Wireless Networking Update University of Denver
Download
Report
Transcript Wireless Networking Update University of Denver
Wireless Update
Byron Early & Marcelo Lew
University Technology Services
January 12, 2006 @ Westnet Meeting
1
Overview of Topics
2
General Overview of Current Wireless
Deployment at DU
Point-to-Multipoint Backbone Links
Interference Problems
Network Adapter Bridging Problem
Performance & Analysis Tools
Upgrading APs from 802.11b to “g” @ DU
Total Access Points (DU)
300
280
241
250
200
Total APs
150
802.11g
802.11b
100
39
50
0
Total APs
3
802.11g
802.11b
4
Wireless Client Support
5
Web VPN Client
Limited application capability
MUST stay within browser window (No
streaming, IM, etc.)
SSL VPN Client (VPN 3000 Rev: 4.7.2)
Same functionality as VPN client!!
Windows 2000/XP support only
IE, Netscape, Mozilla, and Firefox
Active X Controls or Java Required
Upgrading Point-to-Multi-Point
“Backbone Links”
Wireless Backbone Links @ DU:
Provide Network Access for subset of
buildings not linked by fiber optic backbone
(located outside of contiguous campus)
Several
University Residence Buildings
Numerous Fraternity & Sorority Houses
English Language Center
6
Wireless Point to Multi-Point Backbone
Links (cont.)
Reason for Upgrading:
Replace Legacy Equipment (Orinoco OR1100s)
Originally installed to support only a few users
per house – NOW 99% of residents have laptops
Performance Increase:
Interference: Move backbone links to “less
crowded” air space (802.11a, 5 GHz UNII Band)
Increase Throughput
7
Proxim MP-11a
MP-11a: Lowest Cost Uplink Option
Others: Milliwave, Laser, etc. - $$!!
MP-11a Architecture
Star
8
Network Design (vs. Mesh)
Proxim MP-11a (cont.)
Benefits (point-to-multi-point links)
Uses a “polling protocol” (WORP) to share its
medium (“deterministic”) vs. 802.11’s CDMA/CA
Up to 24 Mbps of “usable, sustainable throughput”
DDRS (Dynamic Data Rate Selection):
Data rate adjusts dynamically based on signal
strength value
9
Helps compensate for temporary link degradation
(heavy snow/rain) maintaining connectivity, BUT at
lower data rates.
Separate Data Rates supported for each link:
One “slow link” does NOT reduce the data rates
of others
Proxim MP-11a (cont.)
MP11a Versions:
MP11 Base Unit (BU)
Supports up to 250 SUs
MP11 Subscriber Unit (SU)
MP11 Residential Subscriber Unit (RSU)
Up to 7 Mac-Addresses (clients)
No PoE
Rugged and Non-Rugged Versions
10
MP-11a NON-RUGGED
11
MP-11a RUGGED
SU w/ built-in antenna
BU w/
external
antenna
12
Proxim MP-11a (cont.)
Security:
“Mutual Authentication” between BU & SUs
prevents man-in-the middle attacks and rogue
SUs
Encryption: 128-bit AES between BU and SU
802.1Q VLAN Support (256 Vlans/BU)
Storm Thresholds (packets per second)
Protects against network overloading
13
MP-11a Warranty & Reliability
Warranty: 1 year (hardware & software)
Replacement unit turn-around:
3-4 weeks turn-around on w/o service contract
Only 30 days free technical support
Reliability:
Deployed: 10 total units (5 BU, 5 SU)
2 failures (of of “ruggedized” model in 8
months)
14
Interference & Performance Problems
(ISM 2.4 GHz Band)
Cell-Overlap Interference:
Cell size determined by transmit power &
propagation characteristics of location
Cell-Overlap (to enable “roaming”) should not
exceed 20-30%
ISM Band (2.4 GHz): only 3 “non-overlapping”
Channels (1, 6, 11)
15
Most DU installations require using all three
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
“Desired” Performance Standards @ DU:
Uniform, small cell sizes
15-20 users maximum per AP (not always possible)
Excellent signal-to-noise ratio (SNR):
30 dB or greater
Win-XP Wireless Network Tool not accurate (Tray Icon)
16
XP tool will not show “excellent” unless in close proximity to AP
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Higher Transmit Power in newer AP Radios:
Upgrading existing networks with new APs increased cellsizes
Old: 30 mW transmit power
New: 100 mW transmit power
Proxim AP-700, 4000s
Remedial Options:
17
Proxim AP-500, AP-1000 & AP-2000s
Reduce AP power 50% (50 mW, via Web Interface / AirWave)
Re-positioning APs: costly, may not be possible
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Fluctuating Cell Size Problem:
Received Power varies by location in building
RF propagation in 3 dimensions unpredictable:
Thickness & Composition: Walls, floors, etc.
Metal railings, HVAC ducts, etc.
Filing cabinets, books, etc.
People
SNR typically fluctuates ~8-10 dB at static location
18
“Over-Lapping” AP signal can become strongest
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Observed Client Effects (fluctuating cell size):
Constant jumping between strongest signals
APs web-interface, AirWave software
Large drop in “throughput”
“Timeouts” (pings, etc.)
