Network Connectivity Devices Archive

AVM earns Connect awards for their routers

Article – From the horse’s mouth

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM earns more industry recognition for their Fritz!Box devices

AVM

AVM is delighted to win two Connect awards (Press Release)

My Comments

AVM has just earned two Connect awards for their German-designed home-network technology.

The first of these was for the Fritz!Box routers and mesh setup. No wonder they would earn industry recognition for their home-network products especially since they were the first company to break the mould regarding home-network routers by supplying self-updating firmware.

The issue of self-updating firmware became very important due to the fact that most of us aren’t updating our home-network router’s firmware regularly and it was a security hole. This is thanks to the “out-of-the-box” software coming with bugs and weaknesses that can be exploited by hackers against the typical home network.

Another step in the right direction was to implement distributed-wireless networking through a free software update rather than requiring customers to replace their AVM home-network devices. This was about providing a function update to the Fritz!Box modem router’s FritzOS firmware to open up this functionality. There was even the ability to roll out the functionality to Fritz!WLAN Repeaters and Fritz!Powerline access points to bring on the simplified distributed-wireless functionality to them all. It also applied to some recent-model Fritz!Box modem routers to cater for the reality that an older router can be “pushed down” to be an access point while the new router works as the edge of your home network.

But they also earned awards for their IP-based telephony equipment which was considered important as European telcos are moving towards IP-based telephony and away from the traditional telephone system. One of the products was a CAT-iQ DECT cordless handset that worked with their Fritz!Box modem routers that had DECT hase-station functionality for VoIP telephony. This had abilities similar to what you would expect of a mobile phone of the “feature phone” class.

What is being shown here is that the European companies are coming through on functionality innovation when it comes to the home-network “edge” router or infrastructure devices for your home network.

Send to Kindle

The UK to mandate security standards for home network routers and smart devices

Articles UK Flag

UK mulls security warnings for smart home devices | Engadget

New UK Laws to Make Broadband Routers and IoT Kit More Secure | ISP Review

From the horse’s mouth

UK Government – Department of Digital, Culture, Media and Sport

Plans announced to introduce new laws for internet connected devices (Press Release}

My Comments

A common issue that is being continually raised through the IT security circles is the lack of security associated with network-infrastructure devices and dedicated-function devices. This is more so with devices that are targeted at households or small businesses.

Typical issues include use of simple default user credentials which are rarely changed by the end-user once the device is commissioned and the ability to slip malware on to this class of device. This led to situations like the Mirai botnet used for distributed denial-of-service attacks along with a recent Russia-sponsored malware attack involving home-network routers.

Various government bodies aren’t letting industry handle this issue themselves and are using secondary legislation or mandated standards to enforce the availability of devices that are “secure by design”. This is in addition to technology standards bodies like Z-Wave who stand behind logo-driven standards using their clout to enforce a secure-by-design approach.

Netgear DG834G ADSL2 wireless router

Home-network routers will soon be required to have a cybersecurity-compliance label to be sold in the UK

The German federal government took a step towards having home-network routers “secure by design”. This is by having the BSI who are the country’s federal office for information security determine the TR-03148 secure-design standard for this class of device.  This addresses minimum standards for Wi-Fi network segments, the device management account and user experience, along with software quality control for the device’s firmware.

Similarly, the European Union have started on the legal framework for a “secure-by-design” certification approach, perhaps with what the press describe as an analogy to the “traffic-light” labelling on food and drink packaging to indicate nutritional value. It is based on their GDPR data-security and user-privacy efforts and both the German and European efforts are underscoring the European concern about data security and user privacy thanks to the existence of police states within Europe through the 20th century.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

… as will smart-home devices like the Amazon Echo

But the UK government have taken their own steps towards mandating home-network devices be designed for security. It will use their consumer-protection and trading-standards laws to have a security-rating label on these devices, with a long-term view of making these labels mandatory. It is in a similar vein to various product-labelling requirements for other consumer goods to denote factors like energy or water consumption or functionality abilities.

Here, the device will be have requirements like proper credential management for user and management credentials; proper software quality and integrity control including update and end-of-support policies; simplified setup and maintenance procedures; and the ability to remove personal data from the device or reset it to a known state such as when the customer relinquishes the device.

Other countries may use their trading-standards laws in this same vein to enforce a secure-by-design approach for dedicated-function devices sold to consumers and small businesses. It may also be part of various data-security and user-privacy remits that various jurisdictions will be pursuing.

The emphasis on having proper software quality and integrity requirements as part of a secure-by-design approach for modem routers, smart TVs and “smart-home” devices is something I value. This is due to the fact that a bug in the device’s firmware could make it vulnerable to a security exploit. As well, it will also encourage the ability to have these devices work with highly-optimised firmware and implement newer requirements effectively.

At least more countries are taking a step towards proper cybersecurity requirements for devices sold to households and small businesses by using labels and trading-standards requirements for this purpose.

Send to Kindle

The successor to the Freebox Révolution has arrived in France

Articles Freebox Delta press photo courtesy of Iliad (Free.fr)

Xavier Niel unveils new Freebox with Alexa, Devialet, Sigfox, Netflix | TechCrunch

French Language / Langue française

Free annonce ses nouvelles Freebox : la Freebox Delta et la Freebox One | FreeNews

Freebox One : pour les accros à Netflix (et c’est tout) | ZDNet.fr

Freebox Delta : voici la box qui doit sauver Free | ZDNet.fr

From the horse’s mouth

Free.fr (French Language / Langue française)

Freebox Delta (Press Release / Communiqué de presse – PDF)

Freebox One (Press Release / Communiqué de presse – PDF)

My Comments

While the “gilets jaunes” were protesting about the cost of living in France, Free.fr had just launched a long-awaited successor to the Freebox Révolution modem-router and media player setup.

