Tag Archives: Networking hardware

Technology

HomePlug Ethernet, part 2

For the last week or so, our living room has been out of bounds as we installed a new fireplace, redecorated and are now getting a new carpet fitted. That means all of the furniture has moved out to another room – and that includes our Smart TV.

After months of near-perfect video streaming over the Power Ethernet connection that I wrote about in November, I’ve had to go wireless again, and that means lots of buffering, etc. – despite the TV being right next to the Apple AirPort Express that I’m pretty sure should be repeating the signal.  That’s prompted me to a) do something about it as it will be another week or so before the Xbox and Smart TV are back in the living room and b) write this post about my experiences with my Power Ethernet TP1000 sockets.

Installation

If you can install a 2-gang (double) power socket, you can install a Power Ethernet socket*.  Simply turn off the power at the mains (consumer unit), disconnect the existing socket wiring, connect the TP1000  - and you’ll have a single power socket and four Ethernet ports in place of the two power sockets that were there originally.  Repeat for the second socket (you need a pair to work together) and a mesh network is created automatically. Simple!

A few points to note:

  1. Depending on the depth of the pattress or wall box that your socket uses, you may need a “spacer” to increase the depth to at least 35mm. I found that the wall box for my living room (standard fit for an early-1990s house with dry lined “dot and dab” walls) was too shallow but some spacers were included with my sockets.
  2. Even with the spacer, it’s still a tight fit (the back of the TP1000 is bulkier than a standard switched double socket) and I moved the point at which the ring main entered the wall box by a couple of centimetres to improve access to the wiring connections.
  3. The TP1000 power socket is unswitched. That’s not a problem for me, but may be a concern for some people.
  4. Although the facia plate for the TP1000 is white, the unit itself is grey (and my spacers were white). Also, it has rounded corners, which look nice, but are difficult to match with existing sockets (or the spacer).  Again, not a problem for me (the socket is hidden behind our TV stand) but it would be good to see Power Ethernet devices available in a selection of finishes to match the most commonly used electrical fittings here in the UK.

Use

It’s a power socket, just use it as normal.

And it’s an Ethernet switch with four connections. Just use them as normal. Of course, one end will need to be connected to your Internet connection – for me, this is via the wired LAN in my home office, without any need for cross-over cables.

Performance

For many years, I avoided Ethernet over power line solutions because I was concerned about interoperability between the various standards, and I’d heard stories of poor performance. Of course, this will vary tremendously based on the electrical wiring in use but I’ve been pretty impressed with the Power Ethernet devices. Bear in mind that my primary use is to stream TV from the Internet (BBC iPlayer, for example), so the bottleneck is my “up to 8Mbps” ADSL2 connection, but  I’m having no issues at all, even streaming HD content.

It’s difficult to measure the true throughput of the network but the Power Ethernet Management Software (PEMS) suggests I’m sustaining a connection at around 160Mbps and the initial connection speed often rises over time.  Tests using file transfers (for example, using NetCPS) suggested lower transfer rates but it’s still far better than over Wi-Fi – and seems more reliable.

The TP1000 Ethernet sockets also go into standby mode when not in use, which obviously has an environmental (and fiscal) impact, but they are quick to “resume” when a device is plugged in to one of the RJ45 connections or switched on, taking just a few seconds to establish a connection as normal.

Management

As I mentioned above, Power Ethernet provides management software  for the Ethernet switches inside the TP1000s. I’m not using the advanced functionality (e.g. setting up VLANs or QoS) but those sorts of capabilities will be extremely useful in an office environment and it’s still useful to be able to see the topology of the network, check out the port states, monitor bandwidth and otherwise manage the devices from a single location. Supplied as a Microsoft ClickOnce application, I did initially have some problems installing the software but Power Ethernet were able to take my log files and quickly resolve the issue. Since then, PEMS has automatically updated itself to the latest software release with absolutely no problems and apart from a few display problems (which may be due to the fact I’m running it on a Windows Server 2008 R2 machine, and connecting via RDP), it’s been pretty solid.

