Network Management Archive

What could be done to simplify your router upgrade

Telstra Gateway Frontier modem router press picture courtesy of Telstra

There needs to be a standard filetype to simplify the process of upgrading your home network router without reconfiguring your home network

An issue that will crop up through the life of a home network is to upgrade the router. This will be brought on with replacement of carrier-supplied equipment with retail equipment, replacing that half-dead router that you are always powering off and on many times a week, or upgrading to higher-performance equipment.

But you will end up having to transcribe out configuration data from your old equipment so you can enter it in to your new equipment especially if you want to avoid having to reconfigure other network equipment on your same home network.

Most routers offer a way for users to back up the current configuration details. This is typically to allow a user to do things like perform a factory resent or to test a configuration without losing a prior known-to-work state.

The process typically requires the user to download a configuration file to the computer they are configuring the router from in a similar manner to downloading a resource from the Web. But there isn’t a consistent file schema for storing this data in a manner for transferring to devices supplied by different vendors. In some cases, you may not be able to transfer the configuration data to newer equipment from the same vendor such as to install a newer router model.

AVM have taken steps in the right direction by allowing users to save a configuration from an older Fritz!Box router and upload it to a newer Fritz!Box router running a newer version of the Fritz!OS firmware. It is also to factor in allowing the router to persist your configuration to a newer version of the firmware.

But what can be done to make this work better would be to use a standard file format, preferably an XML-based schema which could be used for storing a router configuration. This would have to be agreed upon by all of the vendors to provide true vendor interoperability.

There would also be issues about providing multiple methods of storing this data. It could be about maintaining the traditional HTTP download / upload approach with Web clients on the same local network. Or it could also be about transferring the data between a USB Mass Storage device and the router such as to facilitate an out-of-box install.

Such a setup could allow for a range of scenarios like simplifying the upgrade path or to make it easier for support staff to keep information about different configurations they are responsible for.

The configuration data would have to cater for WAN (Internet) and LAN details including details regarding Wi-Fi wireless network segments, advanced network setups like VLAN and VPN setups, VoIP endpoint setups as well as general and security-related data.

Of course an issue that will crop up would be assuring the user of proper network security and sovereignty, something that could be assured through not persisting the management password to a new router. Also you won’t be able to keep Wi-Fi channel data especially if you deal with self-optimising equipment, because you may have to face an evolving Wi-Fi spectrum landscape.

What will need to happen is to provide methods to allow seamless upgrading of devices that serve as your network-Internet “edge” so you can simplify this upgrade process and get the most out of the new equipment.

Send to Kindle

Across-the-room data transfer–many questions need to be answered

Transfer data between two smartphones

Wirelessly transferring data between two devices in the same space

The industry has explored various methods for achieving point-to-point across-the-room data transfer and user discovery. This would avoid the need to use the Internet or a mobile phone network to share a file or invite another user to a game or social network. Similarly, it would be a way to exchange data with a device like a printer or an interactive advertising setup in order to benefit from what that device offered.

Methods that have been tried

The first of these was IrDA infra-red transfer working in a similar to how most TV remote controls work to allow you to change channels without getting off the couch. This was exploited by the legendary Palm Pilot PDA and some of the Nokia mobile phones as a way to “beam” one’s contact details to a friend or colleague with the same device.

Bluetooth pushed forward with the Object Push Profile and File Transfer Profile as methods for exchanging data across the room. This was typically useful for contact details, low-resolution photos or Weblinks and was exploited with the popular feature phones offered by the major phone manufacturers through the 2000s. This method was also exploited by the out-of-home advertising industry as a way to convey Weblinks or contact details from a suitably-equipped poster to suitably-equipped mobile phones set to be discoverable.

But Apple nipped this concept in the bud when they brought out the highly-popular iPhone. The concept has been kept alive for the regular-computer operating systems and for Android mobile applications but mobile users who want to exchange data would have to ask whether the recipient had an Android phone or not.

Bluetooth also implemented that concept with the 4.0 Low Energy Profile standard by using “beacons” as a location tool. But this would be dependent on application-specific software being written for the client devices.

Microsoft is even reinstigating the Bluetooth method to transfer files between two computers in the same room as part of the functionality introduced in the Windows 10 April Update. But I am not sure if this will be a truly cross-platform solution for Bluetooth as was achieved with the earlier Object Push Profile or File Transfer Profile protocols.

Apple tried out a method similar to Bluetooth Object Push Profile called AirDrop but this implemented Wi-Fi-based technology and could only work with the Apple ecosystem. It was associated with “cyberflashing” where lewd pictures were forced out to unsuspecting recipients and Apple implemented a “contacts only” function with contacts’ emails verified against their Apple ID email logins as a countermeasure against this activity.

QR Code used on a poster

QR codes like what’s used on this poster being used as a pointer to an online resource

The QR code which is a special machine-readable 2D barcode has the ability to convey contact details, Weblinks, Wi-Fi network parameters and other similar data to mobile phones. These can be printed on hard-copy media or shown on a screen and have a strong appeal with business / visiting cards, out-of-home advertising or even as a means for authenticating client devices with WhatsApp.

Facebook even tried implementing QR codes as a way to share a link to one’s Profile or Page on that social network. Here, it can be a secure method rather than hunting via email or phone number which was raised as a concern with the recent Facebook / Cambridge Analytica data-security saga,

The Android and Windows communities looked towards NFC “touch-and-go” technology where you touch your phones together or touch an NFC card or tag to transfer data. This has been exploited as a technique to instigate Bluetooth device pairing and implemented as a method of sharing contact data between Android and / or Windows devices. For a file transfer such as with contact details, the data itself is transferred using Bluetooth in the case of Android Beam or Wi-Fi Direct in the case of Samsung’s S Beam feature.

