TABLE OF CONTENTS
READER FEEDBACK ARCHIVE VIEWING TIPS |
by SIMSON L. GARFINKEL, Contributing EditorCommunicating without a Net
The promise of wireless data communications is simple: free bandwidth.
Just buy a pair of wireless Ethernet bridges, put antennas on a couple
of roofs, and you can have yourself the equivalent of a T1 data circuit
(or faster) between two buildings without spending another dime.
|
The economics of wireless are so compelling that it's scary. Two radios, antennas and installation cost less than $8,000. A T1, on the other hand, costs between $750 and $1,000 per month in most cities--plus $1,000 to $5,000 for the routers that you need at each end. That means that the wireless circuit pays for itself in less than a year--usually in less than six months. After that, the bandwidth is just gravy.
And the economics just get better and better as you connect more buildings. Most wireless systems support a hub-and-spoke arrangement, which means you can add buildings by buying a single radio and antenna. Even better, many wireless networks support low-cost PCMCIA cards that plug into laptops, letting users cut the cord and carry their laptops around the office--or outside--without losing connectivity.
The promise of wireless is so seductive that more and more businesses and universities are turning to wireless networking, which is in turn creating a booming business for wireless vendors. There is now even an IEEE standard for wireless Ethernet bridges. But, as my company learned over a very difficult six months, there can be a big difference between the promise of wireless and the reality.
High-speed wireless communications using microwaves has been around since the 1960s. (After all, the initials in that telecommunications giant's name originally stood for Microwave Communications Inc.) But back then, wireless communications were expensive. Beyond the cost of the transmission towers and the radios, businesses that wanted to communicate using microwaves needed something else: a license from the Federal Communications Commission (FCC) giving them the right to transmit at a certain frequency, with a certain power and over a certain geographical area.
For some businesses, radio licenses have always been essential to doing business. Taxi companies and all Federal Aviation Administration (FAA)-licensed pilots need radio licenses to do their jobs. But, for many other companies, the whole process of getting a radio license has been shrouded in mystery. Even if it were simple, few people understood how to do it. As a result, many avoided the technology.
Conventional radio systems have another problem: interference. If somebody is transmitting on your frequency, their signal can easily overwhelm yours (or vice versa). But in the 1970s, a new technique was discovered for transmitting radio waves called frequency hopping, or spread spectrum. The systems minimize interference by transmitting a signal successively on dozens (or even hundreds) of different frequencies. The receiver knows the pattern that the transmitter is using and follows along. Because interference usually doesn't hop between frequencies (and if it does, it usually doesn't follow the same hopping pattern that a particular spread-spectrum user has chosen), whatever interference happens is usually temporary.
As things turned out, the U.S. military had known about spread spectrum for many years: Besides minimizing interference, spread-spectrum signals are exceedingly difficult to trace and eavesdrop. But once the secret was out, another problem reared its head: Using the technique inside the United States was illegal under FCC regulations, because radio applications were licensed to a specific frequency.
Things changed in 1985, when the FCC set aside a portion of the radio spectrum for spread-spectrum systems. Eager to avoid the fiasco of CB radio, the regulations (Section 15.247 of the FCC rules) required that unlicensed radios have a maximum peak output power of one watt and a maximum antenna gain of 6 dBi.
Today there are three radio bands set aside for unlicensed use: 902 - 928 MHz, 2,400 - 2,483.5 MHz and 5,725 - 5,850 MHz. To use the spectrum, all you need to do is purchase a radio that has been approved. In fact, you might already be using the same license spectrum if you have a frequency-hopping cordless telephone such as those made by VTech Communications Ltd. and AT&T.
I run a small Internet service provider (ISP) on Martha's Vineyard called Vineyard.NET that offers dial-up service to roughly 1,000 users. We first started thinking seriously about radio back in February 1997, when we started building a second machine room. The second machine room was our insurance policy: If we had a fire at the first location, we could continue operations at the second. Our design called for two computers to be connected by a high-speed network connection, with constant disk-to-disk backups between the two. Naturally, we wanted to do it as inexpensively as possible.
