Wireless Networking Implementation and Applications

Document Links

Contents Executive Summary Wireless History Applications of Wireless Overall Wireless Issues Future References Glossary Illustrations Building to Building Wireless Wireless Network Setup Fresnel Zone Peak Reception Multipath Effects Other Wireless Resources Types of 802.11 Wireless

Executive Summary

MOREnet and its customers are looking to wireless to solve a wide range of connectivity problems, from inter-building connectivity to enabling student access in common areas. This paper looks at the state of wireless technology using the 802.11b standard and provides design and operation considerations.

Many organizations are beginning to look into wireless solutions to solve the problem of connectivity where cabling is not available, not cost-effective, or not desired. In order to solve these problems, manufacturers realized as far back as 1991 that they need a standards-based wireless solution to gain the market acceptance that Ethernet has received. They proposed a solution, which was released by the Institute of Electrical and Electronics Engineers (IEEE) in 1997 and which quickly evolved into the 802.11b version (released in 1999).

802.11b provides a wireless standard that multiple manufacturers adhere to. Data rates for all systems depend on signal strength; standard rates are 11 Mbps, 5.5 Mbps, 2 Mbps, and 1 Mbps. An access point for one manufacturer can communicate with the client card of another manufacturer, and basic connectivity is achievable between vendor solutions. However, issues such as roaming, security, and authentication have recently become standards-track items, which will further interoperability between vendors (these issues are proprietary today).

In late 2002 and early 2003, 802.11a and 802.11g products became available, offering higher bandwidths but with shorter ranges. 802.11g operates in the same 2.4GHz band as 802.11b, but at higher data rates. An 802.11g device can talk to an 802.11b device at 802.11b speeds and to other 802.11g devices at up to 54 Mbps. 802.11a operates in the 5GHz band at 54 Mbps, which means that it will not talk to any 802.11b (or 802.11g) equipment. Some manufacturers are starting to offer 802.11abg equipment that will talk on either frequency with any one of the three standards.

Back to top

Wireless History

In the wired world, Ethernet is the dominant LAN technology. Defined by the IEEE as the 802.3 standard, Ethernet is a widely available high-speed technology that is interoperable between vendors, even though it goes through changes (10 to 100 to 1000 Mbps…). It continues to change in order to keep pace with the throughput requirements of today's networks, but more importantly, vendor's conformance to the Ethernet standard allows for interoperability, enabling users to select individual products from multiple vendors, knowing that they will work together.

The first wireless LAN technologies were low-speed (1-2 Mbps) proprietary offerings. Despite these shortcomings, the freedom and flexibility of wireless allowed these early products to find a place in vertical markets such as retail and warehousing where mobile workers use hand-held devices for inventory management and data collection. Later, hospitals applied wireless technology to deliver patient information to the bedside. As computers made their way into classrooms, schools and universities began installing wireless networks to share Internet access and avoid cabling costs. The pioneering wireless vendors soon realized that for the technology to gain broad market acceptance, an Ethernet-like standard was needed. In 1991, the vendors proposed, the built, a standard based on contributed technologies. In June 1997, the IEEE released the 802.11 standard for wireless local-area networking, closely followed in 1999 with the 802.11b version.

Just as the 802.3 Ethernet standard allows for data transmission over twisted-pair and coaxial cable, the 802.11 wireless LAN (WLAN) standard allows for transmission over different media. Supported media include infrared light and two types of radio transmission within the unlicensed 2.4-2.4GHz frequency band: frequency hopping spread spectrum (FHSS) and direct sequence spread spectrum (DSSS). Spread spectrum is a modulation technique developed in the 1940s that spreads a transmission signal over a broad band of radio frequencies. This technique is ideal for data communications because it is less susceptible to radio noise and creates little interference. For wireless LAN applications, DSSS is the better choice to support 802.11b, as it provides for a full Ethernet-like data rate of 11 Mbps, while FHSS does not support data rates greater than 2 Mbps.

http://www.cisco.com/warp/public/cc/pd/witc/ao340ap/prodlit/airo_ov.htm
http://standards.ieee.org/getieee802/

Back to top

Applications of Wireless

MOREnet looked at two applications of the 802.11b technology: point-to-point (or building-to-building) and mobile user. Although both applications use the 802.11b standard, mostly the same equipment, and the implementation and design differ only slightly, the issues that exist for the two applications differ significantly.

