Make your own free website on

Bluetooth Technology

Silan Liu


1. Bluetooth Overview

1.1. Why Bluetooth

1.2. Bluetooth Architecture

2. Bluetooth Topology

3. RF and Baseband

3.1. RF

3.2. Modulation

3.3. Physical Links

3.4. Logical Channels

3.5. Packet Format

3.6. Payload

4. Link Manageg

5. Logical Link Control and Adaption Protocol (L2CAP)

6. Service Discovery Protocol (SDP)

7. Conclusion

8. References


1. Bluetooth Overview

1.1.                Why Bluetooth

Bluetooth is a short-range radio link intended to replace the calble(s) connecting portable and/or fixed electronic devices. Key features are robustness, low complexity, low power and low cost [1]. There are already similar standards in this market, such as IrDA, HomeRF and IEEE 802.11 family. Bluetooth is designed to offer some unique advantages that none of the others can provide.

For example, IrDA uses infrared as medium, so its range is limited to around 1 meter, and it requires a line-of-sight communication. In comparison, Bluetooth can operate at a range up to 10 meters, or even 100 meters with enhanced transmitters. RF signals goes through walls, so a Bluetooth network can span several rooms.

Compared with HomeRF and IEEE 802.11 family, Bluetooth has much lower data rate and transmission range (10 meter). While HomeRF supports 1.6 ~ 10 Mbps data rate and IEEE 802.11a/b supports 54/11 Mbps, Bluetooth supports only 780 Kbps, which can be used for 721 kbps downstream and 57.6 kbps upstream asymmetric data transfer, or 432.6 kbps symmetric data transfer. Both HomeRF and IEEE 802.11 operates at 100 meter range, while Bluetooth operates at up to 10 meter.

However, as a result of the lower data rate and transmission range, Bluetooth offers much lower cost per node (approximately 5 ~ 10% of HomeRF and IEEE 802.11). So it is more suitable for applications involving low data rate (data and voice), small number of devices (8 at maximum), low power consumption and short range (up to 10 meter), such as PC-to-peripheral networking, home networking, hidden computing, data synchronization (such as between PC and PDA), mobile phone devices, and future smart devices or entertainment equipment.

1.2.                Bluetooth Architecture

The Bluetooth architecture and its mapping to OSI model is shown below:

Figure 1: Bluetooth architecture [2]

Figure 2: Mapping between Bluetooth, OSI model and IEEE802 standards [3]

2. Bluetooth Topology

There can be only 2 ~ 8 Bluetooth devices talking to each other. This is called a piconet. Among these devices, there can be only one master device, all the rest are slave devices. A device can belong to two piconets meantime, serving as slaves in both piconet or a master in one and slave in another. This is called a bridging device. Bridging devices connect piconets together to form a scatternet:

Figure 3: Single-slave piconet (a), multiple-slave piconet and scatternet (c) [1]

3. RF and Baseband

3.1.                RF

Bluetooth operates at the unlicensed 2.5GHz Industrial-Scientific-Medical (ISM) band. There are already many types of devices using this band, such as baby monitors and garage door remote controls. To avoid interfering with these devices, Bluetooth devices sends out very weak signals (about 1 milliwatt). This limits the transmission range to 10 meters. It also uses a frequency hopping technique, hopping randomly between 79 1-MHz channels 1600 times per second (625 us time slot). Each piconet is synchronized to a specific frequency hopping pattern, so that even different piconets do not interfere with each other. A piconet can either be static or dynamic (chaning when devices move in or out).

3.2.                Modulation

The modulation in Bluetooth is Gaussian Frequency Shift Keying (GFSK), with a BT = 0.5 and modulation index between 0.25 and 0.35:

Figure 4: Bluetooth Modulation [1]

3.3.                Physical Links

Bluetooth protocol uses a combination of synchronous and asynchronous links. A Synchronous Connection-Oriented (SCO) link is a point-to-point link between the master and specific slave. It has symmetric 64 kbps rate, typically used for voice transmission. It uses reserved time slots, thus can be regarded as a circuit switching link. A master can support up to 3 SCO links to one or multiple slaves, while a slave can support up to three SCO links to one master or up to two SCO links to different masters. Master transmits at reserved master-to-slave time slot, and slave response in the following slave-to-master slot. SCO packets are never retransmitted.

