Monday, 27 January 2014

Chapter 3 - 802.11 MAC Sublayer Frame Format

General 802.11 MPDU Format

  • MAC Header - frame ctrl, duration, address, seq ctrl & QOS (for QOS data frames) info
  • Frame Body - variable size, content varies with frame type & sub-type
  • FCS - 32 bit CRC


MAC Header

  • 8 major fields
    • 4 x 6 byte addr fields - each is standard MAC address
    • Frame Ctrl, Duration/ID, Seq Ctrl & QOS fields all 2 bytes each
    • Max MAC header size 32 bytes if all used
      • 802.11n introduced HT Control field - 4 bytes (after QOS Ctrl field)
      • Header 36 bytes max if included
    • Header size varies depending on number of address fields used & whether frame is QOS data frame
    • Image(25)
Frame Control Field (MAC Header)
  • First 2 bytes of header 
  • 11 sub-fields:
    • Protocol version
    • Type
    • Sub-type
    • To DS
    • From DS
    • More fragments
    • Retry
    • Power Management
    • More data
    • Protected Frame
    • Order
  • Image(26)
  • Protocol version
    • Always zero - only one version of 802.11 standard
  • Type & Subtype fields
    • Indicate function of frame
    • Type field 2 bits long:
      • 0,0 - Management frame
      • 0,1 - Control frame
      • 1,0 - Data frame
      • 1,1 - reserved
    • Sub-type is 4 bit field, indicating frame sub-type within type category
    • Image(27)
    • Notes:
      • bit 6 = 1 (data frame): no frame body
      • bit 7 = 1 (data frame): QoS frame
  • To DS & From DS
    • bits change meaning of address fields
    • Indicates flow between WLAN and the Distribution System (DS)
    • Four combinations:
      • To DS = 0, From DS = 0
        • Management or control frames (no MSDU payload, no data to or from DS)
        • Within an IBSS (Ad-hoc network)
        • Station to station link (STSL)
      • To DS = 1, From DS = 0
        • data frame upstream from wireless client to DS
      • To DS = 0, From DS = 1
        • data frame sent downstream from AP to client (sourced from device on DS)
      • To DS = 1, From DS = 1
        • Requires 4 address format of frame
        • typically mesh or WLAN bridge link
  • More Fragments
    • Set to 1 if current MSDU or MMPDU has another fragment to follow in subsequent frame
    • Fragmentation service provided by layer
    • Only fragments frames with unicast receiver address
      • multicast & broadcast frames not fragmented as no ack possible
    • Fragmentation limit defined by FragmentationThreshold
      • determined by length of unencrypted MPDU (inc header & FCS)
    • Each fragment has fragment number and is individually acknowledged with ACK
  • Retry Field
    • Set to 1 if no Ack received for mgt or data frame and frame is sent again (e.g. CRC corrupt and frame discarded by rx station)
    • Most unicast frames req Ack (RTS/CTS exchange is an exception, as is QoS No Ack policy in some data frames)
    • Broadcast & Multicast frames not acknowledged
    • Retries very significant issue in WLANs
      • increases overhead and reduce throughput
      • increases latency and jitter which affects time-sensitive applications badly (voice & video)
      • 10% retransmission OK for most data applications
      • VoWiFi requires 5% or lower retransmissions
      • Retransmission levels can be observed (down to client level) using protocol analyzer
  • Power Management Field
    • Indicates 802.11 legacy power save mode used by client when set to 1
    • Requires access point to buffer frame destined for client
  • More Data Field
    • Single bit frame used to indicate if more buffered frames to send to power save mode client
    • Each station associated with AP has association identifier (AID)
    • When AP has data for station using power save mode, indicates data available for station using AID using beacon field: TIM (traffic indication map)
    • TIM is list of stations that have undelivered unicast frames
    • Once station wakes up from doze state, sends PS-Poll to AP to retrieve its buffered frames
    • When AP sends frames, more data field indicates more frames to send, so that station does not go back to sleep
    • Station has to send a PS-Poll frame for each frame it needs to rx
    • When all frame sent, more data field set to zero and station can go back to doze mode
    • Image(28)
  • Protected Frame Field
    • Single bit which indicates if MSDU payload of data frame is encrypted
    • Does not indicate type of encryption, could be WEP, TKIP, CCMP etc.
    • Can also be set in Authentication frames to indicate if Shared Key authentication used
    • May also be set in 802.11w-2009 unicast Robust Management frames
  • Order Field
    • Set in any non-QoS frame where strictly ordered class of service req by upper layer protocol
    • Rarely used - originally intended for legacy protocols that could not enforce ordering recovery

