1 / 52

Wireless Update

Wireless Update. Byron Early & Marcelo Lew University Technology Services January 12, 2006 @ Westnet Meeting. Overview of Topics. General Overview of Current Wireless Deployment at DU Point-to-Multipoint Backbone Links Interference Problems Network Adapter Bridging Problem

major
Download Presentation

Wireless Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Update Byron Early & Marcelo Lew University Technology Services January 12, 2006 @ Westnet Meeting

  2. Overview of Topics • General Overview of Current Wireless Deployment at DU • Point-to-Multipoint Backbone Links • Interference Problems • Network Adapter Bridging Problem • Performance & Analysis Tools

  3. Upgrading APs from 802.11b to “g” @ DU

  4. Wireless Client Support • Web VPN Client • Limited application capability • MUST stay within browser window (No streaming, IM, etc.) • SSL VPN Client (VPN 3000 Rev: 4.7.2) • Same functionality as VPN client!! • Windows 2000/XP support only • IE, Netscape, Mozilla, and Firefox • Active X Controls or Java Required

  5. Upgrading Point-to-Multi-Point“Backbone Links” • Wireless Backbone Links @ DU: • Provide Network Access for subset of buildings not linked by fiber optic backbone (located outside of contiguous campus) • Several University Residence Buildings • Numerous Fraternity & Sorority Houses • English Language Center

  6. Wireless Point to Multi-Point Backbone Links (cont.) Reason for Upgrading: • Replace Legacy Equipment (Orinoco OR1100s) • Originally installed to support only a few users per house – NOW 99% of residents have laptops • Performance Increase: • Interference: Move backbone links to “less crowded” air space (802.11a, 5 GHz UNII Band) • Increase Throughput

  7. Proxim MP-11a • MP-11a: Lowest Cost Uplink Option • Others: Milliwave, Laser, etc. - $$!! • MP-11a Architecture • Star Network Design (vs. Mesh)

  8. Proxim MP-11a (cont.) Benefits (point-to-multi-point links) • Uses a “polling protocol” (WORP) to share its medium (“deterministic”) vs. 802.11’s CDMA/CA • Up to 24 Mbps of “usable, sustainable throughput” • DDRS (Dynamic Data Rate Selection): • Data rate adjusts dynamically based on signal strength value • Helps compensate for temporary link degradation (heavy snow/rain) maintaining connectivity, BUT at lower data rates. • Separate Data Rates supported for each link: • One “slow link” does NOT reduce the data rates of others

  9. Proxim MP-11a (cont.) • MP11a Versions: • MP11 Base Unit (BU) • Supports up to 250 SUs • MP11 Subscriber Unit (SU) • MP11 Residential Subscriber Unit (RSU) • Up to 7 Mac-Addresses (clients) • No PoE • Rugged and Non-Rugged Versions

  10. MP-11a NON-RUGGED

  11. SU w/ built-in antenna MP-11a RUGGED BU w/ external antenna

  12. Proxim MP-11a (cont.) • Security: • “Mutual Authentication” between BU & SUs prevents man-in-the middle attacks and rogue SUs • Encryption: 128-bit AES between BU and SU • 802.1Q VLAN Support (256 Vlans/BU) • Storm Thresholds (packets per second) • Protects against network overloading

  13. MP-11a Warranty & Reliability • Warranty: 1 year (hardware & software) • Replacement unit turn-around: • 3-4 weeks turn-around on w/o service contract • Only 30 days free technical support • Reliability: • Deployed: 10 total units (5 BU, 5 SU) • 2 failures (of of “ruggedized” model in 8 months)

  14. Interference & Performance Problems(ISM 2.4 GHz Band) • Cell-Overlap Interference: • Cell size determined by transmit power & propagation characteristics of location • Cell-Overlap (to enable “roaming”) should not exceed 20-30% • ISM Band (2.4 GHz): only 3 “non-overlapping” Channels (1, 6, 11) • Most DU installations require using all three

  15. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • “Desired” Performance Standards @ DU: • Uniform, small cell sizes • 15-20 users maximum per AP (not always possible) • Excellent signal-to-noise ratio (SNR): • 30 dB or greater • Win-XP Wireless Network Tool not accurate (Tray Icon) • XP tool will not show “excellent” unless in close proximity to AP

  16. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Higher Transmit Power in newer AP Radios: • Upgrading existing networks with new APs increased cell-sizes • Old: 30 mW transmit power • Proxim AP-500, AP-1000 & AP-2000s • New: 100 mW transmit power • Proxim AP-700, 4000s • Remedial Options: • Reduce AP power 50% (50 mW, via Web Interface / AirWave) • Re-positioning APs: costly, may not be possible

