Transcript Chuong 1 - Gio Thieu Quan Tri Mang

Center for Information Technology
Chapter 04
IEEE 802.11 Media Access Control
Objectives
Describe and apply the following concepts surrounding WLAN
frames
- Terminology Review: Frames, Packets, and Datagrams
- Terminology Review: Bits, Bytes, and Octets
- Terminology: MAC and PHY
Understand IEEE 802.11 CSMA/CA
Understand and compare frame types and formats
Identify, explain, and apply the frame and frame exchange
sequences
- Active (Probes) and Passive (Beacons) Scanning
- Dynamic Rate Switching
2
Objectives
Summarize the processes involved in authentication and association
- The IEEE 802.11 State Machine
- Open System Authentication, Shared Key Authentication, and
Deauthentication
- Association, Reassociation, and Disassociation
Define, describe, and apply IEEE 802.11 coordination functions and
channel access methods and features available for optimizing data flow
across the RF medium
- DCF and PCF Coordination Functions
- RTS/CTS
- Fragmentation
3
Terminology Review
Whatever data is communicated, Layer 4 - Transport layer - usually
breaks the data into TCP segments. These segments are sent to Layer 3
and become the packets. When these packets are passed on to Layer 2,
they become frames. And now it is ready to be placed on the wire or RF
medium using the Layer 1 technologies implemented.
4
Terminology Review
Term Packet is usually used for connection-oriented
communications (TCP).
Term Datagram is usually used for connectionless
communications (UDP).
Frames are collections of data and management information
needed to carry the data from one place to another on the network.
Different networking technologies use different frame formats
Bits, Bytes, and Octets
The smallest element that can be transmitted on any network is a
bit. A bit is a single value equal to 1 or 0. When we group 8 bits
together, they form a byte. It is called an octet in most standards.
5
Terminology Review
MAC and PHY
MAC is an acronym for medium access control. Within the Data
Link layer (Layer 2) of the OSI model, there are two sublayers
known as the Logical Link Control (LLC) and the MAC sublayer
PHY is an abbreviation for the Physical layer of the OSI model.
In order to provide for different physical technologies (Infrared,
DSSS, FHSS, etc.) in IEEE 802.11, the PHY is divided into two
sublayers called the Physical Medium Dependant (PMD) and the
Physical Layer Convergence Protocol (PLCP).
6
Terminology Review
The Physical Medium Dependent (PMD) is responsible for
actually transmitting the information using some form of
modulation such as GPSK, DBPSK, or DQPSK.
The Physical Layer Convergence Protocol (PLCP) is
responsible for abstracting the PMD from the Data Link layer
protocols and abstracting the Data Link layer protocols from the
PMD. It acts as a translator or coordinator between the real
physical medium and the MAC processes.
7
Terminology Review
Data Link Layer and Logical Link Control (LLC) Sublayer
The Data Link layer of the OSI model is divided into two
sublayers. These sublayers, in IEEE 802.11 systems, are the
IEEE 802.2 Logical Link Control (LLC) sublayer, and the
Media Access Control (MAC) sublayer.
8
Terminology Review
The data units that are passed down through the layers have
specific names. These names are used to distinguish the frame at
one layer from the frame at another layer and to distinguish the
preserviced frame from the serviced frame at each layer. These
names are MSDU, MPDU, PSDU, and PPDU.
MSDU, stands for MAC service data unit. The MSDU is what
is received from the upper layers (OSI layers 7–3 via the LLC
sublayer) to be managed and transmitted by the lower layers (OSI
layers 2–1). It is the data accepted by the MAC layer to be
transmitted to the MAC layer of another station on the network.
MSDUs are included in all wireless frames that carry upper-layer
data; however, IEEE 802.11 management frames do not contain
MSDUs, since there is no upper-layer data to transfer.
9
Terminology Review
The MPDU, MAC protocol data unit, is what is delivered to the
PLCP so that it can ultimately be converted into a PPDU and
transmitted.
The MSDU is what is received by the Data Link layer, and the
MPDU is what comes out of the Data Link layer and is
delivered to the Physical layer. It is delivered to the PLCP.
The PSDU is the PLCP service data unit. The PSDU is what the
PLCP receives from the MAC sublayer. While the MAC
sublayer calls it the MPDU, the Physical layer references the
exact same objects as the PSDU. The PLCP adds information to
the PSDU and provides the result to the PMD as a PPDU.
10
Terminology Review
The PPDU, PLCP protocol data unit, is what is actually
transmitted on the RF medium. The PPDU is what the PMD
receives from the PLCP.
The PPDU is the culmination of all that has happened to the
data from the time it left the application starting at Layer 7 of
the OSI model to the time it is actually transmitted on the RF
medium by the PMD at Layer 1.