Dropped connections
Re-association Delays:
Delays vary by type of client radio card
DU: VPN @ layer 3 (dropping, re-authentication)
19
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Solutions (fluctuating cell size):
Client Laptop: install external “directional” antenna
Decrease AP transmit power
Not always possible – can introduce other coverage
problems
IBM Built-in Laptop Tool: restricts connecting to AP
by MAC address
Other tools available: dependent on wireless adapter
Need multiple profiles (“roaming” in other locations)
20
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
“b/g” Channel Interference from Rogue APs:
Clients in Ad Hoc (IBSS) mode (20-40 mW)
Students with personal APs
Bleed-Over Signals at perimeter of campus
(nearby homes and businesses)
Rogue AP may not be “connected” into wired
campus network port
21
Cannot use tools to identify down to wired port
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Solutions (Channel Interference from Rogue APs):
Locate rogue equipment (YellowJacket – layer 1)
AUP violation if connected to network
Legality of interfering wireless not connected to network?
Interference from Homes/Businesses
Negotiate channel / transmit settings
Increase transmit power
Install directional antennas
22
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Immunity to Interference:
High Interference Locations with “b/g” APs:
10-20% Packet Loss
“Timeouts” (pings, etc.)
Users complain of poor performance
Modulation: 802.11b (QPSK) vs. 802.11g (OFDM)
QPSK – less affected by interference than OFDM
OFDM-Modulated-Signal (Graph):
23
Signal fills more of channel than QPSK (more channel over-lap)
More evident modulation throughout entire channel than QPSK
802.11b (QPSK)
Channel 5
24
802.11g (OFDM)
Channel 5
25
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Solution of Last Resort (b/g locations):
Set AP to “b” only mode
Mitigates Interference problems
No more packet loss
Lower data rates, but improved throughput
26
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Device Proliferation in 2.4 GHz ISM Band:
27
802.11b/g Devices: Laptops, PDAs, Phones,
Video, etc.
Bluetooth Devices: Phones, PDAs, handhelds,
audio/visual, mice, headsets, etc. etc.
Interference & Performance Problems
ISM 2.4 GHz Band (Cont.)
Bluetooth Interference:
FHSS: 1600 hops/second across entire ISM band
Affects all 11 (14) 802.11b/g channels
Power levels vary: 1mW, 10mW, 100mW
Received signal of -30 dBm considered “strong”
Effects Increase with Power & Proximity to other
wireless devices
Distance of Bluetooth device from AP
Laptop with Bluetooth-mouse & 802.11b/g wireless radio
28
2.4 GHz FHSS Cordless Phone
(15 ft. Away)
Ch. 5 (shaded)
Phone signal
FHSS
> -30dBm
29
2.4 GHz Wireless Video Transmitter
(15 ft. from AP)
Ch. 6
Both Signals
Video (darker)
~Equal!
30
Bluetooth-Mouse
(15 ft. Away)
Ch. 5
FHSS
15 ft.
Max. -50 dBm
31
Bluetooth-Mouse
(1 ft. Away)
Ch. 5
FHSS
1 ft.
> -30 dBm!!!
32
Windows XP: Network Adapter Bridging Problem
Computer #1:
Running Windows XP; Wired & Wireless adapters
Typically a laptop
Ethernet NIC plugged in to “wired network port”
“Bridge” created between “wired” & “wireless” adapters
33
Manually (by user) or Automatically (Win-XP bug, patch available)
DHCP: IP addresses offered to both network adapters (normal)
DU: DHCP Server is Cisco Network Registrar (CNR)
DU: “Wireless” Adapters get 10.n.n.n address (“non-routable”)
Client is using the “wired Ethernet port” and is unaware the
wireless adapter has “associated” with an AP
Windows XP: Network Adapter Bridging Problem
Computer #2:
On same wired subnet as computer #1
Also running Windows XP & NIC plugged into “wired port”
Computer #2 Issues DHCP request through “wired adapter”
34
Often a desktop computer without a Wireless radio adapter
DHCP request gets picked up by Computer #1 and “bridged” out its
Wireless Adapter
DHCP Servers answers the request “bridged” through Computer #1
and receives an incorrect “wireless address” (10.n.n.n) and cannot
connect to network (wired-VLAN, ACL-blocked)
User calls Help Desk to complain about a network problem!
Computer #2 sometimes receives the correct address to really
confuse the Help Desk
Windows XP Network Adapter Bridging Problem
(Explanation)
“CHADDR” Field in DHCP Requests:
35
CHADDR Field gets populated with the MAC address from
the network adapter of the computer actually issuing the
DHCP request (not the computer “bridging the request”)
In a proper DHCP request the CHADDR MAC Address
should be the same as the MAC Address of the Ethernet
Frame carrying the request
In the problem case, the CHADDR MAC address comes
from Computer #2, while the Ethernet Frame carrying the
request comes from Computer #1
Windows XP Network Adapter Bridging Problem
(Solution?)
