networking

Case Study – Router Upgrade – from 8Mbps to 200Mbps

We were approached by a client in central London to help with their internet connection. Although they had upgraded to Virgin Media’s 200MB/s DOCSIS3 service from a standard ADSL connection, they were still getting poor broadband speeds.

Old Hardware

As soon as we visited the site, the problem became apparent. They were using a Netgear FVS318v3 – this is a very out of date unit, that has a maximum throughput of 11.5Mbps. See the technical specifications here for a blast from the past: fvs318v3

Here is the speedtest with the Netgear FVS318v3:
wan-speed-test-before

It’s clear that this Netgear firewall/router is a real weak link in the chain.

We have seen many clients using older networking hardware – especially older firewalls, routers and switches. The problem is, that just like PCs, Laptops and Servers though, the performance of newer hardware is light-years ahead of the older equipment. Keeping old equipment in place can therefore be a false economy.

To compare: the Netgear FVS318v3 has a 200MHz CPU, and 16MB of RAM. It has 10/100 network ports, which limit the maximum connectivity speed. Newer firewalls and routers have much faster CPUs, more RAM, and tend to have 100/1000 network ports, which means more advanced functionality can be built in, and faster connectivity is available out-of-the box.

In this client’s case, the solution was clear – replace the firewall/router with a more modern unit.

New Hardware

We immediately thought of the MikroTik RB2011. However, this has recently been replaced with a newer model, the RB3011. See here for more information: https://routerboard.com/RB3011UIAS-RM

The throughput is much, much higher for this unit, compared to the Netgear. It maxes out at more than 3000Mbps – or realistically with firewall rules in place, around 800Mbps. This is more than ample for a 200Mbps connection, with space for future growth.

Here is the speedtest with the MikroTik RB3011:
wan-speed-test-afterA massive, massive improvement. The cost of the new firewall/router around £140 is well worth it for the leap in performance.

read more
DamianCase Study – Router Upgrade – from 8Mbps to 200Mbps

Case Study – Office Move

Over the otherwise quiet Christmas period, we completed an office move for a design company, from their offices in Brixton to new offices in Clapham.

Office moves are a great oppurtunity to make changes to the way a network is setup – almost starting from a blank slate at the new offices.

The new offices were to be completely refurbished, save for data cabling.

Before the move took place, working with our colleagues at West Installations, the existing data cabling was tested, and all faulty network sockets were reterminated and tested. Some new network sockets were also installed for Video Conferencing/Presentation equipment.

A new VDSL/FTTC service was installed on site by BT Openreach (to run in parallel with the old office connection, to prevent downtime). Once installed, we then went on site to complete the Router and Switch setup.

A not-so neat network cabinet before we started:

Empty Cabinet

Note the dust sheet – the building works were still ongoing!

Unfortunately, there was no budget to re-terminate the cables at the patch cabinet end, leaving a lot of too-long cables in the cabinet.

We decided to upgrade the network infrastructure as part of the works, with a new MikroTik Router installed, along with a managed TP-Link 24 Port Gigabit network switch. This would allow for improved network performance at the site, with better security than at the old site (which used the ISP provided modem/router).

Unifi Access Points were installed throughout the office to allow for perfect wireless signal in all parts of the new offices.

Once we completed the equipment install (before cable management is installed):

All powered and live

One thing we always do when on site is label cables/power plugs as we go along to make identification easier when there are 100 more patch cables in the cabinet:

Detailing of Labelling

Detail of Cable Labeling:

Detail of Labelling 2

It’s all in the detail!

Of course, at the new offices, we kept some things the same – the network SSID and Key for example – this meant the wireless was working without any configuration changes on the laptop machines.

Also, the network subnet was kept the same, so that any devices with static IP addressing would work immediately when connected to the network.

Once all of the equipment was setup and installed, we then assisted with the relocation of the desktop machines and NAS device from the old office between Christmas and New Year.

