Living with a SOHO Network 2002 edition Tom Schmidt Schmidt Consulting Revised 1/14/2002 tom@tschmidt.com http://www.tschmidt.com Abstract This paper discusses our experience setting up a small office home office (SOHO) network. It offers guidance on selecting an Internet Service Provider (ISP), presents Local Area Network (LAN) options, describes Internet sharing methods, and discusses implementation of multiple LAN based services. DSL provides a high-speed always on Internet connection.
Table of Contents 1 OVERVIEW ......................................................................................................................................... 1 2 TYPES OF INTERNET ACCESS – YOUR FRIENDLY ISP .......................................................... 3 2.1 DIALUP ............................................................................................................................................ 3 2.2 DSL ......................................................................
7.2.1 PhoneLine Networking ..........................................................................................................24 7.2.2 RF Wireless ...........................................................................................................................24 7.3 TCP/IP ...........................................................................................................................................25 7.4 IP ADDRESS.................................................................
12 FAX – E-MAIL ON PAPER ...........................................................................................................41 13 USENET – UNFILTERED OPINION ...........................................................................................41 14 MULTIMEDIA – SOUND AND IMAGES FROM AROUND THE WORLD ..........................42 14.1 14.2 14.3 REAL AUDIO...................................................................................................................................
1 Overview In mid 1998 I set up a home LAN. I was starting a consulting business and wanted to learn more about the issues involved in building and operating a Small Office Home Office (SOHO) LAN. Until that time my networking experience was limited to interactions with the corporate Information Technology (IT) department. The LAN has undergone significant evolution over time. It started out with a few 10 BaseT Ethernet drops.
Figure 1 SOHO data and voice block diagram 2
2 Types of Internet Access – Your Friendly ISP The PC has progressed from hobbyist plaything to an indispensable telecommunication device. Almost all PCs are purchased with the intent to connect to the Internet. The most common access methods for residential customers are: dial-up over a regular phone line, Digital Subscriber Line (DSL) a high-speed service using existing telephone wiring, and Cable Modem using the Cable TV distribution facilities.
at the user and CO side use frequencies above those used for voice telephony to deliver high-speed data. Several types of DSL have been developed hence the xDSL moniker. The most common types are Asymmetric DSL (ADSL) and Symmetric DSL (SDSL). Another benefit of DSL to the Telcos is that it gets long duration data calls off the Public Switched Telephone Network (PSTN). This minimizes the need to upgrade the expensive circuit switched phone system.
be the shortest distance between the CO and subscriber. Some ILECs are installing remote Terminals (RT) to reduce cable distance allowing them to serve more customers. 2.2.1.2 Digital Loop Carrier DLC is a technique that allows the phone company to use a single circuit to deliver more then one phone line. This reduces the cost of delivering telephone service. Unfortunately it is incompatible with DSL. If your phone is on DLC you will not be able to get DSL.
between Tip and Ring of the line in the phone. The ‘half’ ringer is just the capacitor part of the ringer. The half ringer is actually a capacitor in series with a zener diode and a resistor that resembles one half of a ‘normal’ mechanical ringer. This, in the U.S., is a 0.47 micro Farad capacitor without the addition of the inductor part of the circuit, hence the name ‘half’ ringer. TIP 15K Ohms 0.47uF 250V 4.3 V 4.
vendors must install much new equipment. One or more TV channels are reserved for data services; this accommodates the downstream path to the users. The upstream path is more difficult. The CATV vendor must replace the amplifiers used to distribute TV signal with ones capable of carrying signals in both directions. At the CATV office these signals are converted from the cable format and routed to the backbone data network.
3 Dialup Account – The Old Standby Even though we have DSL we chose to maintain a dialup account. It is used as a backup incase DSL fails and while traveling. Having two different ISP accounts is also a very useful troubleshooting tool. In our experience the most common cause of DSL failure is internal problems within the ISP not with the DSL circuit itself. To maximize the chance of dialup working in the event of DSL failure our dialup ISP is completely separate from our DSL supplier.
Windows performance Tip - in dial up networking uncheck "Log on to Network." Most ISP use RADIUS authentication, eliminating Windows network login speeds up the initial connection to the ISP. Windows performance Tip: - Uncheck NetBEUI and IPX in dialup networking. TCP/IP is the only protocol needed to connect to an ISP. Security Tip: - If file and print sharing is installed unbind it from the dialup adapter. This prevents folks on the Internet from gaining access to shared files.
