Network Management Archive

Wi-Fi EasyMesh acquires new features in its second release

Articles – From the horse’s mouth

Telstra Smarty Modem Generation 2 modem router press picture courtesy of Telstra

Telstra Smart Modem Generation 2 – the first carrier-supplied modem router to be certified as compatible with Wi-Fi EasyMesh

Wi-Fi Alliance

Wi-Fi CERTIFIED EasyMesh™ enables self-adapting Wi-Fi® (Press Release)

Wi-Fi CERTIFIED EasyMesh™ update: Added features for operator-managed home Wi-Fi® networks {The Beacon blog post)

Technicolor

white-label manufacturer of carrier-supplied home-network modem routers

EasyMesh R2 Will Intelligently Manage Your Home Wi-Fi (Press Release)

Previous Coverage on HomeNetworking01.info about Wi-Fi EasyMesh

Wi-Fi defines a new standard for distributed wireless netowrks

Telstra is the first telco to supply home-network hardware that supports Wi-Fi EasyMesh

My Comments

The Wi-Fi EasyMesh standard that facilitates a distributed-Wi-Fi network without the need to have all equipment from the same equipment or chipset vendor has undergone a major revision. This revision, known as Release 2, is intended to improve network management, adaptability and security as well as supporting proper VLAN / multiple-ESSID operations that is especially required with guest, hotspot and community Wi-Fi applications.

What will Release 2 offer and how will it improve Wi-Fi EasyMesh?

Standardisation of diagnostic information sharing across the network

Wi-Fi EasyMesh Release 2 will make use of the Wi-Fi Data Elements to allow the Controller device to collect statistics and diagnostic information from each access point in a uniform manner. It doesn’t matter which vendors the different equipment in the EasyMesh-compliant Wi-Fi network come from.

Here, it will benefit companies like telcos, ISPs or IT support contractors in identifying where the weaknesses are in a Wi-Fi network that they provide support for. For those of us who support our own networks, we can use the tools provided with the main Wi-Fi router to identify what is going wrong with the setup.

Improved Wi-Fi radio channel management to assure service continuity

The second release of Wi-Fi EasyMesh will offer improved channel management and auto-tuning of the access point radio transceivers. This will make sure that the Wi-Fi network is able to adapt to new changes such as newer networks being setup nearby.

It wll also be about implementing DFS to make sure that Wi-Fi networks that use the 5 GHz bands are working as good neighbours to radar installations like weather radar located nearby and using those bands. This will happen not just on initial setup of any Wi-Fi EasyMesh node but continually which will be of concern when, for example, a local meteorological authority installs a new radar-based weather station in your neighbourhood.

Increased data security for the wireless backhaul

The wireless backhaul for a Wi-Fi EasyMesh R2 network will be more secure through the use of current Wi-Fi data-security protocols like Simultaneous Authentication Of Equals. There will even be the ability to support robust authentication mechanisms and newer stronger cryptographic protocols.

It is seen as necessary because the wireless backhaul is used as the main artery to convey all the network’s traffic between the access points and the main “edge” router. This can appeal to anyone who wishes to snoop on a user’s Internet traffic; and also conveys the fact that the Wi-Fi EasyMesh network is effectively a single LAN segment where all the data for Wi-Fi client devices moves around.

Secure wireless-backhaul support for VLAN-separated data traffic

Increasingly, home-network equipment is implementing VLAN technology for a range of reasons. One of these is to facilitate triple-play services and assure quality-of-service for IPTV and IP-based telephony services offered by the telco or ISP. The other is to facilitate guest/hotspot and community networks that use the same Internet service connection but are effectively isolated from the main home or small-business network.

This release of the Wi-Fi EasyMesh standard will support these setups by configuring each node to support the multiple virtual networks including their own separate extended-service-set configurations. The wireless backhaul will also be set up to create separate “traffic lanes” for each logical network that are securely isolated from each other.

Enhanced client steering

There will be the ability to steer client devices between access points, wavebands or channels to prevent one or more of these resources from being overloaded.

For example, it could be feasible to have dual-band client devices like most laptops, tablets and smartphones work on the 5GHz band if they are dealing with multimedia while keeping the 2.4GHz band for low-traffic needs and single-band devices. Similarly, if a client device “sees” two access points equally, it could be made to use whichever one isn’t being overloaded or has the batter throughput.

Of course, the enhanced client steering will provide a seamless roaming experience similar to what happens with the cellular-based mobile telephony/broadband networks that power our smartphones. This is a feature that is of importance with any device that is highly-portable in nature like a smartphone, tablet or laptop.

Key issues that may surface with Wi-Fi EasyMesh

A key issue that may crop up with Wi-Fi EasyMesh is supporting the use of multiple backhauls across the same network and offering “true-mesh” operation rather than hub-and-spoke operation. Here, it could be about opening up options for load-balancing and increased throughput for the backhaul or providing fault-tolerance for the network.

As well, the idea of a wired backhaul implementing IEEE 1905.1 small-network management technology has to be kept in scope when designing Wi-Fi EasyMesh devices or promoting and implementing this standard. This is more so to encourage HomePlug AV2 or G.Hn powerline-network technology as a companion “wired no-new-wires” backhaul approach for deploying satellite nodes in areas where a wireless backhaul may not perform to expectation but it would be costly or unfeasible to pull Ethernet cable across the premises.