Building to Building

What we tested

MOREnet used Cisco Aironet products to connect two buildings across the street from each other, with the distance between the buildings being 220 feet. Options for connecting the building were leased line (T-1), fiber optics, and wireless. The bandwidth needs, however, led MOREnet to believe that a T-1 was not sufficient to support the users and their applications. Funding for burying a fiber cable between the buildings was months away, and a high-speed solution was needed.

Figure 1: Building to Building Wireless

The wireless access points were configured as transparent bridges, so that the equipment on both sides was essentially unaware of the wireless segment of the network. Traffic appearing at one bridge was sent over the radio link to the other bridge, where it was repeated onto the local network. This setup allowed the LAN administrators to not worry about integrating the access points into the network, but just treat them as a 'virtual wire', carrying all the normal Ethernet traffic (including VLAN information, multicast, etc.).

Figure 2: Wireless Network Setup

The system was installed using a flat directional antenna, which provided a directional 'beam' and thus enhanced the distance a signal can be transmitted over the normal omni-directional antenna. However, the alignment of the antennas is critical, and we had some difficulty pointing the antennas at each other. (This problem can be compounded if you are using the radios over greater distances. We were unable align the antennas at all over a 1.5-mile distance during a later test. Other directional antennas that were not available for our testing are easier to align.)

Over the ~250 foot span of open air, we achieved the top speed of 11 Mbps, which is the maximum rate the bridge is capable of. Be aware that this is a half-duplex transmission media-one bridge listens while the other one talks. This is generally fine for data transmissions, where a small amount of latency is unnoticeable, but does not work as well for two-way high bandwidth applications, such as voice and video.

Outdoor implementation issues

Under the rules of using the 2.4GHz space, you may interfere with or be interfered by other users of the same frequencies. The 2.4GHz space is an unlicensed band, and consequently, there is little regulation on who uses or how they use it outside ham radio and medical uses. You may discover that cell phones, cordless phones, and other wireless devices may interfere with your installation. In addition, private ham operators and medical applications take precedence over data applications under FCC regulations. You may have to change antennas, re-aim or re-mount the systems, or even remove the system if it interferes with ham radio or medical applications in your area.

Several issues came up during the testing, most notably the difficulty in aiming the antenna (as noted above). Antenna (and radio) locations can also be an issue. Roof-mounted systems are the most popular, but gaining access to the roof of your building can be an issue (especially if it's not your building). Running the antenna cable to a transceiver can cause it's own problems-you need to keep the distance between the antenna and the transceiver as short as possible. In addition, 802.11b systems are Line-Of-Sight (LOS) systems- the receiver must be within the Fresnel zone (see fig. 3) of the transmitting station for the signal to be received. Powering the access points and data network access to put the data back onto the LAN finish the physical issues.

Figure 3: Fresnel Zone Peak Reception

Finally, security can be an issue. Since your transmission is leaving your building (unlike your Ethernet wiring), anyone with an 802.11b receiver can "listen" to the data streams. Be sure to look at encryption closely when implementing an outdoor (wide-area) solution. (Security is discussed in depth later in this paper).

Mobile Users

Mobile users are a whole problem in and of themselves. Wireless access, while providing the mobility desired, poses a whole crop of issues, including:

• Coverage
• Security
• Authentication
• Roaming

These issues need to be understood and considered in any wireless design for mobile users. Each issue will be covered in more depth after the test description.

