Wi-Fi Transmission and Enhancement


Contents
1.

Overview of WiFi transmission

WiFi encapsulation in OSI

802.11 frame types

Management frame

Control frame

Data frame

Medium access control

2.

Case study

Lab WiFi environment


3.

STA and AP retransmit so much in low RSSI condition

WiFi enhancement




Physical layer enhancement
MAC layer enhancement


WiFi encapsulation in OSI



The IEEE 802.11-2007 standard defines communication mechanisms only at the Physical layer and MAC sublayer of the Data-Link layer of the OSI model.
By design, the 802.11 standard does not address the upper layers of the OSI model
When capturing wireless frames, if wireless encryption is implemented, all of the layer 3 through layer 7 information will be grouped and displayed as the
encrypted payload


802.11 frame types
There are 3 major type of frame and further subdivided into multiple subtypes:
 Management frames are used by wireless stations to join and leave the basic service set
 Control frames assist with the delivery of the data frames 802.11
 Data frames carry the actual MSDU data that is passed down from the higher layer protocols

Management frame
Association request
Association response
Reassociation request
Reassociation response

Probe request
Probe response
Beacon
ATIM
Disassociation
Authentication
Deauthentication

Control frame subtypes
Power Save Poll (PS-Poll)
Request to send (RTS)
Clear to send (CTS)
Acknowledgment (ACK)
Contention Free-End (CF-End)
CF-End + CF+ACK
Block ACK Request (BlockAckReq)
Block ACK (BlockAck)

Data frame subtypes
Data (simple data frame)
Null function (no MSDU payload)
Data + CF-ACK
Data + CF-Poll
Data + CF-ACK + CF-Poll
CF-ACK (no MSDU payload)
CF-Poll (no MSDU payload)
CF-ACK + CF-Poll (no MSDU payload)
QoS data
QoS Null (no MSDU payload)
QoS data + CF-ACK

QoS data + CF-Poll
QoS data + CF-ACK + CF-Poll
QoS CF-Poll (no MSDU payload)


MAC Sublayer Frame Format
802.11 MAC Protocol Data Unit (MPDU)


Management frame
Management Frame structure
Management frames always have a standard 24-byte-long MAC header with three
addresses, followed by a body of variable size. When 802.11n is in use, the header is
extended 4 byte of the HT Control section

Subtype
bits

Subtype description

0000

Association request

0001

Association response

0010


Reassociation request

0011

Reassociation response

0100

Probe request

0101

Probe response

1000

Beacon

1001

Announcement traffic indication message (ATIM)

1010

Disassociation

 The SA field is the MAC address of the station transmitting the frame

1011


Authentication

 The BSSID can be the AP BSSID or a wildcard value

1100

Deauthentication

 The size and content of the body depend on the management frame subtype

1101

Action

1110

Action no ack

 Duration/ID field can be used for virtual Carrier Sense – This is the main purpose

which used to reset the NAV timer of the other stations
 The DA field is the destination address of the frame. It can be broadcast or unicast
depending on the frame subtype


Management frame
Beacon Frame

Connection establishment


 Beacon frames are used by the access points (and stations in an IBSS) to communicate
throughout the serviced area the characteristics of the connection offered to the cell
members
 Beacon frames are sent periodically, at a time called target beacon transmission time
(TBTT), this unit is 1,024 microseconds normally
 All stations in the cell use the AP beacon as a time reference


Management frame
Beacon Frame example
 Timestamp Field represent the time on the access point, which is the
number of microseconds the AP has been active
 Capability Information Field contains number of subfields that are used to
indicate requested or advertised optional capabilities

 Short Slot Time Subfield determines whether short slot time is allowed in
the cell
 Supported Rates at least one mandatory rate must be set by AP & any
station wanting to join the cell must support all basic rates


