plainsboro.com home page>> Articles Home

Home Networking and 24x7 Internet Connectivity: Six Configurations
What has worked and what hasn't

An article by Plainsboro.COM owner Kennedy Lemke
April, 2000

Contents


Introduction

As home computing, fast internet connectivity, and home networks become more ubiquitous, many home computer and internet users will be asking some of the same questions about home networking that I have been asking over the past 5 years. Hopefully this article may help in your search for the perfect home network.

This article describes my own home network and six configurations that I have tried over the past five years. It discusses each configuration briefly, describes why I chose each configuration and what has worked well and what has not worked very well.

For more background information, please also see these two companion articles:

First, some brief background. I have been an internet user at work since 1987. Since that time, I have enjoyed 24-hour connectivity to the internet at work, and by dialing into work from home.

In late 1995, I decided that I wanted 24-hour internet connectivity at my home as well (in part because I wanted access to the internet, and in part because I wanted to start my own web site, locating the web server at my home). From December of 1995 to August of 1997, my 24x7 internet connection was via a 28.8 modem dialup line, and from August 1997 to the present, I have been using a cable modem for internet access.

Over the years, I have tried several different configurations of my home network, based on what was available to me for internet access and what made sense at the time. Here is a description of each of these configurations.

Keep the following items in mind as you read through this article: for each configuration I have had several goals:

  1. 24-hour internet access
  2. A home network where every computer can talk to every other computer
  3. If possible, share the internet link between all home computers
  4. Where I have an "internal" home network, I generally have used the industry-standard 192.168.x.x non-internet-routable IP address space
  5. For internet security, I generally have used the public domain tcp_wrappers program on my "main" unix machine on my home network

Configuration #1: A single unix box

Because I've been a unix user and system administrator since about 1980, it was natural that the first computer I purchased was a UNIX computer. In November of 1995 I purchased a Sun SparcStation 4 and used this for my home computing needs and to run my web server via modem dialup.

At the time, the ISP business was fairly young. Cable modems and DSL didn't exist yet, and pretty much my only choices for home connectivity were: 28.8k modem dialup (56Kb wasn't even popular yet), ISDN, or a dedicated T1 (or fractional T1) circuit.

T1 (or fractional T1) was simply too expensive for me to consider. And at the time, ISDN was very expensive also, considering that I wanted 24-hour connectivity (the reason ISDN was expensive is because at the time it was tariffed locally at $.01 per minute, which would have cost me $.01/min x 60 min/hour x 24 hours/day x 365 days/year or over $5000 per year before I even paid the monthly fee). Because my ISP's had local telephone dialup numbers for me to use, there was no local tariff to make a local telephone call, which made a 24-hour-per-day connection possible.

I therefore decided to connect via 28.8k modem dialup. At the time, a 24-hour-per-day connection even just using dialup was also very expensive. I paid about $900 per year for this service for about 2 years (using a couple different providers).

Diagram 1 illustrates the first very simple internet connection I used. I had purchased an SS4 workstation, connected a modem to the serial port of the computer, and dialed into my ISP.


Diagram #1: Configuration #1

At the time, this configuration worked just fine for me. Since I only had a single computer at home, I had no need to use the Sun workstation's built-in ethernet. I used the public domain implementation of PPP to dial into my current ISP, assigning the IP address given to me by the ISP to my serial port, and internet connectivity worked very well (albeit slow) in this configuration.

Configuration #2: Two unix machines

Sometime around early summer of 1997, I experienced some hardware problem affecting the serial port of my SS4, and rather than try to repair the machine, I simply purchased another Sun computer, a SparcStation 5 (running a SPARC processor at 170MHz).

At the time, I was strongly considering replacing my dialup internet connection with a cable modem connection (which would be available in my area soon), but for now I had to be happy with my dialup connection.

I moved my web server to the new, faster SS5 machine, and also migrated the modem connection to the serial port on the newer machine as well. The interesting thing about this second configuration is that now I had two machines at home. Naturally, I wanted these two machines to talk to each other, and since both of them had built-in ethernet ports, it was easy to configure. To make things as simple as possible, I used thin-net ethernet to connect the two machines together (I therefore did not need to use an ethernet hub, since one of the advantages of thin-net is that you can daisy-chain machines together).

This second configuration looked like this:


Diagram #2: Configuration #2

In this configuration, the SS5 was directly connected to the internet using PPP on its serial port. Unfortunately, because I was using the non-routable network mentioned above and because I did not get any additional IP address space from my ISP, the SS4 machine was unable to talk to the internet directly.

Configuration #3: Cable Modem

In August 1997, cable modem access became possible in my township via our cable provider. Because the connection speed was so much faster (nearly T1 download speed most of the time) and because the cost was so much cheaper (about half what I had been paying for a dedicated phone line), I immediately signed up for this service (called "@home").

Keep in mind that the cable company is assuming that most of its @home users will be connecting a single machine at home, and that machine will be a PC. Therefore, the cable company typically provides a cable modem, which attaches to the cable coming into your house from the curb, and an ethernet card for your PC, which you plug directly into the ethernet port of the cable modem (after they put the ethernet card in the PC for you).