The Freebox Révolution was a device symbolic of the highly-competitive telecommunications and Internet-service market that exists in France. It is a xDSL modem-router with an Ethernet connection and a NAS that is also a DLNA-compliant media server. It works with a set-top media player that has an integrated PVR and Blu-Ray player. But over the years, these units took on new functionality that was extraordinary for carrier-provided equipment such as VPN endpoint and Apple AirPlay functionality. Infact I saw it as a benchmark for devices supplied by telcos and ISPs for Internet access when it came to functionality.

Here, there are two systems – one called the Freebox Delta which is positioned at the premium end of the market, and the other called the Freebox One which is positioned as an entry-level offering.

The Freebox Delta has a server unit which combines a modem-router and a NAS that is equivalent to a baseline 4-bay standalone NAS. The WAN (Internet) side can work with a 10Gb fibre connection, an xDSL connection or a 4G mobile broadband connection. But it is the first modem-router that can aggregate the bandwidth of an xDSL connection and a 4G mobile broadband connection for increased throughput.

On the LAN side, there is a Wi-Fi 5 (802.11ac) connection working across three bands and implementing MU-MIMO wireless connectivity. It is in conjunction with an integral four-port Gigabit Ethernet switch. There is the ability to link to the Freebox Delta Player in another room using the FreePlugs which are Gigabit HomePlug AV2 adaptors that Free.fr provides but these are actually network adaptors that use the USB-C peripheral connection approach.

The VoIP functionality that any “box” service offered by the French carriers provides has an RJ11 endpoint for a telephone as well as a DECT base station. There is a USB-C connection along with NFC support.

But Free.fr are even having the Freebox Delta as part of a home-automation system by providing hardware and software support for home-automation hub functionality. It is thanks to Free’s partnership with the Sigfox smart-home software platform. This is based around Zigbee technology with Free.fr and others supplying “smart-home” devices complying with this technology.

The Freebox Delta Player is effectively a connected speaker made by Devialet, a French hi-fi name of respect when it comes to speaker.  But it is a soundbar that uses 6 drivers to yield effectively a 5.1 surround-sound experience.

It works with a French-based voice-driven home assistant (OK Freebox) that handles basic commands but can work with Amazon Alexa which gives it access to the Amazon Alexa Skills library. This is achieved through a four-microphone array and is another way for a European company to effectively answer Silicon Valley in the field of voice-driven assistant platforms.

It can yield pictures to the 4K HDR 10 standard using an HDMI 2.1 socket compliant with the HDCP 2.2 standard and supporting eARC audio transfer that allows for best use with 4K UHD TVs. There is also a DVB-T2 tuner for over-the-air digital TV. You can control the Freebox Delta Player using a wirelessly-charged touchscreen remote which charges on a Qi-compliant wireless charging plate integrated in this media player. Let’s not forget that this device is up-to-date by implementing USB-C peripheral connectivity for two peripherals.

The Freebox Delta will cost EUR€480 to buy, with payment options of  EUR€120 per month over 4 months, EUR€10 per month over 48 months or the full upfront price being paid. The service will cost at least EUR€49.99 per month.

Freebox One press picture courtesy of Iliad (Free.fr)

Freebox One – the entry-level solution

The Freebox One is an entry level single-piece multimedia player and modem-router unit. This will have a Gigabit Fibre and xDSL connectivity on the WAN (Internet) side and Wi-Fi 5 (802.11ac) and four Gigabit Ethernet ports on the LAN side. There will be the DECT VoIP base for the telephony function along with a DVB-T connection for digital TV. It can work with 4K HDR 10 via an HDMI 2.1 (HDCP 2.2 compliant) port for your 4K UHDTV.

It has a front-panel display that is similar to the previous generation of Freebox systems.  You can get this device for EUR€29.99 per month for first year, EUR€39.99 per month as a Freebox hardware-and-services package of the kind you get in France.

With both Freebox systems, I would expect that Free.fr will regularly release new firmware that will add extra functionality to these devices over the years. When you get these “boxes”, you will find that there is more of an incentive to visit the “mis à jour” part of the user interface and frequently update their software.

By offering the Freebox Delta for sale rather tied with a multiple-play service package, Free.fr wants to be able to sell this unit as a device you can use with other services. This means that they can put themselves on the same footing as AVM by being another Continental-European source of highly-capable always-updated consumer premises equipment for your home network.

But what needs to happen is for the European consumer IT firms to create hardware and software platforms that can effectively answer what Silicon Valley has to offer. Who knows which European companies will end up as the “Airbus” or “Arianespace” of consumer and small-business IT?

Send to Kindle

Germany to set a minimum security standard for home-network routers

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Germany has defined a minimum standard for secure broadband router design

Germany proposes router security guidelines | ZDNet

From the horse’s mouth

BSI (German Federal Office for Information Security)

TR-03148 Secure Broadband Router 1.0 (PDF)

My Comments

It is being identified that network connectivity devices and devices that are part of the Internet-Of-Things are being considered the weakest point of the secure Internet ecosystem. This is due to issues like security not being factored in to the device’s design along with improper software quality assurance when it comes to the devices’ firmware.

