Subnetting 101

More information on IP networking:

Most radio station networks that I have seen are divided along several different lines based on functions.  These functions are:

  • Office network; E-mail, document storage and retrieval, printing, applications like traffic and billing, promotions, music scheduling and so on
  • Automation network; automation servers, workstations and audio editing machines used in production
  • Audio over IP (AOIP) network; any AOIP consoles, devices or STL equipment
  • Voice over IP (VOIP); telephone system
  • Wireless LAN; WLAN or WIFI

It is helpful, then, to segment the network into different broadcast domains to reduce the congestion on any one network.  That is where a good subnetting scheme can be beneficial.  Subnets segment the network into smaller parts, reducing the amount of broadcast traffic and increasing network speeds by reducing MAC table sizes, and thus switching and lookup times.  They also can secure certain areas of the network from the outside or other subnets, adding a level of security.  For example, it may not be a good idea for the automation computers or the AOIP consoles to have access to the internet.  Certain functions in routers and switches can be enabled for that added security.

It is also important to efficiently use IP addresses in a large organization where WANs are used.  The better the subnetting scheme, the easier it is to understand and the better it performs.   Avoiding or reducing discontiguous networks is key to efficient and speedy routing.   That is an important consideration where applications like AOIP and VOIP are concerned

To really understand subnetting, it must be broken down into the fundamental parts.  This pertains to IPv4, which will likely remain in use for quite some time.  The big chart, class B networks:

3nd  octet 4th octet CIDR Decimal Wild card Hosts 3rd Up by Subnets
00000000 00000000 /16 255.255.0.0 0.0.255.255 65,534 255 0
10000000 00000000 /17 255.255.128.0 0.0.127.255 32,766 128 2
11000000 00000000 /18 255.255.192.0 0.0.63.255 16,382 64 4
11100000 00000000 /19 255.255.224.0 0.0.31.255 8,190 32 8
11110000 00000000 /20 255.255.240.0 0.0.15.255 4,094 16 16
11111000 00000000 /21 255.255.248.0 0.0.7.255 2,046 8 32
11111100 00000000 /22 255.255.252.0 0.0.3.255 1,022 4 64
11111110 00000000 /23 255.255.254.0 0.0.1.255 510 2 128
11111111 00000000 /24 255.255.255.0 0.0.0.255 254 1 256

Class C networks

3rd octet 4th octet CIDR Decimal Wild card Hosts 4th Up by SubnetsB SubnetsC
11111111 00000000 /24 255.255.255.0 0.0.0.255 254 255 256 0
11111111 10000000 /25 255.255.255.128 0.0.0.127 126 128 512 2
11111111 11000000 /26 255.255.255.192 0.0.0.63 62 64 1024 4
11111111 11100000 /27 255.255.255.224 0.0.0.31 30 32 2048 8
11111111 11110000 /28 255.255.255.240 0.0.0.15 14 16 4096 16
11111111 11111000 /29 255.255.255.248 0.0.0.7 6 8 8192 32
11111111 11111100 /30 255.255.255.252 0.0.0.3 2 4 16384 64
11111111 11111110 /31 255.255.255.254 0.0.0.1 0 2 N/A
11111111 11111111 /32 255.255.255.255 0.0.0.0 0 1 N/A

The terms “Class B” and “Class C” networks are outdated.  Basically, I broke the chart up along a classful boundary to make it easier to read.

An IP v4 address consists of four octets of binary data. A common example is 192.168.1.154, which in binary numbers looks like this: 11000000.10101000.00000001.11111110. It is converted to base ten numbers (dotted decimal) so that we humans can deal with it. A typical subnet mask seen in many office networks is 255.255.255.0, which in binary looks like this: 11111111.11111111.11111111.00000000.  When a router receives a packet, it does something called an “ANDing process.”  When a router ANDs, it overlays the subnet mask on the network address and uses the following function: 1+1 = 1, 1+0 = 0 and 0+0 = 0.  Thus, in the above example, a router AND would look like this:

Dotted Decimal Binary Octets
192 168 1 254
255 255 255 0
192 168 1 0
11000000 10101000 00000001 11111110
11111111 11111111 11111111 00000000
11000000 10101000 00000001 00000000

The subnet mask is telling the router to ignore the last octet, thus saving a bit of time and processing power.  It may seem very small and insignificant.  When considering that routers make sometimes hundreds or thousands of routing decisions in a second, even a small bit of work reduction adds up quickly.  Subnet masks allow routers to look at only the layer three network address, ignoring the host portion.  This takes advantage of IPs inherent hierarchical addressing system and speeds the process of routing to the proper destination.

