Network Management Archive

Multi-gigabit wired network connections for small networks could be real

Articles

WD MyNet Switch rear Ethernet connections

The next affordable unmanaged Ethernet switch will soon appear as a multi-gigabit type

The cheapest multi-gigabit switches (2.5G, 5, & 10Gbps) you can buy now – Affordable 10GbE & 2.5GbE networking | Just Android (UK)

My Comments

A trend that is starting to appear is the increased availability of multi-gigabit wired network hardware at reasonable prices. This is a trend that will continue to appear over the next few years.

Examples of this include affordable PCI Express network interface cards for traditional desktop computers and USB3 Ethernet adaptors that support 2.5Gb network speeds.These will use Category 5 cable and RJ45 modular plugs.

It also extends to standard-form-factor motherboards for “three-box” desktop computers being pitched at the performance end of the market being equipped with multi-gigabit Ethernet connections.

As well, newer high-end Synology and QNAP network-attached-storage units are being equipped with the ability for users to upgrade their device’s network connection to 2.5Gb Ethernet at a reasonable price. This is in conformance with the way Synology and QNAP are designing their NAS units to be computers in their own right.

Let’s not forget that some affordable Ethernet switches are appearing with at least one 2.5Gb Ethernet connection like this 5-port unmanaged unit from QNAP. The use of extant Category 5 cabling infrastructure for a 2.5Gb Ethernet run means that you don’t have to pull new cabling through to upgrade an existing “wired-for-Ethernet” installation to that speed.

Of course the 10Gb idea will be seen as more expensive because of the use of newer cable types that support the higher bandwidth. A cabling upgrade of this kind can be done to an existing “wired-for-Ethernet” setup with the legacy cable being used to pull the newer cable type through. This avoids the need to drill through walls to replace new cable.

What do I see as driving the takeup of multiple-gigabit Ethernet networks for home and small business use?

One of these trends is Wi-Fi 6 wireless networks having the possibility of multiple-gigabit speeds. Here, you could use high-performance Wi-Fi 6 access points, including distributed-wireless systems supporting that technology, with a multi-gigabit Ethernet as a wired-network backhaul for those access points. This is especially if you want stable operation from a multi-AP Wi-Fi 6 network.

As well, some countries and neighbourhoods are laying the groundwork for high-speed Internet. This is through strong efforts to increase the penetration of fibre-optic next-generation broadband infrastructure through a neighbourhood, with cities and towns wanting to claim bragging rights to “Gigabit City” or “Gigabit Town” titles. That is where every household or business has the ability to have Internet bandwidth of at least 1Gbps.

The bar for these communities will then be raised to multiple-gigabit levels through “in-rack” upgrades done to existing fibre-optic networks. This is where a network is upgraded simply with the upgrading of network infrastructure electronics that exists in the equipment racks at ISP central offices, headends and exchanges. It is rather than rolling out trucks and digging up roads to pull new fibre-optic cable through a neighbourhood.

Another is the increased ubiquity of 4K UHDTV with an increased number of affordable sets with the right screen size pitched for the entry-level or  secondary-lounge-area/bedroom use appearing on the market. It would lead to multiple 4K UHDTV sets being installed around a house. This is underscored by an increased number of video-on-demand services delivering 4K UHDTV content with reasonable subscription prices in the case of SVOD services. This will lead to concurrent viewing of 4K video content in multiple-adult households.

Infact the multiple-adult household is being seen as the norm especially in urban areas where land prices are increasing rapidly. This is because housing, whether to own or rent, will become very expensive for a young couple in these areas. Similarly, there is the appeal of multiple-generation living with a family living with their older parents. It facilitates the concept of “ageing at home” which avoids the need for older parents who need extra care being sent to questionable aged-care facilities.

Another key driver is the rise of content creators working from home with their jobs involving large files. Examples of this would include video content with a resolution of 4K or higher, or multichannel / multitrack sound mixes. Such users, especially those who work for themselves on a “job-by-job” basis or use this to support a hobby or other endeavour are now considered a key market segment for personal IT. As well, it is even driven by the COVID-19 pandemic which has had us work from home more.

What will hinder the takeup of this kind of connection

At the moment, the main hindrance to multiple-Gigabit wired Ethernet being ubiquitous is the current-generation Internet connection offered to most people. This includes the routers, modems and other equipment installed at the customers’ premises.

As well, use cases associated with multiple-gigabit Ethernet need to be demonstrated to the greater populace in order to justify this concept. This may be about including a higher-throughput backbone for Wi-Fi 6 distributed-Wi-Fi applications, having a network that handles multiple 4K UHDTV streams or simply being ready for higher-bandwidth broadband Internet service.

How should you go about this kind of upgrade?

A content professional, whether working for someone else or running their own shop, would justify this kind of network. It is more so where large multimedia files are the norm for the work. This can also extend to other professionals like architects and designers who are dealing with large files.

But it can be seen as a long-term wired-network upgrade goal especially if you are wanting to create a high-speed trunk link between multiple network-device clusters. This can be facilitated with a single few-port multiple-gigabit switch at the “hub” of your home network and a few Gigabit Ethernet switches which have one multiple-Gigabit Ethernet socket on them at each “branch” of the network. Here, this creates a “data freeway” between the different clusters. Even if you start out with the single few-port multiple-gigabit switch at the hub of your home network’s wired Ethernet segment, it will be about the switch creating its own “high-performance data freeway” within itself.