Thanks to the works before the move date, there were no issues whatsoever on the move day itself. All setup and working for the 4th of January!

read more
DamianCase Study – Office Move

Case Study – Network Upgrade and Tidy

We recently completed a network upgrade and tidy for a training company in South London.

The problem points:

  1. Poor performance of the internet router – often crashed
  2. Poor wireless signal
  3. No VPN access, or unstable VPN access
  4. Messy network cabinet, making diagnosis of faults difficult.

After visiting site, we found this:

Network Cabinet 1

Even though the customer had a rack cabinet, the equipment was laying on the bottom, and the wireless access point was inside the cabinet – that explains the poor wireless signal!

After discussing the requirements with the customer, we decided to consolidate some of the networking devices (router, network switch) and replace them with rack mount items.

We went with a MikroTik Cloud Router Switch – allowing fast ethernet connections in the office (gigabit ethernet) and a powerful firewall/router, to allow for remote monitoring and management. Of course, all of the usual VPN protocols are supported.

For the wireless connection, the existing TP-Link wireless access point was replaced with a Unifi UAP, to again allow for easier remote management of the wireless network that was in place.

A guest network was setup for the client, so that the main working network was isolated from visiting clients who needed wireless access.

There was a significant improvement in the network cabinet alone at the mid-way point:

Network Cabinet 2

Note this is before we ceiling mounted the access point!

Once this was completed with the Unifi supplied mounting brackets (made easier by the suspended ceiling):

UAP Ceiling

In the the customer ended up with:

  1. Improved signal strength for the wireless in all areas
  2. Improved security for the network (as the guest wireless was isolated from the main network)
  3. A tidier network cabinet, with more easily managed connectivity
  4. A powerful, remotely managed router/switch to allow reliable VPN access
read more
DamianCase Study – Network Upgrade and Tidy

Using Ansible to update MikroTik routers

Administering a large installed base of MikroTik routers can be difficult. You can use The Dude, but this has not been updated in some time, and MikroTik have not made their long term intentions clear in relation to the continued development of the software.

We use Ansible internally to remotely configure machines, so it seemed a natural choice to update the firmware of the MikroTik routers we have installed.

Firstly, you need to generate an appropriate DSA SSH key. Refer to: MikroTik Wiki for full instructions.

From the source server, test the SSH connection works:
ssh admin-ssh@remoteserver.com

If you do not immediately connect, you may need to add the appropriate identity file to ~/.ssh/config
IdentityFile ~/.ssh/mikrotik_dsa

Then attempt re-connection.

You should see the MikroTik banner message and the [admin-ssh@remotesite] > command prompt. Just disconnect for now:
quit

Once the connection is working OK, we can then add the relevant routers to /etc/ansible/hosts. In our setup, these are in the [mikrotik] group.

The actual playbook we use is very simple. It checks if package updates are available, and if so, updates the MikroTik. BE CAREFUL – it reboots the remote router when the task is complete.


---
# An Ansible Playbook to mass update the ROS version on MikroTik routers
# Version 1 - 2015/11/15
#
# Copyright Jaytag Computer Limited 2015 - www.jaytag.co.uk
#
# You may use or modify this script as you wish as long as this copyright
# message remains. Redistribution prohibited.
- name: Mikrotik Update
hosts: mikrotik
# forces the connection to work one-by-one (note, this will stop the whole playbook if the host is unreachable)
# serial: 1

connection: paramiko
user: admin
gather_facts: no
tasks:
- name: Check if updates required
raw: /system package update check-for-updates
register: updatecheck


- name: Run package updates and reboot if needed
when: updatecheck.stdout.find('System is already up to date') == -1
raw: /system package update download
register: download
until: download.stdout.find('please reboot router') > -1
retries: 3
delay: 60


- name: Reboot the Router if the download is successful
when: (updatecheck.stdout.find('System is already up to date') == -1) and
(download.stdout.find('please reboot router') > -1)
raw: /system reboot
register: reboot
async: 0
poll: 0

read more
DamianUsing Ansible to update MikroTik routers

Windows 10 – Change PPTP ipv4 Settings

screenshot win10 pptp

In my RTM copy of Windows 10 Pro, when I try to edit the IPv4 settings of a VPN connection, nothing happened when I clicked ‘Properties’.