Mobile User Testing

In this test, we equipped the MOREnet East building with access points (APs) from two vendors, Cisco and Avaya (formerly Lucent). The APs were installed in the exact same locations, so the abilities of each could be compared. Due to the construction of the building, 2 APs were placed centrally in the building, one on each floor. This provided (we hoped) adequate coverage of the entire floor.

Avaya (Lucent) ORiNOCO

The ORiNOCO product is designed around the PCMCIA radio card. These cards, available with varying levels of security, are the basis of the system. Any device with a PCMCIA slot can use a radio card, and Avaya provides a multitude of drivers for various operating systems. Installation was fairly simple, with drivers and installation software for all supported systems provided on a single CD. PCI and ISA cards are available to support the cards in desktop systems.

The access points are little more than a pair of PCMCIA slots, an Ethernet adapter, and a power supply. All the technology is in the card. The access points can be powered with a local AC adapter or through the Ethernet cabling using an optional in-line power adapter. When installed, the unit is a white box on the wall/ceiling approximately 12" x 8" x 3"-the cover hides the AP chassis, power supply, radio cards, and network/power connectors.

The AP1000 was deployed in the two locations identified by Avaya engineers as the best spot to put a system for maximum coverage. We later walk-tested the coverage by installing a card in a laptop and walking around the building, paying close attention to the perimeter and far corners, to determine the coverage. Avaya provides a client utility that shows the signal strength, signal quality, and speed, so we were able to easily see what the conditions were as we walked. We discovered that although coverage did extend to the far corners, the data rate had dropped to 2.2 Mbps, which may be marginal for some applications.

Overall, the system did provide 11 Mbps of access when an endpoint was within about 80 feet of the AP, however, the speeds dropped off beyond 100 feet fairly quickly.

Cisco AiroNet

The AiroNet product has two components: the Access Point and the client card. The client cards, available with varying levels of security, are available in PCMCIA, PCI, or ISA bus formats. Cisco provides a multitude of drivers for various operating systems. The Aironet system worked on more systems with less installation effort than the Avaya product. MOREnet tested the AP350, which is Cisco's 100 milliwatt radio system, with the 350-series PCMCIA cards. The cards come with an installation CD, which includes drivers and software for most supported platforms.

The access points come in two flavors-the Access Point (to talk to multiple client radios) or the WorkGroup Bridge, used to bridge networks (as shown in the building-to-building scenario earlier). The APs also include a CD with a configuration utility to allow a user to configure an AP over Ethernet rather than over a serial cable (which is also an option). The APs are approximately 6" x 6" x 2", with 1 or 2 stubby antennas (around 8" long) on the back. The APs only support in-line power; the power supply shipped with the units was equipped with a RJ-45 F-F connector at the end of the power cable. A straight-thru Ethernet cable is connected between the AP and the power supply connector, and another straight-thru cable is then run from the power supply connector to the switch port.

The AP was deployed in two locations identical to the Avaya deployment. We walk-tested the coverage by installing a card in a laptop and walked around the building, especially the perimeter and far corners, to determine the coverage. Cisco provides a client utility that shows the signal strength, signal quality, and speed, so we were able to easily see what the conditions were as we walked. We discovered that although coverage did extend to the far corners, the data rate had dropped to one Mbps in places, which may be unacceptable for some applications.

Overall, the system did provide 11 Mbps of access when an endpoint was within 80-100 feet of the AP, however, the speeds dropped off beyond 120 feet.

Back to top

Overall Wireless Issues

Coverage and Throughput

Coverage issues vary based on a variety of factors, including distance, building construction, and the number of users. Interactions with typical building objects like walls, metal, and even people, can affect how RF waves propagate, and thus what range and coverage a particular system achieves. 802.11b uses DSSS technology, which is designed to operate in less than optimal conditions by spreading the data transmission over multiple frequencies with the idea that at least some of the frequencies will provide good transmission. As with wired LAN systems, actual throughput in wireless LANs is dependent upon the product and how it is configured. Factors that can affect throughput include congestion (number of users), range, obstacles, and multipath, the type of WLAN system used, as well as the latency and bottlenecks on the wired portions of the WLAN. Typical data rates range from 1 to 11 Mbps; however, tested throughput rarely exceeds four Mbps.

