Expert Reference Series of White Papers

WLAN Channel Access:

How WiFi Networks Talk and How You Can Make Them Talk More Clearly
1-800-COURSES www.globalknowledge.com

WLAN Channel Access: How WiFi Networks Talk and How You Can Make Them Talk More Clearly
Ben Miller, Global Knowledge Course Director

Introduction
The iPhone 4 can aptly be described as a cultural phenomenon; Apples newest gadget caused otherwise sane men to ring city blocks for hours in the hopes of obtaining one. This years second-most compelling gadget also became something of a wireless networking phenomenon, albeit unintentionally. Steve Jobs, the man recognized as one of the business worlds most charismatic and organized presenter, was made to look disorganized when his WiFi network stopped working. The unexpected nature of Jobs bobble was what made it such a spectacle. This white paper, then, is designed to be a lesson in avoidance. The goal here is to understand what the wireless folks at Apple could have done to avoid embarrassing their boss and how it can be applied in the IT guys everpresent quest to avoid a similar failure.

The Channel How It Works

Before discussing tips for making a wireless channel resilient, its best to discuss how the channel works. WiFi involves half-duplex wireless devices participating in time division multiplexing using DCF (distributed coordination function), which is part of CSMA/CA (carrier sense multiple access with collision avoidance). In English, that means APs and stations must share a wireless channel by identifying when the channel is busy and staying quiet during those times. There are two carrier sense mechanisms that can cause WiFi devices to identify a busy channel: the CCA (clear channel assessment) and the NAV (network allocation vector). The CCA is a physical carrier sense. That means that it just involves WiFi devices listening to the channel to see if it is clear. In a crowded environment like the iPhone 4 introduction, having a functioning CCA becomes very important.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

The CCA The CCA

[Quiet area]

a r e

Q u i c k T i m e a n d d e c o m p r e s s o r n e e d e d t o s e e

a t h i s p i c t u r e .

Data

Figure 1. Inserted after the paragraph that begins The CCA is a physical carrier sense

The NAV is a virtual carrier sense. It doesnt involve any kind of listening to the channel. Its basically just a timer. Each AP and station has a NAV value that is set by the Duration field of the 802.11 header. Once an AP or station sees the Duration value in a frame where it is not the receiver, the AP or station counts down towards 0. Until the NAV completely counts down the channel is considered occupied. The NAV can certainly be helpful in crowded WiFi environments, but it only plays a large role in keeping channels clear if you configure the proper settings on APs and stations (more on that later). There is one other mechanism for WiFi channel access that affected the iPhone 4 introduction: the random backoff. The random backoff is something that comes from CSMA/CD (carrier sense multiple access with collision detection) in wired Ethernet LANs, but its placed differently in wireless WiFi LANs. 802.3 Ethernet involves having devices back off (stay quiet) after a collision by choosing a random number of slot times (short quiet periods). The idea is that since the number of slot times is chosen randomly, one device will begin transmitting on the wire before the other finishes counting down its slot times, thus avoiding a second collision. In 802.11 WiFi, stations use the same random choosing of slot times, but they do it before transmitting rather than after a collision. The idea is to do collision avoidance rather than collision detection.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

The important thing to understand about the random backoff is just that it allows each AP and station to have randomized, yet equal, access to the channel when multiple devices have data to transmit. For a WiFi channel to work properly, the CCA, the NAV, and the random backoff have to be working correctly. If devices cant use the CCA and/or NAV to stay quiet while other devices are transmitting, there will be collisions. If there are so many devices attempting to transmit at the same time that identical numbers of slot times get chosen during the random backoff time, there will be collisions. The bottom line is that devices have to know to keep quiet, and the channel has to have a limited number of devices attempting to transmit at any given time in order for the DCF to work correctly.

The iPhone 4 Introduction Problem

When the iPhone 4 introduction was submarined, Steve Jobs asked reporters covering the event to refrain from using WiFi so that the channel could be kept clear for demonstrations. This led to a number of reports after the event citing interference as the root of the problem. It is true that nearby WiFi activity was the likely cause of the problems with the iPhone 4 demonstrations, so using the word interference is appropriate. The question is, which type of interference? As discussed above, there are three parts of the DCF that could break down. The CCA wont work if devices cant hear other devices transmitting. The NAV wont work if the Duration field in the header cant be read. The random backoff timer wont work if more than one AP or station chooses the same random number of slot times when trying to transmit data. At first glance, it may seem like the CCA and NAV would have worked just fine. When the iPhone 4 presentation was happening, all WiFi devices both held by Steve Jobs and journalists were in the same room. It was a large room, but there were no concrete walls or heavy doors in the way that would have blocked WiFi signals. The CCA just needs a signal to work. The NAV just needs a header to work, and the header can be read as long as the signal can be heard. An open room seems to be a place where those two things can function. In this case, however, the CCA and NAV were most likely not functioning. The CCA works by having WiFi devices listen to the channel. That sounds simple, but an important caveat is that APs and stations must be able to demodulate WiFi frames in order for the CCA to work. The way the CCA operates is that WiFi devices must hear a WiFi frame on the channel in order to stay quiet. If WiFi devices hear anything else -- Bluetooth or cordless phones, to name two examples -- they will just view the channel as clear and proceed along the normal data transmission path. If a WiFi device is too far away from the location where the frame originated, it is possible that the listening AP or station will not recognize the radio waves as a WiFi frame and, therefore, not use the CCA to stay quiet.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