Such a setup can also come in to its own if you are upgrading a Wi-Fi 6 network to access points that are capable of using that kind of connection for a wired-backhaul option.

The 10 Gigabit tecbnology will also appeal to people who are considering an optical-fibre LAN link like a robust link between a house and an outbuilding. Here, such a link will satisfy future needs and avoid the problem of an inter-building link becoming unstable due to weather conditions. Such links could go up to 300 metres for multimode fibre or 40 kilometres for single-mode fibre which is more costly.

Conclusion

The idea behind the affordable multi-gigabit Ethernet technology for local area networks is to provide an upgrade path for wired network infrastructure to support higher bandwidth. It is more useful as a long-term upgrade approach or whenever you are dealing with many large files.

Send to Kindle

AVM moves towards value-priced Wi-Fi 6 with the FritzBox 7530 AX

Article – German Language / Deutsche Sprache

AVM FritzBox 7530 press image courtesy of AVM GmBH

AVM to launch the Wi-Fi 6 version of the FritzBox 7530 modem router in Germany as the FritzBox 7530 AX – an affordable Wi-Fi 6 option

AVM Fritz!Box 7530 AX kann vorbestellt werden | Caschy’s Blog

Das ist die neue AVM Fritz!Box 7530 AX | Caschy’s Blog

My Comments

This year is being the year where some home-network hardware manufacturers are offering Wi-Fi routers equipped with Wi-Fi 6 to the mainstream user segment. This includes some of these devices being offered either at an affordable price or as carrier-supplied equipment when you sign up to Internet service. As well some of the devices being offered are infact modem routers that have an integrated modem for the broadband service.

Now AVM has joined the party by offering the FritzBox 7530 AX home Internet gateway router initially to the German market. This unit, which will retail there from 1 September for approximately EUR€169 is based on the FritzBox 7530 modem-router family.

But its Wi-Fi access point is compliant to Wi-Fi 6 (IEEE 802.11ax) wireless-networking standards and uses a 2-stream approach for each waveband. This means it will offer 1200Mb/s data transfer speed on the 5GHz waveband and 600Mb/s on the legacy 2.4GHz waveband. It has a VDSL modem along with the ability to have one of the four Gigabit Ethernet LAN ports as a WAN (Internet service) port for fibre-optic connectivity.

There is VoIP capability with a built-in analogue telephony adaptor for legacy handsets along with a DECT base station for DECT cordless handsets. It supports DECT-ULE-based home automation with a primary intention to work with AVM’s DECT-ULE home-automation devices, namely their smart plugs and thermostatic radiator valves.

Of course, there will be the secure reliable home-network expectations that AVM is know for. This includes keeping these devices automatically updated with the latest firmware, something that was considered out of the ordinary for this class of device.

What is being highlighted is the idea of more companies providing Wi-Fi 6 as part of a commodity-priced home-network router, which will lead to this wireless-network technology becoming more ubiquitous.

Send to Kindle

Wi-Fi EasyMesh acquires new features in its second release

Articles – From the horse’s mouth

Telstra Smarty Modem Generation 2 modem router press picture courtesy of Telstra

Telstra Smart Modem Generation 2 – the first carrier-supplied modem router to be certified as compatible with Wi-Fi EasyMesh

Wi-Fi Alliance

Wi-Fi CERTIFIED EasyMesh™ enables self-adapting Wi-Fi® (Press Release)

Wi-Fi CERTIFIED EasyMesh™ update: Added features for operator-managed home Wi-Fi® networks {The Beacon blog post)

Technicolor

white-label manufacturer of carrier-supplied home-network modem routers

EasyMesh R2 Will Intelligently Manage Your Home Wi-Fi (Press Release)

Previous Coverage on HomeNetworking01.info about Wi-Fi EasyMesh

Wi-Fi defines a new standard for distributed wireless netowrks

Telstra is the first telco to supply home-network hardware that supports Wi-Fi EasyMesh

My Comments

The Wi-Fi EasyMesh standard that facilitates a distributed-Wi-Fi network without the need to have all equipment from the same equipment or chipset vendor has undergone a major revision. This revision, known as Release 2, is intended to improve network management, adaptability and security as well as supporting proper VLAN / multiple-ESSID operations that is especially required with guest, hotspot and community Wi-Fi applications.

What will Release 2 offer and how will it improve Wi-Fi EasyMesh?

Standardisation of diagnostic information sharing across the network

Wi-Fi EasyMesh Release 2 will make use of the Wi-Fi Data Elements to allow the Controller device to collect statistics and diagnostic information from each access point in a uniform manner. It doesn’t matter which vendors the different equipment in the EasyMesh-compliant Wi-Fi network come from.

Here, it will benefit companies like telcos, ISPs or IT support contractors in identifying where the weaknesses are in a Wi-Fi network that they provide support for. For those of us who support our own networks, we can use the tools provided with the main Wi-Fi router to identify what is going wrong with the setup.

Improved Wi-Fi radio channel management to assure service continuity

The second release of Wi-Fi EasyMesh will offer improved channel management and auto-tuning of the access point radio transceivers. This will make sure that the Wi-Fi network is able to adapt to new changes such as newer networks being setup nearby.

