Transmit beamforming got introduced in 802.11n, which has two methods Implicit and Explicit beamforming.
In 802.11ac, Explicit beamforming got fine-tuned, and only Null data packet (NDP) Explicit Beamforming is supported
I will be discussing Explicit beamforming in this article.
The advantage of using Transmit beamforming is that the transmitter will focus the signal in the receiver's direction while sending data frames. As a result, transmit beamforming helps to have a better Signal to Noise Ratio (SNR), allowing better data rates and throughput.
For example, without Transmit Beamforming, SNR is 25 dBm between an Access point and User device. With Transmit Beamforming, SNR can go up to 30 dBm.
Below diagram to show after Transmit Beamforming Negotiation between an Access point and User device, how all the Antennas of Access point focus in the direction of the user device that helps to better SNR and data rates etc.
The beamformer is the transmitter, and beamformee is the receiver.
There are two flavors of Transmit beamforming Single User beamforming and Multi-User beamforming.
In Single User beamforming, Access Point or User Device can be a Beamformer.
In Multi-User Beamforming, only Access Point can be a Beamformer.
You should be able to see beamforming is supported or not by an Access point in a Beacon. For example, below is the screenshot of a Beacon showing Access Point can be Single User beamformer, Single User beamformee, and Multi-user beamformer.
For the user device, you can check in Probe request/Association Request/ Reassociation Request. Below is the screenshot of the Probe request of the Samsung Phone showing its Beamforming capabilities.
Let us see the different frames exchanged between beamformer and beamformee.
Total three frames exchanged between beamformer and beamformer.
Unfortunately, we cannot capture NDP using Protocol analyzers as it does not have any MAC. That is the reason I am showing in dotted line format below
Let us understand in layman's terms what happens during the above frame exchange. The above frame exchange process is known as channel sounding.
The beamformer begins the process by transmitting a VHT Null Data Packet Announcement frame, used to gain control of the channel and identify Beamformee and other clients ignore the frame.
We can filter the VHT NDP Announcement frame
(wlan.fc.type==0 && wlan.fc.subtype==5) OR (wlan.fc.type_subtype==21)
The beamformer sends NDP frame after VHT-NDP Announcement. NDP frame, which does not have any MAC ( Imagine like Preamble from the Beamformer), will be used by the beamformee to prepare the feedback matrix.
The Beamformee using the NDP frame calculates the Feedback Matrix and compresses the feedback matrix to be small and takes less airtime to transfer the frame.
Once the beamformer receives the Compressed Feedback Matrix (is Action with NO Ack frame) from the beamformee, it builds the Steering Matrix.
The beamformer uses Steering Matrix to focus the signal in the beamformee direction while sending the data frame.
In Multi-user beamforming, everything works as above, but we will have an extra frame known as Beamforming Report Poll, which polls for individual feedback matrix from beamformees.
Below is what the Beamforming Report Poll frame looks like, requesting a specific beamformee to send feedback Matrix.
Wireshark filter for Beamforming Report Poll
(wlan.fc.type==1 && wlan.fc.subtype==4) OR wlan.fc.type_subtype==20
There are a lot of Pros and cons of using Transmit Beamforming. From my Knowledge, the best use case will be for Wireless cameras and IoT systems using wireless (Not BLE).
Thanks for viewing the article, please leave a feedback comment (good or bad), so that I can improve.
The article cracks it, interested to know the sounding dialogue token.🌟
excellent article. kudos to the author