However, I was using unix, officially unsupported by @home. Luckily I had no problems connecting my main Sun machine to the cable modem.

Of course, as soon as the technicians left my house after installing the cable modem, my first concern was how get both of my Sun machines talking to each other, and if possible, get my second Sun (the SS4) to also talk to the internet.

We need to take a moment here to discuss why this is even a problem. The reason is because in my previous configuration (#2), my primary Sun machine (the SS5) was talking to the internet over a serial PPP link, and my two Sun machines were talking to each other via their respective ethernet ports (it didn't really matter too much to me that the second Sun couldn't talk directly to the internet).

However, the cable modem made this configuration impossible, because the cable modem was connected directly to the ethernet port of my primary unix machine, and it used twisted pair ethernet to so do, not thin-net (so I couldn't simply daisy-chain the other Sun). There was therefore now no easy way for me to make my two Sun machines talk to each other without introducing new equipment into the mix.

What I ended up doing is precisely that--I introduced a new piece of equipment into the configuration, and I also "cheated" a bit with regard to IP addresses.

I purchased a small, inexpensive 10-base-T ethernet hub. I then plugged the cable modem's ethernet port into the downlink port on the ethernet hub, then I plugged BOTH of my Sun machines' ethernet ports into the other (client) ports of the hub. But I still had a problem: what do I use for an IP address for my secondary unix machine? My primary goal was just to have both unix machines talking to each other; therefore, without introducing even more equipment into my configuration, the IP address of the secondary machine would have to be on the same subnet as the primary machine. But the primary machine's IP address was the IP address assigned to me by @home, and at the time they were not assigning multiple IP addresses to a single household.

So in order to get my two Sun machines talking to each other, I cheated a bit here. I queried the DNS PTR records for each IP address in the subnet I was on (based on the netmask), and I simply found an IP address that had not yet been assigned a name in the subnet address space (indicating to me that @home probably was not using that IP address yet). And that's the IP address I used for my second unix box.

Now I had a configuration where my primary unix machine could talk to the internet, and my two unix machines could talk to each other over ethernet, but my secondary unix machine still could not talk to the internet directly (this was still OK--not a big deal for me). This third configuration looked like this:


Diagram #3: Configuration #3

I was reasonably happy with this configuration because my primary two goals were met: I had 24-hour internet connectivity, and all the computers in my home were able to talk to each other.

Configuration #4: internal ethernet plus PC

The third configuration worked for me for only a short time. I remember one day sitting down at my SS5 and not being able to telnet to my SS4, even though it was up and reporting that its ethernet connection was OK. Some brief investigation helped me discover what happened: by this time, @home was now using more of the subnet and had assigned the IP address I was using for my SS4 to another @home customer.

Rather than trying this IP addressing trick again, I decided it was time to implement an "internal-only" ethernet network in addition to the cable modem internet connection network. The simplest way for me to do this was to purchase a second ethernet card for my SS5. I did so. Around the same time, I also (finally) decided to purchase a PC and to put the PC on my internal network as well. My new network (configuration #4) looked like this:


Diagram #4: Configuration #4

So now I had a completely "separate" internal ethernet network from the outside world. I knew that I could add lots of computers to my internal network and that they would always be able to talk to one another as long as I had enough ports to plug them all in.

But now that I had a PC, there were some applications that I wanted to run on the PC that required direct internet access. And in my configuration (remember--having only one IP address assigned to me by my internet provider), my internal hosts were not able to talk to the internet directly.

If my home subnetwork was an officially routable network on the internet (that is, if I owned a class C or similar set of IP addresses), I could at this point simply have my SS5 act as an internet router, and all the machines on my home network would have full access to the internet. But routable IP addresses are relatively hard to come by these days, generally only given to internet service providers and I did not pursue getting an officially routable network.

By this time, I was using the Apache Group's web server (* see note at the end of this article) for my home domain, and apache had a proxy option built in. So I could simply configure the apache server to support proxy service, then point the web browsers on my PC and my secondary unix machine to use my SS5 as a proxy web server. This ended up working great. I was able to browse the web from any machine on my home network using this method.

Unfortunately, browsing the web was about all I could do, and in some cases (like when accessing SSL web pages) this did not work very well. And there were other internet applications I wanted to run on my PC that required direct internet connectivity.

Configuration #5: Internal ethernet plus SOCKS 5

So I decided to try implementing a SOCKS server (from NEC) on my SS5, and utilize SOCKS client software to run applications requiring internet access on my PC in proxy mode (in a manner similar to making use of Apache's proxy web server configuration, but SOCKS provided a more generic solution).

I was successful in getting the SOCKS 5 server software running in the SS5, and in getting some programs on my PC to run in "SOCKS proxy mode", but there were some applications that still did not work well like this.

