Wireless Bridge
From Superk
|
|---|
No, this isn't another article about setting up wireless networking per se. Well, it is, but it isn't. Let me explain. This is an article about linking wired networks on the same subnet but in different rooms (or buildings conceivably) using wireless networking.
This article results from a recent project of mine where weighing the effort and potential cost of running a wire from room to room ended up being more than creating the connection wirelessly. Well, that's what I thought initially anyhow. It turns out that the procedure isn't as straight forward as it may seem.
Though the concepts outlined in this article can definately be used to construct a similar setup with different equipment, I will describe my setup and include some of the proprietary features included with the equipment I chose. For the most part, I have been very happy with the performance, configurability and cost of D-Link equipment for light use. There are many who may disagree with that comment, but I stand by it. For me it has worked well.
Generally I am not a fan nor proponent of proprietary features or the manipulation of set standards, but for the small size of my network, I thought it was acceptible to use the proprietary ExtremeG protocol from D-Link in order to benefit from the added speed. After using the system for a bit, I still feel it was the right decision. However, if I were to reproduce this configuration in a corporate or even small office arrangement, I would definately recommend a more standards compliant configuration to allow for interoperability and compatibility between multiple brands. That being said, D-Link's ExtremeG equipment does in fact work very well with the standard 802.11g protocol, but the added cost of it is a waste unless you use it throughout your network.
The Layout
Below is a diagram of the configuration in use on my LAN. While it doesn't show specific configuration information (for obvious reasons), it gives a good general overview of what I'm trying to achieve.
The Equipment
D-Link DI-614+ Broadband Router/Firewall/Switch
This was part of my existing network but incorporated into the new project. Originally this device served as the Wireless Access Point (WAP) for my laptop's wireless connection. Through the work done in this project, I've been able to disable the wireless features in this item and use the new WAPs instead.
If security is your thing, then I'd also recommend finding a better solution for your firewall needs. The built-in firewall in this particular D-Link appliance is hardly enterprise class, nor is it overly configurable (though for a cheap appliance like this, it does offer a fair bit of configuration relatively speaking).
D-Link DWL-2100AP Wireless Access Point
You'll need two of these. For a WAP, these are very reasonably priced (around $100 each). They also come with the proprietary ExtremeG protocol from D-Link that allows them to communicate with other ExtremeG devices at a theoretical 108mbps throughput. In actuality, of course, they never come close to this, but they do offer a significant increase in speed from standard 802.11g equipment. This is not a review, however, so I will not get into specifics of performance or features here.
The most important feature of these WAPs is their ability to function as wireless bridges. This is crucial to the design laid out in this article. Essentially, their primary purpose in life is to communicate with each other and no one else. The fact that they do indeed communicate with other properly configured network devices is an added benefit as I'll discuss later. If replacing these WAPs with equipment of your choice, be sure it supports bridging mode or buy wireless bridges specifically (note, dedicated wireless bridges tend to cost a bit more I've noticed). Differences between WAPs and wireless bridges is beyond the scope of this article.
How It Works
This is the general breakdown of how the WAPs act as a bridge between the two wired rooms to act as a virtual wire between them. Obviously since this configuration is using wireless as it's transmission media, there is a great deal of variability in throughput quality, speed and security - all of which should be considered carefully before purchasing the equipment to put this together. Things that may affect throughput include walls, electrical interference, radio interference (ie, cordless phones, other wireless LAN products, etc.) and distance. Reducing these obsticals to a bare minimum will ensure the best possible performance. Security is another item that becomes a major risk when working with wireless networking in general. Because of the nature of WiFi, it is available physically for anyone to access. The only bits of security that can be imposed on wireless networks comes in the form of encryption techniques and access control lists.
- Encryption - While encryption techniques is beyond the scope of this article, I will just mention a few items here. The most popular form of encryption today is WEP (Wired Equivelant Privacy). This protocol allows for the data to be encrypted/decrypted at each endpoint of the wireless signal. Another upcoming form of protection is WPA (WiFi Protected Access) which is similar to WEP in many ways, but provides a mechanism for user access list control via a seperate mechanism (ie, RADIUS).
- Virtual Private Networking - VPN is a method in which a host on either side of the network connection through a non-secure medium are connected via an encrypted tunnel maintained by the two hosts. All traffic that travels between the two hosts is encapsulated by this secured tunnel. While similar in practice to WEP, the encryption techniques and process are often more effective in securing the data. Also a VPN may offer more flexibility in the configuration of a secure tunnel and allow administrators more control over what is allowed accross the tunnel.
