Grim’s Place

We passed a milestone at work this week.  Our I.T. Steering Committee has approved a RFP to send out to HIS/EMR vendors.  It’s a 3.5 million dollar project…… and I thought I was stressed before!  Next step is to see demos, go on site visits, and finally select a winning vendor by February/March of 2010.  After the selection is made, we have a 12-14 month implementation to go through…. converting all electronic data over to the new system.

I order an additional two Ubiquiti Bullet M2 HP units this week and they should be here tomorrow.  With those in place I should be able to get 40+ Mbps through the 7+ miles of wireless. I’ll post my results this weekend.  I’m also hoping to tweak in the antennas too.  I borrowed a netbook from work so I can take it up towers with me to align the antennas.  Every db of signal strength counts!

Griminal Grim's Ramblings

I took an old 2.2 Celeron system that we were going to pitch, stuck a bunch of NICs in it…. and turned it on.  Actually I installed OpenBSD 4.5, did some packet filter/firewall configuring and some DHCP goodness.

Here’s what I was looking to achieve:

WAN (Internet)
|
|-Work
|
LAN (Wireless link)

I’m going to have other people on the wireless link and I don’t want them having access to my work network.  My solution was pretty simple.  I assigned fixed IP addresses to each of my personal machines given out by MAC address via the DHCP server running on the router.  I was also able to give the work domain name and DNS servers via DHCP to only my machines too.  I then added one NAT line to the pf.conf file to only allow my fixed IP addresses out to the work network.  The only way people would be able to access work is if they hard coded one of the IPs on their system… plus they’d need to know the IPs of our network and all that.  I think it’s pretty safe.

Next thing to have the router do is traffic shaping.  I want to do quality of service for our VOIP and throttle the kid so he doesn’t saturate the connection.  The same thing goes for me and SMB to my workstation. I might install Nagios for fun.  I’ll probably use the box to route to my web server too.

As far as the link itself, I’m having a hard time deciding what to do.   The customer-premises equipment (CPE) that I’ll need to give to the rest of the folks that will be using the link hasn’t been released in the 802.11n version yet.  If I buy 802.11g radios, I’ll lose the 80Mbps speeds I’ll get with a 802.11n bridge.  I could just buy 802.11g stuff with the intention of selling it later.  The Internet only comes down at 18Mbps sustained… which 802.11g can handle.  But Comcast is rolling out 50Mbps service and 802.11n can handle that.  Decisions, decisions.

Other than that, I’m sick as a dog.  I took off a 1PM on Wednesday and stayed home today too.  It’s nearly midnight and I’m not feeling much better.

Griminal Grim's Ramblings

I’ve been tweaking the new wireless link this weekend.  I also took some pictures and put them in the photos section.

What I thought was the maximum throughput on the radios was false.  I had the third radio in the series acting as an access point.  The processing power for NAT, DNS, and DHCP was robbing from the overall performance of the radio.  In AP mode, the Bullet2 HP unit was able to push nearly 20Mbps.  I took some time and threw the entire network… all four radios… into WDS mode  and configured them all to be transparent bridges.  The result was 25Mbps of throughput and that IS the TCP ceiling of these units.  As soon as some more Bullet M2 HP units come in, I’ll upgrade the second portion of the link.  Of course the Internet access I’ll be getting won’t be this fast but it sure is nice to access my workstation at these speeds.

I was also able to fiddle with 2.4Ghz channels to get the link running on a certain frequency.  The only unique 2.4Ghz channels are 1, 6, and 11.

My next step… at least I hope… is to create a virtual OpenBSD machine on one of our VMware ESX servers to do QOS, routing, and throttling.  Supposedly, when you put these Ubiquiti radios in WDS mode, they allow all network traffic to flow.  (Edit: my machine’s MAC address showed up in the ARP table on the switch… we’re good!) I’m betting that I can assign different MAC addresses for machines on the link to different VLANs.  Ergo, I can have my machine stay on a work VLAN and all other machines can go directly to the Internet without touching the private network.

Griminal Grim's Ramblings

Ok. So I haven’t updated my blog for the past few weeks.  I’ve had a good reason: I’ve been busy getting a different link up.

What started as the hospital having a unused 2.4Ghz grid antenna on our tower became a new avenue to the Internet for me and others.  I’ve mentioned a grain tower @ 1.2 miles from my house that I could use as a hop to my tower.  Well… that’s what I’m doing as I type this blog post.

