520 likes | 641 Views
Wireless Update. Byron Early & Marcelo Lew University Technology Services January 12, 2006 @ Westnet Meeting. Overview of Topics. General Overview of Current Wireless Deployment at DU Point-to-Multipoint Backbone Links Interference Problems Network Adapter Bridging Problem
E N D
Wireless Update Byron Early & Marcelo Lew University Technology Services January 12, 2006 @ Westnet Meeting
Overview of Topics • General Overview of Current Wireless Deployment at DU • Point-to-Multipoint Backbone Links • Interference Problems • Network Adapter Bridging Problem • Performance & Analysis Tools
Wireless Client Support • Web VPN Client • Limited application capability • MUST stay within browser window (No streaming, IM, etc.) • SSL VPN Client (VPN 3000 Rev: 4.7.2) • Same functionality as VPN client!! • Windows 2000/XP support only • IE, Netscape, Mozilla, and Firefox • Active X Controls or Java Required
Upgrading Point-to-Multi-Point“Backbone Links” • Wireless Backbone Links @ DU: • Provide Network Access for subset of buildings not linked by fiber optic backbone (located outside of contiguous campus) • Several University Residence Buildings • Numerous Fraternity & Sorority Houses • English Language Center
Wireless Point to Multi-Point Backbone Links (cont.) Reason for Upgrading: • Replace Legacy Equipment (Orinoco OR1100s) • Originally installed to support only a few users per house – NOW 99% of residents have laptops • Performance Increase: • Interference: Move backbone links to “less crowded” air space (802.11a, 5 GHz UNII Band) • Increase Throughput
Proxim MP-11a • MP-11a: Lowest Cost Uplink Option • Others: Milliwave, Laser, etc. - $$!! • MP-11a Architecture • Star Network Design (vs. Mesh)
Proxim MP-11a (cont.) Benefits (point-to-multi-point links) • Uses a “polling protocol” (WORP) to share its medium (“deterministic”) vs. 802.11’s CDMA/CA • Up to 24 Mbps of “usable, sustainable throughput” • DDRS (Dynamic Data Rate Selection): • Data rate adjusts dynamically based on signal strength value • Helps compensate for temporary link degradation (heavy snow/rain) maintaining connectivity, BUT at lower data rates. • Separate Data Rates supported for each link: • One “slow link” does NOT reduce the data rates of others
Proxim MP-11a (cont.) • MP11a Versions: • MP11 Base Unit (BU) • Supports up to 250 SUs • MP11 Subscriber Unit (SU) • MP11 Residential Subscriber Unit (RSU) • Up to 7 Mac-Addresses (clients) • No PoE • Rugged and Non-Rugged Versions
SU w/ built-in antenna MP-11a RUGGED BU w/ external antenna
Proxim MP-11a (cont.) • Security: • “Mutual Authentication” between BU & SUs prevents man-in-the middle attacks and rogue SUs • Encryption: 128-bit AES between BU and SU • 802.1Q VLAN Support (256 Vlans/BU) • Storm Thresholds (packets per second) • Protects against network overloading
MP-11a Warranty & Reliability • Warranty: 1 year (hardware & software) • Replacement unit turn-around: • 3-4 weeks turn-around on w/o service contract • Only 30 days free technical support • Reliability: • Deployed: 10 total units (5 BU, 5 SU) • 2 failures (of of “ruggedized” model in 8 months)
Interference & Performance Problems(ISM 2.4 GHz Band) • Cell-Overlap Interference: • Cell size determined by transmit power & propagation characteristics of location • Cell-Overlap (to enable “roaming”) should not exceed 20-30% • ISM Band (2.4 GHz): only 3 “non-overlapping” Channels (1, 6, 11) • Most DU installations require using all three
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • “Desired” Performance Standards @ DU: • Uniform, small cell sizes • 15-20 users maximum per AP (not always possible) • Excellent signal-to-noise ratio (SNR): • 30 dB or greater • Win-XP Wireless Network Tool not accurate (Tray Icon) • XP tool will not show “excellent” unless in close proximity to AP
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Higher Transmit Power in newer AP Radios: • Upgrading existing networks with new APs increased cell-sizes • Old: 30 mW transmit power • Proxim AP-500, AP-1000 & AP-2000s • New: 100 mW transmit power • Proxim AP-700, 4000s • Remedial Options: • Reduce AP power 50% (50 mW, via Web Interface / AirWave) • Re-positioning APs: costly, may not be possible
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Fluctuating Cell Size Problem: • Received Power varies by location in building • RF propagation in 3 dimensions unpredictable: • Thickness & Composition: Walls, floors, etc. • Metal railings, HVAC ducts, etc. • Filing cabinets, books, etc. • People • SNR typically fluctuates ~8-10 dB at static location • “Over-Lapping” AP signal can become strongest
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Observed Client Effects (fluctuating cell size): • Constant jumping between strongest signals • APs web-interface, AirWave software • Large drop in “throughput” • “Timeouts” (pings, etc.) • Dropped connections • Re-association Delays: • Delays vary by type of client radio card • DU: VPN @ layer 3 (dropping, re-authentication)
