10 clients be
supported by each AP
The functions of an AP are in many cases a mirror image of those performed by a client:
1 Broadcasting “beacons” to indicate their presence and abilities, so that clients can scan for
and fi nd them
2 Supporting association by clients, as well as the security handshakes required by whatever
security scheme is being used Note that APs do not actually process any of the security
handshakes apart from the ones defi ned by the 802.11 and 802.11i standards; instead, they
establish a secure connection to a RADIUS server and pass these packets on
3 Bridging and packet translation of data packets sent to or received from connected clients
4 Buffering of packets, especially in the case of “sleeping” clients that are using the 802.11
power management protocol to conserve battery life
Trang 4In many cases, APs also participate in “RF layer management”, especially in large enterprise
deployments In this case, they monitor for adjacent APs, detect “rogue” APs and clients,
adjust their signal strength to limit interference, and pass information up and down the
protocol stack to enable clients to roam quickly
The following fi gure shows the typical internal architecture of an enterprise-class AP
Figure 1.10: A Typical Access Point
The hardware portion of the AP is not unlike that of a laptop client, comprising a device to
perform RF/IF functions and another, more integrated device that contains the MAC and
baseband functions However, there are two key differences:
1 Many APs (enterprise APs in particular) support simultaneous operation in both the 2.4
and 5.8 GHz frequency bands Thus they contain two completely independent RF/IF chains, basebands, and MAC processing elements
2 Client NICs can rely on the presence of a host CPU and OS, but APs cannot Thus APs
typically integrate some kind of control CPU running an embedded OS (frequently some version of Linux) for these functions
The fi rmware functions in an AP are, however, entirely different The need to support the
802.11 protocol (upper/lower MAC) and the various subprotocols such as 802.11i and 802.11e
are the same, though of course a mirror image of the protocol functionality is implemented
as compared to the client However, there is also a large amount of additional fi rmware
AP Operating Software
SERIAL
5 GHz RF/IF Chip
Integrated 802.11a MAC + Baseband Chip
Diversity Antennas Diversity
Chip
Integrated 802.11b/g MAC + Baseband Chip
Network Processor CPU Ethernet (802.3) MAC and PHY chip
Packet Buffer Memory
Flash Memory
Client Session Manager
Control Manager
HTTP SNMP CLI/Telnet
Security QoS Association
TCP/IP Stack
Packet DMA
RTOS and Drivers
Trang 5required for confi guration, management, provisioning, recovery, and an interface to the user,
either directly or through a WLAN switch In some cases, quite a large amount of high-level
protocol support (Telnet, DHCP, HTTP, RADIUS, etc.) is contained within the fi rmware
image run by the AP
A relatively recent trend in enterprises is the incorporation of multiple “virtual” APs within
a single PHY AP Essentially, each AP acts as several logical APs, broadcasting multiple
beacons, advertising multiple service sets (with different SSIDs), and allowing clients
to select a specifi c logical AP to which they would like to associate The logical APs are
frequently confi gured with different security settings, and virtual LAN (VLAN) facilities on
the Ethernet side are used to direct traffi c appropriately The effect is to set up two or more
“overlay” WLANs in the same area, without the expense of duplicating all the AP hardware;
for example, an enterprise can deploy a guest network for use by visitors and a well-protected
corporate network for use by its employees with the same set of APs
With the spread of WLANs in consumer and multimedia applications, a number of
special-purpose variants of APs have been developed The most common one, of course, is the
ubiquitous wireless gateway: a combination of AP, Ethernet switch, router, and fi rewall,
normally used to support home Internet service Other devices include ADSL and cable
modems with the AP built into them (i.e., simply replacing the Ethernet spigot with an
appropriate broadband interface), and wireless bridges or range extenders, that relay WLAN
packets from one area to another All of these devices use much the same structure as that of a