11
IEEE 802.11 CSMA/CA
12
CSMA/CD versus CSMA/CA
Ethernet networks (IEEE 802.3) use a form of collision
management known as collision detection (CD). Wireless
networks use a different form of collision management known as
collision avoidance (CA). The full name of the physical media
access management used in wireless networks is carrier sense
multiple access/collision avoidance or CSMA/CA.
The carrier sense in CSMA means that the devices will attempt
to sense whether the physical medium is available before
communicating. The multiple access indicates that multiple
devices will be accessing the physical medium.
13
CSMA/CD versus CSMA/CA
In a CD implementation of CSMA, when a collision is detected,
both devices go silent for a pseudo-random period of time.
Collision avoidance is achieved by signaling to the other devices
that one device is about to communicate.
CSMA/CA is not perfect due to hidden node problems.
14
CSMA/CD
Before networked device sends a frame, listens to see if another device
currently transmitting. If traffic exists, wait; otherwise send.
Devices continue listening while sending frame. If collision occurs, stops and
broadcasts a “jam” signal.
15
CSMA/CD
CSMA/CD cannot be used on wireless networks:
Difficult to detect collisions and Hidden node problem
16
Hidden node problem
17
Carrier Sense
Carrier sense is the process of checking to see if the medium is in
use or busy. There are two kinds of carrier sense: virtual carrier
sense and physical carrier sense.
Physical carrier sense uses clear channel assessment (CCA) to
determine if the physical medium is in use.
Virtual carrier sense uses a network allocation vector (NAV). The
NAV is a timer in each station that is used to determine if the
station can utilize the medium. If the NAV has a value of 0, the
station may contend for the medium. If the NAV has a value
greater than 0, the station must wait until the timer counts down to
0 to contend for the medium. Stations configure their NAV timers
according to Duration fields in other frames using the medium.
18
Interframe Spacing
After the station has determined that the medium is available,
using carrier sensing techniques, it must observe interframe
spacing (IFS) policies. IFS is a time interval in which frames
cannot be transmitted by stations within a BSS. This space
between frames ensures that frames do not overlap each other.
The time interval differs, depending on the frame type and the
applicable IFS type for that frame.
These IFS types include the following types:
- SIFS
- PIFS
- DIFS
- EIFS
19
Interframe Spacing: SIFS, PIFS, DIFS, EIFS
Short interframe spacing (SIFS) is the shortest of the available
IFS parameters. Frames that are specified to use SIFS will take
priority over frames that are specified to use PIFS, DIFS, or
extended IFS (EIFS).
Distributed (coordination function) interframe spacing (DIFS) is
used by standard data frames.
Extended interframe spacing (EIFS) is used when a frame
reception begins but the received frame is incomplete or is
corrupted based on the Frame Check Sequence (FCS) value.
20
Interframe Spacing: SIFS, PIFS, DIFS, EIFS
CSMA/CA with one station transmitting
21
Interframe Spacing: SIFS, PIFS, DIFS, EIFS
CSMA/CA with two stations transmitting
22
Contention Window
After the IFS delay interval has passed, the device must then
initiate a random backoff algorithm and then contend for the
wireless medium if the Distributed Coordination Function is in
effect. This random backoff algorithm is processed and applied
using the contention window.
Random Backoff Times
All stations having a frame to transmit choose a random time
period within the range specified as the contention window. Next,
the predefined algorithm multiplies the randomly chosen integer
by a slot time. The slot time is a fixed-length time interval that is
defined for each PHY, such as DSSS, FHSS, or OFDM.
23
Collision Avoidance
The carrier sense, IFS, and random backoff times are used in
order to decrease the likelihood that any two stations will try to
transmit at the same time on the WM.
The IFS parameters are also used in order to provide priority to the
more time-sensitive frames such as ACK frames and CTS frames.
The CCA (PHY and MAC), IFS, variable contention window, and
random backoff times, together, form the core of the Distributed
Coordination Function.
Even with all of these efforts, a collision can still occur. In order to
deal with these scenarios, acknowledgment, or ACK, frames are
used. An ACK frame is a short frame that uses the SIFS to let the
sending device know that the receiving device has indeed received
the frame. If the sending device does not receive an ACK frame, it
will attempt to retransmit the frame.
24
Frame Types and Formats Compared
25
IEEE 802.11 Frame Format Versus IEEE 802.3 Frame Format
A frame originating from a wired client and destined for a wireless client will first
be transmitted on the wire as an 802.3 frame, and then the access point will strip
off the 802.3 headers and reframe the data unit as an 802.11 frame for
transmission to the wireless client.