Another way to look at it:

IPv4 subnet chart
IPv4 subnet chart, click for .pdf version

There are three IPv4 address ranges set aside for private (internal) use:

  • 192.168.0.0 to 192.168.255.255 /16
  • 172.16.0.0 to 172.31.255.255 /12
  • 10.0.0.0 to 10.255.255.255 /8

Thus, very large networks can use an internal IP address scheme in the 10.0.0.0 range and have up to 16,777,216 hosts, or 224 addresses minus two, one for the network line address and one for the broadcast address.  That would be one giant network clogged with ARP requests, ICMP packets and other miscellaneous multicast messages. A notation of /16 means that 16 bits are used for the network address, the remaining address bits are host bits.  A /24 network has 24 network bits and 8 host bits making the available hosts 254.

An example of an efficient network would be a medium market operation with six radio station under one roof.  This facility has ten studios and a news room using AOIP consoles, a VOIP phone system, an automation system, an office network with an internal file server and exchange server.  The number of required hosts on each subnetwork is

  • Office network, servers and wireless hosts: 78
  • VOIP phone system: 70
  • AOIP consoles and nodes: 30
  • Broadcast automation system: 22

Given IP address: 172.19.0.0 /22

In most instances, office networks are usually installed on one class C segment, that is to say, the network mask is 255.255.255.0.  However, in the example above, 254 hosts are not needed on the office network, thus it can be divided in half using the subnet mask of 255.255.255.128, leaving the other half for the VOIP phone system.  This subnetting scheme would leave 126 hosts on the office network and 126 hosts on the VOIP network.  The AOIP console and broadcast automation system can be placed on another class C segment, using the subnet mask of 255.255.255.192, which would give each subnet 62 hosts.  All subnets would have room to expand.  Each subnet is isolated from the others by a router.  The office subnet contains the gateway to the internet, usually .1 or .126 (first or last) IP address.

That would look something like this:

Office network
Line address First available Last available Broadcast Subnet mask
172.19.0.0 172.19.0.1 172.19.0.126 172.19.0.127 255.255.255.128
VOIP phone system
Line address First available Last available Broadcast Subnet mask
172.19.0.128 172.19.0.129 172.19.0.254 172.19.0.255 255.255.255.128
AOIP consoles and nodes
Line address First available Last available Broadcast Subnet mask
172.19.1.0 172.19.1.1 172.19.1.62 172.19.1.63 255.255.255.192
Broadcast Automation system
Line address First available Last available Broadcast Subnet mask
172.19.1.64 172.19.1.65 172.19.1.126 172.19.1.127 255.255.255.192

That keeps the network segments small but has room to grow.  This is a diagram of a converged network:

Radio Broadcast Facility converged network
Radio Broadcast Facility converged network

With a setup like this, reliability is the key to a happy life. The router should be a good Cisco product with four or more Fast Ethernet ports. A second way to do this would be to have four routers plugged into a distribution switch and use OSPF to route between subnetworks. The switches should also be a good Cisco product, which can take advantage of port security options and QoS on the VOIP and AOIP segments.  VOIP systems usually require Power over Ethernet (POE) ports, thus that switch can be specialized for that purpose.

Many AOIP systems want to see Gigabit switches or at least Fast Ethernet switches with Gigabit or better back planes.  Any AOIP STL system can be connected to the AOIP network along with other things like AOIP remote broadcast and studio telephone solutions.

Many WLAN access points can be configured as a network router and DHCP server for wireless hosts.

The largest users of the public (i.e. internet) network would be the VOIP phone system and office network.  The broadcast automation network may also be a if voice tracking or other program delivery over WAN is used.

Nanobridge M5 wireless LAN link, Part II

After a bit of delay, we were able to return to the WICC transmitter site to install the Wireless LAN link.  The installation was pretty straight forward.  The studio unit was mounted on an existing STL tower on the top of the elevator room, the transmitter unit was mounted on an existing pipe on the roof of the transmitter building.

M5 Nanobridge mounted on transmitter building with radome
M5 Nanobridge mounted on transmitter building with RADOME

I included RADOMEs for a couple of reasons; first, there is a lot of critters around of the two legged and winged kind. The upright two legged critters may be attracted to the signal strength lights at night. This unwanted attention could invite the juvenile delinquents bored teenagers to throw various objects found laying around on the ground at the antenna, damaging it.  The winged type critter may be inclined to view the feed horn as a good nesting location. The other reason is this site gets a lot of rain, wind, ice and snow, therefore the RADOMEs afford some protection against the weather.