It wll also be about implementing DFS to make sure that Wi-Fi networks that use the 5 GHz bands are working as good neighbours to radar installations like weather radar located nearby and using those bands. This will happen not just on initial setup of any Wi-Fi EasyMesh node but continually which will be of concern when, for example, a local meteorological authority installs a new radar-based weather station in your neighbourhood.

Increased data security for the wireless backhaul

The wireless backhaul for a Wi-Fi EasyMesh R2 network will be more secure through the use of current Wi-Fi data-security protocols like Simultaneous Authentication Of Equals. There will even be the ability to support robust authentication mechanisms and newer stronger cryptographic protocols.

It is seen as necessary because the wireless backhaul is used as the main artery to convey all the network’s traffic between the access points and the main “edge” router. This can appeal to anyone who wishes to snoop on a user’s Internet traffic; and also conveys the fact that the Wi-Fi EasyMesh network is effectively a single LAN segment where all the data for Wi-Fi client devices moves around.

Secure wireless-backhaul support for VLAN-separated data traffic

Increasingly, home-network equipment is implementing VLAN technology for a range of reasons. One of these is to facilitate triple-play services and assure quality-of-service for IPTV and IP-based telephony services offered by the telco or ISP. The other is to facilitate guest/hotspot and community networks that use the same Internet service connection but are effectively isolated from the main home or small-business network.

This release of the Wi-Fi EasyMesh standard will support these setups by configuring each node to support the multiple virtual networks including their own separate extended-service-set configurations. The wireless backhaul will also be set up to create separate “traffic lanes” for each logical network that are securely isolated from each other.

Enhanced client steering

There will be the ability to steer client devices between access points, wavebands or channels to prevent one or more of these resources from being overloaded.

For example, it could be feasible to have dual-band client devices like most laptops, tablets and smartphones work on the 5GHz band if they are dealing with multimedia while keeping the 2.4GHz band for low-traffic needs and single-band devices. Similarly, if a client device “sees” two access points equally, it could be made to use whichever one isn’t being overloaded or has the batter throughput.

Of course, the enhanced client steering will provide a seamless roaming experience similar to what happens with the cellular-based mobile telephony/broadband networks that power our smartphones. This is a feature that is of importance with any device that is highly-portable in nature like a smartphone, tablet or laptop.

Key issues that may surface with Wi-Fi EasyMesh

A key issue that may crop up with Wi-Fi EasyMesh is supporting the use of multiple backhauls across the same network and offering “true-mesh” operation rather than hub-and-spoke operation. Here, it could be about opening up options for load-balancing and increased throughput for the backhaul or providing fault-tolerance for the network.

As well, the idea of a wired backhaul implementing IEEE 1905.1 small-network management technology has to be kept in scope when designing Wi-Fi EasyMesh devices or promoting and implementing this standard. This is more so to encourage HomePlug AV2 or G.Hn powerline-network technology as a companion “wired no-new-wires” backhaul approach for deploying satellite nodes in areas where a wireless backhaul may not perform to expectation but it would be costly or unfeasible to pull Ethernet cable across the premises.

How can this be deployed with existing Wi-Fi EasyMesh networks

There are measures built in to the Release 2 specifications to permit backward compatibility with legacy Wi-Fi EasyMesh network-infrastructure devices like the Telstra Smart Modem Generation 2 that exist in the network.

As well, some vendors are taking the approach of implementing the Release 2 functionality as software form. This makes it feasible for them to bake this functionality in to a firmware update for an existing EasyMesh-compliant router or access point without the need to worry about the device’s underlying hardware.

Conclusion

I see Wi-Fi EasyMesh Release 2 as offering the chance for Wi-Fi EasyMesh to mature as a standard for distributed-Wi-Fi setups within the home and small-business user space. This release may even make it affordable for small businesses to dabble with a basic managed distributed-Wi-Fi setup due to not being required to stay with a particular vendor/

Send to Kindle

Linksys and Deutsche Telekom bring Wi-Fi 6 home networks to the mainstream

Linksys MR7350 Wi-Fi 6 Mesh Router press picture courtesy of Belkin

Linksys MR7350 Wi-Fi 6 Broadband Mesh router – the first of the affordable Wi-Fi 6 routers

Articles

Deutsche Telekom Speedport Smart 4 Plus

Telekom Speedport Smart 4 Plus mit Wi-Fi 6 steht in den Startlöchern {Telekom Speedport Smart 4 Plus with Wi-Fi 6 is in the starting blocks) | Caschy’s Blog (German language / Deutsche Sprache)

Linksys MAX-STREAM AX1800 Mesh Wi-Fi 6 Router

Linksys unveils a more affordable mesh router with WiFi 6 | Engadget

From the horse’s mouth

Linksys

Linksys Expands MAX-STREAM Mesh Router Portfolio With Its Most Affordable WiFi 6 Solution (Press Release)

MAX-Stream Mesh Wi-Fi 6 Router (MR7350) – Product Page

My Comments

Two companies have pushed Wi-Fi routers which are about bringing Wi-Fi 6 (802.11ax) technology within the reach of everyone who is establishing a home network based around a fixed broadband Internet service. This is being drawn out of necessity thanks to smartphones, tahlets and laptops released through this year being equipped with Wi-Fi 6 connectivity.