The 11 Mbps speed of 802.11b supports many applications without any performance problems, such as retail inventory and pricing systems. However, when there are a large number of users with moderate to heavy throughput needs in the same area, 802.11b performance issues arise.

Due to the fact that wireless networks are a shared medium; all the users in the area are sharing the 11 Mbps of bandwidth, and as the demand increases, the throughput any one user can obtain drops. Users in this scenario will likely experience severely limited throughput and excessive delays. 802.11a access points and radio cards, which will provide data rates up to 54 Mbps, should become available by the end of 2001. This increased performance should support densely populated wireless LANs with end users who require moderate to high levels of throughput.

Collocating 802.11b access points may solve some of the problems with throughput and/or high user count in an area. The basic concept of access point collocation is to install multiple access points in the same immediate area tuned to separate channels and assign a group of end user devices to each access point. This creates multiple radio cells with approximately 100 percent overlap. The result is an increase in the performance by a factor equal to the number of access points. For example, one access point provides 11 Mbps, two access points provide 22 Mbps, and three access points provide 33 Mbps. With 802.11b, you can only collocate up to three access points without having them interfere with each other.

The 802.11b standard defines 14 channels, but you can only use channels 1 through 11 in the U.S. In addition, the 802.11b standard recommends that collocated access points be set to different channels with at least 30 MHz spacing. Since each channel is 5 MHz wide, the result is that the access points must be set to channels 1, 6, and 11 if implementing three access points or channels 1 and 6, 6 and 11, or 1 and 11 for two access points. This will provide increased user capacity and/or throughput in a specific area, although the implementation costs are double or triple-be sure it's needed.

Security, Privacy, and Authentication

In general, all data on wireless transmissions can be easily intercepted and recorded by anyone with a laptop, an 802.11b card, and freely available tools for Windows/MacOS/LINUX. A wireless LAN can reach well outside the building(s) that it is designed for, in particular when strong directional antennas are used to boost coverage within a building. Wireless communication can also be easily interfered with. A simple jamming transmitter can make communication impossible. Other wireless services in the same frequency range can reduce range and usable bandwidth. Intentional interference is a denial of service security issue.

Security in the wireless area tends to address the issue of 'eavesdropping' on the wireless connection. Since there is no constraining medium, such as copper wire or fiber cable, anyone with a standards-based 802.11b card can 'listen in' on wireless conversations if they are in range. Generally, the data is encrypted across the link by the wireless hardware using the Wired Equivalent Privacy (WEP) protocol, and is available with different key lengths (40 and 128-bit), based on the amount of security needed for the link. Anyone eavesdropping on the transmission only receives encrypted data.

There are some issues with WEP, however, as the key is shared and most access points only support a limited number of keys, thereby limiting the uniqueness of each transmission. A new security standard, 802.1x has been proposed that fixes most of these issues. 802.1x uses standard security protocols such as EAP (Extensible Authentication Protocol) and Remote Authentication Dial-In User Service (RADIUS) to generate a unique key for each transmission, and coupled with the RADIUS authentication, ensures that only authenticated users even talk to the Access Point (more on authentication in later).

WEP2 will address some of the vulnerabilities of WEP, but it is still based on RC4 encryption and the same integrity check system. Interoperable WEP key management and resolution to the other vulnerabilities are not guaranteed in the near future. However, Cisco Systems Aironet division estimates that only one-third to one-half of their users deployed WEP before the vulnerabilities surfaced-which indicates a startlingly high number of users transmitting unencrypted data.

Currently, WEP relies on the use of identical static keys deployed on client stations and access points. Thus, key management becomes quite difficult as the number of clients increases. With EAP, all clients have unique keys, which reduces (but does not eliminate) the risk of an WEP key "collision".

