I have in my short WiFi life thought when an 802.11 station (WiFi) does carrier detect it would detect all parts of an ongoing frame transmission on the channel and defer its own transmission because of that. But it seems my understanding has been wrong.
The last week’s online discussions has open my eyes to another look at the protocol and the importance of detecting the 802.11 preamble.
In this article I will write about the uniqueness of the 802.11 preamble, how important it is to detect it and how long it travels
Background
The 5GHz OFDM frame format looks like this:
The OFDM frame format consists mainly of two parts, the preamble and, the data field. The preamble is also called the Physical header and it is prepended to the data field, which carries the frame body.
The preamble is further divided into smaller parts. The first part is the legacy preamble consisting of the Legacy Short Training fields (L-STF), the Legacy Long Training fields (L-LTF), and the Legacy Signal field (L-SIG).
If the data field is sent with MCS data rates, it is either an HT, VHT, or HE frame, and those frame formats have their own preamble right after the legacy preamble. But before the data field.
Non-HT (OFDM) or ERP-OFDM (802.11a/802.11g) frame formats consist only of the legacy preamble and the data field.
Legacy preamble
The three part of the legacy preamble is and does this:
L-STF
The Legacy Short Training field consists of a very specific and unique waveform which are very easy to detect for an 802.11 receiver. The receiver uses this waveform, when it detects it, for :
– Start of packet detection
– Automatic gain control (AGC)
– Initial frequency offset estimation
– Initial time synchronization
L-LTF
The Legacy Long Training field is also a very specific and unique waveform, but it is different from the L-STF. The receiver uses this waveform after it has detected the L-STF, for:
– Channel estimation
– More accurate frequency offset estimation and time synchronization
L-SIG
The L-SIG field is a symbol where each of the 48 data subcarriers is BPSK modulated. All stations on the channel read the Rate and Length information subfields and use this for different purposes. All of the receivers use this information to calculate the duration of time for this full-frame.
HT/VHT/HE preamble and Data field
Next after the legacy preamble, it is either the HT/VHT/HE preamble, if the frame is those frame types and the data field. Or only the data field (non-HT/ERP-OFDM).
Note: both managements-, control-, and data frames has the data field
A common feature for both HT/VHT/HE preamble and the data field is that this is information to the receiver by using bit values (0 or 1) and the data subcarriers are modulated according to which combination of bit values it transfers and the modulation scheme. The modulation scheme is either BPSK, QPSK, or QAM-modulation.
The HT/VHT/HE preamble have some short and long training field but those do not have an impact for this article.
So, if we look at the frame format from the view of waveform and modulation, it looks like this:
The “hunt” for the preamble
What all 802.11 stations on the channel does, when it’s not either receiving, transmitting, or sleep, is a search (hunt) for the unique waveform in the L-STF.
Since 802.11 is not a coordinated medium and the signal are received from all kind of directions, amplitudes and phases, the only signal which can be detected and be able to tune in the 802.11 stations is the waveform from L-STF, and later the L-LTF
Another special feature with the L-STF is that only 12 of the subcarriers carry this specific waveform. Those subcarriers are -24, -20, -16, -8, -4, 4, 8, 12, 20, and 24.
The receiver can be up till two subcarriers out of phase (+/- 625kHz), but since it knows which subcarriers this waveform is on it can synchronize itself to the received signal. The L-LTF is doing the rest of the frequency synchronization (+/- 156,25kHz).
When the receivers are synchronized to the received frame they start decoding the L-SIG and interpret especially the Length and Rate subfield.
Further on, all the receivers will demodulate each subcarrier in each symbol according to the used modulation scheme and the information it receives and interprets during the rest of the reception. Sometimes they will do this for the full-frame and sometimes the reception will fail earlier. But every receiver on the channel, who have received and decoded the legacy preamble knows the duration for the frame, based on the L-SIG Length and Rate subfields.
In each symbol, there are a number of pilot subcarriers, with predefined waveform to help the receiver to be synchronized during the full frame reception
CCA/CD
A part of the contention process is to do a physical carrier detection on the channel, the CCA/CD.
When a receiver detects an L-STF with an RSSI of -82dBm, or better, on a 20MHz channel it will set a vector called PHY-CCA.indication(BUSY) (IEEE 802.11-2016 standard, paragraph 17.3.12). This vector will be in this state for the duration calculated from the Rate and Length information in the L-SIG field, for all station receiving this legacy preamble
CCA/CD, CCA/CS, CCA/PD
This RSSI value of -82dBm on a 20MHz channel is named with a different name, but they mean the same. Even the 802.11 standard is not consistent. Those are:
– CD = carrier detect
– CS = carrier sense
– PD = preamble detect
I have used CD (carrier detect) throughout this article
The main clue
The main clue, and what I have misunderstood till now, is that CCA/CD only has an effect on the preamble.
Me, with some HF and VHF background, has assumed that this parameter was used throughout the full reception of the frame. And whenever the receiver was sensing the channel, if it detects an 802.11 signal with an RSSI above -82dBm, it will assume the medium is busy.
It was that way I had interpreted the names “carrier detect” or “carrier sense”.