The first of these is Deutsche Telekom who have poised to release in to the German market a unit that will be typically supplied to a household signing up for fixed broadband Internet offered by that telco. This unit, known as the Speedport Smart 4 Plus is equipped with Wi-Fi 6 and will be about providing this technology in a turnkey manner to a home Internet service customer. It is ready to be launched at the IFA 2020 trade fair at Berlin in September.

The other is Linksys who have offered the MR7350 broadband router through retail channels for USD$149. It is rated as an AX1800 unit which will provide an average throughput for a Wi-Fi 6 router. But it is able to be part of Linksys’s Intellignent Mesh distributed-Wi-Fi setup, thus allowing you to expand your network’s Wi-Fi range when teamed with a compatible Linksys Wi-Fi router.

Engadget’s review described the Linksys MR7350 router as being fit for starting a Wi-Fi 6 network to cover an average-sized apartment or townhome unit. It can also be seen as an affordable infill access point for a Linksys Intelligent Mesh distributed-Wi-Fi setup, especially if you decide to put a better router from that product range as the Internet edge of your home network.

But what I am pleased about these devices is that they are an effort to bring Wi-Fi 6 (802.11ax) technology in to most home networks. These efforts may be continued on by other carriers, and home-network equipment manufacturers.

Send to Kindle

Make VPN, VLAN and VoIP applications easy to set up in your network

Draytek Vigor 2860N VDSL2 business VPN-endpoint router press image courtesy of Draytek UK

Routers like the Draytek Vigor 2600N which support VPN endpoint and IP-PBX functionality could benefit from simplified configuration processes for these functions

Increasingly, the virtual private network, virtual local-area network and IP-based voice and video telephony setups are becoming more common as part of ordinary computing.

The VPN is being seen as a tool to protect our personal privacy or to avoid content-blocking regimes imposed by nations or other entities. Some people even use this as a way to gain access to video content available in other territories that wouldn’t be normally available in their home territory. But VPNs are also seen by business users and advanced computer users as a way to achieve a tie-line between two or more networks.

The VLAN is becoming of interest to householders as they sign up to multiple-play Internet services with at least TV, telephony and Internet service. Some of the telcos and ISPs are using the VLAN as a way to assure end-users of high quality-of-service for voice or video-based calls and TV content made available through these services.

AVM FRITZ!Box 3490 - Press photo courtesy AVM

… as could the AVM Fritz!Box routers with DECT base station functionality

It may also have some appeal with some multiple-premises developments as a tool to provide the premises occupiers access to development-wide network resources through the occupiers’ own networks. It will also appeal to public-access-network applications which share the same physical infrastructure as private networks such as FON-type community networks including what Telstra and BT are running.

VoIP and similar IP-based telecommunications technologies will become very common for home and small-business applications. This is driven by incumbent and competing telecommunications providers moving towards IP-based setups thanks to factors like IP-driven infrastructure or a very low cost-of-entry. It also includes the desire to integrate entryphone systems that are part of multi-premises buildings in to IP-based telecommunications setups including the voice-driven home assistants or IP-PBX business-telephony setups.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

A device like the Amazon Echo could be made in to a VoIP telephone through an easy-to-configure Alexa Skill

In the same context, an operating-system or other software developer may want to design a “softphone” for IP-based telephony in order to have it run on a common computing platform.

What is frustrating these technologies?

One key point that makes these technologies awkward to implement is the configuration interface associated with the various devices that benefit from these technologies like VPN endpoint routers or IP-based telephony equipment. The same situation also applies if you intend to implement the setup with multiple devices especially where different platforms or user interfaces are involved.

This kind of configuration also increases the chance of user error taking place during the process which then leads to the setup failing with the user wasting time on troubleshooting procedures to get it to work. It also makes the setup process very daunting for people who don’t have much in the way of IT skills.

For example, you have to complete many steps to enrol the typical VPN endpoint router with a consumer-facing privacy-focused VPN in order to assure network-wide access to these VPNs. This involves transcribing configuration details for one of these VPNs to the router’s Web-based management interface. The same thing also applies if you want to create a VPN-based data tie-line between networks installed at two different premises.

Similarly, IP-based telephony is very difficult to configure with customers opting for pre-configured IP telephone equipment. Then it frustrates the idea of allowing a customer to purchase equipment or software from different resellers thanks to the difficult configuration process. Even small businesses face this same difficult whether it is to add, move or remove extensions, create inter-premises tie-lines or add extra trunk lines to increase call capacity or provide “local-number” access.

This limits various forms of innovation in this space such as integrating a building’s entryphone system into one’s own telephone setup or allowing Skype, Facebook Messenger, WhatsApp or Viber to permit a business to have a virtual telephone link to their IP-telephony platforms.

It also limits the wide availability to consumers and small businesses of “open” network hardware that can answer these functions. This is more so with VPN-endpoint routers or routers that have IP-based telecommunications functionality which would benefit from this kind of simplified configuration process.

What can be done?

A core requirement to enable simplified provisioning of these technologies is to make use of an XML-based standard configuration file that contains all of the necessary configuration information.

It can be transferred through a download from a known URL link or a file that is uploaded from your computing device’s local file system. The latter approach can also apply to using removable storage to transfer the file between devices if they have an SD-card slot or USB port.