Power Ethernet Management Software

Interoperability

I mentioned that my SmartTV is temporarily in a different location (approx 8m from the nearest Ethernet socket) and, faced with an inability to watch iPlayer without buffering, I needed to set something up.  As this is a temporary fix and I don’t think Power Ethernet sockets are available with a brushed metal finish, I picked up a single TP-Link AV200 Nano powerline adapter (TL-PA211). It’s not as neat but it’s no worse than a 12V DC “brick” and it’s fine for a temporary setup. And, because both the TP-Link and the Power Ethernet sockets are HomePlug compatible, it instantly joined the mesh so I was connected to my Internet connection right away with no further configuration required.  What I did find is that the TP-Link connection is slower – which may be down to the the household electrical wiring or the device chipset (the TP-Link device uses the Intellon INT6000 chipset, whilst the TP1000 uses the Qualcomm Atheros INT6400) – but PEMS recognises a third party device and has shown me connection speeds in the range of 85-115 Mbps – which is still pretty decent and far more than my broadband connection!

Summary

I’ve been really pleased with my Power Ethernet TP1000s and I’d certainly recommend them for home or small business use. The management software can be a little clunky but it’s only really needed if you want to manage the embedded Ethernet switch, which is overkill for my simple home setup. And, whilst they may not be the cheapest HomePlug devices on the market, there are some significant advantages in terms of physical security, aesthetics and performance – and there’s always the option to combine with other 200Mbps HomePlug devices where appropriate. If you’re looking for an alternative to Wi-Fi, and running CAT5/6 is not an option, I seriously recommend taking a look at Power Ethernet.

 

* Of course, if you’re not confident in doing this, then consult an electrician. I’m not qualified to give electrical advice – I’m just a “competent DIYer”.

Technology

HomePlug Ethernet, part 1

As more an more computing devices are being allowed into my living room (Xbox, Smart TV, etc.) I’m starting to find that the Wi-Fi in our house, which seems fine for basic surfing, email, social media, etc. is struggling more and more when it comes to streaming video content.

It could be a problem with my Wi-Fi setup but I have a pretty good access point, located in a reasonably central position (albeit upstairs) and an Apple Airport Express acting as a repeater, connected to some speakers in our garden room.  I have a feeling that the TV and Xbox are picking up the Airport Express, rather than the main access point (no way to tell on the Airport Express as its diagnostics are almost non-existent) and the lengthy Wi-Fi journey between access points may be the cause of my problems.  I could redesign the network but it works for streaming Spotify to the garden room/kitchen so I started to consider alternatives.

Creating CAT5E/6 cable runs around the house is just too disruptive (I did consider it when we extended a few years ago, but it was quite expensive too), so I started to look at running Ethernet over the household electrical system with HomePlug devices.

A bit of crowdsourcing (asking around on Twitter) turned up quite a bit of advice:

  • Develo dLAN devices seemed to be well-regarded and I nearly bought a dLAN 500 AVtriple+ starter kit.
  • A few people mentioned the TP link Powerline products too.
  • Some people told me to go for faster connections (500Mbps) and that slower devices may be limited by 10/100Mbps Ethernet connections.
  • Others suggested higher speeds are more vulnerable to overheating and interference (that was another common theme – depending on the household wiring it seems you might not get very close to the stated maximum).

Ultimately, whatever I use will mostly be streaming content from the Internet (BBC iPlayer, etc.) over my ADSL connection (which runs at about 6Mbps downstream) so the home network shouldn’t be the bottleneck, once I get off Wi-Fi and onto some copper.

I mentioned that I nearly bought the Develo kit, so why didn’t I? Well, just as I was getting ready to purchase, PowerEthernet (@PowerEthernet) picked up on my tweet and suggested I take a look at their product, which is really rather neat…

Instead of plugging into a socket (either with or without pass-through power capabilities), the PowerEthernet devices replace a standard UK double socket to provide a single socket and four 200Mbps Ethernet ports. You need a pair (of course) but they work together to create an encrypted (AES128) mesh network that’s compatible with the HomePlug Alliance AV standard.

Professional installation is recommended but, as Paul Ockenden (@PaulOckenden) highlights in his PCPro article:

“Most competent DIYers should be able to replace an existing two-gang socket with a Power Ethernet faceplate, and indeed the IEE Wiring Regulations do allow for a confident consumer to do this. For a new installation, however, or if you lack the confidence, you’ll need to consult a qualified electrician.”