By this time, @home was now offering multiple IP addresses per home (for an additional monthly fee). For awhile, therefore, I ended up making use of this service. I purchased a second IP address from @home, and moved the PC onto the "external" portion of my home network:


Diagram #5: Configuration #5

Unfortunately, as @home had mentioned on their web site as a possibility, the second IP address that was assigned to me was not on the same subnet as my primary IP address. This was a HUGE bummer. Now I had a situation where my two unix machines could talk to each other just fine on their private internal ethernet network, but even though my PC and the external ethernet port on my primary unix machine were plugged into the same ethernet hub, because they did not share an IP address in the same subnet, they were not able to talk to each other directly. In fact, in order to exchange data between my PC and my unix machine, all traffic between the two machines actually traveled back to the cable head end located at my cable provider's site, then back down to my cable modem. Aside from the obvious security problem (I might not want my private data that I'm sharing between two computers in my home to travel over my ISP's network), there was a bandwidth problem as well: upstream bandwidth on the @home network is limited to about 140-150 Kbps. And since a data exchange between my PC and my unix machine would always involve upstream traffic from one of the two machines, I could not transfer data anywhere close to as quickly as I could if the two machines were on the same ethernet network. I was getting the same kind of security and bandwidth as I might get if I was sharing data with one of my neighbors who also happened to have a cable modem.

For these reasons I was not particularly happy with this configuration.

Configuration #6: Use of Zyxel Cable Modem Router

Fortunately, by this time hardware vendors were recognizing problems such as this, and Zyxel had a product on the market that I was very interested in. Their Prestige 310 Cable modem/DSL Router looked like just what I was looking for.

What Zyxel's hardware product promised to do was allow users in a position like mine the capability of connecting multiple machines to the internet using a single ISP-assigned IP address, and keeping your internal network separate and somewhat insulated from the internet as well.

You use their hardware in conjunction with either a cable modem or a DSL modem (note that it does not replace your cable modem). Then, you can plug the "external" ethernet port on the Prestige box into the ethernet coming from your cable/DSL, and you plug a hub into the "internal" ethernet port on the Prestige, then plug all your home computers into the hub.

Their product has lots of nice features--too numerous to mention here, but including a DHCP client for the external ethernet port (if needed--some ISP's require that your IP address is assigned to your computer via DHCP), a DHCP server for your internal network so you don't need to bother with assigning IP addresses to your PC's or other DHCP client-capable computers, their own version of NAT (required for a single IP address to work), and some limited optional built-in filtering/security.

In my case, the feature I was most pleased with is that I could specify an internal machine to be the default server for any number of services (web, ftp, dns, etc.), but I could still use the internet from all other machines just like they are directly connected.

So I purchased and installed Zyxel's product in January of 2000. I then reconfigured my internal network so it was suited to the product, and am proud and relieved to say that I finally have a network at home that I'm very happy with:


Diagram #6: Configuration #6

This product allows me to fulfill all of my goals: I have 24-hour internet access via my cable modem, all my home computers can talk to each other via 10 MB ethernet (the Prestige box also supports 100 MB ethernet on its internal port), and all of my home computers including unix machines, PC's, Mac's and laptops all have internet access just like they were the actual computer that was attached to the cable modem.

There is one technical issue about this configuration that is interesting and worth mentioning here. I still run a web server on my primary unix machine. The unix machine actually now sits entirely on my "internal" home network (I'm using only one of its two ethernet cards). The IP address assigned to its ethernet port is 192.168.1.2. But when the outside internet world accesses one of the services (such as the web server) on this machine, they do so by accessing the IP address assigned to me by @home, and the Prestige Router takes care of address translation so that when that port/IP address combination is accessed from the internet, the request is forwarded to 192.168.1.2 (this is how NAT works). However, if I want to access my web site from another computer on my internal home network, I actually have to access the 192 address directly. If I try to go through the external interface of the Prestige Router then come "back in", so to speak, it doesn't work. I therefore need to maintain a sort of partial dual DNS, with one host name for the external internet name of my web site, and another name that maps to the internal address that I use for direct access to the machine from my internal network.

Conclusion

I hope this article has been helpful. If you have a home network with more than one computer on it, and your internet access is via cable modem or DSL service, using a Prestige 310 Router or a similar product is definitely a great way to configure your home network.

For more background information, please also see these two companion articles:


* Note: I have cable modem internet access from @home (Comcast), and I run a community-oriented web site on a unix machine through this connection. I don't particularly recommend that others do this, however; or at least I don't recommend that you run a business-related web site from your home via a cable modem link. This is for several reasons:
  • While running a web site was not against the rules when I first signed up for cable modem service from @home, they have since changed the rules and they now ask that their customers do not run web servers on their home sites
  • While download speed from the internet to your computer is quite zippy, averaging around T1 speeds, upload speed is really not very fast, averaging usually around only 140 Kbps. If you are running a business web site, you want your web site visitors to have faster access to your server
  • @home, or at least Comcast @home is not particularly reliable. I regularly experience erratic downtimes of several hours, and have at times been down for a day or more (once I was down for four days straight; Comcast stated that I could ask for a refund for the days I was down, but that would have amounted to something like only $5.00 so I didn't even ask)
  • I have noticed that in general the Comcast @home service seems to have periodic routing problems, or at least routing issues further causing sporadic downtimes
If you're going to start a business web site, get a dedicated circuit and possibly a backup circuit as well.
Please direct all question/comments about this article to lemke@plainsboro.com