Thankfully, there is a solution to the issue – you can edit the file rasphone.pbk in a text editor like notepad.exe and make the necessary changes in this file.

The exact setting I wanted to change was to disable the default gateway – also known as split tunneling. This way I can connect to the VPN, and only tunnel traffic for that specific remote site over the VPN – i.e. use my normal non-vpn connection for internet traffic.

This is called “IpPrioritizeRemote”. I set this to 0 instead of 1 and saved the PBK file. When I re-established the VPN connection in the usual way, the ‘default gateway’ setting worked as intended.

The PBK file is profile dependant, but can be found either at:

C:Users*username*AppDataRoamingMicrosoftNetworkConnectionsPbk

or:

%appdata%MicrosoftNetworkConnectionsPbk

Other useful settings:
IpAddress – IP address for the client to use
IpDnsAddress – DNS server for the client to use
PhoneNumber – IP address of the remote host

read more
DamianWindows 10 – Change PPTP ipv4 Settings

Convert plain numbers to MAC addresses with Excel

We use the following formula if you need a – between the octets:

=MID(c2,1,2)&"-"&MID(c2,3,2)&"-"&MID(c2,5,2)&"-"&
MID(c2,7,2)&"-"&MID(c2,9,2)&"-"&MID(c2,11,2)

We use the following formula if you need a : between the octets:

=MID(c2,1,2)&":"&MID(c2,3,2)&":"&MID(c2,5,2)&":"&
MID(c2,7,2)&":"&MID(c2,9,2)&":"&MID(c2,11,2)

Of course, you need to change the cell references in each (i.e. the c2) to match which cell you need to convert.

read more
DamianConvert plain numbers to MAC addresses with Excel

How to reset a network card in Windows

Open Control Panel
Click Hardware and Sound
Click Device Manager
In Network Adapters, find the LAN card you want to reset – this is often something like:

  • Realtek PCIe GBE Family Controller
  • Broadcom NetXtreme 57xx Gigabit Controller
  • Intel PRO/1000MT Network Adapter

Right click on the adapter and click Uninstall
You will be warned that this will remove the device from the system – ensure that ‘Delete the driver software’ is *not* ticked if this is shown
Note: Clicking OK will disconnect your remote access session if you are connected!
Click OK
The icon will disappear, and the network adapter will be disabled
At the top of the device manager list, the PC name is displayed
Right click this PC name and select Scan for hardware changes
The network card should reappear in Network Adapters
The network card will be reset to default settings, so you may need to reconfigure IP addresses, reconnect to a wireless network etc.

read more
DamianHow to reset a network card in Windows

OSX Citrix Client Installation – Auto open ICA files from Safari

We have come across an issue recently with the new version of the Citrix online plugin (now called Citrix Reciever). Installation of the Citrix Reciever software from the OSX App store is not sufficient to allow the downloaded ICA file to auto open. The result is, you install Citrix Reciever and login to the Citrix site only for the ICA file to download, but not open. This makes it look like Citrix isn’t working properly.

The fix is simple:

  • First, you have to modify what Safari considers as a “safe” file. Ensure that in Safari’s Preference panel that ‘Open “Safe” files’ is checked.
  • Next, download this zip file: http://www.jaytag.co.uk/wp-content/uploads/2011/08/Auto_Open_ICA.zip
  • Extract the plist (preferences file) from the downloaded zip file
  • Drag and drop the file to /Library/Preferences. (On OSX Lion, type library in the ‘Find’ box and double-click into the preferences folder)
  • Restart Safari

The ICA files should now automatically open, allowing Citrix to work as intended.

read more
DamianOSX Citrix Client Installation – Auto open ICA files from Safari