IEEE 802.3 frames support a maximum MSDU payload size of 1500 bytes. IEEE
802.11 frames support a maximum MSDU payload size of 2304 bytes
802.3 frames have only two MAC address fields, whereas 802.11 frames have
one, two, three, or four. These four MAC address fields can contain four of the
following five MAC address types, and the contents will be dependent on the
frame subtype:
- Basic Service Set Identifier (BSSID)
- Destination Address (DA)
- Source Address (SA)
- Receiver Address (RA)
- Transmitter Address (TA)
26
Frame Types
Three frame types: management frames, control frames, and data frames. The
Type subfield in the Frame Control (FC) field of a general IEEE 802.11 frame
may be 00 (management), 01 (control), or 10 (data). The Subtype subfield
determines the subtype of frame, within the frame types specified, that is
being transmitted. For example, a Type subfield value of 00 with a Subtype
value of 0000 is an association request frame; however, a Type value of 10
with a Subtype value of 0000 is a standard data frame.
27
Management Frames
Management
frames are used
to manage access
to wireless
networks and to
move
associations
from one access
point to another
within an
extended service
set (ESS).
28
Management Frames
Acknowledgment frame (ACK): Sent by receiving device
to sending device to confirm data frame arrived intact.
If ACK not returned, transmission error assumed.
29
Control Frames, Data Frames
Control frames are used to assist with the delivery of data
frames and must be able to be interpreted by all stations
participating in a BSS. This means that they must be transmitted
using a modulation technique and at a data rate compatible with
all hardware participating in the BSS.
Data frames are the actual carriers of application-level data.
30
IEEE 802.11 Frames
and Frame Exchange Sequences
31
MAC Functions
Scanning Before a station can participate in a BSS, it must be
able to find the access points that provide access to that service set
Synchronization Some IEEE 802.11 features require all stations
to have the same time. Stations can update their clocks based on
the time stamp value in beacon frames.
Frame Transmission Stations must abide by the frame
transmission rules of the BSS to which they are associated.
Authentication Authentication is performed before a station can
be associated with a BSS.
32
MAC Functions
Association Once authentication is complete, the station can become
associated with the BSS.
Reassociation When a user roams throughout a service area, that user may
reach a point where one AP within an ESS will provide a stronger signal than
the currently associated AP. When this occurs, the station will reassociate with
the new AP.
Data Protection Data encryption may be employed to assist in preventing
crackers from accessing the data that is transmitted on the WM.
Power Management Since the transmitters/receivers in wireless client devices
consume a noteworthy amount of power, this feature are provided that assist in
extending battery life by causing the transceiver to sleep for specified intervals.
Fragmentation It is beneficial to fragment frames before they are transmitted
onto the WM. This occurs as a result of intermittent interference.
RTS/CTS Request to Send/Clear to Send is a feature of IEEE 802.11 that will
help prevent hidden node problems.
33
Beacon Management Frame
In an ad hoc wireless
network (IBSS), all the
stations take turns
broadcasting the beacon
frame. This is because
there is no access point in
an independent basic
service set (IBSS).
Beacon frames can be used
by client stations seeking
wireless network to join, or
these client stations may
use other frames known as
probe request and probe
response frames.
34
Beacon Management Frame
35
Active Scanning (Probes)
Active scanning uses
probe request and probe
response frames instead of
the beacon frame to find a
WLAN to join.
Freeware tool
NetStumbler can be used
for active scanning
36
Active Scanning (Probes)
Active scanning involves channel switching and scanning each
channel in a station’s channel list.
1. Switch to a channel.
2. Wait for an incoming frame or for the ProbeDelay timer to
expire.
3. If the ProbeDelay timer expires, use DCF for access to the WM
and send a probe request frame.
4. Wait for the MinChannelTime to pass.
a. If the WM was never busy, there is no WLAN on this channel.
Move to the next channel.
b. If the WM was busy, wait until MaxChannelTime has expired
and then process any probe response frames.
37
Passive Scanning (Beacons)
The passive scanning: the client station listens (receives) in
order to find the access points. This is done by receiving beacon
frames and using them to find the access point for the BSS to be
joined.
When multiple access points transmit beacon frames that are
received by the passive scanning station, the station will
determine the access point with the best signal (RSSI) and
attempt to authenticate and associate with that access point.
38
Authentication and Association
Processes
39
The IEEE 802.11 State Machine
The state machine of the IEEE 802.11 standard can be in one of
three states:
- Unauthenticated/Unassociated
- Authenticated/Unassociated
- Authenticated/Associated
40
The IEEE 802.11 State Machine
State 1: Unauthenticated/Unassociated
In the initial state, a client station is completely disconnected from the WLAN.
