An attempt to explain network MAGIC

The following article is an updated version of an article originally written by me in 2013, in part to bring some of the technology definitions, names and speeds etc up to date and in part to include some names and services applicable to France – where I now live.

I recently (well, over 10 years ago from now) undertook to integrate a couple of new colleagues into our company network – a simple VPN to provide access to files they would need to work on and simple – trivial even as the infrastructure was already in place and use – voice and video links to their home network.

To say I was shocked at the list of problems that reared up and stood in the way of achieving these modest needs would be an understatement. The underlying cause of the problems had their roots in the choices of broadband supplier and package my colleagues had made and in the ways they had gone about implementing their extremely simple home networks.

As I suspect the lessons learned could be usefully applied by many small businesses and home workers I offer this “layman’s guide” to doing it “right”. Everything from choosing a suitable broadband supplier and package to where to put that “wifi thingy” that just got delivered needs to be considered if you want to get the best from your network system your ability to do business may depend upon it … so read on.

Introduction

Many small business today operate from home – a room or space set aside in the house or a shed or dedicated “garden office” some distance beyond the defined living space.With technologies like VOIP and WebRTC providing cheap, portable telephone and video communication, email, file transfer and web hosting being simple to achieve and large amounts of “cloud” storage available for backups or primary document storage running a business or working from home should be a simple thing to achieve. Once the business grows -maybe a colleague joins who also wants to work from home at another location, maybe you need access to files while on the road – a small file server is added, VPN (“Virtual Private Network”) implemented and data synchronisation or secure remote file access becomes a need. Of course,some way of ensuring only authorised personnel can access the network externally – so in comes a Windows Server with its Active Directory component or a Linux server with one of its forms of access control.

Suddenly, things are starting to look like a mini enterprise-grade system. Divorced from corporate IT support, many people hit obstacles that interrupt communications, obstruct the smooth flow of data or – at worst – make the whole enterprise unworkable.

If you find yourself in this position already, are about to start working from home or installing a small network (up to a couple of dozen devices) in business premises, I hope this article may help you understand why and where things go wrong and how to get round or – better yet – avoid the problems in the first place.

Throughout this article, technical terms are avoided unless they are essential to understanding (eg; you will see them on adverts, services or devices you need to choose between) and numbers and units have been rounded for simplicity (pedantic computer scientists needn’t write to let me know that bits and bytes are measured out in binary … decimal arithmetic and ratios like 10:1 work well enough to understand the topic here!

A primer on “speeds”

The “speed” of a data connection (technical term is its Data Transfer Rate) is measured in bits per second (shortened to bps) where one bit refers to the smallest unit of data a computer transfers or processes – technically one binary bit.

A single character – such as a single letter like the letter A requires 8 bits to store. For convenience we are going to assume throughout this article that 10 bits are required to transfer that single letter to allow for overheads caused by various transfer protocols. Do not worry if you have no idea what I mean – the thing to remember is that a single computer bit is a very small thing indeed and you need lots and lots of them to transfer anything of use – an email, or simple document might comprise hundreds of thousands of bits – a picture millions and a video stream tens or hundreds of millions of bits per second.

So … let’s explore some common units you will see when exploring or comparing network “speeds” (or DTRs) …

1 Gigabit (Gb) = 1,000 Megabits (Mb) = 1.000 Kilobits (Kb) = 1,000 bits.

The use of bits to measure data transfer rate is technicallt the correct unit but ISPs love to use the bit not for its precision but because it lets them advertise BIGGER NUMBERS while they are bamboozling non-technical customers. To understand how “fast” any connection might work and relate it to a task you want it to perform it’s better to think in those bytes (a single letter, remember?). For the purposes of this discussion we are assuming that 10 bits are needed to transfer on byte (or single letter) so – easiest maths ever – just divide the bps rate quoted by 10 to get the more useful “bytes per second” equivalent.

Whenever you see something like Gbps (lower case b) you are reading about bits.