Next we tried Vitts. According to Vitts we were only 10.5K feet from the CO. As others have found out DSL prequalification distance estimates are all over the place. The only way to get an accurate measurement is to actually have the service installed. We were concerned the estimate might be too low, but at least it gave us a chance to get the circuit installed. At worst we would have to settle for a lower speed. We signed up for HomeReach 530 service.
Disadvantage of Splitter Installation required Dedicated run from splitter to DSL modem Have to purchase separately 4.4 Installation The Verizon self-install kit included a Westell “white” modem and install CD. The type of modem varies depending on your location. Prior to the activation date Verizon technicians connect your phone line to the DSLAM at the central office and create a user account. Verizon uses PPPoE for log on. This is very similar the way PPP used with dialup modems.
The other useful tweak affects the maximum chunk of data that can be transmitted; this is called the maximum transmission unit (MTU). In an Ethernet network the maximum packet size is 1500 bytes. Normally this setting is fine. However PPPoE encapsulation adds 8 bytes to each packet. This reduces the maximum packet size to 1492 bytes. If the source attempts to send larger packet it will either be rejected or fragmented into two parts, with attendant degradation in performance.
5 Wiring Techniques – The Nuts & Bolts Many of the advances in termination technology were developed by the Telephone industry to deal with the massive number of circuits they install and manage. Of particular note for our purposes are Modular jacks and type 66 and 110 punch down blocks. Modular jacks were developed by the old Bell System to reduce the cost of installing and maintaining customer equipment. Until the mid 1970s phone cords were hardwired.
(100Mbp/s), and Gigabit Ethernet (1000Mbp/s). When Gigabit Ethernet was being developed it was designed to operate over the installed base of Cat5. However, real world experience showed that not all installations were up to the task, hence the revision to Cat5e. Cat5e is the sweet spot for any new LAN installation. Cat6 and Cat7 extend the frequency range even higher, but at additional cost. At some point copper wiring runs out of steam and must be replaced with fiber optic cabling.
5.3 Patch Cables Patch cables connect computer to wall jack, and the patch panel to a hub or switch. Patch cables are available in different length and colors. The T569A or T568B pin out option can be ignored since the vendor terminates both ends, the choice of pair color does not matter. Patch cables come in two versions, straight through and cross over. Straight through cables are used in almost all circumstances. UTP Ethernet uses a point-to-point wiring scheme.
Figure 11 Telephone RJxx Jacks A third common telephone jack is RJ31X used with alarm circuits. This is an 8-position connector. The jack is placed in series with one phone line close to the NID so extension phones are downstream of the jack. When the alarm system is plugged in the jack opens the phone circuit. This places the alarm in series with the phones. When the alarm is activated it disconnects the phones so it is able to dial out even if the line was in use. 5.
5.7 Type 110 Terminals Type 110 terminals allow wiring to be packed more densely then Type 66. The smaller terminal causes less disruption to high frequency signals, making 110 termination the preferred connection for LAN use. A typical 110 module includes a standoff. Building wiring is routed in these channels. It is brought out from the standoff and punched down to a terminal. Then another 110 block is inserted over the base. Cross-connect wire is punched down to the upper block.
6 Telephone – Connection to the World We have three phone lines. Two lines are for family use and the third reserved for business. ADSL is installed on the business line. The two non-business lines are configured as a hunt group. If line 1 is busy incoming calls are automatically sent to line 2. Hunting is unidirectional; if someone calls the second line and it is busy the phone company will not ring the first line.
6.1 Network Interface Device Back in the bad old days when the phone company rented you a phone and did inside wiring they made no provision to install customer supplied equipment, commonly called Customer Premise Equipment (CPE). With the advent of telecommunication deregulation the local telephone companies were prohibited from being in the equipment business. This caused a dilemma because there is a need to demarcate between the customer and Phone Company responsibility.
6.3 POTS/DSL Splitter Rather then using the microfilters at each non DSL device I installed a POTS/DSL splitter. When the business line exits the secondary lightning protector it runs to a Siecor (now Corning) POTS/DSL splitter. The splitter includes a low pass filter that isolates the voice phone line from the high frequency DSL signals. The splitter has two outputs; DSL is connected directly to the DSL modem the phone output connects to inside phone wiring.