The Wi-Fi Alliance are even wanting to put up a Wi-Fi-based method called Wi-Fi Aware. Here, this would be used for data transfer and other things associated with the old Bluetooth Object Posh Profile.

This is implemented on a short-range device-to-device basis because users in the same room may not be connected to the same Wi-Fi Direct or Wi-Fi infrastructure network as each other. There is also the reality that a properly-configured Wi-Fi public-access network wouldn’t permit users to discover other users through that network and the fact that a typical Wi-Fi network can cover the whole of a building or a street.

But there could be the ability to enable data transfer and user discovery using Wi-Fi Aware but being able to use a Wi-Fi infrastructure network but allow the user to define particular restrictions. For example, it could be about limiting the scope of discovery to a particular access point because most of these access points may just cover a particular room. Using the access points as a “scoping” tool even if the host devices don’t connect to that network could make the concept work without jeopardising the Wi-Fi infrastructure network’s data security.

Applications

There are a series of key applications that justify the concept of “across-the-room” data transfer. Typically they either involve the transfer of a file between devices or to even transfer a session-specific reference string that augments local or online activity.

The common application here is for a user to share their own or a friend’s contact details with someone else as a vCard contact-detail file. Another common application is to share a link to a Web-hosted resource as a URL. But some users also use across-the-room data transfer to share photos and video material such as family snapshots. In the same context, it could be about a dedicated-pudevice sending or receiving a file to or from a regular computer or mobile device such as to transfer .

In the advertising and public-relations context, “across-the-room” data transfer has been seen as a way to transfer a URL for a marketer’s Website or a visual asset to an end-user’s phone or computer. For example, the QR code printed on a poster has become the way to link a user to a media-rich landing page with further explanation about what is advertised. Similarly some out-of-home advertising campaigns implemented the Bluetooth Object Push Profile standard as a way to push an image, video or Weblink to end-users’ mobile phones.

But “across-the-room” data transfer is also being used as a way for users in the same space to discover each other on a social network or to identify potential opponents in a local or online multiplayer game. I find this as a preferred method for discovering someone to add to a social network or similar platform I am a member of so that I can be sure that I am finding the right person on that platform and they are sure about it. Also, in the case of a local multiplayer game, the players would have to continue exchanging data relating to their moves using the local data link for the duration of their game.

Facebook even explored the idea of using QR codes as a way to allow one to invite another person whom they are chatting with to be their Facebook Friend or discover their Facebook Page. It is infact an approach they are going to have to rediscover because they are closing off the users’ ability to search for people on the social network by phone number or email thanks to the Cambridge Analytica scandal.

What does the typical scenario involve?

The users who are in the same area are talking with each other about something that one of them has to offer such as contact details or a photo. Or, in the context of advertising or other similar situations, there will be some prior knowledge that there is something to benefit from knowing more about the offer using an online experience.

One of the users will invoke the transfer process by, for example, sharing the resource or hunting for a potential game opponent using their device’s user interface. The other use will share a nickname or other identifier to look out for in the list that the initial user is presented.

Then the other user will confirm and complete the process, including verifying success of that transfer and agreeing that the contents are what they were expecting. In the case of adding another user to a social network or multiplayer game, they will let the instigating user know that they have been added to that network or game.

What does a successful across-the-room data transfer or user-discovery ecosystem need?

Firstly, it needs to be cross-platform in that each device that is part of a data transfer or user/device discovery effort can discover each other and transfer data without needing to be on the same platform or operating system.

Secondly, the process of instigating or receiving a data transfer needs to be simple enough to allow reliable data transfer. Yet end-users’ data privacy should not be compromised – users shouldn’t need to receive unwanted content.

The protection against unwanted discovery or data transfer should be assured through the use of time-limited or intent-based discovery along with the ability for users to whitelist friends whom they want to receive data from or be discovered by in the wireless-based context. Intent-based discovery could be to have the recipient device become undiscoverable once the recipient device confirms that they have received the sender’s data or, in the case of a local multiplayer game, the players have completed or resigned from the game.

Conclusion

The concept of “across-the-room” data transfer and user/device discovery needs to be maintained as a viable part of mobile computing whether for work or pleasure. Where operated properly, this would continue to assure users of their privacy and data sovereignty.

Send to Kindle

Are we going to expect more from distributed Wi-Fi setups?

Article

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

We could be expecting more from distributed-Wi-Fi devices of the NETGEAR Orbi ilk thanks to 802.11ax Wi-Fi and the Internet of Things

Distributed Wi-Fi: How a Pod in Every Room™ Enables Connected Smart Homes | Wi-Fi Now Blog

My Comments

The Wi-Fi Now consortium wrote up a blog article where we are to expect more from a distributed Wi-Fi installation especially in the context of Internet Of Things and the smart home.

One of the key drivers for this issue will be the 802.11ax standard for Wi-Fi wireless networks. This is intended to be the successor to the current 802.11ac but also is about high throughput and the ability for multiple devices to work at once from the same network. As well, it is expected to yield high-efficiency operation with an experience similar using an Ethernet network that uses a switch like when you have devices connected to your home network’s router via its Ethernet LAN ports.

According to the article, 802.11ax with its increased throughput is pitched as being suitable for newer broadband-service technologies like fibre-to-the-premises, DOCSIS 3.1 HFC cable-modem and 5G mobile broadband. In the context of the distributed Wi-Fi network, 802.11ax will be positioned for use as a wireless backhaul between the access-points and the edge router that links to the Internet.

But the article places an expectation on these access-point pods being installed in every room due to the increased number of Wi-Fi-based network-enabled devices connected to the home network. There is also an expectation that these access points will support Bluetooth and/or Zigbee as well as Wi-Fi thus becoming a localised network bridge for smart-home and Internet-Of-Things devices based on these wireless technologies. But I would place in the same scope Z-Wave, DECT-ULE and other similar “Internet Of Things” wireless technologies.

Previously this kind of functionality was offered through separate network bridges that interlinked a Bluetooth, Zigbee or similar-technology device to your home network via Wi-Fi or Ethernet.

Such equipment was typically offered as an accessory for a smart-home device like a smart lock by the device’s manufacturer and you weren’t sure if this piece of equipment would work with other smart-home devices implementing the same wireless-link technology. Or it was offered as a “smart home hub” which worked with devices using a particular wireless technology and supporting certain function classes. But these hubs offered various smart-home controller functions including remote management as long as you were using particular apps or services.

This new approach could allow for an increased number of IoT devices in each room “talking” with the access-point pods and this data moves along the backhaul to the “edge” router for that “smart-home-as-a-service” setup. The article also sees it as allowing for an IoT device, especially one that is battery-powered, not to be part of a large Zigbee, Z-Wave or Bluetooth mesh thus leading to increased device reliability. I would also see it become relevant with setups that use technologies like DECT-ULE which use a “hub and spoke” topology.

For this concept to work properly, the network-bridge devices that interlink Zigbee or similar IoT wireless technologies to an IP-based network have to work independent of particular smart-home controller software. Then the smart-home controller software has to be able to work with any IoT-based device no matter which of these network bridges they are talking to as long as they are on the same logical network. This situation would be of concern with portable user-interface devices like remote controls that are likely to be taken around the premises.

Although this article is Wi-Fi focused, I would still see the wired network being important. For example, some house designers and builders are even wiring the homes they design with Ethernet whether as standard or as an option while the home is being built or renovated. As well, there is powerline networking based on either HomePlug AV500 or AV2 standards. Here, these wired-network technologies are still viable as a backhaul connection alternative especially if you are dealing with building materials and techniques like double-brick or sandstone construction, or foil-lined insulation that can slow down Wi-Fi wireless communications.

But could these wireless-network access-point “pods” be simply a dedicated device installed in each room? It could be feasible for a device that offers other functionality that benefits from the network to be an access point or one of these “pods” in its own right. For example, a network-capable printer or a consumer-electronics device like a home-theatre receiver could connect to an existing network’s backhaul but also be an access point in its own right.  In this context, a Smart TV installed in a lounge area further down the end of the house could become an access point or smart-home “pod” to cover that end area.

The idea has been proven in the form of the Amazon Echo Plus smart speaker which has a built-in network-bridge function for Zigbee smart-home devices. This is alongside the ability for it to be a controller for these devices in context with the Amazon Alexa ecosystem.

What is being put forward with the Wi-Fi NOW “Pod In Every Room” concept is the idea of a single logical network with a high-speed wireless data backbone and access-point devices serving all wireless networking applications for both regular data transfer and smart-home/IoT applications. As long as the approach is driven by common open standards without dependence on particular technology owned by one vendor, then there is the ability for this approach to multi-function Wi-Fi networking to work properly.

Send to Kindle

Wi-Fi introduces a new way to onboard new wireless-network devices

Articles

Draytek Vigor 2860N VDSL2 business VPN-endpoint router press image courtesy of Draytek UK

A QR code and a configuration app could be the way to get your Wi-FI network going or add a device to that network

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi Easy Connect (Product Page)

My Comments

The Wi-Fi Alliance has released as part of its WPA3 update for wireless-networks security the Wi-Fi Easy Connect protocol for onboarding new devices to a Wi-Fi network segment. It will work with extant WPA2 network segments as well as newer WPA3-compliant segments which offers the chance for existing Wi-FI devices to support this technology. That is alongside the ability for device manufacturers and software / operating-system developers to meld it in to their existing products using new code.

It is intended for onboarding devices that have a limited user interface including onboarding Internet-capable “white goods” and “backbone” devices like fridges or heating / cooling equipment to your Wi-Fi network. It is currently being seen as an alternative to the push-button-based WPS configuration process for devices that don’t have much in the way of a user interface. For Android smartphone users, much of this process will be similar to using a printed QR code to “onboard” your smartphone to an existing Wi-Fi wireless network.

What is it about?

QR Code used on a poster

QR codes like what’s used on this poster will be part of configuring your Wi-Fi wireless network

The main goal with the Wi-Fi EasyConnect standard is to permit a device with a rich user interface like a laptop, tablet or smartphone running suitable configuration software to pass configuration information to other devices that have a limited user interface. This can be facilitated with an independent configuration app or function that is part of the device’s operating system. Or it could be to allow configuration through the access point using its Web-based management user interface or a management app supplied by the access point’s manufacturer.

In all cases, the software that looks after the configuration aspect is described as a configurator. Access points or client devices that want to be part of the network are described as “enrollee” devices.

Android main interactive lock screen

Smartphones will become part of your Wi-Fi network’s setup or device-onboarding process

It can be feasible for one device to assume the role of a configurator or enrollee. An obvious example would be a computing device like a laptop, tablet or smartphone being able to come onboard an existing Wi-Fi network then you using that same computing device to bring another device like a network-capable fridge on board. Or you could bring a Smart TV or set-top box on-board to your Wi-Fi network using Wi-Fi Easy Connect but it then has the ability to be a “set-up point” for smartphones or tablets who want to join your Wi-FI network.

There are different ways of “associating” the enrollee device with the configurator device but it is primarily about making both devices know that they are trusted by each other.

The main method would be to use a QR code.that is on a sticker or card associated with the device or shown on the device’s display if this display is of the bitmapped graphical kind or can connect to a TV or monitor. Then the configuration device would scan this QR code if it is equipped with a camera.

Another option that is put forward is to use a text string written on a card or shown on a display and this would be used for configuration devices not equipped with a camera. This kind of situation may come in to its own if you are running a configuration program from a regular computer that isn’t equipped with a functioning Webcam.

.. as will laptops, Ultrabooks like this Dell XPS 13 and tablets

The Device Provisioning Protocol standard that is what the Wi-Fi EasyConnect feature is based on supports the use of NFC “touch-and-go” or Bluetooth Low Energy wireless link as another way to interlink a configuration device and an enrollee device during the setup phase. Both these technologies could work well with smartphone-centric applications, wireless speakers, connected building-management technology and the like. But these haven’t been placed as part of the certification testing that Wi-Fi Alliance has for the EasyConnect standard.

Once the initial information is exchanged between the devices, both devices will establish a separate secure Wi-Fi link with each other. Then the configuration software on one of the devices will use this link to pass through the parameters necessary to allow the enrollee device to connect with the extant Wi-Fi network. The whole configuration data-exchange is secured using asymmetrical public-key cryptography with the public key obtained during the initial setup process. Then that device hunts for, discovers and connects to the newly-programmed network.

There is the ability to use this same setup with an access point to set it up to work with an extant network or to create a new network. The latter situation would most likely be based around accepting a machine-generated ESSID and password or allowing the user to enter an ESSID and/or password. On the other hand, the previously-connected Wi-Fi networks list that an operating system maintains could be a data source for configuring a Wi-Fi device to a particular extant network using EasyConnect.

From the FAQs that I had read on the Wi-Fi Alliance Website, the Wi-Fi EasyConnect protocol allows for a single configuration program to configure multiple enrollee devices at once. Here, it is to facilitate situations where you are onboarding many IoT devices at once or are creating a new Wi-Fi network with new credentials.

But it doesn’t support the ability to onboard a single Wi-Fi client device to two Wi-Fi networks at once like your main network and a hotspot / guest network. Instead you have to repeat the Wi-Fi EasyConnect procedure including scanning the QR code for each network you want a device to associate with. This is so you can have greater control over what networks your devices are to associate with, but it can be of concern if you have a separate Wi-Fi network segment with distinct ESSID (network name) linking to the same logical network such as when dealing with a dual-band network with separate network names for each band.

What needs to be done

Personally, I would like to see Wi-Fi EasyConnect configuration functionality baked in to desktop and mobile operating systems including Apple’s operating systems rather than be separate programs. This avoids the need to find, download and install separate EasyConnect apps from your platform’s app store or loading a computer or smartphone with too many apps. But it could encourage other software developers to build improved Wi-Fi EasyConnect configuration apps that may, perhaps, suit particular user needs like asset control in the business-computing context.

I would also encourage the idea of maintaining WPS-PBC push-button pairing as an alternative method to Wi-Fi EasyConnect for onboarding Wi-Fi devices. This is more so for those devices that have a limited or no user interface and the goal is to quickly onboard a device without a rich user interface like a printer to a Wi-Fi router or access point.

Similarly, the use of NFC or Bluetooth as a legitimate certification option for onboarding Wi-Fi devices has to be encouraged and underscored through the life of this standard. Here, I would prefer that smartphones or tablets equipped with NFC and / or Bluetooth be tested to be compliant with the NFC and Bluetooth aspects of this standard.

There also has to be the ability with Wi-Fi EasyConnect to onboard a Wi-Fi network device with a limited user interface to an enterprise-grade Wi-Fi network that uses individual usernames and passwords. This is important for “Internet-Of-Things” devices that will increasingly be part of these networks.

Conclusion

Wi-Fi EasyConnect leads to another way of onboarding a Wi-Fi network device or access point using another device equipped with a rich user interface and can apply across all small-network setups.

Send to Kindle

Wi-Fi defines a new standard for distributed wireless netowrks

Articles

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

Wi-Fi now to standardise the operation of distributed Wi-Fi setups like the NETGEAR Orbi with the EasyMesh standard

A new Wi-Fi standard could let different mesh routers work together | The Verge

Mesh Wifi gear from different companies could soon work together | Engadget

Wi-Fi Alliance’s Wi-Fi EasyMesh certification aims to standardize mesh networks | PC World

From the horse’s mouth

Wi-Fi Alliance

Press Release

EasyMesh Product Page

My Comments

Increasingly, home and small-business Wi-Fi users are showing interest in distributed-WiFi network systems that implement simplified configuration and hands-off optimisation. They consist of multiple access-point devices and use a Wi-Fi path or, in the case of a few systems, an optional wired-network path to provide a backhaul to the router that links to your Internet service.

People are showing interest in these setups as a simplified way to assure Wi-Fi wireless-network coverage across a large or multi-storey / split-level building or a building that uses materials and construction techniques that play havoc with Wi-Fi network coverage. As well, they don’t want to deal with devices that are difficult to set up or to have to remember which SSID to use for best coverage in a particular area.

To the same extent, those of us who have separate buildings on our properties like a cabin or converted garage may want to be sure we can gain reliable access to the Internet and network resources from these buildings. Some of the distributed Wi-Fi systems like the Netgear Orbi can support wired backbones which can work with a HomePlug powerline link or Ethernet cable strung between the buildings and this could bring seamless Wi-Fi network operation to these buildings.

But the current problem with these systems is that you have to create the system with equipment from the same vendor or, in some cases, implementing a particular chipset. This makes it hard for customers to mix and match equipment to create a distributed-WiFi system that answers their needs exactly.

There is also the risk that if a manufacturer abandons their distributed-WiFi product line and one of the units fails, customers can’t replace the faulty unit with a new one from a different vendor – they would have to scrap the whole system. The same situation also applies if a customer wants to use a unit that offers specific functionality such as a router with higher security, a modem router or a weatherproof access point.

Enter the Wi-Fi Alliance who have established a certifiable standard with a trademark for these kind of systems. This standard, known as the EasyMesh standard and is part of their device-certification scheme, is based on the IEEE 1905.1 protocol for small-network configuration allows for “mix and match” operation of a distributed-WiFi system.

A network based on the Wi-Fi EasyMesh standard can implement a backhaul based on a Wi-Fi wireless and/or a wired (Ethernet, HomePlug powerline, MoCA TV-aerial / cable-TV coax, etc) medium. As well, the devices can support a dedicated Wi-Fi backhaul segment with dedicated radio transceivers or use the same Wi-Fi segment used to serve client computing devices.

There are two classes of device that exist across an EasyMesh Wi-Fi network – a Controller and an Agent device. The Controller co-ordinates what is happening with the network and typically it can be part of the Wi-Fi router that is the network-Internet “edge” of your home network. But it can be software running in another computer or an access point. You can have only one of these in operation on the one EasyMesh network.

The Agent device is the access point that your client devices such as your laptop, tablet or smartphone link to your home network through. These will connect to each other and to the Controller using the Wi-Fi, Ethernet or similar backbone.

A simplified setup and device-onboarding process takes place in an EasyMesh network, with the device-onboarding process typically being facilitated through methods like NFC or push-button setup. The onboarding procedure will also be about learning the capabilities that the new device offers such as what bands it operates on and whether they can be used simultaneously or what Wi-Fi standard is being supported by that device. Of course, initial network configuration may be about determining the ESSID (Wi-Fi network name) and, perhaps, a user-chosen passphrase for your network.

Let’s not forget that the EasyMesh network implements continual self-tuning for each Agent AP node. This means that if you add or remove extra Agent APs or move them around, they adjust their operating frequency and signal strength themselves. It also applies whenever neighbours set up or modify their Wi-Fi-based home networks.

The Controller device then monitors the network for best performance and will have the network steer client devices towards access points that offer the best bandwidth. As well, the Agent access points report their measurements to the Controller device and each other to provide the self-tuning self-healing network.

The Wi-Fi Alliance stated that there is the possibility of implementing Wi-Fi Certified EasyMesh at a software or firmware level without any particular requirements as far as the hardware is concerned. This could appeal to vendors to implement EasyMesh in to existing devices as part of, say, a firmware update which is a practice that AVM have done to enable some of their Fritz series of home-network equipment for distributed-Wi-Fi operation.

But what do I see the Wi-Fi Certified EasyMesh technology lead to?

There will be the ability to supply distributed-WiFi equipment that offers better value to the home or small-business user. This includes the ability for manufacturers to supply equipment that targets particular niches such as VPN-endpoint Wi-Fi routers for business or weatherproof access points for installation outdoors. Manufacturers could even consider the idea of integrating “mesh AP” functionality in to client devices so these devices could effectively boost Wi-Fi coverage in to an area.

The technology will benefit ISPs, telcos and cable-TV operators who supply Wi-Fi routers, typically modem routers, to their customers as part of providing Internet service. Here, it could become feasible to provide a modem router with EasyMesh capability to their customer and allow these customers to purchase the EasyMesh-compliant access points that suits their needs through the ISP’s storefront or a third-party retailer.

There is also room for the vendors to continually improve on their products in many different ways without needing to worry about risks associated with designing for a proprietary setup. Here, the algorithms associated with network-performance management can be tweaked in a manner so as to carry that improvement across an existing EasyMesh setup.

At the moment, the Wi-Fi EasyMesh solution will primarily be targeted at simple small networks but there will be a call to evolve this standard to support Wi-Fi-based VLAN setups. This is more so to cater for “guest networks”, FON-style shared-bandwidth setups and IP-based telephony which will make use of these setups. Here, a setup that answers these needs may may have to cater towards replicating the multiple SSIDs and network setups these networks implement while shifting data from each SSID to each “data pipe” like the Internet or a VoIP service.

But I see the Wi-Fi EasyMesh standard leading towards the ability for householders and small businesses to make sure that their small network’s Wi-Fi segment is providing the right coverage to suit their needs.

Send to Kindle

NETGEAR offers an affordable 8-port Gigabit unmanaged switch with Power Over Ethernet Plus on all ports

From the horse’s mouth

NETGEAR GS108PP ProSafe Gigabit Unmanaged 8-port Switch with Power-Over-Ethernet Plus press picture courtesy of NETGEAR

NETGEAR GS108PP ProSafe Gigabit Unmanaged 8-port Switch with Power-Over-Ethernet Plus

NETGEAR

GS108PP 8-port Gigabit unmanaged switch with Power Over Ethernet Plus

Product Page

Special Offer

MWAVE deal on this switch for AUD$169

Related Coverage

Understanding Power Over Ethernet

My Comments

Power Over Ethernet concept

Power Over Ethenrt concept

Increasingly Power-Over-Ethernet technology is being offered as a product-differentiating feature for small-business and installer-grade Ethernet switches. This is where these switches are able to supply power to network devices using the same blue wire that connects them to the wired Ethernet network.

The feature is appealing towards Wi-Fi access points, VoIP desk telephones and IP-based videosurveillance cameras as a way to power them without having to locate a power outlet near these devices. It also provides a form of central power control for such devices such as assuring access to battery backup for a cluster of devices or to allow a managed Ethernet switch to provide programmatic power control from its user interface.

But a lot of them offer this technology to some, usually half, of the ports available on them. TrendNET previously offered to the American market an eight-port Gigabit unmanaged switch with Power-Over-Ethernet Plus on all ports for US$280 when it came out.

But NETGEAR are offering the GS108PP switch which is a similar device with Power-Over-Ethernet Plus on all eight Gigabit ports for AUD$219 recommended retail price. MWAVE, an independent online computer dealer serving the Australian market. has put downward pressure on the price of this device class offering this Netgear unit with a 123W total power budget for a street price of AUD$169. As well, this model can be mounted on a desktop or a wall thanks to keyhole slots on the side but also comes with a set of rack ears to permit installation in a standard equipment rack.

It has been something associated with NETGEAR where they have offered affordable network-infrastructure hardware fit for small networks. This was primarily in the form of highly-compact affordable five-port and eight-port Ethernet switches with the basic expectations of their era. Gradually as newer network standards came along, NETGEAR would eventually be the first to roll them in to these affordable five-port or eight-port devices. Let’s not forget that they offered managed Ethernet switches that implement Web-based management and “automatic-transmission” operation for quality-of-service management when it comes to voice or video traffic. There was even the Nighthawk S8000 Gaming and Multimedia Switch with the same abilities as one of these business-grade switches but in a housing that would please gamers or not look out of place in a home-entertainment centre.

The next step for NETGEAR to take with some of these technologies is to package and present them to appeal to home users and small businesses while making them affordable. It can also be about endorsing and supporting connectivity and management standards that permit simplified setup of Ethernet-based network infrastructure.

Send to Kindle

Wi-Fi Agile Multiband–What will it be about

Article – From the horse’s mouth

Wi-Fi Alliance

D-Link DIR-895L AC5300 6 stream wireless router press picture courtesy of D-Link America

Wi-Fi Agile Multiband will make better use of those dual-band Wi-Fi wireless networks

Wi-Fi Agile Multiband (Resource Page)

My Comments

A reality that is affecting how the Wi-Fi wireless local network operates is the increasing number of network-infrastructure hardware that can work simultaneously on both the 2.4GHz and 5GHz bands. Add to this the fact that most Wi-Fi clients released in the last few years are able to work on both these bands.

But there is the issue of making sure these devices can provide the optimum throughput for whatever data you are sending to them. This can affect the setup process for network-infrastructure hardware where you have to be sure you are on the right channel for optimum throughput everywhere over your premises.

There is also the fact that you may want to make sure that your laptop, smartphone or other client device chooses the right band for the right application when you deal with a network that works across both bands. This would be more important where you have to use the least-cluttered band to assure reliable audio or video streaming or IP-based voice or video telephony sessions.

The Wi-Fi Alliance have launched a certified trademarked specification known as Agile Multiband to answer these situations.

What does it offer

A network access point or client that implements Wi-Fi Agile Multiband has the ability to monitor the service quality to determine the best connection opportunities available for that network.

Client and infrastructure devices in a Wi-Fi Agile Multiband network can steer away from congested channels and bands. This is a form of “self-tuning” which can take place even as the network’s environment changes.

In a multiple-access-point network, a Wi-Fi Agile Multiband setup can steer client devices away from

D-Link Covr router and wireless extender package press image courtesy of D-Link

Even multiple-access-point networks will benefit from this technology

oversubscribed access points to those that aren’t loaded with traffic to access points that don’t have much traffic on them. This is also to answer the reality that home networks are heading towards the multiple-access-point path thanks to HomePlug-based access points and mesh-based wireless network kits.

All these options can answer the needs of both static and mobile client setups. This means that a Wi-Fi-capable printer or Smart TV can benefit as much from these features as a laptop or smartphone that is always moved around. It can also appeal to “transportable” clients like Smart TVs installed on easily-movable furniture or “all-in-one” desktop computers which are normally static but are moved on an ad-hoc basis.

Moving around a Wi-Fi Agile Multiband network will see minimal interruption for the network device’s user. This is because client devices can cache network encryption keys to facilitate a quick handover between different access points, something that will be important for IP telephony or AV streaming.

A question that needs to be asked thanks to the ubiquity of Wi-Fi wireless networks operating on the 2.4GHz band is how a Wi-Fi Agile Multiband network can address non-Wi-Fi interference on that band. This is a situation driven by microwave ovens, cordless telephone systems, Bluetooth devices and the like that work on this band and the use of these devices could cause temporary interference.

What Wi-Fi Agile Multiband is about is a step to assure increased reliability out of Wi-Fi wireless network segments and make better use of the radiofrequency spectrum available to them.

Send to Kindle

NETGEAR releases the first weatherproof distributed-WiFi module

Articles

NETGEAR RBS-50Y Orbi Outdoor Satellite Module - press picture courtesy of NETGEAR

NETGEAR Orbi RBS-50Y – the first weatherproof satellite module for a distributed-Wi-Fi system ever

NETGEAR Moves Orbi Outside | SmallNetBuilder

I Live in the Woods, and Netgear’s Orbi Outdoor Satellite Sounds Like a Dream | Gizmodo

Netgear’s Orbi Satellite takes mesh WiFi networks outdoors | Engadget

From the horse’s mouth

NETGEAR

Orbi Outdoor Satellite RBS50Y (Product Page)

Press Release

My Comments

NETGEAR has continued to invest in their Orbi distributed WiFi system which was initially based on the “router + extender” or star-based setup.

