Skip to content

Category: Networking

Goodbye Apple Airport

After years of using an Apple Airport Extreme as my home router, I’ve decided that I need something different. As an early 802.11n device, it lacks many of the features available in newer routers, such as advanced dual-band features, guest networks (not so advanced, but sadly lacking on the AE), and the like.

The top-of-the-line routers from Cisco/Linksys and Netgear look promising, although their >$150 price point hurts my wallet just thinking of them. They offer some nice features on top of standard router faire:

  • Netgear’s box features both printer and drive ports, easily turning your desktop printer into a workgroup machine and let’s you share media over the network.
  • Linksys’ box includes a built in UPnP server and a single USB port.

Unfortunately, my printer has a built in Ethernet port and my home server is serving up my media via UPnP much faster than an attached drive would. What it’s coming down to is network performance and price.

I’ll be doing some performance research (the findings of which I’ll post here) and will make my decision before the end of the month.

Of course, if you’re interested, I’ll be putting my old router up on eBay. So, if you want a solid router with easy Mac/iPad/iPhone integration and a USB port for a printer or drive, you should check that out.

Problems with Using an Xbox360 as an HTPC

My Windows Home Server box is now hosting all of my digital media, so I figured I’d test out its ability to work with my Xbox. The method of accessing it is significantly easier than streaming your media from a PC running Windows Media Center: you go about it the same way you would access video files off a thumb drive plugged into the 360.

My only problem is this: my HD movie files (.mkv) and certain other videos will not play because the Xbox doesn’t have the codecs to support them. I figured this would be an issue, but as my digital media library becomes more HD-centric, I’m going to need another solution.

I’m seriously looking into building a few dedicated HTPCs that run XBMC, a media center application that not only will play everything I want it to (except Netflix in the Live version), but looks great and is easy enough for my wife to use and enjoy. The end-state for the HTPCs would definitely be having one connected to each TV in the house, but I think a single test machine will have to be the first step in selling the wife on the idea.

Open Letter to SPAWAR

To Whom It May Concern,

As a service-member who has been in the Southwest Asia theater of operations for 24 of the last 48 months, I have been well exposed to the services offered by your organization. While it is nice to have free (albiet low-speed) Internet access and low-cost calling options, the reliability and quality of your network is questionable.

My first issue is regarding the lack of Quality of Service (QoS) policies on your routers. At least at the distribution/access level, QoS policies do not exist. While I have not seen your routers’ configurations, this is obvious for a number of reasons:

  • When the MWR is empty, the Internet speeds are manageable and could even be considered good for a satellite-based link.
  • During the afternoons, when the majority of traffic appears to be data (web pages, instant messaging, etc.), access speeds are still usable, even when all of the computers are in use.
  • In the evenings, at least fifty percent of users are using voice and video applications, such as Skype, with little to no degradation of video quality. Attempting to use data services, however, is nearly impossible, as pages (even quickly loading ones such as Google’s home page) will time-out before being displayed.

Quality of Service policies prevent any one type of service from dominating the available bandwidth and preventing others from working. While the telephone services you provide are Voice-over-IP (VoIP) and QoS policies may be in place segregating VoIP from other traffic, no restrictions are being placed on computer-generated VoIP and video services (i.e. Skype, Yahoo! Video Messenging, etc.).

These policies could be easily created and implemented, as they are in use throughout the IT world (including the Army’s WIN-T architecture). At bare minimum, ensure that each station is allotted a dedicated portion of the cafe’s overall bandwidth, so that it is usable.

Second, the images placed on the cafes’ computers are bloated, outdated, and just plain awful. While I applaud the wide-array of Instant Messaging clients (on this machine, there is Google Talk, Skype, Windows Live Messenger, Yahoo! Messenger, AIM, and MySpace IM), no one uses MySpace IM. Also, the version of Google Talk installed doesn’t support Google Voice, which would be the only reason to use that over Yahoo!, AIM, or Windows Live.

The Start Menu is littered with items like Creative Product Registration, two versions of, two icons for Internet Explorer, and a number of other applications that your cafes’ users should not be using or seeing. If the cafes’ techs are installing software onto your baseline, then my statement regarding your image should be withdrawn and my comments be redirected at your techs. Windows XP (the OS used in your cafes) is too easy to keep tidy, especially when users only have access to one account.

Lastly, your network is owned by the Department of Defense. As such, access should be limited to ID Card-holders only. Third country nationals should not be permitted access to such systems. I do understand that the network is not directly tied into NIPR net (the Department of Defense’s Unclassified network), but the use of MWR facilities outside of SWA is limited to ID Card-holders. It should be no different here.