I haven’t installed mine yet – I only collected them from the Royal Mail today – but I intend to report back when I’ve had a chance to play. In the meantime, Jonathan Margolis (@SimplyBestTech) wrote a short but sweet piece for the FT. PC Pro’s full review suggests they are a bit pricey (almost £282 for a pair including VAT) but Girls n Gadgets’ Leila Gregory (@Swannyfound them on Amazon at closer to £80 each (as did I).

I’ll write more when I’ve had a chance to use them for a bit…

Technology

Wake on LAN braindump

I lost quite a bit of sleep over the last few nights, burning the midnight oil trying to get my Dell PowerEdge 840 (server repurposed as a workstation) to work with various Dell management utilities and enable Wake On LAN (WoL) functionality.

It seems that the various OpenManage tools were no help – indeed many of the information sources I found for configuring the Baseboard Management Controller and kicking SOLProxy and IMPI into life seemed to be out of date, or just not applicable on Windows 7 (although ipmish.exe might be a useful tool if I get it working in future and it can be used to send WoL packets). I did find that, annoyingly, WinRM 2.0 needs an HTTPS connection and that a self-signed certificate will not be acceptable (according to Microsoft knowledge base article 2019527).  If I ever return to the topic of WinRM and IPMI, there’s a useful MSDN article on installation and configuration for Windows Remote Management.

In the end, even though my system is running Windows 7, the answer was contained in a blog post about a PowerEdge 1750, WoL and Debian

“Pressing ‘CTRL-S’ brings us to a configuration panel which allows for enabling the Wake-On-LAN (WOL) mode of the card.”

I’d been ignoring this because it the Ctrl-S boot option advertises itself as the “Broadcom NetXtreme Ethernet Boot Agent” (and I didn’t want to set the machine up to PXE boot) but, sure enough, after changing the Pre-boot Wake On LAN setting to Enable, my PowerEdge 840 started responding to magic packets.

On my WoL adventure, I’d picked up a few more hints/tips too, so I thought it’s worth blogging them for anyone else looking to follow a similar path…

“Windows 2000 and Windows 2003 do not require that WOL be turned on in the NIC’s or LOM’s firmware, therefore the steps using DOS outlined in the Out?of?Box and Windows NT 4.0 procedures are not necessary and should be skipped.  Enabling WOL with IBAUTIL.EXE, UXDIAG.EXE or B57UDIAG.EXE may be detrimental to WOL under Windows 2000 and Windows 2003.”

    • Presumably this advice also applies to Windows XP, Vista, Server 2008, 7 and Server 2008 R2 as they are also based on the NT kernel, so there is no need to mess around with DOS images and floppy drives to try and configure the NIC…
  • I downloaded Broadcom’s own version (15.0.0.21 19/10/2011) of the Windows drivers for my NIC (even though Windows said that the Microsoft-supplied drivers were current) and I’m pretty sure (although I can’t be certain) that the Broadcom driver exposed advanced NIC properties that were not previously visible to control Wake Up Capabilities and WoL Speed. (Incidentally, I left all three power management checkboxes selected, including “Only allow a magic packet to wake the computer”). There’s more information on these options in the Broadcom Ethernet NIC FAQs.
  • There is a useful-sounding CLI utility called the Broadcom Advanced Control Suite that I didn’t need to download; however its existence might be useful to others.
  • Depicus (Brian Slack) has some fantastic free utilities (and a host of information about WoL) including:
  • Other WoL tools (although I think Depicus has the landscape pretty much covered) include:
  • There’s also some more information about WoL on Lifehacker.
Uncategorized

Enabling SNMP on my ADSL router

I’ve been playing around with some network monitoring and management tools on my home network and so have been busily enabling Simple Network Management Protocol (SNMP) on a number of my devices, including my elderly Solwise SAR110 ADSL modem/router; however the router’s web interface doesn’t seem to have the ability to configure the SNMP agent.

I asked how to do this on the Solwise forums and the response was to use the command line. Sure enough, I located the Solwise SAR110 Advanced Reference Guide telnetted to the router’s internal interface, logged on, and issued the following commands:

create snmp comm community public ro

(to create a community called public with read only access.)

create snmp host community public ip <em>ipaddress</em>

(to allow a specified IP address to interrogate the device using the public community.)

get snmp host confirmed that the settings were correct.

Enabling traps to inform the SNMP manager of any events was already enabled by default (confirmed using get snmp trap); however the command would have been modify snmp trap enable (or modify snmp trap disable to disable traps).

