Making WiFi Great

Daniel J Blueman, [email protected], https://quora.org/pres/great-wifi

what’s the problem?

  • low throughput "slow WiFi"
  • intermittent connectivity
  • poor coverage/range

where?

  • your home
  • hotels/cafes
  • airports
  • hotspots
  • exception: countryside

common causes (descending)

  1. spectral congestion

  2. poor siting

    • distance
    • occlusion

  3. untuned 802.11 parameters

    • legacy compatibility

  4. untuned/buggy software and firmware

    • security & support
  5. background traffic

consumer vs enterprise

  • router, AP, controller separation
  • Power over Ethernet injection

  • software and firmware

    • AP management: APs

  • validation, tuning under load & complex use cases
  • cost

  • conclusion: need optimal value

    • Mikrotik/Ubiquiti?

siting

  • Free Space Path Loss is 20⋅log10(4π⋅df)/c

    • where d is distance in m, f is frequency in Hz, c is the speed of light in m/s
    • eg for 5.8GHz @ 1m → 48dB, 10m → 62dB, 14dB or 1/??th the power

  • account for occlusion, eg 10cm wall, 1m transmission: Apartment
  • first order approximation: center of coverage area
  • separate AP from router if needed, use PoE, multiple APs

signal to noise ratio (SNR)

  • noise floor

    • cafe vs library scenario

  • signal strength (regulated)

    • most phones and laptops are 30mW
    • Raspberry Pi 3 is an exception @ 138mW
    • most routers 100mW SNR

SNR → encoding

  • dependent on channel width, SNR and standard MCS-SNR

encoding → phy rate

MCS tip: small area → wide channel, large area → narrow channel

band frequency

  • attenuation proportional to frequency

    • therefore 5GHz quieter than 2.4GHz → higher SNR

  • tip: choose minimum channel width for application

    • IoT/phones → 20Mhz, video streaming → 40/80MHz

  • WiFi network scanning a poor approximation
  • want to visualise RF energy (interference)
  • also guides channel width

channel selection

  • tip: define cells with 1/6/13 (11) @ 20MHz, 36/44/52 @ 40MHz etc
  • multiple APs: define cells with non-overlapping channels
  • auto-selection almost always fails, manually set screenshot

  • compute minimum signal strength for 15% cell overlap, add rejection rule eg -67dBm

    • prevents client sticking to suboptimal AP
    • consumer routers don’t support this

antennas

  • dual-band antennas → bigger but lower VSWR (efficiency)
  • loading coil used to decouple elements dual band antenna
  • resonant frequencies seen on an S-parameter graph: s params

antennas 2

  • bigger → looks cooler, higher gain
  • spacing multiple > half-wavelength for spatial diversity

  • decent APs use fixed polarisation diversity

    • very helpful as small clients are single-chain
    • you can too: axes

enterprise antennas

  • enterprise APs antennas are almost always onboard: ubiquiti unifi ap pro
  • note orthogonal antenna arrangement

hidden node problem

  • X can’t hear Z (and vice-versa) hidden
  • transmit collision probability
  • enable Request To Send, Clear To Send protocol

  • latency cost

    • perhaps enable for frames larger than 200B

background traffic

  • eg ARP, STP, SMB, SSDP broadcasting

    • DHCP server can insert static ARP entry
    • can increase ARP timeout on bridge, disable STP

  • client-to-client isolation "forwarding"
  • client to rest of network isolation via encapsulation and bridge port horizon: Bridge

  • problem: exceptions needed (eg printer)

    • per-MAC forwarding (too granular)
    • proxy-ARP to route local traffic through router’s ACLs
    • consumer routers don’t support either

what do I use?

  • Mikrotik hAP ac2

  • quad-core ARM OTT

    • routes 512B packets @ 2Gb/s!