The people working the front desk (TCNs) give priority to their “friends” with regards to time limits on the phones and computers. Soldiers, sailors, airmen, and marines should not have to wait in line behind TCN contractors that should not even be allowed MWR access.

Please do not take my criticism as an attack. I am grateful for the free Internet and appreciate its availability. My hope is to bring a few glaring issues to your attention, so that future deployers can experience even better services with little effort on your part.


Sean Callaway
United States Army

SPAWAR, or the Department of the Navy’s Space and Naval Warfare Systems Command, provides Internet and voice services in Iraq and Afghanistan. You can visit the SPAWAR homepage here.

Rediculous Backup Project

During my network redesign, I realized that having all my media and backups in one place, even with the pseudo-RAID of Windows Home Server, could be a bad idea. So, I decided that having my Home Server backup to another Home Server might be perfect. [No, I’m not going to cluster Home Servers.]

As my parents are in need of a similar backup solution, I decided that implementing a custom-built Home Server (they’ve got the machine already, but it requires more storage) which would act as my remote backup location would do nicely. Of course, their machine could also backup to mine.

Implementing this securely could be interesting. As I have no idea how much data would be need to be transferred between the two machines, a Dropbox hack would not fit the bill without an expensive business-level plan. About that time, I realized that I had a few extra Cisco devices around that I might be able to leverage.

The idea is to create a IPSec tunnel between our houses. This will allow the backups (and any other traffic we feel like) to pass through the tunnel, encrypted and secure, from my network to theirs and vice versa.

While my new network calls for a heavier-duty ISR (like the Cisco 2821), their needs are more modest. One of the routers I already have with Fast Ethernet interfaces could fit the bill. More to the point, I still have a PIX firewall laying around that could do all of the encryption/tunneling from behind their existing wireless router.

I’m going to be digging into actual configs in GNS3 in a few weeks, but I think the idea is sound.

More to follow…

Network Redesign: Almost Done

So, I’ve finally reached the point where I’m ready to buy equipment. I’ve settled on a Cisco 2821 router (nice ISR platform with Gigabit Ethernet ports) and an HP ProCurve switch like the 2510G-48. This will let me split up my network into a few VLANs: one for wired computers, one for VoIP (if I ever add it), one for wireless connectivity, and one for management.

By separating the network into VLANs, I can apply security features, like access control lists (ACLs), so I can do things like preventing guests on my wireless network from accessing my file server and the rest of my wired network, while still allowing them to get on the Internet.

Depending on whether I have fire-blocking in my walls, I also plan on putting a patch panel in the broom closet and installing RJ-45 jacks in the rooms that require wired access. Wireless access will be provided by a Cisco/Linksys WAP4400N wireless access point connected to the switch.

As I acquire and install equipment, I’ll post pictures, diagrams, and configurations.

Network Redesign: The Adventure Begins

Every time I head to the middle east, it seems that I get the itch to redesign my network. This time, I’m looking to increase security, upgrade all segments to Gigabit Ethernet (or 802.11n), adding a network storage device, and simplify the network at the same time.

While I’m still working on the design, I plan on purchasing a Cisco router with Gigabit Ethernet (GbE) LAN ports,  a fully-managed GbE switch with at least 16 ports, some kind of NAS device (currently looking at Drobos), and possibly a new 802.11n wireless access point.

I will also consolodate my servers using VMWare ESX. Hopefully, I won’t need to run more than one box anymore.

Updating the IOS on a Cisco Router

The most straight-forward way to update the IOS on your Cisco router is to run a TFTP server (such as Tftpd32) on a network directly connected to the router. Setup the TFTP server to serve files from the directory containing your new IOS image (C:UsersSeanDesktoptftpd32.335files in the screenshot below).

Connect to your router via telnet or console (preferred) and enter enabled mode. The following example assumes the computer running the TFTP server has the IP address and the IOS image file used is c2600-adventerprisek9-mz.124-12.bin. Change these to suit your situation.

Test Network: Overview Thus Far

So, my brief tests with running Active Directory have concluded and I’ve learned the following:

  • Windows Vista dislikes connecting to a Windows Server 2003 Domain Controller. By default, Windows Vista looks for the domain controller in a different place than Windows Server 2003 has it running. However, it has no problem connecting to a Windows Server 2008 PDC.
  • Windows Server 2008 is legitimately better than Windows Server 2003. Although all of my test network is virtual (running on two different computers using VMware Player and bridged into my physical network), I’ve seen actual performance and stability improvement in a Windows Server 2008 PDC than its Windows Server 2003 counterpart.

I’m sure I’ll have more to report on later, but this is what I have thus far.

Test Network On Its Way

I’m currently building a test network to experiment with running Active Directory at home. I love the idea of a roaming desktop, but don’t know how I feel about setting up a laptop on it. We shall see.