When you see something expressed as GBps (UPPER case B) you are reading about bytes. So, in bytes (or equivalent letters) :

1 Gigabyte = 1,000Megabytes = 1,000 Kilobytes = 1,000 bytes

A word (or several) about home broadband

It is tempting (especially when budgets are tight) to simply take the cheapest “home broadband” deal on offer – after all, they all say they deliver the same speeds,don’t they – and some even come with the “box” you need to share out the Internet among all the PCs,laptops, smartphones and tablets your family … and your office needs. Then install the box inthe place quickest and most convenient (usually where the phone connection comes into the building)and sit back and wait for “the wifi” to provide the promised high speed Internet connectivity toall the many devices around your home.Shortly after the contracts have been signed, long term commitments madeand the ISP (“Internet Service Provider”) chosen installs the new broadband connection isoften the time when many home based businesses or home-workers realise that broadband connections arenot all the same – and there may just be a bit more to this networking malarky than at firstappears.The kind of Internet connections we are concerned with here are thosemost commonly delivered to home premises:

ADSL (“Asymmetric Digital Subscriber Line” if you must know) is still the most common kind of connection. It uses existing copper (you hope!) telephone wiring to”piggy back” a data connection on top of an existing analogue telephone service.”Asymmetric” relates to the difference in incoming (download) and outgoing (upload) speeds the service provides – with preference given to download speeds so the headline number – say, “24Mbps Broadband” relates to the maximum download speed the service can provide. ADSL upload speeds are always a fraction of the download speed – a typical “24Mbps download service will provide only 0.5~ 1Mbps upload speed – though a chat with a capable and friendly ISP maybe able to alter this usage, trading a little of the available download speed for higher upload speed – an important factor if your business has to send large data files as part of its work or makes more than light us of voice or video traffic. The quality of service that can be delivered (ie; actual speed seen at your premises) is highly dependent on the distance (cable length -not as the crow flies) from the telephone exchange to which you are connected. A service advertised as offering “up to” 24Mbps may only provide that headline speed to premises within a few hundred metres of the telephone exchange. Premises 2Km from the exchange will, at best, see just a fraction of the headline speed – perhaps just an erratic 2Mbps – and anyone unfortunate to live further than 2Km away will likely receive no service at all.F

FTTC (“Fibre To The Cabinet”) is the way that the majority of “fibre” broadband is delivered in the UK. Instead of providing an optical connection(“pipe”) right to your premises, the optical fibre runs only as far as a street cabinet (in theUK, you may have noticed new green boxes appearing on the pavements around yourneighbourhood). From the cabinet to your premises, the old metal telephone wiring (acentury old technology) is still used to carry broadband and telephone to yourpremises.FIBRE service uses optical cables (made of glass or plastic) totransfer data as pulses of light rather than electrical signals over the metal cables used by ADSL.Because it is less prone to interference and deterioration of the signals it carries, it offers thepromise of considerably higher speeds (technically “data transfer rates”) over longerdistances with far greater reliability than ADSL. In the UK at least, services delivered viafibre-optic connections are still asymmetric – but the far higher overall bandwidth available allows formore generous division between the downward and upward streams, making the services much moreattractive for use with multiple “real-time” (video, telephone) streams or rapidlarge file transfer needs.Fibre based broadband is delivered in (broadly) two ways – and it isvery important that you understand the differences. A good, simple guide to the differences canbe found at http://www.thinkbroadband.com/guide/fibre-broadband.html b but a quick summary is provided here:

Old copper analogue technology is still used to carry broadband and telephone to your premises. If you are served by FTTC, nobody will come to dig up your garden or drill new holes in your walls. A new “box” will be fitted that splits digital data and (via a convertor) analogue phone into two sockets. FTTC is a compromise that mixes old and new technologies (some may choose to call it a typical British fudge!) that saves money (nobody is digging up your street, your garden nor drilling holes in everyone’s walls) but places considerable compromises on the quality of service that can actually be delivered. As the final piece of the link still uses metal cables, distance is still important

FTTH or FTTP (“Fibre To The Home” or “Fibre To ThePremises”) involves running optical fibre all the way to a building. Download speeds of between 1Gbps to 8Gbps (1 Gigabitsper second is 1,000 Mbps) are possible today with much more in the future. It is considerably more expensive to implement than FTTC (streets and gardens need to be dug up or new poles used to carry the fibre overheadand new holes drilled in walls for every premises to be connected) but it is the only true “future proof” solution.

