802.11n | HT Operations #CWAP10

The blog post will cover the topics related to High Throughput Throughput technologies in conjunction with the exam objectives laid down for CWAP-403 exam. 802.11 Frame Exchanges cover 25% of the knowledge domain required for the exam. Analysing HT & VHT transmission methods are one of the sub topics under this section. I will be focusing on the HT/802.11n type in this blog, apparently it has gone a little longer than i thought. There are certain section which might take further reading from 802.11n Survival Guide if you are keen.

802.11n ~ High Throughput

•  Ratified Sep 2009
• Clause 20 technology, backward compatible with HR-DSSS (Clause 18), OFDM (Clause 17).
• Can be used for both 2.4GHz & 5GHz bands.

MIMO Enhancements

• Transmit Beamforming (TxBF) – Tx(Transmitter) Radios multiple antenna can transmit in the best direction of the Rx (Receiver).
• Spatial Multiplexing (SM) – Tx multiple radios at the same time with each unique stream containing different data.
• Space-Time Block Coding(STBC) – Transmitting redundant copies of data stream from different antenna thereby increasing the signal quality.
• Antenna Selection (ASEL) – Increase signal diversity by dynamic selection of antennas.

Spatial Multiplexing

• Takes advantage of multipath (when signal tends to reflect, scatter, diffract or refract).
• Multiple streams follow different paths to the receiver because of the space between the transmitting antenna is known as spatial diversity and is also called as spatial multiplexing.
• When using SM, both Tx and Rx should participate and be MIMO systems.

HT Channels

• Use 20 MHz OFDM channels.(NON-HT)
  • Each 20MHz OFDM channel contains 64 subcarriers which are each 312.5 KHz wide and can be separately modulated.
  • First 6 & Last 5 sub carriers are null as they act like guard band for the channel + center subcarrier is also null. This leaves 52 subcarriers.
  • Out of 52, 48 transmit data while 4 used in dynamic calibration between Tx and Rx.
• 20MHz OFDM channels (HT)
  • Each 20MHz OFDM channel has 56 subcarriers, 52 transmit data, 4 are used for calibration between Tx and Rx.
• 40 MHz Channels
  • Use 114 OFDM subcarriers, 108 transmit data, 6  are used for calibration.
  • A 40MHz channel doubles the frequency bandwidth available for transmission of the data.
  • A 40MHz channel used by HT radios essentially 2x 20MHz OFDM channels bonded together.

Modulation and Coding Scheme (MCS Index)

• Value that describes the number of spatial streams, modulations (BPSK, QPSK, 16-QAM or 64-QAM and further) and error correction code used in Tx.
• 802.11n supports equal modulation, in which all SS are transmitted in same manner, and unequal modulation, in which the spatial streams may be modulated differently.
• 802.11n defines 77 different combinations of modulation and coding.
• There are 8 mandatory MCS for 20 MHz HT channels.

Guard Interval (GI)

• The GI is the space between the symbols being transmitted.
• May be confused with IFS, the GI is there to eliminated inter-symbol interference where is referred to as ISI.
• ISI happens when echoes from one symbol interfere with another.
• A good rule of thumb specifies that GI should be 4x the highest multipath delay spread. When 802.11a was designed, designers used conservative value of 200ns for the delay speed, and choose to make the GI 800ns.

HT PHY

I’ve discussed this topic in details under this blog post.

Wi-Fi Alliance

• Before the 802.11n amendment was ratified, the HT technology was already being certified and sold. The Wi-Fi alliance had developed a vendor certification program called Wi-Fi CERTIFIED 802.11n draft 2.0. The Cert Program as name suggested, certified products against the amendment. Draft 2.0 supports a max data rate of 300Mbps which is half max data rate specified in ratified document.
• Details about the Wi-Fi certified “n” features can be found here

HT Control Field

• The 802.11n amendment adds a new field in 802.11 MAC header, called the HT Control Field. It is 4 octets long and follows QoS control field in 802.11 MAC header.
• Any MPDU that contains an HT control field is referred to as +HTC MPDU.

