Blog updates for networking

3.13.06

Tech Troubleshooting Tip - #1

I hate supporting NAT from the CPE my company provides. Yet, it's a necessary evil that we have to troubleshoot, so here's some help.

If you ever want to test if a NAT'd service is forwarded correctly, you can use Telnet. Not sure how well it works from a *nix box, but Windows' telnet program works well due to the way it responds to a completed connection.

For example, verifying Remote Desktop through NAT:

Open a command prompt and type:
telnet x.x.x.x 3389 (x's representing the target IP address, followed by a space before the desired port). On a positive connection, the prompt window will go "blank" for about 30 secs, then disconnect. A failed connection give an error message.

I've found this to work on TCP port 1723 as well. Nice, unintrusive way to prove connectivity.

7.26.05

Free Cisco courses

If anyone is interested, Cisco is offering free courses on different subjects. Though they are not geared towards certifications, it still offers some good information.

Cisco Learning Connection sign up.

6.22.05

m0n0wall and polling

Being the m0n0wall advocate I am, I wanted to share a pretty sweet update in the new beta release. Polling.

Polling, what's that? Well, the new beta versions of m0n0wall now run on the 4.11 kernel (the heart of this operating system) version of FreeBSD (the heart of m0n0wall) and has polling compiled into the kernel. For the sakes of being repetitive, here is a short description of what it does.

Device polling (polling for brevity) refers to a technique that lets the
operating system periodically poll devices, instead of relying on the
devices to generate interrupts when they need attention.

So, you may ask, "why is this any concern to me, the average m0n0wall user?" Well, the more time the router's CPU is spending processing interruptions, the less time it is spending processing packets: IE...less packets = lower throughput speed. Typical Interweb connections won't see this issue, but high traffic enviroments like file transfers between a LAN and DMZ can take a significant performance hit.

By enabling polling, the CPU is free(er) to simply process packets because it is scheduled to look for packets at preset intervals. My test results are as follows:

Polling disabled - ~45mbps
Polling enabled - ~75mbps


First portion was a bi-directional test. The last little bit was DMZ to LAN only.

My m0n0 boxen:
PII 350 MHz
128 meg RAM (PC100)
WAN interface - Netgear FA310-TX (dc driver)
LAN/DMZ interfaces - Dual interface Intel Pro/100 (fxp driver)

2.15.05

Another Juniper goodie

Here's another one that came in real handy today:

show route next-hop "Gateway IP of far-end router"

Doing this will return any routed subnets that point to a partictular address. Very useful if you wanted to make a list of every routed network that points to a WAN IP.

2.9.05

Two quick Juniper CLI commands

One thing I like Juniper routers is the powerful Junos CLI it has. The commands available through it make management of their routers a breeze. Here are two commands I've found invaluable for getting things done quickly.

Renaming an interface:

rename interface "interface name" to "new interface name"

While that command looks simple enough, the result is the complete transfer of the original interface's property, saving time manually rebuilding everything. On a fractional T1, though, the new interface's channel-group and timeslots will need to be built first.

Finding routed subnets:

show route 10.1.1.0/24 terse | match 10.1.1

This will return a list of every routed subnet that's part of the of 10.1.1.0/24. Very convenient if you are looking to see if an address is in use.

9.5.04

Bad time of year for DSL

My ADSL service from SBC has been a love/hate relationship. Everytime I want to like having my service, I get the dreaded sync loss...total loss of my connection. Happened around the same time last year. While this bout of sync loss hasn't been that long, it's keeps happening.

In the past, I've tried to track down causes for this loss. In the end, it's just the fact that I have an extremely long line. DSL don't like to travel down long lines. There isn't any chance of that line getting any shorter anytime soon either.

Unfortunatly, when I signed back up with SBC this year, I got in with a one year contract. So, it looks like I'm stuckwith 5 more months of a shoody connection until I can turn to other alternatives.

Who know. Maybe SBC will roll out a remote terminal or some fiber in the next few months. HA!

8.23.04

m0n0wall 1.1 final released

For those of you running m0n0wall, the new release is finally out of beta. For a list of updates, you can visit the change log here.

I've been running beta versions since 1.1b16 and has proven extremely stable for me. Those new to the changes will appreciate the new SVG real-time traffic graph (does not work on Firefox due to its poor SVG support) and the captive portal for hot-spot support. The traffic shaper now offers has a wizard to take a lot of the guess work out of setting up shaping rules.

7.31.04

Traffic shaping issue fixed (Updated)

After chasing down my slow upload issue, I decided to do some serious hunting as to why my upload wasn't what I expected. My conclusion, I didn't properly configure the traffic shaper on my firewall.

My firewall is currently set with a max upload of 300k. I do this so that when people upload a large file from my server, the rest of the network traffic (namely downloading and browsing) won't suffer such a performance hit. While lowering my upload itself doesn't make the difference, controlling the priority of ACK packets does.