The primary goal of this project is to create a continuous and dedicated link between seperate wired networks so that the two networks can act as one contiguous subnet. In other words, the wireless link we create between two wired switches should look and feel just like there was a physical wire connecting the two. Using the two WAPs (or dedicated wireless bridges) configured in Point-to-Point or Point-to-Multipoint bridge mode where each WAP is configured to talk only to the MAC address of the other WAP, we can accomplish this task.
- Point-to-Point (PtP) - In this mode, only two WAPs can work together to create a bridge. Each WAP will only talk to the other and no one else.
- Point-to-Multipoint (PtMP) - In this mode, several WAPs can be configured to talk to each other in a bridge fashion. Only the WAPs who's MAC addresses are configured in each WAPs configuration will be allowed to communicate.
For my particular configuration, I used PtP as I was only connecting two locations together. If I had a third location (say, the shed out back), I would configure PtMP and have three WAPs all configured to speak to each other. By entering the MAC address of the WAP in the garage into the WAP in the office and vice versa, the two WAPs recognize each other as opposite ends of the wireless bridge. While each WAP has it's own IP address for administration purposes, the bridge is essentially transparent (ie, similar to a crossover cable between two switches) and no special routing needs to be performed on either end. This achieves our goal in quite the easy manner. Using a security method as explained above will help to ensure a bit of privacy across the bridge.
The Good And The Bad
Though my configuration is relatively new, I've already run across some problems as well as some unexpected benefits to this system. First the benefits.
The first benefit to this solution is obvious and already stated several times - the lack of work in running new wire from one location to the other. Sometimes this is merely a convenience issue and other times it is a physical necessity. My situation fell somewhere in between. However, some situations may make running a physical cable impossible or very difficult. For instance, living in an apartment building where it is not permissible to run new wire from one room to another or when connecting two adjacent but seperated buildings where they are still close enough that a radio signal will reach, but seperated by something that makes running a cable impossible.
Another benefit I've found with this configuration is the fact that it still allows my laptop to communicate with the wireless network. This was unexpected and in some ways may pose as a potential problem as well. While I'm still not certain why this works, I assume it is because the WAPs still act as a WAP despite being configured for bridging mode. Setting up my laptop with the proper WEP configuration allows it to communicate with either of the WAPs providing a wireless cloud in addition to the dedicated bridge.
This benefit is only relative to my particular hardware - the ability for the WAPs to maintain ExtremeG throughput between themselves despite communicating with them using a non-ExtremeG WiFi card. This also goes against my initial understanding of the product in that I thought when in the midst of non-ExtremeG equipment the WAPs would automatically reduce themselves to standard 802.11g (54mbps) communications. Should I find I am indeed only using standard 802.11g even for the bridge, I'll update this article.
Now the bad parts. As I just stated, the fact that I am able to connect to the wireless configuration using an outside client (ie, a wireless card that hasn't had it's MAC address configured into the WAPs) seems to be a security issue. While it still requires me to have the proper WEP configuration to talk to either of the WAPs, I would have expected them to be completely isolated and unable to communicate with anything not specifically configured into them. With the MAC address access lists, I would have hoped for this security in all honesty. Perhaps I'm missing a vital bit of the configuration in which case I will update this article at a future date.
Another problem I have noticed is a noticeable lag inherent in the initial communication across the bridge. This can range from and annoyance to a downright problem depending on the circumstances. For instance, this lag makes some services impossible to access due to timeouts, including DNS and DHCP. While DNS often works, the lag makes name resolution unbearable at times. Of course a simple solution to this would be to place an additional DNS and DHCP server on either side of the bridge, but this takes extra equipment, time and space. I intent to continue work on reducing/eliminating this lag, but I have a feeling it is something inherent in this type of configuration. Perhaps using dedicated bridges would provide a better, more transparent connection.
Conclusion
On the whole, this is proving to be a very interesting and useful project. While the costs involved in purchasing wireless equipment is definately going to be higher than that of physical cabling, circumstances may make it a very viable option. With some additional work and research I hope to reduce/eliminate some of the problem areas I've found as well as increase overall security of the system.
I would recommend this type of configuration only for a home network or small office environment where security is not as great of a concern. Indeed, I would only recommend wireless in general to that type of application. Perhaps as the technology grows we can expect more from wireless networking and put more trust in it. Until then, it is a great convenience that should be used carefully.
