Superspeed your network for free… (or nearly)
Don’t wait around for slow transfers and sluggish services: Steve Cassidy explores how you can get a network boost with little or no investment
Aslow network hampers your productivity, and it’s also frankly embarrassing – it sends a message to your staff, and to any external parties who may access it. Yet it’s an area where major improvements can frequently be made with some tweaks to your settings that don’t cost a penny, aside from the engineer time and expertise required to implement them. There are plenty more upgrades that aren’t a free but whose price is, by the standards of corporate networking budgets, barely worth worrying about.
Getting the required results isn’t necessarily straightforward, because there are a lot of different ways in which a network can be slow. One business I shall not name used a cheap Wi-Fi base station and a corporate Dropbox account for storage and collaboration. The network was fast enough for day-to-day work, but not for continually syncing large amounts of data to and from everyone’s computer, resulting in workers having to hang around and wait for all their data to come down the line before they could leave for the day.
Wired vs wireless
There’s one major divide that relates to a large proportion of companies, and that’s wired versus wireless networks. There are all sorts of fundamental differences between these two networking models, one of them being that you can spend several grand putting a top-speed Wi-Fi Wi Fi 6 connection in place, while a patch cable can be bought using the dusty ty old coins in the bottom of the e office coffee kitty.
Plenty of retailers seem to charge about £30 for an Ethernet cable, but don’t fall for it: the marketing departments want us to believe that pricier cables are higher quality, just as we’ve been een told for decades in the hi-fi fi market. But none of these cables s is high enough quality to survive even the most benign of office environments. Their main adversary is the office chair castor wheel – a device capable of delivering hundreds of kilos of crushing force per square inch. I recommend you think of an Ethernet cable as a consumable item, like a toner cartridge or light bulb. Once it’s crushed, chewed, stretched, kinked or cut, that’s the end of it. No t too long ago I ran a cable tester over all of a client’s leads and found that 60% were degraded in some way, which can lead to all sorts of aggravating, intermittent performance problems.
This may sound like a digression, but if you’re trying to tune up your network for little or no outlay, a great first diagnostic is to replace your wireless connections temporarily with a cable run. You might have to fiddle a bit, because not every router configuration treats its Ethernet cable ports in the same way as its wireless clients. However, it’s worth the effort, because a basic cable gives you an immediate indication of whether your speeds are being held back by the Wi-Fi, or by something deeper in the infrastructure.
If the wireless connection turns out to be sucking the performance out of your network, then there are ways to tune up your Wi-Fi, maximise its speeds and reduce interference. Often, though, the real solution is a hardware upgrade: that’s sadly unlikely to count as almost free, but it could still pay for itself in time if it lets staff work more efficiently.
In almost any network, wired or wireless, there are certain structures you can tune for performance. In fact, it might surprise you how similar they are across the two networking technologies. It’s called Ethernet because, even though data doesn’t literally travel through the “ether”, the concept was originally based somewhat on the concept of running radio transmissions over a cable. So when Wi-Fi came along four decades later, it wasn’t a problem to adopt the same philosophies and terminologies.
For example, setting an appropriate maximum size for data packets can enhance efficiency, whether those packets are inside an eight-core copper cable or floating through the air. I know, there’s a lot of fossil knowledge that says “leave the MTU and packet size alone”, but that’s because back in around 1994 many routers weren’t able to dynamically switch packet size according to the settings for each class of connection. Doing so was in the spec, but couldn’t be implemented at a reasonable cost using the technology of the time.
It’s no longer 1994, and there’s now more CPU power inside a network card than you might have had then in the entire computer. We no longer need to cling to the idea that cheapness and simplicity are virtues in network traffic infrastructure; we’re finally free to take full advantage of all the features that were envisaged when the standard was originally drawn up.
Let’s be clear, turning on jumbo frames in your PC’s Ethernet card settings isn’t a magic-bullet hack. Don’t expect a blinding flash of power effect. Rather, it should give you a small increase in speed, and turning on full duplex transmission and flow control – while perhaps turning off energy-saving features – should do the same, adding up to a worthwhile performance improvement.
Of course, these features need to be supported and enabled at both ends of the cable, which brings us into the daunting but important world of network switches.
Switches decoded
Is your switch managed or not? In band or out? Can you run cable diagnostics from it? What about OSPF, trunking and fibre support? The language of network switches seems designed to be discouraging, which is a shame because having the right one, and configuring it correctly, is key to running a fast and secure business network.
It doesn’t have to be complicated. A managed switch is one that lets you set those key tuning parameters at the switch end, so the PC doesn’t have to be in the right mood to get the right negotiation of link speed and protocol. Some switches take this a bit too seriously – I remember some old 3Com hardware that arrived in a more or less unconfigured state, and required you to type in your settings over telnet to make it useful. At the other end of the scale, some switches offer jazzy web interfaces that can leave you confused as to exactly what setting you’ve just enabled.
There’s also a spread of hardware and configurations to allow for the broad range of business interests reliant on network switching. Some companies have to record every single packet, in case it turns out to be important in an international markets, options trading or other high-powered financial environment. Others do a lot of their customer work on the phone, so they opt for a VoIP-friendly switch, which has quite different design priorities to those made for hosting centres or networks where the majority of the traffic is between virtual machines.
Then we get into layers. You might have heard of Layer 2 switches versus Layer 3: these designations refer to the ancient but still vital ISO sevenlayer networking model. Layer 2 is machine addresses, so a Layer 2 switch lets you divide up your LAN into VLANs, whose traffic mostly doesn’t need to intermingle. A Layer 3 switch goes a stage further by managing IP addresses for VLANs and allowing a framework of routes and little cul-de-sacs of machines to be built
“Setting a maximum size for data packets can enhance efficiency, whether those packets are inside a cable or floating through the air”
out of each other’s way. There are Layer 4 switches too, which analyse the traffic itself and make real-time routing and priority decisions, but if you’re in a business that requires that sort of technology, you probably already know all about it.
