You’re not wrong.

I dunno if they still offer it, but I found that Cisco’s ICND1 was fairly neutral. They use examples from Cisco stuff, naturally, but the majority of the content is around learning and understanding how IP networks function. This is the first half of the CCNA study materials, and honestly, one of the best resources I had, and used, for learning how it all works.

There’s probably a ton more out there now, but at the time when I was learning, it was all CBT Nuggets and pluralsight… I believe a lot has hit YouTube in recent years.

Don’t worry if the information is out of date, this stuff doesn’t change. The updated stuff just has newer vendor specific information, and IPv6.

IPv6 isn’t crazy different in how it behaves, but the mechanisms for local discovery, IP assignment, and whatnot, can vary quite extensively.

Good luck out there

Sorry this took me a bit to get to. Hello!

I’m hoping that not all of that is running on a single pi. I mean, it can, but you might hit limitations when everything is engaged with doing things. I just feel like, that’s a lot for one raspberry Pi…

Anyways, iptables are good to have a general grasp of, but they’re generally GNU/Linux specific. There’s other routing implementations that run on Linux, and hardware appliances generally have their own bespoke, vendor specific stuff. One project I’m aware of is free range routing. There’s a lot more, but this is one that I know of. Using FRR, vs iptables, they’re very different beasts. But you shouldn’t need FRR, it’s a monster in terms of memory use and designed to operate in ISP class networks. You don’t need it. I’m just using it as an example of what is out there.

The best advice I can give about this is that learning the concepts behind routing is more valuable than any specific product. Knowing the difference between an RIB and FIB, and how to structure routes, priorities, costs, etc… All very important. Can you learn that with iptables? Sure, and probably more, since iptables can also function as a low end firewall.

The important thing is that you learn the meaning behind what you’re doing in whatever routing platform you are working with.

I’ve worked with so many different ways of handling routing and firewall work that I get annoyed when vendors come up with dumb marketing terms that leak into the device user interface, for a very common routing, firewall, or VPN technology. I don’t care whether I’m on a router or firewall that’s custom and running open WRT, ddwrt, opnsense, or one from Cisco, Sonic wall, watchguard, Fortinet, Palo Alto, or any of the dozens of other vendors. A VPN is a VPN. IKE and IPsec don’t change because it’s vendor x or y. Don’t start calling the IKE identifier something else.

… Sorry, rant.

Anyways, I don’t really see the vendor’s interface as anything more than a code I have to convert into the industry standard protocol information that everyone uses. It’s a filter by which that vendor portrays the same options that everything else has. Some have quirks. Some are more straight forward. But they all have the same options in the end. Allow the traffic or don’t, do it by port and protocol or by IP. Apply content filters or don’t, use Ethernet, DHCP, pppoe, or something else like ATM or ipx/SPX for signaling. Who cares.

If you understand the concepts, the skills are transferable, no matter what platform you end up using, you’ll know what needs to be done, you’ll just be stuck figuring out how you do it on this platform.

Well, I’m not opposed to it. If someone has an operational security issue that they want my take on, I’m happy to take that to DM.

The same promise, or lack thereof, for replies, will apply. Heh. I’m busy, so I can’t spend all my time on Lemmy. I love you all, but Shaka six feet dude.

No argument here. The earlier stuff is still very bandwidth constrained, some pieces are incapable of meeting line rate, like the UDM pro. It has 10G connections but the throughput of the unit is around 6Gbps. Still much faster than most people’s Internet connections (who in their right mind has a 5+ Gbps Internet connection at their house?) but it’s a limitation worth knowing before you buy.

Solid gear otherwise. I haven’t seen how their end of life looks, so I can’t really comment, but most companies just announce that they’re no longer supporting a piece of gear and suggest a replacement. Called an EOL notice, or something similar. EOL being end of life. Usually includes a recommendation for an upgrade to something supported that’s a similar class of device.

Time will tell on that one. I have a UDM pro in a network I manage so I’m waiting for that EOL notice.

Yeah, that can certainly happen. It really depends on how the router handles contention, it’s overall capability and performance, and what loaf balancing algorithms, if any, have been implemented. QoS basically guarantees that some form of traffic management is happening. With it off, it’s really just a guessing game whether something will work well or fall over, as you’ve discovered.

Have a great day.

Oh yes. You’re taking about a VPN.

But that opens a whole can of worms. You could go with something more tried and true, like Ike/IPsec, if your routers have that option. Usually that’s the way for firewalls, but it’s a bit hit and miss for routers.

