Overcoming QoS, Security Issues in VoWLAN Designs
By Ravi Kodavarti, Texas Instruments, CommsDesign.com
April 3, 2003 (8:12 a.m. EST)
With 802.11 adoption starting to soar, designers must begin the eventual step in the WLAN design process. So far, the sector has proven that it can effectively handle data services. Now, they must make the next leap and show that real-time traffic can easily be supported. Figure 1: In VoWLAN systems, the UDP protocol sits on both the MAC and PHY layers.
Clearly, handling voice streams will be a key application for WLAN developers going forward. And, at least in the early going, it appears that voice-over-IP (VoIP) will be the technology of choice when delivering voice over WLAN networks.
But to make VoIP services a reality, engineers must tackle touch quality of services, security and roaming issues. In this article we'll examine some of the issues engineers will face and look at solutions being prepped by industry companies and standards bodies to attack these problems.
Stacking on UDP
The 802.11 specification supports two modes of operation: infrastructure and adhoc. In infrastructure mode, all end stations co mmunicate to the wired network and to each through an access point (AP). The AP must provide bridging functions to facilitate traffic either between the end stations or between end stations and the wired networks. An adhoc network allows connectivity between two end stations without the need for an AP using a peer-to-peer type protocol.
The 802.11 standard controls the interface mechanisms at the media access control (MAC) and physical (PHY) layer. Higher layer protocol support is left to the user. In the case of voice communications, an implementation using RTP/UDP/IP would reside on top of the 802.11 MAC and PHY. Figure 1 shows the different layers of the UDP protocol stack that could reside on top of the MAC and PHY.
In theory, the architecture described above would provide an effectiv e way for delivering voice capabilities over 802.11 links. But, in reality, designers will face some still quality-of-service (QoS) issues when working with an 802.11 link. Let's look at this issue in more detail below.
There are significant differences between wireless and wireline networks with respect to QoS issues. QoS in wired networks range between guaranteed service and best-effort service. Guaranteed service works when bandwidth of the network is typically larger than the bandwidth of the service that is guaranteed. In best-effort service, the individual bandwidth allocated changes over time, and the user adjusts the bandwidth requested based on the congestion of the network. In effect, each of these types of network implementations enables QoS by decreasing packet loss, latency, and jitter.
The UDP protocol can be used in networks that can provide guaranteed service. UDP dumps packets on the network and hopes that it goes through to the other side. It relies on hig her layers to deal with the issues of a packet that does not make it through.
The TCP protocol can also be implemented in best-effort networks (e.g. IP networks). As part of TCP, there is an acknowledgement sent from the destination. If an acknowledgement is not received, the transmission will be re-sent at a slower ratethe assumption here is that the network is congested.
Typically, VoIP implementations use UDP even for best-effort networks, and they account for the lost packets using various higher layer techniques. These implementations assume that the underlying network will be designed to account for the latency and jitter requirements of the higher-layer application.
In a wired network, accounting for latency and jitter are fairly straightforward. That's not the case in the wireless network. Unlike the wired network, WLAN networks must deal with tough propagation issues in order to determine channel performance. Thus, during the design of a WLAN system, engineers must combat issues like multipath and Rayleigh fading,
To account for the uncertainty in the wireless medium, the 802.11 MAC includes an acknowledgement (ACK) protocol. When a packet is transmitted, the sender firsts listens for any activity on the air, and if there is none, waits a random amount of time before doing a transmission. This methodology is called carrier sense multiple access/collision avoidance (CSMA/CA).
CSMA/CA can be viewed as a "listen first, talk later" methodology. If an ACK is not received, either due to interference or collision, then the entire process is repeated. The MAC layer ACK protocol is independent of the higher layer protocol, whether it is UDP or TCP.
The ACK protocol builds a layer of reliability on the WLAN transmission, making it very useful in data transmissions. However, in voice applications, this protocol adds jitter and latency to the voice traffic. In order to account for jitter, buffers need to be used, which in turn add more latency.
The ACK function is not the o nly QoS headache for designers looking to deliver voice services over WLAN systems. The WLAN MAC also includes a request to send/clear to send (RTS/CTS) mechanism. When used together, RTS and CTS decrease the chance of collision on a system by making sure that end stations in the vicinity of the source and destination hear the RTS and CTS respectively. RTS and CTS add robustness to the system at the cost of adding latency to the packets that are transmitted using this protocol. Figure 2 shows the cone of influence of an RTS and CTS frame exchange.
Figure 2: Diagram illustrating 802.11's RTS and CTS mechanisms.
Avoiding the QoS Problem
To avoid the problems caused by the ACK protocol, designers can implement other techniques to reduce retransmissions. One way to accomplish this task is by fragmenting a packet into smaller packets.
While an ACK function is still required during transmission of fragmented packets, it is expected that overall latency and jitter will decrease as the likelihood of a smaller transmission getting corrupted is reduced. This would benefit wireless VoIP implementations especially if low-bit-rate vocoders were used to compress the voice traffic. For example, designers can use a G.729 or G.723 codec to decrease overall latency and jitter on a wireless system even though these vocoders add some fixed latency to the voice path. Since digital signal processors (DSPs) work very well in vocoding algorithms, it would vastly improve the voice quality of a wireless VoIP implementation if a DSP were present as part of the end station.
The 802.11e draft specification provides another alternative for dealing with QoS problems. This draft specification defines an enhanced distributed control function (EDFC) that allows a WLAN AP to provide up to 8 virtual channels to every end station. Each of these 8 channels has associated QoS parameters in order t o ensure the highest priority channel is transmitted first.