In order to test the configuration, I ran Noël Danjou’s SNMPTest utility. This confirmed that my router was accessible via SNMP; although I’m not sure if the trap functionality is working as it should be… I certainly didn’t see any evidence of the “System up” trap being sent after resetting the router.

Finally, once I was sure that everything was working as expected, I issued the commit command to save the changes (and re-ran the tests to see if that was why the traps hadn’t worked).

It’s not very likely that anyone reading this blog is using such an ancient device; however the general principle holds true for many consumer devices. If the web interface doesn’t let you do what you want, see if there is command line access, typically via telnet or ssh.

Uncategorized

Using Wireshark for basic packet capture and analysis

As I’m trying to get my head around the notes I made from last week’s Wireshark webcast by Mike Pennacchi of Network Protocol Specialists, I thought I’d post the highlights here – these are just my notes with very little interpretation or linking out to other sites, so check out the video for more detail:

  • Analyser placement is critical to successful network troubleshooting – switched networks provide direct traffic so you can’t just plug in and view everything right away.
  • Three common methods for monitoring a switched network are:
    • Spanning/port mirroring – copying ingress and egress traffic between switch ports to form a single data stream – even for an entire VLAN (although it’s likely that would exceed the capabilities of the destination port).
      • Advantages include: configuration requires no interruption to traffic flow; multiple ports can be sent to a single port; remote spanning is possible between switches; some switches can filter packets as part of the spanning.
      • Disadvantages include: configuration requires access to the switch; not all switches fully support spanning; has been known to cause problems.
    • Tap – for monitoring full duplex traffic, including physical errors, passing traffic between devices in a fault tolerant manner.
      • Taps may be fibre or copper-based.
        • Fibre taps require no power and will split the signal using a ratio intended to provide the greatest signal level to the destination and a usable signal for analysis.
        • Most copper taps regenerate the signal (and will pass the signal on directly in the event of power failure).
      • Port aggregation taps can internally combine data streams, allowing a single port to capture full duplex traffic and also to buffer traffic when the combined data rate exceeds the egress data rate for the port. They can be:
        • Passive – dropping inbound packets from the analyser.
        • Allow reset packets – allowing packet injection, e.g. for an intrusion detection system to kill a TCP connection.
      • Advantages include: taps are independent of the switch infrastructure and work out of band.
      • Disadvantages include: the link needs to be broken to insert the tap and, for full duplex taps, the analyser needs to be able to accept two streams and merge them into a single trace file.
    • Hub – an inexpensive solution to copy all traffic to all other ports, including physical errors.
      • Hubs are effectively repeaters.
      • Beware that some hubs are really switches, labelled as hubs.
      • Dual-speed hubs are actually switched between the 10 and 100Mbps networks – so the analysis device will need to operate at the same speed as the devices being monitored otherwise only broadcasts will be detected from devices running at a different speed.
      • Advantages include: low cost, easy to install and readily availble; traffic can be sent to multiple monitoring ports.
      • Disadvantages include: only half duplex; not fault tolerant and require breaking the link for installation.
  • Wireshark analysis method (D.I.S.C.A.R.D.):
    • Download Wireshark (free).
    • Install – two components: the Wireshark application and the packet capture driver (for Windows that’s Winpcap).
    • Setup – select the interface (from the Capture menu) and click Prepare. Where present, a generic dialup adapter can be used to capture VPN packets prior to encryption. Ensure that promiscous mode is used to capture all frames seen by the interface (not just those addressed to the analyser). Set capture filters if required (but it may be better to filter post-capture). Tweak the display options to improve performance – turn off real-time packet listing and automatic scrolling.
    • Capture – click start to run a capture. In practice, the maximum capture rate using a built-in NIC before packets begin to drop will be around 230Mbps although cards are available for full duplex 1Gbps network captures (e.g. the Cace TurboCap).
    • Analyse – view frames using the display filter against the packet list, then view the packet detail and, if necessary, the packet bytes. Setting the time display format (on the View menu) as seconds since previous displayed packet will help to identify gaps. Even encrypted traffic will show the deltas. The filter input box turns green when a valid filter is applied – alternatively the Expression option provides a GUI to assist. Some filters are case-sensitive and beware when using booleans with multiple filters (i.e. use or not and to avoid attempting to filter on two protocols at the same time!). Follow TCP Stream can be useful to quickly create a filter based on an IP address pair and particular port numbers.
    • Resolve – after thorough analysis, resolve the issues.
    • Document the solution.
  • Pilot is a companion tool for Wireshark (chargable) and offers deep packet analysis.
  • Example captures are available at Packetlife.net
Uncategorized

Building a branch office in a box?

