Wireless Network Solutions for a Metropolitan Area?

An anonymous reader asks: "I work for a company that is expanding into multiple buildings within the same office park. We have line-of-sight between the buildings and are looking into wireless alternatives. Does anyone have experience with products such as Proxim's Tsunami or Bridgewave's GE60 Gigabit wireless link? The point-to-point links will need to support the usual LAN traffic (SMB, HTTP, SMTP, etc.) as well as VOIP. The buildings are not large--up to 140 users, whose main network use would be e-mail, printing, and saving Excel documents to file servers, as well as the aforementioned VOIP). Are these connections any more secure and reliable than using something in the 802.11 family of protocols?"

Laser Link

[MBCook]

At one of the schools I once visited, I saw something cool while helping out with their computers. For some reason they had a point to point laser link. This was years ago. From what I could find it was token-ring and I assume 10 megabits. It wasn't working at the time (half the system was just on a desk).

Still, someone must make something like that today. It would fit your situation perfectly. First of all, it's not broadcast. You can't stand 5 feet from the thing and intercept the signal. Second, even if you did manage to intercept the signal somehow, it is much harder to mess with than if you use some kind of 802.11.

Point to point laser links may be your answer.

Re:Laser Link

[gbr]

I worked at a place 10 years or so ago that used a laser link. It was down in 3 months, replaced with fibre in the ground. Sure, the laser system was up and running, but the reliability at the time was atrocious.

Re:Laser Link

[aderusha]

The technology you are talking about is called free-space optical and is fairly mature. For the distances you are shooting, you should be able to run gigabit reliably. They are relatively secure, but you'd still want to run some sort of VPN over the link (at gigabit speeds this may be difficult). For shorter distances (such as those listed), you will find they are plenty reliable and can handle even heavy rain if installed correctly.

Re:Laser Link

[HavokDevNull]

Saw this at a trade show this year (see boss I do learn from these things) http://www.lightpointe.com/home.cfm and from what I saw they have the technology and the bandwidth to handle most LAN's today. I did ask the rep if fog, rain, and snow etc... plays a part in the reliability of the connection. He said yes it does but you have to have major conditions (hurricane) for the connection to drop completely. If you go this route I would ask for a demo of it and research more QOS issues.

Re:Laser Link

[drinkypoo]

I remember seeing a very cheap device like this that hooked up to AUI some time ago. Not sure if this is the same project or not, but Ronja is a plan for a device that they claim costs $68 in parts (must be used stuff, but I haven't even looked at the spec yet) and does 10Mbps full-duplex over 1.4km.

The material costs are very low, about 100 USD. The operation is immune to interference and quite reliable - interrupted only by dense fog.

Won't help here, but very interesting, and very low-cost. Plus, it's about a kajillion times harder to intercept than wireless - you have to be DIRECTLY in the path of the laser, split a piece of it off with a beam splitter, and then shoot out the beam from the other side.

Don't rely on inherent "security"

[TCM]

I would always run a VPN on top of anything wireless, especially when carrying sensitive information for a company. If you are unsure about the security of a solution, run security that you are sure of on top.

Reliablity and security

[bananaendian]

Are these connections any more secure and reliable than using something in the 802.11 family of protocols?"

There is nothing inherently unsecure about any wireless link - you ALWAYS secure it separately with something (WPA2 certificates/tunneling/VPN etc).

The kind of throughput and safety margins you're looking for, you wanna go higher frequency and licensed band for those anyways regardless of how possible it could be to deploy such links with, let's say multi-channel 802.11g, for example ... that is, unless you're on a shoestring budjet. Certainly it is interesting to compare the reliability of wireless links with traditional copper/fibre connections between office buildings since they cannot be accidently 'dug up'.

The US's oldest metro-area mesh

[Baldrson]

I designed and deployed the first metro area mesh network in the US using Locustworld's MeshAP software. It wasn't and isn't big (small tourist town) and it required a lot of babysitting for the first year, but its a pretty mature technology now and the price is right (the software is free unless you start getting into the WISP stuff they sell).

