JDPFu.com 2024

Another example of why you shouldn’t trust consumer routers. d-link

It isn’t just this specific d-link router. We’ve seen the same issues over and over and over with pretty much every non-enterprise vendor.

Plus we don’t want our devices used by crackers to DDoS Brian Krebs anymore, right?

We are Linux people. We CAN do this ourselves.

All computers have network problems from time to time. Usually everything works fine, but sometimes something goes wrong. The first step to determining what to fix is to determine where the issue lies. Below is outlined the first troubleshooting steps to determine where the problem lies.

Sometimes I lose track of all the devices on a network and need a reminder of everything that is there. Under IPv6, you won’t scan the entire subnet – it would take millions of years – but under IPv4, you still use a scan. nmap is good for this and running it with operating system finger printing goes quickly (relatively speaking).

nmap OS finger print command

$ sudo nmap -O 192.168.0.0/24

Every year or so, it is a good idea to check the WiFi networks around your home to see if your neighbors have decided to setup their WiFi on top of yours. Often, these wizard setups just pick a channel and use it without any regard for how many other access points are already on that channel or whether a channel overlaps others in use. In any WiFi location, having more than 1 access point on a channel - or even the nearby channels of the radio spectrum will reduce your bandwidth and will probably lead to dropped connections.

In the USA, there are 11 channels for 802.11b and 802.11g wireless networks to use. However, only 3 of those channels do not overlap, 1, 6, and 11. That means choosing any channel besides one of those three is to be avoided. In my neighborhood of single family homes with USA average sized lawns, I see 9 WiFi networks from my home office, one of them is mine. Here is a table created by a wireless router Wireless Site Survey function:

The FLOSS Weekly podcast did an entire episode on VirtualBox recently. There were some interesting comments in the podcast from the VBox team.

The team believes they are the closest to native for both network and storage virtualization. They recommended a number of specific NICs and how to connect to storage that does not disagree with my Improve VirtualBox Performance by almost 50% article. That was good to hear.

They talked about:

1. Oracle’s commitment to VirtualBox
2. Virtualization Overview (why, features, security, virtualized hardware, etc)
   1. Most interesting to me was that VBox supports OpenGL 2.x – that means XBMC should run in a vbox VM.
3. Differences between the OSE and PEUL licenses – what is contained in just the PEUL?
4. vboxmanage and how 3rd party folks have written some nice tools
5. Teleportation (V-Motion like) that does not require identical
6. Page-Fusion – shared memory across guest OSes (this was new to me). The intent is to support hundreds of client VMs per server.
7. Mac virtualization challenges – it works, but only on Mac hardware due to Apple DRM in hardware checks.

Anyway, find the VirtualBox specific podcast here.
A link to the show notes

By the way, if you are a dentist, FLOSS Weekly has nothing to do with teeth. FLOSS is *F*ree *L*ibre *O*pen *S*ource *S*oftware.

Sometimes a home or small business would like to extend a network without running any ethernet cables or using expensive power line methods. Many homes have an old WiFi router that is still working, but the new router still doesn’t get signal to all parts of the home or some devices do not support WiFi networking, only 100base-tx wired. By using the new WiFi router with the older WiFi router, it is possible to extend a network over WiFi and locate wired connections on the far side of the home using just the two wifi routers in bridge mode.

ISPs, Internet Service Providers, are in a tough position. They oversubscribe their networks like the phone company has been doing for 100 years. As customers use more and more of what was promised, unlimited downloads at X speed, the ISPs are getting into trouble because they don’t have enough bandwidth for everyone all the time. It is only a very few users that cause problems for the company – that’s where the new-ish abuse clauses added to your ISP agreement come in and why download limits happen. 0.5% of users fall into this abuse clause. Now, imagine your city is full of college students all using p2p and VoIP. You don’t use VoIP, but you do use p2p. Do you mind if p2p is given a lower priority so VoIP traffic can work better? Should these VoIP phone calls be given higher priority over your traffic? That’s the question of Net Neutrality.

The real issue is that prioritization often isn’t enough. When the ISP receives more traffic than they can handle, it becomes a denial of service for everyone and almost all traffic is impacted. They have 2 choices, be aggressive about closing low priority traffic (p2p) by sending RST TCP packets or let that part of their network crash. Obviously, some of you will say they need bigger pipes, but that takes months to design, then months to build and they’ve been doing that for years – it isn’t getting any better. So, do they let their network crash or be nasty to p2p traffic?