For many organisations, branch offices are critical to business and often, rather than being a remote backwater, they represent the point of delivery for business. Meanwhile, organisations want to spend less on IT – and, as IT hardware and software prices fall, providing local resources improves performance for end-users. That sounds great until considering that local IT provision escalates support and administration costs so it makes more financial sense to deliver centralised services (which have a consequential effect on performance and availability). These conflicting business drivers create a real problem for organisations with a large number of branch offices.

For the last few weeks, I’ve been looking at a branch office consolidation exercise at a global organisation who seem to be suffering from server proliferation. One of the potential solutions for consolidation is using Windows Server 2008 and Hyper-V to provide a virtualised infrastructure – a “branch office in a box”, as Gartner described it in a research note from a few years ago [Gartner RAS Core Research Note G00131307, Joe Skorupa, 14 December 2005]. Windows Server 2008 licensing arrangements for virtualisation allow a server to run up to 4 virtualised operating system environments (with enterprise edition) or a single virtual and a single physical instance (with standard edition). It’s also possible to separate domain-level administration (local domain controllers, etc.) from local applications and infrastructure services (file, print, etc.) but such a solution doesn’t completely resolve the issue of maintaining a branch infrastructure.

Any consolidation at the branch level is a good thing but there’s still the issue of wide area network connectivity which means that, for each branch office, not only are there one or more Windows servers (with a number of virtualised workloads) to consider but also potentially some WAN optimisation hardware (e.g. a Cisco WAAS or a Riverbed Steelhead product).

Whilst I was researching the feasibility of such as solution, I came across a couple of alternative products from Cisco and Citrix which include Microsoft’s technology – and this post attempts to provide a high level overview of each of them (bear in mind I’m a Windows guy and I’m coming at this from the Windows perspective rather than from a deep networking point of view).

Cisco and Microsoft Windows Server on WAAS

When I found the Windows Server on WAAS website I thought this sounded like the answer to my problem – Windows Server running on a WAN optimisation appliance – the best of both worlds from two of the industry’s largest names, who may compete in some areas but still have an alliance partnership. In a video produced as part of the joint Cisco and Microsoft announcement of the Windows on WAAS solution, Cisco’s Vice President Marketing for Enterprise Solutions, Paul McNab, claims that this solution allows key Windows services to be placed locally at a reduced cost whilst providing increased flexibility for IT service provision; whilst Microsoft’s Bill Hilf, General Manager for Windows Server marketing and platform strategy, outlines how the branch office market is growing as workforces become more distributed and that the Windows on WAAS solution combines Windows Server IT services with Cisco WAAS’ WAN optimisation, reducing costs relating to infrastructure management and power usage whilst improving the user experience as services are brought closer to the user.

It all sounds good – so how does this solution work?

  • Windows on WAAS is an appliance-based solution which uses virtualisation technologies for Cisco WAAS and Microsoft Windows Server 2008 to run on a shared platform, combined with the advantages of rapid device provisioning. Whilst virtualisation in the datacentre has allowed consolidation, at the branch level the benefit is potentially the ability to reconfigure hardware without a refresh or even a visit from a technician.
  • Windows Server 2008 is used in server core installation mode to provide a reduced Windows Server footprint, with increased security and fewer patches to apply, whilst taking advantage of other Windows Server 2008 enhancements, such as improved SMB performance, a new TCP/IP stack, and read-only domain controllers for increased directory security at the branch.
  • On the WAAS side, Cisco cite improved application performance for TCP-based applications – typically 3-10 times better (and sometimes considerably more) as well as WAN bandwidth usage reduction and the ability to prioritise traffic.
  • Meanwhile, running services such as logon and printing locally means that end user productivity is increased.

Unfortunately, as I began to dig a little deeper (including a really interesting call with one of Cisco’s datacentre product specialists), it seems that this solution is constrained in a number of ways and so might not allow the complete eradication of Windows Server at the branch office.