ACK (acknowledgement) packets are TCP/IP packets of data that have a flag set within. This flag tells a remote server to continue to send data during a download. If you are uploading at the connection's full speed, then those ACK packets will get delayed, causing the remote server to think that the recieving end is not ready for more data. For those with asymmetrical connections, this can turn a highspeed download into a 56k nightmare.

To correct this, I'm forcing all of my upload traffic into a 300k pipe made on my firewall. That traffic is further separated by being forced into one of two queues. One for high priority traffic, the latter for normal traffic. Each queue has a "weight" also. This weight basically gives a percentage of how long each queue has access to the pipe. A 10 to 1 weight says the high priority queue has 90% greater access than the normal traffic queue.

When I set a rule to check for ACK packets, those packets now have a lower delay in being sent so the remote server will continue to send data for me to download. Simple

As far as the images below...the first one shows what a simultaneous upload and download looks like without shaping. The spikes and dips shows my download ranging from around 300k to 1300k.

With traffic shaping turned on, my upload and download were consistant. That is very desirable and should scale with increases in upload speed.

7.22.04

New server, same problem

I decided to do a complete server update tonight (this morning). I've been experiencing a large annoyance with data transfers from this site.

I have a 384kbps upload that I limit to 300kbps. No matter what I do, I can never download one (1) item at that speed. It only hovers around 220kbps. Now, if I start up two concurrent connections, then it will upload full speed. No conflicting devices and anything.

The only thing I could attribute it to is HTTP overhead. If I do a LAN transfer from a file's directory, then I will hit around 8mbps. If I "download" from my server across my LAN, then it will only do around 4mbps.

Wierd.

2.14.04

I'm Back!

Yes, I'm back on my DSL connection. The site is back as well. My stint with Charter ended almost as quickly as it started too. I missed my DSL too much. The limitations Charter had were too restrictive for my needs. And my upload increased as anticipated in a earlier post.

Things I've learned since taking this site down last Sept:

1) How to clean up the PHP code used on this site...I'll be working on that...along with a new layout!

2) How to set up a VPN connection...which I will set up to connect to my home.

3) I've been doing much more web development at my job. Having a code repository, access to it, and a personal server to develop on REALLY helps.

Ah, it feels good to be back!

9.16.03

Cable vs. DSL part 2

Now, the cable question...

During my downtime, I went and ordered a trial of Charter's Pipeline service. I shouldn't have done that. The downstream is 600Kbps faster than my DSL, but the upstream is about 180Kbps. The only reason I got the 256Kbps upload on my DSL was to host this site and my mail server from home; also to have a better ping time in games (for some reason, the latency between a 128Kbps and 256Kbps upload decreases exactly 10ms). Since I won't host my servers over Charter's connection, the upload isn't all that important, so the download is a nice plus. My latency, on the other hand, is incredible! I can ping the main servers I play on at 28ms, compared to those over my DSL at 40-50ms. The price will be at least $20 a month cheaper as well.

I know what makes sense on paper, but my DSL is near and dear to me. Now that it is working without a hitch, I'd hate to lose it...especially since SBC is about to raise my upload to a 384Kbps cap for free. Ugh...at least I have choices!

Cable vs. DSL

Wow, this has been an interesting weekend. My DSL was down all weekend. I lost sync early Saturday morning and basically didn't get it back until Monday around 10 am. During that course, I noticed all sorts of noise and interferrence on my phone line. That's when I realized all of the previous posts I made regarding my connection was due to this noise I was hearing.

I called SBC and they ran their remote tests and said that everything looked fine. I (unfortunatly in hindsight) had a telco tech come out and check my line. I found a pattern of my line having problems during changes in temperature, ie...night time and day time. He couldn't find anything wrong with my line. No shorts, high-opens, nothing. Well, after he was convinced that the static I heard on my line was due to my DSL, testing this theory at my NID, he left.

Something still bothered me, though. I went and grabbed my ladder and tools to check my NID again...and low and behold, I found the issue. I had about 4 inches of exposed wire that connected to the phone terminal that was untwisted! Twisting prevents interference such as cross-talk, a symptom I was seeing, among other types. This also really affected my line. When something interferes with the voice portion to the point of causing serious voice disruption, it will affect the DSL signal.

Of course I twisted those wires up nice and tight and since then, my connection has been rock solid. My downstrean attenuation (the measurement that is of most concern) even increased 2dB...which is a huge gain.

8.1.03

When good splitters go bad

No, it wasn't T1 interference. It was the NID filter/splitter I got just a couple of months ago. Last night I got my line capped at 768k (doing this will increase your signal-to-noise ratio, providing a stronger data signal) to see if there would be any improvements, but my line still lost sync. That is good news since that means my line can handle being un-capped at 1536k. Bad news, I started to hear DSL static on the phone, and with all the weather conditions we've had lately I knew that the filter must have failed. So today, I went back to Ebay and bought another Siecor splitter. Only, this one is internal. Hopefully, this splitter will stand up a bit better since the weather factor will be eliminated.

I've said it before, and I'll say it again. DSL is a beast, especially if your a ways out. You gotta learn how to tame it. But, once you have it together, it is solid as a rock.

7.31.03

What now?