6.5 Putting it all together The drawing below shows the overall connection of phone and DSL wiring. Two phone lines are used for personal use and one for business. The NID, secondary lightning protection, POTS/DSL splitter, Modem Access Adapter, and Type 66 punch down blocks are all located in the wiring closet. From the NID each line goes to a secondary lightning protector. The POTS/DSL splitter is connected to the business line. The DSL output is run directly to the DSL modem.
7 LAN -- The Networked Home The Local Area Network (LAN) allows computers to be used anywhere in the house. Each computer has access to shared resources such as printer, files, and the Internet. The LAN is 100 megabit per second Ethernet over Cat5 unshielded twisted pair wire. Most rooms are wired with two network outlets. Cable from each receptacle is run to a central wiring closet. In the wiring closet a 16-port hub connects everything together.
7.1.2 10Mbps - 100Mbps - 1Gbps - 10Gbps Initially UTP Ethernet operated at 10 million bits per second (10Mbp/s). Fast Ethernet increased speed to 100 million bits per second over Category 5 wiring 100Mbp/s). Gigabit Ethernet is 10 times faster then Fast Ethernet (1,000Mbp/s). During Gigabit Ethernet development the Cat5 specification was tightened resulting in Cat5e. Work is in progress to increase Ethernet speed by another factor of 10 to 10 Gigabits per second. 7.1.
Ethernet Tip – Use 10/100 autosensing hub or switch. This allows a mix of 10 and 100Mbp/s computers. Internally the hub combines all low-speed ports together and all high-speed ports. If a packet goes between different speed ports the hub does a store and forward. The packet is completely assembled at the incoming speed then sent out at the outgoing speed. 7.1.4 Managed vs Unmanaged Hubs and Switches Ethernet hubs and switches come in both managed or unmanaged versions.
an Access Point to bridge the wireless network to the LAN. Depending on the type of building a single site may need more then one Access Point. HomeRF is an Intel led initiative to standardize on a low cost RF solution for home use. Data rate is 1.6mbps. The initial target is a wireless phone with data capability. BlueTooth is addressing short-range (<10meters) personal area network (PAN) market. The goal is to link multiple personal portable devices together.
The current version of IP is version 4. Each node is assigned a 32-bit address, so the maximum population of the Internet is 4 billion devices. This has been recognized as a serious limitation for some time and a new version of IP version 6 expands the address space to 128 bits. This is a truly gigantic number. If IPv6 addresses were uniformly distributed over the Earth it would result in thousands of addresses per square foot. Due to the scarcity of IPv4 addresses ISPs change extra for multiple addresses.
We will refer to the first block as "24-bit block", the second as "20-bit block", and to the third as "16-bit" block. Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 256 contiguous class C network numbers.
7.5 Gateway Ethernet is a local network. This means each device is in direct communication with all other devices. When a device needs to discover information on the LAN it broadcasts the request to everyone. This is ideal on a small network but does not scale very well; the network quickly becomes overloaded with broadcast traffic. The solution to this problem is to interconnect individual LANs with a router. Routers have the intelligence to interconnect multiple networks.
7.8 Network Neighborhood – My Network Places Windows network neighborhood allows one to browse local computers. To show up in the neighborhood each machine must be running the Microsoft file and print sharing service, even if nothing is being shared. The neighborhood is organized by workgroup name, in a small LAN all machines typically belong to a single workgroup, like HomeLAN. At least one machine in each workgroup must be configured as the Browse Master.
Rather then terminating building cables at a patch panel they were directly terminated with CAT5 plugs. Terminating plugs is somewhat harder then receptacles but it eliminated the need and cost of a patch panel and patch cables. Building wire is plugged directly into the central hub. PCs run Microsoft Windows 98SE or Millennium operating system. The only communication protocol used is TCP/IP. Using the same protocol for local access and Internet simplifies configuration.
The router we chose was a MultiTech RF500S. It meets our requirements and technical support from Multitech has been outstanding. 8.1 WAN Interface DSL service providers offer three types of modems, External with an Ethernet port, External with USB port and Internal PCI. There are pros and cons to each. An external Ethernet modem is the most flexible because it can be connected directly to a computer or used with a router to create a LAN. We used an external DSL modem for both Vitts and Verizon DSL.
