KVH mini-VSAT easy, but what about DHCP?
Big yacht IT is challenging, and thus I nearly had to tickle local marine networking ace Nik DeMaria (Blue Maple Systems) to capture his naturally grinning good nature, above and bigger here. I’ve known Nik “since he was knee high to a grasshopper,” as we say around here, but now he can make my head spin with talk of stuff like static IP addresses and Dynamic Host Configuration Protocol (DHCP)—his worries last week. You see, he and John Gass were just wrapping up the installation of a KVH V7 mini-VSAT aboard the 115’ sailing yacht Tenacious, and while they termed that chore “easy”—even pulled it off in less than a day—Nik was looking for an elegant way to manage the vessel’s multiple Internet users and sources. I think he’s still looking, and maybe some of you Panbo-reading IT types can help…
Tenacious has several computers and VOIP phones wired to its network plus four WiFi access points for crew and guests, and sometimes her Syrens/Wave/GeoSat Solutions (multi-name explanation below) high-power WiFi bridge will be preferable to the new mini-VSAT for hooking the yacht LAN to the Internet. Plus the system may get an alternate cellular Internet link added when Tenacious comes back for more work. What’s the best way to easily but knowingly move from one Internet source to a better one? Some yachts literally swap source Ethernet cables and reboot everything. Others have each source set up to be a DHCP server and all users set to acquire IP addresses automatically; to change sources you shut down everything, fire up the source you want, and then whichever computers you want. Theoretically at least, there are much better solutions, like Multi-WAN routers (ably discussed by Joe Mehaffey in this somewhat dated piece) or specialized software like Livewire’s Service Selector. But I’m in over my head here; how would you set up Tenacious, or, say, a 40’ boat with a few computers, alternate WiFi, cellular, and sat phone data connections…and a budget?
PS, Sorting out Syrens/Wave/GeoSat Solutions: GeoSat has been making high-end marine WiFi systems for years, but for a while they were distributed as Syrens WiFi by an independent company called Radio-at-Sea. Now GeoSat is doing direct distribution as Wave WiFi, but, whereas Radio-at-Sea owned the “Syrens” name, it’s marketing different WiFi hardware under it. So if you’re looking for Syrens (Nik is big fan of its hardware and service), go to Wave WiFi. Which doesn’t mean that there’s anything wrong with the new Syrens gear, except maybe the element of confusion.
PPS {corrected}, Below is the updated antenna farm on Tenacious, bigger here. The V7 (which replaced a Fleet 55 that’s now looking for a new home) is the big dome at 27” high, the mid-size is some sort of sat TV, and the little one is a Sea Tel WaveCall 3000 (Globalstar). The V7 controller and modem, shown inset, are mounted in the binnacle to reduce coax runs. Tenacious, by the way, can be chartered with a seaplane, more pictures here.
Ben,
The Internet sources get connected to individual Ethernet ports on a router. The internal network plugs into a hub, which in turn is plugged into the router. This allows the router to determine which Ethernet ports can connect to what. He’ll set it up such that the internal Ethernet port can get to any of the others, the others can get to the internal one, but not any other.
This turns the router into a firewall. The internal Ethernet port will have NAT (Network Address Translation) IP addresses (like 10.x.x.x or 192.168.x.x) The internal addresses need never change regardless which source is providing Internet access.
Add to this RIP (Routing Information Protocol.) RIP dynamically updates the firewall’s routing tables according to networks that can be found. It also adjudicates when multiple routes can be found to a network (such as a network across the Internet.) Each available route gets a weight (number of hops) and the router then chooses the path of least resistance (least number of hops to the destination.)
A cheap Cisco router (e.g. the 2600) will do all of this just fine.
FWIW, I wouldn’t be making a DHCP server available unless they’re making reservations. You don’t want the Tenacious to become a Wi-Fi Hot Spot in every port it docks in, now do you? Also remember to turn off all but the one DHCP server, many of the devices involved probably each have their own DHCP server to make available.
I’m available if he wants more info.
Cheers,
Russ
Took the words right out of my mouth.
The only last point is you can also manually specify routing priority. Basically, the “cost” of the link.
You can use that only, or a combo of that and other factors.
The point being sometimes shortest hop is a long latency and expensive sat bounce. I’d personally probably just manually order route priority, which gives more predictable behavior.