The first major incident that brought this issue to the fore was the Mirai botnet attack on some Websites and dynamic-DNS servers through the use of compromised firmware installed in network videosurveillance cameras. Recently in 2016, a similar Mirai-style attack attempt was launched by the “BestBuy” hacker involving home-network routers built by Zyxel and Speedport.There was a large installed base of these routers because they were provided as standard customer-premises equipment by Deutsche Telekom in Germany. But the attempt failed due to buggy software and the routers crashed.

Now the BSI who are Germany’s federal information-security government department have taken steps towards a baseline set of guidelines concerning security-by-design for these home-network routers. It addresses both the Internet-based attacker sithation and the local-network-based attacker situation such as a computer running malware.

Key requirements

Wi-Fi segments

There are requirements concerning the LAN-side private and guest Wi-Fi segments created by these devices. They have to work using WPA2 or newer standards as the default security standard and the default ESSIDs (wireless network names) and Wi-Fi passphrases can’t relate to the router itself like its make or model or any interface’s MAC address.

As well, guest Wi-Fi and community / hotspot Wi-Fi have to be treated as distinct separate logical networks on the LAN side and they have to be “fenced off” from each other. They will still have access to the WAN interfaces which will be the Internet service. The standard doesn’t address whether these networks should implement client-device isolation because there may be setups involving a requirement to discover printers or multimedia devices on these networks using client software.

Router management

The passwords for the management account or the Wi-Fi segment passphrases have to be tested against a password-strength algorithm when a user defines a new password. This would be to indicate how strong they are, perhaps through a traffic-light indicator. The minimum requirement for a strong password would be to have at least eight characters with at least 2 each of uppercase, lowercase, number and special characters.

For the management account, there has to be a log of all login attempts along with lockout-type algorithms to deter brute-force password attacks. It would be similar to a code-protected car radio that imposes a time delay if the wrong passcode is entered in the radio. There will be an expectation to have session-specific security measures like a session timeout if you don’t interact with the management page for a certain amount of time.

Other requirements for device management will include that the device management Webpage be only accessible from the main home network represented by the primary private Wi-Fi segment or the Ethernet segment. As well, there can’t be any undocumented “backdoor” accounts on the router when it is delivered to the customer.

Firmware updating

But the BSI TR-03148 Secure Broadband Router guidelines also addresses that sore point associated with router firmware. They address the issue of updating your router with the latest firmware whether through an online update or a file you download to your regular computer and upload to the router.

But it is preferred that automatic online updates take place regarding security-related updates. This will most likely extend to other “point releases” which address software quality or device performance. Of course, the end-user will need to manually update major versions of the firmware, usually where new functionality or major user-interface changes take place.

The router manufacturer will be required to rectify newly-discovered high-severity security exploits without undue delay once they are notified. Here, the end users will be notified about these software updates through the manufacturer’s own public-facing Website or the router’s management page.

Like with most regular-computer and mobile operating systems, the use of software signatures will be required to authenticate new and updated firmware. Users could install unsigned firmware like the open-source highly-functional firmware of the OpenWRT kind but they will need to be warned about the deployment of unsigned firmware on their devices as part of the deployment process. The ability to use unsigned firmware was an issue raised by the “computer geek” community who liked to tinker with and “soup up” their network hardware.

Users will also need to be notified when a manufacturer ceases to provide firmware-update support for their router model. But this can hang the end-user high and dry especially if there are newly-discovered weaknesses in the firmware after the manufacturer ceases to provide that software support.

The standard also places support for an “anti-bricking” arrangement where redundant on-device storage of prior firmware can exist. This is to avoid the router from “bricking” or irreversibly failing if downloaded firmware comes with software or file errors.

Other issues that need to be addressed

There are still some issues regarding this standard and other secure-by-design mandates.

One of these is whether there is a minimum length of time for a device manufacturer to continue providing security and software-quality firmware updates for a router model or series after it is superseded. This is because of risks like us purchasing equipment that has just been superseded typically to take advantage of lower prices,  or us keeping a router in service for as long as possible. This may be of concern especially if a new generation of equipment is being released rather than a model that was given a software-compatible hardware refresh.

Solutions that could be used include open-sourcing the firmware like what was done with the Linksys WRT-54G or establishing a known-to-be-good baseline firmware source for these devices while continuing to rectify exploits that are discovered in that firmware.

Another is the existence of a logo-driven “secure-by-design” campaign directed at retailers and the general public in order to encourage us to buy or specify routers that are compliant to this standard.

An issue that needs to be raised is whether to require that the modem routers or Internet-gateways supplied as standard customer-premises-equipment by German ISPs and telcos have a “secure-by-design” requirement. This is more of an issue with Internet service provided to the average household where these customers are not likely to fuss about anything beyond getting Internet connectivity.

Conclusion

The BSI will definitely exert market clout through Europe, if not just the German-speaking countries when it comes to the issue of a home network that is “secure by design”. Although the European Union has taken some action about the Internet Of Things and a secure-by-design approach, they could have the power to make these guidelines a market requirement for equipment sold in to the European, Middle Eastern and African areas.

It could also be seen by other IT bodies as an expected minimum for proper router design for home, SOHO and SME routers. Even ISPs or telcos may see it as an obligation to their customers to use this standard when it comes to specifying customer-premises equipment that is supplied to the end user.

