ZIGBEE WIRELESS TECHNOLOGY AND THE IEEE 802.15.4 RADIO ENABLING SIMPLE WIRELESS Jon T.

. Adams Freescale Semiconductor, Inc. jta@freescale.com ABSTRACT ZigBee wireless mesh technology makes wireless sensor and control network applications practical. Cost-effective, simple-touse, capable of very long product functionality from a pair of standard alkaline cells, it is meant for developers who want either to get rid of the tether that their product must use or provide a new level of functionality to their products with wireless communications. The ZigBee Specification [1] takes advantage of the IEEE STD 802.15.4 [2] wireless protocol as the basic communications method, and expands on this with a robust mesh network, applications profiles and device descriptions as well as interoperability and compliance testing. 1. INTRODUCTION ZigBee wireless mesh technology has been developed to address sensor and control applications with its promise of robust and reliable, self-configuring and self-healing networks that provide a simple, cost-effective and battery-efficient approach to adding wireless to any application, mobile, fixed or portable. A typical IEEE 802.15.4-based, ZigBee-compliant device is shown in Figure 1.

2. IEEE 802.15.4 STANDARD The IEEE standard brings with it the ability to uniquely identify every radio in a network as well as the method and format of communications between these radios, but does not specify beyond a peer-to-peer communications link a network topology, routing schemes or network growth and repair mechanisms.

Figure 2. ZigBee Device Construction The IEEE 802.15.4 standard, released in May 2003, was selected by the ZigBee Alliance as its wheels and chassis, upon which ZigBee networking and applications are constructed. This is not without its challenges, as the Alliance does not control the IEEE specification. However, many of the same people who sit in the IEEE 802.15 Working Group are deeply involved in the ZigBee standard; this relationship has meant that both the IEEE and the ZigBee specifications track one another fairly well. Figure 2 shows the relative organization of the IEEE radio with respect to the ZigBee functionality.

Figure 1. Typical IEEE 802.15.4/ZigBee Device (including antenna, RF data modem, applications processor, all necessary passives and 16MHz crystal, about 15x40mm) - Courtesy Freescale Semiconductor. The ZigBee Alliance released their specification to the public in June 2005, and since then the playing field has become much simpler for product designers who want to add wireless to their sensor or control application. An open and growing industry group of more than 180 companies from product/system OEMs to applications developers to semiconductor companies, the Alliance has worked hard to provide a technology that takes best advantage of the robust IEEE STD 802.15.4 short-range wireless protocol, adding flexible mesh networking, strong security tools, well-defined application profiles, and a complete interoperability, compliance and certification program to ensure that end products destined for residential, commercial and industrial spaces work well and network information smoothly.

1.1 RF Link The IEEE standard specifies the RF link parameters, including modulation type, coding, spreading, symbol/bit rate, and channelization. Currently, the standard identifies 27 channels spread across three different frequency bands. Frequency Band (MHz) 902-928 2400-2483.5 10 16 2000 5000 40 250 40 62.5 Americas (approx) 40 ppm Worldwide

# of Channels Bandwidth (kHz) Data Rate (kbps) Symbol Rate (ksps) Unlicensed Geographic Usage Frequency Stability

868.3 1 600 20 20 Europe

76

Texas Wireless Symposium 2005

Table 1. IEEE 802.15.4 Frequency Allocations and Basic PHY Parameters The IEEE specification was designed for very low duty cycle (nominally about 0.1% transmitter duty cycle or less), intermittently communicating devices in a large, dynamic network. While feasible, high duty-cycle applications like voice or low-rate video cannot benefit nearly as much from power consumption savings as much of the power consumption savings is due to the device being able to spend most of its time in a quiescent state. The standard is aligned to specific unlicensed bands available in different geographic regions. The single 868.3 MHz channel for use strictly in the European Union is limited to a 0.1% transmitter duty cycle by regulation. The 900 and 2400 MHz bands have no regulatory duty cycle restrictions. The nominal transmitter power output specified is 0.5mW (-3dBm), again to limit power consumption. However, it is allowed to increase the output power through external amplifiers to whatever the regional regulatory limits are. The nominal receiver sensitivity is specified by Packet Error Rate (PER). The specification requires 1% PER at -85dBm receive power level for the 2400 MHz band and -92dBm for the subGHz bands (as measured at the chips antenna terminals). This represents a receiver with a noise figure substantially worse than 20dB, though most radios in production are between 7 and 9 dB better than this. Thus, manufacture of the radio receiver using low-cost CMOS processes is very feasible. Also, receiver noise figure is a significant fraction of the overall receiver current, so while an extremely sensitive and high performance receiver is not impractical from an engineering point of view, it may act to substantially reduce battery lifetime in a portable application.