WEP also uses channel encryption with shared keys. Without knowing that shared key the demodulation and decoding of the DSS transmission is impossible. This is useful to establish WLANs for restricted groups of user. Unfortunately, there is only one shared key per secure network, and with the same key used for each user of the WLAN, this password would become public knowledge and therefore completely useless. Channel encryption is a useful tool for privacy and authentication for a WLAN at home but will not work for a public installation.

The other security feature of the IEEE 802.11b technology is Direct Sequence Spread Spectrum technology (DSSS) and is quite hard to demodulate without knowledge of the direct spreading sequence. Unfortunately, any attacker is likely to also have a 802.11b card that can be tuned onto the same spreading sequence. Therefore, DSSS technology is neither a privacy nor an authentication feature, but does provide some robustness since it cannot be interfered with by an uncorrelated emission that easily.

There is some thought in the industry that WEP and other 802.11b security systems are inadequate, and that security, both data encryption and authentication, must be done with other, existing systems. The NASA Advanced Supercomputing division's security group did just that (see http://www.nas.nasa.gov/About/Media/announcements.html#alert_8_23_01 for more information).

Authentication

Coupled with security, authentication is the other major headache for a security administrator. Once the Service Set Identifier (SSID) and WEP key are out, anyone with a 802.11b card can use the network.

Authentication using RADIUS through Extensible Authentication Protocol (EAP) or Lightweight EAP (LEAP) will provide the user identification that's needed to ensure only authorized users are consuming resources on the wireless network. For a network of any size, especially one where large numbers of transient users may be using the network in multiple locations (read: students all over campus), this is the only way to ensure that students stay on the student network and out of any administrative networks that may exist.

Roaming

Roaming between APs of a single vendor works well, with no observed session drops. Roaming between APs of different vendors, however, does not work at all, and this incompatibility may pose problems if an organization changes radio manufacturers in mid-deployment. Currently, there is no standard for roaming (or a host of other nifty features that 802.11 might make available), but the IEEE working groups are slowly churning out specs so future products will be more compatible.

Back to top

Future

Despite the well-publicized security problems connected with the use of 802.11b wireless Ethernet, its convenience and cost-effectiveness are very compelling. However, 802.11b's successors, 802.11a and 802.11g, while promising more, cost more and have some limitations that might make them unworkable for some installations.

Unlike 802.11b, 802.11a can theoretically run as fast as 54 Mbps. And, more importantly, in practice, it can run at around 20 to 23 Mbps. That makes it much faster than 10 Mbps wired Ethernet and puts it more within the range of 100 Mbps Fast Ethernet. 802.11a pulls this trick off in several ways. One way is simply that it runs at a higher frequency: 5GHz instead of 2.4GHz. Besides avoiding interference, you can pack more bandwidth in the signal by running at 5GHz. The downside of this is that unless you boost the signal's power (and the power needed to run the device), you lose range. Putting range and power considerations aside, 802.11a is always faster than 802.11b at any distance both can cover. For example, when 802.11b in ideal conditions is down to two Mbps, 802.11a is still running along at 11 Mbps.

802.11a still does not truly address security end-to-end, but end-to-end security can be accomplished with existing tools by creating an encrypted VPN across your wireless infrastructure, regardless of whether the standard is 802.11a or 802.11b.

802.11g uses the same the same frequency as 802.11b (the 2.4GHz space), but runs at the same 54 Mbps as 802.11a. It is backwards compatible with 802.11b systems (an 802.11g card can use an 802.11b access point and vice-versa; however, speed is still limited to the 11 Mbps of the 802.11b system).

In summary, if mobility is the need, 802.11b will deliver, albeit with some speed and security issues. 802.11a and 802.11g will likely solve some of the speed issues, but there is no indication as of this writing that the security issue will be resolved. For users with immediate needs that are best addressed by wireless, 802.11b followed by 802.11g (when available) will be the path of choice. 802.11a will likely be relegated to a back-seat if 802.11g lives up to the throughput claims the standard defines.

