Weeknote 2024/07: pancakes; cycle races; amateur radio; flooding; and love stories

Posted on By Mark Wilson

The feedback I receive on these weeknotes is generally something like “I’m enjoying your weekly posts Mark – no idea how you find the time?”. The answer is that 1) I work a 4-day week; and 2) I stay up far too late at night. I also write them in bits, as the week progresses. This week has been a bit of a rollercoaster though, with a few unexpected changes of direction, and consequently quite a few re-writes.

This week at work

I had planned to take an extra day off this week which looked like it was going to squeeze things a bit. That all changed mid-week, which gave me a bit more time to move things forward. These were the highlights:

This week away from work

Last weekend

I was cycle coaching on Saturday, then dashed home as my youngest son, Ben, said he would be watching the rugby at home instead of with his mates. England vs. Wales is the most important Six Nations fixture in my family. My Dad was Welsh. He wasn’t big into sport, but, nevertheless I remember watching 15 men in red shirts running around with an oval ball with him. Nikki’s Dad was Welsh too. Even though we were both born in England, that makes our sons two-quarters Welsh. Cymru am byth! Sadly, the result didn’t quite go our way this year – though it was closer than I’d dared dream.

On Sunday, our eldest son, Matt was racing the Portsdown Classic. It’s the first road race of the season and there were some big names in there. Unfortunately, he didn’t get the result he wanted – finding he has the power but is still learning to race – but he did finish just ahead of Ed Clancey OBE, so that’s something to remember.

I’m just glad he avoided this (look carefully and Matt can be seen in white/blue on a grey bike with white decals on the wheels, very close to the verge on the left, just ahead of the crash)

The rest of the week

Olney town sign, showing women racing to the church with frying pans
Town sign on the entrance to Olney, showing women running to the church with frying pans in hand

Our town, Olney, has celebrated Shrove Tuesday with a pancake race since 1445. It even features on the signs as you drive into town.

I didn’t see this year’s race as I was working in Derby. Then driving back along the motorway in torrential rain, in time for a family meal. We were supposed to be getting together before Matt flew out to Greece for 10 weeks, but those plans fell apart with 2 days before his outbound flight. Thankfully he’s sorted a plan B but I’m not writing about it until it actually happens!

For a couple of years I’ve struggled to ride with Matt without him finding it too easy (and actually getting cold). I miss my riding buddy, but it was good to hear him say he’d like to ride with me again if I can get back into shape. Right. That’s my chance. Whilst he is away it’s time to get back on Zwift and prepare for a summer on the real bike. I need to lose at least 20kgs too, but that’s going to take a while…

…which reminds me. I must find a way to pull all my information from the Zoe app before my subscription expires.

As last Sunday’s bike race was “only” around 75km, I didn’t have any roadside bottle-passing duties so I took “the big camera” (my Nikon D700 DSLR). Then, I got home and realised my digital photography workflow has stopped flowing. My Mac Mini has run out of disk space. My youngest son, Ben, now uses my MacBook for school. And my Windows PC didn’t want to talk to the D700 (until I swapped cables – so that must have been the issue). It took me a while, but I eventually managed to pull a few half-decent images out of the selection. You can see them below, under “this week in photos”. I love using the DSLR, but do wish it had the connectivity that makes a smartphone so much more convenient.

The Portsdown Classic was my first opportunity to take a hand-held radio to a race. I’d seen spectators using them at other National Races last year but I didn’t have the equipment. I’d asked someone what they used and considered getting a Baofeng UV-5R but didn’t actually get around to clicking “buy now”. Then Christian Payne (Documentally) gifted me a Quansheng UV-K5(8) at Milton Keynes Geek Night. A chat with a friendly NEG rider and a little bit of homework told me which frequencies British Cycling uses. It was fascinating to be able to listen to the race convoy radio, both when driving behind the convoy at the start of the race and then when spectating (at least when the race was within radio range).

Listening in on the action gave me a whole new perspective on the race. So much so that I’m considering completing the ConvoyCraft training to be able to drive an official event car

I mentioned that Christian had gifted me a radio last December. That was on condition that I promised to take the exam for my RSGB Foundation Licence. Well, I took it this morning and passed. The results are provisional but, assuming all goes well and I get my licence from Ofcom, I’ll write another post about that journey into the world of RF and antennae…

Finally, I wrapped up the week by meeting up with my former colleague, manager, and long-time mentor, Mark Locke. I learned a lot from Mark in my days at ICL and Fujitsu (most notably when I was a wet-behind-the-ears Graduate Trainee in the “Workgroup Systems” consultancy unit we were a part of in the early days of Microsoft Exchange, Novell GroupWise and Lotus Notes; and later working for Mark on a major HMRC infrastructure project); he was the one who sponsored me into my first Office of the CITO role for David Smith, back in 2010; and we’ve remained friends for many years. It was lovely to catch up on each other’s news over a pint and a spot of lunch.

