Nv2
Nv2 is a proprietary wireless protocol developed by MikroTik for use with Atheros 802.11 wireless chips. Unlike standard 802.11 devices that use CSMA (Carrier Sense Multiple Access), Nv2 is based on TDMA (Time Division Multiple Access) media access technology. This architectural difference provides significant advantages in Point-to-Multipoint (PtMP) networks by eliminating the hidden node problem and improving overall media utilization.
Overview
Section titled “Overview”The fundamental advantage of TDMA over CSMA lies in scheduled media access. In traditional 802.11 networks, all devices compete for airtime, leading to collisions and inefficiencies, particularly in dense deployments or networks with hidden nodes. Nv2 addresses these limitations by placing the Access Point in complete control of the transmission schedule, ensuring that every device knows exactly when to transmit and receive.
Nv2 supports both 802.11n chips and legacy 802.11a/b/g chips starting from AR5212, though older AR5211 and AR5210 chips are not supported. This compatibility means that existing MikroTik hardware can participate in Nv2 networks without requiring a complete hardware upgrade, as RouterOS version 5.0rc1 or higher provides Nv2 support.
Key Capabilities
Section titled “Key Capabilities”Nv2 implements several advanced features that make it suitable for professional wireless deployments:
- TDMA Media Access: The AP controls all transmission timing, eliminating collisions and hidden node issues
- Dynamic Rate Selection: Automatic rate adaptation on a per-client basis for optimal throughput
- ARQ (Automatic Repeat Request): Reliable data transmission with automatic retransmission of failed frames
- Variable Priority Queues: Built-in QoS scheduler with support for firewall-based priority mapping
- Data Encryption: Hardware-accelerated AES-CCM encryption with 128-bit keys
- RADIUS Integration: Support for centralized authentication
- AP Synchronization: Multiple APs on the same frequency can synchronize to reduce interference
- Scalability: Support for up to 511 clients per interface
Protocol Architecture
Section titled “Protocol Architecture”In an Nv2 network, the Access Point divides time into fixed-size periods. Each period is dynamically divided into downlink (AP to clients) and uplink (clients to AP) portions based on queue states. The AP broadcasts a schedule at the beginning of each period, telling each client exactly when to transmit and for how long.
To accommodate new clients attempting to connect, the Nv2 AP periodically allocates uplink time for “unspecified” clients. When a new client uses this window to initiate registration, the AP measures the propagation delay and begins scheduling dedicated uplink time for that client.
Nv2 Protocol Implementation Status
Section titled “Nv2 Protocol Implementation Status”Nv2 includes the following features in its current implementation:
- TDMA media access with centralized scheduling
- WDS (Wireless Distribution System) support for bridging
- QoS with configurable priority queues
- Data encryption using AES-CCM
- RADIUS authentication features
- Statistics fields for monitoring
- Fixed downlink mode for predictable bandwidth allocation
- Configurable uplink/downlink ratio
- Experimental AP synchronization support
Compatibility and Coexistence
Section titled “Compatibility and Coexistence”Nv2 is a proprietary protocol that is neither compatible with nor based on other wireless protocols. This has important implications for network deployment:
- Only RouterOS devices with Nv2 support can participate in an Nv2 network
- Standard 802.11 devices will not recognize or connect to Nv2 APs
- RouterOS devices scanning for networks will detect Nv2 APs but will only connect if configured to do so
- Nv2 networks may cause interference to other networks on the same channel
- Other networks on the same channel may also cause interference to Nv2
- Nv2-enabled devices will not connect to other TDMA-based networks
This proprietary nature means that deploying Nv2 requires careful planning of the wireless spectrum and typically involves a complete replacement of existing equipment with Nv2-capable devices.
Nv2 Compared with Other Protocols
Section titled “Nv2 Compared with Other Protocols”Nv2 versus Standard 802.11
Section titled “Nv2 versus Standard 802.11”The key differences between Nv2 and standard 802.11 protocol are significant for wireless network design:
Scheduled Media Access: Unlike 802.11’s contention-based access, Nv2’s AP-controlled scheduling eliminates the hidden node problem entirely. The AP assigns time slots to each client according to a centralized policy, ensuring predictable bandwidth distribution.
Reduced Propagation Delay Overhead: Standard 802.11 requires acknowledgment frames for each data frame, creating substantial overhead on long-distance links. Nv2 eliminates per-frame ACKs, significantly improving throughput on links where propagation delay is a significant fraction of the frame transmission time.
