BLE Physical layer – GFSK modulation

bluetooth tutorial May 5, 2026 · 0 Comment

 

Chapter 7 — BLE Physical Layer
Part 2: GFSK Modulation From First Principles & Understanding the BLE Air Timeline
Modulation
GFSK
Bit Rate
1 Mbps
Avg Throughput
~3 kbps
Adv Pattern
Sets of 3
Keywords:

GFSK modulation explained FSK carrier signal Gaussian filter pulse shaping BLE air capture timeline BLE advertising sets of 3 BLE mostly off BLE throughput 3kbps frequency deviation binary 1 0 amplitude vs frequency modulation

What This Part Covers

Part 1 introduced GFSK as the modulation scheme for BLE. This part explains what modulation actually means from the ground up — no assumed knowledge. We start with what a carrier signal is, walk through amplitude modulation and why BLE does not use it, explain Frequency Shift Keying (FSK), and then describe what the Gaussian filter adds to make it GFSK. We then look at real BLE air capture data to see the “mostly off” behaviour in action.

What Is Modulation? — Starting from Basics

Mixing Two Signals to Enable Wireless Transmission

Modulation is the process of combining two signals into one transmittable signal. You have to understand two types of signal involved:

The Modulating Signal

This is the signal that carries your data — the information you want to send. In BLE, this is your stream of binary 0s and 1s representing a sensor reading, an advertising packet, or a data transfer. Modulating signals are relatively low frequency — typically in the range of kilohertz or low megahertz.

The Carrier Signal

This is a clean, high-frequency sine wave that the data rides on for transmission. The carrier itself carries no information — its job is to be the vehicle. For BLE, the carrier frequency is in the 2.4 GHz range (2,400,000,000 cycles per second). Radio waves at this frequency travel through walls and air efficiently.

Why do you need a carrier? You cannot just broadcast a 1 MHz data signal directly — it would require an enormous antenna and would interfere with everything else. High-frequency carrier waves are much easier to transmit efficiently with small antennas and are regulated into specific bands so different technologies do not collide. The modulation process mixes the data signal onto the carrier so the combined signal can be sent over the air.

Modulation — Combining Data Signal with Carrier Signal

DATA (Modulating Signal) — Stream of 1s and 0s
1
0
1
1
0
1
0
+

CARRIER (2.4 GHz sine wave) — No data, just a clean high-frequency wave
Fixed frequency, fixed amplitude — very many cycles per second
= MODULATED SIGNAL (sent over the air)

MODULATED SIGNAL — Carrier modified to carry data
Data is encoded by varying a property of the carrier (frequency in BLE’s case)

Three Properties That Can Be Modulated

Amplitude, Phase, and Frequency — BLE Uses Frequency

A carrier signal has three properties that can be varied to encode data. Each one gives a different modulation scheme with different advantages and disadvantages:

📊

Amplitude Modulation (AM)

Change the height (power) of the carrier wave to represent 0 or 1. High amplitude = 1, low amplitude = 0. Easy to implement, but noise typically corrupts amplitude, making this unreliable in noisy environments like the 2.4 GHz ISM band.

Not used in BLE — too noise-sensitive
🔄

Phase Modulation (PM)

Change the timing offset of the carrier wave to represent 0 or 1. Phase modulation is more complex to implement and demodulate. It is used in Wi-Fi (QAM/OFDM) for very high data rates but adds hardware complexity.

Complex — not used in basic BLE
〰️

Frequency Modulation (FM / FSK)

Change the frequency (how fast the wave oscillates) to represent 0 or 1. Higher frequency = 1, lower frequency = 0. Noise typically affects amplitude, not frequency, so FM/FSK is naturally resistant to the kind of interference found in the ISM band.