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solutions (fluctuating cell size): • Client Laptop: install external “directional” antenna • Decrease AP transmit power • Not always possible – can introduce other coverage problems • IBM Built-in Laptop Tool: restricts connecting to AP by MAC address • Other tools available: dependent on wireless adapter • Need multiple profiles (“roaming” in other locations)
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • “b/g” Channel Interference from Rogue APs: • Clients in Ad Hoc (IBSS) mode (20-40 mW) • Students with personal APs • Bleed-Over Signals at perimeter of campus (nearby homes and businesses) • Rogue AP may not be “connected” into wired campus network port • Cannot use tools to identify down to wired port
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solutions (Channel Interference from Rogue APs): • Locate rogue equipment (YellowJacket – layer 1) • AUP violation if connected to network • Legality of interfering wireless not connected to network? • Interference from Homes/Businesses • Negotiate channel / transmit settings • Increase transmit power • Install directional antennas
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Immunity to Interference: • High Interference Locations with “b/g” APs: • 10-20% Packet Loss • “Timeouts” (pings, etc.) • Users complain of poor performance • Modulation: 802.11b (QPSK) vs. 802.11g (OFDM) • QPSK – less affected by interference than OFDM • OFDM-Modulated-Signal (Graph): • Signal fills more of channel than QPSK (more channel over-lap) • More evident modulation throughout entire channel than QPSK
802.11b (QPSK) Channel 5
802.11g (OFDM) Channel 5
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Solution of Last Resort (b/g locations): • Set AP to “b” only mode • Mitigates Interference problems • No more packet loss • Lower data rates, but improved throughput
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Device Proliferation in 2.4 GHz ISM Band: • 802.11b/g Devices: Laptops, PDAs, Phones, Video, etc. • Bluetooth Devices: Phones, PDAs, handhelds, audio/visual, mice, headsets, etc. etc.
Interference & Performance ProblemsISM 2.4 GHz Band (Cont.) • Bluetooth Interference: • FHSS: 1600 hops/second across entire ISM band • Affects all 11 (14) 802.11b/g channels • Power levels vary: 1mW, 10mW, 100mW • Received signal of -30 dBm considered “strong” • Effects Increase with Power & Proximity to other wireless devices • Distance of Bluetooth device from AP • Laptop with Bluetooth-mouse & 802.11b/g wireless radio
2.4 GHz FHSS Cordless Phone(15 ft. Away) • Ch. 5 (shaded) • Phone signal • FHSS • > -30dBm
2.4 GHz Wireless Video Transmitter(15 ft. from AP) • Ch. 6 • Both Signals • Video (darker) • ~Equal!
Bluetooth-Mouse(15 ft. Away) • Ch. 5 • FHSS • 15 ft. • Max. -50 dBm
Bluetooth-Mouse(1 ft. Away) • Ch. 5 • FHSS • 1 ft. • > -30 dBm!!!
Windows XP: Network Adapter Bridging Problem • Computer #1: • Running Windows XP; Wired & Wireless adapters • Typically a laptop • Ethernet NIC plugged in to “wired network port” • “Bridge” created between “wired” & “wireless” adapters • Manually (by user) or Automatically (Win-XP bug, patch available) • DHCP: IP addresses offered to both network adapters (normal) • DU: DHCP Server is Cisco Network Registrar (CNR) • DU: “Wireless” Adapters get 10.n.n.n address (“non-routable”) • Client is using the “wired Ethernet port” and is unaware the wireless adapter has “associated” with an AP
Windows XP: Network Adapter Bridging Problem • Computer #2: • On same wired subnet as computer #1 • Also running Windows XP & NIC plugged into “wired port” • Often a desktop computer without a Wireless radio adapter • Computer #2 Issues DHCP request through “wired adapter” • DHCP request gets picked up by Computer #1 and “bridged” out its Wireless Adapter • DHCP Servers answers the request “bridged” through Computer #1 and receives an incorrect “wireless address” (10.n.n.n) and cannot connect to network (wired-VLAN, ACL-blocked) • User calls Help Desk to complain about a network problem! • Computer #2 sometimes receives the correct address to really confuse the Help Desk
Windows XP Network Adapter Bridging Problem(Explanation) • “CHADDR” Field in DHCP Requests: • CHADDR Field gets populated with the MAC address from the network adapter of the computer actually issuing the DHCP request (not the computer “bridging the request”) • In a proper DHCP request the CHADDR MAC Address should be the same as the MAC Address of the Ethernet Frame carrying the request • In the problem case, the CHADDR MAC address comes from Computer #2, while the Ethernet Frame carrying the request comes from Computer #1
Windows XP Network Adapter Bridging Problem(Solution?) • Possible Solution:(from Cisco TAC) • Create a “Filter Expression” for CNR: • Filter: CHADDR Field MAC address must match MAC address of frame carrying DHCP request payload • DHCP Server (CNR) will Ignore requests not meeting the condition of the filter (but will respond to the correct request from Computer #2 that didn’t get picked up & bridged by Computer #1) • DU testing the solution now . . . Stay tuned!