A couple of other factors are vital to a proper understanding of the differences between similar sounding broadband products – no matter how they are physically delivered to your door – ADSL, fibre, satellite, 4G cellular … whatever. It must be understood that any computer network is a shared resource and this is especially true when it comes to the Internet and connections to the Internet. Just as too many computers connected to the same local network trying to transfer large volumes of data at the same time will exhaust that network’s bandwidth, so any connection you establish point-to-point between your computer and some other device arbitrarily connected to the Internet relies on a host of shared – and, here’s the point – bandwidth limited resources to work.

CONTENTION is the technical term used when a number of connections across a single data link try to use the network simultaneously. What? ISPs do not (unless you pay a lot of money) provide a single, you-and-you-only, point-to-point connection between your premises and “the Internet”.

On any network, the likelihood of its full bandwidth being demanded at any given point in time should be small – otherwise the network capacity needs to be increased!

On any network, when multiple devices (connections) demand more than its capacity allows – or contend for more bandwidth than it can provide – a sharing mechanism comes into play to provide each device with some share of the available bandwidth.

ISP’s rely on this fact – so much so that when selling you a “24Mbps” connection, they may (for the sake of illustration) provide a connection to the exchange of (say) 100Mbps – which you may think would adequately allow four customers to hammer away at the connection to their heart’s content, with a little capacity to spare. Except that ISPs commonly do not connect just four customers to such a “backbone” – they connect 10 … or 20 … or 50 … or more.This ratio of the number of customers multiplied by the bandwidth each is allowed, divided by the backbone capacity is called the “contention ratio” and on a business class link may be lower than 10:1 but at the cheaper, consumer end of the market ratios of 50:1 or greater are not unheard of. The higher the ratio, the greater the likelihood is that you will find yourself in contention (competing with) other customers for network bandwidth – with the result that the services you may be rely on slow significantly or stop working.

If you have a consumer grade broadband connection and wonder why just after the schools close for the day your download speeds drop through the floor, consider all the children who are rushing home, powering up their games consoles and Internet connected TVs to start downloading Gigabytes of games and films. You are in contention (simple term “in competition with”) all those other customers for a share of a finite resource.

ADVICE: When choosing an ISP or a package offered by an ISP, look for the contention ratio – it should be somewhere on their website specifying the package you are considering or the ISP should be willing to tell you what ratio they use for a given package if you ask – and they’re worth dealing with.

For business use,look for a ratio no higher than 10:1 if you intend to make extensive use of the connection throughout the day – up to a maximum of 20:1 if you consider your needs to be light. In any case – if you can’t get a straight answer, take your business elsewhere.

When other customers connect a house full of mobile phones, tablets, voice recognition and other IoT (“Internet of Things”) devices such as security cameras and Internet connected TVs to start transferring Gigabytes of games and films your ability to, say, watch a film may cause repeated stuttering (technically “buffering delays”). You are in very real effect “sharing the line” with those other customers – the ISP’s backbone network capacity is exhausted and the contention mechanism has kicked in to give everyone a “fair” chance at whatever data they are trying to transfer.

If I have to make a choice between them, I far prefer a DATA CAP – a clear limit on the amount of data you can download in any one month before the ISP either demands more money or cuts you off until the next billing cycle. That may sound drastic but a decent ISP will provide a high enough data cap that you should (as long as you have correctly estimated your data transfer needs) rarely exceed it and will work with you to accurately gauge your needs and provide the best cost package for you. The ISP should also give plenty of warning (say, when 50% and 75%of your monthly allowance has been used) allowing you to decide whether to cut back on traffic that month or pay more to meet exceptional need.

FAIR USE POLICIES are often anything but. Read the small print of that “unlimited” capacity, high speed connection you are offered and it may refer to”fair use”. What this means is … whatever the ISP decides it means. While they have few customers on any given backbone it may mean nothing to trouble you (as unlikely as that is). As customer numbers increase, the ISP can decide to throttle (artificially slowdown) or even for some periods completely disconnect you until it decides your usage falls back inside its definition of “fair”. Good luck in getting them to explain what “fair” means at any point in time and space