Or you can go with something a bit more modern, like tailscale, wireguard, or zero tier. But then you need some way to put that on your NAS. I’m partial to zero tier, but there’s plenty of good options, even beyond what I’ve mentioned.

Researching this becomes a mine field without the right vocabulary, because having a “VPN” is such a broad definition that there’s a lot of commercial VPN solutions, designed to give you operational security when browsing the Internet, which are completely useless at securing traffic between computers on different LANs over the Internet. Services like PIA, NordVPN, surfshark, proton VPN, Express VPN… So many others. They’ll secure your traffic to the Internet itself, not between private locations connected by the Internet.

I don’t know what hardware you’re specifically using as a router at each location or what works with what. I know ubiquiti has some VPN features in their gateway products, and that could make quick work of the problem. Just food for thought I guess.

I suppose, but I usually don’t check my messages on Lemmy very often, I look at my comment replies, but not my messages. I should have Matrix connected, if you use that… I have no idea if I set up Matrix right, or if I linked it correctly… I haven’t looked at it since I did the setup.

I’m curious why you would want to DM rather than discuss it publicly where the information might help others?

You don’t need to justify yourself to me. That question is intended for you to answer it for yourself, and if that doesn’t change that you would rather do the discussion over DM, then I won’t hold that against you.

Be well.

Good luck.

Basic configurations shouldn’t be too stressful. When you get into large segmented networks that use routing protocols, then you’ll have some headaches. I think you’ll be fine.

Hallelujah.

Preach it!

Well, SNMP is pretty great. There’s three variants in common use, v1, v2c, and v3. I’m a big fan of v2c, because I usually run SNMP over my trusted LAN, and read only, so there’s little or no risks there. I just want all the information! Haha I would consider v3 if I was doing any kind of read/write work with SNMP. To date, I’ve never had to, so I just don’t bother with it. It’s a bear to set up compared to v2c.

ARP is on layer 2/3 of both the OSI model and the 5 layer TCP model. The OSI model has never been implemented in a production network, it’s just a reference to visualize how things operate. TCP/IP and ipv6 generally stop around the OSI model layer 5. 6/7 is handled by the software, in theory, and layer 8 is where you get the most problems, by far.

ARP is considered to be both layer 2 and layer 3, sometimes noted as layer 2.5, because it’s bridging layer 2, which is Ethernet Mac addressing in most networks, and layer 3 which is IP addressing. It almost entirely operates on layer 2 however.

There’s a new, revised version of the TCP model that I’m aware of that blurs the line between what is known as layer 1 and 2 in the OSI model, kind of bundling them together. It’s weird, but something I’ve seen around.

The question I never got an answer to was about Ethernet. I have searched the internet high and low and have yet to find a credible reference that indicates what the real answer is. There’s a white paper but you have to pay to see it, I’m pretty sure the answer is in there, obfuscated by some fancy math algorithm… The question is: how much voltage is used for Ethernet baseband signaling when PoE is not used? What constitutes a “high” signal, and what is a “low” signal? A lot of sources seem to point to 5v and 1v, but never have any references to back up the claim. There are other sites that provide different voltages for high and low too. 5/1 is just the most common that I’ve seen mentioned.

ISP provider doesn’t matter. Put your ISP modem into bridged mode and get your own router.

ISPs usually don’t buy good, or reliable stuff for their clients, they buy whatever gives them the marketing buzzwords and costs them the least. Usually, they’re great at doing modem things, not so good at anything else. Bridged mode just limits them to just doing what they’re good at.

Yes but also no. Originally MIMO, or multi-in, multi-out, was what is now called SU-MIMO, or single user MIMO. In wireless AC, they did multi-user MIMO on the access point transmission side, then AC wave2 brought it to the client as well. Wi-Fi 6 should have MU-MIMO supported on all points, but I forget if it’s a requirement of the spec or just a feature. In the later case, manufacturers would not have a requirement to include it.

The difference is in how many nodes are “talking” at once. They use beam forming to enhance signal strength where the recipient node is, which sacrifices signal strength everywhere else. That’s SU-MIMO. This came with the promise of MU-MIMO, which is using beam forming to transmit different messages to multiple nodes at the same time. Which effectively doubles throughput for that duration, but also requires very specific conditions in an environment that’s constantly changing, especially for mobile phones. Tapping the screen or rotating the device slightly could put your device into a situation where MU-MIMO may start or stop working. Millimeters of travel can be the difference here. Even a laptop slightly shaking from someone bumping the surface it’s on, or someone typing on the keyboard could affect it. It also may not.

