Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Title: Network designation
Description: steps on how to create your own network is shown in this material
Description: steps on how to create your own network is shown in this material
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
3
Network Design
Before purchasing equipment or deciding on a hardware platform, you should
have a clear idea of the nature of your communications problem
...
The network design you choose to implement should fit the communications problem you are trying to solve
...
We will then see examples of how other people have built wireless networks to solve their communication problems, including diagrams of
the essential network structure
...
Networking 101
TCP/IP refers to the suite of protocols that allow conversations to happen on
the global Internet
...
If you are already comfortable with the essentials of TCP/IP networking (including addressing, routing, switches, firewalls, and routers), you may want
27
28
Chapter 3: Network Design
to skip ahead to Designing the Physical Network on Page 51
...
Introduction
Venice, Italy is a fantastic city to get lost in
...
Postal carriers in Venice are some of the most highly trained in the world,
specializing in delivery to only one or two of the six sestieri (districts) of Venice
...
Many
people find that knowing the location of the water and the sun is far more
useful than trying to find a street name on a map
...
1: Another kind of network mask
...
Polo, Venezia to an office in
Seattle, USA
...
The artist first packs the mask into a shipping box and addresses it to the
office in Seattle, USA
...
After several days, the package clears Italian
customs and finds its way onto a transatlantic flight, arriving at a central import processing location in the U
...
Once it clears through U
...
customs, the
package is sent to the regional distribution point for the northwest U
...
, then
on to the Seattle postal processing center
...
A clerk at the office
Chapter 3: Network Design
29
accepts the package and puts it in the proper incoming mail box
...
The clerk at the office in Seattle neither knows nor cares about how to get to
the sestiere of S
...
His job is simply to accept packages as they
arrive, and deliver them to the proper person
...
His job is to pick up packages from his local neighborhood and forward them to the next closest hub in the delivery chain
...
jpg
Part 1 of 10
Computer
Image
...
2: Internet networking
...
This is very similar to how Internet routing works
...
The computer then sends these packets to a router, which decides where to
send them next
...
This
list of possible routes is called the routing table
...
If the router has no explicit route to the destination in question,
it sends the packet to the closest match it can find, which is often its own
Internet gateway (via the default route)
...
Packages can only make their way through the international postal system because we have established a standardized addressing scheme for packages
...
Without this information, packages are either returned to the sender or are lost in the system
...
These standard communication protocols make it possible to exchange information on a global scale
...
But once the communication becomes more complex than a simple
conversation between two people, protocol becomes just as important as
language
...
Now imagine an auditorium as big as the world, full of all of the computers that exist
...
People have developed a number of communications frameworks to address
this problem
...
The OSI model
The international standard for Open Systems Interconnection (OSI) is defined by the document ISO/IEC 7498-1, as outlined by the International
Standards Organization and the International Electrotechnical Commission
...
iso
...
The OSI model divides network traffic into a number of layers
...
The abstraction between layers makes it easy to design elaborate and highly reliable protocol stacks, such as the ubiquitous TCP/IP stack
...
The
OSI model doesn't define the protocols to be used in a particular network, but
simply delegates each communications "job" to a single layer within a welldefined hierarchy
...
Each layer can be implemented in hardware (more common for
lower layers) or software
...
This means that any given layer from manufacturer
A can operate with the same layer from manufacturer B (assuming the relevant specifications are implemented and interpreted correctly)
...
HTTP, FTP, and
SMTP are all application layer protocols
...
6
Presentation
The Presentation Layer deals with data representation, before it reaches the application
...
5
Session
The Session Layer manages the logical communications session between applications
...
4
Transport
The Transport Layer provides a method of reaching
a particular service on a given network node
...
Some protocols at the transport layer
(such as TCP) ensure that all of the data has arrived
at the destination, and is reassembled and delivered
to the next layer in the proper order
...
3
Network
IP (the Internet Protocol) is the most common Network Layer protocol
...
Packets can leave the link local network and
be retransmitted on other networks
...
Nodes on the Internet are
reached by their globally unique IP address
...
This
layer is also sometimes referred to as the Internet
Layer
...
Common examples of data
link protocols are Ethernet, Token Ring, ATM, and
the wireless networking protocols (802
...
Communication on this layer is said to be link-local,
since all nodes connected at this layer communicate
with each other directly
...
On networks modeled after Ethernet, nodes are referred to by their MAC address
...
1
Physical
The Physical Layer is the lowest layer in the OSI
model, and refers to the actual physical medium over
which communications take place
...
Cut wires, broken fiber, and RF
interference are all physical layer problems
...
This is meant to reinforce the idea that each layer builds upon, and depends upon, the layers below
...
If you remove any single layer, the building will not stand
...
The first three layers (Physical, Data Link, and Network) all happen "on the
network
...
A network switch can only distribute packets by using MAC addresses, so it need only implement layers
one and two
...
A web server or a laptop
computer runs applications, so it must implement all seven layers
...
The OSI model is internationally recognized, and is widely regarded as the
complete and definitive network model
...
From the perspective of a network engineer or troubleshooter, the OSI model
can seem needlessly complex
...
For the majority of Internet network implementations, the
OSI model can be simplified into a smaller collection of five layers
...
Nevertheless, it is often used as a pragmatic model for
understanding and troubleshooting Internet networks
...
The TCP/IP model of networking describes the following five layers:
Layer
Name
5
Application
4
Transport
3
Internet
2
Data Link
1
Physical
In terms of the OSI model, layers five through seven are rolled into the topmost layer (the Application layer)
...
Many network engineers think of everything above layer four as
"just data" that varies from application to application
...
We will use the TCP/IP
model when discussing networks in this book
...
The person first needs to interact with the road itself (the Physical layer), pay attention to other traffic on the road (the Data
Link layer), turn at the proper place to connect to other roads and arrive at
the correct address (the Internet layer), go to the proper floor and room num-
34
Chapter 3: Network Design
ber (the Transport layer), and finally give it to a receptionist who can take the
letter from there (the Application layer)
...
The five layers can be easily remembered by using the mnemonic “Please
Don t Look In The Attic,” which of course stands for “Physical / Data Link /
Internet / Transport / Application
...
The acronym stands for Transmission Control Protocol (TCP) and Internet
Protocol (IP), but actually refers to a whole family of related communications
protocols
...
In this discussion, we will focus on version four of the IP protocol (IPv4) as
this is now the most widely deployed protocol on the Internet
...
Examples of IP addresses are 10
...
17
...
168
...
1, or 172
...
5
...
If you enumerated every possible IP address, they would range from 0
...
0
...
255
...
255
...
Each
of the usable IP addresses is a unique identifier that distinguishes one network node from another
...
IP addresses
must be unique and generally cannot be used in different places on the
Internet at the same time; otherwise, routers would not know how best to
route packets to them
...
This ensures that duplicate addresses are not used by different networks
...
These groups of addresses are called sub-networks, or subnets
for short
...
A
group of related addresses is referred to as an address space
...
1
...
2
PC
Server 10
...
1
...
3: Without unique IP addresses, unambiguous global routing is impossible
...
1
...
2, which server will it reach?
Subnets
By applying a subnet mask (also called a network mask, or simply netmask) to an IP address, you can logically define both a host and the network
to which it belongs
...
For example, 255
...
255
...
You will find this notation used when configuring network
interfaces, creating routes, etc
...
Thus, 255
...
255
...
CIDR is short for Classless Inter-Domain Routing, and is defined in RFC15181
...
Using a /24 netmask,
8 bits are reserved for hosts (32 bits total - 24 bits of netmask = 8 bits for
hosts)
...
By convention, the first value is taken as the network address (
...
255 or 11111111)
...
Subnet masks work by applying AND logic to the 32 bit IP number
...
A logical AND is performed by
comparing two bits
...
RFC is short for Request For Comments
...
Not all RFCs are actual standards
...
net/
36
Chapter 3: Network Design
also "1"
...
Here are all of the possible outcomes of
a binary AND comparison between two bits
...
The netmask 255
...
255
...
11111111
...
00000000
When this netmask is combined with the IP address 10
...