Duration/ID Field (MAC Header)


  • 2 byte field (16 bits)
  • Used for 3 reasons:
    • Virtual carrier sense - main purpose to reset NAV timer of other stations
    • Legacy power management - PS-Poll frames use field as association ID (AID)
    • Contention Free Period - indicator that PCF (Point Co-ordination Function) process has begun
  • Virtual Carrier Sense
    • Main use of Duration/ID field
    • 802.11 stations use CSMA/CA to access medium
    • Virtual carrier sense uses the NAV (network allocation vector) - contains prediction of how how long medium will be busy for
    • Listening stations see NAV value and count down, knowing medium will be busy until zero is reached
    • NAV value uses 13 bits to represent value of 0 - 32,767
    • NAV value represents time in micro-secs 
    • Main purpose of field is to contain duration value to reset NAV timers of other stations
    • Only time a stations NAV timer not reset is when the receiver address is same as receiving stations MAC address
    • NAV values are always indication of frame transmissions that are to follow (e.g. ACK & SIFS)
    • Transmitting station NAV always zero
    • Image(30)
  • Legacy power management
    • When AP has data for AP in power save mode, AID added to TIM in beacons
    • Client sends PS-Poll frame to request buffered unicast frame - AID is put in to Duration/ID field to identify itself to AP
    • Least significant 14 bits used for AID - remaining 2 bits set to '1'
    • Max AID value is 2007
    • Image(31)
  • Contention Free Period
    • Fixed value of 32,768
    • Used in PCF (Point Coordination Function) & HCCA (Hybrid Coordination Function Channel Access)
    • Beyond Scope of CWAP

MAC Layer Addressing

  • 2 Types of address
    • Individual address - unicast
    • Group address - 
      • multicast - group of stations
      • broadcast - all stations : FF:FF:FF:FF:FF:FF
  • Up to 4 MAC address fields, but generally only 3 used
  • Addresses:
    • receiver address (RA)
      • MAC address of 802.11 radio receiving frame
    • transmitter address (TA)
      • MAC address of 802.11 radio sending frame
    • basic service set identifier (BSSID)
      • MAC address of the BSS
      • Is MAC address of AP radio, or derived from radio addr if multiple BSS's exist
    • destination address (DA)
      • MAC addr of final destination of the frame - may be wired or wireless station
    • source address (SA)
      • MAC addr of original sending station - may be wired or wireless station
  • Addresses 6 bytes
    • first 3 bytes are OUI (organisationally unique ID)
    • last 3 bytes: extension identifier
  • Definition of each address field changes with the settings of the ToDS and FromDS fields


