From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bobcat.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id D73F43B2A4 for ; Sun, 16 Mar 2025 13:50:32 -0400 (EDT) Received: from mail-oo1-f53.google.com (mail-oo1-f53.google.com [209.85.161.53]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bobcat.rjmcmahon.com (Postfix) with ESMTPSA id EEC981B2C1 for ; Sun, 16 Mar 2025 10:50:31 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bobcat.rjmcmahon.com EEC981B2C1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rjmcmahon.com; s=bobcat; t=1742147432; bh=YZiTWzeE1xzT+P1ywMIqM8izpb4RzsDZ3d6nRmkEFGg=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=dN3dl6o7s10CM6korbr6O9bksnmF44cp7c9JCHQcjKH82PvWGV83wkP6Wi5EIaAgF Q37w56GJE9/v8c7QgJqXk9gSimvPbVjmwAws7RgNw7UG1xhY4nYFCdrdasNGnBI+ex VZ1GFgjoVwDcbojozTis+cN6e3onqO6YJ8iVKxLU= Received: by mail-oo1-f53.google.com with SMTP id 006d021491bc7-5fe86c16f5dso1743958eaf.1 for ; Sun, 16 Mar 2025 10:50:31 -0700 (PDT) X-Gm-Message-State: AOJu0YzN8aDaCsNegGbkriRIjs8n/Qgcr3+DWA8zvZCoVuJINycMssjB WVjZzrE9ppIm0Ik071kCOUnzTcyZFlRb8oEChtDSA+b1BuAnRRcsMzuNIAHvQTq2j9C8FTIAQsC 3mxPowissnR8ADrWG2XpC5fXs9l0= X-Google-Smtp-Source: AGHT+IHec14Ki8cHkvJdVGtYqVTXGI9P0B8fAqTAA+VNLHtdbV18ahC5Ei6dD/VbKBvDJ3MsS51VYQGDSxq/R0GRPjo= X-Received: by 2002:a05:6808:2390:b0:3f6:abec:2ba4 with SMTP id 5614622812f47-3fdeed0d8f8mr5425659b6e.23.1742147431337; Sun, 16 Mar 2025 10:50:31 -0700 (PDT) MIME-Version: 1.0 References: <55d2836a4fe4c6cf9e2b4d953b62f6c62f0e73c3.camel@tara.sh> <05c501db9526$db40bb30$91c23190$@alum.mit.edu> In-Reply-To: From: Robert McMahon Date: Sun, 16 Mar 2025 10:50:20 -0700 X-Gmail-Original-Message-ID: X-Gm-Features: AQ5f1Jo5MXSbtQEMw6UgPLOpQrqIsw9EiOO1__3kbSdWBcCBIti3i25TH4zJwww Message-ID: To: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= Content-Type: multipart/alternative; boundary="000000000000caa2ca0630794e78" Subject: Re: [NNagain] FCC - delete, delete, delete X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Mar 2025 17:50:33 -0000 --000000000000caa2ca0630794e78 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi David, I'm glad it helped. The reason for the breakouts are a few things: o) reduce the fault domain when a failure occurs, including a power supply failure which is exacerbated by POE. (I don't use POE) o) leverage different non recurring engineering (NRE) pools, i.e. each domain is done by engineers specializing in that domain. Any group that claims deep expertise in all are fooling themselves o) Gateways tend to use a programmable forwarding plane, typically via CPUs or NPUs. This is both a fault and attack service. 802.3 forwarding is so well known it should be done in RTL and realized in transistors. An all-in-one gateway goes against this. It's cheaper and easier but not robust enough by my opinion. As an aside, the Space Shuttle computer system handled byzantine faults similarly, 4+1 redundant computers that voted at check points. Coded by different contractors. I started my career working networks for the initial Space Station design. We had to identify fault domains first, then build fault tolerance and redundancy per those. It was called FDIR - fault detection isolation and recovery. I then went to Cisco where router engineers thought it ok to have buggy code and hammer resets because the protocols were designed for self healing. But that healing takes time and causes disruptions, e.g latency spikes. APs are closer to the latter. Fi-Wi with remote radio heads will be closer to the former. Bob On Sat, Mar 15, 2025, 11:49 AM Daniel Ezell via Nnagain < nnagain@lists.bufferbloat.net> wrote: > This is one of the most helpful posts on this list ever. I appreciate the > whole scope of the discussion, but from time to time you guys drop a gem = of > helpful advice for my real-world needs. Nothing may ever top Dave=E2=80= =99s 2021 > email with the crontab script for updating OpenWrt, but this will certain= ly > be a reference for me as I prepare my home for the upcoming revelation of > 10G Sonic Fiber later this year. Thank you Bob, and thank you all. > > Daniel Ezell > https://chronos.academy > > > On Mar 15, 2025, at 11:16=E2=80=AFAM, Robert McMahon via Nnagain < > nnagain@lists.bufferbloat.net> wrote: > > > >> > >> In case it's not clear. I am NOT happy with how device manufacturers > ship old > >> code and never update it. > >> > > > > I was unhappy about my home network and my paying job is to provide > > components for such. > > > > My home network wasn't resilient enough to carry entertainment, > > productivity (including distance learning) and medical traffic. > > > > The fixes so far have been: > > > > o) Don't use an all in one AP anywhere, just use it for wireless bridgi= ng > > o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is > ready) > > o) Use a dedicated firewall & dhcp server with AQM such as fq_codel (I > > use a protectcli vault) > > o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode > > and optimize spacetime, allow for proper RF overlap - not too much, > > not too little, but just right like the story says. > > o) Use AP's that support the 6G band > > o) Use keep connect devices to detect AP failures and power cycle them > > (hammer approach) > > o) Use separate ethernet switches where 802.3 switching is needed > > (don't use the AP integrated switches, they go down per the crappy > > gateway sw you're likely talking about) > > o) Implement DHCP guard to protect against rogue DHCP servers > > > > Then for monitoring > > o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the > > rooms that need monitoring > > o) Install kismet and integrate with kismet to monitor > > o) Turn on firewall & WAN port monitoring services > > > > Only access to devices is ssh with encryption keys, and configure ssh > > passwordless access. > > > > Now, my family can be entertained, do their work and learning, and use > > their medical instruments with high in-home reliability. > > > > It's a thankless job we Dads must do. The home frustration level goes > > way down and the complaints of "Dad, the internet isn't working again" > > have gone away - except for when the OSP goes down. The OSP provider > > tends to send information to me when that happens so my family can > > work around it. > > > > Bob > > > _____________________= __________________________ > > Nnagain mailing list > > Nnagain@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/nnagain > > _______________________________________________ > Nnagain mailing list > Nnagain@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/nnagain > --000000000000caa2ca0630794e78 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi David,

