Routers for the small business

Routers

Introduction

A router is a device which communicates data between two networks or network segments (subnets). Routers form a key part of our network infrastructure. Without routers, we would not be able to move data between networks and, in all probability, the Internet would not exist the way we know it.

Routers are layer 3 devices; that is, they use Internet protocol addresses to forward packets of data. This is different from devices such as bridges that use media access control (MAC) addresses to move packets. This article will focus primarily on Internet protocol routers since they are the most common ones. Routers can handle any protocol, but MPLS routers, for example, are mainly found in very large offices and Internet service providers. So, you need to know how these devices scale since they form the heart of your network. If you are just starting your company, you would probably only need a small soho router.

A summary of network traffic flow

All data in your network flows in the form of packets. These packets resemble courier packages; they have a source address and a destination address. These addresses are part of your internal network and routers send those data packets out of your network. As your company grows, you will split your network into subnets, or portions of your single internal network, for efficiency and security.

Working

Routers store address information in routing tables. You can see these tables by issuing relevant commands at the routers console. A console is a boring “old-fashioned” software that gives instructions to a router. These tables record which traffic has to been sent to which destination. All unknown traffic, by rule, is sent to the gateway Interface. The gateway interface is the place through which all traffic leaving your network must go to get to another external network. Most soho routers have one such interface which is used to connect to the Internet. All routing takes place based on these rules.

In large installations such as Internet service providers, many routers use what are called dynamic routing protocols; that is, they discover where to send traffic on their own. In many cases, however, entries are added to the routing table manually. If these routing tables are corrupted, then traffic can be misdirected. This is something that can happen if you are hacked or, more commonly, if your system administrator makes a mistake in configuring the routing rules. For example, traffic destined for marketing can go to customer service, but the customer service computers will not know what to do with it and so will reject it. Alternatively, administration employees may end up being able to access marketing data, which is not something you would want to happen.

When a packet of data reaches the router, the following takes place:

1. The router checks the source and destination address.

2. While checking the address, it performs binary anding to determine the subnet (section of network) to which the packets should be sent. Binary anding is one of the most efficient forms of computation for determining which subnet the packet belongs to.

3. If a match is found in the routing table, then the packet is forwarded to the interface bound to that network. If network address translation (NAT) is in effect, then the source and destination addresses are duly altered before the packet is sent.

4. If a match is not found in the routing table, then the packet is either dropped or it is usually sent further on via the gateway of the router. Where the undefined packet goes depends on whether the default route is defined.

The above high-level description assumes that the device is just a router. Today, routers are diverse appliances and also contain firewalls. A firewall is a filter that allows only authorized packets to go in or out of a router. Firewalls operate on rules. A rule is a small routine that tells the router what to do if a packet with a particular set of attributes is encountered. There are five default groups of rules. Each set is called a chain. The five basic chains are input, prerouting, forward, output and postrouting.

1. The input chain

All packets that enter the router having a destination IP address belonging to the router pass through this chain.

2. Prerouting

This chain is used to translate packets before any routing takes place. Destination NAT operates in this chain.

3. Forward

This chain processes packets that pass through the router. This is where binary anding takes place. In some home routers, NAT also takes place in this chain. This is particularly true of routers where you cannot disable NAT.

4. Output

Packets that originate from the router are processed by this chain.

5. Postrouting

NAT operates on packets in this chain after the destination of the packet has been determined.

The packets are source natted before they hit the WAN interface.

Home versus enterprise class Routers

Most of us are used to our home routers which are those little boxes into which we plug our desktop computers, netbooks and DSL modems. These routers also frequently provide wireless connectivity. When you start your company, you too will probably start your network with such a device. However, these devices are actually a combination of a router and switch. More importantly, they only have two network interfaces; that is, they can only connect to networks.

For a home setup, this is not a problem since the most frequent use of a router in the home is to connect our home network to the Internet. Large network setups such as with businesses are a completely different story. Several subnets need to be interconnected. For example, the finance department needs to be connected to the marketing department and the CEOs office will likely want to be connected to all departments. Enterprise class routers have several network interfaces and many routing rules in the routing tables define which packet goes to and from which interface. These routers do not provide any other function such as natting or firewalls. These are dedicated devices.

Why would you need a dedicated device when the humble home router can do so much? The answer lies in the load; that is, the quantity of packets a router can handle. If you download a number of Torrent files, open a series of social networking websites and start watching videos, everything slows down because there is a limit to how much your home router can handle. Enterprise class router limits are significantly higher. Companies also have dedicated devices such as firewalls and load balancing servers to manage network traffic and decide who can communicate with whom.

Types of Routers

In enterprise class setups, it is crucial to place routers carefully. The below classification is based on network topology which in turn determines what the routers do.

Type

Definition

Core router

This router moves traffic between different network segments. It does not communicate outside the network.