standard AP, changing only the fi rmware and possibly adding a different wired interface
Figure 1.11: A WLAN NIC Chipset
Serial EEPROM Voltage
RF/IF Converter
Crystal Oscillator
2.4 GHz Power Amplifier
Antenna Switch Antenna
Antenna
Trang 61.3.3 WLAN Switches
Of interest for enterprise situations is the trend towards “thin APs” This basically means
that a large fraction of the higher-layer 802.11 functions, such as connection setup and
mobility, are centralized in a WLAN switch rather than being distributed over individual
APs (Some vendors refer to the WLAN switch as a “WLAN controller”.) The CAPWAP
protocol described previously is being standardized to enable the APs and WLAN switches to
communicate with each other From a hardware point of view a “thin AP” is not signifi cantly
different from a normal or “thick” AP, and in fact at least one vendor uses the same hardware
for both applications, changing only the fi rmware load
The benefi ts of “thin APs” and centralized management are not diffi cult to understand
When an enterprise deploys hundreds or thousands of APs, manual confi guration of each
AP becomes tedious and expensive, particularly considering that APs are often stuck in
hard-to-reach or inaccessible places such as ceilings and support columns The “thin AP”/
WLAN switch model, on the other hand, enables the enterprise network administrator to set
up a single confi guration at the switch, and “push” it out to all of the APs at the same time
Firmware upgrades of APs become similarly easy; once the WLAN switch has been provided
with the new fi rmware, it takes over the process and “pushes” the fi rmware down to all the
APs, and then manages the process of reloading the confi guration and verifying that the
upgrade went well
The following fi gure shows a typical switch-based WLAN architecture
Wireless Clients
Lightweight Access Points
Wired Ethernet Infrastructure
Wireless Clients
Lightweight Access Points
Lightweight Access Points
Lightweight Access Points Wireless LAN Switch
Security Engine
Packet Buffer & Switching Fabric
Network Processor
Security Engine
Flash Program Storage
Ethernet MAC/
PHY
Ethernet MAC/
PHY
Ethernet MAC/
PHY
Ethernet MAC/
PHY
Figure 1.12: WLAN Switch Architecture
In general, a WLAN switch has one or more Ethernet ports, and is intended to be installed in a
wiring closet or equipment center APs may be connected directly to the switch ports, or (more
commonly) to an Ethernet LAN infrastructure to which the WLAN switch is also connected
Trang 7For example, a hierarchy of LAN switches may be used to connect a large number of APs, up
to a hundred or so, to a single port of a WLAN switch
There is an emerging trend among large equipment vendors such as Cisco Systems to integrate
the WLAN switch directly into a high-end rackmountable wiring closet or data center
Ethernet switch In this case, either a plug-in services card is provided with the WLAN switch
hardware and fi rmware on it, or else a factory-installed plug-in module is used to support the
WLAN switch hardware and fi rmware
The protocol run between the WLAN switch and the AP tends to vary by vendor, with many
custom extensions and special features for proprietary capabilities As previously mentioned
the CAPWAP group at IETF is standardizing this protocol In all cases, however, the protocol
provides for the following basic functions:
1 discovery of the WLAN switch by the APs, and discovery of the APs by the WLAN
switch;
2 fi rmware download to the AP;
3 confi guration download to the APs (e.g., SSIDs supported, power levels, etc.);
4 transport of client association and security information;
5 transport of client data, in cases where the data path as well as the control path passes
through the WLAN switch
1.4 The RF Layer
The RF layer of the WLAN protocol is, of course, the raison d’etre of every WLAN device;
it is this layer that provides the “wireless” connectivity that makes the technology attractive
This section will briefl y summarize the requirements placed on transmitters and receivers
intended for WLAN service that go beyond standard radio transceiver needs The reader is
referred to one of the many excellent introductory books on the WLAN RF layer, such as RF
Engineering for Wireless Networks by Dobkin, for further information.