TRAFFIC SHAPING is often more insidious. The benefit to the ISP is tha tthey can advertise and contract “unlimited” download capacity and high headline speeds. The fact is however that they couldn’t possibly allow all their customers to constantly download bucket-loads of data. Traffic shaping is a “polite” marketing term for straightforward throttling of your connection to the Internet. The trouble it causes you is that you have no control over what services they might decide to”shape” (if it’s video calls, you just lost the ability to call anyone) or when they might doit or even how they might do it – they might throttle part of your connection (eg; slow file transfers or web page loading) throttle your whole connection (so everything suddenly runs slow) or effectively cut your connection for some arbitrary period. Once again, good luck in trying to find out what level or type of activity might trigger the start of traffic shaping -it may be nothing you’ve done, just overall activity by too many customers trying to do more than the ISP’s network can cope with if allowed to continue that led them to instigate action affecting all their customers. Only one thing is certain – you won’t get truly “unlimited” access to the Internet at a consistent speed that you have paid for.

ADVICE: Stay away from any broadband service that incorporates anyform of “fair use” or “traffic shaping” policy as if the contracts carried the plague. For business use you need consistency and control over something that will be crucial to your very ability to conduct business. Why on earth would you risk letting someone else arbitrarily decide to restrict your use of such a vital asset?

CAPS, FAIR USE POLICIES and TRAFFIC SHAPING are mechanisms used by ISPs to restrict the amount of use you can make of your Internet connection.

ADVICE: A good ISP should be willing to offer management of your router “black box” (perhaps for an additional charge) AND provide you with the login ID and password

As in any business relationship, service levels and reputation count formuch when deciding which ISP to choose. Other factors may be less obvious. If you aren’t technically savvy the fact that the ISP manages the “black box” router they supply as part of the deal may seem attractive – but if the ISP’s customer support is a foreign call centre, you want to run your own email or telephone server and need to get TCP/IP ports unblocked or QoS (see below) implemented the way you need it and the ISP either won’t allow it (because they want you to use their phone package or email) or tie you up for days while some incompetent nincompoop spends days or weeks or months failing miserably to perform a task that should take a competent technician no more than minutes to perform – it’s your business that suffers … not theirs.

I have an 8 Gbps fibre connection – so why does my speed test only show me 250Mbps?

VERY IMPORTANT FACTOR TO REMEMBER: On a network comprising many devices of differing capilities, the transfer speed you obtain is determined by the slowest device on the network.

An example: Your Internet connection arrives into your premises via a “(magic” box) that has an Ethernet network socket into which you plug a network hub or switch that distributes the connection via cable around your premises, Unless you have an enterprise size budget the likelihood of your equipment being able to carry more than ONE Gbps is tiny. Currently (2023) the network equipment and cabling cost to carry more than 1Gbps (so-called gigabit networking) is so high as to be out of reach of a small business. While you may receive 8 Gbps at your virtual doorstep only 1Gbps then travels onward.

Example 2: If your first Gigabit network switch then connects to a 100Mbps network switch that serves the PC you are using then (following the same principle – speed at any point in a network is determined by the slowest device in the chain of connections) that 100Mbps switch will do its very best to supply you with a 100Mbps link upstream BUT there is no way it can suddenly transfer 10 times its rated transfer rate.

Example 3: You have a wired or WiFi network connection all the way to your PC or other WiFi connected device. BUT the device is incapable of dealing with such a fast connection – say the PC has only a 1Gbps network adapter card or the mobile phone has a WiFi radio incompatible with the standards required to transfer data at multi-gigabit speeds.

Though we throw around terms like Gigabit, Trés Haut Debit or simply pretty quick to ease our way through the terminology we must remember that data transfer rates are one of the fastest moving areas of a very fast moving industry. At the same time it is important that new hardware and software that comes along is – as far as ever possible – compatible with older devices. So, connect a 100Mbps switch to a Gigabit switch and the devices will negotiate (“talk to each other about”) their capabilities and establish a link in far less time than it took me to write this sentence. BUT always remember that any link only work at the speed of the SLOWEST device in the chain. So you can plug or wirelessly connect just about any device from the 1990s to the 2020s and expect them to “talk” to each other, the speed of communication is still that set by the slowest in the chain.

