[HN Gopher] Teaching a cheap ethernet switch new tricks (2019) ___________________________________________________________________ Teaching a cheap ethernet switch new tricks (2019) Author : throwoutway Score : 189 points Date : 2021-09-27 14:20 UTC (8 hours ago) (HTM) web link (blog.benjojo.co.uk) (TXT) w3m dump (blog.benjojo.co.uk) | caminante wrote: | Off-topic, but I just learned about another, practical networking | utility, yesterday. | | "powerline adaptors" [0] | | Basically, buy these adaptors and for ~$100, you can have create | a "wired" LAN connection using power outlets in a home. | | [0] https://www.techradar.com/news/the-best-powerline-adaptors | josteink wrote: | > Off-topic, but I just learned about another, practical | networking utility, yesterday. "powerline adaptors" | | Their performance depends on the electrical wiring in your | house. | | Ironically for me I've only managed to make them work on older | electrical installations, and even then it was at best 802.11n | speeds. | | In my current house (newly built 2018), I can't even get them | to handshake. I suspect it's due to improved electrical | standards and better isolation between different circuits | internally in the house, but I honestly don't know. | WaitWaitWha wrote: | They are excellent solution where you cannot run Ethernet to, | and do not want to use WiFi. | | I used it in home automation (Thank you Home Assistant) for | mostly sensors, and less important actuators, where I had | power, but could not get Ethernet, or WiFi. | | Anything else, very unstable and too much latency. | WorldMaker wrote: | It would be more practical in many places now to use leftover | "hardline" phone plugs, especially because when they are | disconnected from service they are sometimes quite literally | disconnected and you have much fewer concerns about bleedover | into neighbors. | | Speeds won't be great for that sort of ethernet-over-phone | wire, especially because most landlines used awful, cheeap | wires, but in some cases it is faster than powerline adaptors. | | Unfortunately all the companies that produce such equipment for | "phone line adaptors" sell only to the phone companies and | never directly to consumers. | | So many houses today have vestigial phone wires that no one is | using for anything. | zz865 wrote: | This happened to me. The phone lines are actually cat5 so | just need a new socket for home ethernet. That was a happy | day. | wl wrote: | I've seen a lot of phone runs done with cat5e. Phone line | adapters might not even be necessary in many cases, only new | wallplates! | gh02t wrote: | You can actually use old-fashioned four conductor phone | wiring for Ethernet, but it's limited to 10 mbps. Still | useful in a few situations if it's all you have available. | WorldMaker wrote: | It is nice if you are lucky and the installers weren't | cheap. I've seen a few of the places that use Cat 5 to | service phone cabling do crazy things in the walls like | split twisted pairs to different wall plates and bad cheap | phone transformers (that grossly bleedover noise across the | twisted pairs, entirely removing the benefits of twisted | pairs in the first place in some cases) in long Cat 5 runs. | | There's a lot of things that made Cat 5 cheap for running | phone lines in houses and most of them make Cat 5 useless | for Ethernet, unfortunately. | WalterBright wrote: | My house has all cat5e, and I've been very happy with it. | Much faster and more reliable than wifi. | moftz wrote: | Even if you could manage to find some ADSL+ equipment, you | are going to tap out at around 48Mbps, I'm not sure if you | can push unshielded, twisted 2-pair wire any faster. One | downside would be that all of the phone jacks in the house | are tied together, it would be a A->B kind of connection. I | regularly get much faster speeds with my powerline adapters | and if you have multiples paired, they create an actual | network on the powerlines. | toast0 wrote: | If you've got two pair, you can probably run 100BaseTx, | even if the cable is not up to cat5 spec, especially if the | runs are short and separated from other lines; Ethernet | specs are for 100 meter distances most of which is in a | tight conduit with other high frequency data transmissions. | Old in-home phone wiring is likely not tightly packed or | very long. | | If you've got an old house with old telephone wiring, it's | probably wired as a bus, if you want to re-use that for | ethernet, you'll want to split it up so each phone jack | gets wired as two ethernet jacks; one in each direction. If | you're using ethernet in the room, you'll need