  • Addressing definitions:
    • Vary with To DS & From DS field settings
    • Addr 1 - always RA (though may have second definition)
    • Addr 2 - always TA (though may have second definition)
    • Addr 3 - used for additional MAC addr info
    • Addr 4 - WDS only
  • To DS = 0, From DS = 0
    • Commonly management or control frames
      • No MSDU payload, no final destination on DS
      • TA & RA will always be AP & station exchanging frames
      • Example below shows mgt frame sent by client (AP = 1d:90, client = 85:10) - addr 1 = RA, addr 2 = TA, addr 3 = BSSID
      • Image(33)
      • In some cases, BSSID can be wildcard value (all 1s) - e.g. probe request when client looking to roam, as client does not know new BSSID MAC:
    • Also used when performing direct frame transfer from one STA to another on an IBSS (ad-hoc)
      • Example below shows 2 stations (85:10 & 77:3a) using RA & TA, address 3 is BSSID created by first station in ad-hoc network
      • Image(35)
  • To DS = 1, From DS = 0
    • Indicates frame destined for end-point on the DS (usually Ethernet sw network), but sourced from wireless STA
    • Example below shows:
      • Addr 1 is BSSID on AP (RA) (STA sends frame to this address) - 1d:90
      • Addr 2 is wireless client source (TA) - 85:10
      • Addr 3 is MAC of destination device on DS (e.g. DHCP server) - 92:f7
      • Image(36)
  • To DS = 0, From DS = 1
    • Indicates frame sourced fro end-point on the DS (usually Ethernet sw network), but destined for wireless STA
      • Example below shows:
        • Addr 1 is MAC of destination wireless client (RA) - 85:10
        • Addr 2 is BSSID on AP (TA) - 1d:90
        • Addr 3 is MAC of source device on DS (e.g. DHCP server) - 92:f7
        • Image(37)
  • To DS = 1, From DS = 1
    • Requires use of all 4 address fields in MAC header
    • Generally used for bridges, mesh & repeater scenarios
    • Requires that a frame will be sent to another wireless system before being relayed on to a wired DS
    • Two fields are required to identify wireless radios at either end of link and two addresses required to identify wired station on DS at each end. See example below:
    • Image(38)
  • Multiple BSSIDs
    • Each WLAN has logical name (SSID) and unique layer 2 identifier (BSSID)
    • When more than 1 SSID exists, BSSID of each one has unique virtual BSSID - usually an increment of MAC address of AP radio
    • Capability called multiple basic service set identifier (MBSSID) 
    • Allows multiple layer2/3 domains to exist in one layer one domain
  • Sequence Control Field
    • 16 bit field
    • 2 subfields: 4 bit fragment number & 12 bit sequence number
    • Image(39)
    • Sequence number used to sequentially number data frames - assigned by station sending the MSDU or MMPDU
    • Sequence numbers values: 0 - 4095 - wraps once number exhausted
    • If MSDU is fragmented, each fragment is assigned a fragment number - each fragment keeps the same sequence number to allow re-assembly at the receiver
  • Fragmentation threshold
    • Every 802.11 can be configured with fragmentation threshold
    • Specifies limit (in bytes) over which an MSDU will be broken in to fragments
    • Once frame fragmented, fragment ID incremented (starting from zero) and 'More Fragments' bit in frame control is set until last fragment reached 
    • Fragmentation threshold evaluation of an unencrypted MPDU includes Header, frame body & CRC - final frame size may still be larger than threshold due to encryption expansion
    • The example below shows a threshold of 300 bytes
    • Image(40)
    • Image(41)
    • Fragments are always sent in fragment bursts - once transmission medium control gained, all fragments sent using combination of NAV values & SIFS
    • NAV value of each fragment & ACKs set to reserve time to transmit next fragment. SIFS used between frames to ensure beats stations using DIFS to keep control of medium
    • If fragment not acknowledged, retries begin at unacknowledged frame
    • Image(42)
  • QoS Control Field
    • 16 bit field that identifies quality of service params of frame
    • Field present in all data frames where QoS subtype field set to 1 (bit 7) - i.e. QoS data frames 
    • 5 sub-fields
      • traffic identifier (TID)
      • end of service period (ESOP)
      • ACK policy 
      • reserved field
      • Final field meaning varies with station type (AP or client)
      • Image(43)
    • WiFi uses Enhanced Distributed Channel Access (EDCA) access method for differentiated access
      • 8 user priority levels (UPs) (1 - 7)
      • 4 QoS access categories (ACs), based on UPs - these are (lowest to highest):
        • AC_BK (Background)
        • AC_BE (Best effort)
        • AC_VI (Video)
        • AC_VO (Voice)
      • WiFi Alliance QoS Certification called Wireless Multmedia (WMM)
      • 802.1D priority queuing for Ethernet frames mapped on to user priorities & access classes as shown below:
      • Image(44)

      • Image(45)
    • TID - traffic indicator field: first field, 4 bit
      • Identifies user priority (UP) and access category (AC) of QoS data frame (by using mappings shown above)
    • EOSP - end of service period
      • WMM client stations use WMM-PS (WMM power save) - uses "trigger & deliver" mechanism to indicate awake to AP
      • Clients can ask for delivery of multiple frames whilst awake during 'service period' - during association, client must indicate number of frames that can be rx: 2, 4, 6 or all frames
      • EOSP indicates end of current service period (i.e. last frame has bit set to 1 to indicate service period over of buffer empty)
    • ACK Policy
      • 3rd field - 2 bits
      • Indicates ACK policy to be used after delivery of QoS data frame - 4 available
        • ACK
        • No ACK
        • No Explicit ACK
        • Block ACK
    • Reserved sub-field - 4th field - 1 bit (for future use)
    • Fifth sub-field: number of meanings - 8 bits
      • TXOP Limit
        • 802.11 radio may send multiple frames in frame burst, with SIFS between each frame
        • Once it has control of the medium, its allotted period of time to burst is a "transmit opportunity" (TXOP)
        • TXOP limit value varies for each QoS access category
        • TXOP limits set in 32 uS intervals - e.g. Voice AC as TXOP of 47 by default, this is 47 x 32uS = 1,504 uS to transmit once access to channel won
        • TXOP limit is supplied by AP to STA to indicate amount of time it may burst frames
      • AP PS Buffer State
        • AP can indicate to the STA how much data PS data buffered for the client for an access category
      • TXOP Duration Requested
        • 5th field may also be used by client to request TXOP duration of the AP - i.e. how much time a client wants to send next frame burst. AP may choose to assign smaller duration than was requested
      • Queue Size
        • Client may use the field to indicate the amount of data it as buffered, to send for a traffic category
        • AP can use this to determine next TXOP req by client