The point is, MU-MIMO is great when it works, but you have no reasonable promise that you’ll get any benefit from having it. It’s especially useless in areas with a lot of reflections. But I digress.

The game changer tech is coming with WiFi 7 and multi link operation, we can basically go to a pseudo full duplex operation on Wi-Fi using it, which would be a huge boost for overall speed.

I’m side tracked. The issue you have on your friends network has nothing to do with the wifi. It is a matter of contention. Your upload usage is basically causing drops, or at least significant delays, for other traffic going up to the Internet. So when the client device requests to download a file, or a webpage, or a document, or start a media stream or whatever, the request can’t go out, and every so often the downloading client needs to tell the server “I have this data, send me more” and those messages (called acknowledgments) are not going through.

Two options to fix this. The easiest is to turn off your torrent software. If you must have it on, when the network is dormant, do a speed test, and set an upload limit in your software for less than the upload of the connection. 75% is probably a good place to be, so if they have 10mbps upload, set your software to 7.5mbps. (be weary of Mbps vs MBps) The other option is going to be a bit more involved and depending on what hardware your friend has, may not be possible at all. This will, however, permanently fix the problem moving forward, both with your computer on his network, but also with everyone else’s. Implement QoS. Some routers can fall over in terms of performance with QoS on, so your mileage may vary, and there’s no guarantee that QoS is even available on their router. If it is, you need some basic settings in place for it to work correctly, most importantly, it needs to know how fast the upload and download are for the WAN. I would also build in a margin here, and only enter about 90% of the actual speed of the connection, the overhead will be used for high priority traffic when the link is otherwise fully occupied. My recommendation, if you have the option, is to set QoS to drop instead of buffer. This reduces buffer bloat, and the information that’s getting dropped can and will be retransmitted (calling back to those acknowledgments I mentioned earlier).

QoS if implemented correctly will prevent the connection from being over saturated by any one thing, and traffic will continue in a high bandwidth use situation. It will still be impacted by how much is going on, but it should at least function. Acknowledgments usually have a slightly higher priority than other traffic, so those should be sent before other traffic.

Good luck.

I can answer the second thing quickly, “stacking” the ssids as you say, makes the inference into what we call “co-channel” interference. Most of the wireless headers are unencrypted, though your payload is encrypted (the data being transferred) but not so much for the headers. Because of this, and the fact that each ap is talking on the same frequency, there’s a small amount of collaboration that can occur between wireless networks. If someone starts a wireless multimedia (WMM) session that will last 8.2ms, then all radios on channel will know that the channel is occupied for the next 8.2ms, and basically go idle for that much time. If you’re on differing channels, but still interfering, aka adjacent channel interference, then those messages may not be understood, causing a lot more collisions. Collisions being when two radios transmit at the same time and the channel needs to clear and everyone backs off, and you try again (usually happening on the order of milliseconds, and possibly several times per second). Collisions will negatively impact your performance more than the channel simply being busy. The protocol in use for wireless collision avoidance is CSMA/CA or carrier sense multi access with collision avoidance, which is an amended version of CSMA/CD (collision detection) used in half duplex wired communication.

How’s that for a “short” answer?

For channel conditions, I’m looking at walls, building materials, open air distances, appliances, furniture… Anything that may attenuate, reflect, refract, or otherwise degrade signal strength whenever I start to assess an area for wireless. This is important so I know how many access points I need and how close together they need to be to overcome the obstacles placed in the environment. Once I have a rough idea of how many access points I need and how close together they should be, my next consideration is the expected client density and the objectives of the network. Something made for a busy stadium will have more access points than something made for a local cafe. If I’m doing a large number of access points my focus will be on maximizing how many clients can be connected, and driving that number as far down per access point/radio, as possible. Fewer people on a channel means more free airtime for their traffic, which equates to faster speeds. I’d be looking at using most of the 5ghz spectrum on the smallest channel width and have each radio be on its lowest power setting. You’ll have clients moving between access points a lot, but you won’t end up with more than a couple dozen per radio. I’d look into directional antennas, to minimize the broadcast range so I can reuse channels closer together. In such a high density space I would want to have some kind of Wi-Fi blocking or attenuation tech installed in the exterior of the building to prevent outside signals from coming in and inside signals from going out. Both for security and control over the airspace. Fewer things to interfere with; you only have to worry about what’s inside that perimeter. Then it’s a matter of setting up the channels for use in accordance with local laws, and letting the system handle channel assignment. With a huge number of access points, manually setting the channels is impractical. So everything I’ve said about it until now isn’t even for channel selection, it’s all things that support channel selection.