I’d do the selection of alternate Internet sources MUCH more cheaply. My solution would be to manually change the source connected to the WAN port on the router from one source to another.
For example, imagine a boat with two potential Internet sources, a cable modem when in port, and a wireless source (i.e. sharing a wireless notebook card via the Ethernet port on a laptop). The cat 5 cable from the source is plugged into the WAN port on the router (imagine a wireless Linksys or similar). When you’re in port, the output of the cable modem is plugged into the router. The “client” computers, connected either via WiFi or hard wired, get their IP address via the DHCP service on the router, and they don’t care what the source of the internet “signal” is. When you get underway, unplug the cable modem, and plug the cat 6 into the notebook’s Ethernet port (already properly configured for the wireless card to share it’s connection with the LAN port). The router gets it’s IP address from the new source, and the data is passed.
I share my notebook’s wireless card (or WiFi signal if available) via the Ethernet port with my FREE VOIP Video Phone (ask me about it) all the time. Works good, lasts long time.
Joe
I think Joe’s answer is the best … but there are things in the IT business with routers that have multiple WAN ports … Simple solution: Look at a Linksys WRT54G3G, it’s a router with a slot for a cellular PCMCIA card, and it also has a wan port, to switch the cables between connections. Use a digital antenna booster to have long range high speed cellular internet at 3G or EVDO revA speeds.
A more complex solution is to look at a product from companies like PEPLINK, who have redundant WAN port routers. In this case, you can set the priority of which wan port you want to use. You could leave all the cables connected, and just turn off the VSAT or anything else when you don’t want to use it.
My concern about solutions like this would be DNS, the server that translates a URL to an IP address. Each ISP is going want you to use their DNS server when you get a statically or dynamically assigned WAN IP address from them. Therefore you would need to reboot each computer (or simply the NIC) to get, not a new IP address, but new DNS servers. My solution would to let DHCP assign IP addresses, subnet, and default gateway. Yet statically assign a good public internet DNS server to each computer (i think there was a verizon one 4.2.2.1 (or something like that, google it) which was really fast).
So if I read Matt’s last paragraph correctly, rather than rebooting the computer, a simpler solution (other than going with a fixed DSN server) would be to perform an IPCONFIG /RELEASE and an IPCONFIG /RENEW (or just the /renew) to get the new DNS info.
I’m going to need to look at that WRT54G3G router. Looks like a VERY NEAT solution to my personal application. It’ll remove the need for me to have my notebook running all the time to keep my phone up.
I still haven’t got a chance to read how multiple WAN routers resolve DNS (whether it is the simple linksys or more complex peplink, or for that matter high end cisco) but my solution with a public DNS server would definately work.
http://theos.in/windows-xp/free-fast-public-dns-server-list/
http://www.dnsserverlist.org/
Steps: (1) Determine the IP address of the public dns server you want (I like 4.2.2.1) from above (2) On 2000/XP/Vista machine right click My Network Places (or Neighborhood) and left click properties in the box (3) Right click your NIC (Local Area Network) or Wireless card and left click properties (4) Left Click TCP/IP and then click the properties button (5) under general, Obtain an IP Address automatically radio button should be checked (6) select use the following DNS server address radio button (7) type 4.2.2.1 in the primary feild (you could get a secondary address if you want one) (8) click oks until your done. Now you have a public DNS that won’t change with different ISP providers. And since the router will just change its WAN IP each time you plug in a new chord (or redundantly switch over using internal software), the LAN IPs, Gateways, and subnet will stay the same. Thanks to NAT on the router you will be “firewalled” away.
Question for the guys on Tenacious: Did you get the MTA adpater for VOIP communications with the VSAT? Do you have a VOIP system onboard? KVH seems to say they set up the SIP connection? Any experience?
Folks,
Most routers can be the DNS server too, so all this DNS info is moot. If you have your own DNS server, you point to the root DNS servers, not ones belonging to any ISP.
Alternatively, you simply give the PC’s a long list of all possible DNS servers (from all your providers) and they’ll simply lookup till they find one that’s working. No reboots required.
