802.11 and Hidden Terminals
Y. Richard Yang
2/3/2009
Admin.
 Homework 2 linked on the schedule page
2
Recap: The Hidden Terminal Problem
E
D
A
B
C
 A is sending to B, but C cannot detect the
transmission
 Therefore C sends to B
 In summary, A is “hidden” from C
3
Recap: Media Access Techniques Handling
Hidden Terminals
 CSMA/CD -> CSMA/CA (congestion avoidance)
 default in 802.11
 even if media is not sensed busy, transmits with a
probability
 in real implementation, with a random delay
 Busy-tone multiple access
 used in CDPD (cellular digital packet data)
 the base station sends a busy tone on the down link when
receiving data
 Virtual carrier sense: RTS/CTS/DATA/ACK
4
Outline
 Admin. and recap
 802.11
5
IEEE 802.11 Requirements
 Design for small coverage (e.g. office,
home) (implication?)
 Low/no mobility (implications?)
 High data-rate applications
 Ability to integrate real time applications
and non-real-time applications
(implications?)
 Use un-licensed spectrum
6
802.11: Infrastructure Mode
802.11 LAN
STA1
802.x LAN
 Architecture similar to cellular

• terminal with access mechanisms
to the wireless medium and radio
contact to the access point
BSS1
Portal
Access
Point
Distribution System

ESS
access point (AP)
• station integrated into the
wireless LAN and the distribution
system

basic service set (BSS)
• group of stations using the same
AP
Access
Point

BSS2
portal
• bridge to other (wired) networks

STA2
networks station (STA)
802.11 LAN
STA3
distribution system
• interconnection network to form
one logical network (EES:
Extended Service Set) based
on several BSS
7
IEEE 802.11 Physical Layer
 Family of IEEE 802.11 standards:

unlicensed frequency spectrum: 900Mhz, 2.4Ghz, 5.1Ghz, 5.7Ghz
300 MHz
5.15-5.35 GHz
5.725-5.825 GHz
and 802.11b/g
802.11a
8
802.11a Physical Channels
36
5150
40
44
48
52
56
60
64
5180 5200 5220 5240 5260 5280 5300 5320
149
153
157
161
channel#
channel#
5350 [MHz]
center frequency =
5000 + 5*channel number [MHz]
5725 5745 5765 5785 5805 5825 [MHz]
9
The IEEE 802.11 Family
Protocol Release
Data
Freq.
Rate
(typical)
Rate
(max)
Range
(indoor)
Legacy
1997
2.4 GHz
1 Mbps
2Mbps ?
802.11a
1999
5 GHz
25 Mbps
54
Mbps
~30 m
802.11b
1999
2.4 GHz
6.5 Mbps
11
Mbps
~30 m
802.11g
2003
2.4 GHz
25 Mbps
54
Mbps
~30 m
802.11n
2008
2.4/5
GHz
200 Mbps 540
Mbps
~50 m
10
802.11a Modulation
 Use OFDM to divide each physical channel
(20 MHz) into 52 subcarriers
(20M/64=312.5 KHz each)

48 data, 4 pilot
 Adaptive modulation
 BPSK: 6, 9 Mbps
 QPSK: 12, 18 Mbps
 16-QAM: 24, 36 Mbps
 64-QAM: 48, 54 Mbps
11
802.11 - MAC Layer
 Traffic services

Asynchronous Data Service (mandatory)
• exchange of data packets based on “best-effort”
• support of broadcast and multicast

Time-Bounded Service (optional)
• exchange of bounded delay service
12
802.11 MAC Layer: Access Methods
 DFWMAC-DCF CSMA/CA (mandatory)
collision avoidance via randomized “back-off“
 ACK packet for acknowledgements

 DFWMAC-DCF w/ RTS/CTS (optional)
 additional virtual “carrier sensing: to avoid
hidden terminal problem
 DFWMAC- PCF (optional)
 access point polls terminals according to a list
13
802.11 CSMA/CA
 CSMA: Listen before transmit
 Collision avoidance
 when transmitting a packet, choose a backoff
interval in the range [0, CW]
• CW is contention window
 Count down the backoff interval when medium
is idle

count-down is suspended if medium becomes busy
 Transmit when backoff interval reaches 0
14
802.11 Backoff
 IEEE 802.11 contention window CW is adapted
dynamically depending on collision occurrence