How can this be deployed with existing Wi-Fi EasyMesh networks

There are measures built in to the Release 2 specifications to permit backward compatibility with legacy Wi-Fi EasyMesh network-infrastructure devices like the Telstra Smart Modem Generation 2 that exist in the network.

As well, some vendors are taking the approach of implementing the Release 2 functionality as software form. This makes it feasible for them to bake this functionality in to a firmware update for an existing EasyMesh-compliant router or access point without the need to worry about the device’s underlying hardware.

Conclusion

I see Wi-Fi EasyMesh Release 2 as offering the chance for Wi-Fi EasyMesh to mature as a standard for distributed-Wi-Fi setups within the home and small-business user space. This release may even make it affordable for small businesses to dabble with a basic managed distributed-Wi-Fi setup due to not being required to stay with a particular vendor/

Send to Kindle

Linksys and Deutsche Telekom bring Wi-Fi 6 home networks to the mainstream

Linksys MR7350 Wi-Fi 6 Mesh Router press picture courtesy of Belkin

Linksys MR7350 Wi-Fi 6 Broadband Mesh router – the first of the affordable Wi-Fi 6 routers

Articles

Deutsche Telekom Speedport Smart 4 Plus

Telekom Speedport Smart 4 Plus mit Wi-Fi 6 steht in den Startlöchern {Telekom Speedport Smart 4 Plus with Wi-Fi 6 is in the starting blocks) | Caschy’s Blog (German language / Deutsche Sprache)

Linksys MAX-STREAM AX1800 Mesh Wi-Fi 6 Router

Linksys unveils a more affordable mesh router with WiFi 6 | Engadget

From the horse’s mouth

Linksys

Linksys Expands MAX-STREAM Mesh Router Portfolio With Its Most Affordable WiFi 6 Solution (Press Release)

MAX-Stream Mesh Wi-Fi 6 Router (MR7350) – Product Page

My Comments

Two companies have pushed Wi-Fi routers which are about bringing Wi-Fi 6 (802.11ax) technology within the reach of everyone who is establishing a home network based around a fixed broadband Internet service. This is being drawn out of necessity thanks to smartphones, tahlets and laptops released through this year being equipped with Wi-Fi 6 connectivity.

The first of these is Deutsche Telekom who have poised to release in to the German market a unit that will be typically supplied to a household signing up for fixed broadband Internet offered by that telco. This unit, known as the Speedport Smart 4 Plus is equipped with Wi-Fi 6 and will be about providing this technology in a turnkey manner to a home Internet service customer. It is ready to be launched at the IFA 2020 trade fair at Berlin in September.

The other is Linksys who have offered the MR7350 broadband router through retail channels for USD$149. It is rated as an AX1800 unit which will provide an average throughput for a Wi-Fi 6 router. But it is able to be part of Linksys’s Intellignent Mesh distributed-Wi-Fi setup, thus allowing you to expand your network’s Wi-Fi range when teamed with a compatible Linksys Wi-Fi router.

Engadget’s review described the Linksys MR7350 router as being fit for starting a Wi-Fi 6 network to cover an average-sized apartment or townhome unit. It can also be seen as an affordable infill access point for a Linksys Intelligent Mesh distributed-Wi-Fi setup, especially if you decide to put a better router from that product range as the Internet edge of your home network.

But what I am pleased about these devices is that they are an effort to bring Wi-Fi 6 (802.11ax) technology in to most home networks. These efforts may be continued on by other carriers, and home-network equipment manufacturers.

Send to Kindle

Make VPN, VLAN and VoIP applications easy to set up in your network

Draytek Vigor 2860N VDSL2 business VPN-endpoint router press image courtesy of Draytek UK

Routers like the Draytek Vigor 2600N which support VPN endpoint and IP-PBX functionality could benefit from simplified configuration processes for these functions

Increasingly, the virtual private network, virtual local-area network and IP-based voice and video telephony setups are becoming more common as part of ordinary computing.

The VPN is being seen as a tool to protect our personal privacy or to avoid content-blocking regimes imposed by nations or other entities. Some people even use this as a way to gain access to video content available in other territories that wouldn’t be normally available in their home territory. But VPNs are also seen by business users and advanced computer users as a way to achieve a tie-line between two or more networks.

The VLAN is becoming of interest to householders as they sign up to multiple-play Internet services with at least TV, telephony and Internet service. Some of the telcos and ISPs are using the VLAN as a way to assure end-users of high quality-of-service for voice or video-based calls and TV content made available through these services.

AVM FRITZ!Box 3490 - Press photo courtesy AVM

… as could the AVM Fritz!Box routers with DECT base station functionality

It may also have some appeal with some multiple-premises developments as a tool to provide the premises occupiers access to development-wide network resources through the occupiers’ own networks. It will also appeal to public-access-network applications which share the same physical infrastructure as private networks such as FON-type community networks including what Telstra and BT are running.

VoIP and similar IP-based telecommunications technologies will become very common for home and small-business applications. This is driven by incumbent and competing telecommunications providers moving towards IP-based setups thanks to factors like IP-driven infrastructure or a very low cost-of-entry. It also includes the desire to integrate entryphone systems that are part of multi-premises buildings in to IP-based telecommunications setups including the voice-driven home assistants or IP-PBX business-telephony setups.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

A device like the Amazon Echo could be made in to a VoIP telephone through an easy-to-configure Alexa Skill

In the same context, an operating-system or other software developer may want to design a “softphone” for IP-based telephony in order to have it run on a common computing platform.