At this level - pay the money

[ejoe_mac]

If its all in one complex see about the options to having fiber pulled inside existing conduits. Otherwise it's time to justify the cost over a number of years, and allow for a redundant pathing setup & better hardware. Do 3 links and run OSPF on the back side - that way you're safe in the event of one link failure. Also consider CanoBeam (Canon) free air optics http://www.usa.canon.com/html/industrial_canobeam/ canobeam/canobeam130.html which may also work better for you, depending on needs.

Keep in mind that fog and tall buildings can impact performance on laser based systems, but compare this to everyone 's wifi APs as background noise. Just make sure to go to either licenses bands or the 5.8ghz range if you go the radio path.

802.11 + Firewalls

[Mr.+Sketch]

Since you control both sides of the network, your setup should look something like:
Network0 -- Firewall -- AP -- [AIR] -- AP -- Firewall -- Network1

Setup a VPN/Encrypted tunnel between the two firewalls, to secure the traffic. To secure the wireless network, your options are limited something with WPA/WPA2 as long as it has AES encryption would be a good start as long as you have good passwords on the AP and on the PSK (or use RADIUS instead of PSK for even better protection). This will prevent people from connecting to the APs and changing their passwords or something malicious like that.

Addition - locate as much as close to the user

[ejoe_mac]

Also, do what you can to cut back on cross building traffic. Make sure each building has a local print server, and locate user files closest to the users that will access them. Sending a 100mb print job to the copier around the corner shouldn't involve data leaving the building.

Not really a metro question, it is point to point

[jwkane]

Good question. What you are looking for is a point to point bridge. At short range with good line of sight there are only three relevant factors. Price, Speed and Quality.

If price is irrelivent, a free space optic (like gigabeam) with an RF backup (like a Tsunami) will give you massive amounts of bandwidth, low latencies and lots of 9s for uptime/reliability.

Price is rarely irrelivent. A more economical option would be to skip the FSO and just use something like a Proxim QuickBridge. Another alternative which hits a nice price/performance/reliability is a Trango Atlas (45Mbps, about $3k). Most inexpensive (ala 10k) and the licence may be an annual recurring cost. Licence costs depend on location (city/county/state).

So for rough ballparks...

FSO w/RF backup, 1Gbps, $25k +
Licenced P2P RF, 100Mb, $12k + Licence
Unlicenced P2P RF, 54Mb, $3k (Trango)
Unlicenced P2P RF on-the-cheap, 54Mb, $1500 (Microtik, other 802.11x based systems)
Unlicenced P2P RF ultra-cheap, 54Mb, $400 (WRT54Gx2 w/Sveasoft firmware, external antennas)

Re:Not really a metro question, it is point to poi

[jwkane]

"Price is rarely irrelivent. A more economical option would be to skip the FSO and just use something like a Proxim QuickBridge. Another alternative which hits a nice price/performance/reliability is a Trango Atlas (45Mbps, about $3k). Most inexpensive (ala 10k) and the licence may be an annual recurring cost. Licence costs depend on location (city/county/state)."

Not sure what happened there, my paragraph about licenced freq antenna systems got chopped up. Weird.. but you probably don't want to go with licenced freq anyway.

Security for wireless

[jd]

Actually, the best authentication mechanism for wireless at the moment is 802.1x. It is an encryption, authentication and access control mechanism that is per-user, and is often coupled with a standard secure mechanism such as Kerberos. If your wireless systems support 802.1x, that should be the system you use. No question about it.

If 802.1x is out of the question, then the next best solution is to use heavy encryption on the firewalls that connect the wireless access point to the rest of the network. Most firewalls will support IPSec. Running an IPSec tunnel between firewalls will eliminate any possibility of people breaking in OR of intercepts. On a wired network, I would consider IPSec to be the best security mechanism available. It suffers a little on wireless, because there is overhead involved, because the encryption is CPU-intensive on the firewalls and because it's sometimes tempermental on unreliable networks.

(Sun's SK/IP protocol was designed to overcome some of the heaviness of IPSec, but they abandoned it in a fit of pique when it didn't gain nearly the same levels of interest or enthusiasm.)

3 words

[Neuropol]

Colubris. Colubris. Colubris.

