Author: Martin

A Question For a Wifi Ueber-Geek

I like when things work but I get a strange feeling it if I can’t explain why. Here’s a scenario that works perfectly well but I can’t figure out why. Maybe a Wifi Ueber-Geek can help:

I’ve used a Linksys WRT54 access point configured to AP client mode (bridged) to connect to a Siemens Wifi Access Point. Connected to the WRT54 are two notebooks, each via one Ethernet port. When the cable is plugged in both were assigned an IP address by the DHCP server running on the Siemens AP (192.168.40.20 and 192.168.40.73). Both can communicate with the Internet over the single wireless link just fine. What I wanted to test with this scenario was how the Ethernet MAC addresses of the two notebooks and the WRT54 access point are used on the wireless link.

To my great surprise the Siemens AP always uses the Ethernet MAC address of the WRT54 when packets are sent to one of the notebooks. But how does the WRT54 then know which notebook (which Ethernet port) it should deliver it to? On the notebook the incoming packet contains its MAC address. This means that the WRT54 must have changed the MAC address in the destination field. But why does it do that and how can it know which MAC address to use? I am thoroughly confused.

I’ve documented the result in the two pictures below. The first picture shows how the packet looks like when its received on the WRT54. The destination address in the 802.11 header is the WRT54 (Cisco-Li…, traced with Kismet on the WRT54). The same packet on the notebook (traced with Wireshark) suddenly contains the notebooks MAC address in the destination field of the of the Ethernet II header (Uniwil…). It’s not IP routing since the notebooks and the Siemens AP behind the wireless link are all in
the same subnet. It’s also not Layer 2 bridging since the MAC address
changes.

Does anyone have an explanation for this?

Wifi1b
Wifi2b


More Internet on Train: Thalys Starts Pilot Service

A number of train operating companies have started to offer Wifi Internet access in some of their trains over the past year or two like for example in the U.K. or in Germany. Now Thalys, a private train company that links Paris with Brussels and Cologne has started their pilot service for Wifi Internet access on trains. From train to ground data is transmitted via Satellite, UMTS and GPRS. Another company that has understood how to make people take the train instead of the car or plane. Hopefully an example that spreads.

Probing Layer 1 Wifi and Bluetooth with Metageek’s Wi-Spy

Wispy24x_in_actionpng
Seeing is believing. Be it by reading standards or by using tools and analyzers to get hands on experience on how wireless networks operate is what drives my professional interests and this blog. When it comes to the physical layer, i.e. the radio transmissions, tools are scarce, at least those that are affordable. Recently, however, I stumbled over a great tool called Wi-Spy from Metageek which has opened the door to Layer 1 of the 2.4GHz ISM band for me. This is the frequency band in which Wifi, Bluetooth and a couple of other wireless systems operate.

Metageek was nice enough to send me one of their advanced probes which sell for $399.-. Compared to other spectrum analyzers it’s almost a free ride. Since then I’ve used the probe day and night and have gathered hundreds of megabytes worth of data. I am absolutely fascinated and have learnt a great deal of how Wifi and Bluetooth behave, interact and interfere on the ISM band. Good to have a blog so I can share some of the results.

B1_clean_environment
The first picture on the left shows two of the three graphs the Chanalyzer software creates in real time out of the data gathered by Wi-Spy. The upper diagram is a waterfall diagram that shows the frequency range on the x-axis and time on the y-axis. Activity on a certain frequency and intensity is drawn in different colors ranging from blue (low to nothing) to red (high signal strength). As can be seen on the y-axis, the graph shows the activity of the past 60 minutes. The lower diagram in the picture shows the amplitudes reached on the frequency band. The color indicates how often a signal was registered. Not much can be seen in the first picture except for the slight increase in activity between channel 3 and 4. As such this radio environment is a dream for deploying a new wireless LAN access point.

B2_idle_networks
Things start to get much more interesting in picture 2 which uses the same scales and settings as in the first example. This trace, however, was taken at a place were 6 wireless LAN access points operate in parallel. Due to the long recording time of 60 minutes it becomes clear that three different wireless LAN devices operate on channel 6. They can be distinguished because each has a is received with a different signal strength by the probe which means that they are at different locations or have a different output power. My own access point operates on channel 11. During the recording time of 60 minutes all access points including mine were mostly in idle mode. The graph also shows that there is another access point on channel 1 and a further one on channel 9. Channel 9 is a most unfortunate choice since it overlaps and thus interferes with all access points on channel 6 and also with my access point on channel 11.