This week in TV/video

My wife and I started watching two new TV series this last week. Both are shaping up well, even if one is a rom-com (not normally my favourite genre):

This week in photos

Elsewhere on the Internet

In tech

At least one good thing came out of the VMware-Broadcom situation:

The NCSC appears to have rebranded 2FA/MFA as 2SV:

But this. This is a level of geekiness that I can totally get behind:

Even I have to accept that playing Snake on network switches is a little too niche though:

Close to home

The river Great Ouse in Olney saw the biggest floods I can remember (for the second time this winter). The official figures suggest otherwise but they measure at the sluice – once the river bursts its banks (as it now does) the sluice is bypassed through the country park and across fields. The drone shots are pretty incredible.

This is a fantastic project. The pedant in me can almost forgive the errant apostrophe in the final frames of the video because the concept is so worthwhile:

Underground-Overground

Transport for London decided to rename six formerly “Overground” lines, This is one of the more educational stories about it:

It’s not the first time naming these lines has been proposed:

But British Twitter stepped up to the mark and delivered its own commentary:

Or at least some of British Twitter. Those outside the gravitational pull of London were less bothered:

St Valentine’s Day

Every now and again, the social networks surface something really wholesome. This week I’ve picked three St Valentine’s Day posts. Firstly, from “the Poet Laureate of Twitter”, Brian Bilston:

And then this lovely story (pun entirely intended) from Heather Self (click through for the whole thread of three posts):

This one just made me giggle:

Coming up

The coming weekend will be a busy one. Ben is heading off to the West Country for a few days away with his friends. It’s also Nikki’s birthday… but I won’t spill the beans here about any plans because she has been known to read these posts. And then, hopefully, on Monday, Matt will finally get away to train in a sunnier climate for a while.

Next week is half term but with both the “boys” away it will be quiet. When they are at home, we have the normal chaos of a busy family with two sporty teenagers. When they are away it’s nice to enjoy some peace (and a slightly less messy house), but it sometimes feels just a little odd.

Right, time to hit publish. I have a birthday cake to bake…

Featured image by -Rita-??? und ? mit ? from Pixabay.

Reconfiguring a Plusnet ADSL router (Sagemcom 2704n)

Posted on By Mark Wilson
This content is 9 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been trying to improve my Skype call quality at home and the guys I work with who know about this sort of stuff have suggested that my cheap ISP-supplied router may be part of the problem. Put simply, the Technicolor TG582n that Plusnet shipped me last year is fine for a bit of web surfing, it even streams video from iPlayer, etc. OK, but it’s not up to the task for P2P or real time media.

I was playing around with some of the settings and found that the router wasn’t behaving reliably (when I applied changes, and they weren’t applying) so I called PlusNet, who gave me two options: factory reset and a new router. I went for both.

The factory reset got me back up and running until the new router arrived. Plusnet’s current “Hub Zero” router is a Sagemcom 2704n and, whilst I’ve yet to see if my Skype for Business call quality improves, everything else about it seems to be a retrograde step:

The hardware design is flawed – when fixed to the wall, the router’s Ethernet ports are inaccessible (there isn’t enough room for them to turn through 90 degrees!) and, despite having a Gigabit Ethernet switch the ports are only 10/100 (yes, the ADSL connection is much slower than that but the cheap Ethernet ports reduce the speed of the local network).

Then, there’s the firmware that Plusnet have applied to the router which takes dumbing down to a new level. At least with the TG582n I could make a telnet connection for advanced configuration; Plusnet have blocked telnet, SSH and SNMP so there’s no way to manage the device. They’ve also removed the ability for ICMP to be enabled so my broadband ping trace flat-lined when I plugged in the new router:

PlusNet router blocks ICMP
No ICMP, no ping test

Worst of all, the Plusnet firmware hides the ability to change the IP address of the router, or to turn off DHCP. Given that I have a business account and that the paperwork with the router says “Welcome to Plusnet Business”, I’d have thought that almost any business with more than a handful of users would have its own DHCP server and may want to control the IP range in use (as I do – my Raspberry Pi does runs the infrastructure here). Luckily, after some hunting around I found a forum post with the details I needed:

Log into it using http://192.168.1.254/expert_user.html with the admin name and password.
Select >Advanced Setup >LAN
First select the ‘Disable DHCP Server’ radio button, then at the top, change the IP address

[…]

now click Apply/Save at the bottom. The 2704n will now update and the page will start to refresh but won’t complete as you now have to change the address in your browser URL bar to http://[yourchosenIP]/expert_user.html

In all likelihood, I’ll be buying a new router. Something decent for ADSL2+ that will also work if I do upgrade to FTTC later. In the meantime, at least I’ve managed to get over the biggest hump with reconfiguring the Sagemcom 2704n.

Reconfiguring a PlusNet ADSL router (Technicolor TG582n)

Posted on By Mark Wilson
This content is 10 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

This post is probably not much interest to many people but it might help some if, like me, you’re trying to re-configure a Technicolor TG582n ADSL router from Plusnet. Just make sure you read all the way to the end and save yourself some time!

For the last 11 years, my ADSL connection has been running with an elderly Solwise SAR110 ADSL modem/router, provided by Plusnet when we first connected to 512Mbps ADSL. Those were the days – half a meg download speeds seemed so fast back then! Whilst fibre has (just about) reached my neck of the woods, my ADSL 2 connection is working well, most of the time, and I get about 6Mbps down and 0.7Mbps up these days. Indeed, the connection actually seems to have become more responsive lately (my theory is that the contention rate has dropped in line with people switching to fibre)!  I did have cause to call Plusnet for support last week though, and they agreed to ship me a new router if I signed up to one of their current packages (which, incidentally saved me money too as we were still on a very old tariff).