What is frustrating these technologies?

One key point that makes these technologies awkward to implement is the configuration interface associated with the various devices that benefit from these technologies like VPN endpoint routers or IP-based telephony equipment. The same situation also applies if you intend to implement the setup with multiple devices especially where different platforms or user interfaces are involved.

This kind of configuration also increases the chance of user error taking place during the process which then leads to the setup failing with the user wasting time on troubleshooting procedures to get it to work. It also makes the setup process very daunting for people who don’t have much in the way of IT skills.

For example, you have to complete many steps to enrol the typical VPN endpoint router with a consumer-facing privacy-focused VPN in order to assure network-wide access to these VPNs. This involves transcribing configuration details for one of these VPNs to the router’s Web-based management interface. The same thing also applies if you want to create a VPN-based data tie-line between networks installed at two different premises.

Similarly, IP-based telephony is very difficult to configure with customers opting for pre-configured IP telephone equipment. Then it frustrates the idea of allowing a customer to purchase equipment or software from different resellers thanks to the difficult configuration process. Even small businesses face this same difficult whether it is to add, move or remove extensions, create inter-premises tie-lines or add extra trunk lines to increase call capacity or provide “local-number” access.

This limits various forms of innovation in this space such as integrating a building’s entryphone system into one’s own telephone setup or allowing Skype, Facebook Messenger, WhatsApp or Viber to permit a business to have a virtual telephone link to their IP-telephony platforms.

It also limits the wide availability to consumers and small businesses of “open” network hardware that can answer these functions. This is more so with VPN-endpoint routers or routers that have IP-based telecommunications functionality which would benefit from this kind of simplified configuration process.

What can be done?

A core requirement to enable simplified provisioning of these technologies is to make use of an XML-based standard configuration file that contains all of the necessary configuration information.

It can be transferred through a download from a known URL link or a file that is uploaded from your computing device’s local file system. The latter approach can also apply to using removable storage to transfer the file between devices if they have an SD-card slot or USB port.

Where security is important or the application depends on encryption for its operation, the necessary binary public-key files and certificates could be in a standard form with the ability to have them available through a URL link or local file transfer. It also extends to using technologies based around these public keys to protect and authenticate the configuration data in transit or apply a digital signature or watermark on the configuration files to assert their provenance.

I would also see as being important that this XML-based configuration file approach work with polished provisioning interfaces. These graphically-rich user interfaces, typically associated with consumer-facing service providers, implement subscription and provisioning through the one workflow and are designed to he user-friendly. It also applies to achieving a “plug-and-play” onboarding routine for new devices where there is a requirement for very little user interaction during the configuration and provisioning phase.

This can be facilitated through the use of device-discovery and management protocols like UPnP or WSD with the ability to facilitate the upload of configuration files to the correct devices. Or it could allow the creation and storage of the necessary XML files on the user’s computer’s local storage for the user to upload to the devices they want to configure.

Another factor is to identify how a device should react under certain situations like a VPN endpoint router being configured for two or more VPNs that are expected to run concurrently. It also includes allowing a device to support special functions, something common in the IP-based telecommunications space where it is desirable to map particular buttons, keypad shortcodes or voice commands to dial particular numbers or activate particular functions like door-release or emergency hotline access.

Similarly, the use of “friendly” naming as part of the setup process for VLANs, VPNs and devices or lines in an IP-telephony system could make the setup and configuration easier. This is important when it comes to revising a configuration to suit newer needs or simply understanding the setup you are implementing.

Conclusion

Using XML-based standard provisioning files and common data-transfer procedures for setup of VLAN, VPN and IP-based-telecommunications setups can allow for a simplified setup and onboarding experience. It can also allow users to easily maintain their setups such as to bring new equipment on board or factor in changes to their service.

Send to Kindle

Wi-Fi 6 is here for certain

Articles

TP-Link Archer AX6000 Wi-Fi 6 broadband router product picture courtesy of TP-Link USA

TP-Link Archer AX6000 Wi-Fi 6 broadband router – an example of a Wi-Fi 6 router

Wi-Fi 6: Better, faster internet is coming — here’s what you need to know | CNet

Should You Upgrade to Wi-Fi 6? | PC Mag

Previous Coverage

New nonenclature for Wi-Fi wireless networks

What will 802.11ax Wi-Fi wireless networking be about?

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi CERTIFIED 6™ delivers new Wi-Fi® era (Prress Release)

Wi-Fi CERTIFIED 6™ delivers new Wi-Fi® era {Product Page)

My Comments

The Wi-Fi Alliance have started this week to certify devices as to whether they are compliant to the new Wi-Fi 6 (802.11ax) wireless-network standard. This effectively means that this technology will be ready for prime time.

But what will it offer?

NETGEAR Orbi with Wi-Fi 6 press picture courtesy of NETGEAR

NETGEAR Orbi Wi-Fi 6 – the first distributed Wi-Fi setup with Wi-Fi 6 technology

Wi-Fi 6 will offer a theoretical data throughput of 10Gbps which is 30% faster than Wi-Fi 5 setups. There will also be the ability for one access point or route to support many Wi-Fi client devices at once thus preventing that device from being “oversubscribed” and underperforming when many devices come on board. It answers a common situation where a small network that is typically served by one Wi-Fi router ends up having to support multiple Wi-Fi client devices like laptops, smartphones, smart speakers of the Amazon Echo kind, and set-top devices for streaming video. It is facilitated through the use of a higher-capacity MU-MIMO technology.