Firstly, this is not a full Windows Server 2008 server core solution – only four roles are supported: Active Directory Domain Services; DHCP server; DNS server and Print services. Other services are neither supported, nor recommended – and the hardware specifications for the appliances are more akin to PCs (single PSU, etc.) than to servers.

It’s also two distinct solutions – Windows runs in a (KVM) virtual machine to provide local services to the branch and WAAS handles the network acceleration side of things – greatly improved with the v4.1 software release.

On the face of it (and remember I’m a Windows guy) the network acceleration sounds good – with three main methods employed:

  1. Improve native TCP performance (which Microsoft claim Windows Server 2008 does already) by quickly moving to a larger TCP window size and then lessening the flow once it reaches the point of data loss.
  2. Generic caching and compression.
  3. Application-specific acceleration for HTTP, MAPI, CIFS and NFS (but no native packet shaping capability).

All of this comes without the need to make any modifications to the existing network – no tunnelling and no TCP header changes – so the existing quality of service (QoS) and network security policies in place are unaffected by the intervening network acceleration (as long as there’s not another network provider between the branch and the hub with conflicting priorities).

From a support perspective Windows on WAAS is included in the SVVP (so is supported by Microsoft) but KVM will be a new technology for many organisations and there’s also a potential management issue as it’s my understanding that Cisco’s virtual blade technology (e.g. Windows on WAAS) does not yet support centralised management or third party management solutions.

Windows on WAAS is not inexpensive either (around $6,500 list price for a basic WAAS solution, plus another $2,000 for Windows on WAAS, and a further $1,500 if you buy the Windows licenses from Cisco). Add in the cost of the hardware – and the Cisco support from year 2 onwards – and you could buy (and maintain) quite a few Windows Servers in the branch. Of course this is not about cheap access to Windows services – the potential benefits of this solution are much broader – but it’s worth noting that if the network is controlled by a third party then WAN optimisation may not be practical either (for the reasons I alluded to above – if their WAN optimisation/prioritisation conflicts with yours, the net result is unlikely to result in improved performance).

As for competitive solutions, Cisco don’t even regard Citrix (more on them in a moment) as a serious player – from the Cisco perspective the main competition is Riverbed. I didn’t examine Riverbed’s appliances in this study because I was looking for solutions which supported native Windows services (Riverbed’s main focus is wide area application services and their wide area file services are not developed, supported or licensed by Microsoft, so will make uncomfortable bedfellows for many Windows administrators).

When I pressed Cisco for comment on Citrix’s solution, they made the point that WAN optimisation is not yet a mature market and it currently has half a dozen or more vendors competing whilst history from in other markets (e.g. SAN fabrics) would suggest that there will be a lot of consolidation before these solutions reach maturity (i.e. expect some vendors to fall by the wayside).

Citrix Branch Repeater/WANScaler

The Citrix Branch Repeater looks at the branch office problem from a different perspective – and, not surprisingly, that perspective is server-based computing, pairing with Citrix WANScaler in the datacentre. Originally based around Linux, Citrix now offer Branch Repeaters based on Windows Server.

When I spoke to one of Citrix’s product specialists in the UK, he explained to me that the WANScaler technologies used by the Branch Repeater include:

  1. Transparency – the header is left in place so there are no third-party network changes and there is no need to change QoS policies, firewall rules, etc.
  2. Flow control – similar to the Cisco WAAS algorithm (although, somewhat predictably, Citrix claim that their solution is slightly better than Cisco’s).
  3. Application support for CIFS, MAPI, TCP and, uniquely, ICA.

Whereas Cisco advocate turning off the ICA compression in order to compress at the TCP level, ICA is Citrix’s own protocol and they are able to use channel optimisation techniques to provide QoS on particular channels (ICA supports 32 channels in its client-server communications – e.g. mouse, keyboard, screen refresh, etc.) so that, for example, printing can be allowed to take a few seconds to cross the network but mouse, keyboard and screen updates must be maintained in near-real time. In the future, Citrix intend to extend this with cross-session ICA compression in order to use the binary history to reduce the volume of data transferred.

