Back to College: Networking

Networking has come a long way from the early days. Pre-Ethernet, there were a number of different standards - LattisNet, Token Ring and later StarLAN as well. When thin-net 10BASE2 came around, the cost of deploying Ethernet fell quite dramatically and really sealed the fate of others. I do remember seeing vampire taps on thick coax with AUI media attachment interfaces in some older buildings on my university campus - along with a Racal InterLAN Repeater. But many smaller areas used disjoint thin-net networks just for a few terminals (e.g. the library in my primary school). Fond days (or not) of Novell NetWare running on those.

I still have some old AUI gear, hubs, 10BASE2 equipment on show on my website in case anyone wants to relive some nostalgia -

• https://goughlui.com/2013/09/24/tech-flashback-synoptics-model-928-10base-t-aui-transciever-and-lattishub-2803/
• https://goughlui.com/2015/11/01/tech-flashback-ethernet-10mbits-network-interface-card-collection/
• https://goughlui.com/2013/07/28/tech-flashback-daynaport-scsilink-t/
• https://goughlui.com/2012/11/29/tech-flashback-token-ring-network-card/
• https://goughlui.com/2018/08/04/tech-flashback-ethernet-hubs-switches-netgear-ds104-skymaster-8320-030/

BOOTP hasn't been mentioned for a while now - most of the time, remote booting has settled on PXE as the "standard" which uses TFTP to transfer the images and DHCP for configuration. There was a time when RPL was also used for remote booting.

Nice to hear some guys still running static addressing - I still do that myself, especially for my servers and instruments where I don't want any address changes. The rest of the network runs DHCP - on a non-overlapping IP-range. Of course, modern people still recommend running DHCP and setting a static lease on the server - which I can do - but I've had instances where I've had to reboot a router and a device needed to renew its lease at roughly the same time resulting in broken connectivity. Static IPs are still good for limited handfuls of devices, but if you change your network architecture (i.e. new subnet for certain devices), having to manually reconfigure each can be a little annoying.

I can't draw my network since it's actually extremely complicated owing to the circumstances, but I've lately become a fan of Mikrotik gear because of all the wonderful things one can do with it (for roughly the same price of a regular consumer router). I'm making active use of VLANs, multiple WANs, multiple Virtual-APs with different encryption on each, rate-limiting queues, VPN (L2TP/PPTP) etc. It will only evolve even further as I get (finally) connected to a decent WAN service - I'm living mostly off LTE (8-100Mbit/s depending on congestion) and long-range Wi-Fi (2Mbit/s backup) at the moment, otherwise it's ADSL2+ with only ~3Mbit/s speed.

https://goughlui.com/2018/08/17/tested-vlans-in-the-home-through-dumb-switches/

It's always interesting just how complicated one can make a network, but also how useful it can become now with home automation (e.g. lighting control), VoIP, surveillance, video streaming, file/print sharing being more commonly deployed even within normal houses.

- Gough

Gough,  Please beware that VoIP phones when they lock up can take down a network. That is why my phones are located on their own subnet and their own wire. and I have IOT but it is not included on the network map as I have settled on Zigbee. Yes I had a lot of older gear and was exposed to the IBM / Hughes network run over coax. loads of fun. too bad about all of the dead players and the consolidation of the vendors.

Gough,  Please beware that VoIP phones when they lock up can take down a network. That is why my phones are located on their own subnet and their own wire. and I have IOT but it is not included on the network map as I have settled on Zigbee. Yes I had a lot of older gear and was exposed to the IBM / Hughes network run over coax. loads of fun. too bad about all of the dead players and the consolidation of the vendors.

Indeed it is possible, but for my mostly ATA-based VoIP solution, the ATA's get taken down by broadcast traffic rather than the network getting taken down by the ATAs. So many ATAs with insufficient processing power to handle a call and do web-admin at the same time (for example). Voice is now so little-used at my house that I often live with just soft-phones on my mobile devices.

Running a VLAN based system provides sufficient isolation - while they share bandwidth on the same cable, all ATA's are either 10/100Mbit/s and the trunk lines are 1Gbit/s ... so no chance of a congestion-based collapse of the rest of my network even if it does get locked-up producing a broadcast storm. The voice-only VLAN is separated from my main workstation VLAN, although I should probably introduce a separate IoT-stuff VLAN and VAP so as to better rate-limit and monitor the traffic. Whether a misbehaving device actually takes down a network or not really depends on what they do after they lock up - I've had crashed Raspberry Pis do the same thing occasionally because they were non-stop spewing malformed ARP packets out onto the network after a brown-out of the power supply. Luckily for me, I also still have all network activity lights in plain view so as to be able to make quick diagnoses when things go wrong.

