Tag: VLAN

Articles – From the horse’s mouth

Telstra Smart Modem Generation 2 – the first carrier-supplied modem router to be certified as compatible with Wi-Fi EasyMesh

Wi-Fi Alliance

Wi-Fi CERTIFIED EasyMesh™ enables self-adapting Wi-Fi® (Press Release)

Wi-Fi CERTIFIED EasyMesh™ update: Added features for operator-managed home Wi-Fi® networks {The Beacon blog post)

Technicolor

white-label manufacturer of carrier-supplied home-network modem routers

EasyMesh R2 Will Intelligently Manage Your Home Wi-Fi (Press Release)

Previous Coverage on HomeNetworking01.info about Wi-Fi EasyMesh

Wi-Fi defines a new standard for distributed wireless netowrks

Telstra is the first telco to supply home-network hardware that supports Wi-Fi EasyMesh

My Comments

The Wi-Fi EasyMesh standard that facilitates a distributed-Wi-Fi network without the need to have all equipment from the same equipment or chipset vendor has undergone a major revision. This revision, known as Release 2, is intended to improve network management, adaptability and security as well as supporting proper VLAN / multiple-ESSID operations that is especially required with guest, hotspot and community Wi-Fi applications.

What will Release 2 offer and how will it improve Wi-Fi EasyMesh?

Standardisation of diagnostic information sharing across the network

Wi-Fi EasyMesh Release 2 will make use of the Wi-Fi Data Elements to allow the Controller device to collect statistics and diagnostic information from each access point in a uniform manner. It doesn’t matter which vendors the different equipment in the EasyMesh-compliant Wi-Fi network come from.

Here, it will benefit companies like telcos, ISPs or IT support contractors in identifying where the weaknesses are in a Wi-Fi network that they provide support for. For those of us who support our own networks, we can use the tools provided with the main Wi-Fi router to identify what is going wrong with the setup.

Improved Wi-Fi radio channel management to assure service continuity

The second release of Wi-Fi EasyMesh will offer improved channel management and auto-tuning of the access point radio transceivers. This will make sure that the Wi-Fi network is able to adapt to new changes such as newer networks being setup nearby.

It wll also be about implementing DFS to make sure that Wi-Fi networks that use the 5 GHz bands are working as good neighbours to radar installations like weather radar located nearby and using those bands. This will happen not just on initial setup of any Wi-Fi EasyMesh node but continually which will be of concern when, for example, a local meteorological authority installs a new radar-based weather station in your neighbourhood.

Increased data security for the wireless backhaul

The wireless backhaul for a Wi-Fi EasyMesh R2 network will be more secure through the use of current Wi-Fi data-security protocols like Simultaneous Authentication Of Equals. There will even be the ability to support robust authentication mechanisms and newer stronger cryptographic protocols.

It is seen as necessary because the wireless backhaul is used as the main artery to convey all the network’s traffic between the access points and the main “edge” router. This can appeal to anyone who wishes to snoop on a user’s Internet traffic; and also conveys the fact that the Wi-Fi EasyMesh network is effectively a single LAN segment where all the data for Wi-Fi client devices moves around.

Secure wireless-backhaul support for VLAN-separated data traffic

Increasingly, home-network equipment is implementing VLAN technology for a range of reasons. One of these is to facilitate triple-play services and assure quality-of-service for IPTV and IP-based telephony services offered by the telco or ISP. The other is to facilitate guest/hotspot and community networks that use the same Internet service connection but are effectively isolated from the main home or small-business network.

This release of the Wi-Fi EasyMesh standard will support these setups by configuring each node to support the multiple virtual networks including their own separate extended-service-set configurations. The wireless backhaul will also be set up to create separate “traffic lanes” for each logical network that are securely isolated from each other.

Enhanced client steering

There will be the ability to steer client devices between access points, wavebands or channels to prevent one or more of these resources from being overloaded.