The obvious solution was to set up a T1 between machine rooms, but the phone company wanted roughly $1,000 per month for the connection. Another option we considered was hanging our own fiber overhead. We did a little research and discovered that the cost would have been thousands of dollars for the cable and the engineering plan required by the power company, an undetermined expense of the truck and police detail to put the cable up, and then a pole rental of roughly $5 per pole per month. If we ever had a downed line, we would have to start all over. Finally, we thought about using a pair of Asymmetric Digital Subscriber Loop (ADSL) modems. Although ADSL manages to drive something like 6 MB/s over an ordinary pair of copper wires, the distance between each of our buildings and the telephone company's home office was further than the ADSL modems could handle. To make things worse, the modems had a list price of $4,000 per pair--and you still need to buy a router for each end if you want to connect two networks.
In the midst of our deliberations, we discovered wireless. We were immediately beguiled. The speeds promised by wireless were faster than T1. The price for the first connection was roughly equivalent to the cost of the ADSL modems or a new Cisco Systems Inc. router at each location. But unlike ADSL, we could add locations by purchasing a single radio, rather than a pair.
It was this expandability that really caught our interest. If the wireless system worked, we could use it for more than simply connecting our two machine rooms together. We could use the wireless network to provide high-speed access to our customers. Small Internet service providers like Vineyard.NET are facing increasing competition from big companies such as AT&T and Sprint Communications Co., who offer nation-wide dial-up at a cost that is too low to make a profit. Wireless, we learned, has a range of roughly three to five miles, and Martha's Vineyard is pretty flat. This meant that we might be able to use our machine-room connection to offer low-cost, high-speed Internet service throughout the island. If we could build a wireless network on Martha's Vineyard, we might just be able to find a lucrative niche that would let us survive the upcoming ISP shakeout. At least, that's what we thought.
But which wireless system to use? We had no clue. The fellow who first suggested that I consider wireless said that he was using equipment manufactured by an Israeli company called Breeze Wireless Communications Inc. We clicked into the BreezeCom Web site. The equipment seemed reasonable, and, reassured by the company's 30-day money-back guarantee, we ordered ourselves a $4,000 starter kit.
Most of the radios that BreezeCom makes are about the size of a paperback book. Each radio has two antenna jacks, connectors for RS-232 and power, and either one or four 10BaseT connectors. The units have six LEDs that display the condition of the wireless connection, the condition of Ethernet and power.
At the heart of the BreezeCom system is a special radio called the Access Point (AP-10). This unit is the hub of your wireless network. We actually ordered the AP-10DPro with a single 10BaseT connector that you patch into your Ethernet hub and two antenna connections. It operates in the 2.4-GHz band.
(A note about the BreezeCom product nomenclature. The AP-10 is available in a variety of different styles. The "D" means that the product is sold without built-in antennas, which are suitable for use in an office or factory environment, but not outdoors. The "Pro" means that the unit is part of BreezeCom's new "Pro" series, compatible with the newly agreed upon 802.11 standard, which allows for limited interoperability between wireless vendors.)
To communicate with the Access Point you need either a Station Adapter or a Wireless Bridge unit. BreezeCom manufactures three kinds of station adapters. The SA-10 series connects a single Ethernet device to your Access Point. The SA-40 connects four Ethernet devices; it has four 10BaseT connectors and a built-in four-port 10BaseT hub. BreezeCom also manufactures a PCMCIA adapter called the SA-PC that plugs into a laptop and connects your laptop to the wireless network. And finally, BreezeCom makes the Wireless Bridge that will bridge 256 Ethernet MAC addresses across the wireless network to the Access Point.
With the exception of the SA-PC, all of the BreezeCom units can operate with one or two antennas. Although you only need one antenna, it's better to use two, because that way you can use the system's "antenna diversity" feature. Diversity is supposed to solve the problem of momentary physical obstructions in your radio path by creating more paths for the radio signals to travel. With diversity enabled, the radios transmit all data using both antennas. When they receive information, a tiny circuit inside the radio automatically switches between the two antennas, choosing the antenna that is receiving the stronger signal. Essentially, diversity increases the number of radio paths through the air from one to four (two antennas, each one capable of reaching two receivers).