Why? Priced right. Feature rich. Linux under the hood. Capable of supporting 16 separate networks per AP/Controller. Radius authentication. Active Directory integratable. Etc. Switches, routers, full spectrum industrial wireless solution hardware provider.

ps. I work for a reseller/installer and I am versed in the support of the Colubris back end.

The wireless radio spectrum is full, go for laser

[MavEtJu]

At this moment we, an ISP in the Sydney centre, are replacing all our radio links (enterasys roamabout, tsunamis etc) with Lightpointe laser links.

Why? Because there are too many other users with radio links which interfere with our with our links. Don't get me wrong, they have served us well in the last seven years, but right now the game is over. There is only one radio link left, between the 62nd and 36th floor of two buildings, because the signal has to punch through a concrete wall which laser can't do yet :-)

And I like the speed improvement. Going from 2.2 - 5.5 - 11Mbps to 100Mbps is nice for the users :-)

Motorola Canopy

Check out the Motorola Canopy system. Point-to-point speeds up to 300Mbps available.

http://motorola.canopywireless.com/

Muni WiFi Policy

[Doc+Ruby]

Today's New York Times has an editorial supporting municipal WiFi policies that help ensure universal access to the Internet. It's a good view of how that infrastructure figures in the broader public consciousness, to the extent that it does.

Re:Not really a metro question, it is point to poi

[sbrsb]

If you want to learn more about free space optics for point to point links, check out these two excellent articles in the latest edition of Broadband Properties:
Can You Use an FSO Link?
California City Uses FSO to Bridge 200-Foot Gap
- Steve Ronan

Airaya and Redline gear

[Robbat2]

I previously worked for a Metro-level ISP, that had their network between approx 20 buildings using wireless gear.
Our preferred short distance solution was from Airaya - http://www.airaya.com/products/p2p.asp
We used the AI108-4958-O model mainly. It comes with (50,150 or 300ft) of external grade CAT5e attached to the sealed unit.
Mount that sealed unit on the building or a tripod mount ($100USD in Home Depot and RadioShack parts for a decent DIY tripod). Run the CAT5e into one of your roof access areas (look at the top of elevator shafts, there should be airways that are usable). Put the POE injector there. From there, run normal CAT5e to your switch gear.

The Airaya units are rated to 108Mbps (realistically we did 30-80Mbps usable IP depending on distance and interferance), no additional license is needed for the spectrum, and they are well designed and NEMA outdoor rated. Not sure what the current price is, they were dropping a lot during the time that I used them, but probablly $1200USD/pair.

Since you say you have multiple buildings, you should look at some of their other gear - the most we ever did was three units in a set (two slave sites pointing to one master, and sending their traffic via the master if they needed to talk).

One of your other high-end solutions is Redline http://www.redlinecommunications.com./ We used a single AN-100 unit for a long-distance haul (~10km), got a reasonable 60Mbps out of it. Cost wise it's not a nice number, and they refuse to sell it to you unless you get a certified installer to handle it.

Re:Airaya and Redline gear

[Robbat2]

And one comment that applys to both the Airaya and Redline gear.
Due to the frequencies and power in use, do NOT stand in front of the units for longer than 20 seconds when they are powered on. You will get the most severe pounding migraine-level headache you have ever experienced.

Tsunami

[kunwon1]

I've installed and maintained a link that used proxim Tsunamis. The biggest piece of advice I can give you, is choose your antennae with care, and make sure they're well mounted. Very slight antenna movement can botch your connection. That's the only caveat I can think of, the tranceivers themselves were pretty much fire and forget.

This was under similar load to that which you described. About 100-150 users at each location, VOIP, and lan traffic. I'm an RF engineer, I work on radios. The Tsunami is a well-built radio. I can't comment on security, but as to reliability... other than antennas going out of alignment, this link never needed any attention at all. Period.
Take from that what you will.

Dave

Considered fiber?

[Spazmania]

Have you considered fiber? Consider it again.

You're entirely in a private office park you say. Less than 2 km between buildings, right? Has the telco laid any cable conduit? If so, its now a fixture of the property and belongs to the property owner. This means you can use it. Pick up some spools of direct-burial multimode fiber on ebay at around 20 cents a foot, pull it yourself and pay a fiber expert to come in and attach the connectors.

