fundamentals ofWi-Fi at

greenspring

By Bill Raymond, WC-514January 2016

1

The purpose of these slides is to help Residents understand the technical fundamentals of the Greenspring Wi-Fi system. The last two slides are a

Glossary of Wi-Fi terms that may be helpful to refer to as you read.Minor Update June 2017

SHORTCOMINGSINTRINSIC TO ALL WIFI

Particularly when the Access Point is way down the hall

2

Structural walls can be a really big problem

Particularly with the high speed 5GHz signal

SHORTCOMINGS INTRINSIC TO ALL WIFI3

Sharing an Access Point with your neighbor can be a burden

Usually the guy with Netflix

4SHORTCOMINGS INTRINSIC TO ALL WIFI

The Guest Network?

Or maybe it’s the Portal?

5SHORTCOMINGS INTRINSIC TO ALL WIFI

Guest

GSV-Resident

GSV-PortalEr

icks

on

5 GHz 5 GHz

5 GHz 5 GHz

5 GHz

5 GHz

5 GHz

5 GHz

2.4 GHz

2.4 GHz

2.4 GHz

2.4 GHz

Erickson has 623 Access Points deployed at Greenspring each with one 2.4 GHz transmitter and currently only one at 5 GHz transmitting.

Since Erickson boosted the 5 GHz power level fewer 5 GHz devices default to 2.4 GHz. Still, the higher losses of the 5 GHz make it’s signal so low in some areas 5 GHz capable devices still default to the 2.4 GHz.

A sample count of the number of devices connected was taken and at the time of the sample there were 994, b/g/n/bn devices connected to 2.4GHz and 411, (a/an/ac) devices connected to 5GHz.

Access Points(AP)

6

The AP’s connect to Power over Ethernet, (PoE), injectors in the ceiling via shielded LAN cables (Ethernet). These PoE injectors then connect to the ONTs (also over shielded LAN cables), which are also in clusters in the ceiling at regular intervals. The ONTs connect back to the OLT via fiber.The Controller, OLT and Core switch are in the Erickson Control room on the ground floor of Parkview next to the IT office. The Firewall and Data bank are integral to the Controller and Switch. The Erickson Network Administrator manages the Control room by remote.In the Erickson Connect system, devices cannot directly communicate with each other. Traffic between devices is routed through the Controller to locate and verify that the devices are in the same account. Portal devices must have their MAC ID in the Portal data base or they will be filtered out.

Network Configuration 7

FACTORS AFFECTING WI-FI SPEED

Distance from router- Obstacles such as thick walls weaken Wi-Fi signals and slow connection speeds, as will distance from the AP.Other networks around- An area with a large amount of different Wi-Fi networks may suffer from poor throughput because of all the conflicting transmissions. Bandwidth Sharing- We share our AP with roommates, neighbors, anyone in range using the same channel. If someone on your Wi-Fi network happens to be downloading or streaming, this could be a reason why your connection slows and even their internet activities could be affecting your speed too.Appliance interference- Microwave interference could be making your internet slow. Household appliances such as cordless phones, microwaves, and security camera operating on the same frequency as your AP and can slow down your Wi-Fi.

8

9

GSV Internet Connection

Information is broken into small "data packets" allowing many millions to use the Internet at any given time. Each packet contains a piece of the originating data, a sequence number as well as the Internet addresses for the originating and destination computers.The packets go to the ISP of the destination computer. All ISPs have a router of their own that will know the final route to the destination computer.

Full Duplex, Wired (bidirectional)Half Duplex Wi-Fi

(one at a time)

When packets arrive at the destination computer, that computer will reassemble the original data file using the sequence numbers and will verify that the packets are reassembled in the correct order requesting the retransmission of packets dropped along the journey.

