Title: On operation of 802.11 wireless network services Author(s): Masafumi OE (masa@fumi.org) Date: 9/1/2004 --------------------------------------------------------------------- WIDE draft Masafumi OE wide-draft-wlanops-ops80211net-03.txt ADAC, NAOJ Dec 16, 2003 On operation of 802.11 wireless network services - lessons from IETF54 Yokohama and WIDE meeting - 1. Introduction This document describes several techniques to provide a wireless network environment based on 802.11 families in conferences where a large number (order of 1,000) of participants get together. It is possible that various types of problems could raise in the operation of such an environment. To prevent the problems, there are three key elements in the wireless infrastructure with high performance access points (wireless base stations), monitoring a statistics of access points, and operating a wireless node tracking system. The rest of this document is organized as follows. Section 2 describes the problems observed in the past wireless environments. Section 3 describes the solutions for the problems. Section 4 shows about past wireless operations, Section 5 give conclusions. 2. Problems in wireless network operation This section describes the problems observed in the operation of wireless networking environment in a couple of meeting, IETF Yokohama meeting and 2003 WIDE Project autumn meeting. 2.1 Access points overloaded An access point can be overloaded when too many nodes connect (associate) with it. Under the overloaded state, the access point does not work correctly. Some access points at IETF Yokohama lost packets and halted. In this case, it is necesseary to perform power cycle them. The maximum capacity of association nodes depend on each product and vender usually provide no information about it. We measured packet loss ratio regarding to the number of associated nodes with Cisco Aironet 1220B (IOS version) in Sep. 2003. About 3% of packet drop was observed when the number of association nodes reached about 140 nodes. The packet loss rate depends on the traffic volume and the performance of access point. Thus, on planning a wireless network environment, it is necessary to provide a single access point for 140 nodes or less based on Cisco Aironet 1220B. In most countries, there are three independent channels (interference-free channels) on open space for 802.11 environment. Thus, about 420 nodes in a space can be considered as the upper bound. The most serious case was halt (or self-reset) of an access point according to overload. In this case, all nodes associated with the halted access point re-associates other available access points. This likely cause the access points around the halted access point overloaded as well. More worse the sequence of such events could cause avalanche of the crash of access points and this phenomenon happens repeatedly. 2.2 Countermeasures for troublesome nodes When an unofficial DHCP server or an RA server that has bogus configurations connects to a wireless network, the wireless network may have connectivity trouble. If it is the wired connection, we are easy to find the topology of the troublesome node by tracking the switches and the cables. After disabling a switch port or pulling out the cable, we can warn the owner of the node. On the other hand, in a wireless environment, we are able to locate the access point associated with the troublesome node. But it is difficult to detect its location. Thus, we should operate a node authentication system for shutting out such troublesome nodes. Section 3 describes this system developed and operated on IETF Yokohama and WIDE meeting. 2.3. Radio resource issue It is possible that radio signals from different access points interfere together according to the position of the access point and the structure of the building. The coverage of an access point varies according to the structure of the building, the type of antenna, the type of frequency band, and other factors. Therefore, adjusting the position of each access point might be necessary after the logical design is defined. In the next chapter, the solution of these problems for operating a stable wireless network is described. 3. Solution 3.1 Access point requirements It is important to select high performance access points that have capability for SNMP management and RADIUS authentication to manage. You should not use a consumer-class cheap wireless access points because they do not work well under a heavy load condition in most cases. Most of the consumer-class products assume that the number of the wireless clients is about 40 or less. Following access points works well under the heavy load condition with a good performance. *Cisco Aironet 1200 series Capable for 802.11a and 11b, dual band operation. Performance is nice Works stably under under a heavy load condition. It is possible to map the traffic to 802.1Q Vlan based on ESSID Number of association nodes can be limited SNMP Management/ RADIUS Client capable 802.11g support. *AVAYA (Lucent) AP-2(AP-2000) series Capable for 802.11a and 11b(dual band) SNMP Management/ RADIUS Client capable Best choice is Cisco Aironet1200 dual band model (Aironet 1220B) at this moment. It is possible to define a maximum number of association nodes. This function is useful for preventing from the overloaded condition. AP-2 and AP-1000 were used on the IETF Yokohama meeting and are not flagship products now. AP-2 and AP-1000 have no functionality to limit the number of associated station. It was rather unstable, sometime rebooted or halted under such a condition where more than 100 nodes associate with it. It was difficult to prevent from the overload state with AP-2 and AP-1000. It is also worth to note that a Aironet1200 access point with older firmware could halt or self-reset in the plenary session at IETF Yokohama. It is effective to operate both of 802.11a and 11b in an access point to increase the wireless capacity in a limited space. They use different radio frequency and are not interfere together. Recently some models of laptop computers are equipped with 802.11a and 802.11b combo (Dual-Band) wireless interfaces. In the experience of WIDE 2003 autumn meeting, the number of 802.11a nodes were only about 10% of entire access nodes. It should also be kept in mind that the frequency ranges for 802.11a varies country by country and might have interoperability problem in an internal etwork workshop. 