“What the hell,” the regular technophile reader exclaims. “Home network setup? I don’t need a guide for this. I just plug in my router and go for it.”
That’s a valid objection, and that setup works for 90%…no, 95%…no, 99% of the people. But this weekend my parents visited my place, and my stepdad had several questions about networks and WLAN setups and optimizing speed and whatnot, so I received a sudden burst of inspiration: I decided to write a description of my home network, including explanations why I made certain decisions. The last bit is essentially why this might be of interest to people; that is, weird people.
First of all, I’ll show you a little diagram over my current home network. I call this masterpiece What To Do With All Those Bloody Computers You Have Lying Around That No-One Will Buy And You’re Too Cheap To Throw Away:
On the left you see the Internet. Yep, that’s it – that’s all of the Internet. The rest is set up like this:
- One 100 MBit switch splits my connection to my ISP into three parts.
- One of those parts (top) leads to my normal workhorse. This is where I surf the net, do my hobby projects, watch porn, etc etc. It has two network interfaces – one Ethernet and one WLAN card.
- The WLAN card connects to the second Internet split: the WLAN router. Or Access Point if you wish. Here I also have a wireless connection to my file server, and my media PC. The latter is shown as a laptop, but it’s really not.
- The third Internet split is to my web server/general external file server.
Now, I’m sure you have a few comments and/or exclamations already, but I’ll ignore those. Instead I’ll mention some points about basic networking. Here’s a random collection of important things to know about networks:
- Ethernet connections can be 10 or 100 Mbit. Effectively, you can get ~10 Mbit or ~80-whatever-it’s-a-high-number-anyway Mbit respectively.
- 802.11b is maximum 11 Mbit. 802.11g is maximum 54 Mbit. But effectively you’ll rarely see more than 25 Mbit out of those 54 Mbits. Be happy if you have 20 in your home, ’cause the 2,4 GHz band (that the radio transmits on) gets messed up by all kinds of things: cordless desktops, microwave ovens, etc.
- D-Link and Netgear have proprietary solutions for 108 Mbit, but those suck most of the time. And they are proprietary. Unless you’re a rabid D-Link/Netgear fanboy who only buys one specific brand of 108 Mbit products, you won’t see that increase in speed at all anyway. Stick with 802.11g instead – it’s good enough if you use it correctly.
- 802.11n is a new standard that’s starting to emerge. It will yield a data transmit rate of ~200 Mbit, so that’s pretty darn nifty. It uses nice tricks such as multiple antennas and impressive multiplexing algorithms to get that speed; of course this means that your old radio cards will not be able to handle 802.11n. That’s good to know. It’s also good to know that 802.11n is not a finished standard yet, so there are no 802.11n products. You can find pre-n products, but those are also proprietary solutions – not official 802.11n. Guess what? I’m sticking with 802.11g.
- Switching and bridging occurs on layer 2; this means that actions are performed based on MAC addresses. Routing, on the other hand, is performed on layer 3. Layer 3 equals IP level. That’s why my Access Point is also called a WLAN router: a device is a router as long as it deals with packets on an IP level. However, I could also have configured my Access Point to be a simple bridge; in that case it would not be a router anymore, since it would only deal with layer 2. It’s good to remember these things.
So, onto the promised explanations. I’ll put it up in FAQ format. (Fake Asked Questions.)
- Why a 100 Mbit switch?
Because I’m a lucky bastard who has a 100 Mbit connection at home, and I can get five IP addresses. In order to use the different addresses I need either a hub or a switch. A hub would act like a dumb bridge; a switch, however, does port-based forwarding based on MAC addresses. The end result is less unnecessary traffic with a switch, and that in turn leads to (marginally) better speeds and less potentially problematic background traffic.
- Why does your normal computer have two interfaces? Why not just use the WLAN interface?
Because that computer is where I normally download stuff, and it would be an immense waste of bandwidth to limit myself to ~20 Mbit at most compared to what I can get through Ethernet.
- Okay, but why not connect it through Ethernet to the router?
This would work pretty well; however, for performance and stability I have a simple rule: when possible, have as few devices as possible between yourself and the Internet. A router or a firewall might work perfectly for you, but there are bugs present – you just never know when you will encounter them. Routers also have another weakness: NAT. It’s a great feature which multiplexes several local IP addresses (for example 192.168.1.1, 192.168.1.2 etc) to an external IP address. The problem is that each connection to the outside requires an entry in the NAT table (so that the router knows how to map things), and this table is never big enough. At least not if you want to – for example – use BitTorrent.
- Are you insane? Connecting your computer to the Internet without a firewall or a NAT to protect you from break-ins?
Seriously, I don’t know what people do with their computers. If you don’t install weird things or do stupid things, you don’t need to worry about getting your computer hijacked or cracked or whatever. (Of course, because I wrote this I’m going to get hacked tomorrow. But so far the only computer I’ve had that’s gotten hacked/messed with has been a Linux web server that I couldn’t be arsed to upgrade.)
- Why do you have an Internet connection on the AP if you do all your downloading on the other computer?
Two reasons: the media PC can download TV schedules and stuff, and I can provide hospitality Internet access to visitors who have laptops.
- If you care so much about performance, why do you have streaming stuff and visitor Internet access through WLAN? That limits the performance.
Unless there’s too much radio disturbance 802.11g suffices quite well for streaming music and video between the media PC, the file server and the normal computer. I like to optimize, but the benefit of wireless is worth the decrease in performance; make sure you only optimize the things that matter. Oh, and visitors don’t need more speed than that; so there.
- What’s that last server thingie doing by itself? Why not connect it to the router?
I want to separate external computers from internal ones as much as possible; if my web server should happen to get hacked, the hacker must not get access to the rest of my computers. Also, consider the use of the two other Internet connections: I’m mostly a client in those cases, so I don’t advertise my IP to the outworld in the same way as a web server does. The web server is a target – it runs around shouting “yay, hack meeee!” while the other computers hide in the shadows.
- Okay, okay. This is your home network. But you know, most people don’t get fast speeds and 5 IP addresses.
Technically this isn’t a question. But okay, here’s a modified network topology pic:
Here you only assume one connection to the internet, and for security reasons I’ve removed the external web server. It looks pretty similar to what most people might have at home, but there’s one big difference: I would choose to still have a direct connection to the main computer, and make the WLAN access strictly local. (Or possibly routed through the main computer.) If the WLAN router is connected to the Internet, it will receive lots of background broadcast traffic from the WAN side; this will toll its capacity and might introduce unforeseen problems and bugs, depending on the router in question.
This is a setup that would work for almost all types of Internet connections: Ethernet-plug-in-the-wall, cable, DSL. In some cases you need to have a modem connected to the main computer, and it’s tempting to find a do-it-all solution that includes DSL modem, router, Access Point and firewall…but I advise against it. It puts a lot of pressure on a single device, and it also makes your network less flexible – you can’t try different brands or different solutions. I had DSL previously and tried both kinds of setup; I ended up using the DSL modem as a simple bridge to the main computer, since there were too many problems otherwise.
There, I think I’ve ranted quite enough now. Hopefully this might be useful to someone somehow; just remember that these opinions reflect my own experiences and might not be true for you. But whatever you do, I have to stress one thing:
Don’t forget to use WPA/WPA2-PSK on your WLAN device! Don’t leave it unencrypted, and don’t use WEP. Use WPA or WPA2 (the difference is basically just AES encryption instead of TKIP) with a passphrase instead; it’s just as easy to use, and much much more secure.