modulation techniques of other standards) allows 802.15.4 to enjoy significantly better link margins than other common systems, giving it added robustness in noisy or marginal propagation environments. The channels below 1 GHz use BPSK modulation (Binary PSK), while the 2400 MHz band employs O-QPSK (Offset Quadrature PSK). QPSK is spectrally efficient, but requires a linear transmitter due to the state transitions through zero. So, the developers chose O-QPSK which avoids the zero state and thus allows for a constant envelope transmitter, significantly decreasing transmitter complexity and inefficiency. Finally, 802.15.4 employs direct-sequence spread spectrum to provide coding gain and added resiliency against multipath. 16 chips per symbol are used for the sub-GHz frequencies, while 32 chips per symbol are used for the 2400MHz band. Interestingly, the spreading code used allows a standard FSK receiver to successfully demodulate the transmitted signal, although at significantly reduced link margin. However, in particularly cost-sensitive applications, it may be advantageous to sacrifice link margin for cost. 1.2 PHYsical Layer The 15.4 PHY contains specific primitives that manage the radio channel, and control packet data flow. This is a packet radio specification, and the PHY defines 4 different frames that have unique functions: Data, Acknowledgement, Beacon and MAC Command. The Data frame can carry up to 104 bytes of payload. The Acknowledgement frame is used by a receiving station to acknowledge to the transmitting station that a data packet was received without error. The Beacon frame is used by stations that may be implementing significant power saving modes, or by Coordinator and Router devices that are attempting to establish networks. The MAC Command frame provides some unique abilities to send low-level commands from one node to another. While ZigBee networking uses all four frame types, it is the Data and Acknowledgement frames that are most pertinent to the robustness and reliability of data transmission. All frames share generally common structure, as well as mechanisms such as a 4-octet (32-bit) preamble to allow the receiver to center and synchronize on the incoming packet, as well as the Frame Check Sequence (FCS), a 16-bit cyclic redundancy check value that allows the receiving station to validate that the payload is errorfree. The Data frame contains a Data Sequence Number, a cyclical 8-bit value that increments for each unique packet the transmitter sends. The destination device will respond to a successful receipt of a given Data frame with an Acknowledgement frame containing the same Data Sequence Number, allowing the sender to send multiple packets without waiting for an acknowledgement for each one first. The PHY uses Carrier Sense Multiple Access (CSMA) with Collision Avoidance (CA) to access the radio channel. This means that a radio with data to transmit will first listen to the channel and if the channel is clear, then transmit its packet. However, if the channel is busy, either due to another 802.15.4 station transmitting, or due to interference from a non-802.15.4 station (microwave oven, Wi-Fi access point, etc.), the radio will hold off from the channel for a random period of time before again checking the channel for occupancy. In a system where all stations can hear one another, CSMA-CA can provide nearly a 36% channel usage, but in practical environments where all stations cannot hear one another, the channel usage efficiency is

Figure 3. 15.4 Performance vs other Common PHYs The modulation mode used by 802.15.4 is phase-shiftkey (PSK) based, chosen because of its strong ability to be recovered even in very low signal to interference environments. PSK modulation has been employed by NASA for decades in deep space mission telecommunications, - its use in most commercial and consumer applications was traditionally limited due to complexity and cost, with Frequency-Shift Keying (FSK) commonly employed. As Figure 3 indicates, the Bit Error Rate performance of PSK with respect to FSK (as well as the

77

as low as the traditional ALOHA mechanism, about 18%. Again, this was understood when the standard was created, and is acceptable given the requirements for system simplicity.

Figure 5. ZigBee/802.15.4 Mesh Network and Device Types There are two physical types of device specified in 802.15.4, and three logical types. The two physical types are the Full Function Device (FFD) and the Reduced Function Device (RFD). While either device may act as a sensor node, control node, or composite device, only the FFD may perform routing tasks for a network. FFDs may, depending on their location in a network, have child devices for which the router performs routing functions. RFDs do not route, and therefore cannot have child devices. Figure 5 is a graphical representation of the connectivity practical in a ZigBee network using 802.15.4 devices. There are three logical devices envisioned in an 802.15.4 network, the Coordinator, Router, and End Device. An End Device exists at the edge of the network, thus an End Device is the end of routing environment for the network. End Devices may be simple sensors, or complicated control devices, but the main thing to remember is that they cannot propagate the network beyond them. End devices are often constructed from RFDs, primarily for cost reasons. The Router and Coordinator are potentially identical devices, and differ in function only based upon the networks initial power-up sequence. For example, Devices A, B and C are FFD devices, and all exist within radio range of one another. Device A is powered up for the first time and per the 802.15.4 standard, first searches the available RF channels to look for an existing network. It checks each channel for 802.15.4 activity, and broadcasts a network beacon request, waiting for response from a standing network. If nothing is heard, A will select a quiet channel and attempt to start a network on that channel. A has become the network coordinator. Device B is powered on for the first time, goes through the same process, and upon requesting a network beacon on As channel, receives As beacon and recognizes that there is a valid 802.15.4 network on that channel. It completes its scan, and if no other networks are discovered, returned to As channel and attempts to associate with As network. If A allows this association, then B becomes a member of As network and receives, as the first device in As network, the network address of 1. If the network topology allowed by A lets B become a Router, then B can assume that role since its also a FFD. Next, C is powered up for the first time. When C requests a beacon on the network channel, both A and B will attempt to respond, with the CSMA-CA mechanism preventing