  17. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Fluctuating Cell Size Problem: • Received Power varies by location in building • RF propagation in 3 dimensions unpredictable: • Thickness & Composition: Walls, floors, etc. • Metal railings, HVAC ducts, etc. • Filing cabinets, books, etc. • People • SNR typically fluctuates ~8-10 dB at static location • “Over-Lapping” AP signal can become strongest

  18. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Observed Client Effects (fluctuating cell size): • Constant jumping between strongest signals • APs web-interface, AirWave software • Large drop in “throughput” • “Timeouts” (pings, etc.) • Dropped connections • Re-association Delays: • Delays vary by type of client radio card • DU: VPN @ layer 3 (dropping, re-authentication)

  19. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solutions (fluctuating cell size): • Client Laptop: install external “directional” antenna • Decrease AP transmit power • Not always possible – can introduce other coverage problems • IBM Built-in Laptop Tool: restricts connecting to AP by MAC address • Other tools available: dependent on wireless adapter • Need multiple profiles (“roaming” in other locations)

  20. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • “b/g” Channel Interference from Rogue APs: • Clients in Ad Hoc (IBSS) mode (20-40 mW) • Students with personal APs • Bleed-Over Signals at perimeter of campus (nearby homes and businesses) • Rogue AP may not be “connected” into wired campus network port • Cannot use tools to identify down to wired port

  21. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solutions (Channel Interference from Rogue APs): • Locate rogue equipment (YellowJacket – layer 1) • AUP violation if connected to network • Legality of interfering wireless not connected to network? • Interference from Homes/Businesses • Negotiate channel / transmit settings • Increase transmit power • Install directional antennas

  22. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Immunity to Interference: • High Interference Locations with “b/g” APs: • 10-20% Packet Loss • “Timeouts” (pings, etc.) • Users complain of poor performance • Modulation: 802.11b (QPSK) vs. 802.11g (OFDM) • QPSK – less affected by interference than OFDM • OFDM-Modulated-Signal (Graph): • Signal fills more of channel than QPSK (more channel over-lap) • More evident modulation throughout entire channel than QPSK

  23. 802.11b (QPSK) Channel 5

  24. 802.11g (OFDM) Channel 5

  25. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solution of Last Resort (b/g locations): • Set AP to “b” only mode • Mitigates Interference problems • No more packet loss • Lower data rates, but improved throughput

  26. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Device Proliferation in 2.4 GHz ISM Band: • 802.11b/g Devices: Laptops, PDAs, Phones, Video, etc. • Bluetooth Devices: Phones, PDAs, handhelds, audio/visual, mice, headsets, etc. etc.

  27. Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Bluetooth Interference: • FHSS: 1600 hops/second across entire ISM band • Affects all 11 (14) 802.11b/g channels • Power levels vary: 1mW, 10mW, 100mW • Received signal of -30 dBm considered “strong” • Effects Increase with Power & Proximity to other wireless devices • Distance of Bluetooth device from AP • Laptop with Bluetooth-mouse & 802.11b/g wireless radio

  28. 2.4 GHz FHSS Cordless Phone(15 ft. Away) • Ch. 5 (shaded) • Phone signal • FHSS • > -30dBm

  29. 2.4 GHz Wireless Video Transmitter(15 ft. from AP) • Ch. 6 • Both Signals • Video (darker) • ~Equal!

  30. Bluetooth-Mouse(15 ft. Away) • Ch. 5 • FHSS • 15 ft. • Max. -50 dBm

  31. Bluetooth-Mouse(1 ft. Away) • Ch. 5 • FHSS • 1 ft. • > -30 dBm!!!

  32. Windows XP: Network Adapter Bridging Problem • Computer #1: • Running Windows XP; Wired & Wireless adapters • Typically a laptop • Ethernet NIC plugged in to “wired network port” • “Bridge” created between “wired” & “wireless” adapters • Manually (by user) or Automatically (Win-XP bug, patch available) • DHCP: IP addresses offered to both network adapters (normal) • DU: DHCP Server is Cisco Network Registrar (CNR) • DU: “Wireless” Adapters get 10.n.n.n address (“non-routable”) • Client is using the “wired Ethernet port” and is unaware the wireless adapter has “associated” with an AP

  33. Windows XP: Network Adapter Bridging Problem • Computer #2: • On same wired subnet as computer #1 • Also running Windows XP & NIC plugged into “wired port” • Often a desktop computer without a Wireless radio adapter • Computer #2 Issues DHCP request through “wired adapter” • DHCP request gets picked up by Computer #1 and “bridged” out its Wireless Adapter • DHCP Servers answers the request “bridged” through Computer #1 and receives an incorrect “wireless address” (10.n.n.n) and cannot connect to network (wired-VLAN, ACL-blocked) • User calls Help Desk to complain about a network problem! • Computer #2 sometimes receives the correct address to really confuse the Help Desk

