EFTA00821393.pdf

From: Richard Kahn To: "Jeffrey E." <[email protected]> Subject: Fwd: Wireless and Wired network information and proposals. Date: Thu, 26 Apr 2018 20:05:18 +0000 i know project is on hold but attached is james summary of 71st wifi and Al's quote Richard Kahn HBRK Associates Inc. Begin forwarded message: From: james I personal genius Subject: Re: Wireless and Wired network information and proposals. Date: April 26, 2018 at 3:56:37 PM EDT To: Richard Kahn Hi, I had a chance to digest this info a bit more and think I can make my response more clear and concise: There are three pieces to this proposal: I. Replacing the firewall. 2. Adding additional ethernet lines to the 3rd and/or 4th floor. 3. Replacing the mixture of Apple AirPort Extreme and Eero wireless access points with Ruckus indoor access points. First, the firewall. As I noted in my previous email, we have an existing firewall that is a full feature match for the replacement Dell Sonicwall he suggests. The configuration changes he suggests are conscious decisions to support JEE's requested preferences: • Communication between the security VLAN & WiFi VLAN is enabled for WiFi clients to view front door camera • Firewall packet filtering is disabled to improve Internet performance and to enable WiFi calling (so AT&T iPhones work inside the house). EFTA00821393 I recommend keeping the existingfirewall setup. Second, adding additional ethernet lines. • Additional ethernet lines will HAVE to be added to enable reliable coverage in the back (north) half of the third floor. If he knows of unused conduits for that, GREAT. We should definitely do that. • The fourth floor is used as a Gym (the front / south half) and as 2 guest apartments in the back (north) half. There are existing "homerun" ethernet lines in all three locations, so rewiring the 4th floor should NOT be necessary purely for coverage — all used areas of the 4th floor are blanketed by existing WiFi. • The first and second floors, have a WiFi dead zone near the main stair case as none of the 4 existing ethernet lines (dining room, kitchen, Oval Office, security office) on the first floor, or the two existing lines (library and office) on the second floor reach it. There's also a dead zone behind the library in the secret meeting room & service kitchen on the second floor, but those rooms are mostly unused and there is an existing data line in the secret meeting room. • As noted, the cellar has a fake drop ceiling, so running additional ethernet lines to fill any dead zones on that floor is trivial. All of these options address COVERAGE only — which IS the most pressing issue. >> My recommendation for a ground-up rewire is based on coverage efficiency and future-proofing connection speeds and reliability. • The existing wiring was originally planned and installed pre-WiFi, so the ethernet ports are located where desktop computers were expected to be used (which is why there is nothing in the back half of 3rd, and the 6th floor was wired as an afterthought). • WiFi access points broadcast radio signals that are most efficiently placed in the center of areas to be covered; currently half of the signal from the WAPs on 1 & 3 broadcast out onto the street, and not into the interior of those floors where they're needed. So we've got over 20 WAPs for an area that could be covered by 2/3rds of that. • The oldest wires are CAT5 at best, and are likely to be deteriorating. During the eero debacle I found some truly frightening things — wires that were split into multiple connections, multiple wires hacked together to form single lines and some wires that had casings crumbling in my hands. o CAT5 & CAT5e wires are unshielded and given to "crosstalk" interference, which is a big problem with streaming. Even if speed tests rate a connection at 200 Mbps, crosstalk will cause glitchy EFTA00821394  video streaming (watching movies and Skype/facetime). o Sending power over ethernet signals over old wiring may expedite their deterioration. If single wires within an 8-strand ethernet cable break, it's near impossible to find. o I Gbps WAN (intemet) connections are common, the current wires will NOT support it. o Smart home devices are the fastest growing tech segment and they rely on solid Internet connections. o The existing phone system will be replaced at some point. almost certainly with a standardized VoiP system. o Security cameras can utilize ethernet cables instead of the proprietary video cables. o We have an opportunity to design an efficient, unified ethernet backbone that will scale up and support a wide range of technologies going forward. BUT, a full ground-up rewire is disruptive; I fully understand why we'd want to avoid it if at all possible. I recommend EITHER running wires as needed on three & cellar (Al's proposal), and possibly adding an additional line in the service corridor on 1, OR a full ground up rewirefor all data, phone and camera lines with CAT6A ethernet. Finally, Wireless Access Point replacement. The biggest argument for replacing Apple AirPort basestations with Ruckus systems is that the Ruckus WAPs can be "tuned" to minimize a single access point from broadcasting over another. The user-facing effect of that double broadcast are "roaming" issues — which is why Al focuses on that problem. But as I said, roaming issues aren't a big problem at the house - coverage is. Further, that "tuning" works by turning down the broadcast strength of one WAP so it doesn't reach as far, which reduces it's broadcast reach in ALL directions. So, if the WAP at Lesley's desk is talking over the WAP at Merwin's desk, you turn them down so they each reach halfway into the hall. The problem becomes then, that neither reach as far to the north (the stair