Slashdot Mirror
Making Wireless, Not Ethernet, the Heart of the Network
GMGruman writes "As mobile devices enter the workplace and latch on to Wi-Fi networks — along with devices such as HVAC sensors and videoconferencing that most people don't even realize use Wi-Fi — the typical wireless LAN is unable to cope. What needs to happen, argues Aberdeen Group's Andrew Borg, is a rethink of the wireless LAN not as a casual adjunct to the wired LAN (the typical mentality when they were first set up) but as the corporate LAN itself."
So what? What is relevant is what those devices are doing. Anyone who needs to pull boatloads of data needs to sit the hell down, and at that point, you can serve them with a wire.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
High latency, low throughput, and a shared collision domain.
What's not to like?
I don't get it.
If the problem is internal bandwith, the latest and greatest wireless standards should suffice.
If it is the actual LAN part, then everything is still behind a router so it is the same regardless.
If its the noise, frankly there are already solutions to that, like using a light instead of waves.
Ye cannae change the laws of physics!
Seriously, though... wireless has serious inherent disadvantages. Susceptibility to interference, a single collision domain, much lower bandwidth in the analog sense. It's good for mobility, but if you try to run a whole site-LAN on wireless it just wouldn't work - even if you utilised the 800MHz, 2.4GHZ and 5.0GHz bands all at once. Maybe if you put little 60GHz nodes in every room, but it'd be far too expensive.
One of the advantages of a wired network is that the data only leaves the premises at well defined locations that you control. With wireless networks it floats over the aether in all directions. And before you can say "encryption will protect me", think about how easy it would be to build a transmitter running on the same frequencies as the wireless network and sit that just outside the company and pointed inwards - instant denial of service attack with zero traceability.
I am Slashdot. Are you Slashdot as well?
Printers? Video surveillance? HVAC? Electric meters? Why are these things using WiFi, when they rarely move and are always plugged into an external power source?
Palm trees and 8
The wireless LAN will be the future! What a great idea. It is so great that I wonder why nobody has thought about it already. Oh wait. My University-LAN works that way. And when I move from Kiel to Berlin and enter campus I am back in my Office-Network. So this is bleeding edge? No. Whole Estonia has such a WI-FI-network.
However, wired networking will stay with us for a long time. Why is that? Because it is faster as it does not need to cope that much with its environment. It has its ether free of most disturbances.
So nothing new here. It has more the quality of a sack of rice.
These are the three things that WiFi still can't compete in against a wired network.
Even the most secure wireless is still much more susceptible to attack then a wired network. Even with the most modern access control and protection methods (which are neither cheap nor convenient) the sheer massive avenue of attack WiFi presents creates a problem for many large corporations. Ask JPMorgan Chase how much WiFi connectivity they have. Or pretty much any US Government building.
Even if you do as the article suggests and call in an expensive contractor to map out the best locations for access points, you have to find out if it's even feasible to run network and power to that location. Even with the best-possible placement you are going to have dead zones, and the size and location of dead zones will vary depending on the devices used. My Toshiba laptop got service in places a virtually identical Macbook did not- let alone the poor wireless reception most mobile phones and devices provide. So you have to deal with irate users, and try to find places to install additional access points to cover the dropped zones.
When I worked for a small non-profit K-12 school, during teacher inservice days I always had to install 2 additional access points in the gym so that the teachers could all connect on their laptops, as the single AP currently serving the gym was not sufficient. Even then, transferring any large file from the server or online either brought the network to a standstill or required tethering each machine to an ethernet cord to do the transfer. Most high-tech oriented conferences, the wireless is all but useless if it's available publicly, due to the hundreds of devices all connecting within a limited frequency space and bandwidth. There is just not enough bandwidth in a small space available to deal with more then a handful of data-rich connections. Spread across multiple spheres of AP reception the problem is reduced, but not eliminated! My bedroom is WiFi-connected only due to wiring constraints and connecting from my laptop to my server via VNC or to copy files is very... very... slow. And really, try having a LAN party over wireless- I can run hundreds or thousands of network cables through a small room and connect everything I need for nearly any project or task inexpensively, and know that the network will be robust. Working with WiFi in anything other then a solo arrangement is a lesson in frustration.
