A few weeks ago I talked about how having multiple AP and clients operating on the same channel in close proximity can increase CCI in an environment. If you are new to this blog, you can read that article here. We learned that the reason for this is that the interference domain is greatly expanded with APs on the same channel.  Since we now have more devices attempting to communicate simultaneously, clients will have a tougher time when attempting to transmit on the medium. Why does this happen?

In the current 802.11 standard, the main access method used in WLAN systems is known as Distributed Coordination Function (DCF for short). There are also two other access methods defined in the standard, Point Coordination Function (PCF) and Hybrid Coordination Function (HCF). PCF was never implemented by any mainstream WLAN vendor and thus we won’t go into detail here. HCF was introduced in the 802.11e amendment in 2005 and will also be omitted from this discussion but is important to know. In 802.11 a process known as CSMA/CA (carrier sense multiple access / collision avoidance) is utilized to try and prevent multiple stations from utilizing the half-duplex wireless medium at the same time. The purpose of DCF is to outline a process that stations must follow in order to communicate over the wireless medium. In that effort, a game of sorts occurs with stations employing tactics to gain access to the medium. Those tactics consist of four main parts that we will discuss to build an understanding of how wireless clients play the game.

Interframe space

There are six types of these spaces that occur within 802.11 transmissions. In order from shortest to longest they are: RIFS > SIFS > PIFS > DIFS > AIFS > EIFS. A helpful nemonic to remember this order is “Really Shiny Pennies Don’t Always Exist”. The different types of spaces occur depending on what time of traffic is being transmitted on the network. For this discussion, it is important to note they exist but not what the rules are for each type to be present.

Duration field

The duration field is found in packets being transmitted on the wireless medium and can be decoded by ALL clients that are within range of the transmission. This field will never be encrypted regardless of what encryption is being used in the network, as it plays a pivotal role in attempting to keep collisions from occurring. The value of the duration field starts a countdown clock within each client. This timer prevents the client from attempting to transmit until it reaches zero. Since all stations can hear and understand the value of the duration field, no station should attempt to communicate while an active transmission is occurring.

Carrier sense

There are two different types of carrier sense that occur within a wireless network, physical & virtual. Physical carrier sense is the easiest of the two to describe, since it is merely the client sensing the medium to determine if any energy is present. It is important to note that the energy detected may not always be from other 802.11 radios as there are many types of non 802.11 energy that occur within the 2.4 & 5GHz spectrum since after all, it is a shared and unlicensed medium. You’ll recall how we just talked about a timer that was set in clients based on the duration field. That timer is known as the NAV timer, and is what we call virtual carrier sense. Keep in mind that both physical and virtual carrier sense occur simultaneously in the network. As you know the OSI model has 7 layers with wireless utilizing layer 1 (PHY) and 2 (MAC) of this model. To relate the two types of carrier sense to this model, physical carrier sense occurs at layer 1 and virtual carrier sense at layer 2.

Random backoff timer

The final check used in DCF is known as the random backoff timer (RBO). The RBO is a pseudo random algorithm that utilizes a random value chosen from a range. That value is known as the contention window (CW). After this value gets selected, it is multiplied by a slot time value that is different depending upon the PHY in use. We have seen in previous checks all stations play by the same rules. There are few exceptions to these rules until we get to the RBO. This is where the game gets really interesting.

The reason that it’s interesting is that there is no set rules on how many numbers have to be in the range. A good person may put 50 numbers in their range, as they want to be polite and are just taking a leisurely stroll down the 802.11 highway. Other people may be very greedy and unconcerned with sharing, so they may only put 2 numbers in their range. You can quickly see how the game becomes unfair. Let’s think back to when we were kids. How many of you remember playing hide and go seek? Were you the good sport that counted down from 100 by 1’s evenly? Or were you that kid that started with 100, skipped a few to 3, and then finished quickly so you could get the upper hand on your friends? Just as you may have done then in order to get back to your turn at hiding, wireless chipset vendors get to pick whether they will be nice or not when creating the range for the CW.

Again, as we previously stated with virtual carrier sense, a client can’t attempt to transmit on the wireless medium until the RBO reaches zero. However, this isn’t just a straight countdown like the NAV timer was. The RBO timer must follow a procedure in order to decrement its clock of slot times. As stated in the CWNA-106 Sybex Study Guide:

If no medium activity occurs during a particular slot time, then the backoff timer is decremented by a slot time. If the physical or virtual carrier sense mechanisms sense a busy medium, the backoff timer decrement is suspended, and the backoff timer value is maintained. When the medium is idle for a duration of a DIFS, AIFS, or EIFS period, the backoff process resumes and continues the countdown from where it left off. When the backoff timer reaches 0, transmission commences.

Coleman, David D.; Westcott, David A.. CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-106 (p. 270). Wiley. Kindle Edition.

You hopefully now have a better understanding of how clients play the game when attempting to communicate on the wireless medium. All four of the pieces described above occur at the same time within each wireless station. Only when all of these have been exhausted can a station attempt to communicate on the wireless medium. Oh an guess what? Even with all of these methods to try and prevent collisions, many still occur. After all, as you saw above we called it collision avoidance 🙂

In closing I’ll leave you with one analogy to help provide a rather elementary understanding of how 802.11 access works.

Think back to your school days for a moment. You’ll recall during class the teacher made you raise your hand to speak. This allowed each person a turn to talk without others causing collisions during your comments. The teacher utilized an interframe space between each turn to maintain order in the environment. They then used a duration of time to let each person speak. If at any point during your turn if someone else started speaking, physical carrier sense was used and the teacher quickly told the other student to be quiet, before allowing you to finish. Finally, before you started speaking after being interrupted, you utilized a random backoff time to ensure that you wouldn’t be interrupted again before finishing your comments. Much like that classroom experience, as the RF environment becomes more occupied by stations attempting to communicate, collisions occur preventing transmitted frames from being received and processed correctly.

Hopefully this has helped you understand the process of communicating on the wireless medium. Feel free to drop a comment if you have them!

-Scott