To better understand the Internet go to the link on the Computer

Club web page How the Internet Works,

an Excellent Tutorial

10

A Wi-Fi, Client receives a Packet from the AP, verifies it is OK and then sends back an acknowledgement (ACK) saying the data was received successfully -- the ACK is received, the sending device begins sending its next chunk of data. Only one wireless device using the same channel and within the area of the AP will communicate at any given time so there is more protocol and overhead to make sure that devices are only communicating in turn. The need for ACKs in WiFi much reduces throughput, limits range & makes the transmitted power from the client as important as the AP transmitting power.

Half Duplex & Wi-Fi Throughput(throughput is the rate of successful message delivery)

AP

The Block ACK: Introduced with 802.11n, the block ACK acknowledges all packets it has received as opposed each packet being acknowledged. The Block ACK significantly reduces network overhead, improving network throughput.

11

New Network Configuration, July 2014• The original configuration made each resident to appear to be on a different LAN

from each other and from the SSID (e.g. GSV-Resident). This prevented file sharing and Bonjour services from working properly.

• The physical layout did not change. The major difference in the new configuration is that it uses Security Group Tags (SGT) to separate residence to residence traffic, but allows everyone to be on the same LAN as the one assigned to the SSID.

• The SSIDs and the security used to log in remained the same. The change from a client perspective, (computers, iPads, and other devices connected to the network) is the IP address scheme in that each resident account has a value assigned for the security tag.

• When connected to GSV-Resident or GSV-Portal, the wireless controller looks at your account, and inserts a tag in to the data packet based on a unique value assigned to the account. That packet then goes to the core switch that looks at the tag, and checks it against other traffic passing through the switch. If it sees another device with the same tag, it lets them talk to each other. If the tags do not match, the devices never see each other.

• It is a much cleaner system than dividing residents in to 1700 little networks to separate them from each other. Now we have 1 big network that is secured by the tags. Instead of each resident getting their own small IP range, each neighborhood now gets one large range to share. For example, neighborhood 1 gets the IP range of 10.104.176.1 - 10.104.191.254.

• Most residents did not need to do anything to connect to the new system. The IP addresses changed automatically on most devices.

12

• What is an IP Address?- 'IP' (Internet Protocol) is the method used for sending and receiving information over

the Internet. Any device that is required to communicate over the Internet is assigned an IP address, uniquely identifying it to other devices. It is usually written as a set of four numbers.

- The only address of any Greenspring device using the GSV-Resident/Portal LAN seen within the public Internet is 70.165.87.53. This is the IP address of the local server in the Erickson Connect Control Room. It is the only connection to the external internet.

• The Resident/Portal Router in the Control Room assigns Private IP Addresses to the devices within Greenspring

- Three ranges of IP numbers are reserved for the local or private IP addresses that identify a device on a local network isolated from the Internet by a router with Network Address Translation (NAT), a method of connecting multiple computers to the Internet using one IP address.

- The ranges are:10.xxx.xxx.xxx - 172.(16-31).xxx.xxx & 192.168.xxx.xxx and are behind a firewall and never used or seen on the public Internet

- At Greenspring, sub-ranges are used to uniquely identify devices on the LANs. For NH1 - 10.104.176.1 to 10.104.191.254, NH2 - 10.104.192.1 to 10.104.207.254 and NH3 - 10.104.208.1 to 10.104.223.254

- The Router to which your device communicates also has an IP address (e.g.10.104.191.1) and may also be cited in your device’s network data. There is a virtual router IP for each neighborhood

Your IP address at Greenspring

- IP = 70.165.87.53 IPs = 10.104.176.1 to 10.104.223.254

• The private IP assignments are dynamic. Dynamic Host Configuration Protocol (DHCP), the client/server protocol automatically provides an IP address. In DHCP the server owns all the addresses in the address pool, and each client leases an address from the server, usually only for a limited period of time.

• As long as your device is online around the time the lease expires, it can renew the lease for the same IP. Otherwise, if it is offline when the lease expires, and another device needs an IP during that period, your device will get a different IP the next time it joins the network.

• Leases keep the available range of IP addresses from getting cluttered and the database sizes stay manageable.The leases at Greenspring are set for 8 days. That allows devices that are fairly active on the network to keep their IP, but allow for clean up of devices that are no longer in use.