a (small) | switch, and you'll want to be careful to buy 10/100 | switches if you've only got two pair as Ethernet | autonegotiation can easily do the wrong thing and you don't | want to pay for managed switches in each room. If there's | no ethernet use in a room, still wire it up for two ports, | but put a small patch cable between the two. | | If you've got star topology phone wiring, there's a better | chance of cat5 cabling and 4-pair and you can run gigE. | GigE will sometimes run on cat3 for small distances too | though. The only question is if the central location where | the star wires meet is convenient for a switch. In a pinch, | you can use a PoE powered switch and power it from one of | the other ends of the star. | | Of course, some houses are a mix of star and bus or | generally some form of tree. Anywhere that there's a | branch, you want to put one ethernet port for each | direction. And hopefully all the branches are accessible. | | There's really no need for DSL equipment in your own home, | unless you've only got one pair wiring. | garaetjjte wrote: | >If you've got two pair, you can probably run 100BaseTx | | Well, 100BASE-TX will also run on single pair in half- | duplex mode. | | Alternatively you can also use powerline adapters over | any cabling (twisted pair/coax/whatever). Just instead of | connecting adapter prongs to power socket, connect to | your cable and feed there enough power to supply the | adapters. Around 50V DC (as commonly used by PoE | supplies) will probably be enough. | toast0 wrote: | > Well, 100BASE-TX will also run on single pair in half- | duplex mode. | | I mean, kind of, but I don't know how you get network | cards to run on a single pair? I'm actually interested, | because if it works for 100BaseTx, it probably also works | for 10BaseT, and I've got 10BaseT half duplex device I'd | like to network, but only one pair available (there's a | 3-pair cable run, but two are used for voice | communication). I've tried a commercial product (ETSLAN | Monoline Balun), but while I can get it to work a bit | when testing on parts of the line, it doesn't work across | the whole line; if I can just wire something more simple, | that'd be worth a try too. | garaetjjte wrote: | You just connect single pair, it should auto-negotiate if | other device supports it, otherwise you need to set mode | in network card settings manually. | https://i.imgur.com/xIsJJiN.png | toast0 wrote: | So just connect pin one and three to the white wire and | two and six to the solid color wire on both ends and it | should work as long as both ends are half-duplex? | rescbr wrote: | Oh, you can push old aluminum phone wire faster than 48 | Mbps! The VDSL2 service I use can reach up to 135 Mbps, and | while the wiring in my apartment is new, the building's | isn't at all. | techopoly wrote: | Can confirm, these are legit. Make sure you're aware of any | outlets on the outside of your building though, as these could | be plugged into with malicious intent. | severino wrote: | > Make sure you're aware of any outlets on the outside of | your building though | | I guess this also means inside your neighbor's home, if you | live in an apartment building, right? That's why those | devices typically use AES for encrypting the signal between | the paired ones. | cma wrote: | I would assume any neighbor's houses that come off the same | transformer too. | TakerofVita wrote: | You can also get these for running ethernet over coax as well. | Can't speak of the experience, though I'd bet it would be | better than over power because it is isolated. | | My apartment has some places that have coax runs but not | ethernet runs. | jchw wrote: | In practice, my problem with these is reliability. They can | have noticeable issues with maintaining an uninterrupted, low | latency connection suitable for real time use, in my | experience; and this was with a fairly high end powerline | adapter. This is unfortunate, because it would be very | convenient if you didn't have to deal with making ethernet | cable runs all over the place... | gattilorenz wrote: | > In practice, my problem with these is reliability. They can | have noticeable issues with maintaining an uninterrupted, low | latency connection | | True,especially when a microwave, washing machine or other | motor starts sending noise down the power line... | thecal wrote: | I've used these for over a decade with limited success. Their | performance is very specific to your wiring and can be fouled | up with lots of things. Mine was sometimes no faster than WiFi. | MoCA (Ethernet over coax wiring like for cable/satellite TV) | seems