The Linux and Windows-based WANScalers are interoperable and, at the branch end, Citrix offers client software that mimics an appliance (e.g. for home-based workers) or various sizes of Branch Repeater with differing throughput capabilities running a complete Windows Server 2003 installation (not 2008) with the option of a built-in Microsoft ISA Server 2006 firewall and web caching server.

When I asked Citrix who they see as competition, they highlighted that one two companies have licensed Windows for use in an appliance (Citrix and Cisco) – so it seems that Citrix see Cisco as the competition in the branch office server/WAN optimisation appliance market – even if Cisco are not bothered about Citrix!

Summary

There is no clear “one size fits all” solution here and the Cisco Windows on WAAS and Citrix WANScaler solutions each provide significant benefits, albeit with a cost attached. When choosing a solution, it’s also important to consider the network traffic profile – including the protocols in use. The two vendors each come from a slightly different direction: in the case of Cisco this is clearly a piece of networking hardware and software which happens to run a version of Windows; and, for Citrix, the ability to manipulate ICA traffic for server-based computing scenarios is their strength.

In some cases neither the Cisco nor the Citrix solution will be cost effective and, if a third party manages the network, they may not even be able to provide any WAN optimisation benefits. This is why, in my customer scenario, the recommendation was to investigate the use of virtualisation to consolidate various physical servers onto a single Windows Server 2008 “branch office in a box”.

Finally, if such a project is still a little way off, then it may be worth taking a look the branch cache technology which is expected to be included within Windows Server 2008 R2. I’ll follow up with more information on this technology later.

Uncategorized

More on the BT Home Hub

Last year I blogged about the dangers of BT Home Hub users using WEP for “Wi-Fi Security”, pointing out that WEP is generally considered insecure and that WPA or WPA2 should be used instead. Then I set up my Dad’s Home Hub for him (just as an ADSL router/modem at this time… possibly with some of the other features later) and this is what I found:

  • The Home Hub is an elegant piece of hardware and BT have made cabling straightforward with colour-coded cables.
  • Following the instructions (which is what I did) involved installing a lot of software on the PC… just to connect to a router. I imagine that most of it can be disregarded (Customised browsers, BT Yahoo! sidebar etc.).
  • The setup failed to recognise that there was already an ADSL modem connection and that I was replacing that with a LAN-based connection (eventually I found a setting deep on the BT Broadband Help system to change that, after which uPnP jumped into life and the router was located).
  • The supplied password for BT Yahoo! Broadband didn’t work, resetting it required answering a security question that had never been set (chicken… egg…) and calling for support involved speaking to a well-intentioned but not very efficient call centre operative somewhere on the Indian subcontinent (who apologised for the quality of the phone line… ironic given that this service was on behalf of one of the World’s largest telecommunications providers)

Returning last week to finish the job, I found that BT have been updating the router firmware automatically for him and now he has options for WPA/WPA2 (which I duly configured). I also found a great link for information on the home hub (a rebadged Thomson device) – the The Frequencycast Home Hub FAQ – which told me useful things like to access the configuration via http://bthomehub.home/ and that the authentication prompt for administrator access does not requires the BT Broadband username and password but the username admin and password of admin (or the serial number of the device) until it is reset to something more memorable. If you need to know something about the BT Home Hub, the chances are it’s in this FAQ. Also worth a look (particularly if you have a Mac that’s not playing nicely with WPA-TKIP – although my OS X 10.5.5 MacBook seemed to be fine with Home Hub software 6.2.6.E) is the BT Home Hub page on hublog – and there is also a command line interface reference for the Home Hub.

Uncategorized

Failed power supply causes impromptu wireless network upgrade

Two-and-a-half years ago, I upgraded my wireless network in order to move to 802.11g and to implement some half-decent Wi-Fi security but, last Friday, just as I was packing up the car for a weekend away, I noticed that my PC had lost contact with the mail server. Then I saw there were no lights on my wireless access point. This was not good news.

I couldn’t fix it quickly and running a cable was not an option either as it would have meant leaving the house unsecured all weekend. So, I just had to accept that I had no DNS, no DHCP, and that the mail server would be offline for the weekend.

