You've got your DSL connection. You're using an ISP-provided DSL bridge (aka DSL modem). Your LAN is routed through one computer that accesses the Internet with network address translation (NAT) or proxy services. Your service is OK, but you feel there are definitely some weak spots.
Where are the weaknesses?
The most obvious weakness is that Internet access depends on one computer. If that computer is a server, it's probably up and running most of the time; but then you-know- what happens, maintenance is required, and so on. And, of course, such things will happen at the worst possible moment for someone on the network.
Another weakness is that the computer serving as the router/NAT runs at least four pieces of software that consume resources: DHCP, NAT/Proxy, the Point to Point Protocol Over Ethernet (PPPoE) service, and the DSL connection software. All are OK, but consume valuable resources.
Also, your DSL probably goes down more often than you'd like. When this happens, the software establishing the connection to the DSL must continually retry the connection -- or, more likely, try a few times, then give up until an administrator instructs it to try again. We were offline for 6-8 hours last week because no one restarted the DSL connection. The actual outage was probably much shorter.
Where do you go for improvements? For a minimal investment ($80-$150, depending on brand), you can add a DSL/cable modem router, a semi-intelligent box that sits between the DSL bridge and the LAN. A router is smart enough to continually retry the DSL connection after it goes down. It can also provide some valuable services to your LAN and lighten your server's workload.
Thanks to several vendors, I was able to try three different routers: a Hawking Technology PN9225 10/100 Broadband DSL/Cable Router, a Trendware TW100-W1CA, and a Linksys BFSR11.
Three DSL/Cable Modem Routers
|PAT||10 TCP/4 UDP||Unspecified||10|
|Telnet||Yes||Yes (port 333)||No|
|Configuration||Use browser||Use GUI||Use browser|
Each of those devices connects in the same way: a category 5 network cable goes from the DSL bridge to the router, and another cable goes from the router to the hub or switch. As with other devices of this nature, you sometimes need a crossover cable, sometimes a straight-through variety. Some setup is required for each, and depending on the capabilities you choose to use, some networking skills may be handy. The Linksys has a nice feature: a switch that changes the LAN port from MDI to MDIX, so you can use either type of cable.
All three devices allow you to do configuration over an IP-based network, and each comes configured with a default IP address. None of the devices was hard to set up. A little knowledge of your network can make this a lot easier.
The table below lists the products' features and differences; at the end of the column, I include some notes on setting up the PN9225.
While all three devices are probably adequate for home use, the Hawking Technology PN9225 has some advantages for the small business or remote office. The Trendware router, though, had some serious shortcomings. I've summarized those below the features table.
The important differences between the boxes are the way they handle port address translation (PAT) for incoming traffic, the inclusion of a demilitarized zone (DMZ), and the completeness of the DHCP.
Of the three, only Hawking allows DHCP reservations -- an address assigned to a network adapter based on its permanent MAC address. This allows servers, for example, to use DHCP to get their addresses without the address bouncing around. In my network, I set up reservations for all permanent, resident PCs. In this case, DHCP is used to change the configuration when necessary and to document each computer's IP address. Transient PC's get an address from the pool of unassigned addresses.
For incoming traffic, all three devices provide some form of rerouting based on IP port number. The Linksys and the Trendware, however, force the connection to the internal computer to use the same port number as the incoming request. Hawking allows the internal port to differ from the original. For example, if you have two machines behind the router that provide WWW service, both use port 80. You can tell the Hawking to reroute port 80 requests to one machine, using port 80, while requests on port 81 can be routed to the other machine but mapped to port 80. The same holds true for Telnet, FTP, etc.
Finally, if you use one computer for lots of stuff, it might be helpful to just open it up to any port request that it will process. Example: You have one machine that does FTP, HTTP, Telnet, POP3, and SMTP for employees connecting over the Internet. Rather than program every required port into the PAT table, set the machine up as the DMZ machine; all requests to ports not translated by PAT will be sent to the DMZ computer.
I would like to see a DNS service for the internal network, but none of these devices provide it. You'll need to either put HOSTS tables on all the computers for naming of the internal network or run WINS or DNS on a server. I'm keeping my DNS and WINS on the prime server.
If you have DSL or cable modem service, these devices are worth the small investment. I'd stay away from the Trendware, at least until they fix the problems I have described. The street prices for the Hawking Technology and Linksys boxes are similar.
Example of setting up the PN9225
The PN9225 has both a Telnet and a Web interface to do its setup. It comes with a default IP address of 192.168.10.10 and a netmask of 255.255.255.0. After the cables are connected, you will need to add an address in the 192.168.10.x range to a computer on the network, to let it talk to the PN9225. I chose 192.168.10.1. Any address from 1 to 254, except 10, will work as the last octet. I started up Internet Explorer and asked it to go to 192.168.10.10; voila, an authentication screen appeared. Using the default user ID and password got me into the configuration pages. I used the wizard to do the initial setup, then explored the Advanced Setup pages. Once the configuration was done, Internet connectivity was established. It has been much more stable than without the router: outage recoveries are automatic and IP address changes are invisible.
Problems encountered with the Trendware W1CA
- For incoming traffic, it appears the Trendware device will only allow a single connection on a particular port. For example, if I'm connected via Telnet to a server inside the LAN, and something hangs, I can't open another Telnet session to kill the first process without completely disconnecting the first connection.
- There were some real problems with incoming requests. If the internal server transmits a large amount of data, it seems the Trendware box will lose the connection. I tried to use VNC (a freeware remote control program) on all three devices. Hawking and Linksys didn't have any problems, but the connection would not work with the Trendware router.