Where security is important or the application depends on encryption for its operation, the necessary binary public-key files and certificates could be in a standard form with the ability to have them available through a URL link or local file transfer. It also extends to using technologies based around these public keys to protect and authenticate the configuration data in transit or apply a digital signature or watermark on the configuration files to assert their provenance.

I would also see as being important that this XML-based configuration file approach work with polished provisioning interfaces. These graphically-rich user interfaces, typically associated with consumer-facing service providers, implement subscription and provisioning through the one workflow and are designed to he user-friendly. It also applies to achieving a “plug-and-play” onboarding routine for new devices where there is a requirement for very little user interaction during the configuration and provisioning phase.

This can be facilitated through the use of device-discovery and management protocols like UPnP or WSD with the ability to facilitate the upload of configuration files to the correct devices. Or it could allow the creation and storage of the necessary XML files on the user’s computer’s local storage for the user to upload to the devices they want to configure.

Another factor is to identify how a device should react under certain situations like a VPN endpoint router being configured for two or more VPNs that are expected to run concurrently. It also includes allowing a device to support special functions, something common in the IP-based telecommunications space where it is desirable to map particular buttons, keypad shortcodes or voice commands to dial particular numbers or activate particular functions like door-release or emergency hotline access.

Similarly, the use of “friendly” naming as part of the setup process for VLANs, VPNs and devices or lines in an IP-telephony system could make the setup and configuration easier. This is important when it comes to revising a configuration to suit newer needs or simply understanding the setup you are implementing.

Conclusion

Using XML-based standard provisioning files and common data-transfer procedures for setup of VLAN, VPN and IP-based-telecommunications setups can allow for a simplified setup and onboarding experience. It can also allow users to easily maintain their setups such as to bring new equipment on board or factor in changes to their service.

Send to Kindle

Wi-Fi 6 is here for certain

Articles

TP-Link Archer AX6000 Wi-Fi 6 broadband router product picture courtesy of TP-Link USA

TP-Link Archer AX6000 Wi-Fi 6 broadband router – an example of a Wi-Fi 6 router

Wi-Fi 6: Better, faster internet is coming — here’s what you need to know | CNet

Should You Upgrade to Wi-Fi 6? | PC Mag

Previous Coverage

New nonenclature for Wi-Fi wireless networks

What will 802.11ax Wi-Fi wireless networking be about?

From the horse’s mouth

Wi-Fi Alliance

Wi-Fi CERTIFIED 6™ delivers new Wi-Fi® era (Prress Release)

Wi-Fi CERTIFIED 6™ delivers new Wi-Fi® era {Product Page)

My Comments

The Wi-Fi Alliance have started this week to certify devices as to whether they are compliant to the new Wi-Fi 6 (802.11ax) wireless-network standard. This effectively means that this technology will be ready for prime time.

But what will it offer?

NETGEAR Orbi with Wi-Fi 6 press picture courtesy of NETGEAR

NETGEAR Orbi Wi-Fi 6 – the first distributed Wi-Fi setup with Wi-Fi 6 technology

Wi-Fi 6 will offer a theoretical data throughput of 10Gbps which is 30% faster than Wi-Fi 5 setups. There will also be the ability for one access point or route to support many Wi-Fi client devices at once thus preventing that device from being “oversubscribed” and underperforming when many devices come on board. It answers a common situation where a small network that is typically served by one Wi-Fi router ends up having to support multiple Wi-Fi client devices like laptops, smartphones, smart speakers of the Amazon Echo kind, and set-top devices for streaming video. It is facilitated through the use of a higher-capacity MU-MIMO technology.

In addition, the Wi-Fi 6 routers and access points implement OFDMA technology to share channels and use them efficiently. It will mean that multiple Wi-Fi 6 networks can coexist without underperforming which will be of benefit for apartment dwellers or trade shows and conferences where multiple Wi-Fi networks are expected to coexist.

There is also the targeted wake time feature to “schedule” use of a Wi-Fi 6 network by battery-operated devices. This will allow them to know when to send data updates to the network especially if they don’t change status often, which will benefit “Internet-of-Things” devices where there is the desire to run them for a long time on commodity batteries.

A requirement that will be placed on Wi-Fi 6 devices is to support WPA3 security for their network security standard. It is to improve the expectation upon these devices for a secure Wi-Fi network.

At the moment, routers and access points based on Wi-Fi 6 will be positioned at the premium end of the market and be typically targeted towards “be first with the latest” early adopters. But over the next year or two, the market will settle out with devices at more affordable price points.

Premium smartphones, tablets and laptops that are being redesigned from the ground up with new silicon will end up with Wi-Fi 6 network interface chipsets. This will apply to the Samsung Galaxy S10 family, computers based on Intel Ice Lake CPUs and the Apple iPhone 11 family. As well, some network-hardware vendors are offering add-on Wi-Fi 6 network adaptors that plug in to your laptop computer’s USB port to enable it for the new technology.

At the moment, if you are running a network with a Wi-Fi 5 access point or router that is serving devices based on Wi-Fi 4 (802.11n) and Wi-Fi 5 (802.11ac) technology, you don’t need to upgrade the access point or router yet.

But if you have to replace that device due to the existing unit dying or you intend to set up a new Wi-Fi network, it may be worth investigating the purchase of network infrastructure equipment based on Wi-Fi 6.