At least the issue of “secured by design” is being continually raised regarding home-network infrastructure and the Internet Of Things to harden these devices and prevent them from being roped in to the next Mirai-style botnet.

Send to Kindle

SAT-IP technology to extend to terrestrial and cable TV setups

Article – From the horse’s mouth

Broadcast-LAN setup

This could become the way to distribute cable and terrestrial TV around the home in Europe

AVM

SAT>IP — what is it? (Blog Post relating to DVB-C broadcast-LAN abilities in some AVM FritzBox cable modem routers)

My Comments

In Europe, SAT-IP, properly spelt SAT>IP, has been established as a broadcast-LAN standard for satellite-TV setups. This implements a satellite broadcast-LAN tuner that connects between the satellite dish and your home network, whereupon a a compatible TV or set-top box or a computing device running compatible software “tunes in” and picks up the satellite broadcast.

Lenovo Yoga Tab Android tablet

A mobile-platform tablet running a SAT-IP client could end up serving as a portable TV for a cable or terrestrial TV setup

At the moment, Panasonic smart TVs pitched to the European market can work with a SAT-IP setup, with Loewe rolling this feature in to their models, but there is a wide range of software including VLC that can work with this setup along with a significant number of set-top boxes.

But this technology is being taken further by extending it to terrestrial and cable TV setups, especially in Germany which has a infrastructure-agnostic policy regarding the distribution of free-to-air and pay TV. That is you could watch Tatort on Das Erste in that country no matter whether you are using the traditional TV antenna, a cable-TV infrastructure or a satellite dish. Some online resources in that country even use the name TV-IP or TV>IP to describe this all-encompassing approach.

Dell Inspiron 13 7000 2-in-1 Intel 8th Generation CPU at QT Melbourne hotel - presentation mode

.. as could one of these Windows-based 2-in-1 convertibles

There is still the issue with rented properties and most multi-family developments where there is only one point of entry for the cable-TV service and it becomes more of a hassle to add extra cable-TV outlets around the premises for extra sets. There is also the fact that most of us are using laptops, tablets and smartphones in lieu of the portable TV for doing things like watching “guilty-pleasure” TV around the home.

AVM are releasing Fritz!OS 7 firmware for their Fritz!Box 6490 Cable and Fritz!Box 6590 Cable modem routers that provides a SAT-IP server functionality to extend these devices’ broadcast-LAN abilities, initially facilitated using DLNA. They also are rolling this function to the Fritz!WLAN Repeater DVB-C which is another broadcast-LAN device for cable TV in addition to a Wi-FI repeater.

Once updated, these Fritz!Box cable modem routers and the Fritz!WLAN Repeater DVB-C will present the DVB-C cable-TV and radio signals to any SAT-IP client device or software as if you are using a SAT-IP satellite broadcast-LAN device. I also see this working with those SMATV (shared satellite dish) setups for larger building that repackage satellite TV and terrestrial TV channels as DVB-C-compatible cable-TV channels.

I wouldn’t put it past other broadcast-LAN vendors courting the European market to have their non-satellite devices become SAT-IP servers. But also what needs to happen is that more TV manufacturers to implement SAT-IP-based technologies “out of the box” across their product ranges.

It could appeal to a hassle-free approach to TV-location approach where you have a single entry point for your TV aerial, cable-TV service or satellite dish but you use your home network, be it Wi-Fi 5/6 (802.11ac/ax), HomePlug AV2 or Ethernet, and a SAT-IP compatible broadcast-LAN box to permit you to relocate your TV or add more sets as you please. This is without having to call in a TV-aerial technician to install extra sockets or get the landlord to assent to their installation.

Another factor that would drive SAT-IP or TV-IP further would be to build support for it in to games consoles and similar devices that are expected to be single-box multimedia terminals. Think of devices like the XBox One, PS4, Apple TV and the like, or regular computers running their native operating systems.

But it may be seen as a big ask unless this technology is implemented beyond continental Europe. This is due to the common tech attitude that if a technology isn’t implemented beyond a particular geographic area or isn’t implemented in the USA, it will miss the boat for native operating-system support.

Send to Kindle

The first proven retail 5G device comes in the form of a Mi-Fi router

Netgear Nighthawk 5G Mobile Hotspot press image courtesy of NETGEAR USA

Netgear Nighthawk 5G Mobile Hotspot – first retail 5G device

Article – From the horse’s mouth

NETGEAR

NETGEAR Nighthawk® 5G Mobile Hotspot – World’s First Standards-Based Millimeter Wave Mobile 5G Device (Blog Post)

My Comments

There has been a lot of talk about 5G mobile broadband lately with Telstra running consumer trials of this technology in the Gold Coast using 5G “Mi-Fi” devices installed at fixed locations.

Of course, some people are seeing it as an alternative to wireline and fibre next-generation broadband deployments. Here, they are trying to see the technology as an enabler for the “digital nomadic” lifestyle where people live and work while roaming from place to place, keeping in touch with the world with mobile telecommunications technology.

But NETGEAR and AT&T have stepped forward with a production-grade consumer endpoint device as part of a production-grade 5G network being rolled out across the USA. It is typically assumed that the first production-grade consumer endpoint device for a new mobile broadband technology will be a smartphone of some sort or a USB wireless-broadband modem. But this time it is a highly-portable “Mi-Fi” router in the form of a NETGEAR Nighthawk 5G Mobile Hotspot.