We ended up ordering an AP-10DPro, a WB-10DPro, an SA-40DPro and an SA-PC. We ordered a pair of omnidirectional antennas for the hub where the Access Point would be located and directional antennas for the WB-10 and the SA-40. BreezeCom supplied us with the radios, the antennas and special low-loss cable for the interconnection. Unfortunately, the cables that BreezeCom gave us were only 20 feet long. This short length created significant problems in placing the radios. The short cabling is a direct result of the limitation on transmission power by the FCC. BreezeCom told us that it was working on special amplifiers that would allow us to use up to 200 feet of antenna cable, but those amplifiers were not available when we needed them. (Using the amplifiers also destroys antenna diversity because the amplifiers force you to use one antenna for transmission and the second antenna for reception.)
 |
| At the heart of the BreezeCom wireless network system lies a special radio called the Access Point (left). To communicate with the Access Point, users need either a Station Adapter or a Wireless Bridge, shown above right, that will bridge 256 Ethernet MAC addresses across the network to the Access Point. |
|---|
We wanted to mount the antennas on our roof, but the short cable forced us to mount the radios high as well. In our first location (my house), we were able to find a place for the radio in a second-floor closet. But in our second location, a 32-foot-high building with 16-foot-high ceilings, we were forced to build a special shelf that we hung from a ceiling to get the BreezeCom radio, its power supply and a UPS within 20 feet of the antenna. (We couldn't just put the BreezeCom unit in the building's attic, because the attic routinely reached more than 110 degrees F and the BreezeCom units were only rated for an ambient temperature of 90 degrees F. We couldn't mount them outside because their boxes were not waterproof.)
Installing the antennas on our roof was another difficult task. We had to mount a tripod on each roof, drill holes for the cables, and make sure that everything was properly grounded. Grounding is key, as the antenna wire basically provides an electrical pathway from your roof to your machine room--just the thing to guide a lightning strike from an angry storm cloud. Fortunately, we were able to find an excellent reference book on grounding, The "Grounds" for Lightning and EMP Protection (GLEP), Second Edition, by Roger Block, president and founder of PolyPhaser Corp. In addition, we bought a pair of gas-discharge lightning protectors, also from PolyPhaser, for added protection. Each antenna took roughly a day to install.
One of the big drawbacks in the way we mounted the BreezeCom radios was that we did not have easy access to the units. At the time, we minimized this problem, rationalizing that if we needed to have physical access to the radios on a regular basis, then we probably didn't want to be using them in the first place. As it turned out, we were right.
To set up the BreezeCom units, you attach a serial cable to the unit's proprietary serial port, plug the other end into a laptop, and program the unit with a standard terminal emulator. Stepping through the BreezeCom menus, you can set each unit's IP address, its netmask, a few radio parameters and the amount of logging you desire. Security is provided through a password: Set the password and the unit's parameters cannot be changed without providing the password, although they can still be viewed.
Sticking largely with the factory defaults, we gave each unit an address on our local network, then rebooted the radios. A few minutes later, we were pleasantly surprised to discover that the units were performing exactly as advertised. Sitting at a computer connected to the WB-10, it was easy to access information stored on the network connected to the AP-10. For all practical purposes, the wireless units were bridging the two physical Ethernets, making them one. Wireless was easy!
But shortly after we got things up and running, we started to have concerns about the quality and design of the software running inside the BreezeCom radios.
At Vineyard.NET, we monitor the throughput of our network with the Simple Network Management Protocol (SNMP) using a piece of free software called MRTG. SNMP doesn't have much security. The only way to prevent other people from monitoring your network is to change your SNMP community from "public" (the factory default on many systems) to some other value. Essentially, your SNMP community is a password. BreezeCom supports SNMP, but the BreezeCom units didn't allow us change the SNMP community. When we complained to the company, BreezeCom recommended that we disable TCP/IP to protect the units from a network-based attack. We didn't want to lose the ability to monitor the radios, so we compromised by programming our routers to prevent SNMP connections to the BreezeCom radios from outside our local network. This provided some protection, although it did nothing to protect us from a local attack.
After we reconfigured our SNMP software to use the "public" community, we discovered that we were still out of luck. BreezeCom didn't properly implement the particular SNMP values required by our network-monitoring software. We later learned that BreezeCom only supports its own custom Management Information Base (MIB).
Another concern that we had was preventing possible theft of service. We didn't want somebody to be able to get free access to Vineyard.NET by simply going out and buying their own BreezeCom radio. Unfortunately, BreezeCom didn't give us much in the way of protection. The sole means for preventing unauthorized access was by setting a configuration variable called the Extended Service Set ID (ESS ID) to be something other than the default value. The ESS ID is designed to allow more than one wireless network to interoperate within range of one another without interfering with one another. Each wireless unit will only speak to other units with the same ESS ID. But ESS ID is designed to prevent cross-talk, not provide real security. In practice, there were many ways for a potential attacker to learn the ESS ID that we were using.