We’re way down in the minutia now…;-]
Cheers,
Russ
I have set up a few systems which have this issue, I just run the network cables from the wifi and in my case Fleetbroadband to dedicated network adaptors (USB) on the PC then enable and disable as required that way you know exactly which connection you are using. You could then use windows sharing to re transmit. I have used this setup on around 30 installs with good results. I have also used a free piece of software called http://www.netsetman.com this allows you to swap gateway and DNS without a re boot…works well.
I’ll have to agree in the scenario that you provided that Russ and Joe’s idea is the winner. I bought a similar product to Matt’s from Cradlepoint it’s model is the MBR1000(also sold as the Kyocera KR2). So far it’s been rock solid, has 802.11n and knows how to connect up multiple sources where you can give them a pecking order. For me it was a simple solution and rather then having a wi-fi repeater I have a cell amplifier which I can use for the remote areas.
I would like to add another comment. I just updated the firmware on my MBR1000 and boy did they add stuff. But the one that I like is now I can use my pcmcia slot AND my two usb ports with wireless adapters or internet connections and band them together for higher output. I tested it and I used my work sprint connection AND my verizon wireles adapter and I was able to pull 2 meg download!! The only problem I have is the latency that happens with cell based internet, oh well it still works for what I want it to do.
Some comments from Nik:
To all who have responded, thanks! There are some additional factors to consider, however, not accounted for in some of the responses.
1. Many of the comments have good solutions for land based applications where the characteristics of the internet connections do not change. Cable modems, DSL, even T1s are often Static IPs/DNS etc. or perhaps Dynamic IPs. Shipboard systems are not only dynamic, but the characteristics of the connections will vary widely day to day as the boat moves from place to place. ISP, IP, DNS etc. may be drastically different one day to the next. This has a significant impact on connection switching & user experience.
2. Office & enterprise applications with multiple internet pipes generally need two important functions: traffic shaping & failover. Traffic shaping sends some types of data (say VOIP) down one pipe and other data (web browsing/email) down another with devices that share the load across the multiple pipes. Failover is obvious, if one pipe goes down, the other picks up and keeps the system running. Neither of these functions is desired in the boat application. See #3
3. We don’t want “auto” switching. There will be times when more than one internet connection is available, but for whatever reason, a particular one is desired to be used. The boat crew needs to be able to select which connection to use and we don’t want connection switching happening without crew involvement. This eliminates basing the choice on hops, speed or any other automatic criteria useful in an office environment. Keep in mind the various Sat service plans (usage rates etc.) & the fact that WiFi hotspots have a tendency to go up and down & be less than 100% connected all the time. A short glitch in a WiFi connection is not reason to automatically switch to the Satellite link. Since the cost of the Sat link is very high, it may only be used in certain circumstances as determined by the crew, not a box.
4. One of the key issues is DNS. DNS info ends up being passed all the way down to each individual user PC/laptop on the boat network. If a internet connection is changed, that DNS info needs to also change to match. A router, while yes, it is a DNS server, doesn’t have any way to “push” a new DNS value down to all the clients that happen to be connected when the change is made. Use of a public DNS such as Open DNS may address this particular issue, I’ll be checking it out.
5. User experience. The idea is to prevent users on the boat from having to make changes, reboot, ipconfig release/renew, etc. These will in fact work technically (& are ok for techie guys like us) , but to ask charter guests on a boat of this caliber to this one to go thru reboots or other procedures does not meet what we would like to have for the user experience. This also would keep us away from swapping cables, using USB connections, entering manual DNS settings etc. for every laptop that happens to be on the boat.
6. There is no server on the boat, though that may be a solution in the future. Corporate servers can act as DHCP & DNS servers. This isolates the DHCP & DNS issues from users, the server sorts out all the changes and keeps users running.
7. Using Windows internet connection sharing has drawbacks. Stability has always been an issue. We would need a network interface card for each outside internet connection. Using USB for network is slow and unreliable as compared to Network interface cards (NICs), you have to load driver/management software for the USB adapters. I would be very hesitant to have multiple USBs with active connections to be shared on the LAN. There is a reason we never use the USB connections on cable/DSL modems, but always use the Ethernet connection!