CCNA Problem
CC A Pr o blem

[Quiet area] 54 Mbps

a r e

Q u i c k T i m e a n d d e c o m p r e s s o r n e e d e d t o s e e

a t h i s p i c t u r e .

1 Mbps

a r e

Q u i c k T i m e a n d d e c o m p r e s s o r n e e d e d t o s e e

a t h i s p i c t u r e .

Data

[Associated; Not quiet]

Fig 2: Inserted after the paragraph that begins The CCA works by having devices listen to the channel

The CCA becomes a real problem in areas with multiple APs operating on the same channel. When there is only one AP on a channel, everything works in an orderly fashion. Stations that are close to the AP transmit at high rates (thus having a shorter range where frames are successfully demodulated) and stations that are far from the AP transmit at low rates (thus having a longer range). If a second AP appears on the channel, things start to break down. Stations are likely to be close to their associated AP. That means that all stations use high rates, and a laptop in the 35th row of the audience will transmit a frame that will have too short a range to be demodulated successfully on the stage where the iPhone 4 sits. That likely means that the iPhone 4 will not use the CCA, thus causing it to transmit a frame at the same time that another device, on the same channel, is transmitting a frame. Two frames on one channel at one time means a collision.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

iPhone 4 Problem iPhone 4 Problem

MiFi (Interferen ce)

a r e Q u i c k T i m e a n d d e c o m p r e s s o r n e e d e d t o s e e a t h i s p i c t u r e .

iPhone 4 Apples AP

(No CCA) MiFi

(No CCA)
Fig 3: Inserted after the paragraph that begins The CCA becomes a real problem in areas with multiple Aps operating on the same channel.

When collisions happen due to having more than one AP on the same channel, the problem goes beyond the CCA. When the CCA fails, it causes a failure of the NAV as well. The NAV works when stations can successfully read the Duration field of the WiFi header. If the CCA fails and a collision results from that failure, then the header will not be read correctly. The bottom line is that there are two carrier sense mechanisms that keep APs and stations quiet in order to avoid collisions, and both of them tend to fail when more than one AP operates on the same channel, at the same time, in the same area. When the iPhone 4 introduction occured, more than 570 WiFi networks were operating in the same time, in the same area, because lots of journalists brought MiFi portable hotspots (which act as personal APs) to the event. That overabundance of APs is what caused the iPhone 4 demonstrations to go awry. (Admittedly, I was not present at the iPhone 4 introduction, and I certainly did not have the opportunity to perform a protocol analysis during the time that the WiFi network was failing. That said, the video evidence leads me to believe that the CCA breakdown described above is the reason for the failure.)
Copyright 2010 Global Knowledge Training LLC. All rights reserved. 6

Protecting the Channel

If we stipulate that the problem at the iPhone 4 presentation was too many APs, then the best reactive solution is to do exactly what Steve Jobs did: ask everyone to turn off their personal APs. That is also exactly how a network administrator should react if a site survey turns up personal APs brought in by employees, contractors or guests. The question then becomes what should be done proactively to best prevent a CCA breakdown from happening in the first place. There is a simple answer for preventing a CCA breakdown. You just do a pre-installation survey, install only one AP per channel, and run a wireless IDS/IPS (intrusion detection system/intrusion prevention system) so that youre alerted when personal APs pop up. Its simple, but not easy. Even with that simple solution, there are some additional tips that may help in protecting the channel.

Survey for signal, not just data

When a station moves away from an AP, its data rates drop. If a station moves far enough, it eventually loses the ability to send data entirely. Yet even after the ability to send and receive data has been lost, the station may remain close enough to the AP for the APs transmissions to interfere. Radio waves travel approximately the same distance no matter how they are modulated. A frame sent by an AP at 300 Mbps (megabit per second) may only be able to travel a few dozen feet before it stops being able to be successfully demodulated, but the waves keep going. Those radio waves cause interference with other APs and stations that occupy the same channel. When performing a site survey, have a spectrum analyzer available in order to gauge whether an AP or station is interfering beyond its data range. Most site surveys are performed with a client utility (which makes connections) or some type of frame capture tool (either a protocol analyzer or site surveyor). Adding a spectrum analyzer as a secondary survey tool is recommended.

Consider the use of directional antennas

If the WiFi network has yet to be installed, it may be a good idea to install directional antennas instead of the typical omni-directional antennas. Directional antennas tend to leave less signal in unwanted areas, which may make it easier to avoid having more than one AP covering the same space on the same channel.