• Media Access Control address (MAC address) - not to be confused with an IP- The MAC address itself doesn't look anything like an IP address. The MAC address is a string of

six sets of two-digits or characters usually separated by colons, e.g.CC:66:AA:77:FF:09

- It is a unique identifier assigned to network interfaces given to a network adapter when it is manufactured and hardwired or hard-coded onto a devices network interface card (NIC). If a device has two network interface points (Ethernet and Wi-Fi) each has a unique MAC Address

- MAC addresses never change, as opposed to a IP address, which can change from time to time.

IP Address at Greenspring - Continued

14

• The only real difference in terms of security and performance between Resident and Portal is the encrypted Wi-Fi signal

• Resident and Portal share the same subnets and firewall NAT address (70.165.87.53). They share the same network but use different authentication methods.

• Once the device has authenticated and the switches process the Security Group Tags (SGT), the firewall doesn’t care if it is a resident or portal device. It treats traffic from either SSID the same way.

• The controller and firewall treats Guest traffic differently. Guest traffic is partitioned off from the Resident and Portal subnets, so it has it’s own interface. That’s why the NAT address is different from Resident/Portal.

GSV-Portal vs. GSV-Resident

15IEEE 802.11 Standards The Evolution of Wi-Fi

802.11protocol Release Freq.

(GHz)Bandwidth

(MHz)Data rate per stream

(Mbit/s)[7]Allowable

MIMO streams

— Jun 1997 2.4 20 1, 2 1

a Sep 19995

20 6, 9, 12, 18, 24, 36, 48, 54 13.7

b Sep 1999 2.4 20 1, 2, 5.5, 11 1

g Jun 2003 2.4 20 6, 9, 12, 18, 24, 36, 48, 54 1

n Oct 2009 2.4/520 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65, 72.2

440 15, 30, 45, 60, 90, 120, 135, 150

ac Dec 2012 5

20 up to 87.6

840 up to 20080 up to 433.3160 up to 866.7

ad ~Feb 2014 2.4/5/60 up to 6912 (6.75Gb/s)

16

MIMO & Spatial Steams MIMO, Multiple Input, Multiple Output), technology introduced with 802.11n allows for multiple antennas in a device to create multiple data streams thus increasing throughput. Spatial multiplexing doubles, triples, or quadruples the data rate depending on the number of transmit antennas. Older devices

may not have the multiple antenna needed to take advantage of MIMO.

802.11 Classic Transmitter. Only one data stream is sent from the transmitter to the receiver (the orange line)

Spatial Multiplexing - Two Streams (orange and blue)

Power Level AdjustmentsThe Erickson Team made the first pass of power changes in November 2014. Most 5GHz radios have been boosted to maximum power. Some areas needed to have a higher power level for 2.4GHz than others due to obstructions. They have tried to strike a balance between providing a stronger 5GHz experience for newer clients versus not shutting out the older adapters - a tricky task.

Power Levels look good on my iMac.The levels do move around a few dB but remain pretty well balanced. All my iPads and computers now auto connect to the 5 GHz signal. The iPads get 20 to 35 Mbps download speed depending on their location in the apartment. My new iMac which is in a good location and has the latest WiFi adapter gets over 100 Mbps download speeds when connected to 5GHz.

Power level adjustment are complete. Many residents may not notice a change unless they regularly measure Internet speed. If they see any change in performance it should be for the better.