In addition, the Wi-Fi 6 routers and access points implement OFDMA technology to share channels and use them efficiently. It will mean that multiple Wi-Fi 6 networks can coexist without underperforming which will be of benefit for apartment dwellers or trade shows and conferences where multiple Wi-Fi networks are expected to coexist.

There is also the targeted wake time feature to “schedule” use of a Wi-Fi 6 network by battery-operated devices. This will allow them to know when to send data updates to the network especially if they don’t change status often, which will benefit “Internet-of-Things” devices where there is the desire to run them for a long time on commodity batteries.

A requirement that will be placed on Wi-Fi 6 devices is to support WPA3 security for their network security standard. It is to improve the expectation upon these devices for a secure Wi-Fi network.

At the moment, routers and access points based on Wi-Fi 6 will be positioned at the premium end of the market and be typically targeted towards “be first with the latest” early adopters. But over the next year or two, the market will settle out with devices at more affordable price points.

Premium smartphones, tablets and laptops that are being redesigned from the ground up with new silicon will end up with Wi-Fi 6 network interface chipsets. This will apply to the Samsung Galaxy S10 family, computers based on Intel Ice Lake CPUs and the Apple iPhone 11 family. As well, some network-hardware vendors are offering add-on Wi-Fi 6 network adaptors that plug in to your laptop computer’s USB port to enable it for the new technology.

At the moment, if you are running a network with a Wi-Fi 5 access point or router that is serving devices based on Wi-Fi 4 (802.11n) and Wi-Fi 5 (802.11ac) technology, you don’t need to upgrade the access point or router yet.

But if you have to replace that device due to the existing unit dying or you intend to set up a new Wi-Fi network, it may be worth investigating the purchase of network infrastructure equipment based on Wi-Fi 6.

You will also find that each device will be provided with “best case” performance based on its technology. This means that if you install a Wi-Fi 6 access point or router on your network then subsequently sign a subsidised-equipment post-paid service contract for a smartphone with Wi-Fi 6 technology built in, the smartphone will work to Wi-Fi 6 levels while your laptop that supports Wi-Fi 5 technology works to that prior technology without impeding your smartphone’s Wi-Fi 6 functionality.

If you bought one of the earlier Wi-Fi 6 routers or distributed Wi-Fi setups which works to pre-certification standards, check your manufacturer’s site for any new firmware that will have the device working to the current specifications and upload it to your device.

Wi-Fi 6 wireless networks will become a major boon for evolving local-area networks towards higher capacity and faster throughput on wireless segments.

Send to Kindle

6GHz Wi-Fi technology moving towards room-by-room Gigabit Wi-Fi

Article

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

Distributed Wi-Fi setups like this NETGEAR Orbi will be heading towards the Gigabit Wi-Fi goal on the 6GHz waveband

ARRIS: How 6 GHz Wi-Fi will revolutionise the connected home | Wi-Fi Now

My Comments

ARRIS who make home-network equipment for the American market, are pushing the idea that the 6 GHz Wi-Fi network is a major evolution for the home network.

This is coming about due to various national government departments who have oversight over radiocommunications use within their jurisdiction working on regulatory instruments to open up unlicensed low-power indoor use of the 6 GHz radio waveband. Such regulation is expected to be passed by the FCC in the US by mid-year 2020 and OFCOM in the UK by 2021 with other jurisdictions to follow suit over the next few years.

It will open up seven new 160MHz channels for the Wi-Fi 6 technology with the feasibility to open up a Gigabit Wi-Fi network. This is expected to lead to the evolution of the self-configuring distributed Wi-Fi setup with a Gigabit Wi-Fi backbone plus each access point offering a 160MHz Wi-Fi 6 channel alongside support for low-power narrower-bandwidth 2.4GHz and 5GHz channels for legacy equipment.

There will be the implementation of Wi-Fi EasyMesh and Wi-Fi EasyConnect standards to permit secure setup and an open-frame heterogenous distributed-wireless network.

One limitation I do see confronting this ideal that Arris put forward is the short-wavelength Wi-Fi backbone which can be a hindrance with certain building materials and construction approaches like double-brick walls. There will also be the requirement to run many access points to make sure the average home is covered properly. Here, the wired backbone whether “new wires”  like Ethernet or “no new wires” like HomePlug AV2 powerline or MoCA TV-antenna coaxial still has toe be considered for a multiple-access-point network.

ARRIS was even positioning for the evolution of the distributed Wi-Fi network to have each room with its own access-point node capable of yielding Gigabit bandwidth. They also put forward ideas like having these access points mounted on the ceiling. But I would also prefer the idea of a normally-sessile endpoint device like a network printer, Amazon-Echo-style smart speaker or a smart TV being its own access point that is part of the distributed Wi-Fi network. It then avoids the need to equip a room with an extra access point if you are intending to have this kind of device in that room.

The use of Wi-Fi 6 technologies will also be about working with environments that are congested as far as Wi-Fi wireless networking is concerned. These environments like multiple-premises buildings, airports or hotels are likely to have many Wi-Fi devices operating on many Wi-Fi networks which with prior technologies leads to poor performance especially on the throughput and latency side.