You will also find that each device will be provided with “best case” performance based on its technology. This means that if you install a Wi-Fi 6 access point or router on your network then subsequently sign a subsidised-equipment post-paid service contract for a smartphone with Wi-Fi 6 technology built in, the smartphone will work to Wi-Fi 6 levels while your laptop that supports Wi-Fi 5 technology works to that prior technology without impeding your smartphone’s Wi-Fi 6 functionality.

If you bought one of the earlier Wi-Fi 6 routers or distributed Wi-Fi setups which works to pre-certification standards, check your manufacturer’s site for any new firmware that will have the device working to the current specifications and upload it to your device.

Wi-Fi 6 wireless networks will become a major boon for evolving local-area networks towards higher capacity and faster throughput on wireless segments.

Send to Kindle

6GHz Wi-Fi technology moving towards room-by-room Gigabit Wi-Fi

Article

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

Distributed Wi-Fi setups like this NETGEAR Orbi will be heading towards the Gigabit Wi-Fi goal on the 6GHz waveband

ARRIS: How 6 GHz Wi-Fi will revolutionise the connected home | Wi-Fi Now

My Comments

ARRIS who make home-network equipment for the American market, are pushing the idea that the 6 GHz Wi-Fi network is a major evolution for the home network.

This is coming about due to various national government departments who have oversight over radiocommunications use within their jurisdiction working on regulatory instruments to open up unlicensed low-power indoor use of the 6 GHz radio waveband. Such regulation is expected to be passed by the FCC in the US by mid-year 2020 and OFCOM in the UK by 2021 with other jurisdictions to follow suit over the next few years.

It will open up seven new 160MHz channels for the Wi-Fi 6 technology with the feasibility to open up a Gigabit Wi-Fi network. This is expected to lead to the evolution of the self-configuring distributed Wi-Fi setup with a Gigabit Wi-Fi backbone plus each access point offering a 160MHz Wi-Fi 6 channel alongside support for low-power narrower-bandwidth 2.4GHz and 5GHz channels for legacy equipment.

There will be the implementation of Wi-Fi EasyMesh and Wi-Fi EasyConnect standards to permit secure setup and an open-frame heterogenous distributed-wireless network.

One limitation I do see confronting this ideal that Arris put forward is the short-wavelength Wi-Fi backbone which can be a hindrance with certain building materials and construction approaches like double-brick walls. There will also be the requirement to run many access points to make sure the average home is covered properly. Here, the wired backbone whether “new wires”  like Ethernet or “no new wires” like HomePlug AV2 powerline or MoCA TV-antenna coaxial still has toe be considered for a multiple-access-point network.

ARRIS was even positioning for the evolution of the distributed Wi-Fi network to have each room with its own access-point node capable of yielding Gigabit bandwidth. They also put forward ideas like having these access points mounted on the ceiling. But I would also prefer the idea of a normally-sessile endpoint device like a network printer, Amazon-Echo-style smart speaker or a smart TV being its own access point that is part of the distributed Wi-Fi network. It then avoids the need to equip a room with an extra access point if you are intending to have this kind of device in that room.

The use of Wi-Fi 6 technologies will also be about working with environments that are congested as far as Wi-Fi wireless networking is concerned. These environments like multiple-premises buildings, airports or hotels are likely to have many Wi-Fi devices operating on many Wi-Fi networks which with prior technologies leads to poor performance especially on the throughput and latency side.

It may have to take a few years for the Wi-Fi wireless network to hit the Gigabit throughput mark as the 6 GHz band opens up and more access-point and client devices come on the market.

Send to Kindle

20 Years of Wi-Fi wireless

From the horse’s mouth

Wi-Fi Alliance Wi-Fi Alliance 20th anniversary logo courtesy of Wi-Fi Alliance

20 Years of Wi-Fi (Press Release)

My Comments

“Hey, what’s the Wi-Fi password here?”. This is a very common question around the home as guests want to come on to your home network during their long-term visit to your home. Or one asks the barista or waiter at the cafe “Do you have Wi-Fi here?” with a view to some free Internet use in mind.

“What’s the Wi-Fi password?”

It is brought about by Wi-Fi wireless-network technology that has become a major lifestyle changer over the last 20 years. This has been propelled in the early 2000s with Intel advancing their Centrino Wi-Fi network-interface chipset which put forward the idea of highly-portable computing.

Dell XPS 13 9380 lifestyle press picture courtesy of Dell Corporation

The laptop like this Dell XPS 13 – part of the Wi-Fi lifestyle

The laptop computer, mobile-platform tablet and smartphone benefited from Wi-Fi due to their inherently-portable nature. This effectively allowed for “anywhere anytime” online work and play lifestyle including using that iPad or smartphone as a second screen while watching TV. Let’s not forget the use of Internet radios, network-based multiroom audio setups and those smart speakers answering you when you speak to them.

“Do you have free Wi-Fi here?”

Over the years there has been incremental improvements in bandwidth, security and quality-of-service for Wi-Fi networks both in the home and the office. Just lately, we are seeing home networks equipped with distributed Wi-Fi setups where there are multiple access-point devices working with a wired or wireless backhaul. This is to assure full coverage of our homes with Wi-Fi wireless signals, especially as we face different floorplans and building-material types that may not assure this kind of coverage.