Our particular application already has a small network on the boat with a router that acts as a DHCP server, statically set WAPs for notebooks and hardwired Pc s for the boat itself. I am not sure I understand the comments about no DHCP server & making the boat a hotspot. In order to have notebooks come and go from the boat, you have to serve DHCP for the boat network. Obviously, the WAPs for the local wireless network on the boat are secured so not just anybody can get in wirelessly.
As far as the V7, we do have the MTA VOIP adapter, but it is not up & running yet. Will keep you posted, we should see some progress this week.
I look forward to affordable satellite internet connections, since it could work almost everywhere. The other extreme, WiFi, is popular but it has the disadvantage for boaters that it only works in a very few very limited places. There is a middle way, for personal use at least: use the cell phone network to connect your laptop. The iPhone buzz has made data plans more affordable. See for example the Ovation USB modems
http://www.novatelwireless.com/
in EV-DO and HSDPA/HSUPA/UMTS versions,
up to 7.2 Mb/s down and 2/1 Mb/s up.
Check out this manual ethernet switcher –
http://www.vpi.us/ethernet-switch.html
Install it upstream of the wan port of your boat router / NAT device to switch between WAN sources (wifi / satellite / etc). Then give each WAN source the same internal IP address (so that the default gateway on setting on the internal NAT device stays static). Combined with the DNS solutions in other posts, this should give the crew the positive control they want in an easy to use fashion…
This is the approach I will be using on coming jobs on a 95′ Cookson and a 70′ Swan.
You might consider using a low-cost wireless router/access point that is compatible with dd-wrt or openwrt firmware replacements. I use Buffalo, but they may be difficult to obtain in the US right now due to a patent dispute. Certain LinkSys models have enough memory for dd-wrt.
These devices are quite flexible (after firmware upgrade), do not have fans, and can be powered from 12v systems. I would not use a Cisco 2600 on a boat, they are loud, require AC, and pulling salt air through them is probably not a good idea (I have one in my basement and it has collected a bit of dust).
The wireless access points with enhanced firmware cost well under $100, so you could have a couple of spares.
I think that using OpenDNS is a good way to go. They will give you “suggestions” for typos, but it does not bother me and it is how they pay for the service. OpenDNS will usually be faster than configuring the router to use the root servers. However, either DNS solution should be transparent to the users, even when the ISP is switched on the WAN interface of the router.
Jon
Nik:
1. Yes, your Internet connection characteristics will vary widely from day-to-day, or hour-to-hour, but this does not mean it has to have anything to do with your clients onboard. Let us accept that there is going to be a router of some kind, separating your two networks where netA is your customer’s network and netB is your WAN connected (or not) to the Internet. The router will take care of connecting netA to netB, no matter what other choices you make. Let’s allow the router to do this and move on (more details later.) BTW, you may actually have a network netC, which is your ship’s network which you may wish to keep private from customers. Regardless, it connects the same way as netA and netB, through the router.
That your WAN information (netA) changes does not have to have any impact whatsoever on customer’s systems or experience. They forward everything to the router, and providing the information for the router port facing the customers doesn’t change (and there’s no reason it needs to) then the customer’s system need never change. This applies to DNS as well. Clients resolve a DNS name to an IP address. If your WAN connection changed, and you are now going through a different ISP, the IP address of http://www.panbo.com has not changed…clients will still get there with the info from the previous ISP. But my point was not to rely upon ISPs for DNS. OpenDNS is certainly an option, but so too is using your own router as a DNS server. Doing so would let you cache DNS queries/answers locally, saving Internet bandwidth.
3. There’s no reason that routing has to be automatic. That it is not automatic does not mean that customers need be impacted by the crew’s choice of Internet connection. The very essence of routing is to tell one IP address how to get to another (or all others.) So I can tell customers PCs to connect to 192.168.100.1 to get to the Internet, and then tell 192.168.100.1 to use 192.168.0.1, or 192.168.0.2, or 192.168.0.3… to get to the Internet. More importantly, I can tell it to use all 3 addresses, and it will use whichever one has a device connected. So, you could simply unplug all other WAN devices and the router information would not need to be changed. Unplug 192.168.0.1 and plug in 192.168.0.3 and the network never misses a beat (except possibly traffic that’s currently coming inbound to your customers.) IOWs, the crew can control access based on cables being plugged or not. You can also control this via software. Plug all your WAN devices into a shared hub and then manage the ports on the hub via management software, disabling all you don’t want to use.