We had been using the BreezeCom units for about a month when we installed a used terminal concentrator (a Bay Networks Inc. Annex 4000) on our internal network. A day later, the Access Point stopped working. We had no idea what was wrong. The system had worked perfectly until that point. We assumed that the software had crashed. Not knowing what else to do, and it being a Sunday, we got a ladder and rebooted the Access Point. Things worked well after that for a few days, but then the Access Point crashed again.
A telephone call to BreezeCom revealed that we were not running the most recent version of the Access Point firmware. BreezeCom recommended that we upgrade. But the upgrading process was frightening. To upgrade the BreezeCom unit, we were told to send it two TFTP commands: The first command told the unit to enter programming mode; the second command uploaded the new firmware. What was frightening was the fact that the unit performed no sanity checks on the uploaded binary to make sure that it was correct, and there was no security to prevent anyone else on the Internet from reprogramming our BreezeCom units without our permission. Furthermore, BreezeCom warned us against using the UNIX TFTP command to do the programming. Unless we used a particular TFTP program for Windows 95 computers, the timing might not work out perfectly, and we might end up rendering our Access Point unusable. And BreezeCom told us to never, never, never attempt to upgrade the firmware over the air.
Unfortunately, we didn't have a Windows 95 computer to reprogram the Access Point. BreezeCom said it would send us a replacement unit but suggested that we try using the UNIX TFTP command, just in case it might work. Sure enough, the timing didn't work out. We sent BreezeCom back the dead unit.
We received a replacement AP-10DPro with the new firmware a few days later, but it had the same problem. Then, our WB-10DPro started malfunctioning as well.
Over the following month, we worked closely with BreezeCom trying to isolate the cause of the failures. BreezeCom had us connect a personal computer to the serial port on the Wireless Bridge to capture all the information that the unit would log. (The system kept some log information in memory, but this information was wiped out every time the machine crashed.) Then, each time we had a failure, we sent the captured serial port output to BreezeCom's engineers. The files contained numerous warning messages complaining about invalid ARP packets. My guess was that there was a bug in the BreezeCom TCP/IP stack, possibly being tickled by our Annex 4000.
BreezeCom didn't seem to be prepared to debug its systems in the field. After a few weeks, the company's engineers said that they had many hundreds of units in the field, and we were the only customers reporting problems. But our units were crashing. After many frustrating weeks, we finally gave up.
To be fair to BreezeCom, the company gave us no difficulty when we wished to return roughly $5,000 of equipment several months after the 30-day money-back guarantee period had expired. Within a few weeks, we had our money back and were ready to try again with another vendor. But this time, we were going to be informed consumers.
Before we went shopping for our second wireless system, we searched on the Internet for all the information that we could find. The most useful service that we found was a directory of wireless products maintained by Barry McLarnon, a ham radio operator and a researcher of digital radio broadcast systems at the Canadian government's Communications Research Center. The directory includes a comprehensive list of products that operate at the 915-MHz, 2.4-GHz and 5.8-GHz bands, as well as reviews, articles and links to vendor Web sites.
One of the decisions that we made at Vineyard.NET was to change our primary frequency from 2.4 GHz to 915 MHz. The reason had to do with the trees. Vendors are excited by the higher frequencies because they offer better noise immunity in crowded urban environments, which means that most customers are less likely to have interference. But out on rural Martha's Vineyard, lower frequencies get better propagation around the rolling countryside. Lower frequencies also have a better chance of shooting through tree canopies, which are all too common here.
Restricting ourselves to 915-MHz vendors, we quickly had a short list of three companies with products that we thought would be acceptable. So we made up a long list of questions, most of them having to do with security, then called each vendor to find out their answers.
Why focus on security? One reason is that I specialize in this area. But security was also the first area in which we discovered problems with the BreezeCom units. Security is very hard to do. Our theory was that if a company got its security correct, it would probably get the other features correct as well.
When we started making phone calls, we discovered something very annoying about the wireless directory: Most of the prices were wrong. McLarnon says that the directory is very big and it is difficult to keep up-to-date. One of the things that makes the job particularly difficult is that some prices include the cost of the antenna and/or cables, while others require that you purchase this equipment separately.
Ultimately, we decided to go with a company called C-Spec Corp.