The new router is a Technicolor TG582n and I finally got around to setting it up tonight. I was told that I might get slightly faster speeds but there’s no evidence of that based on the tests I’ve run so far (that may change in a couple of days when we roll into a new billing month and onto the new service) [Update: after a few reboots my speed has doubled to around 12Mbps]. For now though I just want to swap the old router out for the new one.

The first thing I found was that the default configuration sets the router’s IP address to 192.168.1.254. That’s the IP address of my wireless access point, and all of my devices are expecting a gateway address of 192.168.1.1.  So, I downloaded the router configuration (Technicolor Gateway -> Configuration -> Save or Restore Configuration).  This gave me a file called user.ini, which I then searched for all instances of 254 and looked like they were part of an IP address (ignoring one which was part of a long string of numbers) and replaced 254 with 1.  I then uploaded the new configuration and, hey presto, the browser refreshed giving me back the config for my wireless access point on 192.168.1.254 and the router was responding on 192.168.1.1.  That seems a bit of a kludge and there should be another way to do this, but I couldn’t find it in the GUI (at least not with software release 10.2.2.B).

Then, reading around I found that the router also has a DHCP server enabled by default. I don’t want that right now (my Raspberry Pi is doing that job for me) so I started to investigate switching that feature off. Again, I couldn’t find it in the GUI, so I tracked down a copy of the CLI guide for the router (from another ISP – Demon – albeit for an older release) and, sure enough, after telnetting onto the box the dhcp server config command told me it was enabled so I corrected that with the following commands:

dhcp server config state=disabled
saveall

After all that, I found the config that I needed – it seems that the location to make the changes is Home Network -> Interfaces -> Local Network -> Configure.

There I found some handy checkboxes to turn on/off DHCP servers (IPv4 and IPv6) as well as the static address for IPv4 addresses!

After all this, I may well switch over to one of the popular open source firmware packages on the router… but I’ll leave it alone for now…

HomePlug Ethernet, part 2

Posted on By Mark Wilson
This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For the last week or so, our living room has been out of bounds as we installed a new fireplace, redecorated and are now getting a new carpet fitted. That means all of the furniture has moved out to another room – and that includes our Smart TV.

After months of near-perfect video streaming over the Power Ethernet connection that I wrote about in November, I’ve had to go wireless again, and that means lots of buffering, etc. – despite the TV being right next to the Apple AirPort Express that I’m pretty sure should be repeating the signal.  That’s prompted me to a) do something about it as it will be another week or so before the Xbox and Smart TV are back in the living room and b) write this post about my experiences with my Power Ethernet TP1000 sockets.

Installation

If you can install a 2-gang (double) power socket, you can install a Power Ethernet socket*.  Simply turn off the power at the mains (consumer unit), disconnect the existing socket wiring, connect the TP1000  – and you’ll have a single power socket and four Ethernet ports in place of the two power sockets that were there originally.  Repeat for the second socket (you need a pair to work together) and a mesh network is created automatically. Simple!

A few points to note:

  1. Depending on the depth of the pattress or wall box that your socket uses, you may need a “spacer” to increase the depth to at least 35mm. I found that the wall box for my living room (standard fit for an early-1990s house with dry lined “dot and dab” walls) was too shallow but some spacers were included with my sockets.
  2. Even with the spacer, it’s still a tight fit (the back of the TP1000 is bulkier than a standard switched double socket) and I moved the point at which the ring main entered the wall box by a couple of centimetres to improve access to the wiring connections.
  3. The TP1000 power socket is unswitched. That’s not a problem for me, but may be a concern for some people.
  4. Although the facia plate for the TP1000 is white, the unit itself is grey (and my spacers were white). Also, it has rounded corners, which look nice, but are difficult to match with existing sockets (or the spacer).  Again, not a problem for me (the socket is hidden behind our TV stand) but it would be good to see Power Ethernet devices available in a selection of finishes to match the most commonly used electrical fittings here in the UK.

Use

It’s a power socket, just use it as normal.

And it’s an Ethernet switch with four connections. Just use them as normal. Of course, one end will need to be connected to your Internet connection – for me, this is via the wired LAN in my home office, without any need for cross-over cables.

Performance

For many years, I avoided Ethernet over power line solutions because I was concerned about interoperability between the various standards, and I’d heard stories of poor performance. Of course, this will vary tremendously based on the electrical wiring in use but I’ve been pretty impressed with the Power Ethernet devices. Bear in mind that my primary use is to stream TV from the Internet (BBC iPlayer, for example), so the bottleneck is my “up to 8Mbps” ADSL2 connection, but  I’m having no issues at all, even streaming HD content.

It’s difficult to measure the true throughput of the network but the Power Ethernet Management Software (PEMS) suggests I’m sustaining a connection at around 160Mbps and the initial connection speed often rises over time.  Tests using file transfers (for example, using NetCPS) suggested lower transfer rates but it’s still far better than over Wi-Fi – and seems more reliable.