✅ Used in BLE — noise resistant

Frequency Shift Keying (FSK) — How BLE Encodes Bits

Binary 1 = Frequency Up, Binary 0 = Frequency Down

FSK (Frequency Shift Keying) is the digital version of frequency modulation. Instead of a continuous range of frequencies, it uses just two distinct frequency levels — one to represent binary 1 and another to represent binary 0.

In BLE specifically:

  • A binary 1 is encoded as a positive frequency deviation from the carrier centre frequency — the carrier shifts upward.
  • A binary 0 is encoded as a negative frequency deviation — the carrier shifts downward.
FSK Encoding — How 1s and 0s Change the Carrier Frequency

Frequency
f_c + Δf
BIT = 1
f_c
Carrier centre
f_c − Δf
BIT = 0

BIT STREAM:
1
0
1
1
0
0
1
0
█ = high freq (bit 1) █ = low freq (bit 0)

The receiver on the other end continuously monitors the incoming carrier frequency. When it detects the frequency has risen above the centre, it records a 1. When it drops below the centre, it records a 0. In this way, an entire packet of bits can be reconstructed from the frequency variations in the received signal.

Why is FSK better than AM for BLE? Radio noise in the 2.4 GHz band primarily affects the amplitude of signals — microwave ovens, Wi-Fi transmissions, and other interference all add power on top of the received signal. An AM receiver watching for amplitude changes would mistake this noise for data. An FSK receiver watching for frequency changes ignores amplitude completely — it only cares which frequency it is receiving, making it much more robust in a noisy environment.

From FSK to GFSK — What the Gaussian Filter Adds

Smoothing Frequency Transitions to Reduce Spectral Spread

Plain FSK has a problem. Every time a bit changes — from 1 to 0 or 0 to 1 — the carrier frequency must jump abruptly between two levels. In practice, an abrupt frequency jump creates a burst of high-frequency energy that spills outside the intended 2 MHz channel and interferes with neighbouring channels. This is called spectral leakage or spectral spreading.

GFSK (Gaussian Frequency Shift Keying) fixes this by passing the data signal through a Gaussian filter before it modulates the carrier. The Gaussian filter smooths the sharp edges of the digital signal — instead of abrupt step changes, the transitions become gradual curves. The modulating signal is now a rounded waveform rather than a square wave.

FSK vs GFSK — Effect of the Gaussian Filter on Frequency Transitions

FSK (no filter) — Abrupt frequency jumps
Sharp edges → high-frequency energy → spills into neighbouring channels

Gaussian Filter Applied

GFSK (with filter) — Smooth frequency transitions
Smooth curves → energy stays within the 2 MHz channel → less interference

This smoothing process is called pulse shaping. It is essential for BLE to co-exist with neighbouring channels. Without it, each BLE transmission would bleed power into the channels on either side, interfering with other devices and exceeding spectrum regulations.

The trade-off is minor — the Gaussian filter introduces a small amount of inter-symbol interference (the current bit’s shape influences the next bit slightly). The BT product of 0.5 in the BLE specification is chosen to balance spectral compactness against receiver complexity.

/* BLE uses GFSK at 1 Mbps. BlueZ exposes PHY info via HCI */
/* From BlueZ hci.h — LE Set PHY command (Bluetooth 5.0+) */

/* PHY options for BLE connections */
#define HCI_LE_PHY_1M        0x01  /* 1 Mbps GFSK (original BLE PHY) */
#define HCI_LE_PHY_2M        0x02  /* 2 Mbps GFSK (BT 5.0, faster)   */
#define HCI_LE_PHY_CODED     0x04  /* Coded PHY (BT 5.0, longer range)*/

/* To check which PHY is being used on a connection: */
/* hcitool cmd 0x08 0x0030     */
/* (LE Read PHY command)                              */

/* Sniffer output showing GFSK demodulation data:    */
/* wireshark with BTLE plugin shows per-packet:       */
/* - Channel index (0-39)                            */
/* - RSSI (signal strength in dBm)                   */
/* - Demodulated payload bytes                       */

