Our internal network using Apple Products (part 2)

Good Morning all, if you are still with me from yesterdays introduction to our network blog post which can be found (here), then you are in for a real treat as I take you into what is currently connected to the core network. As previously mentioned we currently operate four business’ plus have to deal with personal traffic (social browsing and emailing).

As we use Mac’s of one form or another we have time machine configured and enabled to perform its backups to the NAS, the NAS is another one of my over-engineering projects in the form of a Synology DS1813+ running 32Tb of RAW disk space and 4Gb of RAM, this has 4x 1Gb links bonded, this is where everything local goes to be archived and retrieved from.

Controlling the network and its security is what is affectionately called the iServer, it’s a Mac Mini from here I host the Apple Server Applications as well as some of the guest OS’s that I use for various testing, but we will get to the Mac Server and NAS in another blog post J, on with the internal network clients.

The goals of the network

When I set up this network from its beginnings to where it is now, I had several goals they are set out in the previous blog post, but in addition to those reasons I have set out a few of the others, as I know at least one person (Sarah), who is going to be reading this and it is all finally making sense to her, especially why all the frustrations she experienced happened and how they got sorted. So just a quick recap of the reasons here.

What we had

  • Using the Linksys top-end equipment for consumers gave me a headache
  • Using what we had did not fit the requirements on reach
  • It was a complicated wireless mesh setup
  • It got bogged down and frequently required rebooting
  • Time machine backups were taking forever (even the small ones of less than 5Gb)
  • I had to reset an access point at 22:00 in the snow one night, this was not fun in my PJ’s having to go outside to the kennel office to reset an access point just so that we could get screen sharing to work (reservation charts for kennels so Sarah could provide her customers with a service pretty much round the clock)
  • The frequent crashing and outages of the network did not pass the girlfriend acceptability test (GAT), this caused something called Geek Boyfriend Annoyance Syndrome (GBAS).

What I wanted

  • Clutter-Free Networking
  • Turnkey set it and forget it administration
  • The wireless mesh to be backed by a wired connection so I could lay a cable up to 90 meters away, stick an access point on the other end to extend the WIFI
  • Something that I could reset from my iPad (GAT tested and approved)
  • Something that would see me through the next three years’ upgrade cycle, in terms of support and capacity
  • Something that looks good and pleasing to the eye (to pass the GAT) as I knew we would have multiple devices throughout the property
  • A device that I could use the features on if I so wished or lessen the burden on the devices and use the iServer to do the day to day tasks such as DHCP, NAT etc.

Client Devices

Ok for this to make sense I have split this up into three parts as we have me and my very understanding other half Sarah, who all this has to pass through to get accepted (remember the GAT test), further to this we have a lot of shared infrastructure, such as smart TV’s, the server(s) and associated things that Sarah uses but without realising that she is ;).

Shared Devices

Sony TV (Living Room)Sony Network Blu-ray (Gym)
Sony TV (bedroom)Apple TV (Gym)
Sony Network Blu-ray (bedroom)Synology NAS DS1813+
Cisco SG200 8 Port Managed SwitchPS 4
CCTV Security SystemHP Office Jet (upstairs office)
Epson XP-625 (Upstairs office)Epson WP-4545 Business Inkjet
Living Room Airport ExtremeKitchen Airport Extreme
Kennel Office Airport ExtremeUpstairs Office Airport Extreme
Bedroom AirPort ExpressKenCAM1
KenCAM2Mac Mini Server (late 2012)

Yes, I have added the networking equipment, mainly because these are client devices in how they are set up to work with the iServer and they pretty much just do as the server tells them to do, they also sometimes have USB sticks plugged into them as quick and dirty shares (especially the upstairs office and kennel office ones). We also have an older Dell rack-mount server that is currently not used and I have thought about a gaming rig for remote play using Steam but to be honest, I like Mac kit and I don’t have a rack.

My Devices

MacBook Pro (Mid 2015)iPhone 6 128Gb
27” Thunderbolt displayiPad Mini 3 128Gb (wifi)
iPod Touch 128GbSpiceWorks Service Desk Virtual Machine
Apple WatchPS Vita Gaming System
Steam PC (windows based virtual for remote play from steam)

In addition to the above, I am starting to build an OEM looking in-car Mac computer that will take on the same looks like the original BMW Z4 system, I am just figuring out how it will all work and hang together using the shell and motor of the OEM BMW screen. The first job is currently reverse-engineering the stepper motor.

Sarah’s Devices

Mac Mini (Mid 2015)iPad Mini 16Gb
27” Thunderbolt DisplayiPhone 6 Plus 64Gb
21.5 Imac (2011)Apple Sport Watch
17” MacBook Pro (late 2011 (my cast off))Old Toshiba Laptop (dis-used and unloved)

From the humble windows user to Mac fangirl, Sarah has come a long way from only having a Windows laptop, an old Acer desktop (with a USB Wifi dongle) and an iPhone, to being kitted out with pretty much the Apple Store. Word to the geek’s Apple products pass the GAT so well you and your better half may as well just convert to all things Apple, it makes life so much better J. In a future blog post I will have Sarah do a guest spot for you to talk about life living with a geek and how I converted her to Mac’s.