Authentication frames can be sent to the access points.
State 2: Authenticated/Unassociated
The second state of the state machine is to authenticate an unassociated state. To
move from the first state to the second, the client station must perform some kind
of valid authentication. This is accomplished with authentication frames.
State 3: Authenticated/Associated
In order for a station to be in this state, it must have first been authenticated and
then associated. The process of moving from state 2 to this state is a simple fourframe transaction. The client station first sends an association request frame to an
access point to which it has been authenticated. Second, the access point
responds with an acknowledgment frame. Next, the access point sends an
association response frame either allowing or disallowing the association. The
client sends an acknowledgment frame as the fourth and final step.
41
The IEEE 802.11 State Machine
42
Authentication - Deauthentication
There are two methods of authentication:
- Open System authentication
- Shared Key authentication.
The first would be used in less secure environments.
The second would be used in more secure environments.
Deauthentication indicates that the deauthenticating station is
either leaving or has left the BSS or ESS. A deauthentication
frame will include the address of the station being
deauthenticated and the address of the station with which the
deauthenticating station is currently authenticated.
43
Open System Authentication
No true authentication
(verification of identity)
occurs.
Be specified as the
default authentication
mechanism.
The four steps do not
include any actual
authentication of identity.
Access points configured
to use Open System
authentication will
always respond with a
positive authentication to
any authentication
request.
44
Open System Authentication
45
Shared Key Authentication
Shared Key authentication utilizes the
wired equivalent privacy (WEP) key
for authentication.
46
Shared Key Authentication
47
Association, Reassociation, and Disassociation
A station can be authenticated with multiple APs, but it can be
associated with only one. There are three frames related to
association: association frames, reassociation frames, and
disassociation frames.
Association
The process of association: Four frames are transmitted between
the client station and the AP station. The first frame is an
association request frame, which is followed by an
acknowledgment frame from the AP. The third frame is an
association response frame, which is followed by an
acknowledgment frame from the client station.
48
Association, Reassociation, and Disassociation
Reassociation
Reassociation occurs when a client station roams from one AP to
another within an ESS.
Device drops connection with one AP and establish connection
with another. Several reason why reassociation may occur:
roaming, weakened signal. When device determines link
to current AP is poor, begins scanning to find another AP
Disassociation
The disassociation service is the component of the MAC layer
that is responsible for processing a disassociation.
49
Data Flow Optimization Across the RF Medium
Transmitting on the WLAN: DCF and PCF
Distributed Coordination Function (DCF) Mandatory in 802.11
The DCF is the WM access method. DCF is inclusive of the carrier
sensing mechanisms, interframe spacing, and backoff timers. DCF is
said to be a distributed coordination function because the coordination
of access to the WM is distributed among the wireless stations. Using
the various methods, all the stations work together to provide
cooperative access to the WM without the need for a centralized
medium access controller.
Point Coordination Function (PCF) An optional access method
The PCF centralizes access to the WM. There is one point (station) in
the WLAN that is responsible for controlling access to the WM. This
point is the access point. (polling mechanism)
50
RTS/CTS and CTS-to-Self Protocols
Instead of the access point polling the stations to see which station
needs to communicate, the stations can tell the access point they need to
communicate and then wait for the access point to give them the goahead. This method is called Request to Send/Clear to Send (RTS/CTS).
RTS/CTS works according to the following process:
1. A station wishing to transmit using RTS/CTS sends a Request to Send
frame to the AP.
2. When the AP receives the RTS request, it sends a Clear to Send frame
to the WLAN as a broadcast.
3. The stations in the vicinity all hear the duration in either the Request
to Send frame or the Clear to Send frame and know to stay silent.
4. The original requesting station transmits its frame and receives an
acknowledgment during this quiet window.
51
RTS/CTS and CTS-to-Self Protocols
used to solve hidden node problem
52
Fragmentation
Divide data to be transmitted from one large frame into
several smaller ones.
- Reduces probability of collisions
- Reduces amount of time medium is in use.
If data frame length exceeds specific value, MAC layer
fragments it.
Receiving station reassembles fragments.
53
Dynamic Rate Switching
Dynamic rate switching is the process of reducing or increasing
the data rate to the next supported data rate as the quality of the
RF signal changes.
As the quality of the signal degrades, it becomes more and more
difficult to demodulate the more complex modulation schemes.
By slowing down the data rate, either with a different or the same
modulation, it becomes easier to demodulate the data.
A standards-based device will only change the data rate to a
supported data rate of the standard. For example, a HR/DSSS
PHY will shift from 11 to 5.5 Mbps, but will not shift from 11 to
6 Mbps because 6 Mbps is not supported by the HR/DSSS PHY.
54