The TP1000 Ethernet sockets also go into standby mode when not in use, which obviously has an environmental (and fiscal) impact, but they are quick to “resume” when a device is plugged in to one of the RJ45 connections or switched on, taking just a few seconds to establish a connection as normal.

Management

As I mentioned above, Power Ethernet provides management software  for the Ethernet switches inside the TP1000s. I’m not using the advanced functionality (e.g. setting up VLANs or QoS) but those sorts of capabilities will be extremely useful in an office environment and it’s still useful to be able to see the topology of the network, check out the port states, monitor bandwidth and otherwise manage the devices from a single location. Supplied as a Microsoft ClickOnce application, I did initially have some problems installing the software but Power Ethernet were able to take my log files and quickly resolve the issue. Since then, PEMS has automatically updated itself to the latest software release with absolutely no problems and apart from a few display problems (which may be due to the fact I’m running it on a Windows Server 2008 R2 machine, and connecting via RDP), it’s been pretty solid.

Power Ethernet Management Software

Interoperability

I mentioned that my SmartTV is temporarily in a different location (approx 8m from the nearest Ethernet socket) and, faced with an inability to watch iPlayer without buffering, I needed to set something up.  As this is a temporary fix and I don’t think Power Ethernet sockets are available with a brushed metal finish, I picked up a single TP-Link AV200 Nano powerline adapter (TL-PA211). It’s not as neat but it’s no worse than a 12V DC “brick” and it’s fine for a temporary setup. And, because both the TP-Link and the Power Ethernet sockets are HomePlug compatible, it instantly joined the mesh so I was connected to my Internet connection right away with no further configuration required.  What I did find is that the TP-Link connection is slower – which may be down to the the household electrical wiring or the device chipset (the TP-Link device uses the Intellon INT6000 chipset, whilst the TP1000 uses the Qualcomm Atheros INT6400) – but PEMS recognises a third party device and has shown me connection speeds in the range of 85-115 Mbps – which is still pretty decent and far more than my broadband connection!

Summary

I’ve been really pleased with my Power Ethernet TP1000s and I’d certainly recommend them for home or small business use. The management software can be a little clunky but it’s only really needed if you want to manage the embedded Ethernet switch, which is overkill for my simple home setup. And, whilst they may not be the cheapest HomePlug devices on the market, there are some significant advantages in terms of physical security, aesthetics and performance – and there’s always the option to combine with other 200Mbps HomePlug devices where appropriate. If you’re looking for an alternative to Wi-Fi, and running CAT5/6 is not an option, I seriously recommend taking a look at Power Ethernet.

 

* Of course, if you’re not confident in doing this, then consult an electrician. I’m not qualified to give electrical advice – I’m just a “competent DIYer”.

HomePlug Ethernet, part 1

Posted on By Mark Wilson
This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As more an more computing devices are being allowed into my living room (Xbox, Smart TV, etc.) I’m starting to find that the Wi-Fi in our house, which seems fine for basic surfing, email, social media, etc. is struggling more and more when it comes to streaming video content.

It could be a problem with my Wi-Fi setup but I have a pretty good access point, located in a reasonably central position (albeit upstairs) and an Apple Airport Express acting as a repeater, connected to some speakers in our garden room.  I have a feeling that the TV and Xbox are picking up the Airport Express, rather than the main access point (no way to tell on the Airport Express as its diagnostics are almost non-existent) and the lengthy Wi-Fi journey between access points may be the cause of my problems.  I could redesign the network but it works for streaming Spotify to the garden room/kitchen so I started to consider alternatives.

Creating CAT5E/6 cable runs around the house is just too disruptive (I did consider it when we extended a few years ago, but it was quite expensive too), so I started to look at running Ethernet over the household electrical system with HomePlug devices.

A bit of crowdsourcing (asking around on Twitter) turned up quite a bit of advice:

  • Develo dLAN devices seemed to be well-regarded and I nearly bought a dLAN 500 AVtriple+ starter kit.
  • A few people mentioned the TP link Powerline products too.
  • Some people told me to go for faster connections (500Mbps) and that slower devices may be limited by 10/100Mbps Ethernet connections.
  • Others suggested higher speeds are more vulnerable to overheating and interference (that was another common theme – depending on the household wiring it seems you might not get very close to the stated maximum).

Ultimately, whatever I use will mostly be streaming content from the Internet (BBC iPlayer, etc.) over my ADSL connection (which runs at about 6Mbps downstream) so the home network shouldn’t be the bottleneck, once I get off Wi-Fi and onto some copper.

I mentioned that I nearly bought the Develo kit, so why didn’t I? Well, just as I was getting ready to purchase, PowerEthernet (@PowerEthernet) picked up on my tweet and suggested I take a look at their product, which is really rather neat…

Instead of plugging into a socket (either with or without pass-through power capabilities), the PowerEthernet devices replace a standard UK double socket to provide a single socket and four 200Mbps Ethernet ports. You need a pair (of course) but they work together to create an encrypted (AES128) mesh network that’s compatible with the HomePlug Alliance AV standard.

Professional installation is recommended but, as Paul Ockenden (@PaulOckenden) highlights in his PCPro article:

“Most competent DIYers should be able to replace an existing two-gang socket with a Power Ethernet faceplate, and indeed the IEE Wiring Regulations do allow for a confident consumer to do this. For a new installation, however, or if you lack the confidence, you’ll need to consult a qualified electrician.”