after each collision, CW is doubled
thus CW varies from CWmin to CWmax
802.11b
802.11a
802.11g
aSlotTime
20 usec
9 usec
20 usec
(mixed);
9 usec
(g-only)
aCWmin
31 slots
15 slots
15 slots
15
Congestion Avoidance: Example
busy
B1 = 25
B1 = 5
wait
data
data
B2 = 20
busy
cw = 31
wait
B2 = 15
B2 = 10
B1 and B2 are backoff intervals
at nodes 1 and 2
Q: how is the performance of a mixed mode 802.11b/g network?
16
802.11 – RTS/CTS + ACK
 Sender sends RTS with NAV (Network allocation Vector, i.e.
reservation parameter that determines amount of time the data
packet needs the medium)
 Receiver acknowledges via CTS (if ready to receive)

CTS reserves channel for sender, notifying possibly hidden stations
 Sender can now send data at once, acknowledgement via ACK
 Other stations store NAV distributed via RTS and CTS
DIFS
sender
data
RTS
SIFS
receiver
other
stations
CTS SIFS
SIFS
NAV (RTS)
NAV (CTS)
defer access
ACK
DIFS
new contention
data
t
17
802.11 – Inter Frame Spacing
 Defined different inter frame spacing
 SIFS (Short Inter Frame Spacing); 10 us in 802.11b

highest priority, for ACK, CTS, polling response
 PIFS (PCF IFS); 30 us in 802.11b

medium priority, for time-bounded service using PCF
 DIFS (DCF, Distributed Coordination Function IFS); 50 us in 802.11b

lowest priority, for asynchronous data service
DIFS
DIFS
medium busy
PIFS
SIFS
contention
next frame
t
direct access if
medium is free  DIFS
18
802.11 – Inter Frame Spacing
802.11b
802.11a
802.11g
aSIFSTime
10 usec
16 usec
10 usec
aSlotTime
20 usec
9 usec
20 usec
(mixed);
9 usec (g
only)
aDIFTime
(2xSlot+SIFS)
50 usec
34 usec
50 usec;
28 usec
19
802.11: PCF for Polling
(Infrastructure Mode)
PIFS
point
coordinator
D
D
SIFS
U
polled
wireless
stations
NAV
SIFS
NAV
medium
busy
contention free period
contention
period
t
D: downstream poll, or data from point coordinator
U: data from polled wireless station
20
802.11b Frame Format
preamble
2
Sync
SFD
PLCP header
MAC Data
CRC
Preamble (192 usec; or optional 96 short version)
- Sync: alternating 0s and 1s (DSSS 128 bits)
- SFD: Start Frame delimiter: 0000 1100 1011 1101
PLCH (Phsical Layer Convergence Procedure) Header
- payload length
- signaling field: the rate info.
- CRC: 16 bit protection of header
21
802.11 – MAC Data Format
 Types

control frames, management frames, data frames
 Sequence numbers

important against duplicated frames due to lost ACKs
 Addresses

receiver, transmitter (physical), BSS identifier, sender (logical)
 Miscellaneous

sending time, checksum, frame control, data
bytes
2
2
6
6
6
2
6
Frame Duration/ Address Address Address Sequence Address
Control
ID
1
2
3
number
4
bits
2
2
4
1
1
1
1
1
1
1
0-2312
4
Data
CRC
1
Protocol
To From More
Power More
Type Subtype
Retry
WEP Order
version
DS DS Frag
Mgmt Data
22
23
Example: 802.11b Throughout
 Suppose TCP with 1460 bytes payload
802.11b data frame size (not including
preamble): 1536 bytes
 TCP ACK data frame size (not including
preamble): 76 bytes

 802.11b ACK frame size 14 bytes
 Suppose 802.11b at the highest rate
8 bits per symbol
 1.375 Msps

Q: What is TCP/802.11b throughput?
http://www.andrews.edu/~swensen/Wifi%20Throughput.pdf
24
Example: 802.11g Throughout
 Suppose 802.11g at the highest rate
(54Mbps)
symbol duration: 4 usec; 216 bits/symbol
 20 usec preamble; 6 usec “signal extension
time” at the end of each frame