Software Tools(Bluetooth Analysis) • “BlueWatch” • (from AirDefense, cost unknown) • OS: Windows & XP • Identifies type of interfering device • Displays key attributes, services supported, and with whom it connects
Software Tools(Bluetooth Analysis) • “BlueScanner” • (from Network Chemistry, freeware) • OS: Windows XP • Identifies type of interfering device • Displays key attributes, services supported, and with whom it connects • Provides Location information
Software Tools(Bluetooth Analysis) • “BlueSweep” • (from AirMagnet, Freeware) • OS: Windows XP SP2 • Capabilities: ?
Network Troubleshooting Tools(for laptops & PDAs) • Wireless Protocol Analyzers • “Sniffer Portable LAN Suite 4.8 SP1”: • (from Network General, ~$4500) • SW that runs on a Laptop • “AiroPeek NX 3.0”: • (from WildPackets, ~$3000) • SW for Laptop
Network Troubleshooting Tools(for laptops & PDAs) • Site Survey Analyzers: • “AirMagnet Surveyor Pro 2.6” (Laptop; ~$3200) • “Software Suite - Berkeley Varitronics” • “Hive”, “Site Initiator”, “Site Investigator” • ~$2500 for 3 software suite • YellowJacket hardware is ~$3200 • Plots results on AutoCad “floorplan”
Network Troubleshooting Tools(for laptops & PDAs) • Site Survey Analyzers: • “Ekahau Site Survey Pro 2.1”: • ~$3700 • SW runs on laptop • Allows predictions of RF coverage • Requires entry of construction data
Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “AirMagnet Laptop 6.0” (~$3500): • Runs on Windows laptop • Allows connecting to AP as a client • Channel Selectable Information: • # of Packets, # APs, power levels, etc. • Packet-capture & decoding • Rogue AP detection
Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “YellowJacket” (from Berk0Var 2.3 ~$3200): • Harware-Analyzer / IPaq tandem (HX2415 or HX4700) • Connects to PDA via FlashCard • Performs spectrum analysis • Cannot connect as “client” (monitor mode only) • Layer 1: Rogue AP detection & directional locator • Layer 2 “b/g” analysis: (beacons, probes, multi-path, etc.) • Channel Selectable Information: how busy, # APs, power levels, etc.
Network Troubleshooting Tools(for laptops & PDAs) • Wireless Performance & Security Analyzers: • “EtherScope Pro Network Assistant 2.0” • (from Fluke Networks, ~$8000) • HW device, build on Linux platform • Rogue AP detection • Channel Selectable Information: how busy, # APs, power levels, etc. • Authentication & Association analysis
Network Troubleshooting Tools(for laptops & PDAs) • Spectrum Analyzers: • “Bumblebee”Spectrum Analyzer: • (from Berkeley Varitronics; ~$2500) • Advanced handheld spectrum analyzer • HW & SW (“Pocket PC”) • Connects to PDA via FlashCard
Network Troubleshooting Tools(for laptops & PDAs) • Wi-Fi Power-Output Analyzers: • “Caterpillar” (from Berkeley Varitronics ~$750) • Hardware device • Detects power output in 2.4 & 5 GHz • Connects to “intentional radiator”
Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “NetStumbler” & “MiniStumbler” • Windows & XP: NetStumbler • Window Mobile: MiniStumbler • Both are Freeware • AP detection (SSID, channel, SNR) • Infrastructure or Ad Hoc mode information
Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “Kismet”: • OS: Runs on Linux • Freeware • AP detection (SSID, channel, SNR) • Infrastructure or Ad Hoc info • Packet decoding (beacons, probes, payloads) • Intrusion Detection
Network Troubleshooting Tools(for laptops & PDAs) • Freeware: • “Ethereal”: • OS: Runs on Windows & Linux • Freeware • Decode & Analysis of 802.11 header • Chipset must be in monitor/”promiscuous” mode • MS-Windows drivers do not allow monitor/”promiscuous” mode • Open Source drivers needed to enable monitor mode