I&= #39;m glad it helped.=C2=A0

The reason for the breakouts are a few things:
<= br>
o) reduce the fault domain when a failure=C2=A0o= ccurs, including a power supply failure which is exacerbated by POE. (I don= 't use POE)
o) leverage different non recurring = engineering (NRE) pools, i.e. each domain is done by engineers specializing= in that domain. Any group that claims deep expertise in all are fooling th= emselves=C2=A0
o) Gateways tend to use a programmabl= e forwarding plane, typically via CPUs or NPUs. This is both a fault and at= tack service. 802.3 forwarding is so well known it should be done in RTL an= d realized in transistors.=C2=A0

An all-in-one gateway goes against this. It's cheaper and eas= ier but not robust enough by my opinion.

<= div dir=3D"auto">As an aside, the Space Shuttle computer system handled byz= antine faults similarly, 4+1 redundant computers that voted at check points= . Coded by different contractors.=C2=A0

I started my career working networks for the initial Space = Station design. We had to identify fault domains first, then build fault to= lerance and redundancy per those. It was called FDIR - fault detection isol= ation and recovery.

I th= en went to Cisco where router engineers thought it ok to have buggy code an= d hammer resets because the protocols were designed for self healing.=C2=A0= But that healing takes time and causes disruptions, e.g latency spikes.=C2= =A0

APs are closer to th= e latter. Fi-Wi with remote radio heads will be closer to the former.=C2=A0=

Bob


On Sat, Mar 15, 2025, 11:49 AM Daniel E= zell via Nnagain <nnaga= in@lists.bufferbloat.net> wrote:
This is one of the most helpful posts on this list ever. I appreciate = the whole scope of the discussion, but from time to time you guys drop a ge= m of helpful advice for my real-world needs. Nothing may ever top Dave=E2= =80=99s 2021 email with the crontab script for updating OpenWrt, but this w= ill certainly be a reference for me as I prepare my home for the upcoming r= evelation of 10G Sonic Fiber later this year. Thank you Bob, and thank you = all.

Daniel Ezell
https://chronos.academy

> On Mar 15, 2025, at 11:16=E2=80=AFAM, Robert McMahon via Nnagain <<= a href=3D"mailto:nnagain@lists.bufferbloat.net" target=3D"_blank" rel=3D"no= referrer">nnagain@lists.bufferbloat.net> wrote:
>
>>
>> In case it's not clear. I am NOT happy with how device manufac= turers ship old
>> code and never update it.
>>
>
> I was unhappy about my home network and my paying job is to provide > components for such.
>
> My home network wasn't resilient enough to carry entertainment, > productivity (including distance learning) and medical traffic.
>
> The fixes so far have been:
>
> o) Don't use an all in one AP anywhere, just use it for wireless b= ridging
> o) Use a fronthaul architecture (2.5G - will go to 100G when Fi-Wi is = ready)
> o) Use a dedicated firewall & dhcp server with AQM such as fq_code= l (I
> use a protectcli vault)
> o) Connect the APs (4 for me in 100 sq ft) configured in bridge mode > and optimize spacetime, allow for proper RF overlap - not too much, > not too little, but just right like the story says.
> o) Use AP's that support the 6G band
> o) Use keep connect devices to detect AP failures and power cycle them=
> (hammer approach)
> o) Use separate ethernet switches where 802.3 switching is needed
> (don't use the AP integrated switches, they go down per the crappy=
> gateway sw you're likely talking about)
> o) Implement DHCP guard to protect against rogue DHCP servers
>
> Then for monitoring
> o) Install rpi 5bs with INTC BE200 and pcie Wi-Fi adapters in the
> rooms that need monitoring
> o) Install kismet and integrate with kismet to monitor
> o) Turn on firewall & WAN port monitoring services
>
> Only access to devices is ssh with encryption keys, and configure ssh<= br> > passwordless access.
>
> Now, my family can be entertained, do their work and learning, and use=
> their medical instruments with high in-home reliability.
>
> It's a thankless job we Dads must do. The home frustration level g= oes
> way down and the complaints of "Dad, the internet isn't worki= ng again"
> have gone away - except for when the OSP goes down. The OSP provider > tends to send information to me when that happens so my family can
> work around it.
>
> Bob
> <Medical-Devices-with-Wi-Fi-03-15-2025_10_41_AM.png>____________= ___________________________________
> Nnagain mailing list
> Nnagain@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo= /nnagain

_______________________________________________
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnag= ain
--000000000000caa2ca0630794e78--