Edge router

This device is placed on the network perimeter and moves traffic between it and other networks.

Router internals

Just like a computer, a router is driven by software. It has a firmware which is akin to the pc bios as well as an operating system. Common router brands include Cisco, Mikrotik, Netgear, D-Link, Buffalo and DrayTech. Many custom router operating systems are variants of the Linux operating system. Cisco routers run IOS. This is not to be confused with IOS that runs on Apple devices. Most of the user interface is via the commandline using a program such as Tera Term or HyperTerminal. You connect to the assigned IP address of the router, enter the credentials and start configuring. Most routers for the home user also come with a web interface which can be accessed via a browser.

Out-of-band access

There are situations when a router will not have an IP address. This is usually the result of misconfiguration or some other kind of error. In this case, you need to use out-of-band access where you access the router using a serial cable with a terminal emulation program. This feature is available on all enterprise class devices. Most home users have to reset the router to factory defaults if this happens.

Which router to buy

It really does not matter in the initial stages of your business. It is better to get a third party to maintain your network infrastructure once it grows, say, over 100 computers. Buy whatever router meets your needs. These needs could relate to support, stability of the hardware and cost. Future network expansion is also something you need to take into account. If you know that you will be investing in a significantly large amount of office space in the coming year, then size your routers accordingly and buy ones which can handle large amounts of traffic and allow you to divide your network into multiple sections.

If you are going to be using external service providers, then you may want an integrated device that is a router plus firewall. Alternatively, you need to check legislation since you may be subject to computer logging requirements such as CALIA in the USA. Once bought, contrary to popular belief, you need to maintain your routers such as the application of patches. Good maintenance leads to lesser network outages and provides high network security since many patches fix programming flaws that were present in earlier versions of the router’s operating system.

Conclusion

Routers are here to stay. They have become progressively less expensive and more powerful. Since they are the backbone of your network, you need to choose carefully for your business. Keep factors such as network capacity, the scale of your network and maintenance requirements in mind while choosing the appropriate router for your business.

Glossary

Term

Definition

IP Address

A number that uniquely references a device on a network.

MAC address

A number that uniquely references pieces of hardware on a network. MAC addresses are usually assigned to LAN cards. They do not cross network boundaries and are not routable. They are unique to every device.

Network address translation (NAT)

A mechanism where a number of devices are placed behind a single IP address. NAT was created when the Internet began running out of IP version 4 addresses.

Layer 3 addresses, layer 2 addresses.

This refers to the OSI model for understanding network protocols.

Binary anding

An operation of Boolean algebra that takes two inputs and one output. The inputs to a binary and are 0 or 1, the same applies to the output. (You only need to know this if you are dividing your network into sections.)


Filed under: networking — Tags: , , , — security-writer @ July 20, 2013 12:00

Attending conference calls using a touch screen phone

Many of us at one time or another would need to attend a conference call. In such a call, , the participants dial in from various parts of the world. There is a conferencing bridge which serves as a virtual meeting place. There are certain challenges when dealing with such calls especially when using touch screen phones.

the problem with touch screen phones is that you cannot dial if you hold the phone close to you. You can place the phone on a table and use a headset and dial in that way but a better approach is to enter the conference dial in string as a mobile number. The dial in string is composed of 3 components.

  1. The dial in number for your city.
  2. The conference id.
  3. The conference pin.
  4. Note

    • This may vary. Some bridges just require a conference id.
    • You may not have a local phone number so would have to call the bridge global number or the bridge number in another city.

    The idea is to avoid having to enter your credentials instead have the phone enter them. This is done by building a suitable dial in string which is the series of keys you would push if you were working interactively with the IVR.

    The trick in building conference strings is to insert suitable pauses while the interactive voice response system is speaking. You insert a pause by adding a comma (“,”) to the dial in string.
    Take the below string as an example.

    +9111123456789,,,,,,,,1664357#,,5467#

    The reason for the 8 commas after the phone number is to wait until the advert which plays when you connect to the service. Many services insert messages that are played when you connect to them. In the above case, this message is an advertisement.

    Finally, it is better to dial in from a mobile phone since you can mute yourself easily. One problem with conference bridges is that people remain unmuted and everyone else gets a lot of background noise. The conference organizer can also mute a participant but that is more work. In addition, you may not want everyone to hear what is happening in your space.


Filed under: commonTasks — Tags: , , — security-writer @ July 2, 2013 22:04

Coping with 2 SIM cards

It has become common to find yourself in a situation where you need to use 2 Sim cards. Many companies give their employees mobile numbers. You have to use that number since calling your colleagues is free. The problem that many people face in this situation is how to get calls and messages from one phone to the other. There are a few solutions that are possible in this situation.