But from this year onwards, the new Wi-Fi network will be based on WI-Fi 6 (802.11ax) technology and implement WPA3-grade security. There will also be the idea of opening up the 6GHz wavebands around the world to Wi-Fi wireless-network traffic, along with having support for Internet-of-Things applications.

Telstra Gateway Frontier modem router press picture courtesy of Telstra

The Wi-Fi router – part of every household

The public-access Wi-Fi networks will be more about simple but secure login and usage experiences thanks to Wi-Fi Passpoint. This will include simplified roaming between multiple Wi-Fi public-access hotspot networks, whether this is based on business relationships or not. It will also lead to telcos using Wi-Fi networks as a method to facilitate complementary coverage for their mobile-broadband networks whether they use current technology or the new 5G technology.

What needs to happen for Wi-Fi is to see work take place regarding high-efficiency chipsets for Internet-of-Things applications where such devices will be required to run on a small number of commodity batteries for a long time. One requirement I would like to see for public-access Wi-Fi is the ability to create user-defined “secure device clusters” that allow devices in that cluster to discover each other across the same public-access network but other devices outside of the cluster can’t discover them.

So happy 20th Anniversary to the network technology that has effectively changed our online lifestyle – the Wi-Fi wireless network.

Send to Kindle

WPA3-Personal security–What does this mean for your Wi-Fi network

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Expect the next-generation Wi-Fi network to have WPA3 security

What is WPA3? And some gotchas to watch out for in this Wi-Fi security upgrade | Network World

My Comments

Over the next few years, Wi-Fi routers, access points and client devices like computers and smartphones will be supporting WPA3 as a media-specific network security protocol.

At the moment, I will be focusing on the WPA3-Personal variant which is relevant to small networks like the typical home or small-business network. This kind of network security is also implemented in an increasing number of venue-based public-access networks in order to allow the venue owner to protect and authenticate the network and preserve its role as an amenity for the venue’s customers.

The WPA3-Personal network security protocol has the same method of operation as for a WPA2-Personal network. This is using a “Wi-Fi password” commonly known across all access points and client devices that use the network segment.

But it describes this “Wi-Fi password” as Simultaneous Authentication Of Equals rather than the previous Pre-Shared Key used in previous WPA-Personal implementations. It also affects how this “Wi-Fi password” is represented and encrypted in order to protect it against an off-site brute-force cracking attempt.

As well, each connection between the client device and the access point is encrypted in a manner unique to that connection.

The initial onboarding process will be typically based on the traditional password-entry method. But it will also implement Wi-Fi EasyConnect which uses a QR code or WPS-based push-button setup.

The Wi-Fi WPA3 security protocol may take years to become mature while a secure surefire codebase for client-side and access-point-side implementations is worked out. The initial codebase was found to have software weaknesses in the early Personal-setup implementation and is being debugged now.

A question that will be raised is whether an upgrade to WPA3 security will require new hardware for either the client device or the access point or if this can be performed using revised firmware that has the necessary software code. This may depend on whether the hardware uses a purely software-defined approach for managing its functionality.

There will be situations that will take place regarding existing equipment and WPA3-capable equipment. Here, a WPA3 client like a smartphone can work with an existing WPA2-compliant Wi-Fi network segment but not have the full benefits. Similarly, a WPA3-capable Wi-Fi network segment will need to be operated in a “transition mode” to allow existing WPA2-compliant client devices to connect. Again, this doesn’t provide all the benefits of a Wi-Fi network segment secure to WPA3 standards.

You can also work around this limitation by implementing two Wi-Fi network segments that have separate ESSIDs. One of these could be configured to work the current WPA2-Personal standard while the other is set up purely for WPA3-Personal. This practice may come in to its own if you have a Wi-Fi network using the latest standards while you maintain another using tried-and-trusted standards.

Send to Kindle

Could a logical network be a data-security attribute?

Telstra Gateway Frontier modem router press picture courtesy of Telstra

The local network created by one of these routers could be seen as a way to attest proximity or effective control of these devices

In data security, there has to be a way to attest that a user has effective control of their computing devices when they are authenticating with a device or service. Increasingly, most of us are handling two or more devices in this context such as to move data between them, use one of them as an authentication factor or to verify mutual trust between two or more people.

The logical network, also called a subnet, represents the devices connected to the same router irrespective of what media they use to connect to this network like Ethernet or Wi-Fi wireless. It is represented at Layer 3 (Network Layer) on the OSI network model stack and is represented by IP (Internet Protocol) whether version 4 or 6. Routers that implement guest or hotspot/community network functionality create a separate logical network for the guest or hotspot network.

But a hotspot network can be set up to cover a large public area like a bar or cafe’s dining room or even the whole of a hotel or apartment block. As well, if a hotspot network is properly set up for the end users’ data security, it shouldn’t be feasible to discover other devices on that same logical network. This is thanks to IP-based isolation functionality that the router that serves the hotspot offers.

Here, the existence of devices on the same logical network can be used as a way to attest proximity of these devices or to attest effective control over them.

Use cases

Enhanced two-factor authentication

Increasingly, most of us who implement two-factor authentication use an app on a smartphone to provide the random key number that confirms what we have along with what we know. But in a lot of situations, we have the smartphone and the computer we want to use to gain access to the resources existing on the same network. This may be our home or business network, a public-access hotspot or tethering our laptop to a smartphone for Internet access via the mobile network.