Even if there is no pre-existing conduit, you can use something like the $250 borit tool to get under the parking lot without disturbing the surface. http://www.borit.com/index.cfm?fuseaction=details& prodID=98 Digging yourself is more expensive than pulling through conduit but it could well be cheaper than a decent laser link and its a whole lot more reliable. And oh yeah -- it'll handle your bandwidth needs for the next 20 years instead of having to be replaced in 3.

Re:Considered fiber?

[mjpaci]

fiber++

Doing it yourself--

There are a whole lot of liability issues that you don't want to take on by running your e-bay fiber yourself or boring your own holes in the landlord's property. Hire the proper entity to do this (after getting the landlord's permission) and make sure they carry enough (or what is required by the property owner) liability insurance.

He's not running fiber to the cabana next to his pool at home -- let the professionals take care of it.

--Mike

Some answers to common questions

[cloricus]

One thing I hear a lot from people interested in doing this sort of thing is worries about fog and buildings. So here are my observations on these two topics, I hope they are helpful if they are in the back of your mind. Though I have no real idea about laser as it tends to be rather expensive (I'd love to know about some home brew solutions if any one knows some) I have had dealings in fibre through the company that I work for and personally I'd rather wireless for simple tasks (like the ones you listed) and fibre for that intersite LAN feeling (at work all of the sites are effectively on the one LAN which can be handy as they all use centralised DBs and content systems.

Fog has little to no effect on short range and long range wireless links. I have rarely used extreme short range (standard 6dbi antenna that you get with your home dsl router) wireless and have no idea what fog does to its already pathetic range. Though I have done extensive testing with one to eight km range gear (15 to 36dbi austar standard, grey sat, omni 180/360 wave guide, omni sticksomethings, and many more) transferring large files during fog periods and during sunny normal days and at most (you can't see five feet in front of you fog) the difference is a drop of around 20kb/s (sustained speeds of around 600kb/s) max to deal with the slightly contorted packet noise from the bounces. Over long range links (using 4watt Austraian max on the old 3 foot grey sat dishes to similar and to 24dbi austar) from 25km to 61km fog has had at most a 40-50kb/s (sustained-ish speeds of 550kb/s) effect which is nothing compared to lite dust which just kills the connection with a loss of around 430kb/s. So in my extensive experience in home brew/city wide community wireless projects (specifically Brismesh, Ipsmesh, and DDwireless in Queensland Australia) I can happily say fog is not some thing to worry about and rain may even give you small boosts in speed on short range links.

Large buildings in your way however will almost completely kill off any chances you have of getting a stable connection. And even if you can some how pull off enough of an angle to get a connection to your other site you may get a problem we often noticed where the noise causes a stable 600kb/s connection to drop to around 80kb/s after 20 minutes to around 12-13kb/s after 35 minutes or just drop out while moving large files. Remember that in Australia we have a 4watt limit so blasting our way through objects other than trees is a lot more illegal and a lot harder than it is in the US so it may be possible, I'm not sure. So as a rule of thumb...If you can't see it don't bother.

If you need to know more details or have other worries I am happy to answer and link you to wiki write ups on testing and projects we've done.

Re:Some answers to common questions

[squeezixmud]

Hello, Australia, I am interested in your write ups on testing and projects. I have a Tsunami 60 that is a line of site covering about 2.5 miles. It should be running 12mbs or better but is not. I do not know what the actual bit rate is and would appreciate any suggestions on how to determine the rate and how to conduct general testing, etc. Thanks Larry ldsweet@midsouth.ualr.edu

Re:Some answers to common questions

[cr0sh]

I'd love to know about some home brew solutions if any one knows some

While not laser-based, it is one of the best homebrew FSO systems I have seen:

Ronja - Twibright Labs

IPSEC is trustable, cheap, standard

[billstewart]

I strongly agree about not trusting the transmission equipment to provide your security.
Depending on the bandwidth, you either need a pair of Linksys routers or maybe a pair of PCs running Linux to do IPSEC for you. It's cheap, trustable, standard, and reliable. It may bloat your bandwidth a bit for some applications like VOIP, but that's generally not a big deal (or if it is, you're running your bandwidth too hot anyway.)