 Suppose TCP with 1460 bytes payload
 data: 57 symbols; ACK: 3 symbols
 802.11b ACK frame size 14 bytes
 1 symbol
Q: What is TCP/802.11g throughput?
http://www.andrews.edu/~swensen/Wifi%20Throughput.pdf
25
Example: TCP/802.11g +
RTS/CTS
 RTS/CTS uses 802.11b DIFS (50 usec)
 RTS/CTS uses 802.11b frame coding
 20 bytes RTS
 14 bytes CTS
Q: What is throughput?
http://www.andrews.edu/~swensen/Wifi%20Throughput.pdf
26
Outline
 Admin. and recap
 802.11
 Improving 802.11 hidden-terminal decoding
27
A Testbed Result
• 10% HT, 10% partial HT,
80% perfectly sense each
other
• Each run randomly picks
an AP and two clients
USRPs
802.11a
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Perfectly
Sense
Partial Hidden
HiddenTerminals
Terminals
802.11
0
0.5
1
Throughput
1.5
2
The Hidden Terminal Problem
No ACK
Collision!
Alice
Bob
The Hidden Terminals Problem
Retransmission
One more Collision
Alice
Q: how likely you have a second collision?
Bob
Can we take two collisions and
produce the two packets?
Pa
Pb
Pa
Pb
ZigZag Decoding
Exploits 802.11’s behavior
 Retransmissions
Same packets collide again
 Senders use random jitters
 Collisions start with interference-free bits
∆1
Pa
Pb
∆2
Interference-free Bits
Pa
Pb
How Does ZigZag Work?
1
1
∆1
∆2
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
1
∆1
∆2 2
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
3
∆1
2
∆2 2
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
∆1
3
3
∆2 2
4
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
∆1
3
5
4
∆2 2
4
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
∆1
3
5
5
∆2 2
4
6
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
∆1
3
5
7
6
∆2 2
4
6
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
How Does ZigZag Work?
1
∆1
3
5
7
7
∆2 2
4
6
8
∆1 ≠∆2
Find a chunk that is interference-free in one
collisions and has interference in the other
Decode and subtract from the other collision
Delivered 2 packets in 2 timeslots
As efficient as if the packets did not collide
ZigZag Technical Issues
1
∆1
1
∆2 2
 Collision detection
 Chunk subtraction
 Backward ACK compatibility
42
Outline
 Admin. and recap
 802.11
 Zigzag 802.11 decoding
Overall idea
 Technical issues

• Collision detection
43
Collision detection: How does the AP know it is a
collision and where the second packet starts?
Time
∆
44
Detecting Collisions and the Value of ∆
AP received signal
Correlat
e
Packets start with
known preamble
AP correlates known
preamble with signal
Time
∆
Correlation
Time
Correlation
y A [n ]  H A x[n ]  w[n ] (a time invariant channel)
y B [n ]  H B x[n ]  w[n ] (a time invariant channel)
y[n ]  y A [n ]  y B [n ]  w[n ] in presence of collision
L
' ()  H B  | s[k ] |2
k 1
Matching Collision
Pa
Pb
 Given (P1 + P2()) and (P1’, P2’(’)), how to
determine that P1 = P’ and P2 = P2’
Determine offset first
 Correlation of P2() and P2’(’)

P’a
P’b
Outline
 Admin. and recap
 802.11
 Zigzag 802.11 decoding
Overall idea
 Technical issues

• Collision detection
• Subtracting chunks
48
1
How Does the AP
Subtract the Signal?
2
1
2
• Channel’s attenuation or phase may change
between collisions
• Can’t simply subtract a chunk across collisions
Alice’s signal in
first collision
Alice’s signal in
second collision
Subtracting a Chunk
1
2
1
2
 Decode chunk into bits
 Removes
effects of channel during first collision
 Re-modulate bits to get channel-free signal
 Apply effect of channel during second collision
 Use
correlation to estimate channel despite
interference
What if AP Makes a Mistake?
What if AP Makes a Mistake?
Bad News: Errors can propagate
1
3
∆1 2
1
∆2 2
Can we deal with these errors?
What if AP Makes a Mistake?
Good News: Temporal Diversity
A bit is unlikely to be affected by noise in both collisions
∆1
∆2
Get two independent decodings
AP Decodes Backwards as well as Forwards
2
∆1
3
1
2
∆2
1
Errors propagate differently in the two decodings
Which decoded value should the AP pick?
For each bit, AP picks the decoding that has a
higher PHY confidence
Outline
 Admin. and recap
 802.11
 Zigzag 802.11 decoding
Overall idea
 Technical issues