I haven’t installed mine yet – I only collected them from the Royal Mail today – but I intend to report back when I’ve had a chance to play. In the meantime, Jonathan Margolis (@SimplyBestTech) wrote a short but sweet piece for the FT. PC Pro’s full review suggests they are a bit pricey (almost £282 for a pair including VAT) but Girls n Gadgets’ Leila Gregory (@Swannyfound them on Amazon at closer to £80 each (as did I).

I’ll write more when I’ve had a chance to use them for a bit…

Wake on LAN braindump

Posted on By Mark Wilson
This content is 12 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I lost quite a bit of sleep over the last few nights, burning the midnight oil trying to get my Dell PowerEdge 840 (server repurposed as a workstation) to work with various Dell management utilities and enable Wake On LAN (WoL) functionality.

It seems that the various OpenManage tools were no help – indeed many of the information sources I found for configuring the Baseboard Management Controller and kicking SOLProxy and IMPI into life seemed to be out of date, or just not applicable on Windows 7 (although ipmish.exe might be a useful tool if I get it working in future and it can be used to send WoL packets). I did find that, annoyingly, WinRM 2.0 needs an HTTPS connection and that a self-signed certificate will not be acceptable (according to Microsoft knowledge base article 2019527).  If I ever return to the topic of WinRM and IPMI, there’s a useful MSDN article on installation and configuration for Windows Remote Management.

In the end, even though my system is running Windows 7, the answer was contained in a blog post about a PowerEdge 1750, WoL and Debian

“Pressing ‘CTRL-S’ brings us to a configuration panel which allows for enabling the Wake-On-LAN (WOL) mode of the card.”

I’d been ignoring this because it the Ctrl-S boot option advertises itself as the “Broadcom NetXtreme Ethernet Boot Agent” (and I didn’t want to set the machine up to PXE boot) but, sure enough, after changing the Pre-boot Wake On LAN setting to Enable, my PowerEdge 840 started responding to magic packets.

On my WoL adventure, I’d picked up a few more hints/tips too, so I thought it’s worth blogging them for anyone else looking to follow a similar path…

“Windows 2000 and Windows 2003 do not require that WOL be turned on in the NIC’s or LOM’s firmware, therefore the steps using DOS outlined in the Out?of?Box and Windows NT 4.0 procedures are not necessary and should be skipped.  Enabling WOL with IBAUTIL.EXE, UXDIAG.EXE or B57UDIAG.EXE may be detrimental to WOL under Windows 2000 and Windows 2003.”

    • Presumably this advice also applies to Windows XP, Vista, Server 2008, 7 and Server 2008 R2 as they are also based on the NT kernel, so there is no need to mess around with DOS images and floppy drives to try and configure the NIC…
  • I downloaded Broadcom’s own version (15.0.0.21 19/10/2011) of the Windows drivers for my NIC (even though Windows said that the Microsoft-supplied drivers were current) and I’m pretty sure (although I can’t be certain) that the Broadcom driver exposed advanced NIC properties that were not previously visible to control Wake Up Capabilities and WoL Speed. (Incidentally, I left all three power management checkboxes selected, including “Only allow a magic packet to wake the computer”). There’s more information on these options in the Broadcom Ethernet NIC FAQs.
  • There is a useful-sounding CLI utility called the Broadcom Advanced Control Suite that I didn’t need to download; however its existence might be useful to others.
  • Depicus (Brian Slack) has some fantastic free utilities (and a host of information about WoL) including:
  • Other WoL tools (although I think Depicus has the landscape pretty much covered) include:
  • There’s also some more information about WoL on Lifehacker.

Enabling SNMP on my ADSL router

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve been playing around with some network monitoring and management tools on my home network and so have been busily enabling Simple Network Management Protocol (SNMP) on a number of my devices, including my elderly Solwise SAR110 ADSL modem/router; however the router’s web interface doesn’t seem to have the ability to configure the SNMP agent.

I asked how to do this on the Solwise forums and the response was to use the command line. Sure enough, I located the Solwise SAR110 Advanced Reference Guide telnetted to the router’s internal interface, logged on, and issued the following commands:

create snmp comm community public ro

(to create a community called public with read only access.)

create snmp host community public ip ipaddress

(to allow a specified IP address to interrogate the device using the public community.)

get snmp host confirmed that the settings were correct.

Enabling traps to inform the SNMP manager of any events was already enabled by default (confirmed using get snmp trap); however the command would have been modify snmp trap enable (or modify snmp trap disable to disable traps).

In order to test the configuration, I ran Noël Danjou’s SNMPTest utility. This confirmed that my router was accessible via SNMP; although I’m not sure if the trap functionality is working as it should be… I certainly didn’t see any evidence of the “System up” trap being sent after resetting the router.

Finally, once I was sure that everything was working as expected, I issued the commit command to save the changes (and re-ran the tests to see if that was why the traps hadn’t worked).

It’s not very likely that anyone reading this blog is using such an ancient device; however the general principle holds true for many consumer devices. If the web interface doesn’t let you do what you want, see if there is command line access, typically via telnet or ssh.