Figure 4. IEEE 802.15.4 Timing and Minimum Latency The PHY manages all symbol and bit level timing, as well as transmit-receive switching times, intra-packet timings and acknowledgement delays. The PHY can be configured to automatically acknowledge (or not) every packet received successfully, depending on the application. Figure 4 demonstrates the timing involved in a data transaction between two devices. The sensor wakes up either on an event or at the end of an interval, checks the channel, transmits its message, awaits the acknowledgement, then may go back to sleep or first receive data intended for the node before going back to sleep. 1.3 Medium Access Control (MAC) Layer The 802.15.4 MAC contains over two dozen primitives that allow data transfer, both inbound and outbound, as well as management by higher-level entities of the RF and PHY. In all systems currently on the market, the MAC is implemented in software that runs on some sort of MCU core, but over time its practical to see that as the standard is proofed out that the MAC could be implemented in a state machine or an embedded core exclusively dedicated to MAC functions. Since system cost and power consumption will remain driving factors for the standard and products based upon the standard, the market will have a strong influence on the systems architecture over time. IEEE 802.15.4 uses a 64-bit unique address for every radio node. Similar to other IEEE standards including 802.11 and 802.3, the address consists of a 24-bit Organizationally Unique Identifier which identifies a specific entity that owns the address block, and in the case of 802.15.4 a 40-bit sequence that is allocated by the IEEE in blocks of 224. The 64-bit address is used in peer-to-peer communications, where no greater network is available. 802.15.4 expects that in a typical network, where there is a network coordinator and client devices, that the coordinator will issue 16-bit addresses to each of the devices that are part of the network. This 16-bit address is shorter, easier to manipulate, and represents less overhead in the packet frame.

78

them from both responding simultaneously. C will hear one of the network beacons, and attempt to associate with the network. As C can hear both A and B, the association imperative is to join networks as close to the Coordinator as practical. Therefore, C will attempt first to associate directly to A. If that fails (perhaps the path really is marginal), then C will fall back to attempting to associate with B. B, being a router, does not own the network but has been allocated a block of addresses by A to distribute. Depending on network parameters, B may accept Cs association request or may require A to make the decision. Once C has been accepted into the network, C will trade its 64-bit address for a 16-bit local address. Assuming C is allowed to be a router, C will get the next router address from A, which will depend directly on the ultimate network topology allowed by A. If C joins at B, then C will get address 2. Figure 4 shows a typical ZigBee network address structure and the initial tree routes that are created. The ZigBee specification does not take advantage, at this time, of all the functionality specified in the 802.15.4 MAC. For instance, there is the ability to use, instead of CSMA-CA channel access, Time Domain Multiple Access, This is implemented by a system of regular timing beacons, superframes and allocation of specific time slots to different stations. At this time, this feature is not used within any ZigBee profile, but there are currently proprietary applications that take advantage of this function. 3. ZIGBEE NETWORKING ZigBee networking is natively mesh-based. Cost-effective, longbattery-lived radios cannot use high transmit power to ensure successful transfer of data. Instead, the network must be more clever the most robust route between source and destination may not be the obvious, shortest physical path route, but instead a route that requires other radios to relay the information. The ZigBee networking specification provides great flexibility to the systems developer, providing tools to design a network that can meet a variety of needs. It is important to note that the network cannot be all things to all developers - a network may be developed along a number of somewhat orthogonal dimensions including power consumption, latency, topology, RF frequency, expandability, and capacity, as well as other, more interrelated factors. The ZigBee networking specification provides networking mechanisms that allow a developer to create star, tree and mesh network topologies, depending on network requirements. Once formed, a wireless network can be subject to interference, propagation changes, continued growth, unintended usage and security issues. How does a ZigBee network respond to these factors? Wireless networks bring with them added flexibility in deployment and modification, but do not carry the generally assured connectivity that twin strands of copper wire provide. By no means does that make a wireless system less useful or robust. The wireless system architect must understand the types of environments in which the wireless network is expected to be used, the usage patterns, and (at least) the most common failure modes. With this information, mitigations may be crafted that improve the reliability and robustness to levels that are good enough.