• Collision detection
• Subtracting chunks
• ACK for backward compatibility
55
Acknowledgement
 Use as much synchronous acknowledgement
as possible for backward compatibility
Backup Slides
Does ZigZag Handle Flipped Order?
Pa
Pb
Pa
Pb
 Flipped order
Pa
Pb
Pb
Pa
ZigZag Generalizes
 Flipped order
∆2
1
∆1
2
2
1
Does ZigZag Handle Diff. Packet
Sizes?
1
1
∆1
2
∆2 2
Technical Barriers
 How do I know packets collide
 Matching collision happened? (P1, P2)
and (P1’, P2’)
 Frequency offset between transmitter
and receiver
 Sampling offset
 Inter-symbol interference
 What if errors occur in chunks
 Acknowledgement?
}
subtraction is
non-trivial
Decode matching collision
 Decode iteratively
 Re-encoding
 Computing channel parameters
L
' ()  H B  | s[k ] |2
• Channel gain estimated from
k 1
• Frequency offset and sampling error 1) coarse
estimation from previously successful reception 2)
iterative estimation
• Inter-symbol interference: take the inverse of linear
filter (for removal of ISI)
x[i ] 
L
h x
l  L
l
ISI
[i  l ]
Decode matching collision
(cont’d)
 Re-encoding

Account for sampling error
y A [n]  H A x A [n]e

j 2f AT
y A [n   A ]   y A [i ]sin c( (n   A  i ))

What about errors?
 Will errors in decoding have a cascading
effect?

Error propagation dies out exponentially
• Error correction capability of modulation

Forward and backward decoding
ZigZag Generalizes
 Flipped order
 Different packet sizes
 Multiple colliding packets
 Capture effect
 Subtract
Alice and combine Bob’s packet across
collisions to correct errors
∆1
Pa1
Pb
∆2
Pa2
Pb
3 packets in 2 time slots  better than no collisions
Implementation
• USRP Hardware
• GNURadio software
• Carrier Freq: 2.4-2.48GHz
• BPSK modulation
Testbed
USRPs
• 10% HT, 10% partial HT,
80% perfectly sense each
other
• Each run randomly picks
an AP and two clients
• Co-located 802.11a nodes
to find out about HTs and
created the same collision
patterns by the USRPs
802.11a
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
0.5
1
Throughput
1.5
2
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Perfectly
Sense
Partial Hidden
HiddenTerminals
Terminals
802.11
0
0.5
1
Throughput
1.5
2
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Hidden Terminals get
high throughput
0
0.5
ZigZag
802.11
1
Throughput
1.5
2
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
ZigZag Exploits
Capture Effect
ZigZag
802.11
0
0.5
1
1.5
2
Throughput
ZigZag improved average Throughput by 25%
CDF of concurrent flow pairs
Throughput Comparison
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Hidden
Terminals
ZigZag
802.11
0
0.5
1
1.5
2
Improved hidden terminals loss rate from
72% to 0.7%
Throughput
Is ZigZag as efficient as if the colliding
packets were sent in separate slots?

For every SNR,
Check that ZigZag can match the BER of
collision-free receptions
Bit Error Rate (BER)
Is ZigZag as efficient as if packets were
collision-free Receptions?
1.E-02
1.E-03
1.E-04
1.E-05
5
7
9
SNR in dB
11
Bit Error Rate (BER)
Is ZigZag as efficient as if packets were
collision-free Receptions?
1.E-02
Collision-Free
Receptions
1.E-03
1.E-04
1.E-05
5
7
9
SNR in dB
11
Bit Error Rate (BER)
Is ZigZag as efficient as if packets were
collision-free Receptions?
1.E-02
Collision-Free
Receptions
1.E-03
ZigZag-Decoded
Collisions
1.E-04
1.E-05
5
7
9
11
SNR inas
dB if the colliding
ZigZag is as efficient
packets were sent separately
Three Colliding Senders
Collision!
Alice
Bob
Chris
Nodes picked randomly from testbed
CDF of runs
Three Colliding Senders
1
Alice
Bob
Chris
0.8
0.6
0.4
0.2
0
0
0.1
0.2
0.3
0.4
Per-Sender Throughput
ZigZag extends beyond two colliding senders
ZigZag Generalizes
 Flipped order
 Different packet sizes
 Multiple colliding packets
11
22
33
11
11
22
22
33
33