For example, it could be feasible to have dual-band client devices like most laptops, tablets and smartphones work on the 5GHz band if they are dealing with multimedia while keeping the 2.4GHz band for low-traffic needs and single-band devices. Similarly, if a client device “sees” two access points equally, it could be made to use whichever one isn’t being overloaded or has the batter throughput.

Of course, the enhanced client steering will provide a seamless roaming experience similar to what happens with the cellular-based mobile telephony/broadband networks that power our smartphones. This is a feature that is of importance with any device that is highly-portable in nature like a smartphone, tablet or laptop.

Key issues that may surface with Wi-Fi EasyMesh

A key issue that may crop up with Wi-Fi EasyMesh is supporting the use of multiple backhauls across the same network and offering “true-mesh” operation rather than hub-and-spoke operation. Here, it could be about opening up options for load-balancing and increased throughput for the backhaul or providing fault-tolerance for the network.

As well, the idea of a wired backhaul implementing IEEE 1905.1 small-network management technology has to be kept in scope when designing Wi-Fi EasyMesh devices or promoting and implementing this standard. This is more so to encourage HomePlug AV2 or G.Hn powerline-network technology as a companion “wired no-new-wires” backhaul approach for deploying satellite nodes in areas where a wireless backhaul may not perform to expectation but it would be costly or unfeasible to pull Ethernet cable across the premises.

How can this be deployed with existing Wi-Fi EasyMesh networks

There are measures built in to the Release 2 specifications to permit backward compatibility with legacy Wi-Fi EasyMesh network-infrastructure devices like the Telstra Smart Modem Generation 2 that exist in the network.

As well, some vendors are taking the approach of implementing the Release 2 functionality as software form. This makes it feasible for them to bake this functionality in to a firmware update for an existing EasyMesh-compliant router or access point without the need to worry about the device’s underlying hardware.

Conclusion

I see Wi-Fi EasyMesh Release 2 as offering the chance for Wi-Fi EasyMesh to mature as a standard for distributed-Wi-Fi setups within the home and small-business user space. This release may even make it affordable for small businesses to dabble with a basic managed distributed-Wi-Fi setup due to not being required to stay with a particular vendor/

Routers like the Draytek Vigor 2600N which support VPN endpoint and IP-PBX functionality could benefit from simplified configuration processes for these functions

Increasingly, the virtual private network, virtual local-area network and IP-based voice and video telephony setups are becoming more common as part of ordinary computing.

The VPN is being seen as a tool to protect our personal privacy or to avoid content-blocking regimes imposed by nations or other entities. Some people even use this as a way to gain access to video content available in other territories that wouldn’t be normally available in their home territory. But VPNs are also seen by business users and advanced computer users as a way to achieve a tie-line between two or more networks.

The VLAN is becoming of interest to householders as they sign up to multiple-play Internet services with at least TV, telephony and Internet service. Some of the telcos and ISPs are using the VLAN as a way to assure end-users of high quality-of-service for voice or video-based calls and TV content made available through these services.

… as could the AVM Fritz!Box routers with DECT base station functionality

It may also have some appeal with some multiple-premises developments as a tool to provide the premises occupiers access to development-wide network resources through the occupiers’ own networks. It will also appeal to public-access-network applications which share the same physical infrastructure as private networks such as FON-type community networks including what Telstra and BT are running.

VoIP and similar IP-based telecommunications technologies will become very common for home and small-business applications. This is driven by incumbent and competing telecommunications providers moving towards IP-based setups thanks to factors like IP-driven infrastructure or a very low cost-of-entry. It also includes the desire to integrate entryphone systems that are part of multi-premises buildings in to IP-based telecommunications setups including the voice-driven home assistants or IP-PBX business-telephony setups.

A device like the Amazon Echo could be made in to a VoIP telephone through an easy-to-configure Alexa Skill

In the same context, an operating-system or other software developer may want to design a “softphone” for IP-based telephony in order to have it run on a common computing platform.

What is frustrating these technologies?