When I got home last night, I set up a temporary (wired) connection and thought about how to fix the Wi-Fi – it seemed I had a few options:

  • Buy a new DC power adapter for my D-Link DWL-2000AP+ – inexpensive but the D-Link was a cheap access point – a new DC adapter could cost almost as much as the unit is worth and if the power adapter has blown up, the main unit could be next.
  • Buy a new access point (and optionally move up to 802.11pre-n) – a new access point could be good, but pre-n equipment is still quite expensive – and I’ve never been that happy with pre-anything standards, even back in the days of 56Kbps modems. Add to that the fact that I have a mixture of 802.11g and 802.11n equipment (mostly built in to computers) – and the “g” kit would slow an “n” network down to 54Mbps.
  • Replace my individual router and access point with a combined wireless-modem-router (like the Netgear DG834G that one of my friends lent me – a left-over from his disastrous encounter with Virgin Media’s ADSL “service” – or one of the Draytek devices that I’ve heard so many good things about) – but my Solwise ADSL router is still going strong (aside from the occasional reboot) and I’d have to reconfigure all my firewall rules.
  • Dump Wi-Fi in favour of HomePlug AV technologies – potentially faster (at least faster than 802.11g) but also quite expensive, still a relatively immature technology and, based on most of the reviews I’ve seen, highly dependant upon the quality of the wiring in the house.

In the end, I decided to splash out on a new access point – and this time I got the one that I thought about in 2005 but didn’t want to spend the money on – a Netgear ProSafe WG102. I got mine from BroadbandBuyer for a touch over £80 (the added bonus was that they are only 7 miles away from my house, had them in stock, and I could collect) so by late morning my Wi-Fi was back online and the temporary cables down the stairs were gone and the garage door was closed again.

Netgear ProSafe WG102After having set this up, I realised that this is what I should have done first time around – Netgear’s ProSafe range is aimed at small businesses but is still reasonably inexpensive – and so much better than the white plastic consumer rubbish that they churn out (or the D-Link access point that I’ve been using). The WG102 is well built, has a really straightforward web interface for management (as well as SNMP support) and supports all the wireless options that I would expect in a modern access point, including various security options and IntelliRF for automatic adjustment of power transmission and channel selection. I’m using WPA2 (PSK) but the WG102 does include RADIUS support. It’s also got a nice big antenna and I’ve switched off 802.11b to prevent the whole network from being slowed down by one old “b” device. I also use MAC address filtering (easy enough to get around but nevertheless another obstacle in the way of a would-be attacker) but the best features are the ones I haven’t implemented yet – like multiple SSIDs and VLANs for granular user access. If I put a VLAN-capable switch between the access point and my router, I could provide a hotspot for my street but still run my own traffic over it’s own VLAN. I guess VLAN-hopping would be a potential attack vector but my Wi-Fi traffic would be encrypted anyway and there’s another firewall between the wireless network and my data. If that switch supported Power over Ethernet (PoE) then I could even manage if the WG102 lost it’s power supply (it has PoE support too).

The WG102 is certainly not the least expensive access point I could have bought but it seems to be money well spent. It includes a bunch of features that are generally only found devices intended for the enterprise market but comes at a small business price. I should have bought this years ago.

Uncategorized

Bizarre use for old networking hardware

I dropped in on my mate Stuart today and noticed an old Cisco Catalyst 1900 switch in his study. The he showed me what he was really using it for – a signal booster for his DVB-T digital TV signal. It seemed to work a treat with the magnetic aerial stuck on the side!

Uncategorized

Be careful when mixing wireless Ethernet devices

It’s well known that the proprietary extensions employed by some vendors to increase the speed/range of their wireless Ethernet (IEEE 802.11) equipment can cause issues (and sometimes refuse to work with one another at all); however there is something else to consider when working with older wireless kit – the network will automatically slow down to match the slowest device. Added to the fact that wireless networks already share bandwidth (WiFi is not switched), even a fast network could well have dropped to the lowest common denominator and may be operating at 11Mbps (or slower) because of a single 802.11b adapter.

When I upgraded my wireless network to 54Mbps 802.11g, I left my wife’s PC untouched because I didn’t want to inadvertently affect her business. When I finally upgraded her PC this evening I removed the legacy Compaq WL110 card and saw an instant improvement in file transfer speeds across the wireless link from our office to my server!

With high-speed 802.11n (draft) equipment coming onstream, it’s important to remember that upgrading the network is not enough and for the full benefits to be achieved will be necessary to upgrade every connected device too – including all those laptops with built-in wireless capabilities – potentially a very costly exercise.

%d bloggers like this: