Wireless Networking Archive

New nonenclature for Wi-Fi wireless networks

Article ASUS RT-AC5300 router press picture courtesy of ASUS

802.11ac? 802.11n? Wi-Fi Alliance stops with the jargon, goes with Wi-Fi 6 | Android Authority

Wi-Fi Alliance Simplifies Things With Version Numbers | Tom’s Hardware

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi Alliance® introduces Wi-Fi 6 (The Beacon blog)

My Comments

The Wi-Fi Alliance have decided to adopt a new nonenclature for the different main standards that Wi-Fi networks support. This  is in stark contrast to referring to each standard by its IEEE reference which can sound confusing.

It will be used in product marketing material and specifications sheets to refer to the effective “generation” that the router / access point or client device will support so one can know what is the expected “best” capability offered by that device.

But the device’s operating system or firmware will be able to indicate on devices with some sort of dynamic visual user interface the “generation number” the network connection will support. In the case of client devices like computers or smartphones, this will be to indicate the “best available” network expectation for the current connection.

Similarly, people and companies who provide a public-access Wi-Fi network can reference the kind of performance expected out of this network by using the “generation number” indicating what technology it would support. It could be use as a means to gauge the network’s suitability for handling peak loads such as, for example, a transit station during peak hours or a fully-occupied hotel.

802.11b Wi-Fi 1
802.11a Wi-Fi 2
802.11g Wi-Fi 3
802.11n Wi-Fi 4 Determined by Wi-Fi Alliance
802.11ac Wi-Fi 5 Determined by Wi-Fi Alliance
802.11ax Wi-Fi 6 Determined by Wi-Fi Alliance

A question that will come up will be is what way will the device indicate whether it is a simultaneous multi-band device or how many MIMO streams it concurrently runs. This will be of importance with Wi-Fi 4 / 5 / 6 (802.11n/ac/ax) devices that can work on two or more bands and have MIMO abilities but at differing levels of capability and performance.

Classic examples of this could be some low-cost access points and Wi-Fi extenders capable of working to dual-stream 802.11n on the 2.4GHz band known as N300 devices or mobile devices working on single-stream or dual-stream MIMO chipsets as part of battery conservation.

On this site going forward, I will be using the new “Wi-Fi generation number” along with the IEEE standard reference for describing the Wi-Fi network technology offered by a network device. It will also apply to describing minimum Wi-Fi standards particular to a networking situation that I write about.

For example, I may describe the Dell XPS 13’s Wi-Fi abilities as Wi-Fi 5 (802.11ac) dual-stream to reflect the effective generation Wi-Fi supported by that Ultrabook.

At least this new nonenclature will be a barometer to indicate whether a Wi-Fi network is running new technology to allow it to perform properly.

Send to Kindle

Are we going to expect more from distributed Wi-Fi setups?

Article

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

We could be expecting more from distributed-Wi-Fi devices of the NETGEAR Orbi ilk thanks to 802.11ax Wi-Fi and the Internet of Things

Distributed Wi-Fi: How a Pod in Every Room™ Enables Connected Smart Homes | Wi-Fi Now Blog

My Comments

The Wi-Fi Now consortium wrote up a blog article where we are to expect more from a distributed Wi-Fi installation especially in the context of Internet Of Things and the smart home.

One of the key drivers for this issue will be the 802.11ax standard for Wi-Fi wireless networks. This is intended to be the successor to the current 802.11ac but also is about high throughput and the ability for multiple devices to work at once from the same network. As well, it is expected to yield high-efficiency operation with an experience similar using an Ethernet network that uses a switch like when you have devices connected to your home network’s router via its Ethernet LAN ports.

According to the article, 802.11ax with its increased throughput is pitched as being suitable for newer broadband-service technologies like fibre-to-the-premises, DOCSIS 3.1 HFC cable-modem and 5G mobile broadband. In the context of the distributed Wi-Fi network, 802.11ax will be positioned for use as a wireless backhaul between the access-points and the edge router that links to the Internet.

But the article places an expectation on these access-point pods being installed in every room due to the increased number of Wi-Fi-based network-enabled devices connected to the home network. There is also an expectation that these access points will support Bluetooth and/or Zigbee as well as Wi-Fi thus becoming a localised network bridge for smart-home and Internet-Of-Things devices based on these wireless technologies. But I would place in the same scope Z-Wave, DECT-ULE and other similar “Internet Of Things” wireless technologies.

Previously this kind of functionality was offered through separate network bridges that interlinked a Bluetooth, Zigbee or similar-technology device to your home network via Wi-Fi or Ethernet.

Such equipment was typically offered as an accessory for a smart-home device like a smart lock by the device’s manufacturer and you weren’t sure if this piece of equipment would work with other smart-home devices implementing the same wireless-link technology. Or it was offered as a “smart home hub” which worked with devices using a particular wireless technology and supporting certain function classes. But these hubs offered various smart-home controller functions including remote management as long as you were using particular apps or services.

This new approach could allow for an increased number of IoT devices in each room “talking” with the access-point pods and this data moves along the backhaul to the “edge” router for that “smart-home-as-a-service” setup. The article also sees it as allowing for an IoT device, especially one that is battery-powered, not to be part of a large Zigbee, Z-Wave or Bluetooth mesh thus leading to increased device reliability. I would also see it become relevant with setups that use technologies like DECT-ULE which use a “hub and spoke” topology.

For this concept to work properly, the network-bridge devices that interlink Zigbee or similar IoT wireless technologies to an IP-based network have to work independent of particular smart-home controller software. Then the smart-home controller software has to be able to work with any IoT-based device no matter which of these network bridges they are talking to as long as they are on the same logical network. This situation would be of concern with portable user-interface devices like remote controls that are likely to be taken around the premises.

Although this article is Wi-Fi focused, I would still see the wired network being important. For example, some house designers and builders are even wiring the homes they design with Ethernet whether as standard or as an option while the home is being built or renovated. As well, there is powerline networking based on either HomePlug AV500 or AV2 standards. Here, these wired-network technologies are still viable as a backhaul connection alternative especially if you are dealing with building materials and techniques like double-brick or sandstone construction, or foil-lined insulation that can slow down Wi-Fi wireless communications.

But could these wireless-network access-point “pods” be simply a dedicated device installed in each room? It could be feasible for a device that offers other functionality that benefits from the network to be an access point or one of these “pods” in its own right. For example, a network-capable printer or a consumer-electronics device like a home-theatre receiver could connect to an existing network’s backhaul but also be an access point in its own right.  In this context, a Smart TV installed in a lounge area further down the end of the house could become an access point or smart-home “pod” to cover that end area.

The idea has been proven in the form of the Amazon Echo Plus smart speaker which has a built-in network-bridge function for Zigbee smart-home devices. This is alongside the ability for it to be a controller for these devices in context with the Amazon Alexa ecosystem.

What is being put forward with the Wi-Fi NOW “Pod In Every Room” concept is the idea of a single logical network with a high-speed wireless data backbone and access-point devices serving all wireless networking applications for both regular data transfer and smart-home/IoT applications. As long as the approach is driven by common open standards without dependence on particular technology owned by one vendor, then there is the ability for this approach to multi-function Wi-Fi networking to work properly.

Send to Kindle

Wi-Fi introduces a new way to onboard new wireless-network devices

Articles

Draytek Vigor 2860N VDSL2 business VPN-endpoint router press image courtesy of Draytek UK

A QR code and a configuration app could be the way to get your Wi-FI network going or add a device to that network

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi Easy Connect (Product Page)

My Comments

The Wi-Fi Alliance has released as part of its WPA3 update for wireless-networks security the Wi-Fi Easy Connect protocol for onboarding new devices to a Wi-Fi network segment. It will work with extant WPA2 network segments as well as newer WPA3-compliant segments which offers the chance for existing Wi-FI devices to support this technology. That is alongside the ability for device manufacturers and software / operating-system developers to meld it in to their existing products using new code.

It is intended for onboarding devices that have a limited user interface including onboarding Internet-capable “white goods” and “backbone” devices like fridges or heating / cooling equipment to your Wi-Fi network. It is currently being seen as an alternative to the push-button-based WPS configuration process for devices that don’t have much in the way of a user interface. For Android smartphone users, much of this process will be similar to using a printed QR code to “onboard” your smartphone to an existing Wi-Fi wireless network.

What is it about?

QR Code used on a poster

QR codes like what’s used on this poster will be part of configuring your Wi-Fi wireless network

The main goal with the Wi-Fi EasyConnect standard is to permit a device with a rich user interface like a laptop, tablet or smartphone running suitable configuration software to pass configuration information to other devices that have a limited user interface. This can be facilitated with an independent configuration app or function that is part of the device’s operating system. Or it could be to allow configuration through the access point using its Web-based management user interface or a management app supplied by the access point’s manufacturer.

In all cases, the software that looks after the configuration aspect is described as a configurator. Access points or client devices that want to be part of the network are described as “enrollee” devices.

Android main interactive lock screen

Smartphones will become part of your Wi-Fi network’s setup or device-onboarding process

It can be feasible for one device to assume the role of a configurator or enrollee. An obvious example would be a computing device like a laptop, tablet or smartphone being able to come onboard an existing Wi-Fi network then you using that same computing device to bring another device like a network-capable fridge on board. Or you could bring a Smart TV or set-top box on-board to your Wi-Fi network using Wi-Fi Easy Connect but it then has the ability to be a “set-up point” for smartphones or tablets who want to join your Wi-FI network.

There are different ways of “associating” the enrollee device with the configurator device but it is primarily about making both devices know that they are trusted by each other.

The main method would be to use a QR code.that is on a sticker or card associated with the device or shown on the device’s display if this display is of the bitmapped graphical kind or can connect to a TV or monitor. Then the configuration device would scan this QR code if it is equipped with a camera.

Another option that is put forward is to use a text string written on a card or shown on a display and this would be used for configuration devices not equipped with a camera. This kind of situation may come in to its own if you are running a configuration program from a regular computer that isn’t equipped with a functioning Webcam.

.. as will laptops, Ultrabooks like this Dell XPS 13 and tablets

The Device Provisioning Protocol standard that is what the Wi-Fi EasyConnect feature is based on supports the use of NFC “touch-and-go” or Bluetooth Low Energy wireless link as another way to interlink a configuration device and an enrollee device during the setup phase. Both these technologies could work well with smartphone-centric applications, wireless speakers, connected building-management technology and the like. But these haven’t been placed as part of the certification testing that Wi-Fi Alliance has for the EasyConnect standard.

Once the initial information is exchanged between the devices, both devices will establish a separate secure Wi-Fi link with each other. Then the configuration software on one of the devices will use this link to pass through the parameters necessary to allow the enrollee device to connect with the extant Wi-Fi network. The whole configuration data-exchange is secured using asymmetrical public-key cryptography with the public key obtained during the initial setup process. Then that device hunts for, discovers and connects to the newly-programmed network.

There is the ability to use this same setup with an access point to set it up to work with an extant network or to create a new network. The latter situation would most likely be based around accepting a machine-generated ESSID and password or allowing the user to enter an ESSID and/or password. On the other hand, the previously-connected Wi-Fi networks list that an operating system maintains could be a data source for configuring a Wi-Fi device to a particular extant network using EasyConnect.

From the FAQs that I had read on the Wi-Fi Alliance Website, the Wi-Fi EasyConnect protocol allows for a single configuration program to configure multiple enrollee devices at once. Here, it is to facilitate situations where you are onboarding many IoT devices at once or are creating a new Wi-Fi network with new credentials.

But it doesn’t support the ability to onboard a single Wi-Fi client device to two Wi-Fi networks at once like your main network and a hotspot / guest network. Instead you have to repeat the Wi-Fi EasyConnect procedure including scanning the QR code for each network you want a device to associate with. This is so you can have greater control over what networks your devices are to associate with, but it can be of concern if you have a separate Wi-Fi network segment with distinct ESSID (network name) linking to the same logical network such as when dealing with a dual-band network with separate network names for each band.

What needs to be done

Personally, I would like to see Wi-Fi EasyConnect configuration functionality baked in to desktop and mobile operating systems including Apple’s operating systems rather than be separate programs. This avoids the need to find, download and install separate EasyConnect apps from your platform’s app store or loading a computer or smartphone with too many apps. But it could encourage other software developers to build improved Wi-Fi EasyConnect configuration apps that may, perhaps, suit particular user needs like asset control in the business-computing context.

I would also encourage the idea of maintaining WPS-PBC push-button pairing as an alternative method to Wi-Fi EasyConnect for onboarding Wi-Fi devices. This is more so for those devices that have a limited or no user interface and the goal is to quickly onboard a device without a rich user interface like a printer to a Wi-Fi router or access point.

Similarly, the use of NFC or Bluetooth as a legitimate certification option for onboarding Wi-Fi devices has to be encouraged and underscored through the life of this standard. Here, I would prefer that smartphones or tablets equipped with NFC and / or Bluetooth be tested to be compliant with the NFC and Bluetooth aspects of this standard.

There also has to be the ability with Wi-Fi EasyConnect to onboard a Wi-Fi network device with a limited user interface to an enterprise-grade Wi-Fi network that uses individual usernames and passwords. This is important for “Internet-Of-Things” devices that will increasingly be part of these networks.

Conclusion

Wi-Fi EasyConnect leads to another way of onboarding a Wi-Fi network device or access point using another device equipped with a rich user interface and can apply across all small-network setups.

Send to Kindle

Wi-Fi defines a new standard for distributed wireless netowrks

Articles

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

Wi-Fi now to standardise the operation of distributed Wi-Fi setups like the NETGEAR Orbi with the EasyMesh standard

A new Wi-Fi standard could let different mesh routers work together | The Verge

Mesh Wifi gear from different companies could soon work together | Engadget

Wi-Fi Alliance’s Wi-Fi EasyMesh certification aims to standardize mesh networks | PC World

From the horse’s mouth

Wi-Fi Alliance

Press Release

EasyMesh Product Page

My Comments

Increasingly, home and small-business Wi-Fi users are showing interest in distributed-WiFi network systems that implement simplified configuration and hands-off optimisation. They consist of multiple access-point devices and use a Wi-Fi path or, in the case of a few systems, an optional wired-network path to provide a backhaul to the router that links to your Internet service.

People are showing interest in these setups as a simplified way to assure Wi-Fi wireless-network coverage across a large or multi-storey / split-level building or a building that uses materials and construction techniques that play havoc with Wi-Fi network coverage. As well, they don’t want to deal with devices that are difficult to set up or to have to remember which SSID to use for best coverage in a particular area.

To the same extent, those of us who have separate buildings on our properties like a cabin or converted garage may want to be sure we can gain reliable access to the Internet and network resources from these buildings. Some of the distributed Wi-Fi systems like the Netgear Orbi can support wired backbones which can work with a HomePlug powerline link or Ethernet cable strung between the buildings and this could bring seamless Wi-Fi network operation to these buildings.

But the current problem with these systems is that you have to create the system with equipment from the same vendor or, in some cases, implementing a particular chipset. This makes it hard for customers to mix and match equipment to create a distributed-WiFi system that answers their needs exactly.

There is also the risk that if a manufacturer abandons their distributed-WiFi product line and one of the units fails, customers can’t replace the faulty unit with a new one from a different vendor – they would have to scrap the whole system. The same situation also applies if a customer wants to use a unit that offers specific functionality such as a router with higher security, a modem router or a weatherproof access point.

Enter the Wi-Fi Alliance who have established a certifiable standard with a trademark for these kind of systems. This standard, known as the EasyMesh standard and is part of their device-certification scheme, is based on the IEEE 1905.1 protocol for small-network configuration allows for “mix and match” operation of a distributed-WiFi system.

A network based on the Wi-Fi EasyMesh standard can implement a backhaul based on a Wi-Fi wireless and/or a wired (Ethernet, HomePlug powerline, MoCA TV-aerial / cable-TV coax, etc) medium. As well, the devices can support a dedicated Wi-Fi backhaul segment with dedicated radio transceivers or use the same Wi-Fi segment used to serve client computing devices.

There are two classes of device that exist across an EasyMesh Wi-Fi network – a Controller and an Agent device. The Controller co-ordinates what is happening with the network and typically it can be part of the Wi-Fi router that is the network-Internet “edge” of your home network. But it can be software running in another computer or an access point. You can have only one of these in operation on the one EasyMesh network.

The Agent device is the access point that your client devices such as your laptop, tablet or smartphone link to your home network through. These will connect to each other and to the Controller using the Wi-Fi, Ethernet or similar backbone.

A simplified setup and device-onboarding process takes place in an EasyMesh network, with the device-onboarding process typically being facilitated through methods like NFC or push-button setup. The onboarding procedure will also be about learning the capabilities that the new device offers such as what bands it operates on and whether they can be used simultaneously or what Wi-Fi standard is being supported by that device. Of course, initial network configuration may be about determining the ESSID (Wi-Fi network name) and, perhaps, a user-chosen passphrase for your network.

Let’s not forget that the EasyMesh network implements continual self-tuning for each Agent AP node. This means that if you add or remove extra Agent APs or move them around, they adjust their operating frequency and signal strength themselves. It also applies whenever neighbours set up or modify their Wi-Fi-based home networks.

The Controller device then monitors the network for best performance and will have the network steer client devices towards access points that offer the best bandwidth. As well, the Agent access points report their measurements to the Controller device and each other to provide the self-tuning self-healing network.

The Wi-Fi Alliance stated that there is the possibility of implementing Wi-Fi Certified EasyMesh at a software or firmware level without any particular requirements as far as the hardware is concerned. This could appeal to vendors to implement EasyMesh in to existing devices as part of, say, a firmware update which is a practice that AVM have done to enable some of their Fritz series of home-network equipment for distributed-Wi-Fi operation.

But what do I see the Wi-Fi Certified EasyMesh technology lead to?

There will be the ability to supply distributed-WiFi equipment that offers better value to the home or small-business user. This includes the ability for manufacturers to supply equipment that targets particular niches such as VPN-endpoint Wi-Fi routers for business or weatherproof access points for installation outdoors. Manufacturers could even consider the idea of integrating “mesh AP” functionality in to client devices so these devices could effectively boost Wi-Fi coverage in to an area.

The technology will benefit ISPs, telcos and cable-TV operators who supply Wi-Fi routers, typically modem routers, to their customers as part of providing Internet service. Here, it could become feasible to provide a modem router with EasyMesh capability to their customer and allow these customers to purchase the EasyMesh-compliant access points that suits their needs through the ISP’s storefront or a third-party retailer.

There is also room for the vendors to continually improve on their products in many different ways without needing to worry about risks associated with designing for a proprietary setup. Here, the algorithms associated with network-performance management can be tweaked in a manner so as to carry that improvement across an existing EasyMesh setup.

At the moment, the Wi-Fi EasyMesh solution will primarily be targeted at simple small networks but there will be a call to evolve this standard to support Wi-Fi-based VLAN setups. This is more so to cater for “guest networks”, FON-style shared-bandwidth setups and IP-based telephony which will make use of these setups. Here, a setup that answers these needs may may have to cater towards replicating the multiple SSIDs and network setups these networks implement while shifting data from each SSID to each “data pipe” like the Internet or a VoIP service.

But I see the Wi-Fi EasyMesh standard leading towards the ability for householders and small businesses to make sure that their small network’s Wi-Fi segment is providing the right coverage to suit their needs.

Send to Kindle

Wi-Fi Agile Multiband–What will it be about

Article – From the horse’s mouth

Wi-Fi Alliance

D-Link DIR-895L AC5300 6 stream wireless router press picture courtesy of D-Link America

Wi-Fi Agile Multiband will make better use of those dual-band Wi-Fi wireless networks

Wi-Fi Agile Multiband (Resource Page)

My Comments

A reality that is affecting how the Wi-Fi wireless local network operates is the increasing number of network-infrastructure hardware that can work simultaneously on both the 2.4GHz and 5GHz bands. Add to this the fact that most Wi-Fi clients released in the last few years are able to work on both these bands.

But there is the issue of making sure these devices can provide the optimum throughput for whatever data you are sending to them. This can affect the setup process for network-infrastructure hardware where you have to be sure you are on the right channel for optimum throughput everywhere over your premises.

There is also the fact that you may want to make sure that your laptop, smartphone or other client device chooses the right band for the right application when you deal with a network that works across both bands. This would be more important where you have to use the least-cluttered band to assure reliable audio or video streaming or IP-based voice or video telephony sessions.

The Wi-Fi Alliance have launched a certified trademarked specification known as Agile Multiband to answer these situations.

What does it offer

A network access point or client that implements Wi-Fi Agile Multiband has the ability to monitor the service quality to determine the best connection opportunities available for that network.

Client and infrastructure devices in a Wi-Fi Agile Multiband network can steer away from congested channels and bands. This is a form of “self-tuning” which can take place even as the network’s environment changes.

In a multiple-access-point network, a Wi-Fi Agile Multiband setup can steer client devices away from

D-Link Covr router and wireless extender package press image courtesy of D-Link

Even multiple-access-point networks will benefit from this technology

oversubscribed access points to those that aren’t loaded with traffic to access points that don’t have much traffic on them. This is also to answer the reality that home networks are heading towards the multiple-access-point path thanks to HomePlug-based access points and mesh-based wireless network kits.

All these options can answer the needs of both static and mobile client setups. This means that a Wi-Fi-capable printer or Smart TV can benefit as much from these features as a laptop or smartphone that is always moved around. It can also appeal to “transportable” clients like Smart TVs installed on easily-movable furniture or “all-in-one” desktop computers which are normally static but are moved on an ad-hoc basis.

Moving around a Wi-Fi Agile Multiband network will see minimal interruption for the network device’s user. This is because client devices can cache network encryption keys to facilitate a quick handover between different access points, something that will be important for IP telephony or AV streaming.

A question that needs to be asked thanks to the ubiquity of Wi-Fi wireless networks operating on the 2.4GHz band is how a Wi-Fi Agile Multiband network can address non-Wi-Fi interference on that band. This is a situation driven by microwave ovens, cordless telephone systems, Bluetooth devices and the like that work on this band and the use of these devices could cause temporary interference.

What Wi-Fi Agile Multiband is about is a step to assure increased reliability out of Wi-Fi wireless network segments and make better use of the radiofrequency spectrum available to them.

Send to Kindle

NETGEAR releases the first weatherproof distributed-WiFi module

Articles

NETGEAR RBS-50Y Orbi Outdoor Satellite Module - press picture courtesy of NETGEAR

NETGEAR Orbi RBS-50Y – the first weatherproof satellite module for a distributed-Wi-Fi system ever

NETGEAR Moves Orbi Outside | SmallNetBuilder

I Live in the Woods, and Netgear’s Orbi Outdoor Satellite Sounds Like a Dream | Gizmodo

Netgear’s Orbi Satellite takes mesh WiFi networks outdoors | Engadget

From the horse’s mouth

NETGEAR

Orbi Outdoor Satellite RBS50Y (Product Page)

Press Release

My Comments

NETGEAR has continued to invest in their Orbi distributed WiFi system which was initially based on the “router + extender” or star-based setup.

This is one of the few systems of this kind that implement a separate 5GHz wireless backhaul along with Web-based system management rather than cloud-based Internet-dependent system management. A recent firmware upgrade added the ability for a NETGEAR Orbi system to implement a wired backhaul thanks to the Gigabit Ethernet switch integrated in most of the Orbi indoor device.

Initially, they offered different router and satellite modules that answer different needs, either as systems or additional client modules that people can add to extant Orbi systems to shape their system’s coverage.

But they have showcased the Orbi RBS50Y weatherproof satellite module which is the first first module for a distributed-WiFi system to be designed for outdoor use. This module, which is weatherproof to IP56 standards, connects to any NETGEAR Orbi or Orbi Pro routers wirelessly using that same dedicated backhaul.

Client devices connect to the network via an AC1300 dual-band dual-stream Wi-Fi radio which can allow an extra coverage of 2500 square feet (232.3 square metres). There is also the ability to have the unit’s main LEDs work as a night-light and work to scheduled on-off times.

The RBS50Y is powered through an AC adaptor so you would need to have an electrician install a power outlet near where you want to install the satellite module. You may get away with snaking the power cable from outside to inside the building through a small hole that you drill for this purpose. The computer press expressed that it could be desirable to implement 802.3af/802.3at-compliant Power Over Ethernet so you could use Cat5 cabling and a power injector which can make the installation process easier for this device. I would add to this that such a connector could be used as a way to exploit the recently-supported Ethernet backbone functionality offered to the Orbi distributed-WiFi system.

At the moment, this device is to be sold for a suggested retail price of US$329.99 ex tax with the computer press grumbling that it costs more than an Orbi setup or standard router. But I see this more as something intended to be added on to an existing Orbi setup to take it further and this NETGEAR Orbi RBK50Y outdoor satellite module has been honoured with a CES 2018 Innovation Award.

Send to Kindle

KRACK WPA2 Wi-Fi vulnerability–what is affected

Telstra Gateway Frontier modem router press picture courtesy of Telstra

A wireless router set up in the ordinary way as a base station or hub for your home network isn’t at risk of the KRACK exploit

The computing press has been awash with articles regarding a recently-discovered security vulnerability that affects Wi-Fi wireless networks. This vulnerability, known as KRACK, compromises the authentication process associated with the WPA2 security protocols that most Wi-Fi home and business networks implement.

What is affected

But it mainly affects client devices like laptops, smartphones and the Internet of Things which connect to Wi-Fi networks using WPA2 facilitated through software that isn’t patched against this risk.

It also can affect Wi-Fi infrastructure devices that serve as a repeater or client-side bridge in a Wi-Fi wireless network segment – this encompasses Wi-Fi client bridges used to connect desktop computers or smart TVs equipped with Ethernet connectivity to a Wi-Fi network, Wi-Fi repeaters, distributed-Wi-Fi setups and mobile devices implementing “bridge-to-Wi-Fi” functionality.

Data security risks

The security and privacy risk occurs at the media level of your network connection which would represent the Wi-Fi wireless link to the access point / router.

If you use higher-level encryption protocols like gaining access to Internet resources through SSL / TLS encryption which includes “https” Webpages, implementing a client-based VPN or using IP telecommunications apps that implement end-to-end encryption, you have reduced the risk factor for your data security that the KRACK vulnerability poses. Access to LAN-based resources like your NAS or printer from within your network can be a risk with Wi-Fi clients that aren’t patched to mitigate this risk as with unencrypted Internet resources.

Current remediation efforts

This situation has been rectified for regular computers running Windows 7 onwards through a patch that Microsoft rolled out as part of the October 10 security update. Here Microsoft didn’t disclose this vulnerability until there was a chance for all of industry to have patches in beta testing or “ready to roll”.

Just lately (1 November 2017 AEDT) Apple released patches for MacOS High Sierra, Sierra and El Capitan versions; and iOS 11.1 (iPhone 7 onwards, iPad Pro 9.7″ (2016) onwards); tvOS 11.1 (4K Apple TV onwards) and watchOS 11.1 to address this issue.  The Intego Mac Security Blog post that I culled these details from was miffed about the fact that the large number of iPhone 6 and earlier devices that are still in operation have not been addressed. I would also extend this concern to the older iPad and iPod Touch devices that are also in operation such as those iPod Touches the kids use or the iPad in your living room.

On December 2 2017 US PT, Apple released the iOS 11.2 update which provided this protection for iPhone 5S, iPhone SE and all model variants of the iPhone 6. This update also applies to the 12.9″ iPad Pro (1st generation), the iPad (6th generation), the iPad Air, the iPad Mini 2 onwards; and the iPod Touch (6th generation).

Other regular-computer and mobile operating systems are being updated with security patches that are coming online through the next two months or are already online.

There will also be various pieces of client-side security software that will be updated with extra code that provides extra defence against the KRACK Wi-Fi vulnerability for both the software and the host computer.

The devices you will find as having a strong risk factor for your network are “dedicated-purpose” network devices like Internet AV devices, “smart-home” devices, videosurveillance cameras and the like that don’t benefit from regular firmware updates. This will mainly affect those devices that manufacturers are declaring “end-of-support” on or a lot of “white-box” devices sold by multiple vendors. But check your devices’ manufacturers’ Websites for new firmware that will patch the device against this vulnerability.

This will not affect the typical home or other small network that is based around a wireless router. Nor will it affect networks that implement multiple Wi-Fi access points connected to a wired (Ethernet or HomePlug) backbone. This is because you are dealing with devices that serve as a Wi-Fi base station for that particular wireless network segment.

But if you have Wi-Fi infrastructure devices using some sort of repeater or bridge functionality, check with the vendor for a firmware update for your device.

As well wireless router and access-point manufacturers, especially those courting the business and allied markets, will offer newer firmware to harden their devices against the KRACK vulnerability.

Remember that well-designed devices will implement at best an automatic software-update process or you may have to visit your device’s Settings, Setup or Configuration menu to download new firmware.

As well, the Wi-Fi Alliance have updated their certification tests for network hardware to be sure that such hardware isn’t vulnerable to this risk. These certification tests will be required before a product can show the Wi-Fi Certified logos and will affect products being introduced from this month onwards.

Keeping your network secure until new software is available

If you run Wi-Fi network infrastructure hardware that implements repeater or bridge functionality, disable the Wi-Fi client mode or repeater mode on these devices until your device is running firmware hardened against this vulnerability.

HomePlug AV adaptor

The HomePlug powerline adaptor can help with mitigating risks associated with the KRACK WPA2 Wi-Fi network vulnerability

You may also have to set up your home network with multiple access points linked to a wired backbone as the preferred way to extend the network’s coverage or reach to another building as has been done with this man-cave. A good example of this is to use a HomePlug wireless access point kit which uses your home’s AC wiring for this purpose. If you use a “Mi-Fi” mobile router that supports Wi-Fi data offload, disable this functionality until it is loaded with the latest secure firmware.

Similarly, use a wired network connection such as Ethernet or HomePlug to connect sessile devices like desktop computers, Smart TVs, printers and the like to your home network. This may not be feasible with those devices that only support Wi-Fi connectivity as their network-connection option.

Conclusion

You can mitigate the risk of the KRACK WPA2 Wi-Fi network vulnerability as long as you keep your computer equipment running software that is patched with the latest security updates.

If you use Wi-Fi infrastructure devices that work as a Wi-Fi client like repeaters or client bridges, these have to be updated with the latest firmware from their vendor. As well, use of wired backbones and access points for expanding your home network’s coverage will achieve the proper level of security against this risk if you are dealing with client-capable Wi-Fi infrastructure devices that aren’t updated with the latest software.

Let’s not forget that higher-level encryption protocols like SSL or client-side VPNs do mitigate the risk of data theft through this vulnerability.

Updated (1 November 2017 AEDT) to reflect the latest concerning what is happening with the Apple platforms.

Updated (11 December 2017 AEDT) to reflect the increased number of iPhones and iPads protected against the KRACK exploit by the iOS 11.2 update

Send to Kindle

AVM adds mesh functionality to more of their network infrastructure devices

Article (German language / Deutsche Sprache)

AVM FRITZ!Box 3490 - Press photo courtesy AVM

Newer AVM Fritzboxes, FritzWLAN and FritzPowerline part of a mesh network

Neues FritzOS mit Mesh-Funktionen für mehr AVM-Repeater | ZDNet.de

From the horse’s mouth

AVM

IFA 2017 Press Release (Vergrößern Sie Ihr WLAN – mit Mesh).

Product Page

My Comments

Previously, I have covered how AVM, a German home-network infrastructure company, have approached the idea of a distributed home network. This is through a firmware update to some of their newer Fritz!Box routers and network-infrastructure hardware (Wi-Fi repeaters and HomePlug AV access points) such as the Fritz!WLAN 1750E repeater and Fritz!Powerline 1240E HomePlug access point.

What also impressed me about their approach is the use of a wired or wireless backhaul rather than just sticking to a wireless backhaul. Here, it can be about serving areas which are out of the router’s radio range, including providing support for multiple-building home networks. This is while providing a simplified setup and operating process for your home network.

Initially this was a beta firmware update that may not be considered stable and only applied to a few devices. But AVM have got the firmware to a stable condition and have written it to work with more devices. This includes the Fritz!Powerline 540 and 546E HomePlug AV500 802.11n single-band dual-stream access points and the Fritz!WLAN 1160 802.11ac dual-band and Fritz!WLAN 310 and 450E single-band 802.11n repeaters.

Of course they have underscored a simplified setup experience with firmware delivery and network configuration. This includes a Web-based configuration dashboard which shows how the network is set up as well as the condition of the wired and wireless backbones. The support for a HomePlug wired backbone will please those of us who live in stone or double-brick houses where HomePlug is more surefire as a backbone or who have multiple buildings on that large property.

Like with other distributed Wi-Fi setups, there is an emphasis on bandwidth optimisation such as steering high-throughput Wi-Fi devices to the sparsely-occupied 5GHz band if they can support it. Let’s not forget the fact that these systems set each access point on a Wi-Fi channel that they determine works best.

But why should AVM support single-band access points and repeaters that work the 2.4GHz band as part of their mesh? This may work out by allowing these devices to, perhaps, provide infill coverage on that band using a different channel. For example, other devices that work on that band like Bluetooth or 2.4GHz DECT devices, or the microwave oven may cause interference for Wi-Fi devices and a properly-designed mesh system could re-optimise the channels to avoid the interference.

What I still like of AVM’s approach to distributed Wi-Fi wireless setups is that they are enabling this functionality simply through deploying newer firmware to existing products rather than requiring users to buy a new system. This saves the users money when it comes to hardware costs as well as seeing newer hardware in to the long term.

Send to Kindle

AVM adds distributed Wi-Fi functionality to the Fritz!Box

Article – German language / Deutsche Sprache

Fritz!Box: Auch AVM setzt auf Mesh-WLAN | Netzwelt.de

From the horse’s mouth

AVM

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM Fritz!Box – the first Wi-Fi device range to implement distributed Wi-Fi through a software upgrade

FRITZ! Labor für WLAN Mesh (Product Details)

My Comments

A major trend affecting the home network is the rise of distributed Wi-Fi systems which are simple-to-setup Wi-Fi networks that use a mesh-based or “repeater-extender” Wi-Fi wireless backbone. Some ISPs are even offering these kind of systems as an added-value option that customers can “buy on” or product differentiator for their top-shelf packages.

But AVM, a network-technology company based in Berlin, Germany, and known for its Fritz!Box routers have taken a different approach to this situation. This is in addition to being the first home-network hardware  Here, they are offering this functionality in the form of a user-deployed software upgrade just released in Germany for some of their devices, namely the Fritz!Box 7490, 7580 and 7590 modem routers and the Fritz!WLAN Repeater 1750E Wi-Fi repeater and Fritz!Powerline 1240E HomePlug access point.