This is one of the few systems of this kind that implement a separate 5GHz wireless backhaul along with Web-based system management rather than cloud-based Internet-dependent system management. A recent firmware upgrade added the ability for a NETGEAR Orbi system to implement a wired backhaul thanks to the Gigabit Ethernet switch integrated in most of the Orbi indoor device.

Initially, they offered different router and satellite modules that answer different needs, either as systems or additional client modules that people can add to extant Orbi systems to shape their system’s coverage.

But they have showcased the Orbi RBS50Y weatherproof satellite module which is the first first module for a distributed-WiFi system to be designed for outdoor use. This module, which is weatherproof to IP56 standards, connects to any NETGEAR Orbi or Orbi Pro routers wirelessly using that same dedicated backhaul.

Client devices connect to the network via an AC1300 dual-band dual-stream Wi-Fi radio which can allow an extra coverage of 2500 square feet (232.3 square metres). There is also the ability to have the unit’s main LEDs work as a night-light and work to scheduled on-off times.

The RBS50Y is powered through an AC adaptor so you would need to have an electrician install a power outlet near where you want to install the satellite module. You may get away with snaking the power cable from outside to inside the building through a small hole that you drill for this purpose. The computer press expressed that it could be desirable to implement 802.3af/802.3at-compliant Power Over Ethernet so you could use Cat5 cabling and a power injector which can make the installation process easier for this device. I would add to this that such a connector could be used as a way to exploit the recently-supported Ethernet backbone functionality offered to the Orbi distributed-WiFi system.

At the moment, this device is to be sold for a suggested retail price of US$329.99 ex tax with the computer press grumbling that it costs more than an Orbi setup or standard router. But I see this more as something intended to be added on to an existing Orbi setup to take it further and this NETGEAR Orbi RBK50Y outdoor satellite module has been honoured with a CES 2018 Innovation Award.

Send to Kindle

KRACK WPA2 Wi-Fi vulnerability–what is affected

Telstra Gateway Frontier modem router press picture courtesy of Telstra

A wireless router set up in the ordinary way as a base station or hub for your home network isn’t at risk of the KRACK exploit

The computing press has been awash with articles regarding a recently-discovered security vulnerability that affects Wi-Fi wireless networks. This vulnerability, known as KRACK, compromises the authentication process associated with the WPA2 security protocols that most Wi-Fi home and business networks implement.

What is affected

But it mainly affects client devices like laptops, smartphones and the Internet of Things which connect to Wi-Fi networks using WPA2 facilitated through software that isn’t patched against this risk.

It also can affect Wi-Fi infrastructure devices that serve as a repeater or client-side bridge in a Wi-Fi wireless network segment – this encompasses Wi-Fi client bridges used to connect desktop computers or smart TVs equipped with Ethernet connectivity to a Wi-Fi network, Wi-Fi repeaters, distributed-Wi-Fi setups and mobile devices implementing “bridge-to-Wi-Fi” functionality.

Data security risks

The security and privacy risk occurs at the media level of your network connection which would represent the Wi-Fi wireless link to the access point / router.

If you use higher-level encryption protocols like gaining access to Internet resources through SSL / TLS encryption which includes “https” Webpages, implementing a client-based VPN or using IP telecommunications apps that implement end-to-end encryption, you have reduced the risk factor for your data security that the KRACK vulnerability poses. Access to LAN-based resources like your NAS or printer from within your network can be a risk with Wi-Fi clients that aren’t patched to mitigate this risk as with unencrypted Internet resources.

Current remediation efforts

This situation has been rectified for regular computers running Windows 7 onwards through a patch that Microsoft rolled out as part of the October 10 security update. Here Microsoft didn’t disclose this vulnerability until there was a chance for all of industry to have patches in beta testing or “ready to roll”.

Just lately (1 November 2017 AEDT) Apple released patches for MacOS High Sierra, Sierra and El Capitan versions; and iOS 11.1 (iPhone 7 onwards, iPad Pro 9.7″ (2016) onwards); tvOS 11.1 (4K Apple TV onwards) and watchOS 11.1 to address this issue.  The Intego Mac Security Blog post that I culled these details from was miffed about the fact that the large number of iPhone 6 and earlier devices that are still in operation have not been addressed. I would also extend this concern to the older iPad and iPod Touch devices that are also in operation such as those iPod Touches the kids use or the iPad in your living room.

On December 2 2017 US PT, Apple released the iOS 11.2 update which provided this protection for iPhone 5S, iPhone SE and all model variants of the iPhone 6. This update also applies to the 12.9″ iPad Pro (1st generation), the iPad (6th generation), the iPad Air, the iPad Mini 2 onwards; and the iPod Touch (6th generation).

Other regular-computer and mobile operating systems are being updated with security patches that are coming online through the next two months or are already online.

There will also be various pieces of client-side security software that will be updated with extra code that provides extra defence against the KRACK Wi-Fi vulnerability for both the software and the host computer.

The devices you will find as having a strong risk factor for your network are “dedicated-purpose” network devices like Internet AV devices, “smart-home” devices, videosurveillance cameras and the like that don’t benefit from regular firmware updates. This will mainly affect those devices that manufacturers are declaring “end-of-support” on or a lot of “white-box” devices sold by multiple vendors. But check your devices’ manufacturers’ Websites for new firmware that will patch the device against this vulnerability.