I'm am active member over at the DSL Reports SWB forum. Have been ever since I've gotten my DSL. Of course, over time, you learn more about the technology you use and use that info to further help other members and visitors. Often, you can even get "back door" help for problems and upgrades on your line with the Official Supports Techs from SBC that work there. Actually, that is how I got my line upgraded earlier this month. Now all of the sudden, I'm experiencing bad sync loss.

I'm not sure what exactly the deal is, but every night this week around 10:30-11:30, my line just drops. It keeps trying to sync, but to no avail. Funny thing is, There is a new Imo's Pizza location that just openned up around the corner from me. What does that have to do with sync loss, you might ask? Well, I'm sure this location is fed with a T1 line and T1's can cause interference with DSL signals...over a long distance. I know my line is on the same feeder with this place so I'm doing a bit of investigation to see if is what the deal is.

In the mean time, I'm looking to get my line capped (ugh) at 768k to see if it prevents sync loss. Man I can't wait until a Remote Terminal comes to my neighborhood....yeah right!

7.8.03

Even at over 12k feet

TCP/Web100 Network Diagnostic Tool v5.2.0f

click START to begin

Checking for Middleboxes . . . . . . . . . . . . . . . . . . Done

running 10s outbound test (client to server) . . . . . 250.23Kb/s

running 10s inbound test (server to client) . . . . . . 1.19Mb/s

Your PC is connected to a Cable/DSL modem



It took some hard work to get this DSL connection stable, and even more to get this upload. In the end, though, it's worth it!

6.4.03

Well, it's all done

I made my POE adapter. I would post pics of the work I did, but it looks just like the example over at NYC Wireless linked below. I did, however, change the install location to my bedroom closet. This is actually the literal middle of my house, so the coverage is fairly even.

So my goal was accomplished of having a hidden AP with a strong signal all over the house. Sweet!

5.28.03

Power Over Ethernet

I decided to start another little project. Ever since I've had my Netgear AP, its been moved all around my house. First I wanted to watch the flashing lights, so I decided to put it in one corner that had an available data port. Next, I moved it into my bedroom and placed it behind my LCD monitor. That still provided a great signal, but table started to get too crowded and the lights were annoying in the dark. Later I moved it next to the entertainment center, and that's when I realized that I'm sick of seeing it at all.

I did some testing a while back with it placed in my front coat closet and liked the idea of being in there. My signal was still very good (even in my basement at the other end of the house) and it wasn't drawing attention anymore. Problem was getting power to it. I really didn't want to run an outlet to a closet, so the idea kinda faded until I found this tutorial over at NYC Wireless on making your own POE connection.

What makes this so sweet is instead of running two lines, one for data and one for power, you can run the power and data over the same Catagory5 data cable. Since the data portion only uses 4 out of the 8 wires in Cat5 cabling, you can use the other 4 wires to carry your DC power for the AP.

I'm looking to work on this over the weekend, maybe even document it as another tutorial available for the curious.

4.15.03

Splitter is on it's way

Well, I won the auction and the splitter is on it's way. It's a good thing too because I noticed that line had some serious packet loss and finally lost sync this morning. The monitor graphs from the post below are in real time, so if your read this post in the next few hours, you will see the drops.

When I finally get it and have a chance to install it, I will do some before and after photos.

4.11.03

Connection Issues

Looks like I'm starting to have some connection issues with my DSL. I seem to keep losing sync today. Not too sure where the problem is, but it looks like it can only get worse. Last week, I swaped out my old trusty Westell 516 modem for that Efficient Networks 5360 to see if it provided any different performance. It seemed to help a little, but the weather was still changing and I know that has an affect on the DSL signal. Especially when your about 12k feet out.

I'm also starting to suspect that my ghetto rigged splitter/filter may be the problem. I took a Z-filter, those inline phone filters used inside, and hacked it to work inside the telco demarc. While the wiring is sound, I think the filter has seen its share of weather and may be wearing out. I have some extra ones I can use, but I'm also considering getting a real splitter made for outside conditions. Either way, it looks like I'm going to be on a ladder with tools this weekend. Good thing it's suppose to be sunny and warm!

2.20.03

New wireless setup

I just picked up a Netgear MR814 and some kind of Netgear card today. I have everything running smooth and such, but for some reason, I'm not really digging this whole wireless thing. Granted, it is nice being able to sit where ever I want to....surf the web. But, that's all I can really do right now.

I have a Linksys 4 port router that I've been using for my wired LAN for over 2 years. Never failed me one ounce. Now I have this one and I can't access the other computers on the LAN since they are on a different network. So, it's kind of a waste if I can't access all of my resources.

Why not hook the other computers to the Netgear you ask? Well, I can't because the AP is up stairs so I can get a strong signal while the Linksys is in the basement next to the DSL modem. I had hoped that the signal would be strong enough to reach upstairs, but that is a no go. Oh well. Maybe when I wake up in the morning I will have a clearer head to make the best out of this situation...

...or else take this get up back to the store!

Copyright © 2000-2008 DjESIGNS
OK, this has got to be enough!