Here, AVM has done away with the need for households to replace their equipment to head towards the mesh-driven Wi-Fi home network.They just have to download the newer firmware updates from AVM’s Website and apply them to the Fritz!Box modem router. Then they take advantage of a firmware-hosted “Home Network Overview” (Heimnetzübersicht) dashboard to roll out the “over-the-air” firmware updates to any compatible Fritz!WLAN repeater or Fritz!Powerline access point to have them part of the mesh. Of course, it also facilitates one-touch configuration of the network with each wireless node in the meh being part of the proper “extended service set” with the same ESSID and security parameters.

The question here is whether AVM will implement just the wireless backbone for their mesh or have it support a wired (Ethernet or HomePlug AV2) backbone as well. Here, supporting a wired backbone as well as the wireless backbone can cater towards difficult network setups like stone buildings or multiple-building properties.

What do I see of this? Personally I would see the European network-hardware vendors implement a fully software-driven approach towards the advanced Wi-Fi setup. It would then lead to ISPs in highly-competitive markets like France rolling out this kind of functionality simply through a software functionality update for their customer-premises equipment.

Send to Kindle

Understanding the new distributed-Wi-Fi systems

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

NETGEAR Orbi distributed WiFi system – understanding these devices and whether to purchase them or not

A new class of home-network device has been appearing over the last year or so in the form of the “distributed Wi-Fi system”, sometimes known as the “mesh Wi-Fi system”.

These systems consist of two or three modules, one working as your home network’s router and the other modules working as access points. But they have features that are different to setups where you use an ordinary access point and wired-network backbone or a range extender to extend your Wi-Fi wireless network’s coverage.

Some ISPs are even offering distributed-Wi-Fi systems as a product differentiator for their premium packages or as an add-on that customers can buy. They are offering these devices in response to their customer base complaining to their support desks and “bricks-and-mortar” storefronts regarding poor Wi-Fi coverage.

Core features

Simplified setup and self-tuning

When you set up these devices, you don’t have to determine the operating frequency for each of the modules nor do you have to deal with multiple devices for your network to run properly.

Typically the only hands-on requirement is to work with one management interface when adjusting your network’s settings. You may even find that this interface is where you set up things like your Internet connection parameters or your network’s ESSID and enable / disable any particular features the system has.

You may find that the procedure involved with enrolling additional node devices to an existing distributed-Wi-Fi system may be as simple as pairing a network client device to a Wi-Fi network using WPS push-button pairing. This would simply be about pressing a button on the new device then pressing a button on one of the existing devices or the main node.

These systems continually re-adjust the operating frequency and other parameters so as to cope with changes in operating circumstances.

For example, if one or more of your neighbours set up new home networks or add access points and range extenders to these networks, you may find that your network underperforms due to the neighbouring networks operating on the same frequency. Even someone running a “Mi-Fi” mobile router or using their smartphone’s “Internet-share” mode could affect the network’s performance.

But the typical distributed-Wi-Fi system will automatically tune itself to different frequencies when these situations do occur. As well, it may implement other tactics to provide the best signal strength for your client devices.

Automatic creation of a single Wi-Fi network

A problem that users will have especially with wireless range extenders is that your network is split up in to multiple extended service sets or Wi-Fi networks. This can cause problems with users having to switch between different network names to gain the best coverage, something that can daunt a lot of users.

If you set up a traditional access-point setup with a wired (HomePlug or Ethernet) backbone, you have to “copy” the SSID and security parameters to each access point’s setup interface. A few HomePlug access points simplify this task using a WPS-based “Wi-Fi Clone” function where you activate this function then press the WPS button on your router to “copy over” the network parameters to the access point.

But these systems allow you to create your network’s SSID and security parameters with these being reflected across all of the modules that are part of the system. This includes implementing these parameters across all wavebands that these distributed Wi-Fi systems support.

This leads to a network that has the same kind of “roam-ability” as what would be expected for larger Wi-Fi networks with multiple access points. It is similar to what you would have expected with a properly-set-up traditional access-point network.

System types

Mesh-based distributed Wi-Fi system

Mesh-based distributed Wi-Fi system – each device links with each other

There are two different approaches being implemented with distributed Wi-Fi systems. These affect how the wireless backhaul signal is provided between each of the system’s modules.

Mesh system

The mesh method, implemented by Linksys Velop, Google WiFi, and eero require the use of three or more modules with one of these serving as the “edge” router for the network.

Here, the wireless backhaul works on a mesh approach where each module effectively receives signals from and transmits signals to the other modules that are in range. There is some fault-tolerance in these setups where the receiving module (node) can rely on other transmitting nodes if one of them fails. On the other hand, the receiving node aggregates the bandwidth it receives from two or more nodes of the network for higher throughput.

Router-extender / hub-satellite system

Hub-satellite distributed-Wi-Fi system

Hub-satellite distributed Wi-Fi system – uses extender devices connected to a router

The other approach, followed by the DLink Covr and the Netgear Orbi works in a similar vein to a traditional router and range-extender setup or traditional multiple-access-point setup.

Here, the satellite nodes in this system provide a single backhaul link to the hub node which typically is the router. The better designed systems like the NETGEAR Orbi use a dedicated wireless link for their wireless backhaul. This avoids competition for bandwidth by the portable client devices and the satellite nodes wanting to repeat the signal.

Features and limitations regarding these systems

Router-only or access-point functionality

Most of the distributed wireless setups are connected to the Internet in the same vein as a router where they create their own logical network. This setup appeals to users who have a modem that provides a media-level connection to their Internet service like a cable modem, optical-network terminator or a wireless-broadband modem.

This will be a limitation for users who have a modem router like most xDSL connections or users that implement a router that offers very advanced functionality like a VPN endpoint or VoIP gateway.

If you have one of these setups and want to use a distributed wireless system, look for one that offers access-point functionality or network-level bridging functionality. Here, these systems just connect to an Ethernet LAN socket on the existing router but you would have to disable the Wi-Fi functionality on the router if you use one of these systems if the node is closely located to the router.