Typical Usage

Ok so you have seen in Pt1 the setup we have for the network and in this post you have seen the 37 devices that are connected to it, so as you can see for two people this is a lot of equipment and data flowing on the network, so you can understand why the Linksys and previous equipment bought the farm every couple of hours, most consumer-grade equipment is rated for a maximum of 15 devices, added to this the streaming of music, video, virtual machines and other general data, it’s a lot for the network to cope with, so hence the high core network device count. On with the setup.

The Upstairs office – this is the nerve centre of the operation, it serves as a warm snug area, away from the kennels where I can work in peace, its also where Sarah works 60% of the time when she isn’t in the kennels, walking dogs & kennel office, it’s also where she does the sewing and other associated work for her other businesses (it can get noisy at times). Its also where a lot of the traffic is generated from, as I have my MacBook Pro and Apple Display up here as well as when I am here the iPhone and iPad, Sarah also has her iMac and Mobile devices here as well, this room can generate up to 200Gb of traffic a day, when you take into account, screen sharing, Time Machine backups, streaming films from the NAS or one of the Blu-ray Players (something I like to do when working). In addition, we both have our network printer on our respective desks.

Living Room – this is the epicentre of where all the data ends up or is streamed from, this room alone can see up to 1Tb of data per day either being written to it or streamed from it, all the entertainment and business data ends up in one way or another here. It’s also the inlet for the Satellite Broadband and when in use is the endpoint before going out to the internet. This room also links the kennel office to the rest of the network. Due to the high numbers of wired connections here, it is where the 8 port switch lives as well.

Kitchen – surprisingly this is another hotspot, it’s the endpoint for the ADSL line when in use and it is the router that links the upstairs office and bedroom to the rest of the network, everything generated upstairs goes through this Airport.

Kennel Office – this is where Sarah lives when its warm or she has had enough of me and wants to get some work done J. This is where her mac mini and Thunderbolt display live, its also where the big workgroup printer is. It is also the Airport Extreme that connects the two KenCams to the network.  On a normal day, traffic is fairly light with up to 4Gb per day, on a bad day or when Time Machine is doing a full backup this can rise to over 100Gb per day,

Bedroom – very little happens here (GF edit (GFE): big lols as I edit this), in the terms of data transit (of course). But it is where we (yes even Sarah), use our iPads, iPhones and laptops as well as the Blu-ray player and smart TV to stream from the NAS using Plex. With the airport express, you can stream music to it just attach speakers and then stream your music from one of your devices over the network using airplay. This isn’t a very interesting room (GFE: what?).

The Gym – this room is another of the less interesting rooms (GFE: only to you darling) located adjacent to the kennel office. This just has a non-smart TV connected to an AppleTV and has a network Blu-ray player, this is all connected to a soundbar, great to just connect up your music or watch some spinning workouts over airplay whilst working out (Sarah Mostly, me…….not so much 😉 ). The devices in this room connect wirelessly to the kennel office Airport Extreme.

How It’s Wired

The Switch

Cisco SMB200
  • Ports 1 to 4 this is a LAG for the bonded ports on the Synology NAS, this has a lot of connections to it at one time.
  • Port 5 – this is the iServer Mac Mini
  • Port 6 – CCTV device
  • Port 7 – Living Room TV
  • Port 8 – Connects to the Living Room Airport Extreme

Living Room Airport Extreme

Airport Extreme rear
  • WAN Port (closest to Power cable) – this is either the Satellite Modem or the connection to the Kitchen
  • Port 1 – This is either to the kitchen or Empty
  • Port 2 – This is the connection to the kennel office
  • Port 3 – This is the connection to the switch

The Kitchen

Kitchen Airport
  • WAN Port – Connection to Living Room or ADSL Modem
  • Port 1 – Connection to Bedroom
  • Port 2 – Connection to Upstairs Office
  • Port 3 – Empty or connection to Living room

I must apologise for the poor (very poor actually) cabling done here, it was done in haste whilst Sarah was on a shopping trip, when I wired this because in my head once it was in Sarah would not be able to moan thinking (I was wrong, so very wrong) however its not on the list of priorities to sort but its on a list somewhere. Eventually, when we finally get a decent connection to the internet, the card payment machine will be connected permanently to port 3 but for now that connection is to the ADSL modem because it doesn’t like the satellite broadband (can’t think why???).

The Bedroom

Airport Express
  • WAN Port – Connected to Kitchen
  • LAN Port – Connected to the Network Blu-ray

Upstairs Office

Office Airport
  • WAN Port – To Kitchen
  • Port 1 – Thunderbolt Display
  • Port 2 – Sarah’s iMac
  • Port 3 – Spare use or project port 😉

The Kennel Office

Kennel Office
  • WAN Port – to Living Room via external Cat6a shielded cable (500Mhz)
  • Port 1 – Mac Mini
  • Port 2 – Thunderbolt Display
  • Port 3 – Epson Workforce print

Why are the AirPort Devices Wired?