1.5Mbps DSL just isn’t fast enough for us anymore.  My boy is becoming a bandwidth hog and I knew I’d have to try to do something soon.  What really put my butt in gear was our DSL donor expressing to me that they’d like to ditch their land line.  Well that shuts down the Internet for us.

I posted a few messages in the Wireless Internet Service Providers forums over at www.dslreports.com.  Besides being schooled up and down about wireless networks, they told me about Ubiquiti wireless gear.  I was lucky enough to get my hands on two of these: Ubiquiti Bullet M2 HP.  These radios are 802.11n, powered over Ethernet, screw right into the high gain antenna, and are a wireless guys dream!  From the grain tower to work, these radios link at full speed with full signal strength…  150Mbps!!!  I did have to narrow the channel width down to avoid interference with the second portion of my link, but they still link point to point at 65Mbps.  Speed test from the work tower to the grain tower are 20+Mbps!  People believe that 802.11n radios have to use multiple antennas…. they are wrong.

After I got the initial link up and working, I’m telling myself I have to get a couple more of these radios!! Unfortunately, that’s what everybody else thought too.  I had to settle for two Ubiquiti Bullet2 HP units for the second portion of the link.  These radios are a little older and only support 802.11g but will work until the 802.11n radios come back into stock next month.

After I received the Bullet2 HP units, my first tests with the link to the grain tower from my tower were lackluster.  The 15dbi omni on my tower had plenty of power to see the 24dbi grid on the grain tower pointing to the house.  The grain tower radio however couldn’t see the omni.  I had to buy another 24dbi grid form my tower.  Thank goodness it worked!

The current speeds I have to my tower are 18.5Mbps with multiple threads.  That seems to be the maximum that these 802.11g radios can transmit.  Lab tests conducted in my living room showed 19Mbps transfers.  The important bit is that the radios link up at their maximum speed and have excellent signal strength.

I still have to solidify the connections and weatherproof some cable runs.  Oh, I do have both links encrypted at WPA2-AES with a tasty key too.

I’ll post more about the link in the future.

Griminal Grim's Ramblings

Things have been busy as always.  I got the hay loft up and filled with around 400 bales of hay with another 400 bales to go. We still need to get the driveway going too.

At work, I’m leading the process for picking our new Health Information System.  It’s a huge responsibility.  To give you an idea, we spent over 1 million for the current system and the new one will probably be twice that much.  Needless to say I’m stressing a bit.  We’re also working on a 340B drug project to save the organization around 300K+ annually.  I’m working on an Intranet site, an on-call database, and a credentialing database.  The boss that promoted me leaves in a week.  One of the requirements of my promotion was to complete my CIS degree.  I’m going to get my butt enrolled back at the university before he leaves in a show of good faith.

I’ve been spending most of my free time gaming and messing with wireless goodness.  I’ve successfully created a 2 Mbps link @ 6.1 miles from the fore mentioned grain tower to the tower at work.  Mind you that is with stock WRT54G routers!  Pushing .25 watts over 80 foot of LMR-400 coax on the work end is killing the signal strength.  I did climb the tower and point the 24dbi directional antenna to the grain tower and increase the signal strength by 2.5x.  But with a total signal strength of 14…. something needs to be done.

In my testing, I have two routers on the grain tower.  One dedicated specifically for the point to point link to the work tower, the other acts as a access point for the local folks I’ll connect to it.  I’ve joined my tower’s radio as a client to the grain tower AP radio and get download speeds of 600kbps @ 7.2 miles (work -> grain tower -> my tower = 7.2 miles).  That’s about a third of what my DSL link is.  I’m hoping to get more throughput with a signal strength increase at the work end.  My reasoning behind going with two radios on the grain tower is that my tests indicate that 16Mbps @ 802.11G is the fastest a point to point link will go in ideal conditions.  If one of those two radios have to negotiate with another client, that cuts the speeds in half because all the traffic is wireless.  It gets complicated.

I also just installed Windows 7 on my main computer.  I cloned the RAID 0 array to a 1TB drive, wiped the system, and installed Windows 7 RC x64.  That took about twenty minutes.  I had all my apps installed in another 40… including restoring a backup of TF2.  I should have done this shit a month ago.  My computer feels 20% faster!  The RC doesn’t expire for a year and I highly recommend installing it!  This is what Vista should have been.

I also installed Firefox 3.5 and VLC 1.0.

Griminal Grim's Ramblings