Category Archives: WAN

IPv6 and the need for IPAM

For many, the thought of moving to IPv6 is aipv6 theoretical exercise.  The thinking goes that the existing network, running IPv4, with a mixture of route-able and private IP addresses is more than enough for today, and tomorrow.  Why complicate things?  The straight facts are IPv4 exhaustion is coming, and organizations will need the appropriate “hands on” skills in working with IPv6.

For the unfamiliar, IPv6 is the successor to IPv4.  IP or “Internet Protocol” is the underlying technology that allows you to be reading this blog post.  At its simplest, IPv4 assigns your computer a location on the network, a location that allows routers a way to get information to and from your system.

Then, one could assume IPv6 is a simple upgrade, since TCP, UDP and ICMP continue to operate in a similar manner.  The short answer is “no.”  IPv6 uses a base 16 notation to denote it’s address.  IPv4 uses a quad dotted base 10 notation.  It means that for network admins and architects, the simple familiar becomes abcd:abcd:abcd:abcd:abcd.  With the address space being trillions of trillions of trillions of times bigger, concepts like NAT go away.  You do not need them, when every star in every galaxy in existence could have it’s own 4.3 billion addresses.

Why no NAT?  There is no need since every address is route-able.  Applications in addition to using ports, could use IPv6 addressing schemes for control and backplace operations as well as data transport.  Our method of layer 4 to 7 communication fundamentally changes.

To start on this journey, a good IPAM (IP Address Management) solution is needed.  Beyond spreadsheets, or Active Directory, think of how your organization will handle this transition.  It is coming, and the sooner organizations prepare, the better.  IPAM brings benefits of managing the IP space effectively, and combine that with Software Defined Networks (SDN) you can get some very powerful ways to reduce the costs of transition and get a better managed network out of this.

It’s best to start now, rather than later.  Blue Cat provides some very robust software that happens to provide IPAM functionality and SDN components that take network and address management to the next level.  If you are thinking of modernizing your network, they should be in your list of products to review.

Not getting the most of your Internet speed?

ERLFor the last few months, Internet speed here at have been less than impressive.  With a Business connection, the advertised speed earlier this year was 45mb/s down and 10mb/s up.  That increased in late May and early June to 60mb/s down and 10mb/s up.  Normally, 45mb/s was what we could hit all day long.  With the upgrade, we where hoping to get that extra 15mb/s  out of our connection.

For the last 4 years, since practically the days when I first got the business line, I have been using a very reliable Cisco 851 to do the routing.  The little machine is simple, and it never once ever hung or died like some of the consumer routers from Speedstream or Netgear did on me.  Knowing the router is very low end, I only really ran some NAT on it, and that was about it.

In March, after years of the same, I decided to enable the Firewall on the unit.  Now some will say “no way!” you lived that long without a firewall on the internet.  Truth is, since the router was NAT, it only allowed in a specific set of ports and only what was outbound, but it was not configured to do anything about spoofed packets or other problems.  I run a DMZ firewall that does screening and other IPS, so I was not too concerned.  However, I wanted to start a bit more filtering on the edge.

I enabled the firewall on the Cisco, and after a few days, I noticed the speeds hover at 30mb/s.  Speedtest after Speedtest, it did not matter, the speed was the same.  In early August, I contacted my provider, who also provides a Cisco 851 for my network access, and asked them to swap some gear and test for me.  Sure enough, they swapped the 851 for a 867VAE.  They performed their tests from that new router they got the full speed.  Hooked up the old Cisco behind the new router, and the speeds fell to 30mb/s.  We identified the culprit!

I had a choice, eBay a bigger, more power hungry Cisco, or find something that is enterprise class, but, not as expensive.  After looking at Mikrotik (which is very good BTW), I settled on the EdgeMAX Lite by Ubiquiti.

The price and the performance have been very good!  The initial set up and upgrade of the firmware to 1.5.0 was challenging, but once that was done, the network speeds have improved.  I now run the same configuration as the Cisco, Firewall and NAT enabled, and get 60mb/s all the time.  The CPU on the machine sits around 6% when at full speed here. This is the new model with the proper venting, so, I expect it to perform really quite well for the next while.

If you are suffering from poor Internet speed, and you have a fast connection like we do, seriously consider the EdgeMAX Lite (ERL).  The price and performance cannot be beat!

What happens when Murphy strikes…

dsl-speedstream6520Ahh, the joys of the Internet.  After suffering 3 days without real Internet access, I can say it’s good to be back again.  My Business Telco DSL provider had a 3 day outage.  Now, if this was the height of summer, and I wanted to spend more time outdoors, this would have been perfect.  Not so fast in this case.

When I designed the infrastructure for, I knew the WAN would be the weak link.  Only one connection, it’s all my eggs in one basket.  About 2 or 3 times a year, it goes away, so it’s usually tolerable.  But it’s usually for no more than 4 hours either.  This time for 72 hours, that’s a little much.

So, I managed to procure a back-up low-speed connection for occasional use.  I decided on Rogers Portable Internet.  It works.  The WiMax modem is a little strange, in that it only likes 10mb half internet Ethernet connections, but otherwise it works ok. For 40$ a month (that I’ll only activate when needed) it’ll save me headaches when travelling, or when I need access out with customers.

The moral of this story… Murphy will strike, it’s just a matter of when.  Always have a backup.