Dedicated wireless backbone

Better-designed systems will implement a separate wireless backbone that isn’t used by any of the client devices. These systems will use specific radio front-ends and create a separate wireless network specifically for this backbone while each node has other radio front-ends that simply serve as the Wi-Fi access point for that area.

The benefit that is provided here is that the backhaul isn’t being shared with client devices that in the node’s good-reception area. That allows for optimum bandwidth for your distributed-Wi-Fi setup.

Alternative wired backbone

A handful of these systems are offering a wired backbone as an alternative setup for the network that they establish. This is provided through either an Ethernet LAN connection on the nodes or a setup may implement HomePlug AV500 or AV2 powerline networking as the wired backbone.

This feature may be of value for environments where the wireless backhaul just won’t perform as expected such as houses with interior walls made of highly-dense materials. Or these setups can come in to their own with multi-building home networks, where a wired link like HomePlug AV2 powerline networking for existing setups or Ethernet for new setups could link the buildings. On the other hand, if you wired your home for Ethernet, a distributed wireless system that implements support for an Ethernet wired backbone can exploit this infrastructure by allowing you to push out the network coverage further.

These systems should be able to treat the wired backbone as though it is another wireless backbone or part of the mesh. With some of these systems, you could push out a wireless backbone that refers to one of the nodes connected to the wired backbone as its “master” node rather than the main router.

Internet-dependent operation

There are some distributed-wireless systems that are dependent on an Internet connection for them to operate and for you to manage them. Most likely this is evident if the user interface is through a mobile-platform app that links to an Internet resource; along with heavy talk of “cloud operation” in the product documentation. This kind of setup is one that some new Silicon-Valley outfits are heading down the road towards as they want us to join the Internet-dependent “cloud bus”.

On the other hand, a system that isn’t dependent on an Internet connection for you to manage the network will allow you to visit a Web-page dashboard through a local network address or resource name and fully manage your network via that dashboard created by the router or node. Some of these systems that have UPnP IGD or management functionality enabled may make themselves discoverable using a Windows computer on the same network if you open Windows Explorer / File Explorer and see it listed as a Network device.

This is the traditional practice for most home and small-business network hardware and such a setup may offer the ability to be managed within your network using a mobile-platform app that points to the local resource. But this setup allows you to manage or troubleshoot your network even if the Internet connection is down. You also benefit from the ability to get your network ready before your Internet service is provisioned or deal with service-provisioning scenarios like changing your service provider or connection technology, or dealing with Internet services that authenticate with usernames and passwords.

What should I buy?

Not every distributed-Wi-Fi setup suits every house. This is because different houses come in differing sizes and compositions.

I would pay attention to those distributed-wireless systems like the NETGEAR Orbi that offer a choice of different nodes that have differing signal strengths at different price points. The benefit with these systems is that you can effectively shape your Wi-Fi network’s coverage to your premises size and shape.

For example, an entry-level package with a low-output satellite node could earn its keep with providing coverage to an area at the edge of your small house or apartment where you sometimes have good reception but could do with “pushing out” the coverage a bit further for better response from smartphones and mobile-platform tablets used in that area. But you would find that a standard distributed-wireless package may be overkill for this situation. Here, it is similar to creating a HomePlug powerline segment to serve a baseline HomePlug wireless access point to fill in that dark spot and achieve that same goal.

But for most homes, you could get by with running a standard distributed-Wi-Fi system that just has two nodes. Here, you install one where your Internet connection would customarily be while the other one either is at the centre of the house or towards the opposite side. A two-storey or split-level building may simply require one of the nodes to be placed upstairs while the other one is downstairs. You may find that houses with a large floor plan may require three or more nodes and/or a mesh-based system for optimum coverage.

Systems that support an Ethernet or HomePlug AV wired backhaul in addition to the wireless backhaul earn their keep with those houses that use dense building materials for one or more of their interior walls. If a system only supports an Ethernet wired backhaul, you can team it with a pair of “homeplugs” to gain the benefit of the powerline-network technology which may answer your need with that old house that has a thick brick or sandstone interior wall.

As for system management, I would prefer to use a distributed-Wi-Fi system that implements Internet-independent setup and management. This means that if the Internet connection should go down and you had to re-configure your system or you move or change service providers, you can do so.

Personally- I would like to see these systems be able to support the ability for one to determine the SSID and security parameters for the wireless network that they are creating. This is important for those of us who are using one of these systems to improve our existing network, whether to supplant our existing router or its Wi-Fi functionality. In this situation, you may want to convey your existing network’s parameters to the new network so you don’t have to go around to each client device that uses Wi-Fi to set it up for the network. It is although the procedure is simplified with most of these systems implementing WPS-based “push-to-connect” client-device setup on each module.

Use an access point and a wired backbone or one of these kits?

The distributed-Wi-Fi systems do appeal to people who don’t go for a “hands-on” approach in optimising their home network’s Wi-Fi performance. They are also useful for those of us who live in a high-turnover neighbourhood where people are moving in and out frequently. You will also have to be sure that you are not dealing with radio obstacles like interior walls made out of dense materials like that double-brick home that has am extension.

On the other hand, a traditional access point linked to an Ethernet or HomePlug wired backbone can work well for those of us who don’t mind a hands-on approach to set up the system and don’t face a situation where they have to readjust their home network regularly.

It is also important if we want to use a mix of equipment from different vendors or place high importance on a wired backhaul for reliability. To the same extent, the traditional access point with the wired backhaul is infact the surefire path for dealing with a multiple-building situation such as reaching the granny flat or man-cave garage.

Conclusion

At the moment, the distributed-Wi-Fi system, especially the mesh-based variant, is a technology still in its infancy. What needs to happen for this technology to become more accepted is that it can work in a purely heterogeneous vendor-independent manner, something that has to be facilitated through the implementation of standards that cover mesh networking and simplified setup / configuration requirements.

But the fact that major home-network vendors are coming in on the act rather than it being owned by Silicon-Valley startups means that the product class is becoming increasingly viable as a solution for poor Wi-Fi network coverage.

Send to Kindle