The bit of magic that enables this “let anything to anything else” ability is due to a set of standards that sit amongst thousands of standards covering other aspects of IT and even the way your cooker can be wired up. The standard that applies to computer networking is standard number 802.11 and – to add to the confusion includes numerous sub-standards covering cable definitions to types of network switches and routers that operate at vastly different rates or use different technologies – such as WiFi (which can be though of as lots of virtual cables bouncing all over the covered space) – that take their data from a physical cable that connects to [… insert much more magic].

The importance of standards and compatibility

I won’t make this a history treatise so let’s just go back to the start of the 20th century and look at WiFi standards. (Hint: If you want to study in a little more depth [should take less than a month of your life] head over to Intel’s web site, specifically the page at https://www.intel.com/content/www/us/en/support/articles/000005725/wireless/legacy-intel-wireless-products.html for a quick primer on current and historic WiFi standards – and if you have more time spare head to the IEEE standards body and start digging – with luck you might be finished before your babies have finished university).

The Intel page shows the maximum data transfer rate that each market-delivered variant of WiFi standards might provide. For a few hundred dollars/Pounds/Euros you can go to a shop today and purchase a wireless access point (“AP” = box that sits on a table or is attached to a wall that spreads WiFi all over the place) capable of transferring data at 2.4Gbps … under ideal conditions – see notes below. Such a box will be proudly marked 802.11ax compliant. The previous 802.11ac WiFi standard had a maximum transfer rate of 1.73 Gbps but step back to the most commonly found domestic and small business device in use before that 802.11n transferred only 450Mbps – just 1/6 of today’s fastest WiFi devices.

If you are lucky, the box the ISP that pronised an 8Gbps Internet link might be 802.11ax compliant – leaving the only problem finding an “ideal” place to put the thing.

Back to basic networking magic …

A PC or AP or any device by Ethernet cable to the router’s Gigabit network and seeking to download a file from the Internet is lmited by the speed of the slowest piece of equipment in the chain between it and the incoming box supplied by your ISP.

That might be a network switch, WiFi AP … or even the device itself.

As an example, unless the mobile phone or laptop or PC was designed and first appeared on the market no earlier than 2022 it is unlikely to contain a WiFi radio and code compatible with 802.11ax WiFi. Just to complicate matters, standards applied to mobile phones have different codes – even though they perform an equivelant tas to the WiFi equipment they nay connect to. So you need a mobile device showing a WiFi 6E standard to make full use of an 802.11ax WiFi AP.

Confused? Don’t blame you – you would need to be a magician to wade through all the codes and standards and connection methods unaided.

But … all seems simple … …. Just make sure your WiFi AP and all connected devices support 802.11ax and all will be well. Right?

Not Quite …( In practice WiFi connections rarely operate at their theoretical maximum transfer rates …. In fact the actual performance seen is often (usually) a fraction of the maximum “shown on the box”. So, a valid question is …

Why doesn’t my WiFi run at the speed it says on the box?

A couple of things to understand about WiFi speed “ratings” and how they translate into the performance you see in the real world: Published and advertised WiFi speeds represent the theoretical MAXIMUM that a given pair of devices can transfer data using the appropriate standard. So a pair ofdevices (eg; AP and laptop) operating to 802.11ax standards IN IDEAL CIRCUMSTANCES could transfer data at a rate of 2.4Gbps. In reality they will not.

“Ideal circumstances” means sitting just a few feet from the WiFi AP in free air (no building or walls anywhere in sight) and with clear line-of- sight between it and your laptop or other device with no interferencef rom other equipment – including other nearby WiFi networks. In real-world use it can be justa bout impossible to achieve these “ideal circumstances”

The next factor to take into consideration is that a computer network (whether cabled or WiFi) is intended to share the bandwidth (maximum available speed) of some single access point such as an Internet connection.

Whatever the data transfer rate on offer (or in real world usage, achievable) that bandwidth must be shared by all devices connected to the AP (that is, trying to transfer data concurrently). Take the example of 10 laptops all trying to download large files at the same time the transfer rate (speed) each laptop will experience will be less than a tenth (the sharing imposes some overhead of its own) of the available speed.

