RF BarrierBy CWNP On 09/15/2008 - 20 Comments
As you may have already read in various online high-tech rags about Meru Networks' new offering: RF Barrier. If not, here's a good one by Lisa Phifer: http://www.wi-fiplanet.com/news/article.php/3761666
What's missing from these articles is the technical details, which are nothing short of COOL! For example, the RF Barrier APs listen on their "internal" antenna, read in the MAC header (analyzing the source and destination MAC addresses), and then make a decision on whether or not this traffic is part of the internal (authorized) network. If it is, then it immediately begins transmission on its directional, externally-facing antenna to "talk over" the frame. The AP typically transmits a data frame (that's essentially just saying, "hello") to corrupt the original transmission on the exterior side of the building. By transmitting at the same time as the original transmission, additional airtime is not used. That makes RF Barrier a very good neighbor.
In order to pull this off, the RF Barrier AP has to act quickly. It reads in the MAC addresses, makes a decision, and WHAM - starts transmitting on the exterior AP for the length of time designated in the PHY header. Meru's Senior Director of Technology, Joe Epstein, mentioned in Lisa's article that, "If RF Barrier is working properly, those outside Wi-Fi clients will not receive enough beaconed information to even list the WLAN as an available network." Of course that means that all beacons must be corrupted by RF Barrier. I asked Joe about this, and his answer was simple, "Beacons in properly implemented networks don't take up a considerable amount of time on the RF medium, and RF Barrier takes up only the same amount of time that is used by the beacons. We are only transmitting directly over the top of the beacons to corrupt them." Brilliant!
Since RF Barrier APs are not an active part of the WLAN infrastructure, placing them around the perimeter of your building doesn't affect how you survey and place APs. Joe said that testing has proven that when implemented properly, RF Barrier can hang a 3-foot thick "RF curtain" around a building in such a manner that when you walk through a door on a VoWiFi call, it will hang up immediately upon stepping outside the door. Now to me, that's simply amazing. I'm very much looking forward to seeing this solution in action.
From the articles, we can see that 802.11n beacons can be blocked, but 802.11n data transmissions cannot due to use of 802.11a/g APs in RF Barrier kits. I don't think that's such a big deal at this point because a client can't get or stay connected to a BSS without regularly and consistently receiving beacons from its AP.
To be honest, I can't imagine why anyone larger than a small office wouldn't want this kind of solution. When added to properly-implemented strong authentication/encryption and WIPS, this solution type may be one of the last legs of making Wi-Fi networks virtually impenetrable.