B4_overlap
In the next picture I have zoomed on the topographic chart and have activated markers that show where the three possible non overlapping channels in the ISM band begin and end. I’d love to show this picture to the guy who owns the access point transmitting on channel 9 which tramples over the ones on the left and right of it. The impact such a partial and full overlapping has on performance will be discussed in a future blog entry.

B3_congested_environment
The the last picture on the left shows the pretty congested radio environment in my Paris apartment. My own access point in this case is on channel 1 and I’ve done some file downloading over a 10 MBit/s ADSL2+ Internet connection at 40 minutes in the trace and a pretty long one between around 5 and 20 minutes in the trace. The traces shows my access point which is received at around -70dbm and the wifi transmissions of my notebook which are received at around -45 dbm (as the antenna is very close to the Wi-Spy probe). As I mostly downloaded information the Wifi signal of the access point is plotted in a lighter color (more activity) than the notebook. Also note the very active Wireless LAN on channel 11.

Since the Chanalyzer can be used to record and playback I saw that this network keeps transmitting 24h a day. The same applies for the wireless LAN access point on channel 3. Most likely these are two of the access points by French DSL provider Free. Their version 5 access point uses MIMO techniques to stream TV signals over Wifi to a set top box on the TV. This theory is supported by the SSIDs these networks broadcast. To make the partial overlaps complete there is another access point on channel 5. All signals by the way are strong enough to be easily received and decoded by my notebook so these signals are far more than faint background noise.

So much for this first part on Layer 1 Wifi tracing. In the next parts I will cover scenarios such as throughput measurements in partly and fully overlapping Wifi networks, how I detected a faulty Wifi card, how Bluetooth interferes with Wifi downloads and how it looks like when a microwave oven ruins your live TV signal streaming.

In the meantime if you want to check things out for yourself head over to the Metageek homepage where you can download the Chanalyzer software and some traces to start your own experiments. In case you think about buying and live in Europe, here’s a link to the list of national resellers.

The Mobile Internet and Event Reporting in Italy

I’ve been in Rome recently and over the weekend attended one of the V-Day manifestations with a friend for more direct democracy in Italy initiated by Beppe Grillo. I mention this on my technical blog as I was very happy to see a couple of organizations reporting from the event which used a 3.5G network to broadcast their stories in real time via the Internet and radio.

Tv_roma
The first picture on the left shows two guys of TheBlogTV interviewing people at the event. The guy on the left operates the camera while the guy on the right with the Mac (!) controls the software which sends the live video stream with the USB data card that hangs down from the notebook on the left to the Internet (recognize the Huawei logo?). I know there are already integrated mobile phone solutions available that do the same thing but this way the quality is probably better (at least for now).

Radio_roma
The second picture shows the transmission equipment of Radiololgiata which transmits both on FM (96.6) and on the Internet. I didn’t talk to them personally as they were quite busy but I am sure the N70 connected to the equipment via the USB cable was NOT used for sending SMS messages 🙂

Great examples of how the mobile Internet revolutionizes event reporting and allows anyone to broadcast to a large audience in real time, in good quality (think HSUPA with 500+ kbit/s bandwidth) and with little cost for equipment. I modestly contributed to the reporting and uploaded some pictures to flickr in real time.

Femtocell Thoughts – Part 3

In part one of this miniseries on femtocells I’ve been looking at
the benefits for mobile operators and part two covered the question why users would
put a femtocell into their home. This final part looks at the technical background and hurdles and gives a conclusion.

In practice it is extremely important to integrate femtocells with DSL or cable modems for several reasons. First, femtocells are installed by the user and such an approach therefore ensures that the installation is easy and is done properly.

Additionally, an integrated device is the only way to ensure quality of service for the femtocell since data traffic generated by 3G voice calls must be prioritized on the fixed line link over any other traffic. If a femtocell was attached to an already existing DSL or cable router which already serves other users, uplink data traffic of these users could severely impact 3G voice calls since ordinary DSL or cable routers do not have quality of service (QoS) features to ensure that traffic from the femtocell is prioritized. This behavior can already be observed in practice today in other situations. If an ordinary DSL or cable router is used for a VoIP call in addition to a simultaneous file upload, voice quality is usually very bad due to the packet delay and insufficient bandwidth availability caused by the file transfer.