10
...
10
...
10
...
00001010
...
00001010
255
...
255
...
11111111
...
00000000
----------------------------------10
...
10
...
00001010
...
00000000
This results in the network 10
...
10
...
This network consists of the hosts
10
...
10
...
10
...
254, with 10
...
10
...
10
...
255 as the broadcast address
...
One can also specify subnet
masks like 255
...
0
...
This is a large block, containing 131,072
addresses, from 10
...
0
...
1
...
255
...
The first one would be
10
...
0
...
0
...
255, then 10
...
1
...
0
...
255, and so on up to
10
...
255
...
1
...
255
...
It
could even be subdivided into a mixture of different block sizes, as long as
none of them overlap, and each is a valid subnet whose size is a power of two
...
255
...
252
4
/29
255
...
255
...
255
...
240
16
/27
255
...
255
...
255
...
192
64
/25
255
...
255
...
255
...
0
256
/16
255
...
0
...
0
...
0
16 777 216
With each reduction in the CIDR value the IP space is doubled
...
There are three common netmasks that have special names
...
0
...
0) defines a Class A network
...
255
...
0)
is a Class B, and a /24 (255
...
255
...
These names
were around long before CIDR notation, but are still often used for historical
reasons
...
The ISP then allocates smaller IP blocks to their
clients as required
...
The 4 billion available IP addresses are administered by the Internet Assigned Numbers Authority (IANA, http://www
...
org/)
...
These subnets are delegated to one of the five regional Internet registries (RIRs), which are given authority over large geographic areas
...
4: Authority for Internet IP address assignments is delegated to the five Regional Internet Registrars
...
afrinic
...
apnic
...
arin
...
lacnic
...
ripe
...
The registry system assures that IP addresses
are not reused in any part of the network anywhere in the world
...
The process
of moving packets between networks is called routing
...
Static IP
addresses are important because servers using these addresses may have
DNS mappings pointed towards them, and typically serve information to
other machines (such as email services, web servers, etc
...
Dynamic IP Addresses
Dynamic IP addresses are assigned by an ISP for non-permanent nodes
connecting to the Internet, such as a home computer which is on a dial-up
connection
...
A node using DHCP
first requests an IP address assignment from the network, and automatically
configures its network interface
...
IP addresses assigned by DHCP are valid for a specified time (called the lease
time)
...
Upon renewal, the node may receive the same IP address or a different one
from the pool of available addresses
...
They only need an address for each customer who is active at any one
time
...
Assigning addresses dynamically allows ISPs to save money, and they will often charge extra to provide a
static IP address to their customers
...
In particular, computers
which are not public servers do not need to be addressable from the public
Internet
...
There are currently three blocks of private address space reserved by IANA:
10
...
0
...
16
...
0/12, and 192
...
0
...
These are defined in
RFC1918
...
40
Chapter 3: Network Design
To LAN
To LAN
10
...
99
...
168
...
0/24
Router
Router
Internet
Router
Router
172
...
1
...
15
...
0/24
To LAN
To LAN
Figure 3
...
If you ever intend to link together private networks that use RFC1918 address space, be sure to use unique addresses throughout all of the networks
...
0
...
0/8 address space into multiple
Class B networks (10
...
0
...
2
...
0/16, etc
...
The network administrators at each location can then break the network down further
into multiple Class C networks (10
...
1
...
1
...
0/24, etc
...
In the future, should the networks ever be linked
(either by a physical connection, wireless link, or VPN), then all of the machines will be reachable from any point in the network without having to renumber network devices
...
Since these addresses cannot be routed over the Internet, computers
which use them are not really "part" of the Internet, and are not directly
reachable from it
...
This translation process is known as Network Address Translation (NAT), and is normally performed at the gateway between the private network and the Internet
...
Routing
Imagine a network with three hosts: A, B, and C
...
168
...
1, 192
...
1
...
168
...
3
...
255
...
0)
...
It is possible to manually configure each host with a
mapping table from IP address to MAC address, but normally the Address
Resolution Protocol (ARP) is used to determine this automatically
...
168
...
1
who is 192
...
1
...
168
...
3 is 00:11:22:aa:bb:cc
Computer B
192
...
1
...
168
...
3
Computer B
192
...
1
...
168
...
1
00:11:22:aa:bb:cc - DATA
...
168
...
3
Figure 3
...
168
...
3
...
168
...
3
...
168
...
3?" When host C sees an ARP request for
its own IP address, it replies with its MAC address
...
168
...
2
Computer A:
192
...
1
...
168
...
3
Computer D:
192
...
2
...
168
...
3
Computer E:
192
...
2
...
7: Two separate IP networks
...
168
...
1, 192
...
2
...
168
...
3
...
All three
42
Chapter 3: Network Design
hosts can reach each other directly (first using ARP to resolve the IP address
into a MAC address, and then sending packets to that MAC address)
...
This host has two network cards, with one plugged
into each network
...
168
...
4,
and the other uses 192
...
2
...
Host G is now link-local to both networks,
and can route packets between them
...
For example, hosts A-C would
add a route via 192
...
1
...
In Linux, this can be accomplished with the following command:
# ip route add 192
...
2
...
168
...
4
...
168
...
0/24 via 192
...
2
...
8
...
Host A could
not add a route via 192
...
2
...
168
...
4 (host G), since that IP is not link-local
...
168
...
2
Computer A:
192
...
1
...
168
...
3
192
...
1
...
168
...
4
Computer D:
192
...
2
...
168
...
3
Computer E:
192
...
2
...
8: Host G acts as a router between the two networks
...
If host A wants to send a packet to host F, it would first send it to host G
...
Finally, host G would resolve the hardware
(MAC) address of host F and forward the packet to it
...
As networks get more complex, many hops may
need to be traversed to reach the ultimate destination
...
When a router receives a packet destined for a network for
which it has no explicit route, the packet is forwarded to its default gateway
...
An example of a router that uses a default gateway
is shown in Figure 3
...
10
...
5
...
15
...
3
10
...
5
...
15
...
2
Internal
Router
10
...
5
...
15
...
1
eth0
Routing table for internal router:
Destination
10
...
5
...
15
...
0
default
Gateway
*
*
10
...
6
...
255
...
0
255
...
255
...
0
...
0
Flags
U
U
UG
Metric
0
0
0
Iface
eth1
eth0
eth0
Figure 3
...
Routes can be updated manually, or can dynamically react to network outages and other events
...
Configuring dynamic routing is beyond the
scope of this book, but for further reading on the subject, see the resources
in Appendix A
...
This is achieved using a
technique known as Network Address Translation, or NAT
...
On a NAT router, the Internet connection uses one (or more) glob-
44
Chapter 3: Network Design
ally routed IP addresses, while the private network uses an IP address from
the RFC1918 private address range
...
It converts the packets from one form of addressing to the other as
the packets pass through it
...
They simply use the NAT router as their default gateway, and address packets as they normally would
...
The major consequence of using NAT is that machines from the Internet cannot easily reach servers within the organization without setting up explicit forwarding rules on the router
...
To 10
...
1
...
90
...
226
192
...
2
...
1
...
1
10
...
1
...
1
...
3
NAT router
10
...
1
...
10: Network Address Translation allows you to share a single IP address with
many internal hosts, but can make it difficult for some services to work properly
...
RFC1918 addresses
should be filtered on the edge of your network to prevent accidental or malicious RFC1918 traffic entering or leaving your network
...
Chapter 3: Network Design
45
Internet Protocol Suite
Machines on the Internet use the Internet Protocol (IP) to reach each other,
even when separated by many intermediary machines
...
Every packet specifies a protocol number which
identifies the packet as one of these protocols
...
Taken as a group, these protocols (and others) are
known as the Internet Protocol Suite, or simply TCP/IP for short
...
Port
numbers allow multiple services to be run on the same IP address, and still
be distinguished from each other
...
Some port numbers are well defined standards, used to reach
well known services such as email and web servers
...
When we say that a service "listens" on a port (such as port 80), we
mean that it will accept packets that use its IP as the destination IP address,
and 80 as the destination port
...