Use RTS/CTS to get help from the NAV

In describing how the channel works earlier in this paper, we discussed the fact that the CCA and the NAV perform essentially the same function: keep nearby APs and stations quiet. Since having more than one AP per channel often causes the CCA to breakdown, the NAV can be a useful protocol for keeping the number of collisions low.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

The NAV is set by the Duration value in each WiFi header. That means that if a WiFi header can somehow reach vulnerable APs and stations before they attempt to send data, the channel can be kept clear even when the CCA has failed. The RTS (request to send) and CTS (clear to send) frames are non-data frames (so, just a header) that can be used to carry a Duration value in advance of a data frame transmission. The way WiFi works is that each AP and station has an RTS Threshold setting. If the RTS Threshold is set to a number that is less than the size (in bytes) of the data frame that is about to be transmitted, the AP or station will send an RTS frame and receive a CTS frame first. The RTS frame will set the NAV in all APs and stations within range of the transmitter, and the CTS frame will set the NAV in all APs and stations within range of the receiver. In laymans terms, that means that even if the CCA fails, the channel will stay clear. Unfortunately, not all WiFi equipment vendors allow the RTS Threshold setting to be manually configured. If it can be configured, though, dropping the setting to a low number perhaps even zero may help in areas where more than one AP occupy the same channel.

Provide WiFi for non-employees

Personal APs, usually in the form of a MiFi portable hotspot, have become quite popular among people who travel. While they are ostensibly healthy because they allow guests and contractors to use someone elses Internet bandwidth, they can pose a problem if too many of them begin showing up.

Reduce the power output of existing APs

If a careful survey is done before installation, then the power output setting on APs should be configured correctly. In many cases, however, there is not enough time or resources for a complete site survey. A common problem found in WiFi networks that are installed without a comprehensive site survey is that the AP power output is often set too high. If you run a protocol analyzer and see multiple APs on the same channel covering the same area, it may be a good idea to drop the power output settings and see if that problem is solved. One caveat about changing power output settings on APs (or any settings on APs, for that matter) is that, in many cases, the changed settings will not register with the AP. Some WiFi equipment vendors that shall remain nameless have APs that keep AP power high, even when you set it lower, and fail to use RTS/CTS, even when you set the RTS Threshold to zero. Its unfortunate when that happens, but if you do a quick frame capture before and after you change a setting, youll be able to tell if the change registers properly. If it doesnt, then you can notify the manufacturer (or trash them on Twitter, whichever you prefer).

Now Get That WiFi Talking

The channel access protocols of WiFi networks are complex, but they are also logical. And if the proper design is adhered to, large numbers of stations will be able to share the channel with their associated AP. When that happens when the CCA, the NAV, and the random backoff time work properly the talking between WiFi devices becomes a beautiful.

Copyright 2010 Global Knowledge Training LLC. All rights reserved.

Having an understanding of how WLAN channel access works will allow you to create and maintain a network that supports this elegant design. But be diligent. A haphazard design can render the talking of WiFi devices unintelligible.

Learn More
Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge. Check out the following Global Knowledge courses: Analyzing TCP/IP Networks with Wireshark Wireless LAN Foundations Network+ Prep Course For more information or to register, visit www.globalknowledge.com or call 1-866-925-7765 to speak with a sales representative. Our courses offer practical skills, exercises, and tips that you can immediately put to use. Our expert instructors draw upon their experiences to help you understand key concepts and how to apply them to your specific work situation. Choose from our more than 1,200 courses, delivered through Classrooms, e-Learning, and On-site sessions, to meet your IT, project management, and professional skills training needs.

About the Author

Benjamin Miller is a wireless services professional based in Los Angeles, CA. Ben offers training services for professional training centers and organizations looking to design, manage, and secure wireless networks. In addition to training, Mr. Miller also offers surveying services to organizations in need of wireless network planning or optimization, as well as a limited number of speaking engagements and writings in the field of wireless networking. Benjamin is the Course Director for the Global Knowledge Wireless Curriculum, overseeing course development, instructor readiness, and equipment testing for Wireless LAN Foundations and Wireless LAN Security and Analysis. He was a guest speaker for the Information Systems Security Association (ISSA) New England chapter event on wireless local area network security. In addition, he has been an advisor to the CWNP Program and a contributor to the CWNP Forum for vendor-neutral wireless certifications. In his spare time, Ben Miller is a feature writer covering mixed martial arts and professional wrestling for the Wrestling Observer and a story editor for NoTrace Camping, a production company based in Los Angeles, CA. He graduated from the University of Southern California in 1999 with a Bachelors of Science degree in Chemical Engineering with an emphasis in Polymer Science. He is also a Certified Wireless Networking Expert (CWNE).

Copyright 2010 Global Knowledge Training LLC. All rights reserved.