TL;DR - Until security protocol and access control methods are more robust and available; until tools to design, implement, and test wireless networks are more plentiful and robust; and until bandwidth availability is not on par with but exceeds that of standard CAT5- wireless is but an adjunct, a convenient add-on to the main structure of a wired network in a business. ... err, not that I'm impassioned about it, or anything.
I agree with the sentiments here that wireless is not appropriate for a large portion of traffic. Especially as we move to all kinds of media traveling over our IP networks, do we really want all of that to be steamed over wireless when it does not need to be?
I consume all of my media at home over IP, and because of my house's design and the location of my wireless router, it is very difficult to run a wire to where our big screen is, so I use wifi. When it works it is fine, but I have to reset the connection every time I finish watching anything. There is something wrong with the protocols. And I have very new equipment. And I have tried several brands of router, and the problem manifests with both my AppleTV and Roku - and with our laptops (Macs) as well.
I find that wifi is not reliable enough to rely on. It is great when it works, but it is very flaky. If we want to deploy it for everything then we need to make it work first.
OK, I rethought it just now, and it's still a bad idea. Say I'm using 11n everywhere in it's best incarnation. That still gives me only 450Mbit/s for all of my users to share. Except when you factor in overhead, it's more like 200Mbit/s.
Gigabit Ethernet is cheap, and every workstation gets it's own collision domain. It is possible, also, to get utilization in the real world of 90-95%. Plus wireless is inherently less secure, it takes an awful lot of equipment and planning for an attacker to spoof an ethernet network. At the very least, it'd require breaking in to a secure wiring closet.
Oh, and PoE is a lifesaver for anyone who has ever deployed IP phones.
... for my work for the last three or four years, I'll be glad when I can change back to wired again soon. If I have to plug in for power anyway, a second cable doesn't hurt, and the extra responsiveness of the network is a huge bonus.
Wired and Wireless Ethernet are both Ethernet.
OK, lets start with the basics:
Wireless is ludicrously insecure, to the point where any busyness today should be shot for even giving a 100% corporate wireless network more than 10 seconds worth of thought, unless they live in a sealed lead bunker. If you don't agree, please go work for a competitor.
Wired is more secure, and several people have mentioned people walking up and plugging in wireless access points to open switch ports or using the bridge on the ports to make it look like everything is still situation normal, going back outside, and getting to the hacking. If you are a Network Engineer or System Administrator at any busyness and you are not using switch port security, even basic security, especially if you utilize a Voice over Internet Protocol solution, please, go work for a competitor.
The basic problem with the iPad and Tablet revolution is that they are mobile, and that means insecure. Period. Between captures and replays, its too easy to break into wireless networks and obtain the information that is traveling over the wireless network. Now, if that information happens to be my credit card information, no thank you, I will pay in cash please. If that information happens to be my personal information, my medical information, my drivers license and car registration? (I'm looking at you, New Jersey, they actually do this shit already) Whats stopping some asshole from parking nearby and using any number of wireless capture devices from obtaining my information? Sure, he might have to wait 5 years for WPA4Plus+SuperAES+BlowFish+BloodTransfusionBiometrics with advanced hardware RNG (Theoretical future example) to be cracked, but the clever start stealing identities early. I would not be surprised if there weren't already people sitting outside buildings capturing encrypted packets knowing that it is always JUST A MATTER OF TIME before he can have that information, and your mothers maiden name never changes.
I'm not going to say we should all wear our tinfoil hats, but when it comes to the handling of other people's personal information, we should probably exercise a little bit more caution than to even CONSIDER wireless as a real solution. Look at Sony getting their ass handed to them, can you imagine if that happened to say, a YMCA? Do you guys realize how much information about people YMCAs have? What about other Gyms? Schools? Who wants this information on a wireless network? Not me. Encryption isn't good enough. You need physical control in addition to logical control, and wired ethernet gives you that today.
As many people have pointed out the wired network isn't going away as the wireless network will always be far behind the wired network in terms of throughput. What I think really needs to change is the transition between wired and wireless networks for those devices that do both. You really should be able to move a machine between wired and wireless networks without causing any open TCP connections to be broken.
Maybe IPv6 is going to fix that, but I am not convinced the proper solution is actually at the IP layer. It could be implemented at a lower layer of the stack. If it was implemented at the Ethernet layer it would work for both IPV4, IPv6, and anything else you were running on the network. However doing it at the Ethernet layer does limit its scope to a single Ethernet segment, so wouldn't work for those places that implement wired and wifi as separate segments. Hence an implementation at a higher level would be useful as well, and in case IPv6 becomes widespread enough it could render an implementation at a lower level redundant.
