Friday, November 13, 2009

Delivering Packets from the Wireless to Wired Network


The Association Process


To begin, you need a network. This chapter uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in range of an AP that is advertis- ing multiple service set identifiers (SSID). One SSID puts users on a network that is of- fered to guest users called Guest. The other SSID is called UserNet and is designed for authenticated users of the corporate network. Naturally, more security is going to be applied to users of UserNet, such as authentication and encryption, as opposed to the net- work Guest. The Guest network places users on the 172.30.1.0/24 subnet. The UserNet places users on the 10.99.99.0/24 network. Although these two networks are on different subnets and users associate with different SSIDs, recall that an AP can advertise multiple SSIDs but actually uses the same wireless radio. In the wireless space, the SSID and IP subnet keep the networks logically separated.


Getting back to the association process, a client scans the channels hoping to hear a beacon from an AP or actively sends a probe request. If a probe response is received or a bea- con is heard, the client can attempt to associate with the SSID received in that probe response or beacon.

The next step is to authenticate and associate with the AP. When the client chooses an SSID, it sends an authentication request. The AP should reply with an authentication response. After this occurs and a “Success” message is received, an association request is sent, including the data rates and capabilities of the client, followed by an association re- sponse from the AP. The association response from the AP includes the data rates that the AP is capable of, other capabilities, and an identification number for the association.

Next, the client must determine the speed. It does this by determining the Received Signal Strength Indicator (RSSI) and signal-to-noise ratio (SNR), and it chooses the best speed to send at based on these determinations. All management frames are sent at the lowest rate, whereas the data headers can be sent faster than management frames, and the actual data frames at the fastest possible rate. Just as the client determines its rates to send, the AP, in turn, does the same. Now that the client is associated, it can attempt to send data to other devices on the network.


Sending to a Host on Another Subnet

When a client is associated with an AP, the general idea is to send data to other devices. To illustrate this, first try to send data between Client A in Figure 9-2, which is on the User- Net network, and Client B, which is on the Guest network. Although a typical network would not allow guest users to send traffic to internal WLAN users for security purposes, this will provide an example of how the connection works.

The two clients are clearly on two different subnets, so the rules of how IP works are still in play. The clients cannot send traffic directly to each other. Based on normal IP rules, they would first determine that the other is not on the same subnet and then decide to use a default gateway to relay the information. If a client has never communicated with the de- fault gateway, it uses Address Resolution Protocol (ARP) to resolve its MAC address. The process would appear as follows:

Step 1. Client A wants to send traffic to Client B.
Step 2. Client A determines that the IP address of Client B is not on the same subnet.
Step 3. Client A decides to send the traffic to the default gateway of 10.99.99.5.
Step 4. Client A looks in its ARP table for a mapping to the gateway, but it is not there.
Step 5. Client A creates an ARP request and sends to the AP, as seen in Figure 9-3.


When the ARP request is sent to the AP, it is an interesting process and actually works a little bit differently than on a wired network. Remember that on a wired network, the header has only two MAC addresses: the source address and the destination address. An 802.11 frame can have four addresses: the source address (SA), destination address (DA), transmitter address (TA), and receiving address (RA). In this situation, the SA is the MAC of the client sending the ARP request, the DA is broadcast (for the ARP), and the RA is the AP. No TA is present in this example.

Figure 9-4 shows the ARP request.


The AP receives the ARP and sees its MAC address. It verifies the frame check sequence (FCS) in the frame and waits the short interframe space (SIFS) time. When the SIFS time expires, it sends an ACK back to the wireless client that sent the ARP request. This ACK is not an ARP response; rather, it is an ACK for the wireless frame transmission.

The AP then forwards the frame to the WLC using the Lightweight Access Point Protocol (LWAPP), as illustrated in Figure 9-5.


The LWAPP frame that travels from the AP to the WLC is traveling on a wired network. This brings forth the question, “What happened to the 802.11 frame format?” LWAPP simply encapsulates the frame inside a 6-byte header. The new 6-byte header has the AP IP and MAC address as the source and the WLC IP and MAC address as the destination. Encapsulated inside of that header is the original 802.11 frame with the three MAC ad- dresses, including the broadcast MAC address for the ARP process. When the WLC re- ceives the LWAPP frame, it opens the frame revealing the ARP request and rewrites the ARP request in an 802.3 frame that can be sent across the wired network. The first ad- dress from the 802.11 frame is dropped, the second address is placed as the source address in the new 802.3 frame, and the third address, the broadcast address, is placed as the desti- nation address. The WLC then forwards the ARP request, in 802.3 format, across the wired network, as seen in Figure 9-6. Here you can see how the frame appears between the wireless Client A and the AP, how the AP encapsulates the frame and sends it to the WLC, and how the WLC rewrites the frame and sends it to the wired network.


