Fast roaming OpenWrt Wi-Fi Access points

Before we start let me do a test. I have my  phone here which measures my Wi-Fi speed and  another phone which I use as a camera in  the other hand. I start on the 2nd floor  where I have an access point. As you can see speed  is quite OK. It won’t go much higher because I  capped it. I’ll explain in a second. Let me start  moving towards the staircase to the 1st floor.  As I do that you can see that the speed goes  down while I walk down the stairs until it starts  moving back up because I picked up the signal  from the 2nd access point here on the first floor.  Let me keep moving down to the basement. It’s  all concrete here so Wi-Fi gets weakened a lot.  

But it doesn’t take long until I  get closer to the 3rd access point  here in the basement and speed picks up.  Walking back upstairs - same scenario.  How do I do that so seamlessly without  interruption of signal ? Is it a  Mesh ? Is it magic ? Stay tuned. So many people promote Wi-Fi mesh these days. And  if you observe this then you might start to think  that Wi-Fi mesh is what people want. 

But I think  what people really want is good Wi-Fi everywhere,  especially in their homes. They don’t really  care if it is called Mesh or anything else.  I won’t start to explain what a Mesh  is and which one to buy etc. - What  I really want to explain today is  how to get great Wi-Fi in your home  very much like I showed you in the beginning.  Step by step, so that you can reproduce it.  

First question – do I have Wi-Fi mesh at  home ? No I don’t. What I have is just a  bunch of Access points that are connected over  Ethernet. That means, they are hard wired.  Second question – How come I can change so quickly  and seamlessly from one Wi-Fi Access point to the  other without interruption? 

The technology  which I am using is called Fast roaming  or BSS Fast Transition or 802.11r. Third question  – Is that expensive and where can I buy it ? It’s  not expensive – it’s free. It’s an open standard  that you can implement with open source solutions.  I will show you how to do this with OpenWrt. Let  me first show you a high level overview of the  architecture. Guys, use the time and chapter  markers if you want to skip or fast forward,  OK ? You can see those sections on the  time line? Those are the chapters. 

 

They  are also in the description. Helps you to jump  straight to the part which you’re interested in. Let’s start with the Internet access.  I have a modem router access point  that has been provided to me by the ISP. As I am  doing many things with my routers such as VPN etc.  I did not want to touch that side of the  landscape. So I switched off Wi-Fi on that device.  I consider that my network starts  on the LAN side of the ISP’s router.  This is where my first and main router is. 

So  the main router’s WAN side is connected to the  LAN side of the ISP’s router. That effectively  creates a so called DMZ – a demilitarized zone  between my LAN and the Internet. My main  router is located on the 1st floor and  it serves as a real router with firewall and  everything and it is also a Wi-Fi access point.  

The whole in-house network and Wi-Fi  starts on the LAN side of that router.  I have a router that is configured as  Access point only on the second floor  and there is another router that is configured  as a so called dumb access point in the basement.  These three devices together cover the three  floors of the house with Wi-Fi signals.  Of course that DMZ part of the  architecture could be simplified.  It does however make things easier  if for example I want to test VPN  

access from the outside. I can simply do  this by hooking a device into the DMZ. From a W-Fi channel and frequency perspective  let’s focus on the 5 GHz bands here.  The red Wi-Fi is the one on the second floor,  the grey one is the one on the 1st floor and as  I walked downstairs you will soon see the blue one  appear – that is the access point in the basement.  

As I walk downstairs you will see that the 2nd  floor becomes weaker and the 1st floor stronger,  then the basement will appear and the 1st floor  becomes weaker. When I walk back it will be the  opposite of course. I told you in the beginning  that I have capped the Transmission rate. Actually  I did that for two reasons. First, my ISP  gives me a maximum download speed of 100 Mbits  so I saw no point in going higher than  300 Mbits from a Wi-Fi perspective.  

Second, as I am limiting the bandwidth  of the Wi-Fi channels to 40 MHz  I could nicely put all three spots in the lower 5  GHz bands. That gives me a couple of advantages.  First, I have found that the reach in the lower  channels is better in my house and second I  have made the experience that my iPhone is more  willing to roam if the different Wi-Fi channels  are closer to each other. So I used channels  36, 44 and 52 for overlap-free operations.  

You can see that all three have the same Wi-Fi  name and they also have the same password.  The BSSID, so the Wi-Fi MAC if you  want, is different on each of them. Now just so that you can put this into  perspective. The house I live in has a  surface of roughly 2,500 square feet – that’s 240  square meters in metric terms. 