With Net Neutrality, all traffic has to be treated the same; all packets are treated with equal priority. That means that when P2P traffic ramps up, web surfing, email, VoIP, VPN traffic all need to be RST just like P2P to keep the network working. It isn’t just P2P traffic, video traffic from Hulu, Youtube, Netflix and other sources also add to the traffic. Think of all the customer phone calls to the ISP that will happen. Think of all the VoIP traffic dropped? That will create lots of calls and complaints to the FCC for action since the ISP is obviously in an agreement with the phone company to prevent VoIP providers from working. It doesn’t matter that all traffic is impacted or that the ISP is trying to reduce the impact for most of their customers. The least evil thing the ISP can do is selectively RST p2p traffic since much of that is downloading copyright material anyway. I don’t have the traffic stats, but let’s say that only 50% of p2p traffic is for copyrighted material. That’s still a bunch. BTW, I think it is much higher, perhaps 90%. There are only so many Linux users getting the latest distro legally via p2p out there. The rest is music, TV, and movies being pirated, IMHO.

This Net Neutrality thing will force ISPs to create tiers of service and lower the price for customers who accept lower tiered packages. Similarly, those users with higher traffic needs will be charged greater amounts for the privilege. I wouldn’t be surprised should all VPN access be blocked without the highest priced plan – since VPN is used for business use. I’m surprised that the big ISPs haven’t already created Full Access and Protected Access internet plans.

1. Full Access is obvious – all the internet has to offer, minus the things they already dropped like USENET.
2. Protected Access would block all inbound traffic, setup a proxy to block porn and websites that aren’t child friendly, and control which client machines can access the internet. No P2P would work, neither would VoIP or VPN. You wouldn’t be able to run any servers (which are probably illegal in your ISP contract anyway) and no game servers.
3. A further capability could be to place you behind a corporate NAT router and have corporate-like PC management. Imagine your home network as part of a huge company network with patches pushed when IT decides. It can be done today. I’ve seen companies manage over 100K users in this way. I’ve seen what happens when a virus gets in too. They shut off the network for an entire campus, perhaps 5k users, while they got control of the virus.

Some parents would pay extra for this Protected Access, even without 100% assurances that you are protected.

Full disclosure – I DO NOT work for an ISP. I have designed networks and equipment monitoring systems for an ISP.

So, is Net Neutrality a good thing when you understand these other impacts?

Update 2020 at the bottom.

Tonight I got an automated call from Comcast asking how well my recent service calls had gone. My answers got me handed over to a real person, which turned out to be a good thing.

She transferred me to a Tier 3 guy. Basically, he strongly suggested I plug the modem into a different wall jack with just a PC. He stayed on the line while I did this … My almost empty living room is the only open jack in the house … carry, carry, find cable A, B, laptop, check firewall is on … plug, reboot router. Speedtest … 22Mbps down, 3.2Mbps up. DAMN! Kewl!

a) I was using a gold plugged coax cable this time. Perhaps it was the cable in my office or the coax from outside to the office … or something else … start simple. Only 1 change at a time.

b) Take the setup back to the office … plug the identical golden coax, modem, ethernet and PC in. Speedtest … 19M/2.2M! I can live with that.

c) Swap just the coax – I’d figured that was the issue. Nope.

d) Add the router back in, unplug all but the uplink and cable to the PC – no switch 1.9M/110K up. My router? Nooooooooo! Swap the 10+ year old ethernet cable with the one I’d been using for the router/modem connection. No change.

e) Swap in 2 old routers … forget to reboot the modem so they refuse to get DHCP addresses … finally figure that out on my original 1-port linksys router circa 1998. Run speedtest. 7M/300K … it is 10 years old, so the network chips weren’t meant to get that much speed.

f) Back to my $20 Buffalo running an OSS OS with 1.9M/110K up. Turn off the SPI firewall and QoS – port filtering is still enabled. Now that I’m on a different phone system, I don’t need QoS. 32M/3.3M Yippy!!!!

Ok, so what did I learn today?
1) I’m not convinced it was the router slowing everything down. My connection has been 2M/256K for years.
2) Retighten your coax cables.
3) Swap any legacy ethernet cables.
4) Lastly, go to a simpler router config – especially if you are using QoS or any complex features.
5) I doubt any of this would have mattered 2 weeks ago, before Comcast found issues with my outside cable and put a line amp on the coax inside my home.

Obviously, those speeds are using the “speedboost” and aren’t real world “grab a Linux ISO” speeds. Still, they are impressive. The last wired test was 32M/3.3M, wireless was 7M/2M, that’s 802.11a with a 72Mbps connection.

So in 2020, after years of getting 15/2.5Mbps, I swapped in a GigE router running OPNsense and ran the a speedtest:
Download: 29.71 Mbit/s Upload: 5.96 Mbit/s
That’s a little more than the promised performance for the tier of service we get. I’m on a 25/5 plan (to my knowledge). Nothing else has been changed in any major way the last 10 yrs. Same ethernet cables. Same Coax cables, just more capable APU2 router hardware. Doubt I can get better throughput, but there is 1 more setting in the APU2 I need to check for getting full GigE speeds. To be fair, very little local traffic even hits the APU2 router at all. Local traffic is mostly on the same LAN or directly connected via dumb ethernet switches for the storage network.