  • 500mW 2.4GHz 2x2, 400mW 5GHz 2x2 (regulated)
  • HTTPS UI, superb SSH interface, SNMP among others
  • USB for transparent HTTP proxy-cache, LTE backup or NAS
  • PoE injection or DC input (12-30V)
  • lifetime RouterOS updates every ~3 months
  • responsive support
  • ~SGD104 @ Alagas Network (Singapore Mikrotik distributor) hap ac2

configuration

# uplink
/interface list member set 1 interface=lte1
/ip dhcp-client set 0 interface=lte1

# local network
/ip dhcp-server set 0 add-arp=yes authoritative=yes lease-time=1h
/ip dhcp-server option add code=35 name=arp-cache-timeout value="'1800'"
/ip dhcp-server network set 0 dns-server=192.168.88.1 ntp-server=192.168.88.1 dhcp-option=arp-cache-timeout

# wireless
/interface wireless
add master-interface=wlan2 ssid="FOSSASIA Speakers by GlideX 5G" disabled=no
set [find] ssid="FOSSASIA Speakers by GlideX" default-forwarding=no compression=yes wps-mode=disabled wmm-support=enabled adaptive-noise-immunity=ap-and-client-mode hw-protection-mode=rts-cts country=singapore tx-power-mode=all-rates-fixed
set 0 channel-width=20mhz band=2ghz-onlyn tx-power=13
set 1 channel-width=20/40mhz-XX band=5ghz-a/n/ac tx-power=25
/interface wireless security-profiles set 0 authentication-types=wpa2-psk group-key-update=1h wpa2-pre-shared-key="fossasia.sg" mode=dynamic-keys
/interface wireless access-list
add authentication=no signal-range=-120..-71 interface=wlan1
add authentication=no signal-range=-120..-77 interface=wlan2

# services
/certificate
add common-name=Mikrotik name=https
sign https
# paste limit
/ip service
set www-ssl certificate=https disabled=no
set telnet,ftp,www,api,winbox,api-ssl disabled=yes
/system ntp server set enabled=yes
/system ntp client set enabled=yes primary-ntp=128.199.134.40

# tuning
/interface bridge set 0 protocol-mode=none ageing-time=30m
/interface bridge port set [find] horizon=1

configuration 2

# securing
/user set 0 name=local password=hello
/ip settings set arp-timeout=30m rp-filter=strict
/ip ssh set strong-crypto=yes
* client-to-client isolation "_forwarding_"
* client to rest of network isolation via encapsulation and bridge port horizon:
image:images/bridge.svg[Bridge]
* problem: exceptions needed (eg printer)
** per-MAC forwarding (too granular)
** proxy-ARP to route local traffic through router's ACLs
/tool bandwidth-server set enabled=no
/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server ping set enabled=no
/system package
disable mpls,routing,ppp
update check
/system routerboard upgrade

# monitoring
/tool graphing
interface add interface=lte1
resource add
queue add
/system script add name="uplink-latency" source=":local minRtt; :local pin; :local pout; /tool flood-ping count=2 address=8.8.8.8 interval=3s do={:if (\$sent = 2) do={:set minRtt \$\"min-rtt\"; :set pout \$sent; :set pin \$received}}; :local ploss (100 - ((\$pin * 100) / \$pout)); :local logmsg (\"Ping to 8.8.8.8 \".[:tostr \$minRtt].\"ms \".[:tostr \$ploss].\"% loss\"); :log info \$logmsg"
/system scheduler add interval=1m name=uplink-latency on-event=uplink-latency

# reset logs
/system logging
set [find action=memory] action=disk
add topics=wireless,debug action=disk
/system logging action
set 1 disk-lines-per-file=1
set 1 disk-lines-per-file=10000 disk-file-count=20

# hotspot
/ip hotspot user profile set 0 keepalive-timeout=10m idle-timeout=30m session-timeout=60m shared-users=1000
/ip hotspot user add name=fossasia password=fossasia
/ip hotspot add interface=bridge idle-timeout=30m login-timeout=30m disabled=no

live spectral scanning

scan2

cheatsheet

  1. use decent hardware, OS and firmware
  2. select indoor/short ack timeout/range
  3. optimise siting or use multiple APs via ethernet (PoE)
  4. arrange antennas orthogonally
  5. conduct spectral scan
  6. use same SSD on both radios, add second "5G" 5GHz radio SSID

  7. select quietest non-overlapping channel

    • use narrower channels for simpler/larger scenarios eg hotel WiFi

  8. enable CTS-RTS with ~200B threshold for larger networks

    • or with many co-channel networks

  9. if multiple APs

    • plan channels
    • add rejection rule for roaming

wrapup

/