When sending a response to such packets, the
server will use its own IP as the source IP, and 80 as the source port
...
g
...
TCP is a session oriented protocol
with guaranteed delivery and transmission control features (such as detection and mitigation of network congestion, retries, packet reordering and reassembly, etc
...
The ICMP protocol is designed for debugging and maintenance on the Internet
...
Different message types are used to request a simple response from another computer (echo request), notify the sender of another packet of a possible routing
loop (time exceeded), or inform the sender that a packet that could not be
delivered due to firewall rules or other problems (destination unreachable)
...
Now let's take a brief look at the physical hardware that implements
these network protocols
...
It is sometimes used to connect
individual computers to the Internet, via a router, ADSL modem, or wireless
device
...
The name comes from the physical concept of the
ether, the medium which was once supposed to carry light waves through
free space
...
3
...
This defines a data
rate of 100 megabits per second, running over twisted pair wires, with modular RJ-45 connectors on the end
...
MAC addresses
Every device connected to an Ethernet network has a unique MAC address,
assigned by the manufacturer of the network card
...
However, the scope of a MAC address is limited to a
broadcast domain, which is defined as all the computers connected together
by wires, hubs, switches, and bridges, but not crossing routers or Internet
gateways
...
Hubs
Ethernet hubs connect multiple twisted-pair Ethernet devices together
...
They repeat the signals
received by each port out to all of the other ports
...
Due to this design, only one port can successfully transmit at a time
...
This is known as a collision, and each host remains responsible for detecting collisions during transmission, and retransmitting its
own packets when needed
...
While a port is partitioned, devices attached to it cannot communicate
with the rest of the network
...
But hubs are limited in their usefulness,
since they can easily become points of congestion on busy networks
...
Rather than repeating all
traffic on every port, the switch determines which ports are communicating
directly and temporarily connects them together
...
They are not much more expensive than hubs, and are replacing
them in many situations
...
When a packet
arrives at a port on a switch, it makes a note of the source MAC address,
which it associates with that port
...
The switch then looks up the destination MAC address in its MAC table, and transmits the packet on the matching port
...
If the destination port matches the incoming port, the
packet is filtered and is not forwarded
...
Switches
Hubs are considered to be fairly unsophisticated devices, since they inefficiently rebroadcast all traffic on every port
...
Overall performance is slower,
since the available bandwidth must be shared between all ports
...
Switches create virtual connections between receiving and transmitting ports
...
More expensive switches can switch traffic by inspecting packets at higher levels (at the transport or application layer), allow the
creation of VLANs, and implement other advanced features
...
Most switches provide monitor port functionality
that enables repeating on an assigned port specifically for this purpose
...
However, the price of switches have
reduced dramatically over the years
...
48
Chapter 3: Network Design
to: 10
...
1
...
1
...
2
Hub
10
...
1
...
1
...
4
10
...
1
...
1
...
4
Switch
10
...
1
...
1
...
4
Figure 3
...
Both hubs and switches may offer managed services
...
A managed switch that provides
upload and download byte counts for every physical port can greatly simplify
network monitoring
...
Routers and firewalls
While hubs and switches provide connectivity on a local network segment, a
router's job is to forward packets between different network segments
...
It may include
support for different types of network media, such as Ethernet, ATM, DSL, or
dial-up
...
Routers sit at the edge of two or more networks
...
Many routers have firewall capabilities
that provide a mechanism to filter or redirect packets that do not fit security or
Chapter 3: Network Design
49
access policy requirements
...
Routers vary widely in cost and capabilities
...
The next
step up is a software router, which consists of an operating system running
on a standard PC with multiple network interfaces
...
However,
they suffer from the same problems as conventional PCs, with high power
consumption, a large number of complex and potentially unreliable parts, and
more involved configuration
...
They tend to have much better performance,
more features, and higher reliability than software routers on PCs
...
Most modern routers offer mechanisms to monitor and record performance
remotely, usually via the Simple Network Management Protocol (SNMP), although the least expensive devices often omit this feature
...
12: Many DSL modems, cable modems, CSU/DSUs, wireless access points,
and VSAT terminals terminate at an Ethernet jack
...
For
example, VSAT connections consist of a satellite dish connected to a termi-
50
Chapter 3: Network Design
nal that either plugs into a card inside a PC, or ends at a standard Ethernet
connection
...
Cable
modems bridge the television cable to Ethernet, or to an internal PC card
bus
...
Standard dialup lines use modems to connect a computer to the telephone, usually via a plug-in card or
serial port
...
The functionality of these devices can vary significantly between manufacturers
...
Since your Internet connection ultimately comes from your ISP, you
should follow their recommendations when choosing equipment that bridges
their network to your Ethernet network
...
16
...
33
23
...
8
...
8
...
205
216
...
38
...
15
...
1
172
...
41
...
231
...
1
192
...
17
...
15
...
3
Router
Hello,
Alice!
Bobʼs computer:
192
...
17
...
13: Internet networking
...
Packets are forwarded between routers until they reach their ultimate destination
...
Through the use of routing and forwarding,
these packets can reach nodes on networks that are not physically connected to the originating node
...
In this example, you can see the path that the packets take as Alice chats
with Bob using an instant messaging service
...
The
cloud symbol is commonly used to stand in for “The Internet”, and represents
any number of intervening IP networks
...
If it weren t for Internet protocols
and the cooperation of everyone on the net, this kind of communication
would be impossible
...
After all, where is the physical part of the network? In wireless
networks, the physical medium we use for communication is obviously electromagnetic energy
...
How do you arrange the
equipment so that you can reach your wireless clients? Whether they fill an
office building or stretch across many miles, wireless networks are naturally
arranged in these three logical configurations: point-to-point links, pointto-multipoint links, and multipoint-to-multipoint clouds
...
Point-to-point
Point-to-point links typically provide an Internet connection where such access isn t otherwise available
...
For
example, a university may have a fast frame relay or VSAT connection in the
middle of campus, but cannot afford such a connection for an important
building just off campus
...
This can augment or even replace existing dial-up links
...
Poin
t to
poin
t lin
k
VSAT
Figure 3
...
52
Chapter 3: Network Design
Of course, once a single point-to-point connection has been made, more can
be used to extend the network even further
...
By installing another
point-to-point link at the remote site, another node can join the network and
make use of the central Internet connection
...
Suppose
you have to physically drive to a remote weather monitoring station, high in the
hills, in order to collect the data which it records over time
...
Wireless
networks can provide enough bandwidth to carry large amounts of data (including audio and video) between any two points that have a connection to
each other, even if there is no direct connection to the Internet
...
Whenever several nodes2 are talking to a central point of access,
this is a point-to-multipoint application
...
The laptops do not communicate with each other
directly, but must be in range of the access point in order to use the network
...
15: The central VSAT is now shared by multiple remote sites
...
Point-to-multipoint networking can also apply to our earlier example at the
university
...
Rather than setting up several
point-to-point links to distribute the Internet connection, a single antenna
could be used that is visible from several remote buildings
...
A node is any device capable of sending and receiving data on a network
...
Chapter 3: Network Design
53
example of a wide area point (remote site on the hill) to multipoint (many
buildings in the valley below) connection
...
Such links are possible and useful in many circumstances, but don t
make the classic mistake of installing a single high powered radio tower in
the middle of town and expecting to be able to serve thousands of clients, as
you would with an FM radio station
...
Multipoint-to-multipoint
The third type of network layout is multipoint-to-multipoint, which is also
referred to as an ad-hoc or mesh network
...
Every node on the network carries the
traffic of every other as needed, and all nodes communicate with each other
directly
...
16: A multipoint-to-multipoint mesh
...
The benefit of this network layout is that even if none of the nodes are in
range of a central access point, they can still communicate with each other
...
Extending a
mesh network is as simple as adding more nodes
...
Two big disadvantages to this topology are increased complexity and lower
performance
...
Multipoint-to-multipoint
networks tend to be difficult to troubleshoot, due to the large number of
changing variables as nodes join and leave the network
...