That surface is  spread over three floors. Plus there’s the balcony  and the veranda and the garden. The house has been  built in the 1960s and is mainly made of concrete.  The outer walls here are roughly a foot thick.  I affectionately call it “The Bunker”. I will  not go into detail on how radio waves spread,  channels and bands etc. If you are interested,  watch my first video on this subject. Link is up here or in the description.  What I do need to explain quickly before  we get into implementation details  however is how Wi-Fi roaming works.

Let’s say I have an access point here that  provides a Wi-Fi signal and then there is  a second access point farther away. I now come  into the scene with my iPhone and want to pick  up a Wi-Fi signal. The first thing that my phone  needs to do is that it scans for available Wi-Fi  signals and choses the best candidate for  connection. 

Once it has found a suitable  candidate it then needs to start exchanging  keys and negotiating the encryption. After that  it can establish the connection and request  an IP address. This is usually done with DHCP  and also takes a bit of time. Fine, now  I am connected to the first access point.  If I start moving towards the second one then the  signal of the first one will still be available  but it becomes weaker and the signal of the second  Access point becomes stronger. At some point the  device needs to make a decision if it should roam  or not. 

It will roam if the old signal falls below  a threshold of around -70dBm AND if the new signal  is around 8-12 dB stronger than the old signal.  Once it has decided to roam it then needs to  go through these steps again and that of course  needs time. Keep in mind that the client and  only the client decides if and when to roam. So we’ve just learned that devices tend to stick  to a well-known Wi-Fi Access point and don’t fancy  roaming that much. But roaming is what we humans  do – we walk around the house and expect the Wi-Fi  to be great everywhere. Second thing we learned  is that if a device chooses to roam, then there  are a lot of things that happen and eat up time.  But we want things to happen instantly. 

We don’t  want our Face time call to be interrupted for two  or three seconds while we are talking or listening  to somebody. In essence we need to do two things.  First remove the obstacles for roaming and second  remove all mechanisms which are time consuming  before, during or after roaming. Here’s how to  do it. 

Let’s start with our first router and  see how we can configure it for fast Transition. Here you can see the OpenWrt web interface – Luci.  I am on the page for wireless configuration and  click on Edit next to the Wi-Fi which I want to  configure for fast transition. The first change  that I need to make is that I want to tick  that little box 802.11r Fast Transition. Once  I do that additional options show up but in the  home environment we only need very few of those.  

I will type in a value in the mobility domain –  even though strictly speaking I wouldn’t need it  as long as all Wifis have the same name – but  it won’t do harm. In my case I type in 123F. This value needs to be the same on al Access  points. The second value that I change is the  FT protocol. I do not want the transition to be  handled by the access point the device was on but  rather over the air – that’s much faster. Quickly  checking the other values – they are all OK so I  leave them unchanged. 

I have however read in an  article that the iPhone is more willing to roam  from 2.4GHz to 5GHz if I set the DTIM interval to  3 – I need to do some more research on this but  up to now this works fine for me so I set this to  3. Last but not least I double check that the box  WMM mode is checked – I have noticed tremendous  performance impacts if that box is not checked  even though it should in theory only impact  multimedia content but I had gotten very bad  speed figures when I left it unchecked. That’s  it – save and apply and we should be good.

Great, we now have our first access point  configured for Fast BSS Transition. Now we  need to make sure that all other Access points  which we add in can pick up that fast transition  and do not do time consuming tasks such as give  away a new IP address or stuff like that. The  solution is called “dumb access point” –  that means we will configure the second  OpenWrt router to be an access point rather than  having full router functionality. Here is how: Like always the first thing I do is Google for  OpenWrt and the subject of what I want to do.  

The first result on Google usually leads me to  the right article on the OpenWrt Project’s Website.  This is the Article that I have  been looking for and it outlines  exactly the steps which you need to do in order  to configure a router as Access point only.  Please note that these steps would actually work  as well on any router. Even if it is running  on different firmware. The first thing we need  to do is plug the LAN cable into the LAN port,  not the WAN port. 

Then we need to configure  the IP address of the router’s LAN side  to something in our network. Let’s do that. I  have an OpenWrt router here with factory defaults,  that means it is on the 192.168.1.1 address  and doesn’t have a password. I have not yet  connected the cable to my network but only  the cable from this router to my PC. So now  I click on network then interfaces and then Edit  next to the LAN adapter. My LAN is in the 139.x  range so I give that Interface any address out  of that range that is not taken by anyone else.  