  34. Windows XP Network Adapter Bridging Problem(Explanation) • “CHADDR” Field in DHCP Requests: • CHADDR Field gets populated with the MAC address from the network adapter of the computer actually issuing the DHCP request (not the computer “bridging the request”) • In a proper DHCP request the CHADDR MAC Address should be the same as the MAC Address of the Ethernet Frame carrying the request • In the problem case, the CHADDR MAC address comes from Computer #2, while the Ethernet Frame carrying the request comes from Computer #1

  35. Windows XP Network Adapter Bridging Problem(Solution?) • Possible Solution:(from Cisco TAC) • Create a “Filter Expression” for CNR: • Filter: CHADDR Field MAC address must match MAC address of frame carrying DHCP request payload • DHCP Server (CNR) will Ignore requests not meeting the condition of the filter (but will respond to the correct request from Computer #2 that didn’t get picked up & bridged by Computer #1) • DU testing the solution now . . . Stay tuned!

  36. Software Tools(Bluetooth Analysis) • “BlueWatch” • (from AirDefense, cost unknown) • OS: Windows & XP • Identifies type of interfering device • Displays key attributes, services supported, and with whom it connects

  37. Software Tools(Bluetooth Analysis) • “BlueScanner” • (from Network Chemistry, freeware) • OS: Windows XP • Identifies type of interfering device • Displays key attributes, services supported, and with whom it connects • Provides Location information

  38. Software Tools(Bluetooth Analysis) • “BlueSweep” • (from AirMagnet, Freeware) • OS: Windows XP SP2 • Capabilities: ?

  39. Network Troubleshooting Tools(for laptops & PDAs) • Wireless Protocol Analyzers • “Sniffer Portable LAN Suite 4.8 SP1”: • (from Network General, ~$4500) • SW that runs on a Laptop • “AiroPeek NX 3.0”: • (from WildPackets, ~$3000) • SW for Laptop

  40. Network Troubleshooting Tools(for laptops & PDAs) • Site Survey Analyzers: • “AirMagnet Surveyor Pro 2.6” (Laptop; ~$3200) • “Software Suite - Berkeley Varitronics” • “Hive”, “Site Initiator”, “Site Investigator” • ~$2500 for 3 software suite • YellowJacket hardware is ~$3200 • Plots results on AutoCad “floorplan”

  41. Network Troubleshooting Tools(for laptops & PDAs) • Site Survey Analyzers: • “Ekahau Site Survey Pro 2.1”: • ~$3700 • SW runs on laptop • Allows predictions of RF coverage • Requires entry of construction data

  42. Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “AirMagnet Laptop 6.0” (~$3500): • Runs on Windows laptop • Allows connecting to AP as a client • Channel Selectable Information: • # of Packets, # APs, power levels, etc. • Packet-capture & decoding • Rogue AP detection

  43. Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “YellowJacket” (from Berk0Var 2.3 ~$3200): • Harware-Analyzer / IPaq tandem (HX2415 or HX4700) • Connects to PDA via FlashCard • Performs spectrum analysis • Cannot connect as “client” (monitor mode only) • Layer 1: Rogue AP detection & directional locator • Layer 2 “b/g” analysis: (beacons, probes, multi-path, etc.) • Channel Selectable Information: how busy, # APs, power levels, etc.

  44. Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “EtherScope Pro Network Assistant 2.0” • (from Fluke Networks, ~$8000) • HW device, build on Linux platform • Rogue AP detection • Channel Selectable Information: how busy, # APs, power levels, etc. • Authentication & Association analysis

  45. Network Troubleshooting Tools(for laptops & PDAs) • Spectrum Analyzers: • “Bumblebee”Spectrum Analyzer: • (from Berkeley Varitronics; ~$2500) • Advanced handheld spectrum analyzer • HW & SW (“Pocket PC”) • Connects to PDA via FlashCard

  46. Network Troubleshooting Tools(for laptops & PDAs) • Wi-Fi Power-Output Analyzers: • “Caterpillar” (from Berkeley Varitronics ~$750) • Hardware device • Detects power output in 2.4 & 5 GHz • Connects to “intentional radiator”

  47. Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “NetStumbler” & “MiniStumbler” • Windows & XP: NetStumbler • Window Mobile: MiniStumbler • Both are Freeware • AP detection (SSID, channel, SNR) • Infrastructure or Ad Hoc mode information

  48. Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “Kismet”: • OS: Runs on Linux • Freeware • AP detection (SSID, channel, SNR) • Infrastructure or Ad Hoc info • Packet decoding (beacons, probes, payloads) • Intrusion Detection

  49. Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “Ethereal”: • OS: Runs on Windows & Linux • Freeware • Decode & Analysis of 802.11 header • Chipset must be in monitor/”promiscuous” mode • MS-Windows drivers do not allow monitor/”promiscuous” mode • Open Source drivers needed to enable monitor mode

More Related