54
Chapter 3: Network Design
Nevertheless, mesh networks are useful in many circumstances
...
Use the technology that fits
All of these network designs can be used to complement each other in a
large network, and can obviously make use of traditional wired networking
techniques whenever possible
...
One of the clients of this access point may also act as a mesh node,
allowing the network to spread organically between laptop users who all ultimately use the original point-to-point link to access the Internet
...
802
...
Without link local
connectivity, network nodes cannot talk to each other and route packets
...
As we saw in Chapter 2, this means
that 802
...
11a radios at around 5 GHz, and
802
...
11b/g radios at around 2
...
But
an 802
...
11b/g device, since they
use completely different parts of the electromagnetic spectrum
...
If one
802
...
When two wireless cards are configured to use the same protocol on the
same radio channel, then they are ready to negotiate data link layer connectivity
...
11a/b/g device can operate in one of four possible modes:
1
...
The wireless card
creates a network with a specified name (called the SSID) and channel,
and offers network services on it
...
) Wireless cards in master mode can only communicate with cards that are
associated with it in managed mode
...
Managed mode is sometimes also referred to as client mode
...
They then present any
necessary credentials to the master, and if those credentials are accepted, they are said to be associated with the master
...
3
...
In ad-hoc mode, each wireless card communicates directly with its neighbors
...
4
...
When in monitor
mode, wireless cards transmit no data
...
Monitor mode is not used for normal communications
...
17: APs, Clients, and Ad-Hoc nodes
...
In a multipoint-to-multipoint mesh, the radios all operate in ad-hoc
mode so that they can communicate with each other directly
...
Remember that managed mode clients cannot communicate with
each other directly, so it is likely that you will want to run a high repeater site
in master or ad-hoc mode
...
Mesh networking with OLSR
Most WiFi networks operate in infrastructure mode - they consist of an access
point somewhere (with a radio operating in master mode), attached to a DSL
line or other large scale wired network
...
This topology is similar to a mobile phone
(GSM) service
...
If you
make a joke call to a friend that is sitting on the other side of the table, your
phone sends data to the base station of your provider that may be a mile away
- the base station then sends data back to the phone of your friend
...
Clients - for
example, two laptops on the same table - have to use the access point as a
relay
...
If client A and C communicate, client A sends data to the access point
B, and then the access point will retransmit the data to client C
...
11b) in our example - thus, because the
data has to be repeated by the access point before it reaches its target, the
effective speed between both clients will be only 300 kByte/sec
...
Nodes can
communicate directly as long as they are within the range of their wireless
interfaces
...
The disadvantage to ad-hoc mode is that clients do not repeat traffic destined
for other clients
...
Ad-hoc nodes do not repeat by default, but they can effectively do the same
if routing is applied
...
The more nodes, the better the radio coverage and range of the mesh
cloud
...
Access Point B will relay traffic between the two nodes
...
Ad-Hoc
(A)
Ad-Hoc
(B)
Ad-Hoc
(C)
X
Figure 3
...
In Ad-Hoc
mode, node B will not relay traffic between A and C by default
...
If the device
only uses one radio interface, the available bandwidth is significantly reduced
every time traffic is repeated by intermediate nodes on the way from A to B
...
Thus, cheap ad-hoc mesh networks can provide good radio
coverage on the last mile(s) of a community wireless network at the cost of
speed-- especially if the density of nodes and transmit power is high
...
Unfortunately, those conditions are rarely met in the real world
...
And no one wants to update several routing tables by hand if one node is added to the network
...
Popular routing protocols from the wired world (such
as OSPF) do not work well in such an environment because they are not designed to deal with lossy links or rapidly changing topology
...
org is a routing
application developed for routing in wireless networks
...
It is a open-source project that
supports Mac OS X, Windows 98, 2000, XP, Linux, FreeBSD, OpenBSD and
58
Chapter 3: Network Design
NetBSD
...
Olsrd can handle multiple
interfaces and is extensible with plug-ins
...
Note that there are several implementations of Optimized Link State Routing,
which began as an IETF-draft written at INRIA France
...
org started as a master thesis of Andreas Toennesen at UniK University
...
Olsrd now differs significantly from the original
draft because it includes a mechanism called Link Quality Extension that
measures the packet loss between nodes and calculates routes according to
this information
...
The olsrd available from olsr
...
Theory
After olsrd is running for a while, a node knows about the existence of
every other node in the mesh cloud and which nodes may be used to route
traffic to them
...
This approach to mesh routing is called proactive routing
...
There are pros and cons to proactive routing, and there are many other ideas
about how to do mesh routing that may be worth mentioning
...
Higher protocol traffic overhead and more
CPU load are among the disadvantages
...
The average CPU load caused by olsrd on a Linksys WRT54G running at 200
MHz is about 30% in the Berlin mesh
...
Maintaining routes in a mesh
cloud with static nodes takes less effort than a mesh with nodes that are constantly in motion, since the routing table has to be updated less often
...
Every node computes a statistic how many 'Hellos' have been lost or received from each neighbor -
Chapter 3: Network Design
59
thereby gaining information about the topology and link quality of nodes in
the neighborhood
...
The concept of multipoint relays is a new idea in proactive routing that came
up with the OLSR draft
...
Such transmissions
are redundant if a node has many neighbors
...
Note that multipoint relays are only chosen for the purpose
of forwarding TC messages
...
Two other message types exist in OLSR that announce information: whether
a node offers a gateway to other networks (HNA messages) or has multiple
interfaces (MID messages)
...
HNA messages make olsrd very
convenient when connecting to the Internet with a mobile device
...
However, olsrd is by
no means bullet proof
...
The pseudo-gateway is a
black hole
...
The plugin will automatically detect at the gateway if it is actually connected
and whether the link is still up
...
It is highly recommended to build and use this plugin instead of statically enabling HNA messages
...
Installation packages are available for OpenWRT, AccessCube,
Mac OS X, Debian GNU/Linux and Windows
...
If you have to compile from source, please read the documentation that is shipped with the source package
...
First of all, it must be ensured that every node has a unique statically assigned IP-Address for each interface used for the mesh
...
A
DHCP request will not be answered by a DHCP server if the node requesting
DHCP needs a multihop link to connect to it, and applying dhcp relay
throughout a mesh is likely impractical
...
Weniger and M
...
A wiki-page where every interested person can choose an individual IPv4 address for each interface the olsr daemon is running on may serve the purpose
quite well
...
The broadcast address should be 255
...
255
...
There is no reason to enter the broadcast address
explicitly, since olsrd can be configured to override the broadcast addresses
with this default
...
Olsrd can do this on its own
...
Here is an example command how to
configure a WiFi card with the name wlan0 using Linux:
iwconfig wlan0 essid olsr
...
Make
sure the interface joins the same wireless channel, uses the same wireless
network name ESSID (Extended Service Set IDentifier) and has the same
Cell-ID as all other WiFi-Cards that build the mesh
...
11 standard for ad-hoc networking and may fail miserably to connect to a cell
...
They may even confuse other cards that
behave according to the standard by creating their own Cell-ID on the same
channel with the same wireless network name
...
You can check this out with the command iwconfig when using GNULinux
...
11b ESSID:"olsr
...
457 GHz Cell: 02:00:81:1E:48:10
Bit Rate:2 Mb/s
Sensitivity=1/3
Retry min limit:8
RTS thr=250 B
Fragment thr=256 B
Encryption key:off
Power Management:off
Link Quality=1/70 Signal level=-92 dBm Noise level=-100 dBm
Rx invalid nwid:0 Rx invalid crypt:28 Rx invalid frag:0
Tx excessive retries:98024 Invalid misc:117503 Missed beacon:0
It is important to set the 'Request To Send' threshold value RTS for a mesh
...
RTS/CTS
adds a handshake before each packet transmission to make sure that the
channel is clear
...
The RTS threshold value must be smaller than the IP-Packet size and the
'Fragmentation threshold' value - here set to 256 - otherwise it will be disabled
...
Fragmentation allows to split an IP packet in a burst of smaller fragments transmitted on the medium
...