For small networks, especially in high density scenarios where the density is due to neighbors, whether that’s commercial neighbors in a plaza or mall, or residential neighbors if you’re in a suburb, an apartment, or a condo; for this, you want to pay careful attention to not only what other networks are around, checking from multiple points not only inside but outside of the premise as well, but what channels they’re on and what their relative signal strength is. If signal strength is low then not a lot to think about. Avoid the channel if you can, but if you can’t, there are worse selections. I’m also looking at the attenuation obstacles here, environments with large obstacles will benefit from lower band channels, either 2.4ghz or UNII 1 for 5ghz, and environments with a lot of radios on the 5ghz spectrum, may benefit from enabling the UNII 2 DFS channels (dynamic frequency selection). A lot of cheaper gear can’t operate in the UNII 2 DFS space because they haven’t bothered to implement DFS, which is a legal requirement for anything operating in that band. So the guys in the apartment next door that are using an off the shelf, cheapo router on sale from best buy probably won’t have the ability to even select those channels for use, and you’ll be free to use them with little to no interference… Unless the DFS triggers that is… For less dense areas I want to tend towards UNII 1 and 3 for stability, and only have enough 2.4ghz to cover the area. 20 MHz wide channels on 2.4ghz, 40 wide on 5/6Ghz. Should net about 400mbps or so per radio, and unless you have gigabit + Internet, with everything on Wi-Fi, some remarkably clear airspace, and only a single access point, going to 80mhz channel width is usually unhelpful. I’m looking at not only the channels with low/no occupancy, but I also want to look at how busy those channels are, but this aspect usually requires monitoring over a duration of time, with specialized hardware. I would choose to overlap with a dormant network with a stronger signal, than overlap with a network that is much weaker in signal strength, but very busy all the time. I also prefer channels 1/6 on 2.4 GHz because channel 11 is near the upper limit of 2.4ghz, and just above that limit is the frequency used by microwave ovens. If any microwave ovens don’t have perfect shielding and you’re on channel 11, you’re going to have a bad time. In environments with more than one access point on 2.4ghz, I don’t worry too much about it since any affected client can hop to another access point when interference ramps up.

There’s more but my brain is tired today.

Networking is a pretty specific niche, the biggest challenge I’ve faced in my career is that I can’t find any local jobs, or remote work positions that are networking focused. It’s still a passion of mine, but I tend to be stuck in sysadmin type roles.

As far as I’m concerned, until AI can plug itself in and fix it’s own servers, humans will always need to be involved in the setup and maintenance of the hardware that connects our world. I don’t think it’s practical or realistic for AI to put satellites in orbit or run intercontinental fiber along the ocean floor. Not anytime soon and not in our lifetimes.

The thing about computers is that they’re not very adaptable to their environment, so the environment needs to be adapted to computers. We, as humans, are extremely adaptable to our environment. This is very slowly shifting that computers are starting to be able to adapt to different working environments; but I don’t think that will happen in fully within our lifetimes.

Programming can be a minefield right now, but that shouldn’t dissuade you if that’s your interest/passion. Networking will be required, and tech jobs are some of the most recession proof, though not completely recession proof. Tech fields have slowed but it’s extremely rare that we see negative growth in tech. The players might change but the jobs are there and need people in chairs to fulfill them.

My advice is to pursue what interests you, and adapt to whatever life throws at you. Maybe you’ll start with cybersecurity and move into a coding role, or like me, study networking and then work as a generalist. When you get to that point, when interviewing for jobs, make sure you know what the job is, review the job posting with your interviewer if you are uncertain at all. The job should fit you as much as you fit it. I didn’t do that for one job and it was one of the most unpleasant years of my life working there. I got on the job and discovered that what I thought I’d be doing, was not what I was going to be doing.

Good luck.

The difference between high and low ranges in the 5 GHz band shouldn’t be significant. My understanding of the rule with penetration is that the signal will be attenuated by something that is half of the wavelength in thickness. Which for 5 GHz frequencies with a wavelength between 50 and 60 mm. Anything thicker than 25mm will impact performance. The lower end, channel 36 will be closer to 30mm

5mm isn’t significant enough to worry too much about. Certainly worth testing either way.