8.2.1 Using multiple ISPs The fallback feature is great but it adds some complexity in setting up the network. Each provider issues a different IP address and uses different DNS and gateway servers. The router hides these differences from the local machines. As far as they are concerned the router is the gateway and DNS sever. Another problem concerns sending email. This is not an issue if you use web-based email.
8.3.3 Static It is also possible to manually assign the IP address. The Multitech DHCP server is configured to issue addresses from the 192.168.2.2-100 range with an subnet mask set to 255.255.255.0 Since all the addresses must be in the same subnet static addresses can be assigned in the range of 192.168.2.101-254 without interfering with DHCP while still residing in the same subnet. 8.4 NAT -- Sharing a Single Internet Connection The LAN cannot simply be “plugged in” to the Internet.
8.5 10/100 Ethernet switch The home office is wired with 4 Ethernet drops feed by the whole house 10/100 hub. This turned out to be inadequate so the Router’s built in 4-port Ethernet switch is very handy. Since a simple hub feeds the house the router has to have a switch, since two hubs cannot be cascaded at 100Mbp/s. One port on the switch is configured as the uplink port. This connects to the 16-port hub. The file server and office desktop connect to the switch to take advantage of switch bandwidth.
VPN’s extend the trust environment to the employees PC. If this computer is compromised so is the corporate LAN. Employees and family members need to understand safe computing practices. PPPoE adds 8 bytes of overhead, this reduces max packet (MTU) to 1492 bytes rather then 1500. Make sure the VPN handles this correctly. 8.7 Logging The router creates several logs.
Example 2: Ping remote host by DNS Name. Pinging dslreports.com [209.123.109.175] with 32 bytes of data: Reply from 209.123.109.175: bytes=32 time=26ms TTL=242 Reply from 209.123.109.175: bytes=32 time=21ms TTL=242 Reply from 209.123.109.175: bytes=32 time=23ms TTL=242 Reply from 209.123.109.175: bytes=32 time=20ms TTL=242 Ping statistics for 209.123.109.
9.3 NET NET is a Windows command line utility to display information about Windows networking and workgroup NET CONFIG NET DIAG NET HELP NET INIT NET LOGOFF NET LOGON NET PASSWORD NET PRINT NET START NET STOP NET TIME NET USE NET VER NET VIEW NET ? 9.4 Displays your current workgroup settings. Runs the Microsoft Network Diagnostics program to display diagnostic information about your network. This list Loads protocol and network-adapter drivers without binding them to Protocol Manager.
9.5 WINIPCFG Windows WINIPCFG utility displays the current configuration for each network adapter. From the start menu open run dialog box. Type WINIPCFG. In Windows 2000 enter the IPCONFIG command in a DOS box. WINIPCFG lets you examine each network adapter in the computer. The first is the virtual adapter for dialup, and then each network adapter is shown. The first thing to check is if the computer has the correct IP address.
11 E-Mail -- Mail at the Speed of Light E-mail accounts fall into three broad categories; ISP account, browser based free mail and accounts on your own domain. ISPs typically offer one or more email accounts to subscribers. This is convenient but ties your e-mail address to your current ISP. Change ISP and your e-mail addresses changes. Free mail services like Yahoo are advertising supported. They decouple your e-mail address from your ISP. Free accounts make sense for personal use.
11.4.1 Block Outgoing Port 25 SMTP uses TCP port 25. Some ISP’s block this port at the edge of their network. This effectively prevents customers from using any SMTP server not under control of the ISP. ISPs like this approach because if they get a SPAM complaint they can track down the sender since each user is authenticated. The down side of this method is that you have to use the SMTP server provided by the ISP or use a SMTP server on a non standard port. 11.4.
Mail Configuration Tip -- Archiving mail when using multiple clients is difficult. One trick I’ve found useful is to have your main computer remove mail from the POP server. The rest of the machines retrieve mail but do not delete the message from the server. Then when you get back to the main machine it retrieves all the intervening messages and removes them from the server. Mail Configuration Tip – I use Microsoft Outlook mail client configured with multiple mail accounts.