Asynchronous Connectionless (ACL) links are used for data transmission, with 723.2 downstream/57.6 kbps upstream asymmetric or 433.9 kbps symmetric data rate. There can be only one ACL link between the master and all active slaves. Only the addressed slave device can response. ACL packets can be retransmitted for data integrity.

3.4.                Logical Channels

On top of phsical links, there is a sub layer of logical channels, representing different types of information carried through the physical links. LC channel carries low-level link control information such as ARQ and flow control; LM channel carries messages for the Link Manager layer, UA, UI and US channel carries asynchronous, isochronous and synchronous user data respectively. LC channel is carried in the packet header, others are in the payload.

3.5.                Packet Format

Data in piconet is encoded in packets. The general packet format is shown below:


Figure 5: General Packet Format of Bluetooth [1]

A packet could contain a shorthanded access code (68 bytes) part of the parket only, or access code plus header, or all the three parts.

* Access Code

Access code is used for synchronization, DC offset compensation and identification. It is show below:

Figure 6: Access Code Format of Bluetooth Packet [1]

There are three kinds of access codes. Channel Access Code (CAC) is used to identify the piconet. All packets sent through one channel of the piconet carries the address of the master device. Device Access Code (DAC) is used for special signaling procedures, such as paging and response to paging. A DAC for paging carries the address of paged device. Each

Bluetooth device has a unique address called BD_ADDR. It contains two parts: company ID which is unique across the world, and device ID which is unique within the products of the company. The Sync Word of the access code is derived from a BD_ADDR address using (64,30) expurgated block code with an overlay of an 64-bit full length PN sequence.

The preamble is simply a fixed 0101 or 1010 sequence depending on whether the LSB of the following sync word is 0 or 1.

If there is no header following in the packet, the access code does not have a trailer.

* Header

Header part of the packet is used by the Link Control (LC) logical channel. It has the following format:

Figure 7: Header Format of Bluetooth Packet [1]

* AM_ADDR: temporary address assigned to active members of the piconet, used on all packets in both direction sent between the master and the addressed slave. An all-zero AM_ADDR is used to broadcast to all slaves.

* TYPE: type of packet. There are 12 types of packets for each SCO and ACL physical links, and four types of common control packets for both.

* FLOW: for flow control.

* ARQN: for ACK.

* SEQN: contains sequence number for packet ordering.

* HEC: header error check for header integrity.

3.6.                Payload

There can be two types of payload: voice and data. SCO packets only have voice field, while ACL packets only have data field.

4. Link Manageg

Link Manager messages are used for link setup, security and control. They are transferred in the payload part of the packet. LM messages are filtered out and interpreted by LM layer and are not passed to upper layers. LM messages have higher priority than upper-layer messages.

5. Logical Link Control and Adaption Protocol (L2CAP)

L2CAP layer operates over a single ACL link provided by the baseband, which is setup by the LM layers using LM messages. This ACL link is always avaliable between the master and any slaves. L2CAP layer serves upper layer by transmitting data over channels (Fig. 8). Each channel has two end points and a logical channel ID (CID).

A channel is setup in the following procedure:

1.        Connection
A L2CAP entity requests connection to a remote device. The request has been passed from upper layers of the first L2CAP entity. When a response is received, the local device enters Config state.

2.        Configuration
Configuration process involves a negociation between two end points of the channel over maximum transmission unit (MTU), a flush time out and quality of service (QoS) agreement. Once all these issues have been successfully negociated, the two end points enters Open state, in which data transfer may begin.

3.        Disconnection
When a L2CAP layer receives a disconnect request from upper layer, it passes it to the remote device. When response received, the channel enters Closed state.

6. References

[1] Bluetooth V1.1 Core Specifications.



[4] Bluetooth Basics, Rebecca Spaker.