Showing posts with label EyePA. Show all posts
Showing posts with label EyePA. Show all posts

Friday, 16 August 2013

How Much Air-Time Do Beacons Actually Burn?

It’s a well known rule of thumb when designing WiFi networks that you need to try to keep the number of SSIDs broadcast by your wireless network  down to a ‘reasonable’ number. In this article, I take a look at how much of an issue SSIDs (and their beacons) are in consuming valuable wireless air-time.

Generally, it’s recommended to keep the number of SSIDs below around 5 (ish).

The reason for keeping the number of SSIDs to a minimum is that each SSID is advertised using a type of management frame called a ‘beacon’.  Beacons are generally sent 10 times per second for each SSID on the wireless network. Therefore, if you have 10 SSIDs, they will each be advertised 10 times per second, giving us 100 beacons per second.

Air-time is a finite resource – there is only so much data that can be transferred across the air over a period of one second. If a large chunk of air-time is being consumed by SSID beacons, then that doesn’t leave a whole lot of time remaining for actual user data to travel over the air (which is the whole point of having a wireless network!).

I have previously heard statements from various wireless engineers along the lines of up to 50% of available air-time being consumed by beacons once you have 6 or 7 SSIDs being broadcast by a network. I’ve taken this information on face-value and never really thought too much about it.

However, this evening I found myself in a hotel room with some time on my hands, a Cisco WLC, a Cisco AP and a copy of Metageek Eye PA. I thought it was time to test the ‘conventional wisdom’.

My approach was simple: I would set up my AP on channel 11 (2.4GHz) and capture all frames using Eye PA. I would vary the number of SSIDs being broadcast and monitor the results.

I would also vary the lowest mandatory speed supported by the 2.4GHz network between 1Mbps, 11Mbps and 54Mbps. Beacons are sent at the lowest mandatory speed that is configured for a wireless network. Therefore, if 1Mbps is the lowest mandatory speed, beacons are sent at 1Mbps (and hence are a lot slower and consume more air-time)

To determine how much actual air-time is being consumed by beacons, I would use Eye PA’s filtering capabilities to remove all frames except beacon frames, and remove any other local interfering SSID traffic (i.e. the pesky hotel WiFi on the same channel!). This would leave me with just the beacon frames from my AP:

Eye PA Filtering Beacon Frame

Eye PA allows you to select a period of one second of the filtered traffic that you have captured, and also shows the amount of air-time those frames consumed in that period:

I just then applied some simple maths to work out how much time the beacons frames consumed over a period of one second.
I then tabulated the results:

Number SSIDs Broadcast
Lowest Mandatory Speed
Beacons AirTime Over 1 Sec (mS)
Percentage AirTime Used by Beacons

The results show pretty much what I expected, but I was surprised by how little time the beacons consumed, particularly once the lowest mandatory speed is ramped up to 54Mbps. They certainly don’t support the information that had been imparted to me regarding 7 SSIDs consuming 50% of all air-time.

You can clearly see the effect of adding more SSIDs (and consequently more beacons). As more SSIDs are added, more air-time is devoted to beacon traffic. This is a bad thing, if it becomes a significant chunk of your air-time.

You can also clearly see the effect of increasing the lowest mandatory speed supported by the wireless network. Once you increase it to 54Mbps, even with 15 SSIDs, you are only consuming 2% of the available air-space.

I suspect that the conventional wisdom of keeping your SSID numbers down to below 5 is founded on the assumption that many wireless networks are going to be installed using default settings. Often, default settings will configure the lowest mandatory speed to one of the lower 802.11b speeds, which could then make significant numbers of SSIDs an issue.

For me there are several lessons to take away:

  • Verify what the defaults of a system are – what is the lowest mandatory speed configured on your system out of the box?
  • Increasing the lowest mandatory speed on a wireless network is going to increase the efficiency (and hence throughput) of your wireless network significantly – less time will be given over to beacon traffic
  • The ‘less than 5 SSIDs’ rule may be a good starting point, but on a well engineered network, it may not be as relevant as it used to do, especially in the presence of modern wireless clients which do not need to support the lower, legacy speeds of 802.11b/g.