Control frame
Valid Type and Subtype combinations
Frame Control fields


Data frame
Data frames: valid Type and Subtype combinations

QoS and Non-QoS Data Frames

Transmitting
station

Receiving
station

Non-QoS station

Non-QoS
station

Non-QoS frame

Non-QoS station

QoS station

Non-QoS frame

QoS station

QoS station

QoS frame

QoS station

Non-QoS
station


Non-QoS frame

All

Broadcast

Non-QoS frame, unless the transmitting station knows that all stations in
the BSS are QoS capable, in which case a QoS frame would be used

Multicast

Non-QoS frame, unless the transmitting station knows that all stations in
the BSS that are members of the multicast group are QoS capable, in
which case a QoS frame would be used

All

Data frame subtype used

Data-Carrying vs. Non-Data-Carrying Frames


Medium access control
These are the steps a station go through prior to transmit a
frame to the wireless medium
1. STAs use a physical carrier sense (Clear Channel
Assessment—CCA) to determine if the wireless medium is
busy.
2. STAs use virtual carrier sense (Network Allocation Vector—
NAV) to detect if the medium is busy. When the virtual timer

(NAV) reaches zero, STAs may proceed.
3. If conditions 1 and 2 are met, STAs wait the necessary IFS
interval, as prescribed by the protocol.
4. If conditions 1 and 2 are met through the duration of condition
3, STAs generate a random backoff number in accordance
with the range of allowed values.
5. STAs begin decrementing the backoff timer by one for every
slot time duration that the wireless medium is idle.
6. After decrementing the backoff value to zero, with an idle
medium, a STA may transmit the allotted frame exchange, in
accordance with the parameters of the obtained transmission
opportunity (TXOP).
7. If another STA transmits before Step 6 is completed, STAs
observe steps 1, 2, 3, and 5 until the backoff timer is equal to
zero.
8. After a successful transmission, repeat as needed. Below
diagram show the flow of the above steps


Medium access control
Physical Carrier Sense
 The CCA is set to busy if a high enough level of energy is detected coming from valid, modulated 802.11 bits
 If modulated bits are detected at those energy levels, the CCA will go busy for 15 microseconds if DSSS modulation is being used or for 4 microseconds if
OFDM modulation is being used
 Interference from non-802.11 devices does not cause the CCA to go into a busy state
 CCA may not keep all devices within a BSS quiet. If an AP or station is too far away to detect data transmissions at the requisite energy level, the CCA may
go into the idle state even though the channel is still occupied

Virtual Carrier Sense
 The network allocation vector is the virtual carrier sense mechanism for 802.11 APs and stations. The NAV is a timer that counts down toward zero. When a

device has a NAV value greater than zero, the device stays quiet. Once the NAV value reaches zero, the wireless medium is considered clear
 APs and stations set their NAV values according to the Duration value inside the 802.11 header
 If an 802.11 device lacks the ability to receive a high-quality signal from another device on the channel because of distance, obstructions, or interference, the
two devices will not be able to read each other’s Duration/ID fields and therefore will not have their NAV values set properly

Interframe Spaces
 The IFS is a quiet period that APs and stations must wait before any 802.11 frame transmission. There are several different IFS times
 Shorter IFS times are used before transmissions with higher priority to the channel. The idea is that if APs and stations wait for a shorter quiet period before
transmitting, they will gain access to the channel while other devices are still staying quiet


Medium access control
SIFS (Shortest Inter Frame Space) is used prior to ACK and CTS frames as well as the second or subsequent MPDUs of a fragment burst
 SIFS for 802.11b/g/n (2.4 GHz) = 10μS
 SIFS for 802.11a/n/ac (5 GHz) = 16μS

RIFS (Reduced Inter Frame Space)
 802.11n standard use RIFS & Block Acknowledgement (mandatory in 802.11n). RIFS is used only when Block ACK is enabled
 Improve efficiency for transmissions to the same receiver in which a SIFS-separated response is not required, such as a transmission burst (CFB-Contention
Free Burst)
 RIFS = 2μS