It may have to take a few years for the Wi-Fi wireless network to hit the Gigabit throughput mark as the 6 GHz band opens up and more access-point and client devices come on the market.

Send to Kindle

20 Years of Wi-Fi wireless

From the horse’s mouth

Wi-Fi Alliance Wi-Fi Alliance 20th anniversary logo courtesy of Wi-Fi Alliance

20 Years of Wi-Fi (Press Release)

My Comments

“Hey, what’s the Wi-Fi password here?”. This is a very common question around the home as guests want to come on to your home network during their long-term visit to your home. Or one asks the barista or waiter at the cafe “Do you have Wi-Fi here?” with a view to some free Internet use in mind.

“What’s the Wi-Fi password?”

It is brought about by Wi-Fi wireless-network technology that has become a major lifestyle changer over the last 20 years. This has been propelled in the early 2000s with Intel advancing their Centrino Wi-Fi network-interface chipset which put forward the idea of highly-portable computing.

Dell XPS 13 9380 lifestyle press picture courtesy of Dell Corporation

The laptop like this Dell XPS 13 – part of the Wi-Fi lifestyle

The laptop computer, mobile-platform tablet and smartphone benefited from Wi-Fi due to their inherently-portable nature. This effectively allowed for “anywhere anytime” online work and play lifestyle including using that iPad or smartphone as a second screen while watching TV. Let’s not forget the use of Internet radios, network-based multiroom audio setups and those smart speakers answering you when you speak to them.

“Do you have free Wi-Fi here?”

Over the years there has been incremental improvements in bandwidth, security and quality-of-service for Wi-Fi networks both in the home and the office. Just lately, we are seeing home networks equipped with distributed Wi-Fi setups where there are multiple access-point devices working with a wired or wireless backhaul. This is to assure full coverage of our homes with Wi-Fi wireless signals, especially as we face different floorplans and building-material types that may not assure this kind of coverage.

But from this year onwards, the new Wi-Fi network will be based on WI-Fi 6 (802.11ax) technology and implement WPA3-grade security. There will also be the idea of opening up the 6GHz wavebands around the world to Wi-Fi wireless-network traffic, along with having support for Internet-of-Things applications.

Telstra Gateway Frontier modem router press picture courtesy of Telstra

The Wi-Fi router – part of every household

The public-access Wi-Fi networks will be more about simple but secure login and usage experiences thanks to Wi-Fi Passpoint. This will include simplified roaming between multiple Wi-Fi public-access hotspot networks, whether this is based on business relationships or not. It will also lead to telcos using Wi-Fi networks as a method to facilitate complementary coverage for their mobile-broadband networks whether they use current technology or the new 5G technology.

What needs to happen for Wi-Fi is to see work take place regarding high-efficiency chipsets for Internet-of-Things applications where such devices will be required to run on a small number of commodity batteries for a long time. One requirement I would like to see for public-access Wi-Fi is the ability to create user-defined “secure device clusters” that allow devices in that cluster to discover each other across the same public-access network but other devices outside of the cluster can’t discover them.

So happy 20th Anniversary to the network technology that has effectively changed our online lifestyle – the Wi-Fi wireless network.

Send to Kindle

WPA3-Personal security–What does this mean for your Wi-Fi network

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Expect the next-generation Wi-Fi network to have WPA3 security

What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade | Network World

My Comments

Over the next few years, Wi-Fi routers, access points and client devices like computers and smartphones will be supporting WPA3 as a media-specific network security protocol.

At the moment, I will be focusing on the WPA3-Personal variant which is relevant to small networks like the typical home or small-business network. This kind of network security is also implemented in an increasing number of venue-based public-access networks in order to allow the venue owner to protect and authenticate the network and preserve its role as an amenity for the venue’s customers.

The WPA3-Personal network security protocol has the same method of operation as for a WPA2-Personal network. This is using a “Wi-Fi password” commonly known across all access points and client devices that use the network segment.

But it describes this “Wi-Fi password” as Simultaneous Authentication Of Equals rather than the previous Pre-Shared Key used in previous WPA-Personal implementations. It also affects how this “Wi-Fi password” is represented and encrypted in order to protect it against an off-site brute-force cracking attempt.

As well, each connection between the client device and the access point is encrypted in a manner unique to that connection.

The initial onboarding process will be typically based on the traditional password-entry method. But it will also implement Wi-Fi EasyConnect which uses a QR code or WPS-based push-button setup.

The Wi-Fi WPA3 security protocol may take years to become mature while a secure surefire codebase for client-side and access-point-side implementations is worked out. The initial codebase was found to have software weaknesses in the early Personal-setup implementation and is being debugged now.

A question that will be raised is whether an upgrade to WPA3 security will require new hardware for either the client device or the access point or if this can be performed using revised firmware that has the necessary software code. This may depend on whether the hardware uses a purely software-defined approach for managing its functionality.

There will be situations that will take place regarding existing equipment and WPA3-capable equipment. Here, a WPA3 client like a smartphone can work with an existing WPA2-compliant Wi-Fi network segment but not have the full benefits. Similarly, a WPA3-capable Wi-Fi network segment will need to be operated in a “transition mode” to allow existing WPA2-compliant client devices to connect. Again, this doesn’t provide all the benefits of a Wi-Fi network segment secure to WPA3 standards.