Here, it is to use a device that could support high-throughput data transfer arrangements with a network of mobile devices and take advantage of what a production 5G network could offer. As well, the WAN (Internet) aspect of the NETGEAR Nighthawk 5G Mobile Hotspot is based on millimetre-wave technology and is designed according to standards.

Being the first device of its kind, there could be issues with connection reliability because of it implementing technology that is too “cutting-edge”. As more service providers “light up” standards-based 5G networks in more areas and more device manufacturers offer 5G mobile-endpoint devices, it will be the time to show whether 5G can really satisfy mobile-broadband users’ needs or be a competitor to fixed broadband.

I will update this article as NETGEAR and AT&T release more information about this Mi-Fi’s capabilities.

Send to Kindle

NETGEAR implements a multi-tiered approach to Power-Over-Ethernet

Articles – From the horse’s mouth

NETGEAR GS108PP ProSafe Gigabit Unmanaged 8-port Switch with Power-Over-Ethernet Plus press picture courtesy of NETGEAR

The NETGEAR GS108PP switch is able to run with different power supplies to offer different Power-Over-Ethernet power budgets

NETGEAR

NETGEAR LAUNCHES INDUSTRY’S FIRST UNMANAGED SWITCH WITH FLEXIBLE POWER OVER ETHERNET OPTIONS {Press Release)

Flexible PoE Switch with Power Upgrade Options {Blog Post}

Product Page

Previous Coverage

NETGEAR offers an affordable 8-port Gigabit unmanaged switch with Power Over Ethernet Plus on all ports

My Comments

I had previously written up about the NETGEAR GS108PP 8-port Gigabit Ethernet switch with Power Over Ethernet Plus available on all ports as an example of this company offering an Ethernet switch with desirable features at a price that would be seen to be reasonable for small-network applications. Here, it was about each of the eight ports being “powered” to the Power-Over-Ethernet-Plus (802.3at) standard rather than half of the ports, something that was happening with affordable “few port” Power-Over-Ethernet gear that was fit for small networks.

At the time of the previous article, MWAVE, an independent online computer-parts reseller, offered this device to the Australian market for AUD$169 tax inclusive before shipping, but now this price has dropped to AUD$155 tax inclusive.

It is part of a family of 8-port and 16-port Gigabit Ethernet switches with Power Over Ethernet Plus power-supply on all ports that NETGEAR has taken an interesting approach with the overall power budget that these devices could offer.

Here, they offer different power budgets for the GS108LP / GS108PP (8 port) and GS116LP / GS116PP (16 ports) by packaging different power supplies with the different units so these have a different power budget depending on what you buy. They also offer a range of power adaptors with the same voltage (54VDC) but with different current outputs that are available through the aftermarket.

NETGEAR has established this arrangement to allow a network installer to buy an Ethernet switch with a Power-Over-Ethernet power budget that is “right-sized” for the user’s current needs. Then if these need change, they can upgrade the power supply to answer these newer needs.

Power Supply
Bold text is “in-box” option
GS108LP GS108PP GS116LP GS116PP
54VDC 1.25A (67.5W) 60W 60W
54VDC 1.66A (90W) 83W 83W 76W 76W
54VDC 2.4A (130W) 123W 123W 115W 115W
54VDC 3.7A (200W) 183W 183W

This could suit a reality with installations where you are running one or two Power-Over-Ethernet devices to see how you go with this new idea. It may include you upgrading an older device powered by its own “wall-wart” to a simplified Power-Over-Ethernet setup thanks to an active splitter box. Then you decide to add on more Power-Over-Ethernet devices or upgrade extant devices to those with better capabilities while giving them the same kind of treatment as a typical fridge or TV – “bumping” the older unit down to a secondary role in the installation.

Here, you simply switch out the not-so-powerful power supply with one that is more powerful when you are wanting to add more power to the installation rather than junking a perfectly-good Power-Over-Ethernet switch and replacing it with something more powerful. The NETGEAR Ethernet switch can exist in your network for a longer time, serving the higher power load, until newer needs come about such as to head towards a managed switch or something better. Typically this is a plug-and-play upgrade but you may have to flick a slider on the NETGEAR switch to allow it to work with the different power load.

Network installers who sell these switches can also find it useful to keep more of the power supplies as well as these switches so that they can “right-size” their installations through the installation’s life. It can also allow for the ability for them to retain the lower-output power supplies from an “upsized” installation to use on another lower-power-demand installation if the original power supply at that installation burnt out.

What I like about this approach that NETGEAR took with these unmanaged Power-Over-Ethernet switches is the idea of providing an upgrade path for people who own an existing unit but have different needs. It also avoids the need to throw away perfectly-working equipment just because you have a different power requirement.

As well, the NETGEAR GS108LP Power-Over-Ethernet switch could be offered at a two-figure price for people and businesses who want to get their feet wet with a Power-Over-Ethernet setup. This is especially if they are seeing the idea of using active splitters to power existing devices like access points or 5-port Ethernet switches “down the line” before going “full steam” with new devices.

Send to Kindle

What could be done to simplify your router upgrade

Telstra Gateway Frontier modem router press picture courtesy of Telstra

There needs to be a standard filetype to simplify the process of upgrading your home network router without reconfiguring your home network

An issue that will crop up through the life of a home network is to upgrade the router. This will be brought on with replacement of carrier-supplied equipment with retail equipment, replacing that half-dead router that you are always powering off and on many times a week, or upgrading to higher-performance equipment.

But you will end up having to transcribe out configuration data from your old equipment so you can enter it in to your new equipment especially if you want to avoid having to reconfigure other network equipment on your same home network.