Aiming the antennas was pretty straight forward, but requires at least two people.  Using landmarks, we aligned the dishes in the general direction of each other.  Both ends of the system were turned on and we had a -89 dBm signal path, and somewhat surprisingly, the radios linked up and my laptop grabbed an IP address via DHCP.  Using the signal strength meter on the side of the antenna, each dish was peaked in turn:

M5 Nanobridge Antenna signal strength meter
M5 Nanobridge Antenna signal strength meter

Then, somebody on either end went below and looked at the signal strength screen on the web interface while the other end was peaked.  In the end, we had about -65 dBm signal strength, which is somewhat less than the -58 dBm predicted.  I think we can do better, so on the next clear day, I am going to peak the signal again.

The data rate initially reported was over 100 MBPS, however, once I started transferring files back and forth, that dropped to about 50 MBPS.  If it is raining, that rate drops to about 35 MBPS, which is still far above what we need this link to do.  As a test, I streamed a youtube video, downloaded a windows update, loaded several web pages and checked my email simultaneously.  There where no issues with the data rate while those tasks were being preformed.

It is quite amazing to me that these little inexpensive radios can work so well.  My boss thinks that they will be blown up by lightning during the first thunderstorm of the season.  I don’t know.  There are several of these units that have been installed at mountain top tower sites and have been working for several years without issue.

Next step, installing the IP cameras and warning signs on the fence, setting up the monitoring software, etc.

Transmitter site security cameras
Transmitter site security cameras

Cameras mounted on old chimney platform.  This is the first set of cameras covering the south, north and west approaches.  A fourth camera will be mounted on the back of the building covering the east approach.  Then, under the eves cameras will be mounted on all four corners of the building and the generator shed.  If anything moves, it will be recorded.

The neighborhood Mesh Network

Wireless IP Ethernet (802.11) technology has been around for a while.  Many know it as “WIFI” but you could also call it “WLAN” or something similar.  Like many other Ethernet technologies, WLAN relies on a spoke and hub connection system.  The hub being the wireless access point or router and the individual hosts (PC’s, tables, phones, etc) being the end point for each connection.  In a wired network, it is usually some type of switch that forms the center of the network data distribution system.

With a wireless mesh network or ad hoc network (802.11s), each wireless device can connect to any other wireless device within range.  In this type of peer to peer network, there is no central access point, although something can act as an internet gateway or there can be several gateways.    This type of topology functions much like the public network (AKA the internet), where there are many different paths to any one (major) destination.  If any one of those paths goes down, another route is quickly found.

This technology was developed by several vendors for military communications systems and for OLPC (One Laptop Per Child) programs in Africa and other places.    Each link acts to extend the boundaries of the network, thus the more users there are, the more useful the network becomes.

Wireless Mesh Network diagram
Wireless Mesh Network diagram

Advantages of mesh networking:

  • Networks are self forming; once the nodes are configured and can see other network nodes, the the network automatically forms
  • Networks are self healing; if one node drops off line, traffic is automatically routed to other nodes.  If the node comes back up, it is included back into the network
  • High fault tolerance; in areas where many nodes exist and can see each other, the failure of any single node does not effect the rest of the network
  • Low cost to deploy; mesh networks use standard off the shelf WLAN (802.11) devices.  Choice of software will dictate which hardware will work the best
  • Crowd sourced infrastructure; as each network node is owned by an individual, the cost and responsibility is shared among the community

Several specific routing protocols have been developed for the network side of the system.  Hazy Sighted Link State Routing Protocol (HSLS), BATMAN, OLSR  HWMP and others. These work well with the existing 802.11 a/b/g wireless network hardware currently available.

On the host side, a good IBSS capable wireless network adapter is needed, which many of the newer ones are.  Several of the software programs have lists of WLAN adapters that work with their software.  Open Garden is a free App for Windows, Mac OSX, Android, and they are working on an iOS version.  This leaves out certain devices like tablets and iPhones for now.

Since existing wireless adapter drivers do not yet support mesh networking, usually an additional piece of software is needed.  There are several interesting ones, including HSMM-MESH, which was developed by Amateur Radio operators.  Open source programs for Linux, Free BSD and other are available as well as commercial versions for Windows.

I was thinking that this might be useful for broadcast applications.  For obvious reasons, this type of system would work best in densely populated urban and suburban areas, which is exactly the type of area that LPFM licenses might be hard to come by.  For those who do not have the time or wherewithal to apply for an LPFM license, or for those that simply don’t get a license due to scarcity of available channels, this could be a great way to cover a neighborhood or section of a city.  The more people that participate in the mesh network, the stronger the network becomes.  Additionally, by using FCC type accepted part 15 FM and AM transmitters as broadcast nodes, carrier current transmitters and leaky coax systems, the presence of the mesh network can be advertized to potential listeners, including directions on how to take part.