One key point that makes these technologies awkward to implement is the configuration interface associated with the various devices that benefit from these technologies like VPN endpoint routers or IP-based telephony equipment. The same situation also applies if you intend to implement the setup with multiple devices especially where different platforms or user interfaces are involved.

This kind of configuration also increases the chance of user error taking place during the process which then leads to the setup failing with the user wasting time on troubleshooting procedures to get it to work. It also makes the setup process very daunting for people who don’t have much in the way of IT skills.

For example, you have to complete many steps to enrol the typical VPN endpoint router with a consumer-facing privacy-focused VPN in order to assure network-wide access to these VPNs. This involves transcribing configuration details for one of these VPNs to the router’s Web-based management interface. The same thing also applies if you want to create a VPN-based data tie-line between networks installed at two different premises.

Similarly, IP-based telephony is very difficult to configure with customers opting for pre-configured IP telephone equipment. Then it frustrates the idea of allowing a customer to purchase equipment or software from different resellers thanks to the difficult configuration process. Even small businesses face this same difficult whether it is to add, move or remove extensions, create inter-premises tie-lines or add extra trunk lines to increase call capacity or provide “local-number” access.

This limits various forms of innovation in this space such as integrating a building’s entryphone system into one’s own telephone setup or allowing Skype, Facebook Messenger, WhatsApp or Viber to permit a business to have a virtual telephone link to their IP-telephony platforms.

It also limits the wide availability to consumers and small businesses of “open” network hardware that can answer these functions. This is more so with VPN-endpoint routers or routers that have IP-based telecommunications functionality which would benefit from this kind of simplified configuration process.

What can be done?

A core requirement to enable simplified provisioning of these technologies is to make use of an XML-based standard configuration file that contains all of the necessary configuration information.

It can be transferred through a download from a known URL link or a file that is uploaded from your computing device’s local file system. The latter approach can also apply to using removable storage to transfer the file between devices if they have an SD-card slot or USB port.

Where security is important or the application depends on encryption for its operation, the necessary binary public-key files and certificates could be in a standard form with the ability to have them available through a URL link or local file transfer. It also extends to using technologies based around these public keys to protect and authenticate the configuration data in transit or apply a digital signature or watermark on the configuration files to assert their provenance.

I would also see as being important that this XML-based configuration file approach work with polished provisioning interfaces. These graphically-rich user interfaces, typically associated with consumer-facing service providers, implement subscription and provisioning through the one workflow and are designed to he user-friendly. It also applies to achieving a “plug-and-play” onboarding routine for new devices where there is a requirement for very little user interaction during the configuration and provisioning phase.

This can be facilitated through the use of device-discovery and management protocols like UPnP or WSD with the ability to facilitate the upload of configuration files to the correct devices. Or it could allow the creation and storage of the necessary XML files on the user’s computer’s local storage for the user to upload to the devices they want to configure.

Another factor is to identify how a device should react under certain situations like a VPN endpoint router being configured for two or more VPNs that are expected to run concurrently. It also includes allowing a device to support special functions, something common in the IP-based telecommunications space where it is desirable to map particular buttons, keypad shortcodes or voice commands to dial particular numbers or activate particular functions like door-release or emergency hotline access.

Similarly, the use of “friendly” naming as part of the setup process for VLANs, VPNs and devices or lines in an IP-telephony system could make the setup and configuration easier. This is important when it comes to revising a configuration to suit newer needs or simply understanding the setup you are implementing.

Conclusion

Using XML-based standard provisioning files and common data-transfer procedures for setup of VLAN, VPN and IP-based-telecommunications setups can allow for a simplified setup and onboarding experience. It can also allow users to easily maintain their setups such as to bring new equipment on board or factor in changes to their service.