1.4.1 Transmitter Requirements
Transmitters for typical 802.11 WLAN devices are required to produce 50 mW or more of
power output in the 2.400–2.483 GHz and possibly also the 5.150–5.825 GHz frequency
bands The following fi gure shows the general frequency bands and emission limits in various
countries
The early 802.11 transmitters were relatively uncomplicated devices, as they were required to
transmit BPSK or QPSK modulation at 1 or 2 Mb/s in a 16 MHz channel bandwidth – not very
Trang 8exacting requirements The 802.11a and 802.11g standards, however, raised this to 54 Mb/s
in the same bandwidth In order to support these PHY rates in the typical indoor propagation
environment, it was necessary to use complex modulations – 64-point QAM constellations –
with OFDM The design of an 802.11a or 802.11g transmitter is therefore far more
complicated (Of course, the design of a MIMO transmitter for the 802.11n draft standard is
more complicated still.)
The key issue in supporting OFDM modulation is the high peak-to-average power ratio
resulting from the modulation A typical FM transmitter has a peak-to-average ratio of
1(0 dB); that is, the output is virtually a continuous sine wave By comparison, an OFDM
signal can have a peak-to-average ratio of as much as 8 dB If the transmitter, particularly the
power amplifi er, is incapable of handling these peaks without clipping or compression, the
resulting non-linear distortion will produce two adverse effects:
1 The output spectrum will widen due to the mixing and production of spurious signals
2 A higher rate of bit errors will be generated at the receiver
The spectral purity of 802.11 transmitters is strictly regulated (and specifi ed in the 802.11
standard) in order to prevent adjacent channel interference Spectral purity is represented by a
spectral mask, which is simply the envelope in the frequency domain of the allowable signal
components that can be transmitted
One simple means of assuring a high-linearity transmitter is to ensure that the peak power
output is always much less than the compression level of the power amplifi er (PA) and driver
chain Unfortunately the peak-to-average ratios of OFDM means that obtaining a suffi ciently
high average output power requires a rather large and expensive PA Designers therefore spend
a great deal of time and energy attempting to strike a good balance between cost, size, and
output power
Beyond linearity, power consumption and cost are probably the most signifi cant factors to be
considered by 802.11 transmitter designers All of the modulation functions are normally
Trang 9carried out using digital signal processing at baseband, and the signals are then up-converted
to the operating frequency band The complex digital processing required by OFDM
consumes both power and chip die area Further, a high-output low-distortion PA chain
consumes almost as much power as the rest of the radio combined Minimizing power
consumption is therefore high on the list of design tradeoffs (It is noteworthy that one of the
biggest impediments to the use of 802.11a and 802.11g technologies in VoIP-over-WLAN
handsets is power consumption; the older 802.11b radios consume a fraction of the power of
an 802.11g system.)
A key parameter that is a consequence of the TDD nature of 802.11 is the transmit-to-receive
(and vice versa) switching delay To maximize the utilization of the wireless medium, it is
desirable for the interval between transmit and receive to be kept as short as possible: ideally,
well under a microsecond This in turn requires the transmitter in a WLAN device to be
capable of being ramped from a quiescent state to full power in a few hundred nanoseconds,
without burning up a lot of DC power in the quiescent state, which is not a trivial engineering
challenge
1.4.2 Receiver Requirements
The principal burden placed on an 802.11 receiver is the need to demodulate data at high rates
(54 Mb/s) from a many different transmitters (thanks to the shared-medium channel) with a
low bit error ratio
The 802.11 PHY standards provide for special training sequences or preambles that precede
every packet The receiver must constantly scan for these training sequences, lock on to the
(known) information within them, and use them to fi ne-tune the oscillators, A/D converters,
and demodulator parameters For example, 802.11 A/D converters have only 5–7 bits of
Figure 1.14: OFDM Transmitter Spectral Mask
Trang 10resolution, to save power and cost; thus the receiver makes an accurate measurement of
average power level during the training sequence, and uses this value to center the signal in the
A/D converter’s limited operating range
Unlike their more complicated brethren in the cellular world, 802.11 devices do not make
use of more advanced techniques such as Rake receivers and combining diversity (This is
changing with 802.11n, however.) The key engineering tradeoff in WLAN receivers, therefore,
is cost and power consumption versus error-free reception
1.4.3 Rate Adaptation
Rate adaptation is an interesting peculiarity of the 802.11 PHY layer To put it simply, an
802.11 PHY – under control of the lower level of the MAC – selects the best rate for data
transmission under the prevailing propagation and interference conditions It is to facilitate