Wireless mesh network example
Wireless mesh network example, courtesy of Meraka Institute

Wireless LAN bridges or broadband internet connections can act as a backbone between distant nodes.

For bandwidth efficiency sake, AOIP services should be limited to multicast addresses.

A good site with more wireless mesh network information is http://wirelessafrica.meraka.org.za/

Two sub-reddits on the subject: /r/meshnet and /r/darknetplan

Then there is project meshnet and the project meshnet wiki

Oh, by the way, go ahead and ask me what I have been learning about in school these days…

Ubiquiti Nanobridge M5 IP radio

I am in the process of installing a pair of the Nanobridge M5 units as an IP network link between a transmitter site and the studio location. The path is relatively short, about 1.5 miles over mostly water.  The main reason for this is to replace the analog phone lines used for remote control data and backup programming delivery to the transmitter site.  One added benefit, we are also installing several  IP cameras to keep an eye on the place.  We purchased the Nanobridge system for $80.00 per side.  The price is pretty good, but the configuration and testing is a bit intensive.

Network diagram
Network Diagram

There are many versions of these spread spectrum radios, some are licensed, some are license free.  These are inexpensive, license free links that I would count on for short paths or use in non-congested areas.  In congested areas, licensed (Part 101) links should be used, especially for critical infrastructure like STLs.

Since I dreamed up this idea, I figured I should make sure it is going to work before recommending it to the powers that be.  I have learned the hard way, almost nothing is worse than a failed project with your name on it.  Better to over study something than to go off half cocked, spend a bunch of money, then realize the idea was flawed from the start.  See also: Success has a thousand mothers but failure is an orphan.

Nanobrige path study, 5.8 GHz
Nanobrige path study, 5.8 GHz, moderate noise floor, 1.5 miles

Looks pretty good.  300 MB/s bi-directional which is faster than the Ethernet port on the unit.  This will be set up in bridge mode with pretty robust encryption.  The transmitter site side is configured in the router mode, creating a second class A network at the remote site.

Nanobridge M5 22 dBi antenna
Nanobridge M5 22 dBi antenna

Next step, configuring the units.  The Nanobridge units were set up in a back to back configuration in the engineering room.  Each end comes with a default IP address of 192.168.1.20.  The units were several steps behind the latest firmware version, therefore the firmware was upgraded first.  The default admin user, password, and IP addresses were changed.  There is no greater security risk than default user and password.  The wireless security feature is enabled using WPA2-AES PSK and a greater than 192 bit access code.  The unit allows for any access code length up to 256 bits.  With a key of between 192 and 256 bits, the number of possible solutions is between 6.2771 E 57 and 1.1579 E 77, which should be pretty hard to crack.  By way of reference, a 192 bit password has 24 ASCII characters and a 256 bit password has 32 ACSII characters.

Air OS main screen
Air OS main screen

The system requires an access point, which is configured for the studio side making the transmitter site stub network the station side.  The access point is configured not to advertize its SSID, thus it should be transparent to anyone sniffing around.  The WLAN is configured as a layer two bridge, which will cut down on the data overhead, as layer three framing will not need to be opened between the two units.  The transmitter site network is set up with SOHO router function built into the Nanobridge.  One static route is needed to get to the main network.  Once the security cameras are installed, PAT may need to be used to access individual camera units via the public network.

Ubiquity air os signal strength screen
Ubiquity air os signal strength screen

Next step, deploy the units and aligning antennas.  These are 22 dBi gain antennas, which have a pretty tight beam width.  Maximum transmit power is 23 dBm, or 200 mW.  The transceiver/antenna unit has a handy signal strength meter on the side of the unit, which is good for rough in.  The web interface has a more precise meter.  In addition to that, there is a java based spectrum analyzer, which is very handy for finding open channels in congested areas.  These units can also be used on UNii frequencies with special requirements.

According to the manufacture, UV resistant shielded Category 5e cable should be used for outdoor installations.  We have several spools of Belden 1300A, which fits the bill.  The shielded Cat 5 is necessary for lightning protection as the cable shield offers a ground path for the antenna unit.  The antenna mounting structure is also grounded.  I did not take the equipment apart to examine, but I believe the POE injector and antenna have 15KV TVSS diodes across all conductors.  It will be interesting to see how these units do at the transmitter site, where there are two 300 foot towers which likely get struck by lightning often.

More pictures of the installation when it is completed.

Next step, put the system into service and monitor the link.  At the transmitter site, a re-purposed 10/100 Ethernet switch will be installed for the cameras, computer, IP-RS232 converter and anything else that may need to be added in the future.  One thing we may try is an Audio of IP (AoIP) bridge like a Barix or Tieline for program audio and room audio.