Frame Body

  • Different frame types carry different payload in frame body - control frames have no body
  • Management frames also known as Management MAC Protocol Data Unit (MMPDU)
    • Carry no upper-layer information, no MSDU encapsulated
    • Only carry:
      • information fields - fixed length, mandatory fields in body
      • information elements - variable length & optional
  • Control frames acquire & clear the channel, as well as unicast acks
    • Only header & trailer - no body elements at all
  • Data frames carry MSDU as payload
    • some subtypes though may not have frame body (e.g. null function frames)
    • frame body is MSDU which contains LLC data & IP packet passed down from upper layers
    • max size of MSDU is 2,304 bytes, though size varies & may exceed limit due to encryption overhead
  • Encryption: 3 types defined in 802.11-2007 to encrypt frame body/payload:
    • WEP
      • adds 8 bytes of overhead for max of 2312 bytes
      • initialization vector = 4 bytes, integrity check value - 8 bytes
    • TKIP
      • adds 20 bytes of overhead for max frame of 2324 bytes
      • IV = 4 bytes, Extended IV = 4 bytes, MIC = 8 bytes, ICV = 4 bytes
    • CCMP
      • adds 16 bytes of overhead for max frame size 2320 bytes
      • CCMP header = 8 bytes, MIC = 8 bytes


FCS Field

  • FCS field contains 32 bit cyclic redundancy check
  • Validates frame integrity
  • Calculated over MAC header & frame body fields (calculation fields)
  • If FCS calc OK, then ACK sent to each frame, if FCS fails, frame assumed corrupted and no ACK sent
  • All 802.11 unicast frames require ACK, multicast & broadcast are not acknowledged

Sunday, 26 January 2014

Chapter 2 - Physical Layer Format

Physical Layer Operations

Each station in one of 3 states: waiting for data, transmitting data or listening for clear channel to transmit

Carrier Sense/Clear Channel Assessment

If station not receiving or transmitting, listening for beginning of signal to receive (carrier sense). If has data to send, needs to understand if channel unused so can send data (clear channel assessment.


If channel clear (using CS/CCA), station will transmit frame & return to receive mode. Cannot detect collisions like Ethernet, so must receive ACK to verify delivery.


If medium busy (via CS/CCA), station needs to  understand if due to frame. Transmitting station sends pre-amble (string of 1's and 0's) to alert & sync receiver. Preamble also include start of frame delimiter (SFD) to indicate beginning of frame. After pre-amble, length field indicates show long frame is. Receiver sends ACK when frame successfully received.

Physical Layer

Two sub-layers:

  • PLCP - Physical Layer Convergence procedure (upper layer)
    • Takes MPDU (called PSDU at this layer) and prepares for transmission
    • Creates PPDU
  • PMD - Physical Media Dependent (lower layer)
    • Modulates & transmits PPDU as bits

PLCP Service Data Unit (PSDU)

  • PSDU is the MAC layer MPDU, but different name at physical layer.

PLCP Protocol Data Unit (PPDU)

  • PLCP layer adds preamble & PHY header to PSDU (MPDU). Preamble provides sync between stations.