Most routers offer a way for users to back up the current configuration details. This is typically to allow a user to do things like perform a factory resent or to test a configuration without losing a prior known-to-work state.

The process typically requires the user to download a configuration file to the computer they are configuring the router from in a similar manner to downloading a resource from the Web. But there isn’t a consistent file schema for storing this data in a manner for transferring to devices supplied by different vendors. In some cases, you may not be able to transfer the configuration data to newer equipment from the same vendor such as to install a newer router model.

AVM have taken steps in the right direction by allowing users to save a configuration from an older Fritz!Box router and upload it to a newer Fritz!Box router running a newer version of the Fritz!OS firmware. It is also to factor in allowing the router to persist your configuration to a newer version of the firmware.

But what can be done to make this work better would be to use a standard file format, preferably an XML-based schema which could be used for storing a router configuration. This would have to be agreed upon by all of the vendors to provide true vendor interoperability.

There would also be issues about providing multiple methods of storing this data. It could be about maintaining the traditional HTTP download / upload approach with Web clients on the same local network. Or it could also be about transferring the data between a USB Mass Storage device and the router such as to facilitate an out-of-box install.

Such a setup could allow for a range of scenarios like simplifying the upgrade path or to make it easier for support staff to keep information about different configurations they are responsible for.

The configuration data would have to cater for WAN (Internet) and LAN details including details regarding Wi-Fi wireless network segments, advanced network setups like VLAN and VPN setups, VoIP endpoint setups as well as general and security-related data.

Of course an issue that will crop up would be assuring the user of proper network security and sovereignty, something that could be assured through not persisting the management password to a new router. Also you won’t be able to keep Wi-Fi channel data especially if you deal with self-optimising equipment, because you may have to face an evolving Wi-Fi spectrum landscape.

What will need to happen is to provide methods to allow seamless upgrading of devices that serve as your network-Internet “edge” so you can simplify this upgrade process and get the most out of the new equipment.

Send to Kindle

Understanding the new distributed-Wi-Fi systems

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

NETGEAR Orbi distributed WiFi system – understanding these devices and whether to purchase them or not

A new class of home-network device has been appearing over the last year or so in the form of the “distributed Wi-Fi system”, sometimes known as the “mesh Wi-Fi system”.

These systems consist of two or three modules, one working as your home network’s router and the other modules working as access points. But they have features that are different to setups where you use an ordinary access point and wired-network backbone or a range extender to extend your Wi-Fi wireless network’s coverage.

Some ISPs are even offering distributed-Wi-Fi systems as a product differentiator for their premium packages or as an add-on that customers can buy. They are offering these devices in response to their customer base complaining to their support desks and “bricks-and-mortar” storefronts regarding poor Wi-Fi coverage.

Core features

Simplified setup and self-tuning

When you set up these devices, you don’t have to determine the operating frequency for each of the modules nor do you have to deal with multiple devices for your network to run properly.

Typically the only hands-on requirement is to work with one management interface when adjusting your network’s settings. You may even find that this interface is where you set up things like your Internet connection parameters or your network’s ESSID and enable / disable any particular features the system has.

You may find that the procedure involved with enrolling additional node devices to an existing distributed-Wi-Fi system may be as simple as pairing a network client device to a Wi-Fi network using WPS push-button pairing. This would simply be about pressing a button on the new device then pressing a button on one of the existing devices or the main node.

These systems continually re-adjust the operating frequency and other parameters so as to cope with changes in operating circumstances.

For example, if one or more of your neighbours set up new home networks or add access points and range extenders to these networks, you may find that your network underperforms due to the neighbouring networks operating on the same frequency. Even someone running a “Mi-Fi” mobile router or using their smartphone’s “Internet-share” mode could affect the network’s performance.

But the typical distributed-Wi-Fi system will automatically tune itself to different frequencies when these situations do occur. As well, it may implement other tactics to provide the best signal strength for your client devices.

Automatic creation of a single Wi-Fi network

A problem that users will have especially with wireless range extenders is that your network is split up in to multiple extended service sets or Wi-Fi networks. This can cause problems with users having to switch between different network names to gain the best coverage, something that can daunt a lot of users.

If you set up a traditional access-point setup with a wired (HomePlug or Ethernet) backbone, you have to “copy” the SSID and security parameters to each access point’s setup interface. A few HomePlug access points simplify this task using a WPS-based “Wi-Fi Clone” function where you activate this function then press the WPS button on your router to “copy over” the network parameters to the access point.

But these systems allow you to create your network’s SSID and security parameters with these being reflected across all of the modules that are part of the system. This includes implementing these parameters across all wavebands that these distributed Wi-Fi systems support.

This leads to a network that has the same kind of “roam-ability” as what would be expected for larger Wi-Fi networks with multiple access points. It is similar to what you would have expected with a properly-set-up traditional access-point network.

System types

Mesh-based distributed Wi-Fi system

Mesh-based distributed Wi-Fi system – each device links with each other

There are two different approaches being implemented with distributed Wi-Fi systems. These affect how the wireless backhaul signal is provided between each of the system’s modules.

Mesh system

The mesh method, implemented by Linksys Velop, Google WiFi, and eero require the use of three or more modules with one of these serving as the “edge” router for the network.

