2011_MTSC_IW by pengxuebo


									2011 MTSC IW Presentation
2011 MTSC IW Presentation

 What’s new this year?
 Turbo Roaming with security
 Higher Throughput with IEEE 802.11n
 VPN and GuaranLink for the OnCell
 Wifi Antenna Installation

What’s New This Year?

   IW 2010 Product Overview

The AWK series

 AWK-3131/4131
  • New 802.11n standard

 Wireless Controller WAC-1001
  • 50 ms turbo roaming with security

The OnCell Series

 VPN implementation
  • VPN Client on OnCell 5004 series and OnCell G3100

 GuarenLink
  • Solution to any disconnection issue caused by the ISP.

Turbo Roaming with Security

    50 ms roaming with WPA/WPA2

The Evolution of Roaming

 500 ms without security
  • AWK-3121/4121
 100 ms without security
  • AWK-3121/4121/5222/6222
 50 ms with WPA/WPA2 security
  • AWK-3121/4121/5222/6222

50 ms Roaming

 Wireless controller makes decision to roam.
 Roaming decision based on Client’s RSSI as
  seen from the AP.
 Capability to setup roaming domain
Test Setup Network Diagram

Higher Throughput

    IEEE 802.11n

802.11n History

 802.11b/a  1999

 802.11g  2003

 802.11n-draft  2007

 802.11n- official release  2009

802.11 a/b/g/n Spec

          What’s MIMO?

1. What’s MIMO?
2. MIMO Type
3. 802.11n Data Rate
4. How to get HT data rate?
5. What’s special about 802.11n?






802.11n data rate

How to provide HT data rate?

 For Example

802.11n 2 x 2   HT40                 --   Max rate=300Mbps

802.11a/g Bandwidth 20MHz            --   Max rate=54Mbps

Add Bandwidth from 20MHz to 40MHz --54Mbps x 2 = 108Mbps

Add Antenna from 1 to 2                  --108Mbps x2 = 216Mbps

      216Mbps < Max Rate
HT20 for Single Antenna Data Rate

 HT20 Add Sub-Carrier Number From 48 to 52

802.11g Max Data rate 54 Mbps
54 ÷ 48 = 1.125Mbps per Sub-carrier
1.125Mbps x 52 = 58.5Mbps--- >add 8.333% for 802.11n

 Enhancement Coding Rate From 3/4 to 5/6

Coding rate from ¾ to 5/6,Can be get 65Mbps

 Reduce Guard Interval From 800ns to 400ns

Short Guard interval add data rate from 65Mbps to 72.2Mbps

 HT40 for Single Antenna Data Rate

 HT40 add Sub-Carrier Number From 52 to 108

Add Bandwidth from HT20 to HT40 ---     150Mbps

802.11n 2 x 2 = 150Mbps x 2 = 300 Mbps
802.11n 3 x 3 = 150Mbps x 3 = 450 Mbps
802.11n 4 x 4 = 150Mbps x 4 = 600 Mbps

What’s different about 802.11n ?

 Beam-forming
 Diversity
 Short Guard Interval
 40MHz Channel Bandwidth
 Greenfield and Mixed mode
 Frame Aggregation

  Space Division Multiplexing (SDM)

   The technique of transmitting data via parallel channels over multiple
antennas to create different data paths is called space division multiplexing.


Beamforming can improve the throughput when further away form the
            AP, but cannot increase the coverage area

Antenna Diversity

   Use multiple antennas to improve coverage area and

Short Guard Interval

   Shortening the guard interval can improve throughput, but
         intersymbol interference will degrade the SNR

40MHz Channel Bandwidth

  An increase of bandwidth from 20MHz to 40MHz can double the
 data rate but will reduce the available channels for other devices.

Greenfield and Mixed mode

Greenfield is for all 802.11n compatible devices. Mixed mode is when
                 802.11a/b/g devices are also present.

Frame Aggregation

   Data can be combined into larger frames to save header

Wifi Antenna Installation

The Omni-Directional Antenna

The Directional Antenna

Basic Antenna Spec Example

 Technical information
  • Frequency:2400 - 2500MHz
  • Gain:12 dBi
  • Polarization:Vertical
  • Beamwidth deg vertical & horizontal:
  • VSWR:≦1.5:1
  • Impedance:50 Ohm
 Dimensions
  • Length:H1500㎜
  • Weight:850 g
  • Connector:N-type / female

Antenna Gain Comparison

 Higher gain means stronger (both) sent and
  received signals; check the relevant
  regulations in your country

            Antenna Type           Gain Range
            Omni Antenna            2~12dBi
        Semi-Directive Antenna      5~18dBi
          High Gain Antenna         20~40dBi

Deployment Consideration

 Matching polarity on both sides
 Power Budget – Enough Gain? Low loss?
 Free space loss – is the distance achievable?
 Site Survey – Use Network Stumbler
 Antenna height
 Antenna alignment (pointing direction)
  • Jperf or Chariot is useful!
  • Use GPS and compass for tuning angle
  • Check RSSI, bit rate, noise level, throughput…

Antenna Polarity

  Polarity must match (vertical or horizontal)

       Power Budget

                               + Antenna Gain                    + Antenna Gain

                                              - Path Loss over link
RF Cable                         Antenna      distance                 Antenna                        RF Cable

                               - LOSS                       - LOSS
                               Cable/connectors             Cable/connectors
        Lightning Protector                                                       Lightning Protector

           pigtail cable                                                              pigtail cable

  AP                       + Transmit Power                                                             Client

                           RSL (receive signal level) > sensitivity + Fade Margin                WP II
       WP II