By comparison 2.4ghz has a wavelength of ~125mm.

For wall penetration 2.4 GHz is better, but you’ll suffer on speed. I think the phy rate caps out around 150mbps on 20mhz wide channels. I can double check that, but I don’t think it’s far off. I think you could get up to ~300mbps? But I’m pretty sure that was 40mhz wide… So as far as I’m concerned that’s not valid.

Good luck. Test, document it, see what’s what. Remember, the difference between science and fucking around is writing it down.

Thanks. I’ve been on hiatus for a bit. I’m around.

I still won’t go back to that place either way

If I’m not mistaken, they still use 2.4 GHz, which is also used by wifi, Bluetooth, ZigBee, a bunch of other stuff… Microwave ovens…

And anything operating on a frequency, regardless of protocol, will interfere with eachother. I think the main benefit for you would be the brief amount of active time, could reduce the airtime being used by the devices.

I hope it works out for you and your wifi works excellently. Just be aware that it could still interfere. Use 5ghz when possible.

There’s some nuance with 5ghz, let’s talk 2.4 GHz first.

You’ve heard correctly, 1, 6, and 11 are the “non overlapping” channels, if anyone is on, say, channel 9, then everyone on 6 and 11 are going to have a bad time. But this is entirely based on everyone using 20mhz wide channels. Anyone using 40mhz wide channels are just going to fuck up the airspace. 40mhz wide channels basically occupy two of the three non-overlapping channels on 2.4ghz. never use 40mhz wide on 2.4 GHz. IMO, it shouldn’t have ever been an option.

5ghz is a UNII band, and there’s three, technically four or five, main sections of the band that are relevant UNIi 1 is the low end of 5ghz, I don’t have the channel numbers off the top of my head, but I know it ends at or around channel 90 or so? I’m tired and I’ve been ill today, so please forgive me. Some of the specifics are slipping away right now and I don’t have the brain power to cross reference it. You can look all this up anyways.

UNII 1 is pretty typical, very similar to how 2.4 GHz works, just on a different band.

I’ll circle back on UNII 2

UNII 3 is the high part of the band and the only nuance here is that the 5.8 GHz ISM channels overlap with a lot of this, so any consumer electronics like cordless phones that use 5.8 GHz, might cause problems with some of these channels. Use of the ISM band here has been on the decline for a while, so it’s probably not an issue, but something to be mindful of.

UNII 2 is a whole thing. You’ll need to look up what is allowed for your country, but some channels are off limits and this band actually interferes with radar operations, so anything operating UNII 2 channels needs to have radar avoidance built in. That’s pretty much automatic, or it should be. The key take away with these channels is that you need to let the system pick the channel or will use in the band, so that it can change the channel to avoid radar if needed. Setting a static channel on your Wi-Fi in the UNII 2 band might land you in hot water.

Some 5ghz channels can only be used indoors, some can only be used in specific countries, so look it up for your situation. Wikipedia has a comprehensive article on it, and I would encourage you to familiarize yourself with it.

6ghz regulation is starting to settle down but it’s looking to be a bit more open and consistent between countries which would be a nice change.

Also, there are different power restrictions on different channels, don’t worry yourself too much with that since most consumer access points and Wi-Fi routers don’t push enough power to exceed even the lowest restriction.

Feel free to move to 40mhz for 5ghz, there’s a lot more channels and 40mhz wide can really enhance your speeds. Stick to 20 for 2.4 GHz; but don’t feel limited for 5 or 6ghz.

Your methodology is good. But please understand that the graphs are an estimation, a real waterfall examination with an SDR that’s capable of observing the channel would be the only way to really know what’s happening in the airspace. Generally that’s overkill for residential installations. Just bear in mind, those scanner apps will only show other Wi-Fi networks. Non-Wi-Fi interference will not be shown. Don’t hesitate to try a different channel if one isn’t working great for you. Might just be alien interference (in this context, alien means non-Wi-Fi).

Awesome. That’s good to hear.

I know not everyone can run Ethernet. Whether it’s because you’re in a rental, or you simply don’t have the budget for it, the reason doesn’t matter all that much. There’s plenty of good reasons not to.

Usually mesh nodes have Ethernet on them as well and it just bridges into the LAN. Using that can actually cut down on wireless traffic overall. Maybe something to look at which could help if you have any troubles.

Good luck friend.