Using two devices

This is the most common solution that people adopt. You carry 2 mobile phones with you. Each phone has its own Sim card and you use them as necessary. The problem (more…)


Filed under: commonTasks — Tags: , , , — security-writer @ January 10, 2013 21:53

texting for free

One of the most frequent activities we do on our mobile phones is texting. Until the popularity of data services, many people would text using the short messaging service. This would allow you to send short messages (160 characters) to anyone who had a mobile phone. SMS is phone neutral. However, it is not service provider neutral. Many people do not include SMS in their package so cannot receive text messages. If, however they have a data plan or stay connected to wireless networks, then there are ways that they can receive instant messages. There are a variety of programs such as Skype, facetime, blackberry messenger etc. that can send and receive text messages. There are two problems with these programs. <ol> <li>You need a specific handle to add.</li> <li>Some of them are platform specific</li> </ol>

The way to get around these problems is to use cross platform messaging applications. One program that stands out is the <a href=”http://www.whatsapp.com/”>WhatsApp Messenger</a> by WhatsApp inc. This program behaves like the short messaging service and can send images and audio clips. It can work over 3g, GPRS and wifi connections. Best of all, it uses the phone number of the person in your contacts list as a handle so you do not need to enter a separate nickname.

Running the WhatsApp messenger does mean that you are connected to the Internet and may have to pay for data usage. In addition, the program stays in memory and is connected so you do use a little more battery than you would otherwise. Still, it is a  viable option especially if you need to exchange messages with people on international roaming. The person on roaming can connect to a local free wireless hotspot and you can send and receive messages from him.

Note:

There are several websites that also allow you to send text messages. Many of these are service provider specific while others are gateways meant for integrating with applications.


Filed under: commonTasks — Tags: , , — security-writer @ October 3, 2012 22:13

Moving and mixing sounds on your computer

We are often faced with situations where we need to send audio output from one application to another. For example, if you would like to record an audio stream, in our favorite audio editor, we would need to shovel the stream to the audio editor. This is not easy to do. Alternatively, we might be making a podcast of the game and may want to pipe the audio of the game to the podcast. An extremely crude way of doing this is using an external microphone to record the sound coming out of your speakers. Alternatively, on a computer, there may be a feature that allows you to record what you are hearing. Another alternative in this situation is the use of an external application called virtual audio cable.

Virtual audio cable’s are exactly what they say they are. They behave like cords that you connect to the input and output jacks of your sound card. This allows you to move audio from one application to another. For example, if you are having a Skype conversation and want to play a song that you recorded over Skype, you could use virtual audio cable’s to connect your song playing application such as the Windows media player to Skype.

T

he way virtual audio cable works is that you initially create as many cables as you think you would need. Usually, 2 cables are enough. Once you have done that, each cable shows up as a sound card on your computer.

This is where the fun begins.

You need to plan what bit of audio you need to send where. For example, if we wanted to send audio from Windows media player through Skype, we would do the following.

1. We would set up one cable which would be the input for Skype.

2. We would then use the audio repeater to repeat the audio from our microphone to that cable.

3. We would then set the Windows media player the use this cable as its output.

Another way to do this is to have two cables. On the first cable, you set Windows media player to feed data. The second cable holes your microphone. You can then set up an audio repeater from the first cable to the second cable. Your Skype is connected to the second cable.

This is all there is to it.

Note:
you still need to use the audio repeater MME as opposed to the audio repeater ks or kernal mode.

You can get more help on virtual audio cable by weeding its manual. You can get the program from the following website.
virtual audio cable home page


Filed under: commonTasks — Tags: , — security-writer @ August 26, 2012 06:35

MikroTik, enterprise functionality at home prices

Most of us, who purchase routers, go with “established” brands such as Cisco, NETGEAR and D-Link. There is not too much of a difference amongst these brands. Face it; routers are just boxes with wires and lights. However, these little boxes govern how we access the Internet and in many cases, play a role in determining whether the average attacker is able to break into our computers. MikroTik is not something that usually features on the home or small business user’s technology choice. However, the prospective CTO and or home buyer should consider this company carefully. Some of the features of their boxes are as follows.
1.    CALEA compliance.
2.    Support of scriptable firewall rules.
3.    The use of a proprietary mac-telnet protocol that allows you to access the router even if the IP setup is malfunctioning.
4.    A fail secure configuration upon firmware upgrade or on improper shutdown.
5.    Support for protocols such as SIP, IP v6, OSPF and RIP.
6.    A variety of means to access the router namely, Ssh, the web (both http and https), winbox (a proprietary application) and telnet.
7.    A means of programmatically controlling the router.
8.    Very low power consumption.

The routers do take some configuring and if you want manufacturer support beyond the first month, you need to pay. There are active support forums though where members are quite helpful even to new users.

For more information see the MikroTik website.


Filed under: networking — Tags: , , — security-writer @ August 17, 2012 22:52
« Newer Posts