The Order Bit – The 802.11n amendment uses the existing but relatively unused order bit in the Frame Control field of the MAC header to indicate the presence of an HT Control Field in QoS data & management frames. Original purpose of this bit was to indicate that data muse be sent using a strict ordered class of service.

Control Wrapper Frame – is/are described using the carried frame name + HTC, for example RTS+HTC or CTS+HTC

HT Control Field Format – figure below shows the format of HT Control field. (Honestly some of the stuff went way over my head but might have to figure this out by looking at a few pcaps & studying them :|)

Link Adaptation Control (16 bits)

• TRQ – Training Request > Set to 1 to request the responder to transmit a sounding PPDU. Set to 0 to indicate that the responder is not requested to transmit a sounding PPDU.
• MAI (MCS Request (MRQ) or ASEL Indicator) – When set to “14”, it is an ASEL indicater which indicates that you would interpret the MFB/ASELC subfield as an ASEL command.
• MFSI – MCS Feedback Sequence Identifier- A MCS Feedback (MFB) frame is sent in response to a MCS Request.
• MFB/ASELC – MCS feedback and Antenna Selection Command -When ASEL indicator is present, the MFB/ASELC subfield interpreted as ASELC subfield. Otherwise it is interpreted as MFB subfield. A value of 127 indicates that no feedback is present

Calibration Position (2 bits)

• Set to 0 indicates this is not a calibration frame.
• Set to 1 indicates calibration start.
• Set to 2 indicates sounding response.
• Set to 3 indicates sounding complete.

Calibration Sequence – Each of the four packets within the calibration exchange will have the same sequence number.

CSI/Steering – When using sounding frames to transmit feedback about the channel, the Channel State
Information (CSI)/Steering subfield identifies the type of feedback being used.

NDP Announcement – indicates that an NDP will be transmitted after the frame. It is set to 1 to indicate that an NDP will follow; otherwise, it is set to 0. NDP are used to send sounding PPDU when no other data needs to be transmitted. If a frame transmitted that require an immediate response and also has the TRQ=1 (request for sounding PPDU) then receiver can either transmit the MPDU response withing a sounding PPDU or send the response MPDU with the NDP Announcement bit set to 1, indicating that NDP will be transmitted following the current PPDU.

Reverse Direction Protocol – 802.11n amendment which improves the efficiency of data transfer between STAs.

HT Action Frames & Information Elements

Information Elements

HT Capabilities, HT Operations, 20/40 BSS Coexistence & Overlapping BSS Scan Parameters,

HT Capabilities Element

• Can be seen in Beacon, Probe Req/Response, Association Req/Response & Reassoc Req/Response.
• You can figure out the MCS values supported by the 802.11n AP from this section in the pcap.
• Determine A-MPDU parameters

HT Operation Element

• STA operation within an HT BSS environment.
• Found in Beacon, Reassociation Response, and Probe Response frames transmitted by an AP.

HT information elements

• Primary Channel, Secondary Channel Offset and STA channel width.
  – When the Supported Channel Width Set subfield is equal to 1(as in above), indicating a 20/40 MHz BSS, then the Primary Channel field indicates the primary channel number.
  – Secondary Channel – Directly above or below the primary channel.
  
• Protection Mechanisms – To ensure backward compatibility with older 802.11 a/b/g radios, an HT access point will operate in one of four protection modes. 00 in above pcap example.
  
• RIFS mode – The 802.11e QoS amendment introduced the capability for a transmitting radio to send a burst of frames during a transmit opportunity (TXOP). (prohibited in above pcap case).

• Basic MCS Set – Last in Operations element, similar to MCS set field in HT Capabilities Element.

For Further Reading

• 802.11n Survival Guide
• 802.11n Reading
• Rasika’s Blog