4. The way you’re handling DNS is what’s causing your problems. If you go with OpenDNS you solve that problem. You also solve it if you implement your own DNS onboard. If you can have a PC onboard, I’d highly recommend your own DNS.
5. As I’ve already said, there’s no reason why your users need ever deal with anything other than what’s given to them in their original DHCP packets. The info need never change for the duration of the voyage. You only need a single network for them to connect to.
6. Consider, for example, the Panasonic Toughbook-U1:
http://catalog2.panasonic.com/webapp/wcs/stores/servlet/ModelDetail?displayTab=O&storeId=11201&catalogId=13051&itemId=262732&catGroupId=12871&surfModel=Toughbook-CF-U1
Put Linux on it and you’ve got a platform for everything you need with the ability to have enough disk and memory to do anything.
Nik said;
“I am not sure I understand the comments about no DHCP server & making the boat a hotspot. In order to have notebooks come and go from the boat, you have to serve DHCP for the boat network. Obviously, the WAPs for the local wireless network on the boat are secured so not just anybody can get in wirelessly.”
A fully-featured DHCP server can serve up IP addresses based on the client MAC address. So your customers come onboard and you ask them one question…what is the MAC address of your NIC? Easy enough for them to find, or you find it for them when they first connect to your network. Either way, you put that into your DHCP server and you only serve an IP address (and gateway information) to that/those MAC(s). Bingo, you’ve just secured your boat network, and to a greater extent the WiFi. Providing someone doesn’t configure a static address in the same network subnet you’re giving out via DHCP they aren’t going to see anything on your network or your gateway (despite being able to connect to your WAP.) Since you’re using NAT for the clients, you can pick pretty much any network ID you want (16.82.137.x, for example.) The chances of someone picking the same is large enough not to worry about. In many ways this is actually easier than using WPA2 because the clients don’t need to do anything (other than giving you their MAC address.)
Consider, alternatively, something like the Linksys 10/100 16-port VPN Router.
http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1123638171453&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=7145322279B07
It has up to 7 ports that can be assigned as the Internet gateway, combined, individually, or one at a time. Its web-based management interface lets your crew browse to it and make changes as required, giving you control. You can even bind services to a particular port, so for example you can say that people could do email or web when the Sat-link is in use, but not VoIP (to reduce bandwidth usage when on the Sat-link.)
Designing complete network solutions isn’t rocket science, but it does require a complete understanding of the needs and available resources. I spent 6 years in Africa designing networks under the most ridiculous conditions (far worse than what you can imagine on your boat, honestly,) so these things can be done.
Cheers,
Russ
Slightly off topic, but similar:
Does anyone know of a product that allows multiple pstn (analog) phone lines to ring or be used by a single standard analog phone (in our case a waterproof cordless phone). We are looking at having Cellular, Globalstar, Iridium, & skype to pstn adapter for use with wifi; and ideally I would like these all to work over the same single-line handset without plugging and unplugging RJ-11 cables or pushing/rotating switches. Ideally an incoming call on any of the 4 lines would ring the phone, and some method of button pushing would tell the “box” which line to use for outgoing calls. I don’t even know what to search for, so I am coming up empty.
Thanks — Gram
Gram, how about just purchasing a cordless phone with a base unit that supports (4) seperate telephone lines ?
That may be what we do, but I can’t find a 4-line cordless phone for less than about $250 to $300 and we actually really like the bright yellow, floating, waterproof, uniden that we have now.
Any other suggestions?
Gram, want to use your existing bright yellow floating water proof uniden … ok other suggestions …
1) Find a couple (to have spare parts) of used small office PBX products, like one of the earlier toshiba models in the early 1990’s or later. These devices and their competitors have external AC to DC converters, replace with a DC-DC converter of a matching voltage.
Althought the toshiba and their competitors sold proprietary phones with lots of function buttons, some of them had optional ports you could plug in standard telephones in such a way that the pbx would treat them well. Any phone could be programmed to ring on any or all incoming lines, and the user selects an outgoing line, by dialing 8 + outbound line + phone number. You could also take advantage of a feature in these older PBX’s were you could program them from the touch tone phone also, for example to change the default outbound line you simply input a string of numbers. e.g. dial ## + 67 + phone port + outbound number + #
I have no doubt their are modern versions of this as well, but they will cost more than a 4-line cordless phone.