Physical Medium Dependant (PMD)

  • Responsible for transmitting and receiving PPDU at physical layer
  • modulates/demodulates binary data in to/from  RF signals


PLCP Protocol Data Unit

Three parts which combine to form PPDU:

  • PLCP Preamble
  • PLCP Header
  • PSDU

PLCP Preamble

  • Preamble is string of 1's and 0's to sync to incoming transmission
  • 802.11-2007 defines 3 preambles:
    • Long PPDU format
    • Short PPDU format
    • OFDM PLCP preamble
  • 802.11n ammendment defines 3 additional:
    • non-HT legacy PPDU
    • HT-mixed PPDU
    • HT-Greenfield PPDU

Long PLCP Preamble

  • 144 bit preamble
  • 128 bit sync field + 16 bit SFD (start of frame delimiter)
  • Sync between Tx & RX must occur before SFD field
  • SFD indicates PLCP header coming next
  • Long preamble & header sent using DBPSK 1mbps modulation
  • Modulation of PSDU not necessarily sent at same rate as preamble & header


Short PLCP Preamble

  • 72 bit preamble
  • 56 bit sync fielf + 16 bit SFD
  • Half the overhead of long preamble
  • Short preamble sent using DBPSK 1mbps, Header sent using DQPSK 2mbps (both fixed)
  • Modulation of PSDU not necessarily sent at same rate as preamble & header


OFDM PLCP Preamble

  • Also known as OFDM training structure
  • 10 short symbols, 2 long symbols 
  • No SFD, signal field of header follows preamble
  • Total training length 16uS
  • short training symbol: 12 sub-scarriers
  • long training symbol 53 sub-carriers


PLCP Header

  • PLCP Header for long & short headers both 48 bits long, made up of 4 fields:
    • Signal (8 bits) - indicates modulation method for PSDU
      • short header, PSDU may be 1, 2 5.5 or 11mbps
      • Long header, PSDU may be 2,5.5, 11 mbps
    • Service (8 bits) - bit 3 indicates modulation method used CCK/PBCC
    • Length (16 bits) - # of micro-secs required to transmit PSDU
    • CRC (16 bits) - protects jist the signal service & length fields
  • Clause 17  OFDM transmission, only have signal field, 24 bits long:
    • bits 0-3 indicate data rate (6 - 54 mbps)
    • bits 5-16 form PCLP length field
    • bit 17 parity bit
    • bits 18023 are signal tail (all zeros)
802.11n PPDUs

802.11n ammendment defines 3 additional:

  • non-HT legacy PPDU
    • legacy format
    • structured as clause 17 (OFDM) and clause 18 (ERP)
    • Preamble is 10 short & 2 long symbols
    • support mandatory for 802.11n radios
    • 20MHz support only
    • Image(5)
  • HT-mixed PPDU
    • Preamble contains (legacy) non-HT short & long training symbols (can be decoded by clause 17 & 19 radios)
    • Rest of non-legacy headers cannot be decoded by legacy radios, but enough to detect PPDU get carrier freq & timing. But, can be decoded by HT  devices so they can get freq & timing and detect PPDU
    • Most commonly used format as supports HT & legacy 802.11a/g OFDM radios
    • Mandatory to support
    • 20 or 40MHz channels
      • When use 40MHz, all broadcasts sent on 20MHz channel for interoperability with non-HT clients
    • Image(6)
  • HT-Greenfield PPDU
    • Pre-amble not compatible with legacy radios, only HT radios supported
    • 20 or 40MHz
    • Image(7)
  • Data field
    • data portion is the PSDU (same as MPDU from layer 2)
    • In all HT formats & clause 17 & 19 frames, Service field is pre-pended to data field
    • data field (PSDU) is scrambled to breal up long strings of 1 or 0
    • Image(8)

2.4GHz Communications

  • 2.4GHz ISM band 83.5MHz wide
  • 2.400GHz to 2.4835GHz
  • Band used for:
    • 802.11 (FHSS & DSSS clause 14 & 15)
    • 802.11b (HR-DSSS clause 18) 
    • 802.11g (ERP clause 19)
    • 802.11n (HT clause 20)
  • Band heavily used by many interfering devices (baby monitors, security cameras, microwaves etc.) 
  • 802.11-2007 allows for 14 channels across band, but varies by region & local regulatory body


2.4GHz Channels

  • Channels designated by centre freq
  • Each channel 22MHz wide, +/- 11Mhz around centre freq
  • Ch 1 spans 2.401 GHz to 2.423 GHz
  • Each ISM channel centre freq only 5MHz apart, so will overlap using 22MHz wide channels
  • Two channels must be be separated by 25MHz (5 channels) to avoid overlap
    • Channels 1,6,11 generally used as non-overlapping channels