Mesh networks are very noisy because nodes use the same channel and therefore transmissions are likely to interfere with each other
...
Setting fragmentation threshold is recommended
...
For Mac OS-X and Windows there are nice GUI's for configuration and monitoring
of the daemon available
...
On BSD and Linux
the configuration file /etc/olsrd
...
A simple olsrd
...
These are
some essential settings that should be checked
...
so
...
3"
{
PlParam
"Interval"
"60"
PlParam
"Ping"
"151
...
1
...
25
...
129"
}
Interface "ath0" "wlan0" {
Ip4Broadcast 255
...
255
...
conf, but these basic
options should get you started
...
You can see what olsrd does and monitor
how well the links to your neighbors are
...
The output should look something like this:
--- 19:27:45
...
168
...
1:1
...
168
...
3:1
...
51 ------------------------------------------------ LINKS
IP address
192
...
120
...
168
...
3
hyst
0
...
000
LQ
1
...
000
lost
0
0
total
20
20
NLQ
1
...
000
ETX
1
...
00
--- 19:27:45
...
168
...
1
192
...
120
...
000
1
...
000
1
...
51 --------------------------------------------- TOPOLOGY
Source IP addr
192
...
120
...
168
...
3
Dest IP addr
192
...
120
...
168
...
17
LQ
1
...
000
ILQ
1
...
000
ETX
1
...
00
Using OLSR on Ethernet and multiple interfaces
It is not necessary to have a wireless interface to test or use olsrd - although
that is what olsrd is designed for
...
WiFiinterfaces don't have to operate always in ad-hoc mode to form a mesh when
mesh nodes have more than one interface
...
Many WiFi
cards and drivers are buggy in ad-hoc mode, but infrastructure mode works
fine - because everybody expects at least this feature to work
...
With the rising popularity of mesh
networks, the driver situation is improving now
...
They just connect antennas to their WiFi cards,
connect cables to their Ethernet cards, enable olsrd to run on all computers
and all interfaces and fire it up
...
Clearly it is not necessary to send 'Hello' messages on a wired interface every two seconds - but it
works
...
In fact the idea of having a protocol that does everything for newbies that
want to have a small to medium sized routed LAN is very appealing
...
Check out the olsr
...
Here a little HOWTO for the network topology visualization
plugin olsrd_dot_draw
...
254
...
4
1
...
11
1
...
18
1
...
00
1
...
00
1
...
11
169
...
23
...
06
1
...
00
1
...
06
1
...
254
...
161
1
...
00
169
...
23
...
39
1
...
11
HNA
1
...
11
10
...
3
...
00
169
...
3
...
13
1
...
13
1
...
00
3
...
11
169
...
243
...
15
...
2
HNA
0
...
0
...
0
...
0
10
...
2
...
00
10
...
25
...
00
1
...
15
...
1
10
...
25
...
19: An automatically generated OLSR network topology
...
olsrd_dot_draw outputs
the topology in the dot file format on TCP port 2004
...
Installing the dot_draw Plugin
Compile the olsr plugins separately and install them
...
conf
...
The parameter "port" specifies the TCP port
...
so
...
3"
{
PlParam "accept" "192
...
0
...
Now you can save the output graph descriptions and run the tools dot or
neato form the graphviz package to get images
...
First install the following packages on your workstation:
• graphviz, http://www
...
org/
• ImageMagick, http://www
...
org/
Download the script at: http://meshcube
...
pl
Now you can start the script with
...
pl and view
the topology updates in near-realtime
...
This works because the large
netmasks effectively make every node link-local, so routing issues are sidestepped at the first hop
...
Most headaches people face with WiFi in Ad-Hoc mode are
caused by the fact that the ad-hoc mode in drivers and cards are implemented
sloppily
...
If the machines can ping each other, but olsrd doesn't find routes, then the
IP-addresses, netmask and broadcast address should be checked
...
Chapter 3: Network Design
65
Estimating capacity
Wireless links can provide significantly greater throughput to users than traditional Internet connections, such as VSAT, dialup, or DSL
...
It is important to understand that a wireless device s listed speed (the data rate) refers to the rate at which the radios can
exchange symbols, not the usable throughput you will observe
...
11g link may use 54 Mbps radios, but it will only provide up
to 22 Mbps of actual throughput
...
11g protocol
...
22 Mbps means
that in any given second, up to 22 megabits can be sent from one end of the
link to the other
...
Since the data can t be sent immediately, it is put in a queue, and transmitted as quickly as possible
...
The time that it takes for data to traverse a link is
called latency, and high latency is commonly referred to as lag
...
How much throughput will your users really need? It depends on how many
users you have, and how they use the wireless link
...
Application
BW / User
Notes
Text messaging / IM
< 1 kbps
As traffic is infrequent and asynchronous,
IM will tolerate high latency
...
Large
attachments, viruses, and spam significantly add to bandwidth usage
...
Web browsing
50 - 100+
kbps
Web browsers only use the network when
data is requested
...
As web browsers request more
data (large images, long downloads, etc
...
66
Chapter 3: Network Design
Application
BW / User
Notes
Streaming audio
96 - 160
kbps
Each user of a streaming audio service will
use a constant amount of relatively large
bandwidth for as long as it plays
...
But extended
periods of lag will cause audio “skips” or
outright session failures
...
But with VoIP,
the bandwidth is used roughly equally in
both directions
...
Lag greater than a few milliseconds is unacceptable for VoIP
...
Streaming video requires high
throughput and low latency to work properly
...
)
0 - infinite
Mbps
While peer to peer applications will tolerate
any amount of latency, they tend to use up
all available throughput by transmitting data
to as many clients as possible, as quickly
as possible
...
To estimate the necessary throughput you will need for your network, multiply the expected number of users by the sort of application they will probably use
...
5 to 5 Mbps or more of throughput at peak times, and will tolerate some latency
...
Since 802
...
Your wireless links must
provide that capacity every second, or conversations will lag
...
Oversubscribing by a factor of 2 to 5 is quite common
...
By carefully monitoring throughput throughout your
network, you will be able to plan when to upgrade various parts of the network, and how much additional resources will be needed
...
As we ll see at the end of this chapter,
using bandwidth shaping techniques can help mitigate some latency problems
...
To get a feeling for the lag felt on very slow connections, the ICTP has put
together a bandwidth simulator
...
This demonstration
gives you an immediate understanding of how low throughput and high latency reduce the usefulness of the Internet as a communications tool
...
ictp
...
it/simulator/
Link planning
A basic communication system consists of two radios, each with its associated antenna, the two being separated by the path to be covered
...
Determining if the link is feasible is a process called link budget calculation
...
Calculating the link budget
The power available in an 802
...
It is expressed in milliwatts or in dBm
...
TX power is often dependent on
the transmission rate
...
Online databases such as the one provided by SeattleWireless
(http://www
...
net/HardwareComparison) may help
...
Antennas are passive devices that create the effect of amplification by virtue of their physical shape
...
So a 12 dBi antenna is simply
68
Chapter 3: Network Design
a 12 dBi antenna, without specifying if it is in transmission or reception
mode
...
• Minimum Received Signal Level, or simply, the sensitivity of the receiver
...
The minimum RSL is
dependent upon rate, and as a general rule the lowest rate (1 Mbps) has
the greatest sensitivity
...
Like TX power, the RSL specifications should be provided by the
manufacturer of the equipment
...
Some of the signal s energy is lost in the cables, the connectors and other devices, going from the radios to the antennas
...
Signal loss for short
coaxial cables including connectors is quite low, in the range of 2-3 dB
...
When calculating the path loss, several effects must be considered
...
Signal power is diminished by geometric spreading of the wavefront, commonly
known as free space loss
...
This is independent from the environment, depending only on the distance
...
Using decibels to express the loss and using 2
...
The second contribution to the path loss is given by attenuation
...
Attenuation can vary greatly depending upon the structure of the object the
signal is passing through, and it is very difficult to quantify
...
For example, experience shows that trees add 10 to
20 dB of loss per tree in the direct path, while walls contribute 10 to 15 dB
depending upon the construction
...