Back to top

References

http://www.wi-fi.com: Wireless Fidelity - The Wireless Ethernet Compatibility Alliance (WECA). WECA's mission is to certify interoperability of Wi-Fi (IEEE 802.11) products and to promote Wi-Fi as the global wireless LAN standard across all market segments.

http://www.wiana.com: The Wireless LAN Association is a non-profit educational trade association, comprised of the thought leaders and technology innovators in the local area wireless technology industry.

http://www.cisco.com/warp/public/779/smbiz/netsolutions/find/wireless.shtml: Cisco Systems wireless LAN product family

http://www1.avaya.com/enterprise/who/docs/product2.html: Avaya wireless product family

http://www.cisco.com/universcd/cc/td/doc/product/wireless/bbfw/ptop/p2pspg02/spg02ch2.htm: Cisco wireless site planning documentation

Back to top

Glossary

Direct Sequence Spread Spectrum (DSSS)

DSSS is one of two types of spread spectrum radio, the other being frequency hopping spread spectrum (FHSS). DSSS is a transmission technology used in WLAN transmissions where a data signal at the sending station is combined with a higher data rate bit sequence, or chipping code, that divides the user data according to a spreading ratio. The chipping code is a redundant bit pattern for each bit that is transmitted, which increases the signal's resistance to interference. If one or more bits in the pattern are damaged during transmission, the original data can be recovered due to the redundancy of the transmission.

Frequency Hopping Spread Spectrum (FHSS)

FHSS is one of two types of spread spectrum radio, the other being direct sequence spread spectrum (DSSS). FHSS is a transmission technology used in WLAN transmissions where the data signal is modulated with a narrowband carrier signal that "hops" in a random but known sequence from frequency to frequency as a function of time over a wide band of frequencies. The signal energy is spread in time domain rather than chopping each bit into small pieces in the frequency domain. This technique reduces interference because a signal from a narrowband system will only affect the spread spectrum signal if both are transmitting at the same frequency at the same time. If synchronized properly, a single logical channel is maintained. The transmission frequencies are determined by a spreading, or hopping, code. The receiver must be set to the same hopping code and must listen to the incoming signal at the right time and correct frequency in order to properly receive the signal. Current FCC regulations require manufacturers to use 75 or more frequencies per transmission channel with a maximum dwell time (the time spent at a particular frequency during any single hop) of 400 milliseconds.

Fresnel zone

Pronounced fray-nel. The area around the visual line-of-sight that radio waves spread into after they leave the antenna. This area must be clear or signal strength will weaken. The fresnel zone is an area of concern for 2.4 GHz wireless systems. Although 2.4 GHz signals pass easily through walls, they do not pass easily through moisture-laden objects like trees. Objects with high water content absorb radio waves in the 2.4 GHz band. (This is why microwaves, which also use the 2.4 GHz band, cook food. Water absorbs the waves, and heat from the energy cooks the food.)

The First Fresnel Zone (FFZ) is the most important. As long as the FFZ is clear of obstructions for 60% or more, then the link acts as if a clear, free-space path exists. To calculate the size of the FFZ, use the following formula:

where

• D is the distance between the antennas in miles
• F is the frequency in GHz

Free-space Path Loss

A signal degrades as it moves through space. The longer the path, the more loss it experiences. This free-space path loss is a factor in calculating the link visibility. Free-space path loss is easily calculated using the formula below.

Lp = 96.6 + 20 log10 F) + (20 log10 10 D)
where

• Lp is the free space path loss between antennas (in dB)
• F is the frequency in GHz
• D is the path length in miles

Multipath Effects

A radio signal can take multiple paths from a transmitter to a receiver, an attribute called multipath. Reflections of the signals can cause them to become stronger or weaker, which can affect data throughput. Affects of multipath depend on the number of reflective surfaces in the environment, the distance from the transmitter to the receiver, the product design, and the radio technology.

Wireless Local Area Network (WLAN)

Also referred to as LAWN. A type of local area network that uses high-frequency radio waves rather than wires to communicate between nodes.

Back to top