3.2 Position designing 11 channels are defined for 802.11b by FCC. Neighboring channels overlaps the bandwidth and can not be used in the same service area. Suggested channel allocation is to use only channel 1, 6, and 11 only. We must design position of access points regarding to these three channels. On the other hand, 802.11a has four independent channels, such as 34, 38, 42, and 46. A design point is number of stations in a room is fixed by capacity of room. (You assign one access point per 140 persons.) Access point conferring outside a conference room (lobby and restaurant, etc.) can be installed in sparsely. The coverage area of public space is wide due to reflection of radio wave and leaking radio wave from conference rooms. It is difficult to fix positions of each access points with theoretically. You should check radio wave statics, such as interferences between same channels, coverage area, connectivity and so on, and add, remove or modify posion of its on the site. The base station is set up at the height of about 2 meter or more to prevent radio wave from obstructions. Power of the radio wave from an access point weakens by obstructions (for example, persons and chairs and partitions, etc.). Especially, if you operate 802.11a access points, it is highly recommended. 5.2GHz in 802.11a is more weak for obstructions then 2.4GHz in 802.11b. 3.3 Configuration and Operation You should separate wireless network segment and wired network segment to protect multicast/broadcast storm and worm traffic coming from wired network with a high bandwidth. Also, you allocate same network address for a wireless network to enable seamless handover between access points. (At IETF Yokohama, we assigned /22 network address as IPv4 for wireless segment. Participants could use same IP address in any area including the hotel.) Also, It is better to operate monitoring system for the number of association nodes on each base station from SNMP management function. An access point provides association statics via SNMP private MIB function. The private MIB information is provided by vender. An access point has MAC authentication function. It is association node's MAC Address authenticates with RADIUS server. This function can work to shut out troublesome nodes from a wireless network. Also, you can track paths of the node from the RADIUS authentication log. You add a troublesome node's MAC address to deny list on RADIUS. Then all access points shut it out from wireless network. You should download the access point configuration and prepare stand-by access points for avoiding down time. Also you prepare a laptop PC with "Network Stumbler" which is useful to track a wireless node for trouble shooting. (Network Stumbler is free-ware and a powerful wireless network analyzer.) We are releasing a wireless operation tool. This tool is a full functionality with Cisco Aironet 1220B and can solve the issues. Supporting function is as follows. - Shut out and tracking wireless nodes. - Counting and collection nodes' MAC address - Visualization of association nodes at each access point. 4. Examples 4.1 IETF Yokohama meeting Maximum number of unique MAC nodes was more than a thousand nodes. Also, maximum number of nodes per room was about 450 nodes at the plenary session. We used two Pentium III PCs with FreeBSD 4 to run our wireless tool that is support RADIUS and SNMP operation. We operated AVAYA AP-3, Lucent AP-1000 and Cisco Aironet 1200(VxWorks Version) as access point. Three or two 802.11b access points were operated at each conference room. In the plenary session we operated three access points and one extra access point with 14ch that is authorized in Japan only . We used a circuit switching infrastructure in the hotel with xDSL technology as getting last one mile connectivity. We installed two wireless access points to each floor's EPS and loft via xDSL over telephone line to provide wireless connectivity for hotel vistors. 4.2 WIDE 2003 Autumn meeting Maximum number of unique MAC nodes was about 320 nodes. We operated a dual band access point with Cisco 1220B(IOS version). We used two Pentium 4 PCs with FreeBSD to run our wireless tool. One or two access points were mounted each conference room. When a Coverage area of 11a and 11b was same area under dual band access point mounted at high position(over 2M), We tested 802.11g and 11b dual band access point. As result, 802.11g was bad effect to wireless performance of 802.11b. You should not operate 802.11g to provide a wireless network environment in conferences where a large number (order of 1,000) of participants get together. All of the MS blaster nodes were shut out by RADIUS function. Cisco 1220 did not drop packets until association of nodes was more than 120 nodes. 4. Conclusion Wireless media is a best choice to reducing both developing cost of infrastructure and connectivity cost at a client. A difficulty point of wireless network operation is It is difficult to clear the problems with wireless operation before starting. It will be clear after a large number (order of 1,000) of participants use together. Therefore, preparing high performance access points, monitoring static of wireless network and readiness for the emergency response to any troubles are very important. X. Author information If you have any questions and comment, please send me. Masafumi OE / Astronomical Data Analysis Center, National Astronomical Observatory of Japan 2-21-1 Osawa, Mitaka-City, Tokyo. 181-8588, JAPAN Phone: +81-422-34-3565 Fax : +81-422-34-3840 Y. Copyright notice Copyright (C) WIDE Project (2004). All Rights Reserved.