Well, this is a very good question, and in most homes, this is not a bad way to go about quickly expanding your WIFI connections reach. So Long as you can see the main router this is the one that connects to the internet. If you can’t see this device then you can’t expand the network and is exactly the issues I had with the Linksys and previous network design.

When the living room is the main connection, the bedroom and upstairs office and kitchen have really good connections, in fact you actually wouldn’t require more than just the living room’s connection, but unfortunately the kennel office cannot see the living room’s Wifi signal and so the connection drops frequently either on 2.4 or 5Ghz, this causes a girlfriend annoyance and so causes boyfriend pain in neck. When the kitchen is the main router all devices can see each other wirelessly however the WIFI link to the kennel office is only 10Mbs (even on 802.1AC standards) the walls and other wireless devices scatter the signal, even beamforming cannot help the signal any, below is a simplified WIFI signal connection from kennel office to kitchen.

  • The wall behind the kitchen router
  • The exterior wall of the house
  • Conservatory
  • Bit of a gap
  • Exterior wall towards the house of the gym
  • Bit of a gap and maybe a Sarah on the treadmill
  • Other side wall of Gym
  • Wifi Router in Kennel

Add a few atmospheric disturbances or rain and it’s a wonder how it ever worked in the first place, but it did. These are the extremes of the network reach and certainly not a very reliable way to connect everything together, even with the Airport Extreme’s, Sarah’s desk in the kennel office was the absolute dead-end of the network, adding an extender helped get this signal to parts of the kennel block but not very well due to another wall and a couple of windows and a metal mesh impeded the signal penetration.

Adding Cat6a was the logical answer to this, because of how the routing works you can take any one of the routers and add a network cable to one of the ports and then the other end connect it to the WAN port and extend to your heart’s content.

Different ways of Extending the network

Roaming Network (Ethernet-connected Wi-Fi base stations)

Apple 1

For 802.11n Wi-Fi base stations, creating a roaming network is by far the best choice. This will provide the best throughput between the base stations and your Wi-Fi devices.

This set up requires that your Wi-Fi base stations are connected via Ethernet.

The primary base station provides DHCP Services, while the extended base station will be configured to use bridge mode.

All Wi-Fi base stations within the roaming network should use the same passwords, security type (Open/WEP/WPA), and network name (SSID).

Apple 2

You can add several extended Wi-Fi base stations to expand a roaming network.

Apple 3

You can incorporate a network switch if you don’t have enough LAN ports available on your primary Wi-Fi base station

Wirelessly Extended Network

If you are unable to build the recommended roaming network, then a Wirelessly Extended Network is the next best option.

Apple 4
Apple 5

To create a Wireless Extended Network, you must place the extended Wi-Fi base station within range of the primary Wi-Fi base station.

Extended network range consideration

Apple 6

In the above example, the primary Wi-Fi base station ➊ is out of wireless range of the extended Wi-Fi base station ➋, therefore the extended Wi-Fi base station cannot join or extend the wireless network. The extended Wi-Fi base station must be moved to a location that is within Wi-Fi range of the primary Wi-Fi base station.

Important note

Apple 7

If another extended Wi-Fi base station ➋ is placed between the primary Wi-Fi base station ➊ and the extended Wi-Fi base station ➌, the extended Wi-Fi base station ➌ will not allow clients to join it. All extended Wi-Fi base stations must be in direct range of the primary Wi-Fi base station

So as you can see from the above examples (credit: Apple website) I have gone for the Roaming Network setup, this gives me the greater range and flexibility for any future expansion, I could even mix it up a little bit and extend the Wi-Fi coverage rather than cable in another, I could use the two Linksys range extenders I have sat on the shelf if it required it, because of this freedom for the future this is why I have set up the airports in this way. In the future, I would potentially like to add in a further Airport Extreme to the other end of the kennel block to further the range into the field but this may or may not pass the GAT.  Plus for now, I have WIFI where I need it, even from the car to sync my iTunes to the Car’s IPod through WIFI and Sarah is happy because everything is simple (GFE: are you saying I’m simple?) to use and its finally reliable, this makes me happy because I don’t get it in the neck because its not working

Wow another long blog post, I hope I have kept you interested and not bored you to death with this one, in the next installment, I will talk about the roles of the iServer and the NAS, and what they have to do with the setup and control of the AirPort Extremes and how I got DHCP working from the Apple Server app and not from the Airports themselves, I will also go a little more into the technical aspects of IGMP routing protocol and setting up LAG’s on a managed switch.

I was supposed to write this all up in one go, but because of the setup and explaining why it has been done the way it has, I thought it better split into several posts, but join me again for the final post on our internal network, then we can move on to some really good old technical stuff and operational stuff to be aware of when project planning as well as how to write better proposals and technical documentation.