Next I click on the DHCP Server tab and check  the Box Ignore this interface. This is because I  do not want this router to give out IP addresses.  Only my main router shall do that. Let’s save and  apply. Now we need to be quick. We have 30 seconds  before OpenWrt rolls the changes back if we don’t  connect to it. We need to connect to the new IP  address. In order to do this I have now connected  the router to my network so that my PC gets a new  IP address from the main router on the 1st floor.  

Great – the page opens – let me check the  parameters – all changes are OK. Checking back  on the OpenWrt website it says that we should now  type in the Gateway and DNS server. Here I have a  slightly different plan because I want this Access  point to receive an address from my main router  over DHCP so what I do rather than typing in DNS  and Gateway I just change the protocol to DHCP  client. Save and apply and now again I need to be  quick because the IP address my main router gives  away is actually different from the one which  I had specified by hand. But I know which one  it is – its 169 instead of 170. 

Connection goes  OK, quickly checking everything – looks OK. Cool,  checking back on the OpenWrt site it tells us  to disable the firewall and dismast. I’d say  this is not really necessary because we won’t  be using any other interface – but hey, let’s  go by the book. So clicking on System-Startup and  then disabling the firewall and dismast services  does the trick. In order to have this taken  into account we need to reboot the router now.  

Takes a while and it’s back. Great, so now  we can do the same settings like we did on  the other Wi-Fi – let me do it on a 2.4 GHz  Wi-Fi here – Same Wi-Fi name , check WMM,  same password, same  settings for fast transition  and then save and apply.  Let’s not forget to enable the Wi-Fi by clicking  on enable here. If the Wi-Fi still shows disabled  after this, give it some time. On some hardware  it takes up to a minute to activate the Wi-Fi.  

Here we go, all enabled and working.  Let me just enable the 5 GHz Wi-Fi as  well – takes a while and it comes up  enabled as well – cool, that’s it. Excellent – that’s all we need to do. We have  successfully created a Wi-Fi infrastructure  that uses fast roaming across multiple Access  points. If the 5 GHz signal gets too weak then  it falls back to 2.4GHz. Oh – and yes  – you might wonder how I ran the speed  test and why I ran it the way I did ? Usually  when people want to test their network speed  they use something like speedtest.net.  

What this does is that it opens a page on  a server in the internet and transfers data  between that server and the local device.  But that means that we are testing a mixture of  three things: The Wi-Fi Speed, the internet speed  and the availability or rather responsiveness  of the server providing the speed test.  That’s not a good test if we just want to  know how our Wi-Fi performs. Let me show  you how to do a better test right after this  CALL TO ACTION – I need you to get involved.  I would love to hear from you how the Wi-Fi is  performing at your place, what you want to do or  what you have tried in order to improve it and  if it was successful. Also I’d be interested in  learning if you are using a mesh solution and if  so, which one and if it meets your expectations.  

Please leave me a comment. Thanks a lot. Let’s  get back to our speed test. A better tool to do  this is called iperf. Iperf is a Linux utility  that you can for example install on a laptop  running debian or Ubuntu Linux. If you don’t  have Linux then just get a bootable USB stick  like this one with knoppix or Damn Small Linux  DSL or a Ubuntu Live Stick. This way you can  run Linux without installing it. Iperf might  be available for Windows and Marcos as well  but I haven’t checked. Leave me a comment if you  know more. Now let me show you how I did the test:

On Ubuntu the easiest way to install iperf3 is  to type sudo apt install iperf3. Please note  we want iperf3 and not just iperf. Now we can  start iperf in server mode by specifying the -s  argument and also teling it which port to run on  with the -p parameter. In my case it’s port 5201On the iphone I am using the iperf3 app from  Frederic Sagnes – going to the App Store and  searching for iperf should link you here.  

Now I need to tell the app where to find  the server – that’s the IP address of the PC  where I am running iperf3 in server mode on,  I can also specify a couple more parameters such  as the number of streams and the duration of the  test. When I click on Start in the upper right  corner the test launches. On the server side this  is what you should see. Just tells me a client  has connected and shows me the speed figures.

So this will purely test my local network  speed without mixing up results with internet  availability and things that are out of my  control. Still, once I am done with all this I  can of course check the performance of my internet  connection like I do here on my phone – and as you  can see I get the full speed of my provider  which is 100 Mbit down and 40 Mbits up.  That’s it guys – hope you enjoyed that episode  and hopefully it helps you to improve your  Wi-Fi at home. Let me know how it goes, join  me this Sunday for video chat on discord,  leave me a like and a comment,  don’t forget to subscribe  and also check the bell button. Thank you for  Watching. Stay safe, stay healthy, bye for now.