A word of caution though before making any wholesale changes to your network. Make sure you do not have any older wireless clients that need to be able to connect to the network at the slower/legacy speeds. Clients need to be able to initially associate to a wireless network at the lowest mandatory speed supported by a wireless network. If you have older devices that are not in areas that have good coverage, they may not be able to associate at a higher speed and will not be able to join the wireless network in those areas. It is probably worth testing the effect of any changes you make carefully.

I’d welcome any feedback on my testing. If there are any flaws in my logic or testing or there are other considerations I may have missed, then please feel free to drop me a note or comment.

Sunday, 24 March 2013

Metageek Eye PA Review

I like pictures of stuff. Some people understand and learn more easily through hearing the spoken word, some through reading text and others prefer pictorial representations of ideas, concepts and information. For me, it's definitely pictures, which is why I love Metageek's Eye PA product. In this article, I take a look at the Eye PA wireless network analysis tool and talk about why I'm so enamored with this product.

If you're like me, one of the first things you do when visiting a new building, venue or customer site is to fire up your copy of Metageek's free (and incredibly useful) WiFi tool: inSSIDer. It's always interesting to see just how many SSIDs organisations are still trying to cram on to the 2.4GHz band or are perhaps creating themselves and their neighbors a whole heap of trouble by not using non-overlapping channels. Here's how things look for me, sat at home, as I write this article:


However, I now have an additional habit when visiting a new site. In addition to firing up my copy of inSSIDer, I'm now also just as likely to fire up my latest purchase: Eye PA (also from Metageek).

Eye PA is a fantastic piece of software that allows you to to visualize what is happening on your wireless network. You simply take a network capture of wireless packets that can be heard over the air and Eye PA will summarize what is going on in a very flexible, graphically-rich style. With a few clicks, you can filter exactly what you are interested in and get incredible insights in to what is going on over the air.

I don't want to sound like a marketing brochure, so I'll explain precisely what's involved in acquiring wireless data from the network and then taking a look at what's going on.(Disclaimer: I've got nothing to do with Metageek at all, I'm simply a very happy customer).

To capture frames for analysis, you can use other tools such as Ominpeek or Wireshark, if you're so inclined, but I chose to purchase an AirPcap Nx card when I bought Eye PA. This allows me to capture traffic directly with the Eye PA application.

Once I've plugged AirPcap Nx card in to my (Windows) laptop, I simply fire up Eye PA, select the band and channel I want to use and hit the 'Start' button:

Data Capture in Eye PA
When I've captured for a while, I simply hit the 'Stop' button and Eye PA immediately starts crunching its way through the data it's collected. After a few seconds, I get  a summary of everything that Eye PA has captured, immediately giving me masses of information about what's going on around me. Here's an initial screen shot of what I saw when running Eye PA for this article:

Initial Analysis in Eye PA
At first glance, you may be a little confused by the visual onslaught, but after taking a few seconds to look around the screen, you can immediately pick out some incredibly valuable information.

Looking along the top panel of the screen-dump above, you immediately get an indication of the levels of air-time that are being used on this channel. Looking in the middle-right panel, you can see the number of BSSIDs and clients using the channel. In the lower-right panel you can see the SSIDs that can be heard, together with the numbers of clients, bytes, air-time, data rates and retry rates for each SSID.

Without even having seen this tool before, you can immediately gather some incredibly useful information!

But, when you turn your attention to the 3 colorful circles in the bottom left of the screen, you will start to see why I really love this product. As soon as I explain what the various colors mean in the 'Treepies' (those colorful circles), you'll see the genius of how the traffic on this wireless channel has been represented.

Each of the treepies is divided in to 4 concentric circles. The inner circle represents each SSID, the second inner circles represents the clients on each SSID, the 3rd circle shows the WiFi frame type, and the fourth (outer) frame represents the sub-type of WiFi frame.