Some of the RF energy reaches the receiving antenna directly,
Chapter 3: Network Design
69
while some bounces off the ground
...
Since the reflected signal has a
longer way to travel, it arrives at the receiving antenna later than the direct signal
...
In some cases reflected signals add together and cause no problem
...
In some cases, the signal
at the receiving antenna can be zeroed by the reflected signals
...
There is a simple technique that is used to deal
with multipath, called antenna diversity
...
Multipath is in fact a very location-specific phenomenon
...
If there are two antennas, at least one of them should
be able to receive a usable signal, even if the other is receiving a distorted
one
...
The signal is thus received through only one antenna at a time
...
The distortion given by multipath degrades
the ability of the receiver to recover the signal in a manner much like signal
loss
...
The exponent tends to increase with the range in an environment
with a lot of scattering
...
When free space loss, attenuation, and scattering are combined, the path loss is:
L(dB) = 40 + 10*n*log(r) + L(allowed)
For a rough estimate of the link feasibility, one can evaluate just the free
space loss
...
The environment is in fact a
very important factor, and should never be neglected
...
Note that when performing
this calculation, you should only add the TX power of one side of the link
...
Adding up all the gains and subtracting all the losses gives
+
+
-
TX Power Radio 1
Antenna Gain Radio
Cable Losses Radio
Antenna Gain Radio
Cable Losses Radio
= Total Gain
1
1
2
2
70
Chapter 3: Network Design
Subtracting the Path Loss from the Total Gain:
Total Gain
- Path Loss
= Signal Level at one side of the link
If the resulting signal level is greater than the minimum received signal level,
then the link is feasible! The received signal is powerful enough for the radios
to use it
...
On a given path, the variation
in path loss over a period of time can be large, so a certain margin (difference between the signal level and the minimum received signal level) should
be considered
...
A margin of 10
to 15 dB is fine
...
Once you have calculated the link budget in one direction, repeat the calculation for the other direction
...
Example link budget calculation
As an example, we want to estimate the feasibility of a 5 km link, with one
access point and one client radio
...
The transmitting power of the AP is 100mW (or
20 dBm) and its sensitivity is -89 dBm
...
The cables are short, with
a loss of 2dB at each side
...
There is only 9 dB of margin (82 dB - 73 dB) which will
likely work fine in fair weather, but may not be enough to protect against extreme weather conditions
...
So our received signal level on the access point side is:
35 dB - 113 dB = -78 dB
Since the receive sensitivity of the AP is -89dBm, this leaves us 11dB of fade
margin (89dB - 78dB)
...
By using a 24dBi dish on the client side rather than a 14dBi sectorial antenna, you will get an additional 10dBi of gain on both directions of
the link (remember, antenna gain is reciprocal)
...
Online tools can be used to calculate the link budget
...
athenet
...
main
...
The Super Edition generates a PDF file containing the Fresnel zone and
radio path graphs
...
The Terabeam website also has excellent calculators available online
(http://www
...
com/support/calculations/index
...
72
Chapter 3: Network Design
Tables for calculating link budget
To calculate the link budget, simply approximate your link distance, then fill in
the following tables:
Free Space Path Loss at 2
...
Antenna Gain:
Radio 1 Antenna
+ Radio 2 Antenna
= Total Antenna Gain
Losses:
Radio 1 +
Cable Loss (dB)
Radio 2 +
Cable Loss (dB)
Link Budget for Radio 1
Radio 1 TX
Power
+ Antenna
Gain
Free Space
Path Loss (dB)
= Total Loss
(dB)
Radio 2:
- Total Loss
= Signal
> Radio 2
Sensitivity
Chapter 3: Network Design
Link Budget for Radio 2
Radio 2 TX
Power
+ Antenna
Gain
73
Radio 1:
- Total Loss
= Signal
> Radio 1
Sensitivity
If the received signal is greater than the minimum received signal strength in
both directions of the link, as well as any noise received along the path, then
the link is possible
...
In addition to calculating free space loss, these tools will take many other relevant factors into
account as well (such as tree absorption, terrain effects, climate, and even
estimating path loss in urban areas)
...
Interactive design CGIs
The Green Bay Professional Packet Radio group (GBPRR) has made a variety of very useful link planning tools available for free online
...
qsl
...
html
...
We will look at the first tool, Wireless Network Link Analysis, in detail
...
athenet
...
main
...
To begin, enter the channel to be used on the link
...
If you don t know the frequency, consult the table in Appendix B
...
The difference in the ultimate result is minimal, so feel free to use the center frequency instead
...
Next, enter the details for the transmitter side of the link, including the transmission line type, antenna gain, and other details
...
You can also enter the antenna height and
elevation for this site
...
For calculating Fresnel zone clearance, you will need to use
GBPRR s Fresnel Zone Calculator
...
Enter all available data in the appropriate fields
...
Enter as much data as you know or can estimate
...
Now, click the Submit button for a detailed report about the proposed link
...
These numbers are all completely theoretical, but will give
you a rough idea of the feasibility of the link
...
In addition to the basic link analysis tool, GBPRR provides a “super edition”
that will produce a PDF report, as well as a number of other very useful tools
(including the Fresnel Zone Calculator, Distance & Bearing Calculator, and
Decibel Conversion Calculator to name just a few)
...
RadioMobile
Radio Mobile is a tool for the design and simulation of wireless systems
...
It is public domain software that
runs on Windows, or using Linux and the Wine emulator
...
It automatically builds a profile between two points in the digital map showing
the coverage area and first Fresnel zone
...
It is possible to create networks of different topologies, including net master/
slave, point-to-point, and point-to-multipoint
...
It works for
systems having frequencies from 100 kHz to 200 GHz
...
DEMs do not show coastlines or other readily identifiable
landmarks, but they can easily be combined with other kinds of data (such as
aerial photos or topographical charts) in several layers to obtain a more useful
and readily recognizable representation
...
The digital elevation maps can be merged with
Chapter 3: Network Design
75
scanned maps, satellite photos and Internet map services (such as Google
Maps) to produce accurate prediction plots
...
20: Link feasibility, including Fresnel zone and line of sight estimate, using
RadioMobile
...
cplus
...
html
RadioMobile under Linux
Radio Mobile will also work using Wine under Ubuntu Linux
...
We were able to make Radio Mobile work with Linux using the following environment:
• IBM Thinkpad x31
• Ubuntu Breezy (v5
...
ubuntu
...
cplus
...
html
...
EXE file under Linux)
...
DLL file from a Windows machine that already has the Visual
Basic 6 run-time environment installed, or simply Google for
MSVBVM60
...
Now continue with step 2 at from the above URL, making sure to unzip the
downloaded files in the same directory into which you have placed the downloaded DLL file
...
76
Chapter 3: Network Design
Finally, you can start Wine from a terminal with the command:
# wine RMWDLX
...
Avoiding noise
The unlicensed ISM and U-NII bands represent a very tiny piece of the
known electromagnetic spectrum
...
Cordless phones, analog video senders, Bluetooth, baby monitors,
and even microwave ovens compete with wireless data networks for use of
the very limited 2
...
These signals, as well as other local wireless
networks, can cause significant problems for long range wireless links
...
ch
...
1
ch
• Increase antenna gain on both sides of a point-to-point link
...
Two high gain dishes that are pointed at
each other will reject noise from directions that are outside the path of the
link
...
ch
...
6
1
...
1
An omnidirectional antenna receives
noise from all directions
Multiple sectorial antennas help to mitigate noise
and add additional bandwidth
Figure 3
...
multiple sectorials
...
By making use of
several sectorial antennas, you can reduce the overall noise received at a
distribution point
...
Chapter 3: Network Design
77
• Don t use an amplifier
...
Amplifiers also cause interference
problems for other nearby users of the band
...
Remember that 802
...
Perform a site survey, and
select a channel that is as far as possible from existing sources of interference
...
) If your
link suddenly has trouble sending packets, you may need to perform another site survey and pick a different channel
...
Keep your point-to-point links as short as possible
...
If you can break that link into
two or three shorter hops, the link will likely be more stable
...
• If possible, use 5
...