DIFS (Distributed Inter Frame Space)






DIFS = SIFS + 2x SlotTime

SlotTime for 802.11a/n/ac (5 GHz) = 9μS
SlotTime for 802.11g/n (2.4 GHz – HT or ERP) = 9μS with short preamble
SlotTime for 802.11g/n (2.4 GHz – HT or ERP) = 20μS with long preamble
SlotTime for 802.11b/g/n (2.4 GHz – DSS ) = 20μS

EIFS (Extended Inter Frame Space)
 The EIFS value is used by STAs that have received a frame that contained errors. By using this longer IFS, the transmitting station will have enough time to
recognize that the frame was not received properly before the receiving station commences transmission
 EIFS (in DCF) = SIFS + DIFS + ACK_Tx_Time
 EIFS 802.11b/g/n devices using DSS = 364μS
 EIFS 802.11g/n devices using OFDM = 160μS
 EIFS 802.11a/n devices (5GHz)
= 160μS


Medium access control
PIFS (PCF Inter Frame Spaces)
 PIFS are used by STAs during the contention-free period
(CFP) in PCF mode
 Because PCF has not been implemented in 802.11 devices,
you will not see PIFS used for this purpose
 PIFS = SIFS + SlotTime

Summarize SIFS,DIFS,PIFS & SlotTime values


Medium access control
Random backoff
 The random backoff is a quiet period before a frame transmission, It is a period of time that changes based on a random number chosen by each AP or station
 APs and stations stay quiet during the random backoff by randomly choosing a number of slot times and then counting down until the number of slot times

equals zero. Once the number of slot times hits zero, an AP or station is allowed to transmit a frame
 As soon as one device exhausts its slot times, it will transmit, thus turning the CCA to a busy state in all other devices on the channel
 The lower limit for the random backoff is always 0. The upper limit for the random backoff is always equal to the contention window (CW)
 The contention window (CW) parameter takes the initial value CWmin and effectively doubles on each unsuccessful MPDU transmit, for example each time
an ACK response is not received for a data frame. If the CW reaches CWmax it remains at that value until it is reset. The CW is reset to CWmin after every
successful MPDU transmit


Medium access control
Random backoff procedure
 To begin the random backoff procedure, the station selects a random backoff count in the range [0, CW]. All backoff slots occur following a DIFS during which
the medium is determined to be idle.
 During each backoff slot the station continues to monitor the medium. If the medium goes busy during a backoff slot then the backoff procedure is suspended.
The backoff count is resumed when the medium goes idle again for a DIFS period
 When multiple stations are deferring and go into random backoff, then the station selecting the smallest backoff count (STA 3) will win the contention and
transmit first
 The remaining stations suspend their backoff and resume DIFS after the medium goes idle again
 The station with the next largest backoff count will win next (STA 4) and then eventually the station with the longest backoff count (STA 2)
 A station that begins a new access (STA 1 again) will select a random backoff from the full contention window and will thus tend to select a larger count than
the remaining backoff for stations (such as STA 2) that have already suspended their backoff from a previous access attempt


Case study
STA and AP restransitted so much in low RSSI
condition for which happen with all ONT’s
vendor

WiFi Lab environment



Case study
STA and AP restransitted so much in low RSSI condition for which happen with all ONT’s vendor


Physical layer enhancement
1 Short Preamble is not allowed in Beacon
1.1 Standard
 SlotTime for 802.11g/n (2.4 GHz – HT or ERP) = 9μS with short
preamble
 SlotTime for 802.11g/n (2.4 GHz – HT or ERP) = 20μS with long
preamble
 STA and AP need longer time to calculate DIFS and Backoff
algorithm

1.3 Next action
 RnD please build the firmware which support to allow short
preamble bit
 Refer to BMS ID: H660x:5360
 VTAC test again at Lab