Figure 6. Typical ZigBee Address Allocation and Tree Routing Structure for Lmax = 3, Cmax = 20, and Rmax = 6 ZigBee networking (NWK) sits atop the IEEE RF/PHY/MAC and provides the required functionality to create and manage mesh networks. When a node is activated for the first time, the NWK commands the MAC to search all channels for an available network. Once it finds one, the MAC can provide that information to the NWK layer and let the end application determine whether to join, or it can join the network automatically. Once joined, the networks ZigBee Coordinator or one of the Routers assigns a 16-bit address to the node according to rules based upon the parameters contained in what is called the ZigBee Stack Profile. In Figure 6, a small network is described to show how ZigBee allocates 16-bit IEEE802.15.4 addresses. ZigBee networks strongly use the concept of generations of family: Device 5 is the Child of Device 1, and the Parent of Device 10. Also, Device 2 has a total of 9 descendants (4 Children, 5 Grandchildren). Only IEEE802.15.4 Full-Function devices may procreate, and at Layer Lmax no device may procreate. ZigBee devices that may procreate are considered ZigBee Routers (ZR), those that may not or can not procreate are ZigBee End Devices (ZED). Layer 0 shall contain only the ZigBee Coordinator (ZC). It is the Coordinator that determines the network addressing according to the following three network parameters: x Layers (Lmax). This specifies the maximum radius that any ZigBee network may have. For an Lmax=3 network as depicted above, this means that no node may be more than three physical RF hops from the Coordinator. From the family concept, Device 11 is the great-grandchild of device 1. x Children (Cmax). Defines the total number of nodes in Layer n that may be directly connected to a parent Router in Layer n-1. For example, node 2, a Router, may have a total of 20 children, but in the above diagram has only 4, including 3 Routers and 1 End Device. x Routers (Rmax). The maximum number of children that may also function as Routers. In the above example of 20 children per parent, that means that 6 of those children may also act as parents to their

79

own children, while the remaining 14 (Cmax-Rmax) may not be parents. For any procreating Parent, the first R address blocks are reserved for Router children, while the remaining Cmax-Rmax addresses are reserved for End Device children. Most products that are mains-powered are also IEEE 802.15.4 Full Function devices and therefore have the ability to be parents. However, as defined above, any device in the outermost layer may not procreate by network rule, whether they are a Full Function device or not.

total of 3 hops. However, theres a shorter route 14>8>1 which probably has a higher reliability since it has one less hop to it. Once the mesh route is learned, it is probable that data from occupancy sensor 14 will travel via the mesh route to the security panel. 3. CONCLUSIONS This paper has described the fundamentals of ZigBee networking and its reliance upon the mechanism of IEEE 802.15.4 as the wheels and chassis for ZigBee. RF, PHY and MAC properties specified by the IEEE have been contrasted and compared to other common radio protocols available today. The ZigBee network functionality and its use of the IEEE MAC mechanisms to establish and create the network, as well as the methods by which a ZigBee network grows and manages connectivity, have been described. ZigBee devices have a real potential to solve the challenge of bringing simple, effective wireless connectivity to low-rate sensors and control devices at an effective cost. 4. REFERENCES The following references are available publicly. [1] Various authors, ZigBee Specification, ZigBee Alliance, 14 December 2004. [2] McInnis, M. editor-in-chief, 802.15.4 IEEE Standard for Information Technology, Institute of Electrical and Electronic Engineers, New York, 1 October 2003.

Ntotal = 1 + Cmax

(R
n=
1)

Lma

max)

(n-

1 The equation defines the maximum number of nodes in a given ZigBee network. The example network above, with Lmax = 3, Cmax = 20, and Rmax = 6, can have a total of 861 nodes. There is no limit defined to Lmax, Cmax and Rmax except that Ntotal cannot exceed approximately 216. Again, referencing Figure 6, the number next to the upper right corner of each device box is the ZigBee Coordinator-allocated IEEE 16-bit network address. In a network with Lmax = 6, Cmax = 6, and Rmax = 6 (all children may be Routers), the maximum number of nodes in the network is over 55,000 and the physical radius (even using only 10m per hop) could be 120m or about 400, potentially covering several acres of office or factory floor. For another network Lmax = 10, Cmax = 60, and Rmax = 2, where theres a lot of sensors and a well placed routing infrastructure, the maximum number of nodes is well over 61,000, Networks that are physically larger than this are generally broken into multiple sub-networks, just like Internet addresses are divided into subdomains, partially for ease of use and also for added robustness and network capacity.

Figure 7. Physical Network of Figure 5 after Growth of Mesh Routes What Figure 7 shows is that while the initial network address allocation also created a default tree network, very soon afterward the network routing devices (1, 2, 5, 7, 8, 9) begin to learn additional routes between themselves, creating a mesh network that may actually do the majority of the routing, depending on routing performance. For instance, the sensor 14 default route to the device 1 home security panel is 14>8>2>1, a

80