  • DSSS, HR-DSSS & ERP all use same centre freqs, but require different channel widths
    • DSSS - 30MHz channel width, so 1,6,11 considered overlapping
    • HR-DSSS & ERP require 25MHz, channel width, so 1,6,11 not overlapping
    • Image(11)
  • In addition to centre carrier freq, side-band carrier freqs also generated.
    • Side bands are -11Mhz to -22Mhz from centre freq & +11MHz to +22MHz from centre freq 
    • Sideband levels must be at least 30dB below centre freq signal level
    • Any sidebands beyond -/+ 22MHz of centre freq must be at least 50dB below centre freq
  • APs even on non-overlapping channels must be at least 5 to 10 feet apart to mitigate effects of side-bands
    • Image(12)

5GHz Communications

  • 802.11a designated use of transmission for WLANs in 5GHz band
  • Known as UNII (Unlicensed National Information Infrastructure) band
  • Initially 3 band defined:
    • UNII-1 (lower) - 4 channels
    • UNII-2 (middle) - 4 channels
    • UNII-2 Extended - 11 channels
    • UNII-3 (upper) - 4 channels
  • All 3 bands are 100MHz wide
  • With 802.11h ammendment (TPC & DFS), UNII-2 Extended designated for use
    • 255MHz wide
  • UNII bands include radios that support following:
    • 802.11a (OFDM clause 17)
    • 802.11h (TPC & DFS)
    • 802.11n (HT clause 20)
  • 802.11-2007 allows for 23 channels, though this varies per region
  • UNII-1 (Lower Band)
    • 100 MHz wide
    • 5.150GHz to 5.250GHz
    • Indoor use, max power at intentional radiator 50mW (FCC)
      • IEEE specifies max of 40mW
  • UNII-2 (Middle Band)
    • 100MHz wide
    • 5.250Ghz to 5.350Ghz
    • Indoor or outdoor use, max power at IR 250mW (FCC)
      • IEE specifies max of 200mW
  • UNII-3 (Upper band)
    • 100MHz wide
    • 5.725GHz to 5.825 GHz
    • Typically outdoor use, indoors in some countries
      • band not used in Europe
      • max power 1000mW (FCC)
        • IEEE specifies max power at IR of 800mW
  • UNII-2 Extended
    • 255MHz wide
    • 5.470 to 5.725 GHz
    • indoor or outdoor use, max power 250mW (FCC)
      • IEEE specifies max 200mW
    • Equipment in band must comply with 802.11h (DFS & TPC) - protection for military & weather radar systems

5GHz Channels

  • Centres of outermost channels must be 30MHz from band edge: UNII-1 & UNII-2
  • Centres of outermost channels must be 20MHz from band edge: UNII-3
  • UNII-1,2,3:
    • 4 non-overlapping channels each
    • centre freqs 20MHz apart
  • UNII-2e:
    • 11 non-overlapping channels
    • centre freqs 20MHz apart
  • USA also allows use of ISM channel 165 to allow 24 channels in total on band
  • Image(14)
  • In OFDM spectrum mask, sideband freqs do no drop of very quickly, so are slightly overlapping
    • IEEE considers 20MHz separation non-overlapping for clause 17 (OFDM)
    • Number of channels in band allows physical separation of channels to avoid adjacent channel interference
    • Image(15)
Adjacent, Non-adjacent & Overlapping Channels
  • Channel width requirements for non-overlap:
    • DSSS: 30MHz
    • HR-DSSS & ERP: 25MHz
    • 5GHz OFDM: 20 MHz
  • Adjacent channel: first channel with non-overlapping freq
  • Image(16)

Clause 14 FHSS PHY

  • Frequency Hopping Spread Spectrum
  • In original 802.11 std: 1 & 2Mbps
  • In North America used 2.402Ghz to 2.480Ghz
  • Mechanism: hop to freq, tx data using small freq carrier, then after dwell time, hop to new freq & keep repeating
  • Uses pre-defined hopping sequence to sync Tx & Rx - number of hops in sequence varies between countries
  • IEEE mandates each hop 1MHz in size
  • Hopping sequence delivered to client via beacon mgt frame
  • Dwell time: amount of time system transmits of freq before hopping
  • Dwell times typically 100 to 200mS - shorter dwell time reduces throughput as hopping more often, less time to tx data
  • IEEE specifies hop seq at least 75 freqs, 1MHz wide
  • Hop time: time to shift from one freq to another: typically 200 to 300uS
  • Modulation: Gaussian FSK (GFSK)
    • Two level GFSK - 2GFSK: 2 freq represent 1 or 0
    • Four level GFSK - 4GFSK: 4 freq represent 2 bits (00,01,10,11)