You can also work around this limitation by implementing two Wi-Fi network segments that have separate ESSIDs. One of these could be configured to work the current WPA2-Personal standard while the other is set up purely for WPA3-Personal. This practice may come in to its own if you have a Wi-Fi network using the latest standards while you maintain another using tried-and-trusted standards.

Send to Kindle

Could a logical network be a data-security attribute?

Telstra Gateway Frontier modem router press picture courtesy of Telstra

The local network created by one of these routers could be seen as a way to attest proximity or effective control of these devices

In data security, there has to be a way to attest that a user has effective control of their computing devices when they are authenticating with a device or service. Increasingly, most of us are handling two or more devices in this context such as to move data between them, use one of them as an authentication factor or to verify mutual trust between two or more people.

The logical network, also called a subnet, represents the devices connected to the same router irrespective of what media they use to connect to this network like Ethernet or Wi-Fi wireless. It is represented at Layer 3 (Network Layer) on the OSI network model stack and is represented by IP (Internet Protocol) whether version 4 or 6. Routers that implement guest or hotspot/community network functionality create a separate logical network for the guest or hotspot network.

But a hotspot network can be set up to cover a large public area like a bar or cafe’s dining room or even the whole of a hotel or apartment block. As well, if a hotspot network is properly set up for the end users’ data security, it shouldn’t be feasible to discover other devices on that same logical network. This is thanks to IP-based isolation functionality that the router that serves the hotspot offers.

Here, the existence of devices on the same logical network can be used as a way to attest proximity of these devices or to attest effective control over them.

Use cases

Enhanced two-factor authentication

Increasingly, most of us who implement two-factor authentication use an app on a smartphone to provide the random key number that confirms what we have along with what we know. But in a lot of situations, we have the smartphone and the computer we want to use to gain access to the resources existing on the same network. This may be our home or business network, a public-access hotspot or tethering our laptop to a smartphone for Internet access via the mobile network.

Having both devices on the same network could be seen as a way to assess the security level of a multifactor authentication setup by assessing the proximity of the devices to each other. It is more so if the devices are communicating to each other behind the same Wi-Fi access point or Ethernet switch. This concept would be to prove that both devices are effectively being controlled by the same user.

It can also work as an alternative to Bluetooth or NFC as a device-to-device link for a transcription-free multi-factor authentication setup if you are thinking of two devices that are able to connect to a network via Wi-Fi. This is more so where the issue of phishing of multi-factor authentication setups involving the transcription of a one-time passcode has been raised.

Discovery of devices in the same network

The same concept can also be examined in the context of interlinking between devices that exist on the same network or even determining one’s “home” domain in the context of AV content rights. In some ways, the concept could also be about tokenised login for online services where a user’s credentials are held on one device like a smartphone but a session-based token is passed to another device like a set-top box to facilitate login from that device.

It is a practice that has been used with UPnP and Bonjour technologies primarily for device and content discovery. The most obvious situation would be to use Apple AirPlay or Google Chromecast to throw content to the big screen from a compatible mobile device. It also works in the same context when you set up and use a network-based printer from your computer or smartphone.

Across-the-room discovery and mutual-user authentication

Another use case this concept can apply to is “across-the-room” device discovery and mutual-user authentication. This would be used for data transfer, social networks or online gaming where you intend to share a resource with someone you talked with, invite them as a friend / follower in a social network or engage them in an online game.

Proof of presence at a particular location

Use of a logical network’s attributes can be a tool for proving one’s presence at a particular location. This is more so where the Internet service for that network is being provided using a wired-broadband or fixed-wireless-broadband approach for its last-mile, like with most home and business networks. It may not work with “Mi-Fi” setups where a mobile broadband network is being implemented for the last-mile connection.

Here, it could be used for time-and-attendance purposes including “proof of presence” for home-based carers. Or it could be used to conditionally enable particular functionality like app-based on-premises food-and-beverage ordering at a venue. To the same extent, it could be used to protect delivery services against orders that were instigated at one location being sent to another location.

Methods

Both devices existing on the same network

In a premises-specific network like most small networks, testing that both devices are on the same subnet / logical network behind the same gateway device (router) could be a way to attest that both devices are in the same premises. The same test can be performed by the use of a “hop count” on Layer 3 of the OSI network-layer tree, which also determines the number of logical networks passed.

It is a method used with a wide range of network-based AV and printing applications to constrain the discovery and control of devices by controller software to what is local to you.

But assessing whether the two devices are connecting to the same access point on a Wi-Fi network can be used to attest whether both devices are in the same room in a large Wi-Fi setup. It may not work in a network setup where different devices connect to a network using different connection media like Ethernet, Wi-Fi Wireless or HomePlug powerline. This also includes situations where multiple access points cover the same room or floor such as with large rooms or open-plan areas.

Another approach that can be used for Wi-Fi hotspot networks honouring the Hotspot 2.0 / Passpoint setup would be to read the “venue” metadata for that network and compare whether both devices are in the same venue. If this technology is able to support subdividing of a logical venue such as based on floors or rooms, this could work as a way of further attesting whether both devices are in close proximity.

A Wi-Fi wireless network can be attested through the use of the BSSID which identifies the same access point that the devices are connecting through or the ESSID which is the network’s “call sign”. The BSSID could be used for a public hotspot network including a “hotzone” network ran by a local government or ISP,or a large network that uses many access points while the ESSID approach could be used simply for a small network with a few access points.