7.7 — LE Timeline — What the Air Looks Like

Reading a Real BLE Air Capture — 4 Key Observations

A Bluetooth sniffer captures every radio packet transmitted over the air and records its timing. Looking at a timeline of BLE activity reveals the “mostly off” nature of BLE in a concrete and striking way. An air capture taken during a GATT profile session shows an LE device advertising, followed by a dual-mode device discovering and connecting to it. Four important patterns emerge from this capture:

BLE Air Capture Timeline — Annotated Observations

← 1.1025 seconds of captured air time →

adv×3

adv×3

data

adv×3

1
Advertising in sets of 3: Every advertising interval produces a burst of exactly 3 packets — one on each of the three advertising channels (37, 38, 39). Then the device waits before advertising again.
2
Mostly empty space: The vast majority of the timeline is the dashed line — no transmissions at all. This visually proves the “mostly off” claim. The radio is truly quiet almost all the time.
3
Very low average throughput: Across the entire 1.1-second capture, average packet throughput is only about 3,157 bits per second — roughly 3 kbps. This is orders of magnitude below the 1 Mbps physical bit rate, because the radio is only on for tiny fractions of the time.
4
Peak throughput still very low: Even during the burst of data exchange (where GATT service discovery is happening), peak throughput only reaches about 17 kbps. This confirms that BLE is designed for short, infrequent data, not sustained high-bandwidth streaming.

Why do advertising packets always come in sets of 3? An advertising device transmits once on channel 37, then immediately again on channel 38, then immediately on channel 39. This three-channel burst gives any scanner in the area the best chance of picking up the advertisement regardless of which channel it is currently listening on. After all three transmissions, the device waits for the advertising interval (typically 100 ms to several seconds) before repeating the three-channel burst.

/* Capturing BLE advertising with BlueZ hcitool and btmon */

/* Start BLE scan to see advertising packets: */
/* sudo hcitool lescan --duplicates */

/* Or use btmon for a detailed HCI-level trace: */
/* sudo btmon | grep -A5 "LE Advertising Report" */

/* btmon output shows per-advertising-event: */
/* > HCI Event: LE Meta Event (0x3e) plen 42          */
/*   LE Advertising Report (0x02)                     */
/*   Num reports: 1                                   */
/*   Event type: ADV_IND (connectable undirected) (0) */
/*   Address type: Public (0x00)                      */
/*   Address: 00:1A:7D:DA:71:13 (Polar)               */
/*   Data length: 25                                  */
/*   Flags: 0x06 (LE General Discoverable)            */
/*   Complete name: Polar H7                          */
/*   RSSI: -62 dBm                                    */

7.8 — Chapter 7 Summary

What You Have Learned About the BLE Physical Layer
Frequency Design

  • 2.4 GHz ISM band
  • 40 channels × 2 MHz
  • Formula: f(k) = 2402 + k×2
  • Frequency hopping for interference
Radio Flexibility

  • TX only allowed
  • RX only allowed
  • Both TX+RX allowed
  • Saves silicon, cost, power
Power & Range

  • −20 to +10 dBm output
  • Dynamic power control
  • 30 m to 100 m range
  • Environment dependent
Modulation

  • GFSK (Gaussian FSK)
  • 1 Mbps bit rate
  • Modulation index 0.45–0.55
  • BT product 0.5

Chapter 8 moves one layer up in the stack — the Link Layer. This layer uses the Physical Layer’s radio channel to implement the state machine (Standby, Advertising, Scanning, Initiating, Connected), manage device addresses, and implement adaptive frequency hopping across the 37 data channels.

Chapter 7 Complete!

The Physical Layer is fully understood. Now let’s move to Chapter 8 — the Link Layer that sits directly above it.

Chapter 8: BLE Link Layer — States & Device Address → ← Chapter 7 Part 1

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2026 embeddedpathashala.com - WordPress Video Theme by WPEnjoy