Using Wireshark for basic packet capture and analysis

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

As I’m trying to get my head around the notes I made from last week’s Wireshark webcast by Mike Pennacchi of Network Protocol Specialists, I thought I’d post the highlights here – these are just my notes with very little interpretation or linking out to other sites, so check out the video for more detail:

  • Analyser placement is critical to successful network troubleshooting – switched networks provide direct traffic so you can’t just plug in and view everything right away.
  • Three common methods for monitoring a switched network are:
    • Spanning/port mirroring – copying ingress and egress traffic between switch ports to form a single data stream – even for an entire VLAN (although it’s likely that would exceed the capabilities of the destination port).
      • Advantages include: configuration requires no interruption to traffic flow; multiple ports can be sent to a single port; remote spanning is possible between switches; some switches can filter packets as part of the spanning.
      • Disadvantages include: configuration requires access to the switch; not all switches fully support spanning; has been known to cause problems.
    • Tap – for monitoring full duplex traffic, including physical errors, passing traffic between devices in a fault tolerant manner.
      • Taps may be fibre or copper-based.
        • Fibre taps require no power and will split the signal using a ratio intended to provide the greatest signal level to the destination and a usable signal for analysis.
        • Most copper taps regenerate the signal (and will pass the signal on directly in the event of power failure).
      • Port aggregation taps can internally combine data streams, allowing a single port to capture full duplex traffic and also to buffer traffic when the combined data rate exceeds the egress data rate for the port. They can be:
        • Passive – dropping inbound packets from the analyser.
        • Allow reset packets – allowing packet injection, e.g. for an intrusion detection system to kill a TCP connection.
      • Advantages include: taps are independent of the switch infrastructure and work out of band.
      • Disadvantages include: the link needs to be broken to insert the tap and, for full duplex taps, the analyser needs to be able to accept two streams and merge them into a single trace file.
    • Hub – an inexpensive solution to copy all traffic to all other ports, including physical errors.
      • Hubs are effectively repeaters.
      • Beware that some hubs are really switches, labelled as hubs.
      • Dual-speed hubs are actually switched between the 10 and 100Mbps networks – so the analysis device will need to operate at the same speed as the devices being monitored otherwise only broadcasts will be detected from devices running at a different speed.
      • Advantages include: low cost, easy to install and readily availble; traffic can be sent to multiple monitoring ports.
      • Disadvantages include: only half duplex; not fault tolerant and require breaking the link for installation.
  • Wireshark analysis method (D.I.S.C.A.R.D.):
    • Download Wireshark (free).
    • Install – two components: the Wireshark application and the packet capture driver (for Windows that’s Winpcap).
    • Setup – select the interface (from the Capture menu) and click Prepare. Where present, a generic dialup adapter can be used to capture VPN packets prior to encryption. Ensure that promiscous mode is used to capture all frames seen by the interface (not just those addressed to the analyser). Set capture filters if required (but it may be better to filter post-capture). Tweak the display options to improve performance – turn off real-time packet listing and automatic scrolling.
    • Capture – click start to run a capture. In practice, the maximum capture rate using a built-in NIC before packets begin to drop will be around 230Mbps although cards are available for full duplex 1Gbps network captures (e.g. the Cace TurboCap).
    • Analyse – view frames using the display filter against the packet list, then view the packet detail and, if necessary, the packet bytes. Setting the time display format (on the View menu) as seconds since previous displayed packet will help to identify gaps. Even encrypted traffic will show the deltas. The filter input box turns green when a valid filter is applied – alternatively the Expression option provides a GUI to assist. Some filters are case-sensitive and beware when using booleans with multiple filters (i.e. use or not and to avoid attempting to filter on two protocols at the same time!). Follow TCP Stream can be useful to quickly create a filter based on an IP address pair and particular port numbers.
    • Resolve – after thorough analysis, resolve the issues.
    • Document the solution.
  • Pilot is a companion tool for Wireshark (chargable) and offers deep packet analysis.
  • Example captures are available at Packetlife.net

Building a branch office in a box?

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For many organisations, branch offices are critical to business and often, rather than being a remote backwater, they represent the point of delivery for business. Meanwhile, organisations want to spend less on IT – and, as IT hardware and software prices fall, providing local resources improves performance for end-users. That sounds great until considering that local IT provision escalates support and administration costs so it makes more financial sense to deliver centralised services (which have a consequential effect on performance and availability). These conflicting business drivers create a real problem for organisations with a large number of branch offices.

For the last few weeks, I’ve been looking at a branch office consolidation exercise at a global organisation who seem to be suffering from server proliferation. One of the potential solutions for consolidation is using Windows Server 2008 and Hyper-V to provide a virtualised infrastructure – a “branch office in a box”, as Gartner described it in a research note from a few years ago [Gartner RAS Core Research Note G00131307, Joe Skorupa, 14 December 2005]. Windows Server 2008 licensing arrangements for virtualisation allow a server to run up to 4 virtualised operating system environments (with enterprise edition) or a single virtual and a single physical instance (with standard edition). It’s also possible to separate domain-level administration (local domain controllers, etc.) from local applications and infrastructure services (file, print, etc.) but such a solution doesn’t completely resolve the issue of maintaining a branch infrastructure.