Having both devices on the same network could be seen as a way to assess the security level of a multifactor authentication setup by assessing the proximity of the devices to each other. It is more so if the devices are communicating to each other behind the same Wi-Fi access point or Ethernet switch. This concept would be to prove that both devices are effectively being controlled by the same user.

It can also work as an alternative to Bluetooth or NFC as a device-to-device link for a transcription-free multi-factor authentication setup if you are thinking of two devices that are able to connect to a network via Wi-Fi. This is more so where the issue of phishing of multi-factor authentication setups involving the transcription of a one-time passcode has been raised.

Discovery of devices in the same network

The same concept can also be examined in the context of interlinking between devices that exist on the same network or even determining one’s “home” domain in the context of AV content rights. In some ways, the concept could also be about tokenised login for online services where a user’s credentials are held on one device like a smartphone but a session-based token is passed to another device like a set-top box to facilitate login from that device.

It is a practice that has been used with UPnP and Bonjour technologies primarily for device and content discovery. The most obvious situation would be to use Apple AirPlay or Google Chromecast to throw content to the big screen from a compatible mobile device. It also works in the same context when you set up and use a network-based printer from your computer or smartphone.

Across-the-room discovery and mutual-user authentication

Another use case this concept can apply to is “across-the-room” device discovery and mutual-user authentication. This would be used for data transfer, social networks or online gaming where you intend to share a resource with someone you talked with, invite them as a friend / follower in a social network or engage them in an online game.

Proof of presence at a particular location

Use of a logical network’s attributes can be a tool for proving one’s presence at a particular location. This is more so where the Internet service for that network is being provided using a wired-broadband or fixed-wireless-broadband approach for its last-mile, like with most home and business networks. It may not work with “Mi-Fi” setups where a mobile broadband network is being implemented for the last-mile connection.

Here, it could be used for time-and-attendance purposes including “proof of presence” for home-based carers. Or it could be used to conditionally enable particular functionality like app-based on-premises food-and-beverage ordering at a venue. To the same extent, it could be used to protect delivery services against orders that were instigated at one location being sent to another location.

Methods

Both devices existing on the same network

In a premises-specific network like most small networks, testing that both devices are on the same subnet / logical network behind the same gateway device (router) could be a way to attest that both devices are in the same premises. The same test can be performed by the use of a “hop count” on Layer 3 of the OSI network-layer tree, which also determines the number of logical networks passed.

It is a method used with a wide range of network-based AV and printing applications to constrain the discovery and control of devices by controller software to what is local to you.

But assessing whether the two devices are connecting to the same access point on a Wi-Fi network can be used to attest whether both devices are in the same room in a large Wi-Fi setup. It may not work in a network setup where different devices connect to a network using different connection media like Ethernet, Wi-Fi Wireless or HomePlug powerline. This also includes situations where multiple access points cover the same room or floor such as with large rooms or open-plan areas.

Another approach that can be used for Wi-Fi hotspot networks honouring the Hotspot 2.0 / Passpoint setup would be to read the “venue” metadata for that network and compare whether both devices are in the same venue. If this technology is able to support subdividing of a logical venue such as based on floors or rooms, this could work as a way of further attesting whether both devices are in close proximity.

A Wi-Fi wireless network can be attested through the use of the BSSID which identifies the same access point that the devices are connecting through or the ESSID which is the network’s “call sign”. The BSSID could be used for a public hotspot network including a “hotzone” network ran by a local government or ISP,or a large network that uses many access points while the ESSID approach could be used simply for a small network with a few access points.

Trusted networks with authentication certificates

On the other hand, there could be the concept of creating “trusted networks” where authentication certificates relating to the network are stored in the network’s gateway device or in infrastructure devices associated with that network. It could be used to work against man-in-the-middle attacks as well as a stronger approach to attesting trust between the client device and the network it proposes to access.

The initial appeal for this concept could be to attest the authenticity of a business’s network especially in the face of business partners or customers who want to use that network as a gateway to the Internet or use the host business’s resources.

It could have some appeal to the food, beverage and hospitality industry where particular cafes and bars are often seen by individuals and workgroups as favoured hangouts. In this context, if an individual wants to use the Wi-Fi public-access network in their favourite “watering hole” or “second office”, the “trusted network” approach can be used to verify to the customer that they have connected to the venue’s network at the venue to avoid “man-in-the-middle” attacks.

This approach is being implemented with the Wi-Fi Passpoint / Hotspot 2.0 technology to provide for the simple yet secure public-access Wi-Fi network.

The same approach can be used with a home network if the router can store data like digital certificates in onboard non-volatile memory. Then this data could be created by the ISP as a “known trusted network” with a network-specific certificate relating to the router and network equipment. Such a service could be offered by an ISP as a value-added service especially to cater for “proof-of-presence” applications.

Conclusion

Using a logical network as a data-security attribute can be effective as a security tool for some use cases. With current network equipment, this can be a surefire way of assessing device proximity.to other devices. But use of certificates stored on network-infrastructure devices like routers and provided by ISPs or similar entities can be of use for authenticated-network or proof-of-presence applications.

Send to Kindle