Imagine starting a large download while on wifi, when you notice it is going too slow plug in the Ethernet cable and see the speed increase as TCP notice more bandwidth is available. And if you are on the wired network and the cable for some reason gets pulled out nothing would break, it would just cause a drop in speed until you plug it in again.
Wifi can be handy as a 'core' network if you live in an apartment and don't want to (or can't) drill holes to run copper throughout. An extended 802.11n 5GHz-dedicated works well enough to feed 1080p from my upstairs NAS to my downstairs home theater. Still, if I owned, or had an apartment with ethernet wall plates, I'd take advantage of that..
The protocols could use some updating for better media throughput and handling, but the larger concern is the horrible routers we buy. there is no processing power. it is absurd when we have things like the $25 computer reported on earlier this week.
Since I am not an InfoWorld subscriber I could not read the report by Andrew Borg of the Aberdeen Group that Galen Gruman wrote about (nice plug about your own article BTW). Thus I have a hard time to see what Borg really meant and what got lost in the filtering of TFA.
But of course we will have to think of wired and wireless networks as two separate entities. Not that we cannot think about them at the same time and how they should work together, but because of their different characteristics.
For an end-user the experience should be roughly the same, but from an engineering point-of-view, you have to take all factors into account when designing your network. The limitations, security concerns, cost, etc of each medium is important to acknowledge.
So even if I might agree on that we shouldn't view wi-fi as the "neglected stepchild", we cannot dismiss the differences. Doing so would be plain stupid.
This would be the only way I see as being able to beat physical mediums for data transportation. Granted there are many hurdles to overcome, and it is still not fully understood, but it would be far superior to any wireless [and wired] based system when [if] mastered.
http://news.cnet.com/8301-13772_3-20030328-52.html
seems to me that with adequate hardware, you can overcome the 'limits' that everyone here keeps putting forward.
What needs to happen, argues Aberdeen Group's Andrew Borg
So a Borg is giving suggestions as to how Earth's networks are to be set up?
Careful now, people.
The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
Jebus, people. Ethernet is a layer 2 OSI technology and has nothing to do with the physical layer. Wireless uses Ethernet too.
"A plan fiendishly clever in its intricacies"- Homer Simpson
This article is yet another in a long line of pro-wireless, "replace your wired LAN" BS spewed forth by the network rags... It does not speak to the core of why 802.11a/b/g/n wireless networks suck- limited spectrum, which leads to minimum client density, interference and overall poor performance. Remember, a wireless access point is essentially a hub in the sky. A hub that has to share its bandwidth with not only other users, but cordless phones, bluetooth, microwaves, toys, etc...
As for the economics of managing your WLAN like your core LAN, it's already done that way, and more! The amount of technical resources needed to manage even most simple of enterprise wireless LANs way exceeds that of wired networks on a per-node basis. Many CIOs drop a load of dough on a wireless LAN, then freak out when they find their lowly network engineer spending 70% of his time trying to keep it usable for the 5% of the clients that use it. Of course rags like InfoWorld, CIO magazine, Network World, etc. are never going to say that- they'd go out of business.
And "greater range" with 802.11n? maybe (at least higher data rates at lower db) when running on 2.4GHz, but what enterprises are running 802.11n on 2.4GHz?
The limitations of a shared medium preclude its being the "core" of any LAN that is actually seeing sustained use.
History (skip if tl;dr)
Ethernet, as originaly designed by Digital, Intel, and Xerox (DIX) was a shared medium. Transceivers sat on very think cable with vampire-taps piercing the cable to provide station connections. That is 10Base5. (10Mbps, 500meter max length). An improvement in technology allowed switching to 75ohm coaxial cable with BNC connectors, three-way connectors instead of vampire taps, and allowed four repeaters instead of the previous two. (10Base2 was commonly called Thinnet, as the coax cable was much thinner than its predecessor.)
Both of those are shared-media. That means every station receives every other station's transmissions. It's half-duplex in that only one side can transmit in any one time. The concept of "Collisions" and collision-backoff intervals were employed to minimize multiple stations transmitting at the same time.
