Since the last major overhaul (see: T452), newer WiFi standards have been established and hardware is becoming available to the open market.
This feature request shall concentrate on implementing WiFi Access Points on the 6GHz band. To ease development, the focus should be on implementing WiFi-6e (IEEE 802.11ax for 6GHz).
Reasoning:
- Implementing WiFi-6e (IEEE 802.11ax for 6GHz only) would be less complicated than adding yet another set of flags (HE) to the current set of WiFi configurations covering HT and VHT. In hostapd, WiFi-6e is done differently and requires a different set of settings.
- The 6GHz band offers a vast improvement on bandwidth in many countries where the 5GHz bands are severely regulated (such as in Europe). While on 6GHz one may easily achieve throughput of more than 1GBit/sec, this is almost not possible on 5GHz, making development effort for 5GHz questionable.
- Later implementations for WiFi-7 (IEEE 802.11be) would be similar to WiFi-6e. WiFi-7 would also use 6GHz, but is not limited to that band by standard IEEE 802.11be.
Suggested testbeds:
I have done some prior research on what hardware might be available to implement this. These were my results so far:
- Atheros ath11k devices might be available on some places - however, I could not find a source in Europe for a decent device.
- MEDIATEK Filogic 330 (mt7922e) and Filogic 630 (mt7916e) are available and support WiFi-6e AP mode on 6GHz. Sources below. I was able to set up a 6GHz AP based on Debian Trixie (Kernel 6.7) and connect to that AP, however, the connection was instable at first and only held for a minute or so. This time was enough to run iperf3 which yielded throughput of more than 100 MBytes/sec on that prototype. I used both, a mt7916e and mt7922e module as AP on a PC-Engines APU3. Instability issues have since been eradicated and the WiFi-6e AP is now as stable as WiFi-5 in VyOS 1.5.
Sources:
Hardware may be fetched from the sources below.
- MEDIATEK Filogoc 630:
- NGFF M.2 3052 module: https://asiarf.com/product/wi-fi-6e-m-2-ae-key-module-mt7916-aw7916-aed/
- mPCIe 3052 module: https://asiarf.com/product/wi-fi-6e-mini-pcie-module-mt7916-aw7916-npd/
- MEDIATEK Filogic 330:
- NGFF M.2 2230 MEDIATEK MT7922 aka. AMD RZ616 devices are available as builtin OEM modules or from Ebay and Amazon marketplaces.
- PC-Engines APU2 or APU3 boards:
TODOs:
[x] Acquire a suitable NIC and make a testbed
[x] Find a stable hostapd.conf for WiFi-6e
[x] Implement new settings to vyos-1x
[x] Test thoroughly and bugfixes
[x] Issue PR against upstream vyos-1x (https://github.com/vyos/vyos-1x/pull/3524)
[x] Issue PR againsst upstream vyos-documentation (https://github.com/vyos/vyos-documentation/pull/1471)
where:
[ ]: TODO; [o] in-the-works; [x] complete
Configurations:
While I'll be working on this topic I will subsequently add results to this post. The config below provides a stable AP. Throughput remains acceptable even behind one wall and is on par with 5GHz WiFi-5 through two walls (no steel reinforcement).