17

802.11ac Temporary Workaround -Changes in AP Configuration September 29, 2014-

18

• There are two 5GHz radios in the Cisco AP, the 2nd of which was turned off • The remaining 5GHz radio now transmits with 40 MHz bandwidth vs 20 MHz doubling the throughput • Reason: The AP’s 2nd radio is in the 802.11ac adapter which was added to implement the latest WiFi

technology. This dual radio design is not compatible with some 802.11ac equipped clients.• Cisco is working the problem but in the mean time Erickson IT implemented these changes • Changes will not affect most residents. There is no negative impact on anyone• 802.11ac clients are backward compatible and will benefit from the 40 MHz bandwidth as will all those

connected to the 5GHz signal particularly the WUMC710 Bridges

Before

After

BonjourBonjour is invisible software that we use without knowing it. Bonjour is what locates your network printer and backup drive and allows you to connect to them. It is built into the Base Station and all the operating systems. All non-Internet network functions depend on Bonjour. Windows has a similar system and Apple provides a Bonjour service for Microsoft Windows PCs. Erickson has incorporated Bonjour features into their WiFi system

The Bonjour protocol allows devices on a network to access and advertise specific applications such as: Printing Services File Sharing Services Remote Desktop Services iTunes File Sharing iTunes Wireless iDevice Syncing (in Apple iOS v5.0+) Music broadcasting in iOS Video broadcasting in iOS Full screen mirroring in iOS v5.0+ (iPad2, iPhone4S, or later)

19

The Bonjour IssueAlthough not accessible, devices belonging to others are also

advertised on your computer. I usually see 90 to 100 on my iMac.This is disconcerting but has not caused problems.

20

21

In the Erickson Connect system devices cannot directly communicate with each other. Traffic between devices is routed with many hops to the Controller to locate and verify that the devices are in the same account. Portal devices must have their MAC ID in the Portal data base or they will be filtered out.Accessible in any campus building

In a Home network all devices directly communicate to each other through the Base Station/Router. A file directed to “My Desktop” from the Macbook Air travels to the Base station and that routes it directly to My Desktop in one hop.Accessible only within range of the Base Station

Is it equal to or better than??

Modulation and Coding Scheme (MCS) Index ValuesThe MCS index value list gives every combination of "number of spatial streams + modulation type + coding rate" that is possible.  The MCS data rate is the 'over the air' data rate of a link not usable throughput.

MCS INDEX VALUE: Unique reference for the combination of "spatial streams + modulation type + coding rate”. The Greenspring Access Points support up to index 23SPATIAL STREAMS: Using MiMo technology it is possible currently to run up to 4 spatial streams. Later revisions of 802.11ac will allow up to 8 spatial streams.MODULATION TYPE: The method by which data is communicated through the air. The more complex the modulation, the higher the data rate. More complex modulations require better conditions such as less interference and a good line of sight. The Greenspring AP’s support all types and let the client select the best one it can supportCODING RATE: Indicates how much of the data stream is used to transmit usable data expressed as a fraction with the most efficient rate being 5/6 or 83.3% It is negotiated by the client.GUARD INTERVAL: A very short pause between packet transmission to allow for false information to be ignored. Longer Guard Intervals make for more reliable wireless. The 2.4GHz is set to short, and 5GHz supports both short and long guard intervals with long being the defaultCHANNEL WIDTH: This is how much of the channel is being used, the maximum being 40MHz. The table shows values for 20MHz and 40MHz

not available at Greenspring

The maximum MCS Index of 23 is achievable as the screen shot from a late 2014 iMac illustrates. This iMac is equipped for 802.11ac with 3 stream MIMO, 64-QAM Modulation and it is

on the 40 MHz 5 GHz channel.The Wi-Fi connection data shows an “over the air” Tx rate of 450 Mbps. The actual throughput measured

234.68 Mbps as shown below

S/N was very good to excellent during these tests. MCS index and data rates will be lower in a

less favorable environment

802.11 Wi-Fi Channels 24

The 2.4 GHz Band

The 5 GHz Band

Glossary of Wi-Fi Terms for Greenspring• Access Point: A wireless access point (AP) is a device that allows wireless devices to connect to a wired network

using Wi-Fi. In our previous Home Network that we connected to an AEITY cable modem we referred to our AP as a wireless router. Our AP’s are now located on the ceiling in the hallways and provide access to the Internet via the fiber optic cable of the PON. There are currently 623 AP’s deployed at Greenspring each with one 2.4 GHz and two 5GHz transmitters.