Clause 15 DSSS PHY

  • Direct Sequence Spread Spectrum
  • 1Mbps or 2Mbps on ISM 2.4GHz
  • Data spread across range of freqs that make up channel
  • Data encoding:
    • To mitigate natural corruption of wireless data signals, multiple bits used to represent each data bit - allows recovery of data if  bits corrupted
    • Addition of additional redundant info known as processing gain
    • Each bit of data to be sent converted in to a number of 'chips' (bits)
    • data bit XOR'ed with pseudo-random number to create 'Barker Code' - 11 bit chips
    • Up to 9 chips can be corrupted & allow recovery of original data
  • Modulation:
    • Once data encoded, converted to RF using modulation method
    • DBPSK - Differential Binary Shift Keying - 2 phase shifts of carrier represent 1 & 0 (chips)
    • DQPSK - Differential Quadrature Shift Keying - 4 phase shifts of carrier represent two bits (chips)
    • Image(17)

Clause 17 OFDM PHY

  • OFDM - Orthogonal Frequency Division Multiplexing
  • Not strictly spread spectrum technology, but uses low tx power & more b/width than is req to tx data
  • Use 52 closely spaced carriers - freq width of each sub-carrier 312.5 Khz
  • Lower data rate per sub-carrier, but aggregate throughput higher
  • More resistant to multipath doe to lower inter-symbol interference
  • Carrier freqs chosen so that harmonics tend to overlap & cancel unwanted signals
  • 52 sub -carriers numbered -26 to +26 - 48 tx data, 4 used as pilot carriers (reference sigs)
  • Image(18)
  • Convolution Coding
    • Provides forward error correction so that more resistant to narrow-band interference 
    • Ratio of bits used to encode data vs actual data bits varies - lower ration, less resistance to noise, but higher data rate
    • Image(19)

Clause 18 HR-DSSS PHY

  • Clause 18 devices defined in 802.11b
  • 5.5 & 11 Mbps speeds know as HR-DSSS (High rate DSSS)
  • 802.11b devices can transmit at DSSS (1 & 2 Mbps) and HR-DSSS speeds, but not FHSS, not backward compatable with Clause 14 devices
  • HR-DSSS speeds provides by CCK (Complemetary Code Keying) for encoding instead of Barker coding - 8 chip pseudo random chipping code used
  • Modulation
    • Uses same modulation as Clause 15 devices, but CCK provides higher speeds
    • Image(20)

Clause 19 ERP PHY

  • 802.11g devices on 2.4GHz band
  • 2 mandatory PHYs:
    • ERP-OFDM - provides 6,9,12,18,24,36,48,54 Mbps rates
      • only 6,12,24 Mbps mandatory
    • ERP-DSSS/CCK - provides 1,2,5.5 & 11 Mbps for backwards compatibility with 802.11 & 802.11b
  • Protection mechanism required to prevent 802.11b (HR-DSSS) or 802.11 (DSSS) transmitting at same time as ERP stations


Wednesday, 22 January 2014

Chapter 1 - 802.11 Overview

    • Data link layer - 2 sub-layers
      • upper : LLC 802.2 logical link layer
      • lower portion: MAC sub-layer (Media Access Control)
        • interface between lower PHY layer & LLC
    • MSDU
      • Network layer sends data to data link layer (LLC), becomes known as MAC Service Data Unit
        • MSDU is IP packet + LLC data
      • 3 frame types: mgt, control, data
        • only data frames carry payload
        • max MSDU size 2,304 bytes (+ encryption overhead)
    • MPDU
      • MAC Protocol Data Unit
      • 802.11 frame
      • MAC header + MSDU + 32 bit CRC (FCS)
      • MPDU passed to physical layer for transmission
      • Image(22)
    • Physical layer - 2 sub-layers
      • upper portion: Physical layer convergence procedure (PLCP)
        • takes MPDU & prepares for transmission (PPDU)
      • lower portion: Physical Media Dependant (PMD)
        • modulates PPDU and transmits as bits
    • PSDU:
      • PLCP service data unit
      • Just MPDU in physical layer
    • PPDU:
      • PLCP sub-layer takes PSDU & adds preamble & PHY header to form PPDU
      • Image(23)