If performance is your priority, it may be a mistake to pursue complex topologies. The more complicated the network environment, the more slowly it tends to run. If you mix up a hundred VLANs and pass them all down a VPN tunnel, don’t be shocked when the whole thing just about grumbles up to 256Kbits/sec.
Instead, you can think about simplifying and minimising the amount of traffic that’s exchanged. One recent IT buzzphrase is “zero trust”, which is the idea that every object, device and cable on your network should have an identified device that uses it, and nothing else, connected to a nominated switch port and with a list of traffic types it may accept.
This may sound radical, but it can be done pretty cheaply – quite a lot of it is executing a design, typing in a bunch of addresses and port ranges and so on. Almost any decent Layer 3 switch could be used to set up a network like this, and once you chop out the chattering nonsense – the traffic you don’t normally bother to identify and cut out – then your network is quite likely to run better.
The catch is in the upkeep. Making an initial zero-trust design isn’t too hard,
but you have to grow and maintain it every time something changes on your network. For every new service or device on your network you have to decide what access is legitimate. This is where thinking architecturally pays off. Given a single L3 switch, you can have several subnets, some of which are zero-trust – the ones with the users on – and others which are unfiltered within their own boundaries. If you don’t already have an L3 switch then this might not exactly be a free upgrade, but you don’t need the latest and greatest hardware: I’ve made just such an architecture work using an old HP Procurve 6108, a switch so old it’s driven by a 266MHz Motorola PowerPC CPU.
Going IPv6
IPv6 has had pretty poor PR within the business networking world. The major advantage claimed for it is that each device gets its own globally unique address: this makes the burden on big continent-scale routers considerably lower, but for most businesses that’s either irrelevant or seen as a security concern. For some time now, the standing advice when network tuning or product testing has been to turn off IPv6, debug everything in v4, and only re-enable IPv6 later on if you really need to.
There was a lot of sense to that outlook back when IPv6 was relatively new. The default everything-on setting was fine for standard computing components, but badly behaved installs did exist, which would be tripped up if the network layer didn’t fully implement IPv6 in the expected way. We must give thanks to those who have spent the intervening years debugging their code, because nowadays it all seems to work pretty well: your machines should all be happily able to pick up link-local addresses (ones you don’t need to configure or select) and see and reach one another through the IPv6 address space without any particular need to fall back on IPv4.
The really remarkable thing is that, because of the clever way IPv6 can be encapsulated over an IPv4 connection, you don’t even require a dedicated IPv6-capable network switch to make it all work. If you want to connect to the internet intern over an all-IPv6 connection, that’s possible too, either via a VPN or through modern hardware and a co-operative ISP.
Before you get too excited, note that, on its own, own switching to IPv6 will make almost no difference to your internal network speed. The major boost comes if you manage to line up all the tweaks we’ve mentioned so far. If you can turn on jumbo frames, and flow control, and prevent the switches from trying to negotiate the wrong duplex setting, then IPv6 is the icing on the cake – at least, for operations that run in a standard Windows-supported way.
It’s understandable that experienced network engineers might be reluctant to set up IPv6, because it adds an extra degree of complexity to designing and troubleshooting connections. But you can always simply segment your LAN between IPv4 and IPv6: only one cable has to cross that boundary, and that means you can plug in a reasonably smart firewall just at that bordercrossing point. Neither population needs to be told anything explicit about the other; each can have their own filtering rules or prohibitions.
If you’re using a lot of storage, you might also choose to run your iSCSI pool on IPv6, on a network with absolutely no internet access of its own. Next door to it, your servers can use secondary Ethernet cards to talk to the iSCSI targets, without referring to anything external either. You might have to enable an iSNS server somewhere to make this work, but that really is a free component, at least in Windows. Hey presto, your storage traffic isn’t slowing down your internet access, nor slowing down your users when they hit up the servers to retrieve data from the storage array.
“If you want to ensure your data is whizzing around the building at top speed, then 10GbE is the standard to aim for”
10GbE and faster
If you want to ensure your data is whizzing around the building at top speed, then 10GbE is the standard to aim for. Although
40GbE and 100GbE standards do exist, the hardware is prohibitively expensive, and the interconnects aren’t cheap, either. Meanwhile, a 10GbE card can be easily had for under £100, and it should be at least partly operational with your existing wiring.
You’ll still need to budget for a 10GbE switch, but something like the Netgear Pro GS110TPv3 can be had for a tad under £200. This is a decent basis for performance experimentation: a lot of supposedly 10GbE devices will immediately fall down to lower connection speeds if your configuration isn’t precisely to their liking. You need to be sure that you’re actually going to get the performance you thought you were paying for, so go through all the checks I’ve mentioned above, and make sure that you apply any required software tweaks to make your various machines use the infrastructure properly: moving to 10GbE is by no means a drop-in upgrade.
Most frustratingly, the spread of support for 10GbE has been slowest in exactly the market where you’d most want it – cheap, large-capacity storage devices. Generally, only the bigger NAS appliances (those with eight drive bays or more) are currently offered with integrated 10GbE ports. orts. Yet as hard disk sizes continue e to grow, we’re now at the point oint where it’s perfectly feasible easible to deploy a two-drive NAS box with 36TB of storage. Hopefully the market will soon oon catch up to a point where it’s possible to access all that data ata at the full speed the drives are e capable of.