Looking at the coloration seen in the outer 2 rings, you will see:

  • Shades of purple representing WiFi management frames
  • Shades of orange representing WiFi control frames 
  • Shades of blue representing WiFi data frames
 The inner  two rows of rings, representing SSIDs and associated clients are generally colored green.

Looking at our original capture summary, I hovered over each of the 4 rings in turn to show the information that can be seen at each level:

SSID Level

Client Level
WiFi Frame-Type Level
WiFi Frame WiFi Sub-frame Type
The other key aspect to this representation is the 3 ways that the data is represented. Wireless traffic data is shown by air-time (the largest treepie), together with the number of packets and number of bytes in the two, smaller accompanying treepies.

Notice that as I hovered over each section of data in the air-time treepie, the corresponding data was highlighted in the 'packets' and 'bytes' treepies too. Even in this simple example, you can see that even though the data frames took a relatively tiny amount of air-time, they also represented the bulk of the number of bytes sent over the air. This perfectly demonstrates the point that higher-speed data frames are far more efficient compared to their slower-speed management and control frame counter-parts. Being able to visualize this data provides you with invaluable insights, and would perhaps prompt you to consider disabling slower AP data rates to try to increase the speeds of your non-data frames and increase overall air-time efficiency.

What we've looked at here barely scratches the surface of what you can do with the treepie data, but hopefully you will get a feel for the intuitive and powerful way that the data is presented. As you might expect, you can click in to any treepie segment to drill down in to that data and focus  further on an area of interest. Here is a treepie where I had clicked on the top-level treepie segment for my own laptop:

Drill-down in to Client Treepie
You can now see just the frame-types used by my laptop during the time I captured frames for this article.

The ways you slice & dice and filter this information are endless, allowing you can drill in to precisely the information that you need.

Another great feature  is that once you have drilled down in to your area of interest, you can then take a high-level look at the actual packets that are creating the treepie data. Here is a filtered selection of management frames for my home SSID:

Management Frames for my SSID
The real killer feature (for me) is that you can then directly send the filtered selection you are looking at in to Wireshark, for more detailed analysis:

Send Selection to Wireshark
This might not sound like a 'killer' feature, but I was recently reviewing a wireless network capture. Using Eye PA to filter the traffic in a variety of ways and then sending it directly to Wireshark saved me a huge amount of time. Building the individual Wireshark filters to look at the data would have taken me a LOT of time. With just a few clicks in Eye PA, I was good to go each time.

In addition to the analysis capabilities I've discussed, Eye PA has also recently had a new feature added that provides even more value by providing recommendations for fixing network issues or risks. Here is a screen dump I took of what Eye PA came up with for my network:

Eye PA Analysis Suggestions
This is a new feature which, I have to admit, I haven't played with too much yet, but it looks to be giving some great advice from what I've seen so far.


Well, hopefully, I've been able to do this great product some justice and have provided you with a flavor of what it might be able to do for you.

For me, there have been a great many 'light bulb' moments whilst using this application. The powerful way that it visually represents what is happening on the network has been an incredible learning experience around how WiFi works. If you are trying to learn more about WiFi, you will gain an awful lot just from running the eval of this product. I'd read plenty about WiFi theory prior to using Eye PA, but seeing  the types, quantities and effects of each type of frame in the graphical manner that Eye PA provides has made many of the pieces I had read about fall in to place. If you are studying for any of the CWNP exams (particularly CWAP), you need to take a look at Eye PA.

In addition to the great educational value that it has provided Eye PA has also become one of the WiFi tools I wouldn't be without it. My must-have list of WiFi tools now consists of: a wireless survey tool, spectrum analysis tool, inSSIDer, Eye PA and Wireshark.

The other aspect to owning a copy of Eye PA is the support that you will get from the guys at Metageek. In addition to the product itself being invaluable (in my opinion), the support I've received from the guys at Metageek has been first class. They're a great bunch of guys providing timely support, great educational material and listening to suggestions for product improvements.

So, I'd strongly recommend you go out and get yourself an evaluation copy of Eye PA and have as much fun as I've had using it :)