While
this is only a short term solution, there is currently far more consumer
equipment installed in the field that uses 2
...
Using 802
...
4 GHz to 5
...
If you can find it, some old 802
...
Other technologies, such as Ronja (http://ronja
...
com/) use optical technology for short distance, noise-free links
...
There are places where all
available unlicensed spectrum is effectively used
...
For long distance point-to-point links that
require very high throughput and maximum uptime, this is certainly an option
...
To identify sources of noise, you need tools that will show you what is happening
in the air at 2
...
We will see some examples of these tools in Chapter 6
...
Terrestrial microwave systems simply
cannot tolerate large hills, trees, or other obstacles in the path of a long distance link
...
78
Chapter 3: Network Design
But even if there is a mountain between two points, remember that obstacles
can sometimes be turned into assets
...
Repeaters are nodes that are configured to rebroadcast traffic that is not destined for the node itself
...
In a
traditional infrastructure network, nodes must be configured to pass along
traffic to other nodes
...
When using a single radio
(called a one-arm repeater), overall efficiency is slightly less than half of the
available bandwidth, since the radio can either send or receive data, but
never both at once
...
A repeater with two (or more) radio cards can operate
all radios at full capacity, as long as they are each configured to use nonoverlapping channels
...
Repeaters can be purchased as a complete hardware solution, or easily assembled by connecting two or more wireless nodes together with Ethernet cable
...
11 technology, remember that
nodes must be configured for master, managed, or ad-hoc mode
...
But depending on your network layout,
one or more devices may need to use ad-hoc or even client mode
...
22: The repeater forwards packets over the air between nodes that have no
direct line of sight
...
For example, there may be buildings in your path, but those buildings contain people
...
If the
building owner isn t interested, tenants on high floors may be able to be persuaded to install equipment in a window
...
Rather
than using a direct link, try a multi-hop approach to avoid the obstacle
...
23: No power was available at the top of the hill, but it was circumvented by
using multiple repeater sites around the base
...
If there is a high site available in a different direction, and that site can see
beyond the obstacle, a stable link can be made via an indirect route
...
24: Site D could not make a clean link to site A or B, since site C is in the
way and is not hosting a node
...
Note that traffic from node D actually travels further
away from the rest of the network before the repeater forwards it along
...
This idea says that no matter who you are looking for, you need only contact
five intermediaries before finding the person
...
Traffic optimization
Bandwidth is measured as the amount of bits transmitted over a time interval
...
Unfortunately, for any given period of time, the bandwidth provided by
any given network connection is not infinite
...
Of
course, human users are not as patient as computers, and are not willing to
80
Chapter 3: Network Design
wait an infinite amount of time for their information to traverse the network
...
You will significantly improve response time and maximize available throughput by eliminating unwanted and redundant traffic from your network
...
For a more thorough discussion of the complex subject of bandwidth optimization, see the free book
How to Accelerate Your Internet (http://bwmo
...
Web caching
A web proxy server is a server on the local network that keeps copies of recently retrieved or often used web pages, or parts of pages
...
This results in significantly faster web access in
most cases, while reducing overall Internet bandwidth usage
...
The apparent loading of web pages is also affected
...
In a network with a proxy server,
there could be a delay when nothing seems to happen, and then the page
will load almost at once
...
The overall time it takes to load the whole page might
take only ten seconds (whereas without a proxy server, it may take 30
seconds to load the page gradually)
...
It
is usually the task of the network administrator to deal with user perception issues like these
...
commonly used software packages:
These are the most
• Squid
...
It is
free, reliable, easy to use and can be enhanced (for example, adding content filtering and advertisement blocking)
...
In most cases, it is easier to install as part of the distribution than to download it from
Chapter 3: Network Design
81
http://www
...
org/ (most Linux distributions such as Debian, as
well as other versions of Unix such as NetBSD and FreeBSD come with
Squid)
...
deckle
...
za/squid-users-guide/
...
0
...
It is nonetheless used by some institutions, although it should perhaps not
be considered for new installations
...
ISA server is a very good proxy server program,
that is arguably too expensive for what it does
...
It produces its own
graphical reports, but its log files can also be analyzed with popular
analyzer software such as Sawmill (http://www
...
net/)
...
For example, a default installation can easily
consume more bandwidth than the site has used before, because popular pages with short expiry dates (such as news sites) are continually
being refreshed
...
ISA
Server can also be tied to content filtering products such as WebSense
...
microsoft
...
isaserver
...
Preventing users from bypassing the proxy server
While circumventing Internet censorship and restrictive information access
policy may be a laudable political effort, proxies and firewalls are necessary
tools in areas with extremely limited bandwidth
...
Te c h n i q u e s f o r b y p a s s i n g a p r o x y s e r v e r c a n b e f o u n d a t
http://www
...
com/
...
To enforce use of the caching proxy, you might consider simply setting up a
network access policy and trusting your users
...
In this case the administrator typically uses one of the following techniques:
• Not giving out the default gateway address through DCHP
...
Once that happens, word tends to spread about how to bypass the proxy
...
This is very useful for configuring the
correct proxy server settings for Internet Explorer on all computers in the
domain, but is not very useful for preventing the proxy from being bypassed, because it depends on a user logging on to the NT domain
...
• Begging and fighting with users
...
Internet
Router
PC
PC
PC
Proxy Server
Figure 3
...
The only way to ensure that proxies cannot be bypassed is by using the correct network layout, by using one of the three techniques described below
...
The firewall can be configured to allow only the
proxy server to make HTTP requests to the Internet
...
26
...
If it only blocks access from the campus LAN to port 80
on web servers, there will be ways for clever users to find ways around it
...
Chapter 3: Network Design
83
Internet
Proxy Server
Direct access is
forbidden
by the firewall
PC
Proxy server is
granted full access
Firewall
x
PC
PC
Figure 3
...
Two network cards
Perhaps the most reliable method is to install two network cards in the proxy
server and connect the campus network to the Internet as shown below
...
Internet
Proxy server
Figure 3
...
84
Chapter 3: Network Design
The proxy server in this diagram should not have IP forwarding enabled, unless the administrators knows exactly what they want to let through
...
Using a transparent proxy means that users web
requests are automatically forwarded to the proxy server, without any need to
manually configure web browsers to use it
...
For more details about configuring a transparent proxy with Squid, see:
• http://www
...
org/Doc/FAQ/FAQ-17
...
org/HOWTO/TransparentProxy
...
The Cisco router transparently directs web requests to the
proxy server
...
The advantage
of this method is that, if the proxy server is down, the policy routes can be
temporarily removed, allowing clients to connect directly to the Internet
...
This is something
that might be considered for important websites that are of particular interest
to the organization or that are very popular with web users
...
For example, if the site that is
mirrored contains CGI scripts or other dynamic content that require interactive input from the user, this would cause problems
...
If someone registers
online on a mirrored server (and the mirrored script works), the organizers of
the site will not have the information that the person registered
...
If the site runs rsync, the site
could be mirrored using rsync
...
If the remote web server is not running rsync, the recommended software to use is a program called wget
...
A Windows version can be found at
http://xoomer
...
it/hherold/, or in the free Cygwin Unix tools package
(http://www
...
com/)
...
• Mirror the website using the command:
wget --cache=off -m http://www
...
org
The mirrored website will be in a directory www
...
org
...
Set up the local DNS server to fake an entry for this
site
...
(This is advisable in any case, because a local
caching DNS server speeds up web response times)
...
This method has been described by J
...
Eksteen and J
...
L
...
In this paper (available at
http://www
...
org/inet97/ans97/cloet
...
Instead of writing the retrieved
pages onto the local disk, the mirror process discards the retrieved
pages
...
By using the proxy as intermediary,
the retrieved pages are guaranteed to be in the cache of the proxy as if a
client accessed that page
...
This process can be run in off-peak times in order to maximize bandwidth utilization and not to compete with other access activities
...
wget --proxy-on --cache=off --delete after -m http://www
...
org
These options enable the following:
86
Chapter 3: Network Design
• -m: Mirrors the entire site
...
python
...