to work better. | Lammy wrote: | I had a lot more success with them after popping my | electrical panel open and rearranging the relevant outlet | circuits to all be on the same AC phase (making sure not to | unbalance the amperage load since some were 15As and some | were 20) | function_seven wrote: | I can't believe I haven't thought of that! | | I'm using a pair of TPLinks to feed a wifi router on the | opposite side of my house. The outlets are definitely on | opposite phases, but the powerline adapters still work | reasonably well. (~80Mbps). Now I'm realizing I should | probably swap a couple of circuits and improve that | connection. | EricE wrote: | It would be far easier to just get a phase coupler | http://cache-m2.smarthome.com/manuals/4826a.pdf | | But brute force works too :) | tylerfontaine wrote: | I have had these jump outside of my house. I realize how crazy | it sounds, but I had a pair (they were not encrypted - this was | long ago, and I don't even know if encrypted ones existed) and | my neighbor had a pair. I would, very occasionally, end up | getting DHCP answered by the router in their network. | | It took forever to figure out what was causing this, and I | eventually figured it out by doing a (very slow) IP scan of | every device on the network I was connecting to and finding a | machine named with their first and last name. Unplugged the | thing, and the problem went away forever. | | If it hadn't happened to me, it's something I would have | thought impossible! | | (edited a small typo) | toast0 wrote: | Doesn't sound crazy at all, there's not really anything in | your breaker panel or your meter or the outside wiring | designed to stop these signals, it's just that there's also | nothing designed to help the signals make it through all | that, so you wouldn't expect it to continue beyond your | house. Just like they tend not to work very well when used on | different circuits, they shouldn't work very well outside | your house, which is certainly not on the same breaker at | all. | | I think the newer ones all have some sort of | encryption/pairing system which at least helps you ignore | your neighbors transmissions. | EricE wrote: | There are phase bridges to ensure powerline signals are on | both phases in the typical US house, and phase filters | available that filter the powerline frequencies - they were | originally conceived not so much for leaking out, but | preventing noise from leaking in and interfering with | powerline stuff. | | X10 users have used them for years - you can find them with | vendors that specialize in dealing with the X10 community | or home automation; although with the wireless mesh | networks like Zwave or Zigbee a lot of the powerline stuff | has (thankfully) fallen by the wayside. | | Another way to get wired internet without possibly running | new cable is with MOCA - ethernet over coax. You can find | cheap DirecTV branded MOCA adapters all over the place. | Most are 100Mbps but if you watch the newer ones are | gigabit capable. | aksss wrote: | Ethernet over coax? That's some OG networking. Break out | those 10base5 adapters from ur possibles box. I guess | this is also the time to bring up the obligatory Ethernet | over barbed wire solution: | http://www.sigcon.com/Pubs/edn/SoGoodBarbedWire.htm | cvwright wrote: | Personally, I've had _much_ better luck with MOCA than | with powerline. Full gigabit speeds in an older 1940s | house using basic Motorola adapters off of Amazon. | thescriptkiddie wrote: | These are useful, but they add ~16 ms of latency, and depending | on the quality of wiring and appliances in your building they | can be very unreliable. A better option if you have RG-6 wiring | is MoCA. | bluedino wrote: | How much throughput does a device like this get with wireguard? | Hello71 wrote: | Normally, terrible. These systems are built with anemic, | usually single-core CPUs usually in the low 100s MHz. The only | way they can actually do gigabit switching is by hardware | offload to dedicated ASICs. Anything going through the main | CPU, even without encryption, will have terrible performance. | wyager wrote: | The author mentioned that 10gig switches were expensive and loud, | but these days you can get fanless 10gig switches for pretty | cheap. I have a fanless mikrotik switch at home with 4 10Gb SFP+ | ports that cost like $130 (and has excellent industrial design). | hosteur wrote: | Cool. Which one? | cure wrote: | Presumably the CRS112-8G-4S-IN, though I'm not sure that | those SFP cages can do 10 Gigabit... | dale_glass wrote: | That won't do, no. You need SFP+, for example | https://mikrotik.com/product/css610_8g_2s_in | wyager wrote: | CRS305-1G-4S+IN | baybal2 wrote: | You don't need ONIE, nor any of that "Open" Compute stuff. | | Linux has recently got native framework for control of switching | chips called "Distributed Switch Architecture." This turns a lot | of very cheap hardware with very basic hardware switching chips | into high performance routers. | ComputerGuru wrote: | Can that do L2 port management as well or is it restricted to | L3 operations? | stephen_g wrote: | Yes. For example, if you bridge switch ports, it actually | sets up the switch to do it in the switch hardware instead of | in the kernel. | stephen_g wrote: | I don't think there are any DSA drivers for Broadcom switch ICs | (like the one in the device in the article) though? At least | not in mainline last time I checked... | | EDIT: No, actually, I was mistaken - there is one Broadcom | series supported now I look again, BCM53xx, of which the one in | the article does indeed appear to be. Looks like since the 4.8 | kernel though, so not in the 4.4 kernel that comes with the | device. | josteink wrote: | OpenWRT 21.02 supports DSA for select devices OOB (replaces | swconf) and ships with a really recent 5.4 Linux kernel for | all supported devices. | | So going for a cheap, 2nd hand router supported by OpenWRT is | probably the easiest and cheapest way there. | dhess wrote: | Interesting! Is there a site that documents which off-the-shelf | switch models work with DSA? | wtallis wrote: | The most recent release of OpenWRT has started to migrate to | DSA: https://openwrt.org/releases/21.02/notes-21.02.0#initial | _dsa... | | Their table of supported hardware for each of the platforms | now using DSA probably includes all of the most affordable | devices, since OpenWRT is mostly focused on consumer-grade | equipment (and mostly routers/APs, but they support some | purpose-built switches using Realtek CPUs). | geenew wrote: | My main thought reading this as a non-network admin was of Mr | Robot, and all the Linux installs on low level hardware used for | hacks on that show. | | Very interesting read and lots of upside to what is discussed, | but the thought of the uncountable, almost invisible operating | systems running in a large network give me a odd feeling in the | pit of my stomach. So many potential places for malfeasance to | hide. | myself248 wrote: | Keep that feeling in the pit of your stomach for a few years. | Watch as a multitude of forces (mostly related to surveillance | capitalism) foist billions of such devices on unsuspecting | consumers. Tell anyone who'll listen, how shortsighted this is, | how much of a fall it's setting us up for. | | Watch it happen anyway. Watch it accelerate. Watch the devices | grow in complexity, capability, connectivity, and | vulnerability. Watch innumerable manufacturers go out of | business with no software-update succession plan, no code | escrow, no upgrade path for victi^H^H^H^H^H end users. | | The pit of your stomach gets pretty damn sick of the state of | things. | matheusmoreira wrote: | Cyberpunk used to be fiction. It disgusts me when I realize | I'm already living in it. | inetknght wrote: | Wait until you hear about the Internet of Things | bonzini wrote: | Also known as the Internet of Things That Should Not Be on | the Internet. | jjoonathan wrote: | The 'S' in 'IoT' stands for Security. (Old but good.) | kragen wrote: | They're not potential; do you know about Intel ME, cellphone | baseband firmware, Apple's new on-phone CSAM scanning plans, | and yellow printer dots? | jaywalk wrote: | Intel ME and cellular baseband are particularly worrisome. | They are essentially separate and inaccessible (outside of | very restricted APIs) systems with their own CPU, running | their own OS and applications with the lowest level access to | all hardware. | kragen wrote: | Thanks for the correction! | matheusmoreira wrote: | Cellular baseband modem is especially evil since lack of | software freedom is mandated by law. It controls the | phone's radiofrequency emissions which means it must only | ever run government-approved software. There's just no | telling what this thing does and the best we can hope for | is isolation from the rest of the phone. | sbierwagen wrote: | Another fun one is the "EURion constellation", a set of | features on printed currency that photoshop and color copiers | will read and then refuse to operate on: | https://en.wikipedia.org/wiki/EURion_constellation | coding-saints wrote: | I love I can still unexpectedly find a post that reminds me of | why I even decided to focus on tech-related career. Great | article! For me, following you down the rabbit hole is better | than the result. Thanks. | Amin699 wrote: | This kernel is actually pretty new! This is a good sign for us, | since embedded devices have a habit of running reasonably old | kernels with limited features. The downside is that there is | generally very limited support for ONIE devices running arm, and | after a large amount of searching, there are no compatible ONIE | images for this device at all, other than the already installed | Dell OS. | m463 wrote: | I've been running openwrt on switches for a while. | | I originally had two mikrotik rb2011* switches and a rb750gl, now | I have two rb3011 switches. | Damogran6 wrote: | I'm not seeing them on this side of the pond for less than about | $425...did the author drop a zero in the price? | rusk wrote: | _Sadly since the majority of these [ONIE] switches are aimed at | datacenter deployments they are generally unsuitable for use on | my desk. ... On top these switches would be aggressively priced | out of my budget ... That was until I found the Dell N1100 | series, ... And I found a cheap vendor that sold refurbished | ones for around 85 GBP._ | | > did the author drop a zero in the price? | | Not far off ... | benjojo12 wrote: | (Author here) These switches got a lot more expensive at the | start of the pandemic, I think the chipsets became hard to | source. | dspillett wrote: | Some network devices and other kit became harder to find | (or jumped in price) as people upgraded their home | environments for working from home. While many buying for | themselves would have stuck with even cheaper consumer- | grade kit, companies that wanted to monitor/manage their | remote workers' network would have wanted something that is | possible to monitor/manage from afar (which a bog standard | "dumb switch" wouldn't offer). | navaati wrote: | Oh the horror, does that actually happen ? | anonymousisme wrote: | The Dell N1100 is a nice switch, but a relatively new product (<3 | years old). Also, the article mentions how noisy the cooling fans | can be in "enterprise" grade switches, but they are quite loud in | the N series too (at least in the case of the N3048). Early this | year, I got contacted by DellEMC via a voicemail message, which I | initially thought was spam or phishing because they should have | used the email associated with my DellEMC support account. It | turned out that the voicemail was legit, and the message was that | I needed to update the firmware in all of our switches (including | N1100) before 7/27/2021, or they would all stop working(!) It | turns out that the feature license management system had a root | certificate that was due to expire, and all licensed features | would cease to function if the switches were not upgraded. I | spent about a day on the phone with them upgrading our switches, | and (almost) everything turned out okay in the end. | | Below is my survey response to their support feedback request: | | 1) The products should not have a built-in time-bomb that causes | them to stop working after only a few years. | | 2) Dell should have informed us of this issue by email. Instead | they left a very "phishing" like voicemail on a manager's phone. | (Not the phone of the registered point-of-contract for the | cluster.) Perhaps this was done to avoid leaving evidence of #1 | above? | | 3) I spent over an hour on hold when I returned the call, and was | then disconnected. After trying again (to an extension other than | the one given in the message), I reached somebody who confirmed | the issue. I spent another four hours on the phone resolving it. | | 4) Shortly after all of the above, I discovered a new issue that | severely impacted the cluster. The n3048 switch would no longer | auto-negotiate a 100Mbps Ethernet link. Our network watchdog | device (iBoot) was continuously cycling the power on our Internet | Ingress (ONT+ASA). | | 5) I spent even more time troubleshooting and resolving this | issue (by locking the iBoot port to 100Mbps instead of leaving it | on Auto). | | 6) I did not waste any more of my time by reporting this issue. | The technician I worked with to upgrade these switches assured me | that the firmware releases we used were "stable". | benjojo12 wrote: | (Post Author here) | | The non POE N1100's are fanless, Thankfully don't really | contain any features that would require licencing, that being | said also has no hardware Layer 3 capability, so not really in | the same class as the N3XXX or N2XXX's | | The licencing thing does suck though, that's poor from Dell who | normally (at least switches wise) do a reasonably