Any consolidation at the branch level is a good thing but there’s still the issue of wide area network connectivity which means that, for each branch office, not only are there one or more Windows servers (with a number of virtualised workloads) to consider but also potentially some WAN optimisation hardware (e.g. a Cisco WAAS or a Riverbed Steelhead product).

Whilst I was researching the feasibility of such as solution, I came across a couple of alternative products from Cisco and Citrix which include Microsoft’s technology – and this post attempts to provide a high level overview of each of them (bear in mind I’m a Windows guy and I’m coming at this from the Windows perspective rather than from a deep networking point of view).

Cisco and Microsoft Windows Server on WAAS

When I found the Windows Server on WAAS website I thought this sounded like the answer to my problem – Windows Server running on a WAN optimisation appliance – the best of both worlds from two of the industry’s largest names, who may compete in some areas but still have an alliance partnership. In a video produced as part of the joint Cisco and Microsoft announcement of the Windows on WAAS solution, Cisco’s Vice President Marketing for Enterprise Solutions, Paul McNab, claims that this solution allows key Windows services to be placed locally at a reduced cost whilst providing increased flexibility for IT service provision; whilst Microsoft’s Bill Hilf, General Manager for Windows Server marketing and platform strategy, outlines how the branch office market is growing as workforces become more distributed and that the Windows on WAAS solution combines Windows Server IT services with Cisco WAAS’ WAN optimisation, reducing costs relating to infrastructure management and power usage whilst improving the user experience as services are brought closer to the user.

It all sounds good – so how does this solution work?

  • Windows on WAAS is an appliance-based solution which uses virtualisation technologies for Cisco WAAS and Microsoft Windows Server 2008 to run on a shared platform, combined with the advantages of rapid device provisioning. Whilst virtualisation in the datacentre has allowed consolidation, at the branch level the benefit is potentially the ability to reconfigure hardware without a refresh or even a visit from a technician.
  • Windows Server 2008 is used in server core installation mode to provide a reduced Windows Server footprint, with increased security and fewer patches to apply, whilst taking advantage of other Windows Server 2008 enhancements, such as improved SMB performance, a new TCP/IP stack, and read-only domain controllers for increased directory security at the branch.
  • On the WAAS side, Cisco cite improved application performance for TCP-based applications – typically 3-10 times better (and sometimes considerably more) as well as WAN bandwidth usage reduction and the ability to prioritise traffic.
  • Meanwhile, running services such as logon and printing locally means that end user productivity is increased.

Unfortunately, as I began to dig a little deeper (including a really interesting call with one of Cisco’s datacentre product specialists), it seems that this solution is constrained in a number of ways and so might not allow the complete eradication of Windows Server at the branch office.

Firstly, this is not a full Windows Server 2008 server core solution – only four roles are supported: Active Directory Domain Services; DHCP server; DNS server and Print services. Other services are neither supported, nor recommended – and the hardware specifications for the appliances are more akin to PCs (single PSU, etc.) than to servers.

It’s also two distinct solutions – Windows runs in a (KVM) virtual machine to provide local services to the branch and WAAS handles the network acceleration side of things – greatly improved with the v4.1 software release.

On the face of it (and remember I’m a Windows guy) the network acceleration sounds good – with three main methods employed:

  1. Improve native TCP performance (which Microsoft claim Windows Server 2008 does already) by quickly moving to a larger TCP window size and then lessening the flow once it reaches the point of data loss.
  2. Generic caching and compression.
  3. Application-specific acceleration for HTTP, MAPI, CIFS and NFS (but no native packet shaping capability).

All of this comes without the need to make any modifications to the existing network – no tunnelling and no TCP header changes – so the existing quality of service (QoS) and network security policies in place are unaffected by the intervening network acceleration (as long as there’s not another network provider between the branch and the hub with conflicting priorities).

From a support perspective Windows on WAAS is included in the SVVP (so is supported by Microsoft) but KVM will be a new technology for many organisations and there’s also a potential management issue as it’s my understanding that Cisco’s virtual blade technology (e.g. Windows on WAAS) does not yet support centralised management or third party management solutions.

Windows on WAAS is not inexpensive either (around $6,500 list price for a basic WAAS solution, plus another $2,000 for Windows on WAAS, and a further $1,500 if you buy the Windows licenses from Cisco). Add in the cost of the hardware – and the Cisco support from year 2 onwards – and you could buy (and maintain) quite a few Windows Servers in the branch. Of course this is not about cheap access to Windows services – the potential benefits of this solution are much broader – but it’s worth noting that if the network is controlled by a third party then WAN optimisation may not be practical either (for the reasons I alluded to above – if their WAN optimisation/prioritisation conflicts with yours, the net result is unlikely to result in improved performance).

As for competitive solutions, Cisco don’t even regard Citrix (more on them in a moment) as a serious player – from the Cisco perspective the main competition is Riverbed. I didn’t examine Riverbed’s appliances in this study because I was looking for solutions which supported native Windows services (Riverbed’s main focus is wide area application services and their wide area file services are not developed, supported or licensed by Microsoft, so will make uncomfortable bedfellows for many Windows administrators).