C-Spec's wireless network system is called OverLAN. The radios are built from a low-profile industrial PC chassis equipped with a 486 CPU, an Ethernet card, a Lucent Technologies Inc. WaveLAN card, and a proprietary card containing flash RAM and an interface for the front panel lights. The system can transmit up to 2 Mb/s. C-Spec also makes a PCMCIA card and an ISA card. Any OverLAN unit can operate as either a hub or a spoke.
 |
| C-Spec's OverLAN wireless network system can operate as either a hub or a spoke and transmits data at up to 2 Mb/s. |
|---|
The C-Spec radios have two modes of operation. Like the BreezeCom units, they can operate as a wireless Ethernet bridge, connecting many Ethernet segments together. Alternatively, the units can operate as true routers, linking multiple TCP/IP, Novell Inc. or AppleTalk networks in an intelligent, manageable fashion.
C-Spec supports multiple layers of security. The SNMP community can be changed. The system also allows access control lists, so that SNMP commands can only be accepted from particular IP addresses. The over-the-air traffic is encrypted with the U.S. government's Data Encryption Standard (DES). And, unlike the BreezeCom units, C-Spec supports remote software upgrade, even over the air.
Getting the C-Spec units up and running was a little trickier than with BreezeCom. Before they can be made operational, C-Spec requires that its units be programmed using SNMP and a special configuration application that the company has created. The application runs only under the DOS operating system (and not under Windows 95). We spent two days looking for an old 386 computer on which to run the program. The configuration program worked as advertised but occasionally crashed. C-Spec promises that it will have a new, Windows 95-based program shortly.
Since they have been installed, the C-Spec units have operated flawlessly. They support the full SNMP MIB II, allowing us to integrate them easily with our current network management software. And the large number of front-panel LEDs (showing the quality of the wireless signal as well as congestion on both the wireless and the Ethernet networks) give us a good idea of what is happening with the radio simply by looking at the unit. Our only complaint with the C-Spec units is their noisy fans (two fans in each radio). The company says that it used noisy ball-bearing fans because they are less likely to fail than quieter units. Fortunately, C-Spec supplies cables that are 50 feet long, so we were able to install the units in our basement, out of earshot.
C-Spec claims its systems will operate up to three miles (creating a cell six miles across). The company sells an optional amplifier that boosts the range to 10 miles.
Today the outlook for wireless looks good. Systems are getting faster and faster. C-Spec, for example, claims a new version of its OverLAN system offers 10 Mb/s. And a growing number of vendors support the 5.8-GHz band, which is good news for people in crowded urban areas.
The IEEE recently passed the 802.11 standard, which theoretically allows interoperability between different spread-spectrum wireless products. BreezeCom has been very active in the standardization activities. You can find out more about the standard at the BreezeCom 802.11 site.
Nevertheless, it's not clear just how much difference these standards will actually make. Many vendors say that 802.11 will not be as important as many users anticipate. The standard does not guarantee compatibility or even interoperability between different products. Furthermore, many wireless systems may produce higher throughput or have more management features when using the company's own proprietary protocols, instead of the standard.
If you need to connect two sites that are within three miles of one another, you have access to your roof and you're not surrounded by taller buildings, wireless might be a very cost-effective way to build your network. Alternatively, if your office is located on a high spot, and there are engineers who want to work from home who can see the office building, wireless might be an easy way to give them high-speed access.
As the cost of wireless PCMCIA cards drops (expect $500 cards early this year), many universities and offices are likely to use indoor wireless systems as a flexible alternative to pulling Ethernet wire. Combined with a Dynamic Host Configuration Protocol (DHCP) server, these wireless systems can provide instant access and transparent roaming for laptop users, even when moving between buildings.
If you do decide to go wireless, it's important that you have some kind of backup between the two facilities. After all, the real danger of the unlicensed spectrum is that it is not guaranteed. If some interference comes along, it can shut your system down without any legal recourse on your part--although you can always move to another frequency.
SIMSON L. GARFINKEL
is a computer consultant, science writer, and columnist for both
The Boston Globe and HotWired, Wired Magazine's
online service. He is the author of PGP: Pretty Good Privacy
(O'Reilly & Associates, 1994) and the coauthor of Practical UNIX
& Internet Security (O'Reilly & Associates, 1996). Mr.
Garfinkel writes frequently about science and technology, as well as
their social impacts.
|