Thus, a mobile operator deploying femtocells ideally owns DSL or cable access as well or is at least partnering with a company owning such assets. This way a single fixed line gateway could be deployed with Wifi for PCs and other devices and a femto radio module for 3G mobile devices. The single phone per user idea also benefits from such an approach since owning or partnering for DSL or cable access removes the competition between fixed and wireless voice. This also ensures that a femtocell is only used in locations where the mobile operator has licenses to operate femtocells since they use licensed 3G frequency bands.

In practice it can be observed today that a number of mobile operators are taking this route already by either buying DSL access provider companies or at least partnering with them (e.g. Vodafone/Arcor or O2/Telefonica in Germany). It’s unlikely that this is done specifically to roll out 3G femtocells at a later stage but it seems that such companies have understood that it is vital for the future of a telecommunication company to have both wireless and fixed assets in order to stand a chance to be more than a mere bit-pipe for services running over the network. On a side note it is interesting to see the trend of splitting up fixed and mobile access into separate companies several years ago seems to revert now and pains of separation are now followed by pains of re-unification.

Another technical aspect concerning femtocells is interference. In 3G networks, cells usually all transmit on the same frequency and interference is managed by having enough space between them and by adjusting output power and antenna angles. Most 3G operators have at least two frequencies they can use so femtos could for example use the mostly unused second frequency. However, there is still an issue with interference between femtocells of users which live in the same apartment building and have thus installed their equipment close to each other. Left on its own this will result in lower capacity of each cell and might impact quality of service.

Conclusion

When looking at the arguments presented above, femtocells are not likely to be an immediate and outright success. A number of hardware evolutions will probably be needed before form factor, usability and quality of service are adequate. This is likely to take a couple of years. Also, mobile operators need to continue their path of buying or partnering with companies owning fixed line DSL or cable access. This will surely also not happen overnight. However, there is currently still enough capacity available in the macro layer of the network so femtocells are not immediately needed to reduce the load on the network. Therefore, the major immediate benefit of femtocells is improving in-house coverage especially in rural regions, which thus remains a niche market for now, since 2G and 3G coverage and capacity for urban users is usually sufficient for in-house coverage. As such the story of femtocells might parallel the evolution of UMA (Universal Mobile Access) which has similar goals but a completely different concept. That’s a story for another day however…

As always, comments are welcome.

Michael Mace looks at Ovi and Nokia Strategy

My boss today pointed me to an article written by Michael Mace over at his Mobile Opportunity Blog on Ovi, and Nokia strategy. While in my own article on the topic I’ve been concentrating on the potential struggles between Nokia and mobile network operators this move will probably provoke , Michael broadens the scope and puts Apple and the iPhone into the equation. A long article but a worthwhile read since it contains a lot of thought provoking observations.

Interestingly enough we come to the same conclusion in our articles: We both fear that the whole process could lead to another set of walled gardens. More colorful perhaps but still with walls. But then, a mobile phone can have more than one door…

The Cell Phone Network Hack Of The Decade

In 2005, the cell phone of the prime minister of Greece and those of 100 other people were secretly tapped by what in my opinion is the most extraordinary attack on a cell phone network that has been uncovered to date. The July 2007 issue of the IEEE Spectrum magazine has a very good summary of what happened, how the spy program was detected and the consequences. The article is also available online.

Here’s the elevator pitch:

  • Unidentified hackers design a secret patch for Ericsson Mobile Switching Centers and mange to insert the code into switches in the Vodafone Greece network.
  • The code checks all calls and taps conversations made over 100 selected phones. These conversations are in effect duplicated and forwarded to other mobile phones.
  • The hackers make a mistake when they update their spy program and logs are generated by the switch. This tips of Vodafone and Ericcson which then start an investigation.
  • And for the rest… read the article.

It’s one thing to program a virus or trojan horse for a Windows, MAC or Linux box. Secretly inserting code into a GSM Mobile Switching Center which does not run an off the shelf operating system, however, is quite another. It definitely shows why Cryptophones that encrypt a call from mobile to mobile are worth their money. I wonder, how many of those 100 people used one…

Femtocell Thoughts – Part 2

In part one of this miniseries on femtocells I’ve been looking at the benefits for mobile operators. This part deals with why users would put a femtocell into their home.