Frame Aggregation and Fragmentation: Nv2 implements intelligent frame aggregation to maximize assigned media usage while minimizing per-frame overhead from interframe spaces and preambles.
Nv2 versus Nstreme
Section titled “Nv2 versus Nstreme”Nstreme was MikroTik’s earlier proprietary protocol attempt to improve upon 802.11. Nv2 advances this concept further:
Group Polling: Instead of polling each client individually, Nv2 AP broadcasts an uplink schedule that assigns time to multiple clients simultaneously. This “group polling” approach eliminates the overhead of individual polling packets, leaving more time for actual data transmission.
Optimized Scheduling: Nv2’s scheduling considers propagation delay to each client when constructing the uplink schedule, ensuring optimal media usage across the entire network. This is particularly beneficial in PtMP configurations with clients at varying distances.
Superior Latency Control: Reduced protocol overhead, adjustable period sizes, and advanced QoS features provide more precise control over network latency compared to Nstreme.
Configuring Nv2
Section titled “Configuring Nv2”The wireless-protocol setting controls which wireless protocol an interface uses. The meaning of this setting depends on whether the interface is operating as an AP or client, which is determined by the mode setting.
Wireless Protocol Selection
Section titled “Wireless Protocol Selection”| Setting Value | AP Behavior | Client Behavior |
|---|---|---|
| unspecified | Establish nstreme or 802.11 network based on legacy nstreme setting | Connect to nstreme or 802.11 network based on legacy nstreme setting |
| any | Same as unspecified | Scan for all matching networks regardless of protocol, connect using the chosen network’s protocol |
| 802.11 | Establish 802.11 network | Connect to 802.11 networks only |
| nstreme | Establish Nstreme network | Connect to Nstreme networks only |
| nv2 | Establish Nv2 network | Connect to Nv2 networks only |
| nv2-nstreme-802.11 | Establish Nv2 network | Scan for Nv2, then Nstreme, then 802.11 networks in priority order |
| nv2-nstreme | Establish Nv2 network | Scan for Nv2, then Nstreme networks in priority order |
The hybrid protocol values (nv2-nstreme-802.11 and nv2-nstreme) do not create a special hybrid protocol. Instead, they simplify client configuration during network migrations by allowing clients to scan for multiple protocol types in priority order.
Nv2 Access Point Settings
Section titled “Nv2 Access Point Settings”Most Nv2 settings are relevant only on the AP side, as clients automatically adapt their configuration from the AP. Understanding these settings is essential for optimizing Nv2 performance.
Nv2-queue-count: Specifies the number of priority queues used in the Nv2 network. This parameter directly impacts QoS granularity and must be coordinated with the nv2-qos setting.
Nv2-qos: Controls how frames are mapped to priority queues. The available modes are default and frame-priority, each with different implications for traffic management.
Nv2-cell-radius: Specifies the distance to the farthest client in kilometers. This setting affects the contention time slot size allocated for clients to initiate connections and the time slots used for distance estimation. Setting this value too small causes distant clients to experience “rounding timeout” errors during connection attempts. For optimal performance, set this to the actual maximum distance rather than a larger value, as the AP reserves time that would otherwise be unused.
tdma-period-size: Specifies the size in milliseconds of each time period used for media access scheduling. This is one of the most critical settings for balancing throughput and latency:
- Smaller periods reduce latency because the AP can assign time to clients more frequently
- Smaller periods increase protocol overhead, reducing maximum throughput
- Larger periods increase throughput but also increase latency
- Very long distance links may require larger periods to account for propagation gap between downlink and uplink phases
The propagation gap exists because clients must receive the last frame from the AP (incurring propagation delay) before they can transmit, and then their response must propagate back to the AP. On long-distance links, this gap can become significant, making period size optimization essential.
Nv2-mode: Specifies whether to use dynamic or fixed downlink/uplink ratio:
dynamic-downlink(default): The AP automatically adjusts downlink/uplink allocation based on traffic patternsfixed-downlink: Uses a fixed ratio specified bynv2-downlink-ratiosync-master: Operates as a fixed-downlink AP but allows slave APs to synchronize to itsync-slave: Attempts to synchronize period size and downlink ratio from a master AP
Nv2-downlink-ratio: When using fixed-downlink mode, specifies the percentage of each period allocated to downlink traffic. The uplink ratio is calculated automatically as (100 - downlink-ratio). Valid range is 20-80, with a default of 50.
nv2-sync-secret: Specifies the shared secret key used for Nv2 synchronization between master and slave APs. This value must match on all synchronized devices.
