Sunday 27 November 2011

High Channel Utilisation: Part One

This is part one in a gripping two part series!

Yesterday I was performing a WLAN audit for a client. As part of this audit, I noticed that APs were reporting a high level of channel utilisation whilst the Tx and Rx utilisation was either very low (<5%) or in most cases 0%. Most of the APs I looked at had 0 clients associated which explains the Tx and Rx utilisation of 0%. The channel utilisation generally ranged from 20% to 60% and in the case of one AP, was 92% with 0 clients associated. In the case of the 92% utilised AP, this means that 92% of the airtime is unavailable before a single client even associates. This directly correlates to how much bandwidth is available for clients once they do associate. If I associated a client to this AP and ran iperf, instead of the ~20 Mbps of real throughput at a 54 Mbps data rate, I would achieve a maximum of a few Mbps. The most common cause of this high utilisation is an excessive number of low data rate frames - almost always 1 Mbps frames. This was suspected but I passed through the motions to determine the cause.

Spectrum Analysis was performed to rule out any Layer 1 (non-Wi-Fi) interference. The spectral density view in Metageek's Channelyzer Pro showed three clearly defined 802.11 channels but nothing else of significance. The integrated spectrum analysis functionality in the Cisco CleanAir APs was also checked and showed the usual low duty cycle interferers (Bluetooth and DECT phones) but nothing to accountant for such high channel utilisation.

Next, layer 2 analysis was performed by way of packet sniffing. It was immediately obvious that the excessive 1 Mbps frame hypothesis was correct. These frames accounted for between 70% and 80% of all frames. There are a number of factors that can contribute to an excessive number of 1 Mbps frames:

1 Mbps frames allowed on the WLAN
Obviously enabling low data rates such as 1 Mbps on the WLAN will account for some of the frames seen. A frame transmitted at 1 Mbps takes significantly longer than even the slowest 802.11g frame (6 Mbps) and therefore many 1 Mbps frames can take up a significant portion of available airtime. Common management frames such as beacons, probe requests and probe responses are sent at the lowest configured manatory data rate (1 Mbps in this case). These frames are sent even with no clients associated to the AP. In addition because 1 Mbps is an 802.11b data rate, a protection mechanism such as RTS/CTS or CTS-to-Self is needed to allow 802.11b clients and APs to interoperate with 802.11g clients and APs. RTS/CTS results in around a 30% to 40% reduction in throughput and this does not include the reduction in throughput caused by the actual 1 Mbps data frames. RTS and CTS frames are usually also transmitted at the lowest mandatory data rate.

All 802.11b data rates were enabled on this clients’ WLAN, which includes the 1 Mbps data rate. This accounts for some of the 1 Mbps frames seen but it was not the largest contributing factor.

Excessive co-channel interference (CCI) caused by a high density of APs within the WLAN
The higher the density of APs within the WLAN, the more beacons, probes and control frames (RTS and CTS) will be transmitted within the environment. As detailed above, these frames are typically transmitted at the lowest mandatory data rate.

The AP density of this clients’ WLAN was low and although CCI at 2.4 GHz is usually present to some degree in most WLANs, it wasn't a major contributing factor in this case due to the low AP density.
     
Number of SSIDs broadcast by the WLAN
The more SSIDs supported by the WLAN, the more management frames will be transmitted (beacons, probes, etc) to support these additional SSIDs. A maximum of four to six SSIDs per WLAN is typically recommended. 1 Mbps data rate support exacerbates this problem significantly. Hiding the SSID does not help.

This was not a contributing factor as the client is currently only supporting a single SSID.

Rogue APs within the businesses premises
SOHO APs are often brought in by employees or purchased by departments within the organisation without the knowledge of the IT department. Employee's using smart-phone tethering is becoming increasingly common also. Essentially this turns the smart-phone into a Wi-Fi hot-spot. These APs almost always support the 1 Mbps data rate.

This was a small contributing factor in the case of this client.

Rogue APs outside the businesses premises 
Essentially a neighbouring businesses’ poorly designed or maintained WLAN can affect your WLAN. In this context, the definition of poorly designed or maintained is support for 802.11b / 1 Mbps data rates. Very few WLANs in late 2011 should support 802.11b and 1 Mbps data rates but unfortunately many still do. Within a WLAN context, these businesses are often referred to as bad neighbours.

This was the major cause of high channel utilisation in the case of this client.Further details of this can be found in part two detailed at the end of this post.
   
Solutions
There are a number of changes that can be made to help mitigate the low data rate problem.

1 Mbps frames allowed on the WLAN
Where possible, disabled 802.11b entirely which will drop support for 1 Mbps, 2 Mbps, 5.5 Mbps and 11 Mbps data rates. However there may be cases where you have to continue supporting 802.11b. I can see two such scenarios.
  1. You have a significant 802.11b-only client-base. For example, if 10 of your 1000 laptops are 802.11b-only, drop support and if they really require WLAN access, provide them with a PCMCIA or USB 802.11a/g/n WLAN client. If however, 300 of your 1000 laptops are 802.11b-only, you will likely need to maintain support. This is particularly uncommon as of late 2011 or late 2008 for that matter!
  2. You have some very expensive 802.11b clients. For example, you have 10 pieces of 802.11b-only medical equipment but each piece of kit costs six-to-seven figures.
If 802.11b cannot be disabled entirely, consider disabling 1 Mbps, 2 Mbps and 5.5 Mbps data rates so that you are left with only 11 Mbps in addition to your 802.11g data rates.
  
Excessive co-channel interference (CCI) caused by a high density of APs within the WLAN
One option is to re-survey and reposition your APs to lower the density although this is unlikely to be feasible in most cases. A better option is to consider disabling the 2.4 GHz radio on dual-band APs or entirely removing single-band APs.

Number of SSIDs broadcast by the WLAN
Consolidate your SSIDs to ensure a maximum of four to six. Dynamic VLAN allocation can help with this.

Rogue APs within the businesses premises
Locate and either remove or disable rogue APs. I have previously posted about how to narrow down which Rogue's are within the businesses premises, when running Cisco kit.

Rogue APs outside the businesses premises
It is typically stated that you have little control over bad neighbours however this discounts the usefulness of social engineering. If the neighbouring businesses WLAN is compliant with the Australian Radiocommunications (Low Interference Potential Devices) Class License 2000 or your countries equivalent then your best option is a little social engineering. You may have some luck approaching either the relevant technical contact responsible for the WLAN or otherwise you might need to speak with the big cheese. Explaining that 802.11b support is hurting not only your but also their WLAN is recommended. They may have a legitimate use for 1 Mbps data rates but this is rare as of late 2011. This approach is useful when you only have one or two bad neighbours. My client however has a large building in the middle of the Perth CBD. The layer 2 analysis revealed a large number of 802.11b-supporting bad neighbours and approaching all of them is unlikely to be feasible. The worst of these bad neighbours is actually a well-known municipal Wi-Fi implementation in the Perth CDB which will be detailed in part two.
 
EOF... almost
There are many causes of high channel utilisation and most have relatively easy solutions. The one over which you have minimal control is that of rogue APs outside the businesses premises. One particular bad neighbour is having a severe impact on my clients WLAN and this will be detailed in the gripping conclusion to this two part series!

4 comments:

  1. Good read.
    Looking forward to Part 2? =)

    ReplyDelete
  2. +1 for Jason's comment. Looking forward to reading what happens in Part II!

    ReplyDelete
  3. Thanks for the comment.

    Ahh the pressure... trying to get on top of things :)

    ReplyDelete