This will not affect the typical home or other small network that is based around a wireless router. Nor will it affect networks that implement multiple Wi-Fi access points connected to a wired (Ethernet or HomePlug) backbone. This is because you are dealing with devices that serve as a Wi-Fi base station for that particular wireless network segment.

But if you have Wi-Fi infrastructure devices using some sort of repeater or bridge functionality, check with the vendor for a firmware update for your device.

As well wireless router and access-point manufacturers, especially those courting the business and allied markets, will offer newer firmware to harden their devices against the KRACK vulnerability.

Remember that well-designed devices will implement at best an automatic software-update process or you may have to visit your device’s Settings, Setup or Configuration menu to download new firmware.

As well, the Wi-Fi Alliance have updated their certification tests for network hardware to be sure that such hardware isn’t vulnerable to this risk. These certification tests will be required before a product can show the Wi-Fi Certified logos and will affect products being introduced from this month onwards.

Keeping your network secure until new software is available

If you run Wi-Fi network infrastructure hardware that implements repeater or bridge functionality, disable the Wi-Fi client mode or repeater mode on these devices until your device is running firmware hardened against this vulnerability.

HomePlug AV adaptor

The HomePlug powerline adaptor can help with mitigating risks associated with the KRACK WPA2 Wi-Fi network vulnerability

You may also have to set up your home network with multiple access points linked to a wired backbone as the preferred way to extend the network’s coverage or reach to another building as has been done with this man-cave. A good example of this is to use a HomePlug wireless access point kit which uses your home’s AC wiring for this purpose. If you use a “Mi-Fi” mobile router that supports Wi-Fi data offload, disable this functionality until it is loaded with the latest secure firmware.

Similarly, use a wired network connection such as Ethernet or HomePlug to connect sessile devices like desktop computers, Smart TVs, printers and the like to your home network. This may not be feasible with those devices that only support Wi-Fi connectivity as their network-connection option.

Conclusion

You can mitigate the risk of the KRACK WPA2 Wi-Fi network vulnerability as long as you keep your computer equipment running software that is patched with the latest security updates.

If you use Wi-Fi infrastructure devices that work as a Wi-Fi client like repeaters or client bridges, these have to be updated with the latest firmware from their vendor. As well, use of wired backbones and access points for expanding your home network’s coverage will achieve the proper level of security against this risk if you are dealing with client-capable Wi-Fi infrastructure devices that aren’t updated with the latest software.

Let’s not forget that higher-level encryption protocols like SSL or client-side VPNs do mitigate the risk of data theft through this vulnerability.

Updated (1 November 2017 AEDT) to reflect the latest concerning what is happening with the Apple platforms.

Updated (11 December 2017 AEDT) to reflect the increased number of iPhones and iPads protected against the KRACK exploit by the iOS 11.2 update

Send to Kindle

AVM adds mesh functionality to more of their network infrastructure devices

Article (German language / Deutsche Sprache)

AVM FRITZ!Box 3490 - Press photo courtesy AVM

Newer AVM Fritzboxes, FritzWLAN and FritzPowerline part of a mesh network

Neues FritzOS mit Mesh-Funktionen für mehr AVM-Repeater | ZDNet.de

From the horse’s mouth

AVM

IFA 2017 Press Release (Vergrößern Sie Ihr WLAN – mit Mesh).

Product Page

My Comments

Previously, I have covered how AVM, a German home-network infrastructure company, have approached the idea of a distributed home network. This is through a firmware update to some of their newer Fritz!Box routers and network-infrastructure hardware (Wi-Fi repeaters and HomePlug AV access points) such as the Fritz!WLAN 1750E repeater and Fritz!Powerline 1240E HomePlug access point.

What also impressed me about their approach is the use of a wired or wireless backhaul rather than just sticking to a wireless backhaul. Here, it can be about serving areas which are out of the router’s radio range, including providing support for multiple-building home networks. This is while providing a simplified setup and operating process for your home network.

Initially this was a beta firmware update that may not be considered stable and only applied to a few devices. But AVM have got the firmware to a stable condition and have written it to work with more devices. This includes the Fritz!Powerline 540 and 546E HomePlug AV500 802.11n single-band dual-stream access points and the Fritz!WLAN 1160 802.11ac dual-band and Fritz!WLAN 310 and 450E single-band 802.11n repeaters.

Of course they have underscored a simplified setup experience with firmware delivery and network configuration. This includes a Web-based configuration dashboard which shows how the network is set up as well as the condition of the wired and wireless backbones. The support for a HomePlug wired backbone will please those of us who live in stone or double-brick houses where HomePlug is more surefire as a backbone or who have multiple buildings on that large property.

Like with other distributed Wi-Fi setups, there is an emphasis on bandwidth optimisation such as steering high-throughput Wi-Fi devices to the sparsely-occupied 5GHz band if they can support it. Let’s not forget the fact that these systems set each access point on a Wi-Fi channel that they determine works best.

But why should AVM support single-band access points and repeaters that work the 2.4GHz band as part of their mesh? This may work out by allowing these devices to, perhaps, provide infill coverage on that band using a different channel. For example, other devices that work on that band like Bluetooth or 2.4GHz DECT devices, or the microwave oven may cause interference for Wi-Fi devices and a properly-designed mesh system could re-optimise the channels to avoid the interference.

What I still like of AVM’s approach to distributed Wi-Fi wireless setups is that they are enabling this functionality simply through deploying newer firmware to existing products rather than requiring users to buy a new system. This saves the users money when it comes to hardware costs as well as seeing newer hardware in to the long term.

Send to Kindle