Nv2 Client and AP Shared Settings
Section titled “Nv2 Client and AP Shared Settings”Nv2-security: Enables or disables security for the Nv2 network. When enabled on the AP, only clients with security enabled can connect. Clients with security enabled will not connect to unsecure APs.
Nv2-preshared-key: Specifies the preshared key used for authentication. Data encryption keys are derived from this key during the 4-way handshake. Both AP and client must have identical preshared keys for successful connection.
Basic Nv2 Configuration Example
Section titled “Basic Nv2 Configuration Example”Establishing a basic Nv2 access point:
/interface wireless set wlan1 mode=ap-bridge ssid=MikroTik-Nv2 \ frequency=5180 wireless-protocol=nv2 nv2-mode=dynamic-downlinkConnecting a client to an Nv2 network:
/interface wireless set wlan1 mode=station ssid=MikroTik-Nv2 \ frequency=5180 wireless-protocol=nv2Configuring with security:
/interface wireless set wlan1 mode=ap-bridge ssid=Secure-Nv2 \ frequency=5180 wireless-protocol=nv2 nv2-security=yes \ nv2-preshared-key=MySecureKey123Fine-tuning for a PtMP network with distant clients:
/interface wireless set wlan1 mode=ap-bridge ssid=Sector-Nv2 \ frequency=5180 wireless-protocol=nv2 nv2-cell-radius=15 \ tdma-period-size=2 nv2-downlink-ratio=60 nv2-queue-count=4Migrating to Nv2
Section titled “Migrating to Nv2”Migrating an existing wireless network to Nv2 can be accomplished with minimal downtime by following these recommended steps:
- Upgrade the AP to a RouterOS version that supports Nv2, but do not enable Nv2 protocol yet
- Upgrade all client devices to RouterOS versions with Nv2 support
- Configure all clients with
wireless-protocol=nv2-nstreme-802.11. Clients will continue using their existing protocol since the AP has not yet switched to Nv2 - Configure Nv2-related settings on the AP, including cell radius, period size, and QoS parameters
- If encryption is required, configure
nv2-securityandnv2-preshared-keyon both AP and clients - Change the AP’s
wireless-protocoltonv2. The AP transitions to Nv2 protocol and clients automatically reconnect using Nv2 - If issues arise, easily revert by changing the AP back to its previous protocol setting
- Fine-tune Nv2 parameters to achieve acceptable latency and throughput
- Implement QoS policies for maximum performance
Troubleshooting Migration Issues
Section titled “Troubleshooting Migration Issues”Clients cannot connect or disconnect with “ranging timeout” error: Verify that the nv2-cell-radius setting is large enough to accommodate the farthest client. Increase this value to match the actual maximum distance.
Unexpectedly low throughput on long-distance links despite good signal and rate: Try increasing the tdma-period-size setting. Long propagation delays create larger gaps between downlink and uplink phases, which can significantly impact throughput on links with small period sizes.
Nv2 Access Point Synchronization
Section titled “Nv2 Access Point Synchronization”The AP synchronization feature enables multiple Nv2 APs on the same location to coexist more effectively by synchronizing their transmit and receive time windows. When APs are synchronized, they all transmit and receive at the same time on the same frequency, reducing interference between APs and allowing more efficient frequency reuse.
Synchronized Setup Configuration
Section titled “Synchronized Setup Configuration”Choose one AP to function as the master and configure it with nv2-mode=sync-master and a synchronization secret:
/interface wireless set wlan1 mode=ap-bridge ssid=Sector1 \ frequency=5220 nv2-mode=sync-master nv2-preshared-key=clients1 \ nv2-sync-secret=Tower1SyncConfigure slave APs to use the same frequency as the master, with nv2-mode=sync-slave and the same synchronization secret:
/interface wireless set wlan1 mode=ap-bridge ssid=Sector2 \ frequency=5220 nv2-mode=sync-slave nv2-preshared-key=clients2 \ nv2-sync-secret=Tower1SyncSynchronization Process
Section titled “Synchronization Process”When the master AP is enabled, slave APs search for the master by matching against the configured synchronization secret. Upon finding the master, each slave calculates its distance to the master and begins operating as an AP with period size and downlink ratio adapted from the master.
Slaves can also serve as synchronization sources for additional slaves, creating a daisy-chain synchronization topology. Slaves periodically listen for the master and verify that the synchronization secret still matches, re-adapting parameters as needed. If the master AP’s interface is disabled and re-enabled, all slaves will also disable and restart the synchronization process.