When I pressed Cisco for comment on Citrix’s solution, they made the point that WAN optimisation is not yet a mature market and it currently has half a dozen or more vendors competing whilst history from in other markets (e.g. SAN fabrics) would suggest that there will be a lot of consolidation before these solutions reach maturity (i.e. expect some vendors to fall by the wayside).

Citrix Branch Repeater/WANScaler

The Citrix Branch Repeater looks at the branch office problem from a different perspective – and, not surprisingly, that perspective is server-based computing, pairing with Citrix WANScaler in the datacentre. Originally based around Linux, Citrix now offer Branch Repeaters based on Windows Server.

When I spoke to one of Citrix’s product specialists in the UK, he explained to me that the WANScaler technologies used by the Branch Repeater include:

  1. Transparency – the header is left in place so there are no third-party network changes and there is no need to change QoS policies, firewall rules, etc.
  2. Flow control – similar to the Cisco WAAS algorithm (although, somewhat predictably, Citrix claim that their solution is slightly better than Cisco’s).
  3. Application support for CIFS, MAPI, TCP and, uniquely, ICA.

Whereas Cisco advocate turning off the ICA compression in order to compress at the TCP level, ICA is Citrix’s own protocol and they are able to use channel optimisation techniques to provide QoS on particular channels (ICA supports 32 channels in its client-server communications – e.g. mouse, keyboard, screen refresh, etc.) so that, for example, printing can be allowed to take a few seconds to cross the network but mouse, keyboard and screen updates must be maintained in near-real time. In the future, Citrix intend to extend this with cross-session ICA compression in order to use the binary history to reduce the volume of data transferred.

The Linux and Windows-based WANScalers are interoperable and, at the branch end, Citrix offers client software that mimics an appliance (e.g. for home-based workers) or various sizes of Branch Repeater with differing throughput capabilities running a complete Windows Server 2003 installation (not 2008) with the option of a built-in Microsoft ISA Server 2006 firewall and web caching server.

When I asked Citrix who they see as competition, they highlighted that one two companies have licensed Windows for use in an appliance (Citrix and Cisco) – so it seems that Citrix see Cisco as the competition in the branch office server/WAN optimisation appliance market – even if Cisco are not bothered about Citrix!

Summary

There is no clear “one size fits all” solution here and the Cisco Windows on WAAS and Citrix WANScaler solutions each provide significant benefits, albeit with a cost attached. When choosing a solution, it’s also important to consider the network traffic profile – including the protocols in use. The two vendors each come from a slightly different direction: in the case of Cisco this is clearly a piece of networking hardware and software which happens to run a version of Windows; and, for Citrix, the ability to manipulate ICA traffic for server-based computing scenarios is their strength.

In some cases neither the Cisco nor the Citrix solution will be cost effective and, if a third party manages the network, they may not even be able to provide any WAN optimisation benefits. This is why, in my customer scenario, the recommendation was to investigate the use of virtualisation to consolidate various physical servers onto a single Windows Server 2008 “branch office in a box”.

Finally, if such a project is still a little way off, then it may be worth taking a look the branch cache technology which is expected to be included within Windows Server 2008 R2. I’ll follow up with more information on this technology later.

More on the BT Home Hub

Posted on By Mark Wilson
This content is 16 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last year I blogged about the dangers of BT Home Hub users using WEP for “Wi-Fi Security”, pointing out that WEP is generally considered insecure and that WPA or WPA2 should be used instead. Then I set up my Dad’s Home Hub for him (just as an ADSL router/modem at this time… possibly with some of the other features later) and this is what I found:

  • The Home Hub is an elegant piece of hardware and BT have made cabling straightforward with colour-coded cables.
  • Following the instructions (which is what I did) involved installing a lot of software on the PC… just to connect to a router. I imagine that most of it can be disregarded (Customised browsers, BT Yahoo! sidebar etc.).
  • The setup failed to recognise that there was already an ADSL modem connection and that I was replacing that with a LAN-based connection (eventually I found a setting deep on the BT Broadband Help system to change that, after which uPnP jumped into life and the router was located).
  • The supplied password for BT Yahoo! Broadband didn’t work, resetting it required answering a security question that had never been set (chicken… egg…) and calling for support involved speaking to a well-intentioned but not very efficient call centre operative somewhere on the Indian subcontinent (who apologised for the quality of the phone line… ironic given that this service was on behalf of one of the World’s largest telecommunications providers)

Returning last week to finish the job, I found that BT have been updating the router firmware automatically for him and now he has options for WPA/WPA2 (which I duly configured). I also found a great link for information on the home hub (a rebadged Thomson device) – the The Frequencycast Home Hub FAQ – which told me useful things like to access the configuration via http://bthomehub.home/ and that the authentication prompt for administrator access does not requires the BT Broadband username and password but the username admin and password of admin (or the serial number of the device) until it is reset to something more memorable. If you need to know something about the BT Home Hub, the chances are it’s in this FAQ. Also worth a look (particularly if you have a Mac that’s not playing nicely with WPA-TKIP – although my OS X 10.5.5 MacBook seemed to be fine with Home Hub software 6.2.6.E) is the BT Home Hub page on hublog – and there is also a command line interface reference for the Home Hub.