The reality is that if a station does not detect the preamble, but does a physical carrier check during an ongoing 802.11 transmission on the channel it will not understand that the energy it detects is an 802.11 modulated signal because it out of synchronization with the signal. Even if the signal has a decent RSSI level.
This is my new knowledge
It is only during the reception of the waveform from L-STF, and later L-LTF, with an RSSI above -82dBm the station will understand it is an 802.11 transmission on the medium and will act according to the standards.
And the station will read the Length and Rate subfield in the L-SIG and defer transmission for the calculated duration
If an 802.11 station does not detect this preamble but does a physical carrier check and there is an ongoing 802.11 transmission, it will NOT understand it and assume the medium is free.
When could this happen?
A good question now is when will it happen that a station does a CCA/CD and not sense/receive the preamble.
It could happen when a station visits the channel during its active scanning process and it wants to send a probe request. If there is an ongoing transmission on the channel and this station’s contention process is shorter than the ongoing frame, a collision can occur.
CCA/ED
There is a parameter called CCA/ED (Energy Detect) where the station measures the energy on the channel and defer transmission if CCA/ED is above a certain level. The CCA/ED on a primary channel is 20dB higher than CCA/CD, so according to the standard the CCA/ED is -62dBm.
Please, don’t compare this CCA/ED with the CCA/ED on secondary channels when using wider channels.
CCA/CD versus CCA/ED
According to the 802.11 standard CCA/CD is -82dBm and CCA/ED are -62dBm.
If we use the FSPL formula (free space path loss) and have a cell edge at -68dBm at 14m (45ft), the -62dBm edge for CCA/ED is at 7m (23ft).
If we use the same formula and setup, the CCA/CD at -82dBm will be at approx at 70m (230ft).
FSPL is based on a 6db degradation of RSSI for each doubling of distance.
It can be shown like this:
Figure 3 is from the AP’s perspective. The green area is our -68dBm cell, the yellow is the area for CCA/ED at -62dBm, and the darker grey is the area for CCA/CD detection at -82dBm, or better. So the area where CCA/ED does not have an effect, but where stations will receive and decode the preamble is very big. And a long way outside our preferred cell coverage.
We know most clients have better sensitivity than the standards demands. A station needs an SNR of 4dB to be able to detect and understand the preamble, and if it is capable to understand the preamble with an RSSI of -86dBm, the preamble could be understood out to almost 112m (367ft) away from the sending station (AP), the lighter gray area, in our scenario.
Collision domains and contention
It is possible to spin further on into the topic of the coverage of the preamble, but it is a discussion on contention and collision domain, and it is out-of-scope for this article.
Summarizing
In this article, I have written about:
— How important the 802.11 legacy preamble is
— How it’s content is used for synchronization of the receivers
— Detection of an 802.11 frame
— Use the information to defer transmission on the channel
— What happens if a station does CCA/CD without detecting the legacy preamble
— The area for CCA/CD and CCA/ED
Closing
I hope it has been useful and I really want feedback or comments
Gjermund Raaen 
Actually, -82dBm is not a correct value. Because this is not a constant.
Radio modules will always calibrate themselves. According to AGC and many other reasons.
Please see here for example.
https://elixir.bootlin.com/linux/v5.9.11/source/drivers/net/wireless/ath/ath9k/ar9002_phy.h#L555
So value always will match a range from -110 to -80 dBm, but it’s not right to say that it will be -82 dBm.
Also it WILL be different for 2GHz and 5GHz on the same radio module.
ED value also is not a constant. Many devices are configured for different values.
please see here fore example
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/brcm/brcmfmac43455-sdio.raspberrypi,3-model-b-plus.txt
ed_thresh5g=-54
These examples are just a tip of the “reality” iceberg.
LikeLike
Thank you for the feedback.
I referenced the 802.11-2016 standard and used the values from it. Maybe I should have been more clear on that.
And it was something I thought of during the writing. Another term often used is that the STA needs 4dB of SNR to decode/demodulate BPSK, and based on the noise floor the RSSI for 4dB SNR will vary.
And I don’t know whether an STA changes the CCA/ED parameter based on the used CCA/CD or a fixed CCA/CD
LikeLike
Totally makes sense! I too assumed that CD was used during the whole transmission, but without the preamble, the receiver would just see the data as “noise” and not know that it’s a part of an 802.11 frame. Sort of like TLS encrypted traffic – you don’t know that it’s TLS or some other unknown protocol if you don’t see the handshake at the beginning of the TCP session
LikeLike
Thanks once again for your detailed and well researched article. I will comment on the -82 dBm preamble detection threshold which is clearly mentioned in the standard. However, in practice, the sensitivity of the modern WLAN chipsets to detect preamble and detect L-SIG accurately can be much better. This implies that in practice they can backoff for a lower signal as well and it is upto implementation. The other side is that there is no check whether STAs backoff when they hear a preamble above -82 dBm. Many units ignore signals higher than -82 dBm (for proprietary spatial reuse till 802.11ax and after 11ax implement SR thresholds). Energy thresholds are also clearly mentioned in the standard as -62 dBm in the standards. However, in practice, there are no checks done on equipment and one could a wide variety of implementations..
LikeLike
Thanks for the valuable info. I have really enjoyed reading the article.
LikeLike