good job for | the price. | WalterBright wrote: | > The products should not have a built-in time-bomb that causes | them to stop working after only a few years. | | First Turtle Beach bricked my Audiotron by abandoning the web | site required for it to function, then Grace Digital bricked my | three GD streaming devices for the same reason. | rusk wrote: | Minor Quibble: PS85 is not a cheap ethernet switch. | | It's an entertaining and informative read, but it's more like | low-end datacentre hardware than that cheap EUR25 switch I've got | in my home office. | | A little disappointing as I was hoping I'd have a cheeky high- | bandwidth raspberry-pi alternative on my hands ... | bserge wrote: | My favorites are TP-Link's WDR3600/4300, AC1200 and AC1750. | Yeah, not switches per se, but $20-40, Gigabit Ethernet, dual | band Wifi, very stable and fast with OpenWRT, can do anything. | You can daisy chain a few of them if you need more ports, it's | rather fun. | potiuper wrote: | Or instead of being a penny pincher get an AX wireless router | and not contribute more ewaste. | brnt wrote: | Which would you recommend? | potiuper wrote: | The AX series is the current TP-Link offering for most | use cases starting at ~$80: https://www.newegg.com/p/pl?N | =50012120%20100158096%206013568... In addition, the | AX3200 Belkin (RT3200) is $100, and the $140 Linksys | (E8450) are both listed as supporting OpenWRT. | danhor wrote: | It seems like at least the TP-Link AX50 won't have | openwrt support anytime soon (or more likely at all), so | even worse for long usage times. | thedougd wrote: | The EAP660 is pretty good. I replaced a few mesh routers | with a single EAP660 on a second floor ceiling. I like | that they allow you to run a single one without a | controller. I'm happy to no longer tie my router to my | access point as it was getting to be a bit too much | effort to make changes or upgrade before I split their | roles. No WRT support, but I don't think that's a concern | for just an access point. | sbierwagen wrote: | If you really are futureproofing, note that most AX (Wifi | 6) equipment today doesn't support the new 6ghz frequencies | recently allocated to wifi. For that you need "Wifi 6E". Of | course, 6E stuff is quite expensive right now. (Expect to | pay $400+ per node) | bserge wrote: | Heh, I only have 4 of them and they're not going out of use | anytime soon. Bought all of them used, of course. | | One works as a main router for a fiber Internet connection | (via a dumb SFP-Ethernet D-Link switch), 2 handle the | "Intranet" 1 house + 1 workshop (Wifi bridge via one band) | computers, printer and NAS, and one is with me, acting as a | repeater bridge. | | If I buy anything new it'll habe to support OpenWrt or I | stick with AC1750s lol. | | Even Wifi N 300 is enough for my needs, computers are wired | and my phone doesn't need AC speeds. | teh_klev wrote: | Well it's cheap'ish for a _managed_ gigabit switch...and | "managed" is where you begin to add $$$, even in cheapo world. | | Also current price on ebay for a refurb N1108T-ON unit is 360 | quid, so I reckon relatively speaking you could say it's cheap. | gertrunde wrote: | Yeah, I found the same thing on the prices - but | interestingly looking at completed sales, prices are more | like ~PS100. I'm assuming something has recently changed to | make people mark them up more, and no-one's biting yet. | throwaway35i2 wrote: | it's cheap compared to the PS3,000 one normally pays for | datacenter switches. | rusk wrote: | > it's more like low-end datacentre hardware | | yep covered that | dsr_ wrote: | It's an amazingly cheap 10g switch. (It has 4x10g along with | the 1g ports). | | It's even a very cheap fully managed switch. | justinsaccount wrote: | It has zero 10g ports: N1108T-ON: 1GbE | Port Attributes Multi-speed: 8x 10/100/1000Mbps | half/full duplex RJ45 ports 1GbE Port Attributes | Single-speed: 2x 1000Mbps half/full duplex RJ45 ports | Integrated 1GbE SFP dedicated ports: 2 Integrated 10GbE | SFP+ dedicated ports: N/A | dsr_ wrote: | My mistake. OK, it's just a reasonably cheap fully managed | switch (at 85 pounds, anyway). | gertrunde wrote: | Easy mistake tbh - the larger switches in the range (i.e. | 24 & 48 port models) do have 4 x 10Gb ports, and aren't | much more pricey. | system2 wrote: | TP-Link 5 port ethernet switch is cheap which is $12. The one in | the article is not, which is $690. I know companies with server | included budget less than this "cheap" switch. Nice tricks but | clickbait title. ___________________________________________________________________ (page generated 2021-09-27 23:00 UTC)