rate adaptation that there are so many rates defi ned for an 802.11g or 802.11a PHY;
specifi cally, 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mb/s) It thus provides a dynamic and
automatic method of adjusting the PHY rate to match the channel conditions
Rate adaptation is basically a tradeoff between raw bit-level throughput and frame error rate
A high PHY rate such as 54 Mb/s can transfer data more than twice as fast as a lower PHY
rate such as 24 Mb/s, but also requires a much higher signal-to-noise ratio (SNR) to maintain
the same frame error ratio We are, after all, interested in transferring correct data, not merely
squirting bits across! When the SNR drops due to increasing range or interference level,
transmissions at 54 Mb/s experience higher levels of frame errors, which in turn require more
retransmissions – thus dropping the net effective data transfer rate At some point, it is actually
more effi cient to use a lower PHY rate that is less susceptible to frame errors at that SNR; the
reduced bit rate is compensated for by the lower retransmission rate, because the frame errors
decrease The PHY therefore adjusts its bit rate downwards to keep effi ciency high
The specifi c algorithm used to determine the rate adaptation behavior of a WLAN device is
not standardized, and is usually vendor-specifi c and proprietary In general the rate adaptation
process looks at two parameters: the signal strength of the packets received from the
counterpart device (e.g., in the case of a client this would be the beacons and packets received
from the AP) as well as the perceived frame error ratio at the far end The perceived frame
error ratio is deduced by looking for missing acknowledgement packets (ACKs) in response to
transmitted data frames, because 802.11 does not provide for any explicit indication of frame
error ratio between devices A lower signal strength, particularly coupled with a higher
far-end frame error ratio, indicates a need to drop the PHY rate in order to maintain effi cient data
transfer
Note that some (misguided) device vendors actually implement a sort of “reverse rate
adaptation” algorithm; they confi gure their device to transmit at the lowest possible PHY
Trang 11data rate at all times, until the traffi c load increases and the device starts dropping packets,
at which point the PHY bit rate is ratcheted up This, of course, leads to a substantial drop in
effi ciency for the WLAN as a whole
1.4.4 Coexistence
All wireless devices, whether a simple AM radio or an 802.11 OFDM link, are subject to
coexistence issues Coexistence in this context refers to interference to, or from, other licensed
or unlicensed radio services As the number of such radio services occupying the microwave
bands (particularly above 1 GHz) is increasing at a rapid pace, coexistence has become a
signifi cant issue; in fact, the IEEE has recently formed a separate group (IEEE 802.19)
to monitor the coexistence issues of all of the different types of wireless communication
standards being created within the 802 committee
The most notorious example of coexistence issues observed with WLANs is, of course,
interference from microwave ovens However, many other situations exist, particularly in the
2.4 GHz band which is shared by a large variety of users For instance, Bluetooth devices also
use the 2.4 GHz band; their frequency-hopping radios can sometimes shut down wireless links
2.4 GHz cameras and video links, not to mention cordless phones, can affect (and be affected
by) WLANs In the 5 GHz band, particularly in Europe, WLANs are secondary to certain
types of radars; as a consequence, 802.11a radios implement radar detection mechanisms to
detect and avoid radar signals
1.4.5 Propagation
Wireless links are extremely subject to propagation conditions between the transmitter and
receiver (Wired networks have the luxury of essentially ignoring this issue; if optical or
twisted-pair cables are properly installed, then the user is assured of extremely high SNR on
a permanent basis.) Indoor propagation at microwave frequencies is particularly infl uenced
by all sorts of changes in the environment surrounding the wireless devices It is not unusual
for the propagation characteristics of an offi ce environment to change drastically between
daytime, when there are lots of occupants busy absorbing microwave energy, and nighttime,
after everyone has gone home
Propagation issues generally increase as the wavelength drops; thus 5 GHz WLANs have a
comparatively lower range than 2.4 GHz WLANs, due to absorption in the walls and doors
as well as the increased impact of diffraction and fading Further, the multipath effects within
buildings leads to inter-symbol interference (ISI) that limits the data rate possible over the
wireless link: 802.11 WLANs deal with this issue at the higher data rates by resorting to
guard interval between symbols to let multipath settle out
Trang 12A whole science has been built around the modeling of indoor propagation effects as well as
the actual measurement of propagation characteristics of indoor environments and their impact
on wireless communication channels The reader is referred to the excellent books by Durgin
(Space-Time Wireless Channels) and Rappaport (Wireless Communications: Principles and
Practice) for more information on this subject.