Trusted networks with authentication certificates

On the other hand, there could be the concept of creating “trusted networks” where authentication certificates relating to the network are stored in the network’s gateway device or in infrastructure devices associated with that network. It could be used to work against man-in-the-middle attacks as well as a stronger approach to attesting trust between the client device and the network it proposes to access.

The initial appeal for this concept could be to attest the authenticity of a business’s network especially in the face of business partners or customers who want to use that network as a gateway to the Internet or use the host business’s resources.

It could have some appeal to the food, beverage and hospitality industry where particular cafes and bars are often seen by individuals and workgroups as favoured hangouts. In this context, if an individual wants to use the Wi-Fi public-access network in their favourite “watering hole” or “second office”, the “trusted network” approach can be used to verify to the customer that they have connected to the venue’s network at the venue to avoid “man-in-the-middle” attacks.

This approach is being implemented with the Wi-Fi Passpoint / Hotspot 2.0 technology to provide for the simple yet secure public-access Wi-Fi network.

The same approach can be used with a home network if the router can store data like digital certificates in onboard non-volatile memory. Then this data could be created by the ISP as a “known trusted network” with a network-specific certificate relating to the router and network equipment. Such a service could be offered by an ISP as a value-added service especially to cater for “proof-of-presence” applications.

Conclusion

Using a logical network as a data-security attribute can be effective as a security tool for some use cases. With current network equipment, this can be a surefire way of assessing device proximity.to other devices. But use of certificates stored on network-infrastructure devices like routers and provided by ISPs or similar entities can be of use for authenticated-network or proof-of-presence applications.

Send to Kindle

NETGEAR to offer one of the first Wi-Fi 6 distributed-wireless setups

Article NETGEAR Orbi with Wi-Fi 6 press picture courtesy of NETGEAR

Netgear takes its Orbi mesh Wi-Fi system to the next level with Wi-Fi 6 | PC World

From the horse’s mouth

NETGEAR

LEADING A NEW ERA OF WI-FI, NETGEAR ANNOUNCES ORBI MESH WI-FI SYSTEM USING WI-FI 6 SPECIFICALLY DESIGNED FOR THE GIGABIT INTERNET HOME (Press Release)

Product Page

My Comments

As Wi-Fi 6 (802.11ax) wireless networking comes to the fore, there will be a desire to see distributed-wireless-network systems that support this technology. Here it’s about being able to support many Wi-Fi client devices like laptops, tablets and smartphones along with devices that are designed “Wi-Fi first” including smart-home devices.

NETGEAR have started to refresh the Orbi distributed Wi-Fi system by making a new version that supports this new technology as part of the product lineup they are premiering in Las Vegas at this year’s Consumer Electronics Show. It uses the separate radio backhaul that their Orbi system is know for, thus avoiding a dent in performance that can be brought about with systems that use the main “fronthaul” Wi-Fi segment for their backbone data transfer.

But it uses four data streams across the dedicated Wi-Fi 6 backhaul to allow high-speed high-capacity data transfer. It is in addition to four concurrent data streams on the 2.4GHz band and four concurrent data streams on the 5GHZ band for the client devices to use. The system is powered by Qualcomn networking system-on-chip silicon that allows for the higher data throughput.

It is expected to appear during the second half of 2019, primarily as an updated take of the RBK50 wide-coverage devices. A question that will perplex those of us who have an Orbi distributed-Wi-Fi setup is whether the existing Orbi equipment will work with the newer Wi-Fi 6 Orbi devices.

This is more so where smaller or specialised Orbi satellite modules like the RBS50 Orbi Outdoor Satellite unit or the Orbi Voice which is a combination of a satellite unit and Amazon-Alexa-driven smart speaker are part of your Orbi setup. Or you like the idea of “pushing down” existing equipment to secondary purposes so you get more value out of the equipment you own.

What is being highlighted is the idea of using Wi-Fi 6 as a future-proof approach for wireless local networking, including distributed- Wi-FI setups.

Send to Kindle

Staff panic buttons to drive networks to handle the Internet of Things

Article

Ekahau Wi-Fi Pager Tag panic button

Emergency-alert buttons like this Ekahau Wi-Fi name-tag panic-button setup will be influencing network architecture for the Internet Of Things

The Hotel Panic Button Could Redefine Hospitality Networking | IoT World Today

My Comments

In some workplaces where staff work alone at night or other times where they are in danger, portable emergency-call buttons are often used. Initially they were the same size as an older garage-door opener but they are becoming the size of a pendant, badge or fob. As well, rather than these devices lighting up a separate alert panel, they light up a message or “throw up” a map with an indicator on a regular computer running building-security software to show where the danger is.

Initially, they were being positioned for very-high-risk workplaces like psychiatric care or the justice and allied settings. But other workplaces where staff work alone are seeing these devices as an important safety measure, usually due to various occupational health-and-safety requirements.

For example, hotels in the USA are moving towards having Housekeeping staff use these devices in response to workplace agreements, industry safe-work safe-premises initiatives or city-based legal requirements. But these systems are being required to work in conjunction with the Wi-Fi networks used by staff and guests for business and personal data transfer.

A device of the kind that I had covered previously on HomeNetworking01.info was the Ekahau Real Time Location System. This was a pendant-style “panic-button” device, known as the T301BD Pager Tag which had an integrated display and call button. It also had a setup that if the tag was pulled at the nexkstrap, it would initiate an emergency response.  I also wrote an article about these Ekahau devices being deployed in a psychiatric hospital as a staff emergency-alert setup in order to describe Wi-Fi serving a security/safety use case with the home network.

