<?sphp $this->text('pagetitle') ?>
 
Home of the Squeezebox™ & Transporter® network music players.

Beginners Guide To Networks

From SqueezeboxWiki

Revision as of 13:54, 28 June 2010 by Soulkeeper (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The subject of computer networks is far too big to be given full justice here: the aim for this piece is just to help new Squeezebox Server / Squeezebox users get started and to cover some of the standard questions. If you get stuck, see the various resources - the FAQ covers many networking issues. See also the forums, or of course Google!

Contents

Getting connected

Most users will have some sort of broadband (cable, ADSL, ...) connection to the Internet. If not, consider getting one now! To get the best from this, you will be wanting to download programs, access CD databases, and play Internet radio stations, none of which are pretty on a dialup connection.

If you already have a home computer network, just wire your Squeezebox Server computer into one port on the switch, your Squeezebox into another, and you should be ready to go. The Owners Guide for your Squeezebox explains what you have to do.

If you don't have a network and need some help with designing one, have a look at Network Design.

Configuring a firewall

If you're using a firewall (and you should), make sure your Squeezebox Server has access to your network.

Note that simple firewalls may not use trusted addresses. In that case, skip to the program permissions.

Most routers are set up to hand out IP addresses automatically via DHCP. Go into your router's administration web page to find out if DHCP is active and what range of IP addresses it passes out. Enter this range as a "trusted" range in your firewall.

If you've set up your router to use static IP addresses, enter the Squeezebox's static address in your firewall as a trusted address.

Then examine the program or application permissions in your firewall. Most firewalls will list programs that have previously tried to access the network. slim.exe or SqueezeCenter should be on this list if you've run it once. Make sure you set it to allow access - it may be set to "ask" or "deny" - change this to "allow". You want to set it to allow in/out access and to act as a server.

Details on configuring your firewall depends on the specific firewall you use, but the idea is always the same - allow Squeezebox Server to act as a server, give it in/out access and, if your firewall permits it, let your firewall know that your Squeezebox is a trusted device.

Wireless

Wired or wireless?

When wireless works well, its great. You have lots of flexibility about where everything goes, and a modern 54 Mbit/s network has plenty of bandwidth even for several Squeezebox streams.

However - there are lots of things that can interfere with your listening, including:

  • microwave ovens
  • cordless phones (2.4 GHz)
  • walls
  • neighbours' wireless networks

So, if "wired" is an easy option for you, take it.

Wireless options

The easiest option is to use a combined wireless switch/router, which does everything the switch/router does but adds a wireless access point (WAP) in the box. This basically puts your LAN onto the airwaves, from where you (or anyone else in range!) can pick it up.

If you already have a wired switch/router, you could as an alternative get a standalone WAP which wires into one of the switch/router ports. Network Design discusses some of the options.

Finally, as another alternative for when you can't lay wires and when normal wireless won't work, there is always powerline networking (or homeplug) - adaptors that plug into your normal household mains electricity sockets and use your electrical wiring as the network. Probably more expensive than the other options, though.

Securing Wireless

Creating a wireless network poses significant security risks. As mentioned above, it exposes your LAN and your systems to your neighbors and all passers-by. However, there are several important measures you can take to protect your network. Your WAP provides internal security mechanisms, which must be enabled and configured by you.

First, let's understand the primary mode of security in today's consumer-grade WAP security - in a nut shell, its all about encryption. Encrypting a wireless network requires the use of a secret key or phrase. This key is then used by both sides of the wireless connection to encrypt the network packets. Without the secret, others cannot meaningfully view your network traffic. The longer the secret is, the more difficult and time consuming it is to crack. ( Think of those cheap 3-digit combination bicycle locks. It only takes simple trial-and-error to crack the lock, and a skilled person can do this very quickly.) WAPs may provide the following encryption modes:

Encryption Crackability Comments
None N/A Use of no encryption allows anyone with a wireless card in the proximity of your WAP to inspect all your wireless network traffic. And without other measures, it also allows anyone access to your wireless LAN. People /will/ use insecure wireless connections, and you will be the one accountable!
WEP-40 Trivial See WEP-128 comment
WEP-64 Trivial See WEP-128 comment
WEP-128 Easy Use WPA if possible. WEP-40, WEP-64, and WEP-128 are older encryption standards, and are now considered obsolete. They have been cracked and open source software is available that can very quickly determine the secret code used to encrypt the network.
WPA-TKIP Very Difficult

WPA-TKIP is a major improvement over WEP. Squeezebox Server uses this mode when WPA-Personal is selected in the wireless setup.

WPA-AES Most Difficult TKIP has some weaknesses, and AES is considered even more unbreakable. However, AES support is optional in WPA, so not all vendors provide it, and when they do, interoperability is not guaranteed with products from other vendors.
WPA2-AES Most Difficult WPA2 requires the use of the AES encryption protocol. It is the highest form of wireless security currently available. Squeezebox uses this mode when WPA2-Personal is selected.

The minimum encryption level should be WPA-TKIP on your WAP, which requires setting WPA-Personal on your Squeezebox.

Open vs. Shared Mode

Many WAPs have the option to use Open or Shared authentication. Simplistically, this determines how a device can authenticate itself with the WAP. Open specifies that any device can authenticate itself with the WAP, whereas with Shared authentication, only those devices that are configured with the pre-shared key can authenticate.

The problem with Open mode is that there is no mechanism to ensure that wireless devices are trusted.

The problem with Shared mode is that the dialog between the WAP and device is in clear text, and hackers can use the data exchanged in this conversation to facilitate the cracking of the WEP key.