14 Multimedia – Sound and Images from Around the World Using the Internet to deliver audio and video is hampered by the limited speed available using dialup. Broadband eases this chokepoint opening the door to Internet delivery of radio and TV. Peer-to-peer sharing of music and video is controversial because it makes it difficult for content owners to charge usage fees. Direct distribution of content is in its infancy. Deployment of broadband opens the door to new methods of distributing content. 14.
Configuration Tip -- The print server does not have a name, it must be accessed by IP address. This is inconvenient if the address keeps changing. The router’s quasi-static address feature comes in handy to fix the servers address. Once the router assigns the server an address it is frozen. This locks the IP address to the Ethernet MAC address. The MAC address is a unique address assigned by the manufacture to each device.
local server’s Real Time Clock (RTC). Tardis includes a Network Time Protocol (NTP) timeserver that periodically broadcasts time info over the LAN. A companion program, K9, runs on each client. It updates the local RTC to match the time on the server. This insures all the computers on the LAN are slaved to the local server and the local server in turn is synchronized to NIST. NIST Network Time Service use multiple stratum-1 timeservers located in Boulder Colorado, Gaithersburg, Maryland (Washington, D.C.
18 KVM -- So Many Computers So Little Space We did not want to use another set of user I/O when we setup the server. The solution was to use a KVM (keyboard, video, mouse) switch. KVM’s have been used in server farms for years to allow single point of control for multiple computers. We purchased a 4 port Belkin Omni View SE KVM. Port 1 is the workstation port 2 the server leaving 2 ports for future use. Figure 26 KVM Switching between computers is done via a button on the KVM or with a hot key sequence.
Security Tip -- Password protect network shares. Some viruses are able to search the network and do damage to shares. This will not protect shares if the machine that accesses then is infected. But it will prevent damage if another computer on the network gets infected. Configuration Tip -- Second Copy cannot copy files that are in use. For example the Outlook mail client is always running, preventing backup of mail files. The Second Copy profile for mail is setup for manual copy.
20.3 Software Security Patches Microsoft provides a convenient way to install the latest security patches with Windows Update. As with anti virus software it is important to get the latest updates. Once vulnerability is discovered information is quickly distributed on the web. The best insurance is the latest patch. 20.4 Spyware Companies find every more clever ways to obtain information about customers. This has led to a technique called spyware.
Don’t advertise what you have. The more the attacker knows about your installation the easier it is to find a weakness. All systems have weaknesses. 21 Laptop – Connecting from Anywhere We use a laptop at our home office, in the office and while traveling. This means it needs to connect in three different network environments. Location specific network settings are sprinkled all over Windows and within various applications. This makes it hard to move a computer between locations.
22 Web Hosting -- Your Presence on the Web Every business needs at least a minimal web presence. The easiest way to set up a site is to use a hosting service to maintain a 24/7web presence regardless of how the office is connected to the Internet. The hosting service maintains the server and provides high-speed Internet access. This reduces traffic on relatively expensive and slow first mile connection to your business. Many ISPs allow customers to set up public web servers for free.
23.2 WHOIS record for Tschmidt.com Information for each registered domain is maintained in the WHOIS database. Below is the WHOIS record for the Tschmidt.com domain. Registrant: Schmidt Consulting (TSCHMIDT-DOM) 95 Melendy Road Milford, NH 03055 US Domain Name: TSCHMIDT.COM Administrative Contact, Billing Contact: Administrative Services (AS935-ORG) admin@TSCHMIDT.COM Schmidt Consulting 95 Melendy Road Milford , NH 03055 US (603) 673-5804 Technical Contact: Network Operations Center (NO153-ORG) noc@INR.
23.4 Site Logs The hosting service typically provides a log of everyone that visits your site and what pages they looked at. This data can be analyzed to understand how customers use the site. 23.5 Email An advantage of having your own domain name is that email is addressed to your domain not the ISP. This personalizes your web presence. Normally the hosting service provides one or more e-mail accounts. Email is structured as username@domain.TLD.
25 Conclusions Setting up a SOHO network and VPN has been an extremely successful and a rewarding experience. The network meets our business and personal requirements. It is a pleasure to have high speed Internet access from every computer. The down side is that a significant amount of technical expertise is required to setup the network. The building blocks are all readily available but the detailed knowledge to create and troubleshoot the network can be hard to come by.
Last Page Intentionally Blank 53