Rough throughput measurements for 6GHz at 160MHz bandwidth:
no walls | 100 - 150 MByte/s |
one wall | 60 - 100 MByte/s |
two walls | 30 - 60 MByte/s |
My /etc/hostapd/hostapd-wifi6e.conf - start AP using hostapd -t -d -P /var/run/wlan0.pid /etc/hostapd/hostapd-wifi6e.conf
################################################################### # HostAPd configuration for WiFi-6e for a MEDIATEK mt7916 NIC # # # # Requirements for WiFi-6e (ieee80211ax) on 6GHz: # # - WPA3 for authentication # # - SAE key management required for WPA3 # # - Management Frame Protection required for WPA3 # # - Radar awareness required for some RegDomains on 5GHz and 6GHz # # - WME/WMM required # ################################################################### # # Posix Socket - (i.e. for hostapd_cli) ctrl_interface=/var/run/hostapd # driver interface driver=nl80211 # NIC to be configured interface=<wlan0..n> device_name=802.11ax 6GHz # This WiFi NIC is a bridge slave... bridge=<br0..n> wds_sta=1 # Logging logger_stdout=-1 logger_stdout_level=0 logger_syslog=-1 logger_syslog_level=0 # Registry Domain configured by Country Code country_code=<2-LETTER-COUNTRY-CODE> ieee80211d=1 # Fulfill requirements for AP operation on 6GHz -- This is an INDOOR ONLY AP he_6ghz_reg_pwr_type=0 # Expect this AP not to change its position and antenna alignment stationary_ap=1 he_6ghz_rx_ant_pat=1 # Activate beamforming capabilities he_mu_beamformer=1 he_su_beamformee=1 he_su_beamformer=1 # Limit number of concurrent "clients" (stations) and do not restrict them by MAC address max_num_sta=16 macaddr_acl=0 # Frequency band and channel selection for 6GHz WiFi-6e using 160MHz bandwidth hw_mode=a op_class=134 channel=1 he_oper_centr_freq_seg0_idx=15 # Configure for WiFi-6e protocol (AX mode) and set a BSS color ieee80211ax=1 he_bss_color=<1..63> # Enable Radar detection and DFS support if available ieee80211h=1 enable_background_radar=1 # Enforce Management Frame Protection (MFP) as required for WPA3 ieee80211w=2 beacon_prot=1 # Configure Ciphers, Re-Keying Intervals and Authentication Protocols for WPA3 wpa=2 wpa_key_mgmt=SAE auth_algs=1 rsn_pairwise=CCMP CCMP-256 GCMP GCMP-256 group_mgmt_cipher=AES-128-CMAC extended_key_id=1 wpa_gmk_rekey=86400 wpa_group_rekey=86400 wpa_group_update_count=4 # Configure SSID and Passphrase ssid=<SSID> sae_password=<PASSPHRASE> # # Wireless Multimedia Extensions (WME) and Wi-Fi Multimedia (WMM) wme_enabled=1 wmm_enabled=1 # # Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): # These parameters are used by the access point when transmitting frames to the clients. # Low priority / AC_BK = background tx_queue_data3_aifs=7 tx_queue_data3_cwmin=15 tx_queue_data3_cwmax=1023 tx_queue_data3_burst=0 # Normal priority / AC_BE = best effort tx_queue_data2_aifs=3 tx_queue_data2_cwmin=15 tx_queue_data2_cwmax=63 tx_queue_data2_burst=0 # High priority / AC_VI = video tx_queue_data1_aifs=1 tx_queue_data1_cwmin=7 tx_queue_data1_cwmax=15 tx_queue_data1_burst=3.0 # Highest priority / AC_VO = voice tx_queue_data0_aifs=1 tx_queue_data0_cwmin=3 tx_queue_data0_cwmax=7 tx_queue_data0_burst=1.5 # Quality of Service (QoS) parameters # Low priority / AC_BK = background wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 wmm_ac_bk_aifs=7 wmm_ac_bk_txop_limit=0 wmm_ac_bk_acm=0 # Normal priority / AC_BE = best effort wmm_ac_be_aifs=3 wmm_ac_be_cwmin=4 wmm_ac_be_cwmax=10 wmm_ac_be_txop_limit=0 wmm_ac_be_acm=0 # High priority / AC_VI = video wmm_ac_vi_aifs=2 wmm_ac_vi_cwmin=3 wmm_ac_vi_cwmax=4 wmm_ac_vi_txop_limit=94 wmm_ac_vi_acm=0 # Highest priority / AC_VO = voice wmm_ac_vo_aifs=2 wmm_ac_vo_cwmin=2 wmm_ac_vo_cwmax=3 wmm_ac_vo_txop_limit=47 wmm_ac_vo_acm=0
I sometimes directly use wpa_supplicant to connect from STA (a laptop) as NetworkManager sometimes fails to detect and connect to the AP.