Here, the wireless backhaul works on a mesh approach where each module effectively receives signals from and transmits signals to the other modules that are in range. There is some fault-tolerance in these setups where the receiving module (node) can rely on other transmitting nodes if one of them fails. On the other hand, the receiving node aggregates the bandwidth it receives from two or more nodes of the network for higher throughput.

Router-extender / hub-satellite system

Hub-satellite distributed-Wi-Fi system

Hub-satellite distributed Wi-Fi system – uses extender devices connected to a router

The other approach, followed by the DLink Covr and the Netgear Orbi works in a similar vein to a traditional router and range-extender setup or traditional multiple-access-point setup.

Here, the satellite nodes in this system provide a single backhaul link to the hub node which typically is the router. The better designed systems like the NETGEAR Orbi use a dedicated wireless link for their wireless backhaul. This avoids competition for bandwidth by the portable client devices and the satellite nodes wanting to repeat the signal.

Features and limitations regarding these systems

Router-only or access-point functionality

Most of the distributed wireless setups are connected to the Internet in the same vein as a router where they create their own logical network. This setup appeals to users who have a modem that provides a media-level connection to their Internet service like a cable modem, optical-network terminator or a wireless-broadband modem.

This will be a limitation for users who have a modem router like most xDSL connections or users that implement a router that offers very advanced functionality like a VPN endpoint or VoIP gateway.

If you have one of these setups and want to use a distributed wireless system, look for one that offers access-point functionality or network-level bridging functionality. Here, these systems just connect to an Ethernet LAN socket on the existing router but you would have to disable the Wi-Fi functionality on the router if you use one of these systems if the node is closely located to the router.

Dedicated wireless backbone

Better-designed systems will implement a separate wireless backbone that isn’t used by any of the client devices. These systems will use specific radio front-ends and create a separate wireless network specifically for this backbone while each node has other radio front-ends that simply serve as the Wi-Fi access point for that area.

The benefit that is provided here is that the backhaul isn’t being shared with client devices that in the node’s good-reception area. That allows for optimum bandwidth for your distributed-Wi-Fi setup.

Alternative wired backbone

A handful of these systems are offering a wired backbone as an alternative setup for the network that they establish. This is provided through either an Ethernet LAN connection on the nodes or a setup may implement HomePlug AV500 or AV2 powerline networking as the wired backbone.

This feature may be of value for environments where the wireless backhaul just won’t perform as expected such as houses with interior walls made of highly-dense materials. Or these setups can come in to their own with multi-building home networks, where a wired link like HomePlug AV2 powerline networking for existing setups or Ethernet for new setups could link the buildings. On the other hand, if you wired your home for Ethernet, a distributed wireless system that implements support for an Ethernet wired backbone can exploit this infrastructure by allowing you to push out the network coverage further.

These systems should be able to treat the wired backbone as though it is another wireless backbone or part of the mesh. With some of these systems, you could push out a wireless backbone that refers to one of the nodes connected to the wired backbone as its “master” node rather than the main router.

Internet-dependent operation

There are some distributed-wireless systems that are dependent on an Internet connection for them to operate and for you to manage them. Most likely this is evident if the user interface is through a mobile-platform app that links to an Internet resource; along with heavy talk of “cloud operation” in the product documentation. This kind of setup is one that some new Silicon-Valley outfits are heading down the road towards as they want us to join the Internet-dependent “cloud bus”.

On the other hand, a system that isn’t dependent on an Internet connection for you to manage the network will allow you to visit a Web-page dashboard through a local network address or resource name and fully manage your network via that dashboard created by the router or node. Some of these systems that have UPnP IGD or management functionality enabled may make themselves discoverable using a Windows computer on the same network if you open Windows Explorer / File Explorer and see it listed as a Network device.

This is the traditional practice for most home and small-business network hardware and such a setup may offer the ability to be managed within your network using a mobile-platform app that points to the local resource. But this setup allows you to manage or troubleshoot your network even if the Internet connection is down. You also benefit from the ability to get your network ready before your Internet service is provisioned or deal with service-provisioning scenarios like changing your service provider or connection technology, or dealing with Internet services that authenticate with usernames and passwords.

What should I buy?

Not every distributed-Wi-Fi setup suits every house. This is because different houses come in differing sizes and compositions.

I would pay attention to those distributed-wireless systems like the NETGEAR Orbi that offer a choice of different nodes that have differing signal strengths at different price points. The benefit with these systems is that you can effectively shape your Wi-Fi network’s coverage to your premises size and shape.

For example, an entry-level package with a low-output satellite node could earn its keep with providing coverage to an area at the edge of your small house or apartment where you sometimes have good reception but could do with “pushing out” the coverage a bit further for better response from smartphones and mobile-platform tablets used in that area. But you would find that a standard distributed-wireless package may be overkill for this situation. Here, it is similar to creating a HomePlug powerline segment to serve a baseline HomePlug wireless access point to fill in that dark spot and achieve that same goal.

But for most homes, you could get by with running a standard distributed-Wi-Fi system that just has two nodes. Here, you install one where your Internet connection would customarily be while the other one either is at the centre of the house or towards the opposite side. A two-storey or split-level building may simply require one of the nodes to be placed upstairs while the other one is downstairs. You may find that houses with a large floor plan may require three or more nodes and/or a mesh-based system for optimum coverage.

Systems that support an Ethernet or HomePlug AV wired backhaul in addition to the wireless backhaul earn their keep with those houses that use dense building materials for one or more of their interior walls. If a system only supports an Ethernet wired backhaul, you can team it with a pair of “homeplugs” to gain the benefit of the powerline-network technology which may answer your need with that old house that has a thick brick or sandstone interior wall.