• LAN vs. WAN: A network of Computers and Devices within our home is called a Local Area Network(LAN). A LAN must connects to a Wide Area Network(WAN) to access the Internet.

• The Greenspring LAN’s: The Wi-Fi networks at Greenspring are also LAN’s. There are four of them, Erickson, Guest, GSV-Resident and GSV-Portal. At Greenspring devices connected to GSV-Resident are on the same LAN but isolated from each other by the assigned user name and password required by the encrypted Enterprise security system. The LAN’s connect to a WAN to access the Internet from Cox.

• SSID: The Name of the network or SSID (Service Set Identifier). e.g. GSV-Resident.• BSSID: (Basic Service Set Identifier) The MAC address of the wireless router or access point. An SSID can have

multiple BSSID’s. For instance the SSID GSV-Residents has 2 BSSID(s), one for the 5 GHz channel and one for the 2.4 GHz channel. The BSSID(s) are not visible to the user without special software.

• MAC Address: A MAC (Media Access Control) address, sometimes referred to as a hardware address or physical address, is an ID code that's assigned to a network adapter or any device with built-in networking capability, such as a wireless printer. A device may have more than one network interface. Each interface has a unique MAC ID.

• IP Address: An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network and serves two principal functions: host or network interface identification and location addressing. (Like a Telephone number)!

• Signal Strength (RSSI): The current Received Signal Strength Indication (RSSI) of the wireless network expressed as dBm. (dBm = decibels relative to one milliwatt e.g. -10 dBm is 10 dB less than 1 mw or 0.1 mw)

• Noise: The current background noise level as dBm.• SNR: The signal-to-noise ratio (SNR) of the wireless network as dB. The greater the SNR, the better the signal

quality of the wireless network. It is the difference between the signal strength in dBm and the noise in dBm and is the primary factor in determining signal quality and network speed.

25

• Band: The frequency band of the wireless network, 2.4 or 5 GHz.• Bonding: A practice in which adjacent channels within a given frequency band are combined to increase channel

width and throughput. Bonding of 2 channels is allowed in 802,11n mode, 4 and 8 channels in 802.11ac.• Width: The basic channel width is 20 MHz. It can be 40, 80 or 160 MHz width with bonding.• Wi-Fi Mode: Also referred to as a Wi-Fi protocol are the mode (or modes) supported by the access point. It can be

a, b, g, n, ac or a combination of them if multiple modes are supported.• Streams: The number of spatial streams supported. Assuming a clear signal, a two spatial stream link will achieve

twice the throughput of a single spatial stream in the same channel.• Throughput: The rate of successful message delivery over a channel• Security: The security mode of the wireless network. If blank the network is open (unencrypted). The GSV WiFi

system uses WPA2, strong encryption.• Channel: The Wi-Fi channel currently selected for the wireless network. 1 to 11 in the 2.4 GHz Band and 36 to

161 in the 5 GHz Band. In practice only channel 1, 6 and 11 are used in the 2.4 GHz band.! Channels 36, 40, 44, & 48 are now being used at Greenspring because the power level constrain has been removed.

• Two Modes of WPA/WPA2: Personal (PSK) versus Enterprise (802.1x)• Personal or Pre-Shared Key (PSK) Mode: This mode is appropriate for most home networks—but not

business networks. Unlike with the Enterprise mode, wireless access can't be individually or centrally managed. One passphrase applies to all users. If the global passphrase should need to be changed,it must be manually changed on all the AP’s and computers.

• Enterprise (EAP/RADIUS) Mode (the GSV-Resident WLAN): This mode provides the security needed for wireless networks in business environments. Though more complicated to set up, it offers individualized and centralized control over access to the Wi-Fi network. Users are assigned login credentials they must present when connecting to the network, which can be modified or revoked by administrators at anytime. Users never deal with the actual encryption keys. They are securely created and assigned per user session in the background after a user presents their login credentials. Devices like Roku, Apple TV and wireless printers cannot connect to Enterprise Security. In order to provide connection for such devices the unencrypted GSV- Portal network was devised.

Glossary continued26