Here is my wpa_supplicant.conf. Connect using sudo wpa_supplicant -d -i <your-wifi-iface> -c /etc/wpa_supplicant/wpa_supplicant.conf. You can observe the process with wpa_cli status.
ctrl_interface=/run/wpa_supplicant update_config=1 #ap_scan=0 country=<COUNTRY-CODE> network={ scan_freq=5955 5975 5995 6015 6035 6055 6075 6095 6115 6135 6155 6175 6195 6215 6235 6255 6275 6295 6315 6335 6355 6375 6395 6415 ssid="<SSID-IDENTIFIER>" key_mgmt=SAE auth_alg=OPEN ieee80211w=2 sae_password="<PASSPHRASE>" }
Proposed VyOS configuration:
Here is what a proposed VyOS config for 802.11ax at 6GHz would look like.
Note: Regulatory Domain configuration has been moved back to system wireless. Details are in T6318.
vyos@vyos# show system wireless country-code de [edit] vyos@vyos# show interfaces wireless wlan1 capabilities { he { antenna-pattern-fixed beamform { multi-user-beamformer single-user-beamformee single-user-beamformer } bss-color 13 center-channel-freq { freq-1 15 } channel-set-width 134 } } channel 1 description "802.11ax 6GHz" enable-bf-protection hw-id <your-MAC> ip { enable-proxy-arp } max-stations 16 mgmt-frame-protection required mode ax physical-device phy1 security { wpa { cipher CCMP cipher CCMP-256 cipher GCMP cipher GCMP-256 mode wpa3 passphrase <your-strong-passphrase> } } ssid <your-ssid> stationary-ap type access-point [edit] vyos@vyos#
Quirks and Workarounds:
6GHz band is completely disabled in iw list. This may be the case if you try to use a MEDIATEK card on Linux 6.6.30 or 6.7.x or newer. There seems to be a lot going on in the Kernel's WiFi section right now. A new feature called "CLC (Country Location Control)" which must be disabled in the mt7921_common module to use the 6GHz band. Make a file /etc/modprobe.d/mt7921.conf containing options mt7921_common disable_clc=1. Source: https://community.frame.work/t/responded-amd-rz616-wifi-card-doesnt-work-with-6ghz-on-kernel-6-7/43226
Wireless Regulation Domain would not apply correctly. There seem to be issues with the current wireless-regdb packages delivered with VyOS. As of now, 5GHz channels would not allow access point operation (iw list showing no-ir on all channels) and 6GHz channels would be completely disabled. Also, switching country codes (iw reg set DE) would not have any effect. For now, I have this workaround:
- Download and install wireless-regdb from the Ubuntu Packages page, and
- (not needed anymore with newest 1.5-rolling) manually configure your regulatory domain as option for the cfg80211 module by editing /etc/modprobe.d/cfg80211.conf and adding this line: options cfg80211 ieee80211_regdom=DE
Throughput jitters on MT7922 cards. You might try to disable power management for that card by adding the line options mt7921e disable_aspm=Y to the file /etc/modprobe.d/mt7921.conf. This setting flattened out the valleys in my throughput graphs.
The NIC from AsiaRF would not fit into the standard APU2/3 case. The NIC comes with a heatsink of 10mm height. You must add this to your NIC, otherwise it will overheat quickly, especially when transmitting. Before mounting the heatsink to the NIC, take a piece of sandpaper and remove 1mm off the heatsink pins to allow a snug fit. There should be no pressure applied on the NIC when closing the lid, with the heatsink pins almost or just barely touching the lid. Be sure to have some 0.5mm thermal pad at hand. I used a 40mm x 40mm x 0.5mm piece of thermal pad and applied it between the NIC's shortened heatsink pins and the APU's enclosure cover, which then serves as a heat spreader. This keeps the NIC nice and cool.
Stock heatsink before modification:
PC Engines APU3 with integrated mt7916 mPCIe 3052 module by AsiaRF:
Hint: I have drilled extra holes into the lid for antenna cables.