2) Another possibility … if you routinely keep a PC running in your boat, there is software that makes your PC run as a PBX, including open source products (e.g. http://www.asterisk.org/ is just one of many such open source pbx software). With the purchase of a six line rj-11 internal pci card or external ethernet box/media gateway, you can plug in your four PSTN sources, and your existing wireless phone base. You would probably still need a seperate adapter to use skype, but in being open source, perhaps someone has already integrated that. If you look around the internet the 6 or more line cards and applicances (called media gateways) are north of $1500, but I see there are many used devices on ebay search on “pbx asterisk”. Note, some of these devices don’t even need a pc to run.
I believe my first suggestion will consume less power, less of your time, and be simpler to configure and use, and of course requires no pc.
Dan
…Quote
Check out this manual ethernet switcher –
http://www.vpi.us/ethernet-switch.html
Install it upstream of the wan port of your boat router / NAT device to switch between WAN sources (wifi / satellite / etc). Then give each WAN source the same internal IP address (so that the default gateway on setting on the internal NAT device stays static). Combined with the DNS solutions in other posts, this should give the crew the positive control they want in an easy to use fashion…
This is the approach I will be using on coming jobs on a 95′ Cookson and a 70′ Swan.
…/Quote
Nice. Now get the price down to $20 or less with a 5 year warranty on the switch box.
…Quote
Slightly off topic, but similar:
Does anyone know of a product that allows multiple pstn (analog) phone lines to ring or be used by a single standard analog phone (in our case a waterproof cordless phone). We are looking at having Cellular, Globalstar, Iridium, & skype to pstn adapter for use with wifi; and ideally I would like these all to work over the same single-line handset without plugging and unplugging RJ-11 cables or pushing/rotating switches. Ideally an incoming call on any of the 4 lines would ring the phone, and some method of button pushing would tell the “box” which line to use for outgoing calls. I don’t even know what to search for, so I am coming up empty.
Thanks — Gram
…/Quote
Gram I think what you are looking for is called a PBX 🙂
* Routing Schmouting AND LOTS OF SHOUTING *
Routing LAN ports and all that jazz I think is over kill for this application. Unless you really had to share your F55 or F77 serial connection as well. I generally keep expensive satellite connections seperate from the boat network anyway these days. Although we used to put F55’s and F77’s on the shared network a few years ago – because they were pretty much the only game on a yacht.
But a couple other thoughts did come to mind.
I usually do the LAN switch box that someone mentioned, which is why I replied “nice” to their comment post.
This usually only requires a reboot of any computers that were already on the boat network when you throw the switch. And it assumes that all “INTERNET” inputs do have their DHCP service up and cooking at all times.
DHCP is however not the only protocol to worry about on an onboard LAN. I usually static IP network appliances like Network Hard Drives and Network Printers … that way they don’t keep disappearing when the network gets throttled. There is another little know protocol that creeps around in Ethernet and Wireless called “ARP” – Address Resolution Protocol. Every computer and network device keeps and ARP table. ARP is sort of a peer-to-peer protocol. It translates IP Addresses on a LAN to the MAC address of the network device or computer (the ethernet or wireless network card). Basically periodically a network device will shout (broadcast) “ARP who has 192.168.1.1 … tell AA:BB:CC:DD:EE:FF” to update what hardware device holds that IP Address. This especially happens if the device that had the IP Address got turned off. Rebooting computers and laptops that were on during a SWITCH from one INTERNET router to another will take care of that for the computers onboard. It might not take care of it for printers and network hard drives. But they normally only need to talk to computers, and not the INTERNET router anyway. So hopefully ARP will only be a good thing in this setup that I use.
Windows networking also has it’s own protocols. Such as NetBIOS over TCP/IP and it’s own Name Resolution (NBNS – NetBIOS Name Service) although in later Windows versions they are also using DNS to resolve names. You’ll notice when you are bored one day that you can “ping” a computer name on the local network – just like you can ping a web host out on the Internet.
Anyway good luck everyone with you Multiple Internet Connections on marine vessels.
Ben… I’d like to meet – at least by phone and email – your guy Nik. Perhaps we can trade some war stories and such.