News article

NETGEAR Adds Gigabit PoE Smart Switch – SmallNetBuilder

From the horse’s mouth

NETGEAR GS110TP Gigabit PoE switch product page

NETGEAR GS-110TP Gigabit PoE 8 Port Smart Switch

My comments

The concept of VLANs and quality-of-service functionality is now become increasingly relevant to the home and small-business network now that the “single-pipe triple-play” and “next-generation” broadband Internet services are either here in your market or are coming around the corner to your market.

What are VLANs

The VLAN is a separate logical network path within a physical network medium, such as multiple SSIDs from one Wi-Fi access point serving different networks or a HomePlug setup with multiple Network Passwords for different networks. Most business-grade Ethernet switches offer this functionality in order to have particular Ethernet sockets associated with particular logical networks. It is used in many network applications such as interlinking a business with multiple premises through one multi-tenant building or providing Internet-only “guest access” service to business networks.

Now the VLAN is becoming common in small networks as part of either providing “guest access” or “hotspot service” to the Internet without encroaching on the security of the resident network; or providing dedicated “fast-lanes” for quality of service when it comes to A/V streaming or VoIP service.

NETGEAR’s role in this equation

Now NETGEAR have provided the GS110TP Gigabit Power-Over-Ethernet Smart Switch which is an 8-port switch which offers this functionality and Power-Over-Ethernet to all the ports for US$260. This is similar to how this company offered 5-port and 8-port 10/100Mbps Cat5 Ethernet hubs and switches at prices affordable for most people when the idea of home networking and broadband Internet came on the horizon in the early 2000s. Then a few years later, they offered 8-port 10/100Mbps switches with that had 802.3af standards-based Power-Over-Ethernet supply functionality on four of the ports, again at a price that most users can afford.

It may be easy to think of this unit being a candidate “central” switch when you wire your premises for Ethernet and want to make it future-proof for these new requirements. There have been some concessions to allow it to work properly with “triple-play” by the use of a default VLAN matrix with one VLAN for regular traffic, one for VoIP and one for video traffic. There is some “automatic-transmission” logic that shifts data to the different VLANs based on whether the data was primarily multicast in the case of video or one of a few VoIP protocols in the case of VoIP.

The main problem with this is that this switch wouldn’t work in a “plug-and-play” manner with “edge” devices that use certain VLAN setups or QoS methods to assure video and VoIP quality-of-service. For example, most of the “n-boxes” (Livebox, Neufbox, Freebox, Bbox, etc) used by French “triple-play” service providers as network-Internet edges have one Ethernet port for video traffic and three Ethernet ports for regular traffic. These units would expect you to connect the IPTV box to the “video” Ethernet port and you may end up with QoS or installation difficulties if you used this switch with them.

Limitations with this class of switch

For these switches to become easier to implement in a home or small-business network, there would have to be standards that allow an “edge” device to communicate its QoS and VLAN needs to these switches. This may be important if the “edge” device is managed by the service provider or is part of the provisioning chain that a service provider uses.

This may also include the flexible installation and “at-will” relocation of devices like VoIP handsets or IPTV devices as well as the support for multiple devices of this type across an Ethernet backbone. It also includes the support of multiple cascaded switches such as “regional” switches in other parts of the building or other buildings.

Other benefits to take note of

One bonus that I like about this switch is that it has offered 802.3af-compliant Power-Over-Ethernet across all Ethernet ports which allows the Ethernet cable to be a power cable as well as a data cable.This technology, which I will cover in a separate article on this site, has been pitched at business networks as being suitable for powering Wi-Fi access points, VoIP telephone handsets and IP-based surveillance cameras with one cable and from one point. Infact, NETGEAR have released an 8-port “regional” smart switch that has similar QoS and VLAN functionality but can be powered from this switch or other standards-based Power-Over-Ethernet networks.

Another feature that also appealed to me about this switch is that a unit of this price was equipped with optical-fibre LAN connectivity which can reduce the cost of using optical-fibre as a high-reliability long-distance link between buildings, especially on large properties. 

Conclusion

This is another example of NETGEAR offering technology that is deemed “large business” at prices that home users and small business can afford.