If the master AP stops functioning, slave APs will also stop operating since they depend on sync information from the master.
Monitoring Synchronization
Section titled “Monitoring Synchronization”On a slave AP, monitor synchronization status:
/interface wireless monitor wlan1The output shows the synchronization state, master MAC address, calculated distance, period size, and downlink ratio adapted from the master.
Debug logs on the master AP show new slaves attempting to synchronize:
09:22:08 wireless,debug wlan1: 4C:5E:0C:57:85:BE attempts to syncDebug logs on the slave AP show the synchronization process:
09:22:08 wireless,debug wlan1: attempting to sync to 4C:5E:0C:57:84:3809:22:09 wireless,debug wlan1: synced to 4C:5E:0C:57:84:38Quality of Service in Nv2
Section titled “Quality of Service in Nv2”Nv2 implements QoS using a variable number of priority queues. Frames are transmitted based on the 802.1D-2004 recommendation: a queue is only considered for transmission when all higher-priority queues are empty. This means higher priority queues are always serviced first, and lower priority queues only transmit when higher queues have no pending data.
Queue Configuration
Section titled “Queue Configuration”The nv2-queue-count parameter specifies the number of priority queues, and nv2-qos controls frame-to-queue mapping:
Nv2-qos=default: Frames are first inspected by a built-in QoS algorithm that selects a queue based on packet type and size. If no built-in rules match, the frame priority field is used as in frame-priority mode.
Nv2-qos=frame-priority: The QoS queue is selected based on the frame priority field. This field is not inherent in packet headers but is set during packet processing. It can be set explicitly by firewall rules or inherited from ingress priority such as VLAN priority bits or MPLS EXP bits.
Frame Priority Mapping
Section titled “Frame Priority Mapping”The mapping from frame priority to traffic class (queue) depends on the configured number of queues. For 4 queues, the mapping resembles WMM:
| Priority | Queue |
|---|---|
| 0, 3 | 0 (lowest) |
| 1, 2 | 1 |
| 4, 5 | 2 |
| 6, 7 | 3 (highest) |
For the default of 2 queues:
| Priority | Queue |
|---|---|
| 0, 1, 2, 3 | 0 (lowest) |
| 4, 5, 6, 7 | 1 (highest) |
For 8 queues (maximum):
| Priority | Queue |
|---|---|
| 1 | 0 |
| 2 | 1 |
| 0 | 2 |
| 3 | 3 |
| 4 | 4 |
| 5 | 5 |
| 6 | 6 |
| 7 | 7 |
Implementing QoS Policies
Section titled “Implementing QoS Policies”To configure QoS for voice traffic with highest priority:
/interface wireless set wlan1 nv2-queue-count=4 nv2-qos=frame-priority
/ip firewall mangle add action=mark-packet chain=prerouting \ protocol=udp port=5060,5061 new-packet-mark=voice-priority \ passthrough=no
/ip firewall mangle add action=change-packet-mark chain=prerouting \ packet-mark=voice-priority new-packet-mark=7 passthrough=noThis configuration gives SIP/RTP voice traffic priority over other traffic.
Security in Nv2
Section titled “Security in Nv2”Nv2 implements its own security mechanism separate from 802.11 security, using hardware-accelerated AES-CCM encryption with 128-bit keys. This proprietary approach ensures that Nv2 networks have robust encryption regardless of the underlying wireless chip capabilities.
Security Features
Section titled “Security Features”- AES-CCM Encryption: Hardware-accelerated data encryption providing strong protection
- 4-Way Handshake: Key management similar to 802.11i for secure key exchange
- Preshared Key Authentication: Simple authentication method for smaller deployments
- Group Keys: Periodically updated keys for broadcast and multicast traffic
Configuring Security
Section titled “Configuring Security”Security is configured at the interface level rather than through security profiles:
/interface wireless set wlan1 mode=ap-bridge ssid=Secure-Nv2 \ nv2-security=yes nv2-preshared-key=StrongPassword123When security is enabled on the AP, all clients must also have security enabled with matching preshared keys. Clients with security enabled will not connect to unsecured APs.
The preshared key is used only for authentication. Data encryption keys are derived from this key during the 4-way handshake that occurs during connection establishment.
Related Topics
Section titled “Related Topics”- Wireless Interface - Basic wireless interface configuration
- Security Profiles - WPA2/WPA3 encryption settings
- CAPsMAN - Centralized wireless management
- Frequency Bands - 2.4 GHz, 5 GHz, and 60 GHz operation
- Wireless VLAN Trunk - VLAN configuration over wireless