DISTANCE: Simply put, even in clear line of sight, the further the two devices are apart, the slower the data transfer rate that can be achieved. The more modern standards (eg; 802.11n through 802.11ax) are each more resiliant more resilient than previous standards as distance or interference or simple cancellation as the radio signal bounces off walls in your building increases but that depends in turn on correct implementation of the full standard – many devices that proudly claim (eg) “802.11n Compliant” lack the correct antenna implementation to enable this distance resilience to function. As ever, “buyer beware” and (more practically) do all you can to explore the detailed specification of equipment you buy if ther is to exist any chance of approximatin the maximum data rates souted out on packaging and web sites.

Actual transfer rates (speed) achieved falls off rapidly as soon as those IDEAL CIRCUMSTANCES deteriorate. So what constitutes a deterioration in ideal circumstances? It turns out many things are harmful to WiFi data transfer (in fact after reading the full list it’s surprising the technology works at all!) the good news is that quite a few of these factors are within the user’s control – a little care and application of “smarts” allowing the “ideal” to be approached, if never actually reached:

The single biggest cause of failure to achieve a reliable or performant WiFi link is poor placement of the box containing the WiFi (understand that I am weeping as I write such simplistic descriptions of extremely complex technology).

Ideally a WiFi AP should be placed centrally amongst its users and as high as possible.

Which begs the question of how to make use of an 8Gbps incoming Internet connection? The answer is hidden behind my earlier statement that any network is intend to share transfer bandwidth among numerous devices. Another way of expressing that is to say that no single device should ever expect to get the full bandwidth available to the network.

Understand that and the light comes on to show that it’s actually OK to build a network containing slow network switches and “outdated” network consuming devices.

A cheap way to spread 8Gbps of incoming Internet around your place

Having earlier established that it is currently exorbitantly expensive to spread cabled networking at speed the incoming connection is capable of delivering (even assuming you had the foresight to build your cabled network using properly installed CAT7 cable the price of a 10Gbps network switch is sure to make your wallet run off and take cover) there are ways of achieving the result you are seeking at more reasonable cost.

1. Consider that the purpose of any network is to share data communication
2. … now take 8Gbps and divide it among 4 x 802.11ax WiFi AP boxes
3. Voila! You now have 8Gbps of Internet goodness spread around your home, garden and half the county.
4. You will need to ensure that any device needing substantial speed when accessing the Internet complies with the latest standards

It is highly unlikely (which is what your ISP is banking on in offering such bandwidth – allegedly uncapped and unrestricted – at such low cost) that you will ever need to use the full bandwidth offered but should that be your desire that is the way to do it while retaining some pennies in the bank.

Network security

Continuing to blow my trumpet can I remind everyone reading this article of the ESSENTIAL NEED to SECURE any network – especially one that provides WiFi access – which by its very nature extends the physical access to your network far beyond the bounds of your premises. Security issues aside why are you paying for a high speed Internet connection if you then make it easy for your neighbours or any teenage drive-by hacker to do unspeakable things (even criminal acts) which will be recorded in your name? SO,

1. Change the passwords on the ISP supplied “box” to prevent unauthorised access. Even the simplest box will have several passwords including one that sets the ID and password granting access to the WiFi component and another that prevents unauthorised access to the administrative (management) functions of the box itself. Ensure that different ID and password combinations are used for each component of the box. DO NOT REUSE IDs or passwords across different functions or devices – create new combinations for each. Use a password generating tool (I recommend BitWarden, available as a phone app and most desktop operating systems set to a high security level and have it also securely save and share the IDs and password you use so that you do not have to remember a 16 character string of gobbledy-gook – just let it login automatically for you. See – there is no excuse for not using separate, secure IDs and passwords.
2. Deny any access to administrative functions arriving for the Internet (so public) interface.
3. Disable the internal WiFi function. I know this seems a waste to throw a perfectly capable device in the bin. Or so you might think. But when you have never in your career seen an ISP Wifi devive or router capable of keeping bad people out of your life you will rush to Amazon to buy a WiFi AP from a vendor that responds to known security flaws and you can gain full control over. Not to mention place somewhere physically more appropriate in your house than next to the incoming raw Internet connection.

If your network is ever to be shared (eg;you operate in the hospitality industry and provide shared (split) access to the Internet to both your guests and your equipment) a better use of less money would be to invest in network routers and enterprise grade network switches to ensure that the two classes of traffic are segregated and can never meet.

That is an article for another day. Hope this one cleared up some confusion on the magic behind computer networks.