• --proxy-on: Ensures that wget makes use of the proxy server
...
• --cache=off: Ensures that fresh content is retrieved from the Internet, and
not from the local proxy server
...
The mirrored content remains in
the proxy cache if there is sufficient disk space, and the proxy server caching parameters are set up correctly
...
When using this tool, Squid should be configured with sufficient disk space to contain all the pre-populated sites and
more (for normal Squid usage involving pages other than the pre-populated
ones)
...
However, this technique can only be used with a
few selected sites
...
Cache hierarchies
When an organization has more than one proxy server, the proxies can share
cached information among them
...
Inter-Cache Protocol (ICP) and Cache Array Routing Protocol (CARP) can share cache information
...
Squid supports both protocols, and MS ISA Server supports CARP
...
sourceforge
...
html
...
Proxy specifications
On a university campus network, there should be more than one proxy
server, both for performance and also for redundancy reasons
...
Disk performance is important,
therefore the fastest SCSI disks would perform best (although an IDE based
cache is better than none at all)
...
It is also recommended that a separate disk be dedicated to the cache
...
Squid is designed to use as much RAM as it can
get, because when data is retrieved from RAM it is much faster than when it
Chapter 3: Network Design
87
comes from the hard disk
...
Therefore, if there is 50 GB of disk space allocated to caching, Squid will require
500 MB extra memory
...
• Another 256 MB should be added for other applications and in order that
everything can run easily
...
Memory is thousands of times faster than a hard
disk
...
But they use the page file as an extra
memory area when they don't have enough RAM
...
Just like a proxy
server that caches popular web pages for a certain time, DNS addresses are
cached until their time to live (TTL) expires
...
Of course, client computers must be configured to use the caching-only name server as their DNS server
...
DNS servers that are authoritative for a domain also act
as cache name-address mappings of hosts resolved by them
...
When Bind is installed and running, it will act as a caching server (no further
configuration is necessary)
...
Installing from a package is usually the easiest
method
...
88
Chapter 3: Network Design
dnsmasq
One alternative caching DNS server is dnsmasq
...
thekelleys
...
uk/dnsmasq/
...
Updates can be made to zone data without
even restarting the service
...
It is very lightweight, stable,
and extremely flexible
...
Windows NT
To install the DNS service on Windows NT4: select Control Panel Network
Services
Add
Microsoft DNS server
...
Configuring a caching-only server in NT is described in
Knowledge Base article 167234
...
Click
on DNS in the menu, select New Server, and type in the IP address of
your computer where you have installed DNS
...
"
Windows 2000
Install DNS service: Start
Settings
Control Panel
Add/Remove Software
...
Then start the
DNS MMC (Start
Programs
Administrative Tools
DNS) From the Action menu select "Connect To Computer
...
If there is a
...
It is certainly not
...
[dot] for anything to work
...
There is more than one
way to do split DNS; but for security reasons, it's recommended that you
have two separate internal and external content DNS servers (each with different databases)
...
This is achieved
by having two zones on two different DNS servers for the same domain
...
For example, in the network below the user on the Makerere
campus gets http://www
...
ac
...
16
...
21, whereas
a user elsewhere on the Internet gets it resolved to 195
...
16
...
The DNS server on the campus in the above diagram has a zone file for
makerere
...
ug and is configured as if it is authoritative for that domain
...
The DNS records for the campus DNS server would look like this:
makerere
...
ug
www CNAME
ftp CNAME
mail CNAME
mailserver
webserver
ftpserver
webserver
...
ac
...
makerere
...
ug
exchange
...
ac
...
16
...
21
A
172
...
16
...
16
...
21
But there is another DNS server on the Internet that is actually authoritative
for the makerere
...
ug domain
...
ac
...
171
...
13
ftp A 195
...
16
...
132
...
21
MX mail
...
ac
...
An African ISP
might, for example, host websites on behalf of a university but also mirror
those same websites in Europe
...
When visitors from other countries access that website,
they get the IP address of the mirrored web server in Europe
...
This is becoming an attractive solution, as web hosting close to the Internet backbone has become very cheap
...
11g wireless gear
...
But if your primary Internet connection is through a VSAT link, you will encounter some performance issues if you rely on default TCP/IP parameters
...
TCP/IP factors over a satellite connection
t er
me
ilo
0K
ilo
t er
s
35
me
0K
,00
,00
35
s
A VSAT is often referred to as a long fat pipe network
...
Most Internet connections in Africa and
other parts of the developing world are via VSAT
...
The high latency in satellite networks is due to the
long distance to the satellite and the constant speed of light
...
Thousands of Kilometers
Figure 3
...
The factors that most significantly impact TCP/IP performance are long RTT,
large bandwidth delay product, and transmission errors
...
These implementations
support the RFC 1323 extensions:
Chapter 3: Network Design
91
• The window scale option for supporting large TCP window sizes (larger
than 64KB)
...
• Timestamps for calculating appropriate RTT and retransmission timeout
values for the link in use
...
TCP
uses the slow-start mechanism at the start of a connection to find the appropriate TCP/IP parameters for that connection
...
This drastically decreases the throughput of short-duration TCP connections
...
Furthermore, when packets are lost, TCP enters the congestion-control phase,
and owing to the higher RTT, remains in this phase for a longer time, thus reducing the throughput of both short- and long-duration TCP connections
...
Because of the high latency of the satellite link, the
bandwidth-delay product is large
...
An acknowledgment is
usually required for all incoming data on a TCP/IP connection
...
This amount of data is called the TCP window size
...
On satellite networks, the value of the bandwidth-delay product is important
...
If the largest window size allowed is 64KB, the maximum theoretical throughput achievable via satellite is (window size) / RTT, or
64KB / 520 ms
...
Each TCP segment header contains a field called advertised window,
which specifies how many additional bytes of data the receiver is prepared to
accept
...
92
Chapter 3: Network Design
The sender is not allowed to send more bytes than the advertised window
...
This buffer size has a maximum value of 64KB in most modern
TCP/IP implementations
...
Transmission errors
In older TCP/IP implementations, packet loss is always considered to have
been caused by congestion (as opposed to link errors)
...
Because of the long RTT value, once this
congestion-control phase is started, TCP/IP on satellite links will take a
longer time to return to the previous throughput level
...
To overcome this limitation, mechanisms such as Selective
Acknowledgment (SACK) have been developed
...
The Microsoft Windows 2000 TCP/IP Implementation Details White Paper states
"Windows 2000 introduces support for an important performance feature known as Selective Acknowledgment (SACK)
...
"
SACK has been a standard feature in Linux and BSD kernels for quite some time
...
Implications for universities
If a site has a 512 kbps connection to the Internet, the default TCP/IP settings are likely sufficient, because a 64 KB window size can fill up to
984 kbps
...
What these factors really imply is that they
prevent a single machine from filling the entire bandwidth
...
But if,
for example, there are large scheduled downloads at night, the administrator
might want those downloads to make use of the full bandwidth, and the "long
fat pipe network" factors might be an obstacle
...
Administrators might consider taking steps to ensure that the full bandwidth
can be achieved by tuning their TCP/IP settings
...
For more information, see http://www
...
edu/networking/perf_tune
...
Performance-enhancing proxy (PEP)
The idea of a Performance-enhancing proxy is described in RFC 3135 (see
http://www
...
org/rfc/rfc3135), and would be a proxy server with a large
disk cache that has RFC 1323 extensions, among other features
...
That PEP, and the one at the
satellite provider, communicate using a different TCP session or even their
own proprietary protocol
...
In this way, the TCP session is split, and thus the link characteristics that affect protocol performance (long fat pipe factors) are overcome
(by TCP acknowledgment spoofing, for example)
...
Such a system can be built from scratch using Squid, for example, or purchased "off the shelf" from a number of vendors
...
To make the best possible use of available bandwidth, you will
need to define a good access policy, set up comprehensive monitoring and
analysis tools, and implement a network architecture that enforces desired
usage limits
...
net/)
Title: Network designation
Description: steps on how to create your own network is shown in this material
Description: steps on how to create your own network is shown in this material