From the user’s point of view the advantages of femtocells are less clear to me. While the user shares all of the operator advantages discussed in a previous blog entry, increasing customer retention and thus churn is not necessarily in the interest of users since it could reduce competition. Also, it is unlikely that all family members use the same mobile operator and thus could benefit from a single femto cell.

In addition, mobile multimedia users are usually still early adopters which tend to use sophisticated phones, of which many include Wifi. With such phones a femto cell for multimedia content is not required since Wifi offers a similar or better experience for Internet content. Multimedia services offered by mobile network operators, however, are usually not available over Wifi which, from the end user perspective, is not a huge loss since early adopters tend to use Internet services rather than multimedia services of operators that are usually more expensive or come with limitations not acceptable to such users.

An advantage not mentioned before is that better 3G in-house penetration would increase call establishment success rate for 3G video calls since mobiles reselecting to the 2G network because reception quality is better can not be used for incoming or outgoing video calls. Thus, femtocells could become an important element in the future to make video calls more popular as the service still fights with the famous hen/egg problem of 3G network availability and number of users with compatible handsets.

Monetary incentives could persuade users to install femto cells. Operators could for example offer cheaper prices for voice calls that are handled via the femto cell. Also, the operator could propose to share revenue with femto ‘owners’ if other subscribers use the cell for voice and data communication instead of a macro cell.

Often the argument is brought forward that femtocells allow to market single phone solutions in which the user no longer has a fixed line phone and uses his mobile phone both at home and on the go. However, such solutions which use the macro layer instead of femtocells have already been available for several years in countries such as Germany (O2’s famous home zone for example) and are already very popular. Also, it is unlikely that mobile network operators would have competitive prices for all types of calls so many users would still use a SIP phone or software client on a PC for such calls at home. Calling a mobile number is still more expensive in most parts of the world excluding the U.S.A. than calling fixed line phones so single phone offers have to include a fixed line number for the mobile phone in order. Again, this is already done in practice for example by O2 in Germany for a number of years but femtocells might enable the mobile network operator to deliver such services cheaper than how it is currently done over the macro layer.

It should alsobe mentioned that using a femtocell would have a configuration and usability advantage over SIP Wifi phones. However, it is likely that the configuration process for SIP and Wifi on handsets will improve over the next few years thus decreasing this advantage.

To be continued

So much for now on the user’s point of view on femtocells. In the third part, to come soon, I will take a look at the technical background and hurdles.

As always, comments are welcome!

20 Years Ago The GSM MoU Was Signed

Both a long time and a short time, but 20 years ago on the 7th of September 1987 the GSM Memorandum of Understanding (MoU) was signed by 12 European nations on September the 7th. It took a bit after that but three and a half years later the first GSM network, today known as Elisa in Finland, opened its doors. Since then the mobile networks are constantly evolving and activities are still accelerating rather than slowing down.

For a long time, mobile networks were considered voice only networks and even SMS was only added to networks at the end of the 1990’s. Since then mobile data services have evolved in only a few years from speeds of a couple of bits per second to multi megabit 3.5G highspeed. Nevertheless, everything is still based on the GSM standards from back then, or 3GPP standards as they have been renamed to in the meantime.

The telecoms industry had a tremendous roller coaster ride during that time. For many people working in the industry the ride did not always go to the better side. After the .com burst at the beginning of this decade, tens of thousands of people in the telecom industry have lost their jobs. Today, unlike the IT industry which seems to have picked up steam again, the telecoms industry with some exceptions is still struggling and the turbulences are far from over. A challenging time for everyone in the industry which takes true determinism.

Looking at the user side it’s incredible to see the changes mobile networks have brought to the life of people in both rich and poor countries. Voice was the first revolution and today few people can still imagine a life without cell phones. Generation-C can probably not imagine it at all. After a number of iterations I can see mobile Internet access now also picking up with people around me and even some skeptics of yesterday are now using a Blackberry or HSDPA mobile data card in their notebook. Generation-C is next, pricing levels are close to become affordable for them!

Good sides, bad sides, but no matter happy birthday GSM!