With the advents of twisted-wire Ethernet (10Base-T) and having stations "home run" to a master repeater, this didn't change much other than the way in which cable was laid. HOWEVER, it prepared the ground for the existence of "smart repeaters" which would "learn" where each Ethernet MAC address was, and only forward frames to the right ports. This switching capacity led to them being called ... switches.
NON-Shared Medium comes into existence:
Switches now allow treating the network as a NON-shared medium. For example, Alice's PC can talk to Printer Bob, while Charlies PC talkes to file-server David, and neither's Ethernet frames interfere, hold up, or affect each other. That's what wired Ethernet is like in today's "modern" network.
WiFi however is a shared medium. AT THE VERY BEST it would be like going back to pre-switch days. If Alice's PC is transmitting, neither Printer Bob nor Charlie's PC or file-server David can be transmitting. Everybody queues up, and overall throughput drops by a function of the number of transmitting stations. But wait, WiFi has other issues which means it's not "at its very best." Some of these include hidden-nodes, RFI, limitation on channel-use, and adjacency issues. Additionally, most WiFi devices will transmit at the speed of the slowest station. So if you have a 802.11b node, it will slow down the 802.11g or 802.11n traffic. In other words, a WiFi network is worse than pre-switch wired networks by a significant amount.
CORE vs EDGE:
When you design a product (and a LAN is a product... it's used by everyone in the house/office/factory,etc.) a design should be based on accomplishing the goals. With LANs that's usually HIGH throughput, LOW cost, LOW errors. For that to work, the "bottlenecks" should not be in the center of this great star cluster of communication, but at the edge.
That is why the core needs to have the MOST bandwidth. (For some 100Mbps full-duplex wired is sufficient. For some of my clients 10Gbps is not enough.) The edge, where small-bandwidth devices exist (e.g. Android Phone, iPhone, Netbook, laptops) is the ideal deployment of WiFi for three reasons:
1. These devices are mobile. It makes sense they should be able to connect everywhere.
2. These devices use little bandwidth. It is unlikely they would normally saturate the wireless network.
3. These devices typically are complementary... so if a user has BOTH an Android phone AND a laptop... it's unlikely both will be using lots of data at the same time.
Ehud Gavron
Tucson AZ
P.S. "Wireless" as used her is "WiFi" which is wireless Ethernet. So it's not really "Wireless vs Ethernet" but rather "Wireless vs Wired".
Making the corporate WiFi more central to the infrastructure does have certain advantages. At my company, someone in the IT department actually seems to "get it" when it comes to the needs of engineers and the corporate network. They have our WiFi segmented into protected and unprotected LANs by SSID. Your corporate laptop goes on the protected one with the over burdensome, aggressive proxy filtering. Your personal devices and "rogue" engineering appliances go on the unprotected. Sure, both segments use keys and access authentication, but the proxy on the unprotected is a whole lot less intrusive such that I can access external IMAP and so forth which I can't through the protected network.
The IT guys don't seem to mind what you do on the more liberal segment just as long as you don't screw up the space they have to guarantee. WiFi makes it a whole lot easier to deploy and administrate this type of network than a hard wired install.
Broadband Wireless . . . what are the possibilities? Is 'Broadband wireless' different than the normal wireless from the normal home router?
Arc welding generates interference.
I was going to moderate some people but I thought I'd pipe up and say just how incompetent some of our politicians (and general public) are.
There's been a small but consistent amount of talk about the NBN being silly because of the "advances in wireless technology" and people genuinely seem to think it's a viable option for a country the size of Australia, to do all the internet (and phones!) for over 20 million people, wirelessly.
Sad but true.
4 years ago I've helped to manage a mesh WiFi network for a fairly large enterprise. It covered a large building with about 1000 people working simultaneously. It was first intended as a temporary network (they had to relocate quickly, because of a fire in their old building). But it worked well enough to become the main network.
Keys to success: low-power APs with WDS, and gigabit Ethernet trunks + switches with STP. We used WPA with pre-shared password for wireless security and then IPSec for IP-level security (it was used with the wired network earlier so no setup was required).
As far as I remember, an average access point served about 15 clients. We manually set all the access points to the lowest possible power level, but apart from that we did no additional setup.