MAC address filtering

Another recommended (though sometimes controversial!) security feature is MAC/ethernet address filtering. This is a mechanism that instructs your WAP to only transmit/receive traffic from known hardware addresses. Each Ethernet device has a worldwide unique ethernet address. By configuring the exact list of Ethernet addresses you want to communicate with your WAP, you can prevent unwanted intruders. The downside of this form of filtering is that you have to manually add the ethernet address of each new system or device that will use your network.

Don't wholly rely on this, though: while it will keep out the casual hacker, its very easy for a semi-serious intruder to see the packets on your network, read the MAC address, and then "spoof" that address on his/her own gear. Maintaining the list of MAC addresses can be a pain, too, if you have lots of devices.

SSID broadcasting

Your Network Name (SSID) is simply a wireless network identifier that names your wireless network, and specifies the wireless network with which your wireless device communicates.

Many WAPs provide the ability to disable SSID broadcasts. This disables the sending of periodic wireless announcements (beacons) which inform wireless hardware that your wireless network is available. It allows for easier configuration. Some believe that by disabling SSID broadcast, additional security can be gained because other systems will not see your wireless network. This is called "security by obscurity". Since your SSID is included in other transmissions, anyone who really wants to determine the SSIDs of any nearby WAPs can easily do so. This security by obscurity enhancement is useful for preventing some intruders, but not the educated ones. Beware that disabling SSID broadcasts in some WAPs can create connectivity problems with various equipment.

Networking problems

Due to the complexity of wireless communications (despite the supposed existence of common standards) network problems do sometimes occur. In this instance, take a look at the Beginners guide to wireless network problems.

Wireless performance on Mixed B/G/N networks: Answers!

Sean Adams recently met with Rick Bahr, VP of engineering at Atheros, and was able to get clarity on a few of the questions that frequently come up here about wireless performance.

Q: Does the mere presence of an 802.11B device slow down an otherwise all-G or all-N network? A: YES This is of course already well known, although the exact implications are often misunderstood. The presence of an 802.11B device on an G or N network causes the newer devices to have to resort to some kludgy behavior to make sure that the B devices don't transmit when the G/N devices are using the airwaves, and to make sure that both the B and G/N devices can see things like beacon packets.

The exact impact on throughput is hard to estimate generally, but it will NOT "slow the whole network to 802.11B" as is often stated. There is however a significant slowdown imposed by the mere presence of a B device, even when it is not active. We (Slim) did some testing of this a couple years ago and found that usually the throughput between the G devices dropped by 30-50% (eg from 20Mbps to 10Mbps), but not nearly as low as the speed of a B-only network (5Mbps in the same environment). The theoretical maximum throughput on 802.11g is 23 Mbps without any B devices associated, and 14Mbps with.

So upgrading any 802.11B devices on your network will most definitely improve the throughput of your wireless SB3 or Transporter, along with any other G or N devices.

The above is not really new information but it was nice to get an authoritative answer that agreed with what we've found in practice. However the next answer is more interesting and contradicts some oft-stated myths that were a holdover from the 802.11B issue.

Q: Will 802.11G devices slow down an all-N network?

A: NO, except insofar as the air-time that they take when active will be at the G throughput level as opposed to the N level. I.e. the devices still each communicate at their optimal rate in each time slice.

Unlike in the 802.11B backward compatibility mode, G devices do not impose any performance-degrading behavior on N devices in order for them to be backward compatible. 802.11g devices are able to recognize the 802.11n preamble, and they play nicely in terms of knowing when one or the other is trying to transmit. The preamble tells which modulation scheme will be used, so the N devices can speak N, while G devices can speak G. They don't have to resort to "Esperanto" as with B in order to cooperate. This means that when the G device is associated but not active, it has no impact at all. When the G devices are active they will consume air time roughly in proportion to the amount of data being transferred. This air time would of course be at the G rate as opposed to the N rate, so in the event that the airwaves are fully saturated (eg by a local file transfer), there would be some reduction in the total Mbps achievable by all devices collectively, but there is no penalty for having the G devices associated.

  • Confusingly, this appears to conflict with what is stated elsewhere - eg
    • "Running a mix of draft 11n and 11b/g clients on the same draft 11n router will reduce speed somewhat for the draft 11n client but reduce the speed of the 11g clients by more than half." at SmallNetBuilder
    • "In mixed mode, HT protection requires that 802.11n devices send a legacy preamble, followed by an HT preamble ... These HT protection mechanisms significantly reduce an 802.11n WLAN's throughput, but they are necessary to avoid collisions between older 802.11a/b/g devices and newer 802.11n devices." at TechTarget ANZ

Q: Is having a (draft) 802.11N access point advantageous, even if most or all clients on the network are 802.11G?

A: YES, primarily because 802.11N radios have the benefit of more sophisticated multipath reception capability. They can thereby extend the range and throughput available to G devices to some degree.

Q: Why do so few new devices (aside from APs) feature 802.11N?

A: Several reasons:

  • Many of these applications would not benefit at all from having higher throughput.
  • Since G plays well with N, there would be little benefit from the network's perspective.
  • N chips are more power hungry, reducing battery life
  • N chips are more expensive
  • The N standard is new and is not yet finalized

In conclusion:

  • DO: Upgrade to an 802.11N access point
  • DO: Phase out any B devices
  • DO: Turn off B compatibility in your access point to make sure.
  • DON'T: worry about G devices on your N network
  • DONT': wait for the N version of your favorite gizmo as you could be waiting a long time!

Other resources