1.2 Beacon packet capture


Physical layer enhancement
2 Reduce Interframe Spacing (RIFS) is prohibitted
1.1 Standard
 RIFS were introduced with 802.11n to improve efficiency for
transmissions to the same receiver in which a SIFS-separated
response is not required
 802.11n standard use RIFS & Block Acknowledgement (mandatory

in 802.11n). RIFS is used only when Block ACK is enabled
 RIFS = 2μS

1.3 Next action
 RnD please build the firmware which support to permit RIFS
 Refer to BMS ID: H660x:5361
 VTAC test again at Lab

1.2 Beacon packet capture


Physical layer enhancement
3 Include VHT information of 802.11 ac in management frame of 802.11n
1.1 Standard
 Some packets including Beacon, Probe response, association response
increase hearder packets, it make longer time to transmit the packets
in WiFi medium

1.3 Next action
 RnD please build the firmware which support to don’t include info
of 802.11ac in some management packets of 802.11n
 Refer to BMS ID: H660x:5362
 VTAC test again at Lab

1.2 Beacon packet capture


MAC layer enhancement
1 Modify MCS set parameters
1.1 Standard

 Non-HT radios that used OFDM
technology (802.11a/g) defined data
rates of 6 Mbps to 54 Mbps based on
the modulation that was used
 HT radios, however, define data rates
based on numerous factors including
modulation, the number of spatial
streams, channel size, and guard
interval
 The 802.11n amendment defines 77
MCSs that are represented by an MCS
index from 0–76. The eight mandatory
MCSs for 20 MHz channels are
comparable to basic (required) rates


MAC layer enhancement
1 Modify MCS set parameters
1.3 Next action

 If the TX MCS Set Defined subfield is set to 0, it indicates the STA is
not specifying a TX MCS set
 When the TX MCS Set Defined subfield is set to 1 and the TX RX
MCS Set Not Equal subfield is set to 0, the STA is indicating it will
use the same MCS set defined by the RX MCS Bitmask subfield
=> Request to set Tx MCS set is defined to be equal to the Rx MCS set.

1.2 Beacon packet capture



MAC layer enhancement
2 Support A-MSDU and A-MPDU
1.1 Standard

1.2 Action packet capture

 An 802.11n access point using A-MSDU would receive multiple
802.3 frames, remove the 802.3 headers and trailers, and then wrap
the multiple MSDU payloads into a single 802.11 frame for
transmission\
 The size of an A-MSDU must not exceed the maximum A-MSDU
size that a STA is capable of receiving. An STA can support one of
two maximum lengths: Maximum A-MSDU Length = 0 (3839
Bytes) or = 1 (7935 Bytes)
 The individual MSDUs must all be of the same 802.11e QoS
access category

1.3 Next action
=> Support A-MSDU with maximum length is 3839 Bytes


MAC layer enhancement
2 Support U-APSD (Unschedule Automatic Power Save Delivery)
1.1 Standard
Every power management method that is used in the real world works from the same basic power management structure, as illustrated in the following steps and
figures:
 Step 1: Before a station goes into the doze state, it sends a frame, usually a null data frame, to the AP indicating that power management is enabled
 Step 2: Once the station indicates that it is in Power Save mode, the AP begins to buffer all frames destined to that station
 Step 3: When the station goes into the awake state (more on that later), it sends a frame to the AP in order to begin the data retrieval process
 Step 4: When the AP has finished sending all buffered data to the station, the station goes back into the doze state

There are three methods of power management that are used today in the 802.11 family:
 802.11 power management
 Unscheduled automatic power save delivery (U-APSD) from the 802.11e amendment
 Power save multi-poll (PSMP) from the 802.11n amendment.
802.11e Unscheduled Automatic Power Save Delivery
 Third Step: When U-APSD is used, the station typically sends null data frames in order to retrieve buffered unicast frames from the AP
 Fourth Step: When U-APSD is used, stations must notify the AP that they are going back into Power Save mode by sending a frame