When personal computers came out, IT said "personal computers are toys and useless for real work, we do not allow them in our facility." When the first commercial Linux arrived in late 1995, I heard IT say "Linux is a toy and useless for real work, we do not allow it in our facility." Now I read in this very thread people saying "iPads are toys and useless for real work, we do not allow them." Hint to IT: It didn't work when you said that in 1980, it didn't work when you said that in 1995, and it won't work when you say that today.
I've heard all the excuses over the past 30 years over why IT can't allow the latest technology, and in the end they all ram up against reality. Mordac the Preventer of Information Services may have short-term victories, but in the end the wheels of progress grind him up. Reality simply *IS*. You aren't going to stop the executives from bringing in those things because they outrank you and your rear end will be out on the street if you try to stop them, not to mention that if you don't provide a secure wireless network capable of handling the iPads and other wireless devices that people want to use in your facility, you're going to end up with wildcat devices, often in the hands of untouchables -- people you can't touch, because they outrank you / are mission critical to the company / are close personal friends with the CEO / whatever. I've seen this dynamic -- IT trying to stop new technology from entering the workplace, and being bypassed -- so many times over the years, that you'd think IT would get a clue and get ahead of the technology curve rather than trying to downplay the new technology as "just a toy and useless for real work." Yet reading the comments on this article I see IT people doing the same thing that didn't work in 1995, that didn't work in 1980, that won't work today -- trying to keep technology they don't understand / don't like / have no personal use for themselves out of the workplace.
Hint: You might as well start trying to figure out how to make your environment work for ubiquitous wireless devices, because it is *not* a "fad" that's going away. An iPad isn't a substitute for a desktop computer, just as a desktop computer isn't a substitute for a mainframe, but clearly people are finding the things to be useful for *something* if they're wanting it on the work network, and it's not your job as IT to tell them that no, it's *not* useful (when clearly the reality is that it darn well *is* useful for something, even if you don't understand what), it's your job to accept that reality and figure out some way to get the things on your network in a secure and reasonably speedy fashion. Because it will happen regardless -- so you might as well do it right, instead of the futile fight against insecure wildcat access points in the hands of untouchables that will otherwise happen.
Send mail here if you want to reach me.
I bought an iPad (WiFi only) for my four year old daughter in October. She uses it to watch a library of recorded kids TV shows, to play some games, and to run a phonics program that teaches basic reading/phonics. The wifi is normally turned off. Occasionally, I have used it for email when we were travelling or shopping.
The iPad paid for itself in the 3 months during which she would go to sleep on demand by watching the iPad in her bed in the evening.
I'd put more trust into a cabled lan as a core network because the reason is that encryption on wireless networks is not easily changeable. If the encryption used is ever broken you have a lot of dead hardware and must make a financial purchase to get "NEW CORE EQUIPMENT" just to change the crypto/cipher. With CORE Ethernet you don't have this problem and you can always encrypt in the LAN if you want for extra protection in case a cable happen to be dangling out a window or something.
Peace!
PENO
Try running X over a slow connection whereby the idiot owning the slow connection really digs VLANs but you still need an SSH tunnel. WiFi would be the 3rd encryption in the chain and would make everything even more unlikely. Kick out WiFi and you're better off. Persuade the VLAN idiot -although the fscking bastard will go to great lengths in order NOT to understand you- and you're almost fine.
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Wake me up when my ESX hosts connect to the SAN wirelessly
Hi,
Ethernet is an OSI layer 2 protocol. "Wireless" is a physical link layer concept, that is, OSI layer 1. Most Wireless LAN use Ethernet. In fact, even mobile Wireless technologies such as LTE use Ethernet, because nowadays everything is IP (layer 3 protocol), and Ethernet works very nicely with IP.
Comparing Ethernet and Wireless/Wired is like comparing a car wheel to a car chassis. With love,
Network engineers around the globe.
Oh, and PoE is a lifesaver for anyone who has ever deployed IP phones.
If regular / cheap switches and routers would allow at least one PoE port it would be much easier than being forced to run the wires to the few PoE capable switches - and even those can power only 4-8 ports of a total of 16-24.
In most cases I end up adding a power brick next to the IP phones.
As far as I remember, an average access point served about 15 clients. We manually set all the access points to the lowest possible power level, but apart from that we did no additional setup.
that's about as good as it can get, with more than 15 clients per AP the connection quality goes downhill quickly.