Re:IPSEC is trustable, cheap, standard

[mkw87]

I strongly agree about not trusting the transmission equipment to provide your security.

This is true, you don't want just anyone using your network to download porn.

Rain fade on 38 GHz microwave

[billstewart]

I work for a carrier, and we occasionally use 18GHz or 38GHz equipment to provide access or access diversity. It'll carry up to an OC3 or so depending on exactly which equipment you use, requires line of sight, etc. The limiting factor for us as a carrier is that we're expected to offer a service level agreement, and the amount of heavy rain an area gets determines how long a distance we can go before we drop below 99.99% uptime. So Phoenix can get up to 10 miles or so - Seattle's a lot lower (though not as low as you'd expect, because they get lots of light rain. Houston's worse.) Most of the US older-48 states get 2-3 miles.

Then there's backhoe fade. Guys named Bubba driving heavy equipment are not your friends....

1-10Gig wireless connection

[ReaperEB-Moo]

not sure how far appart your buildings are, but this product seems promising; http://www.gigabeam.com/ mount this on the building, then attach your internal infrastructure and you're home free.

GE60

[airfiber]

The Bridgewave GE60 uses the license free 60 Ghz millimeter wave RF transmission technology. For building to building applications of less than 500 meters in most of the USA it is the ideal solution for GigE transmission. Bridgewave is the best of all the companies, whereas Proxim is a poor one. Free Space Optical, while it works, is a poor choice since any dense fog event will bring the link down and the price of the GE60 is actually less expensive than FSO. FSO is dead in the USA because of Bridgewave's new 60 Ghz and E-Band 71-81Ghz systems.

Experience with 802.11b LoS Point to Point

[megabyte405]

I've worked with a point to point link with 802.11b kit (now could probably use g), and compared to a leased line from the telephone company (we're talking spanning a village here), the speed was a great improvement. We had the added advantage of a skilled wireless technician who had done this before and knew the tricks - antennae relaying the signal on high public structures, talking with local radio stations to put another two dishes on their tower, so interference wasn't a problem, etc. We used Enterasys Roamabout systems and some standard enterprise routers - it's secure, just turn on security, mac filtering, and put the wireless link routers on their own subnet. (Add a VPN over the wireless for bonus points) However, since a high-power antenna like the ones we used will restrict the signal beam to literally a "point", unless someone managed to find their way between two of our dishes, we were just fine.

Good luck! This project worked well for us and was a lot cheaper and faster than a leased line.

Avian Carrier

[camusflage]

This is easy. What you want are Avian Carriers. There is some latency possible, and inclement weather will lead to some potential packet loss, but it's definitely the best solution.

Use Motorola Canopy Wireless

Have experience using Motorola Canopy wireless products. Usually any point-to-point link uses the 10 or 20 meg backhaul units. The speed is quite fast for a 20 meg unit. Two backhaul units should run you under 10k. Canopy uses a propritary signal between all units. All three of my warehouses use canopy units.

http://canopywireless.com/

Unlicensed Point To Point at Lower Cost

[hautespot]

We just announced a new product, the HR-IXP420SXP which is a high performance point to point bridge. It runs our proprietary HauteLine protocol which provides full transparent bridging at speeds up to 60Mbps. Unlike 802.11, our protocol has very low jitter and delay variation, making it ideal for VoIP or IPTV streaming. It is also invisible to off the shelf 802.11 sniffers like Netstumbler and can be secured using AEP encryption. There are a variety of radio module options that allow operation on 900Mhz, 2.3-2.5Ghz or 4.9 to 6.1Ghz. All radio modules have high gain transmit and receive ratings. You can marry these units up to appropriate antenna offerings to match your application needs. We carry everything from 2dBi omni antennas (point to multipoint) to 32dBi parabolic dish antennas. 5 Ghz operation provides the best performance throughput. 900Mhz provides non-line of sight operation, but with slightly lower performance. 2.4 Ghz provides universal unlicensed operation for those who cannot use 5Ghz. Our products cost a fraction of competing products, are unlicensed, and designed for rugged, outdoor operation. See our web site at http://www.hautespot.net/ for more information