Additionally, under the 802.11e spec, an AP could also support a hybrid control function (HCF). Through this function, the AP can take control of the channel before any of the stations do, thus reducing collision overhead and the number of retransmissions.
The 802.11e draft standard is supplementary to the 802.11 MAC layer, however, it would reduce overall latencies for wireless VoIP if implemented as part of a MAC hardware implementation.
The 802.11g specification also helps account for some of the QoS problems caused by interference on wireless channels. This spec defines the use of either orthogonal frequency division multiplexing (OFDM) or PBCC coding schemes. To provide enhanced error protection, these modulation schemes employ convolutional coding, thus allowing them to deliver better packet error rate, latency, and jitter, due to the superior coding nature. Note: The OFDM-based 802.11a spec also supports convolutional coding.
QoS is not the only issue designers must tackle when pitching VoIP services over 802.11 links. Network administrators implementing VoIP over a wireline network should not be overly concerned about an attack on their secure network. Typically, Ethernet drops at a location are well protected and it is virtually impossible for a hacker to get access to that network without breaking into the facility.
However, using VoIP over a WLAN system entails comprehensive security for all aspects of a call. The main aspects of security in a WLAN environment are the privacy of a voice call and protection from denial of service attacks. It is imperative that authentication and packet traffic are secure in order to ensure security in these cases.
The 802.11i standard is a MAC layer enhancement that allows support of both packet security and authentication security. The authentication security stems from the 802.1x protocol. 802.1x does not provide any cipher support. Instead, it only provides a framework for authentication and key management functions using the extensible authentication protocol. The 802.1x protocol allows for a mechanism where a server on a network can provide dynamic keys to each WLAN client. The draft 802.11i proposal also supports 802.11x enhancements with respect to the pre-authentication of clients. This work is primarily driven to support roaming on WLAN networks.
Current mechanisms of 802.11 cipher-based security methods revolve around using the wired equivalent privacy (WEP) protocol. However, WEP is not considered adequate for enterprise applications, since hackers can decode the underlying key that is used for data traffic fairly easily. Additionally, since WEP is a static implementation, it is virtually impossible for network administrators to change the key on an AP because this would entail changing it on every station as well. Some implementations use access control lists that authenticate based on the MAC addresses of an end station. However, MA C addresses can be easily duplicated to spoof the AP.
To address this security issue in a timely fashion, the Wi-Fi Alliance has adopted a subset of 802.11i for immediate certification. This program is referred to as Wi-Fi protected access (WPA). WPA will be mandatory for all Wi-Fi certified products in third quarter 2002.
While the security features of cipher support and authentication support in the 802.11i standard afford a layer of protection for WLAN networks, they also add complexity for voice traffic. Authentication for server-based methods adds latency to the setup of a call, and ciphering using WEP, WPA, or AES adds latency to each packet (if these were to be implemented in software). The 802.11 standard treats 802.11i as a MAC layer enhancement. Therefore, in order to minimize delay it is imperative that silicon vendors add support for the authentication and cipher security as part of their hardware.
Roaming and Interop Issues
Roaming and interoperability also play a critic al role in the development of WLAN systems that can effectively support voice. On the roaming front, WLAN systems calls must support fast handoff and authentication between access points when handling voice calls. If fast handoff is not supported, designers will encounter delay during the probe, authentication, and re-association stages.
The inter access point protocol (IAAP) and other proprietary methods are used to support roaming between different APs. Various studies have shown that handoff delays between different APs can be as high as 400 ms. The 802.1x additions to pre-authentication, as part of the 802.11i draft, and the AP roaming protocols, as part of the 802.11f draft, address methods to decrease handoff delays. Silicon vendors must provide support for these features as part of their MAC implementations in order to support VoIP mobility.
In addition to dealing with roaming between WLAN devices, 802.11 designers must be concerned with roaming voice calls between cellular and WLAN systems. Right now, standards are pretty crude on this front. The cellular sector has defined some packet-based specs, but most of the efforts to date have focused on data services. Thus, to provide true VoIP roaming across cellular and WLAN networks, standards will need to be established to promote wide scale deployment and adoption. Currently, vendors are working on proprietary ways of solving this issue.
As engineers can see, there are a lot of pitfalls ahead in the delivery of voice services over wireless links. Fortunately, the 802.11 committee, through its e, i, and f drafts, is addressing this issue head on. In the interim, however, designers looking to add voice capabilities to their WLAN designs must carefully deal with packet loss and jitter issues.
- An Empirical Analysis of the IEEE 802.11 MAC Layer handoff process, Mishra, Shin, Arbaugh, University of Maryland.
- Carrier Class High Density VoP, Witowsky, and Gatens, Texas Instruments Voic e over IP in wireless LANs, Telecommunication Networks Group.
- Improving QoS of VoIP over WLAN, Habib and Bulusu, University of Colorado at Colorado Springs
- IP QoS protocols for Voice over IP, Thompson, Texas Instruments
- Research Challenges in Wireless Networks, Shakkottai, and Rappaport, University of Texas at Austin.
About the Author
Ravi Kodavarti is a senior technical staff member with Texas Instruments' Voice over Packet Group. He holds a BE from Karnataka Regional Engineering College, India, an MS from Texas A&M University, and an MBA from Northwestern University. Ravi can be reached at email@example.com