As for system management, I would prefer to use a distributed-Wi-Fi system that implements Internet-independent setup and management. This means that if the Internet connection should go down and you had to re-configure your system or you move or change service providers, you can do so.

Personally- I would like to see these systems be able to support the ability for one to determine the SSID and security parameters for the wireless network that they are creating. This is important for those of us who are using one of these systems to improve our existing network, whether to supplant our existing router or its Wi-Fi functionality. In this situation, you may want to convey your existing network’s parameters to the new network so you don’t have to go around to each client device that uses Wi-Fi to set it up for the network. It is although the procedure is simplified with most of these systems implementing WPS-based “push-to-connect” client-device setup on each module.

Use an access point and a wired backbone or one of these kits?

The distributed-Wi-Fi systems do appeal to people who don’t go for a “hands-on” approach in optimising their home network’s Wi-Fi performance. They are also useful for those of us who live in a high-turnover neighbourhood where people are moving in and out frequently. You will also have to be sure that you are not dealing with radio obstacles like interior walls made out of dense materials like that double-brick home that has am extension.

On the other hand, a traditional access point linked to an Ethernet or HomePlug wired backbone can work well for those of us who don’t mind a hands-on approach to set up the system and don’t face a situation where they have to readjust their home network regularly.

It is also important if we want to use a mix of equipment from different vendors or place high importance on a wired backhaul for reliability. To the same extent, the traditional access point with the wired backhaul is infact the surefire path for dealing with a multiple-building situation such as reaching the granny flat or man-cave garage.

Conclusion

At the moment, the distributed-Wi-Fi system, especially the mesh-based variant, is a technology still in its infancy. What needs to happen for this technology to become more accepted is that it can work in a purely heterogeneous vendor-independent manner, something that has to be facilitated through the implementation of standards that cover mesh networking and simplified setup / configuration requirements.

But the fact that major home-network vendors are coming in on the act rather than it being owned by Silicon-Valley startups means that the product class is becoming increasingly viable as a solution for poor Wi-Fi network coverage.

Send to Kindle

Netgear offers more of the Orbi extenders

Articles

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

NETGEAR Orbi distributed WiFi system

Netgear releases two (slightly) cheaper Orbi routers | Engadget

Netgear announces two new Orbi routers | TechCrunch

From the horse’s mouth

NETGEAR

Orbi Wi-Fi System

Press Release

Product Page

My Comments

Most of the recently-issued distributed-wireless systems that consist of modules that extend Wi-Fi coverage across a larger area are typically architected for a large suburban home. But you may want to get the coverage right for a smaller or larger area such as a New-York-style apartment or a larger country house.

NETGEAR have revised their Orbi distributed-wireless system which is based on a “router + extender” setup. This consists of a three-band router serving as a hub device while the satellite devices work in a similar vein to the range extender although there is a separate waveband implemented for backhaul purposes as well as providing for a simplified setup and roaming routine. In this system, one of the bands is kept as a backhaul between the extender devices and the router.

But they have released a few more “right-sized” output extenders for the Orbi distributed-wireless system. The original system, known as the RBK50, was capable of working an AC3000 network with a 5000 square-foot coverage. On the other hand, the RBK40 works an AC2200 network capable of covering 4000 square feet of space. There is a third system, known as the RBK30 which uses a satellite unite that plugs directly in to the power outlet like most range extenders or HomePlug devices. This also uses AC2200 network technology and can cover 3500 square feet.

For example, I would recommend for a small single-storey house or apartment the RBK30 if you are answering the typical setup where your router is located at the front or back of the house. Here, you are nudging the coverage out to an area that is not fully covered because of the equipment being up the front. The RBK40 or RBK50 could answer needs like multi-storey or split-level houses, or larger single-storey houses. In this situation, you want to, for example, make sure that there is equal Wi-Fi coverage upstairs and downstairs or, again, “nudge” the coverage out towards the back of your house.

NETGEAR are also selling these repeaters as accessories rather than as part of an Orbi system. This is important for those of you who are wanting to provide infill coverage for an existing Orbi system such as to deal with a larger house.

The NETGEAR Orbi and its peers would work well for buildings where the interior walls aren’t constructed of highly-dense building materials. You would run in to problems with, for example, the brick or sandstone home where you built on an extension, or one of the English cottages where there was an emphasis on brick or masonry construction for the inside walls. The reason I am calling this out is because the Orbi system implements a dedicated 5GHz band for the backhaul while your network devices connect to the router or extender devices using another 5GHz and 2.4GHz band created for the network.

Personally, I would like to see the NETGEAR Orbi systems available as a variant that uses a HomePlug AV500 or HomePlug AV2 powerline backbone or can exploit an Ethernet backbone as an alternative to the wireless backbone for those environments where that backbone can’t cut it.

A question that needs to be raised in the use cases that NETGEAR demonstrates in their online marketing collateral is whether an Orbi Satellite extender can be “daisy-chained” to an extant Orbi Satellite extender. This may be of concern to those of us who decide we want to extend the Orbi System from the extender such as to “push out” the range further.

What I like about the latest NETGEAR Orbi additions is that NETGEAR are “right-sizing” this distributed-wireless system to suit different coverage areas like apartments, small homes and larger homes as well as providing a way to “fill-in” coverage dark spots.

New firmware available for original Orbi system (1.8.0.6)

Send to Kindle