Of course, with every network, misbehaving nodes are always a source of trouble - but I've not encountered many failures of the sort. In fact, network issues are so infrequent that I've (normally) not had to reboot my router more than once or twice a year (mainly due to a critical firmware patch - I tend to avoid applying minor non-specific patches to save the wear on the NAND flash and potential downtime). This is actually a great thing - I remember in the early days I'd have to do it more often as consumer gear was so flakey and suddenly wireless radios would stop working, DHCP would go down, etc.

- Gough

no not congestion, but I have seen when a phone goes nuts lock up the entire network. that is why I believe in total isolation. when phones lock up. and they share a cable remember that a VLAN is still on a wire. and will take the system down.  have encountered this problem several times, at the last place I worked,  in fact it was random and almost a weekly event. 

VLAN may be on the same wire but all my devices sit downstream of a switch port. The absolute worst they fan do is flood that particular VLAN with garbage packets that are broadcast type which consumes all resources and causes the network to appear to go down (aka broadcast storm). Only devices attached to that VLAN would really be affected - those on other VLANs won't see the storm traffic at all, so if bandwidth is not being exhausted, you can still work away as normal.

If you have per port ingress/egress limits as I have on most of my smart switches, then it is absolutely no risk as the switch will shape the traffic leaving other VLANs with enough capacity. Likewise, garbage on another VLAN will not affect it. If one tries to escape their own VLAN, this is possible as I don't filter incoming packets for VLAN tag, in which case, again, the worst a single device can do is flood the network with garbage up to its link rate (100Mbit/s), which again, will not take down the network.

There is very little a single device can do that would be more disruptive than a broadcast storm. One of which would be ARP spoofing to redirect traffic at Layer 2 which can break connectivity for devices, but again, only within a particular Ethernet broadcast domain.

Layer 1 faults are inherently protected against as switches and most hubs will partition off ports which emit overlength packets or have other media errors (incorrrct voltages, shorts, opens).

Best thing to do when the network goes down is to sniff the traffic (e.g. with Wireshark) - then you understand what is being emitted by whom and why it takes down the network. Anything less of understanding is merely a workaround. This is why when one of my RasPis fouled up the network after a nearby lightning strike caused a poeer supply brownout, I understood exactly why the network behaved as it did and who was at fault. It could just be your VoIP devices and their flaky firmware - I've not rebooted my ATA in over 180 days and it's going just fine. There was a few isolated cases where the ATA went flaky but didn't harm the network - I traced that down to a faulty 5v plug pack.

Of course, isolating the network physically is a nice way to do things if and when you can, but you lose some reconfigurability and add additional hardware into the mix. For me, cables was one of the main issues, along with cost of having N separate routers. Hence I've ended up with my complex setup, but one where I've done things like iperf3 runs on Wi-Fi on one VLAN while having separate hosts downloading over two other VLANs without seeing any major issues.

- Gough

Gough, I hate to tell you but what the hey, I have seen this mess with my own eyes. and yes they were using Cisco 2924elxn switches (lol that I sold to them) I can't remember which phones they were. switch (b) was VoIP phones and the desktops via an interconnect cable. I believe the first switch was public for there servers. I know that all of the PCs and phones were on one network they where odd and even so if your pc was 192.168.1.10 the phone was 11.  when one of the phones when down I could take an hour or so for them to fix it. LOL

You mean the desktops were wired to the "out" port on the phones? I've deployed a number of Cisco VoIP phones (for the NSW Govt no less) that had that functionality but we have never used it. I figured "daisy chaining" like that was not a good idea - especially as the older phones only had 100Mbit/s service on the network-out port. Rightly so, if the phone goes down, the out port could be very much disconnected.

Alas, I don't mind a few problems from time to time. Keeps the problem-solving part of the brain alive . When at home, I can deal with an outage or two a year - after all, my ISP's authentication servers for PPPoE/ADSL go down equally as much - last year for about 8 hours in 2x4 hour blocks during business hours. At least when things go down, I like to try and work out why, rather than do the "tried and true" troubleshooting fix of "just reboot the unit" as that often means losing valuable evidence or information that could be used to fix/isolate the problem. I've dealt with many manufacturers, submitting bug reports - some are very lazy and don't give a stuff, but some others will spin a new firmware and that helps everyone be safer and more reliable overall.

- Gough