Possible Solution: (from Cisco TAC)
Create a “Filter Expression” for CNR:
Filter: CHADDR Field MAC address must match MAC
address of frame carrying DHCP request payload
DHCP Server (CNR) will Ignore requests not meeting the
condition of the filter (but will respond to the correct
request from Computer #2 that didn’t get picked up &
bridged by Computer #1)
DU testing the solution now . . . Stay tuned!
36
Software Tools
(Bluetooth Analysis)
“BlueWatch”
37
(from AirDefense, cost unknown)
OS: Windows & XP
Identifies type of interfering device
Displays key attributes, services supported, and
with whom it connects
Software Tools
(Bluetooth Analysis)
“BlueScanner”
38
(from Network Chemistry, freeware)
OS: Windows XP
Identifies type of interfering device
Displays key attributes, services supported, and
with whom it connects
Provides Location information
Software Tools
(Bluetooth Analysis)
“BlueSweep”
39
(from AirMagnet, Freeware)
OS: Windows XP SP2
Capabilities: ?
Network Troubleshooting Tools
(for laptops & PDAs)
Wireless Protocol Analyzers
“Sniffer Portable LAN Suite 4.8 SP1”:
(from Network General, ~$4500)
SW that runs on a Laptop
“AiroPeek NX 3.0”:
(from WildPackets, ~$3000)
SW for Laptop
40
Network Troubleshooting Tools
(for laptops & PDAs)
Site Survey Analyzers:
“AirMagnet Surveyor Pro 2.6” (Laptop; ~$3200)
“Software Suite - Berkeley Varitronics”
“Hive”, “Site Initiator”, “Site Investigator”
~$2500 for 3 software suite
YellowJacket hardware is ~$3200
Plots results on AutoCad “floorplan”
41
Network Troubleshooting Tools
(for laptops & PDAs)
Site Survey Analyzers:
“Ekahau Site Survey Pro 2.1”:
~$3700
SW runs on laptop
Allows predictions of RF coverage
42
Requires entry of construction data
Network Troubleshooting Tools
(for laptops & PDAs)
Wireless Performance & Security Analyzers:
“AirMagnet Laptop 6.0” (~$3500):
Runs on Windows laptop
Allows connecting to AP as a client
Channel Selectable Information:
43
# of Packets, # APs, power levels, etc.
Packet-capture & decoding
Rogue AP detection
Network Troubleshooting Tools
(for laptops & PDAs)
Wireless Performance & Security Analyzers:
“YellowJacket” (from Berk0Var 2.3 ~$3200):
Harware-Analyzer / IPaq tandem (HX2415 or HX4700)
Connects to PDA via FlashCard
Performs spectrum analysis
Cannot connect as “client” (monitor mode only)
Layer 1: Rogue AP detection & directional locator
Layer 2 “b/g” analysis: (beacons, probes, multi-path, etc.)
Channel Selectable Information: how busy, # APs, power
levels, etc.
44
Network Troubleshooting Tools
(for laptops & PDAs)
Wireless Performance & Security Analyzers:
“EtherScope Pro Network Assistant 2.0”
(from Fluke Networks, ~$8000)
HW device, build on Linux platform
Rogue AP detection
Channel Selectable Information: how busy, # APs, power
levels, etc.
Authentication & Association analysis
45
Network Troubleshooting Tools
(for laptops & PDAs)
Spectrum Analyzers:
“Bumblebee” Spectrum Analyzer:
(from Berkeley Varitronics; ~$2500)
Advanced handheld spectrum analyzer
HW & SW (“Pocket PC”)
Connects to PDA via FlashCard
46
Network Troubleshooting Tools
(for laptops & PDAs)
Wi-Fi Power-Output Analyzers:
“Caterpillar” (from Berkeley Varitronics ~$750)
Hardware device
Detects power output in 2.4 & 5 GHz
Connects to “intentional radiator”
47
Network Troubleshooting Tools
(for laptops & PDAs)
Freeware:
“NetStumbler” & “MiniStumbler”
Windows & XP: NetStumbler
Window Mobile: MiniStumbler
Both are Freeware
AP detection (SSID, channel, SNR)
Infrastructure or Ad Hoc mode information
48
Network Troubleshooting Tools
(for laptops & PDAs)
Freeware:
“Kismet”:
OS: Runs on Linux
Freeware
AP detection (SSID, channel, SNR)
Infrastructure or Ad Hoc info
Packet decoding (beacons, probes, payloads)
Intrusion Detection
49
Network Troubleshooting Tools
(for laptops & PDAs)
Freeware:
“Ethereal”:
OS: Runs on Windows & Linux
Freeware
Decode & Analysis of 802.11 header
Chipset must be in monitor/”promiscuous” mode
50
MS-Windows drivers do not allow monitor/”promiscuous” mode
Open Source drivers needed to enable monitor mode
Network Troubleshooting Tools
(for laptops & PDAs)
Freeware:
“Auditor Security Collection”
Freeware – Open Source Tools
Windows: Run-time version of Linux
Debian Linux environment in RAM-Disk
AP detection (SSID, channel, SNR)
Infrastructure or Ad Hoc info
Packet decoding (beacons, probes, payloads)
Decode & Analysis of 802.11 header
51
QUESTIONS ????
52