New OnCell Features

    VPN & GuaranLink

     Basic IPSec Operation
   Step 1: Interesting traffic initiates IPsec. What this means in practical terms: it takes some interesting traffic to get the
    router to try to do IPsec. This is good, since you don't want idle routers maintaining a Security Association (SA) -- that
    takes work!
   Step 2: IKE Phase 1: set up IKE SA. For routers to get started doing IPsec, they first need to negotiate and agree on
    how to do IKE. There are several choices, and they have to agree on something or Step 2 fails. This roughly
    corresponds to agreeing as to how securely the devices are going to be, about how they exchange keys. Part of IKE is
    mutual authentication, and there are several choices for this: pre-shared key, encrypted RSA nonces, RSA or DSS
    signatures, Certificate Authority (CA). For now, please content yourself with recognizing that these names all represent
    authentication techniques, in order of increasing security.
   Step 3: IKE Phase 2: set up IPsec SA. Once the IPsec devices form the IKE SA, they negotiate an IPsec SA. As we'll
    see (below), there are several IPsec choices the devices need to agree upon. And while they're at it, they also need to
    come up with a shared DES or 3DES key.
   Step 4: Data transfer. Once all this work is done, data can flow. Interesting traffic matching the access list (Step 1) gets
    encrypted. By the way, the access list also tells the router what traffic to decrypt. The best thing to do is to be precise
    about which hosts or subnets are on each end (senders and receivers). If you don't know which subnets are where, this
    is rather hopeless. If you have a well-thought out addressing scheme and network design, particularly one using
    summarizable blocks of subnets for routing, then you'll find the access list much, much easier to write! Another tip: since
    encryption should be thought of as costly, not encrypting traffic that doesn't require encryption is a Best Practice.
   Step 5: IPsec terminates. IPsec terminates because of SA lifetime timeout, or because the SA lifetime packet byte
    counter was exceeded. The idea here is that if your TCP connection is done, there's no point to maintaining IPsec state.
    Lifetime and packet byte count matter because all codes can be cracked, the key question is how long it takes to crack
    them. Expiring the IPsec SA after an amount of time forces the formation of a new IPsec SA, hence a new key. Expiring
    early renders the encryption less likely to be cracked, but also means the IPsec device will need to re-key more often:
    more work. The more coded text you have, the faster you can crack the key. So rekeying after a certain number of bytes
    have been sent is desirable. Note that a new SA is negotiated before the old one expires, to make sure it is available
    when needed.

     Source: IPSec Simplified (http://www.netcraftsmen.net/resources/archived-articles/446-ipsec-simplified.html)
OnCell VPN Specifications

 OnCell initiates VPN connection to VPN Server
 Site-to-Site topology
 IPsec VPN tunnel
  • Manual Key/ESP, IKE/PSK
  • DES/3DES/AES128/AES192/AES256 encryption
  • MD5/SHA1 authentication
 IPsec NAT traversal, Anti-Replay, and PFS
  (Perfect Forwarding Secrecy).

Network Topology

    LAN 1                                                             LAN 2                                        

                Static WAN IP

                                                                   VPN Gateway
                                                                   Router: D-link DIR-130
 OnCell G3110-HSDPA

                                IPSec VPN Tunnel

D-link router settings

                                 D-link’s Local subnet
                                                   OnCell’s WAN IP
                               OnCell’s Local subnet

D-link router settings

                      IKE mode

                      D-link’s WAN IP
                     D-link’s local subnet

                     OnCell local subnet


                  Use OnCell’s WAN IP for identification

                  IKE main mode

               DEC, 3DES, AES
               MD5, SHA-1
                      Group 1, 2, 5

Confidential        Protection against duplicate packets
                    Send keep alive packets
               VPN established!

Why need GuaranLink?

 Possible causes for cellular disconnection
  • Unable to register to GSM
     •   Scan and find no base station
     •   Wrong GSM frequency band selection
     •   Wrong PIN code
     •   Base station forces disconnect
  • Unable to connect to GPRS/UMTS/HSDPA
     •   Wrong APN
     •   Base station periodically forces disconnect
     •   Authentication error
     •   Weak signal level

Three ways to check cellular
 ISP initial connection check
  •   Check if OnCell is registered to GSM network (check
      PPP connection), then reboot OnCell
      •   Set PPP retry count (per 3min)
      •   Set network registration timeout (10~600min)
 Cellular connection alive check
  •   Check if there is any data flow, if not, check if
      connection is alive then reconnect to GPRS
      •   Set cellular connection alive check interval
      •   Set cellular connection alive check retry count

Three ways to check cellular
 Packet-level connection check
  • Periodically ping remote host to check if the connection
    is still alive or not, then reconnect to GPRS.
     • Set Packet-level connection check interval (1~600min)
     • Set Packet-level connection check retry count (1~5/15

When to use GuarenLink

 ISP initial connection check
  • If sometimes OnCell cannot connect to GSM after boot
  • Introduces no additional data traffic

 Cellular connection check
  • If sometimes after OnCell is idle for a while, the GPRS
    connection is dropped by ISP.
  • Introduces ping traffic when DNS check fails

 Packet-level connection check
  • If ISP disconnects the OnCell at random times.
  • Introduces ping traffic periodically

Frequent Asked Questions

  Common questions from TS cases

Question #1

 Can I connect two directional antennas to the

Question #2

 I’m not seeing 5 bars of LED on the AWK-3121
  at only 20 meters distance, why is this?
Question #3

 How long can my RF cable be?
Question #4

 Does AWK-3121/4121 have the capability to
  transmit and receive signals on both antennas?
  What is antenna diversity?
Question #5

 Why is the max throughput only about ½ of the
  data rate?
Question #6

 Why is the throughput lower when sending
  multicast data?

To top