This application is being seen as a driver for other “Internet-of-Things” and smart-building technologies in this usage case, such as online access-control systems, energy management or custom experiences for guests. As I have said before when talking about what the smart lock will offer, the hotel may be seen as a place where most of us may deal with or experience one or more of the smart-building technologies. Also I see these places existing as a proving ground for these technologies in front of many householders or small-business owners who will be managing their own IT setups.

One of the issues being drummed up in this article is quality-of-service for the Internet Of Things whereupon the device must be able to send a signal from anywhere on the premises with receiving endpoints receiving this signal with no delay. It will become an issue as the packet-driven technologies like the Internet replace traditional circuit-based technologies like telephone or 2-way radio for signalling or machine-to-machine communication.

The hotel application is based around the use of multiple access points, typically to provide consistent Wi-Fi service for staff and guests. Such a setup is about making sure that staff and guests aren’t out of range of the property’s Wi-Fi network and the same quality of service for all network and Internet use cases is consistent throughout the building. Here, concepts like mesh-driven Wi-Fi, adaptive-antenna approaches, load-balancing and smart smooth roaming are effectively rolled in to the design of these networks.

Wi-Fi access points in the smart-building network will also be expected to serve as bridges between IP-based networks and non-IP “Internet-of-Things” networks like Bluetooth Low Energy (Bluetooth Smart), Zigbee, Z-Wave or DECT-ULE. These latter networks are pushed towards this application class due to the fact that they are designed to support very long battery runtimes on commodity batteries like AA Duracells or coin-style watch batteries. There will be an emphasis on localised bridging and the IP-network-as-backbone to provide better localisation and efficient operation.

These systems are being driven towards single-screen property-specific dashboards where you can see the information regarding the premises “at a glance”. I would reckon that operating-system-native applications and, perhaps, Progressive Web App versions will also be required to use operating-system-specific features like notification-panels to improve their utility factor in this context.

As far as the home network is concerned, I do see most of these technological concepts being rolled out to the smart home with an expectation to provide a similar service for householders and small businesses. This is more important as ISPs in competitive markets see the “Internet of Things” and improved Wi-Fi as a product differentiator.

The use of multiple Wi-Fi access points to cover an average home being made real for a home network thanks to HomePlug wireless access points, Wi-Fi range extenders and distributed-Wi-Fi systems that will bring this kind of localised Wi-Fi to the smart home. Typically this is to rectify Wi-Fi coverage shortcomings that crop up in particular architecture scenarios like multi-storey / split-level premises and use of building materials and furniture that limit RF throughput. It is also brought about thanks to the use of higher-frequency wavebands like 5GHz as Wi-Fi network wavebands.

There will be an industry expectation to require access points and similar devices to provide this kind of “open-bridging” for Internet-of-Things networks. This is more so where battery-operated sensor or controller devices like thermostatic radiator valves and smart locks will rely on “low-power” approaches including the use of Zigbee, Z-Wave or similar network technology.

It will also be driven typically by carrier-supplied routers that have home-automation controller functionality which would work with the carrier’s or ISP’s home-automation and security services.

To the same extent, it may require “smart-home / building-automation” networks to support the use of IP-based transports like Wi-Fi, HomePlug and Ethernet as an alternative backhaul in addition to their meshing or similar approaches these technologies offer to extend their coverage.

In some cases, it may be about Zigbee / Z-Wave setups with very few devices located at each end of the house or with devices that can’t always be “in the mesh” for these systems due to them entering a “sleep mode” due to inactivity, or there could be the usual RF difficulties that can plague Wi-Fi networks affecting these technologies.

DECT-ULE, based on the DECT cordless-phone technology and is being championed by some European technology names, doesn’t support meshing at all and IP-based bridging and backhauls could work as a way to extend its coverage.

Such situation may be rectified by access points that use a wired backbone like Ethernet or HomePlug powerline.

In the context of the staff panic button use-case, it will roll out to the home network as part of a variety of applications. The common application that will come about will be to allow the elderly, disabled people, convalescents and the like who need continual medical care to live at home independently or with support from people assuming a carer role.

This will be driven by the “ageing at home” principle and similar agendas that are being driven by the fact that people born during the post-war baby boom are becoming older as well as the rise of increased personal lifespans.

Similarly, this application may also be underscored as a security measure for those of us who are concerned about our loved ones being home alone in a high-risk environment. This is more so in neighbourhoods where the risk of a violent crime being committed is very strong.

But I would see this concept work beyond these use cases. For example, a UK / European central-heating system that is set up with each radiator equipped with a “smart” thermostatic radiator valve that is tied in with the smart-home system. Or the use of many different control surfaces to manage lighting, comfort and home-entertainment through the connected home. This is something that will rise up as most of us take on the concept of the smart home as the technology standardises and becomes more affordable.

What is being highlighted is the requirement for high quality-of-service when it comes to sending “Internet-of-Things” signalling or control data as our networks become more congested with more gadgets. Similarly, it is about being able to use IP-based network technology as a backhaul for non-IP network data that is part of the Internet-of-Things but providing the right kind of routing to assure proper coverage and quality-of-service.

Send to Kindle