1.4.6 Multiple Input Multiple Output
The upcoming 802.11n draft standard uses MIMO techniques to support nearly an order
of magnitude increase in the PHY data rates of 802.11 links Simply put, MIMO takes a
disadvantage (multipath effects within buildings, caused by signals scattering off metallic
objects) which reduces data rates in 802.11g or 802.11a, and actually converts it to an
advantage by employing the multipath to increase data rates There IS such a thing as a
free lunch!
At the frequencies used in WLANs (2.4 GHz and up, with wavelengths of 12.5 cm or less),
even small metallic objects can refl ect or diffract (i.e., scatter) the energy propagating from
the transmitter to the receiver A typical indoor environment is thus full of scatterers of all
kinds, which result in multipath propagation between transmitter and receiver, as shown in the
following fi gure
Reflection from metallic
objects
Diffraction around metallic edges
Attenuation when passing through non-metallic objects
Reflection from surfaces behind receiver
Figure 1.15: The Indoor Channel
Normally, this multipath is a nuisance; energy arriving over different paths may be just as
likely to cancel each other (destructive interference) as to reinforce each other (constructive
interference), leading to fading effects and frequency-selective channels, all of which limit the
range and data rates of conventional receivers and transmitters However, it was observed in
the late 1960s that the multiple signal paths could actually be used to increase the bandwidth
Trang 13provided that they were uncorrelated, that is, the amplitude and phase of the different
multipath signals are statistically independent In essence, one can regard the multiple signal
paths as being multiple independent parallel radio channels, and send different signals down
these channels; the effect is that the available bandwidth is increased by the number of such
radio channels, even though all of these channels are in the same frequency band and the same
physical space This is the basis for the MIMO technique
A simplifi ed view of the MIMO process is as follows: take the source data signal, split it up
into as many smaller pieces as there are uncorrelated signal paths, and transmit each piece
down a separate signal path At the receiving end, all of the individual pieces are received
and then reassembled into the original data signal Effectively therefore, the bandwidth of
the channel has increased by N, where N is the number of signal paths (This is also the basis
for the term MIMO – the radio channel is regarded as having multiple inputs and generating
multiple outputs.) This is represented graphically in the fi gure below
TX
RX
Path 1 carries information stream 1 Data bitstream
broken up into 3 information streams
Path 2 carries information stream 2
Path 3 carries information stream 3
Uncorrelated scatterers: each path can carry a separate information stream
Scatterer
Obstruction to direct ray
Correlated scattering: only one of these two paths can carry information
MIMO antenna array
shapes transmit
power pattern
Figure 1.16: Using Uncorrelated Multipath
It should be kept in mind that this is actually a rather rough approximation to the real way in
which the MIMO process is performed – the transmitter does not locate individual scatterers
and shoot beams off each one However, it is suffi cient for an understanding of the basis of the
process
In order to send different pieces of information down the different signal paths, both the
transmitter and the receiver must be able to distinguish between the various paths This is
done by equipping the transmitter and receiver with multiple antennas, each connected to a
completely separate but synchronized radio In the case of the receiver, signals