As switches receive the ARP request, they read the destination MAC address, which is a broadcast, and flood the frame out all ports except the one it came in on. The exception to this rule is if VLANs are in use, in which case the frame would be flooded to all ports that are members of the same VLAN. Assuming that VLANs are not in use, the frame, as stated, is flooded out all ports except the one it came in on.

At some point, the frame will be received by a Layer 3 device, hopefully the default gate- way. In Figure 9-7, the router has received the ARP request and will respond to it with its MAC address.


That ARP response is sent back as a unicast message, so the switches in the path are going to forward it directly to the port that leads back to the wireless client, rather than flooding the frame out all ports. Eventually the frame is received by the WLC, and it must be re- built as an 802.11 frame. When the WLC rewrites the frame, it places the DA as address 1, the SA as address 3, and the TA as address 2, which is the SSID of the AP. Figure 9-8 illus- trates this process.

As illustrated in Figure 9-9, the newly formed 802.11 frame is placed inside an LWAPP header where the AP IP and MAC is the destination and the WLC IP and MAC is the source. The LWAPP frame is forwarded to the AP.

Next, the AP must remove the LWAPP header, exposing the 802.11 frame. The 802.11 frame is buffered, and the process of sending a frame on the wireless network begins. The AP starts a backoff timer and begins counting down. If a wireless frame is heard during the countdown, the reservation in the heard frame is added to the countdown and the AP continues. Eventually, the timer expires, and the frame can be sent an 802.11 frame.

Thursday, November 5, 2009

WiMax

Worldwide Interoperability for Microwave Access (WiMax) is defined by the WiMax fo- rum and standardized by the IEEE 802.16 suite. The most current standard is 802.16e.

According to the WiMax Forum:

“WiMAX is a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to wired broadband like cable and DSL. WiMAX provides fixed, nomadic, portable and, soon, mobile wireless broadband connectivity without the need for direct line-of-sight with a base station. In a typical cell radius deployment of three to ten kilometers, WiMAX Forum Certified systems can be ex- pected to deliver capacity of up to 40 Mbps per channel, for fixed and portable ac- cess applications.

“This is enough bandwidth to simultaneously support hundreds of businesses with T- 1 speed connectivity and thousands of residences with DSL speed connectivity. Mo- bile network deployments are expected to provide up to 15 Mbps of capacity within a typical cell radius deployment of up to three kilometers. It is expected that WiMAX technology will be incorporated in notebook computers and PDAs by 2007, allowing for urban areas and cities to become ‘metro zones’ for portable outdoor broadband wireless access.”

You must understand a few aspects of WiMax; the first is the concept of being fixed line of sight (LOS) or non-LOS (mobile). In non-LOS, mobile doesn’t mean mobile in the sense that most of us think. WiMax mobility is more like the ability to travel and then set up shop temporarily. When you are done, you pack up and move on. A few service providers use this technology to provide end-user access as an alternative to DSL or cable modem. Your signal range in this Non-LOS scenario is about 3 to 4 miles, and data rates are adver- tised at around 30 Mbps, but you can expect less—closer to 15 Mbps.

Other service providers are targeting business customers in a fixed LOS WiMax deploy- ment in which the topology most closely resembles that of a traditional T1, being a point- to-point type of topology and providing backhaul or backbone services. This fixed LOS advertises 30 to 70 Mbps throughput, but you can expect around 40 Mbps.

As the IEEE standardizes WiMax technology, it has progressed from the original 802.16 to 802.16a, c, d, and finally 802.16e.

As mentioned, the WiMax defines last-mile access. Figure 8-6 shows a sample topology in which subscribers have a point-to-point connection back to a service provider and from there have access to the public Internet.


WiMax operates on the 10- to 66-GHz frequency band, so it doesn’t interfere with 802.11 LANs. So why is it discussed in this section? The school of thought here is that, with some planning, a device acting as a gateway can be deployed offering 802.11 LAN access with 802.16 last-mile access or upstream access to a service provider, thus removing the need for wires. The question of how feasible this is lies in the hands of the vendors devel- oping the products and the standards committees ensuring interoperability. Some vendors, however, have tested this technology in lab environments with much success.


Other Types of Interference

Other types of interference can occur in the same frequency ranges. These devices might not be the most obvious, but they should be considered. They can include the following:
  • Microwaves (operate at 1 to 40 GHz)
  • Wireless X11 cameras (operate at 2.4 GHz)
  • Radar systems (operate at 2 to 4 GHz for moderate-range surveillance, terminal traffic control, and long-range weather and at 4 to 8 GHz for long-range tracking and air- borne weather systems)
  • Motion sensors (operate at 2.4 GHz)
  • Fluorescent lighting (operates at 20000 Hz or higher)
  • Game controllers and adapters (usually operate at 2.5 GHz)

When dealing with wireless deployments, you can use tools to determine signal strength and coverage, but just knowing about these additional sources of interference will save you some time in determining where to place APs and clients.