case area) and you've made that dead zone much worse. I worry that replacing the Apple WAPs with Ruckus, is a "solution in search of a problem" rather than the other way around. I haven't seen any issues with the current WiFi setup that aren't directly attributable to the wiring voids discussed above. EFTA00821395 I'm sure Ruckus will provide great service, I'm just not sure that it will functionally provide any better service than adding the wires on 3 & deploying a couple more AirPorts would. If we don't want to do afull ground-up rewire, I recommend adding the lines on three and try deploying a couple more AirPorts at them, before doing afullRuckus replacement (worst case scenario, the AirPorts don't work (wasted a couple hundred bucks) and we deploy the Ruckus as originally intended. Thank you, James Ce your Personal Genius Certified Support Professional 10.6 Intpliversonalgenius.co On Apr 24, 2018, at 2:26 PM, james I personal genius < wrote: Firewall. The current firewall (Cisco RV325 router) has a segmented VLAN that separates the security system from the wireless network. It could easily be fortified to restrict communication from the WiFi network to it, but would disable viewing the front door camera from iPhones on the WiFi network. Further segmentation (guest network/private network, etc.) is undesirable. JEE expects his devices to see all of the connected devices (speakers, Apple TV, printers, etc.) on the network and the number of connected devices in this category is probably going to expand exponentially as more "Internet of Things"/ "Connected Home" devices are released in the coming years. Guest networks require everyone to remember two separate network credentials (one for them and one to give out), and degrade wireless performance by segregating the network frequencies. Currently, we have the firewall functions — filtering incoming & outgoing traffic — disabled at JEE's request (what he calls "jumping the firewall"). The packet inspection necessary in firewall functionality slows traffic. It also blocks WiFi calling, which since there is no AT&T signal penetration in much the house, basically disables all the iPhones. I strongly recommend keeping the existing firewall setup. WiFi performance evaluation. This proposal greatly overstates roaming issues. Roaming is when a device moves from one part of the home to another and switches the access point it is speaking to. Devices will search for a closer access point when their connection to the current WAP drops below their programmed threshold, so if you still have a weak signal to WAP#I, you may still be talking to it even if you've moved closer to WAP#2. *IP the connection hasn't quite dropped below the threshold needed to start searching, you may have very slow intemet connections. Since searching for WAPs uses a lot of power, different devices will set the threshold higher or lower to save power. It's only an issue on the first floor, as people move front to back often: your iPhone might still be talking to the WAP in Lesley's office for the first couple minutes of being in the dining room, until it detects the problem and searches for the dining room WAP. EFTA00821396 Otherwise, people are moving from 1st floor to 3rd or 6th floors, which provide hard breaks from the previous access point, so their phones search for a closer WAP as soon as they step off the elevator. NOBODY complains to me about this at the house. They complain about WiFi dead zones (by the stairs on 1st floor, poor performance in the back of the 3rd floor, in the hallway & laundry room of the cellar). There are two wireless networks because the third floor still has eero — which was* the only consumer method of railroad-style relaying WiFi to the back of the floor. He is talking about rewiring at least the third floor. If only the back of the third floor was wired, AirPort Extremes could provide full coverage on the floor. The results of his signal tests of the Ruckus indicate they have similar range to the current Apple AirPort Extremes — which explains why he's quoting a 1 for 1 replacement of the AirPorts with Ruckus WAPs. Ubiquity Unifi (enterprise WAPs) advertise much greater range; Netgear Orbi (consumer WAPs) have about 2x the range of the AirPort extremes. The effective distinction between enterprise & consumer WAPs is that enterprise systems require manual tuning of signal broadcast strength to prevent two WAPs from talking over each other and causing roaming issues. His tests showing 200 Mbps is the full speed of the current Spectrum intemet service the house. This is better than CATS wiring should be getting. Apple AirPort Extremes will push up to —900 Mbps (several of my clients have already upgraded to gigabit / 1000 Mbps fiber intemet connections). I have some concern that we're installing a WiFi system that can only utilize a fraction of that speed. This section is a muddied conflation of different, unrelated technologies. Future Recommendations Standards for extremely fast 1Gbps WiFi have not been finalized. There are several devices like Verizon routers combining multiple RF bands to increase throughput but this method of increasing throughput will have a negative effect on coverage and multiple users. Standards for WiFi access points capable of 1Gbps have not been finalized but our research is indicating dual CAT6A cabling with multiple NIK cards working in tandem. Should this be the adopted standard then the upgrade path to rewire becomes that much more involved. Taking all of this information into consideration it is my suggestion to either wait for the 1Gbps standard to be finalized and wire accordingly, or proceed with the dual CAT6A wiring in the anticipation of that standard. Installing new wiring at this point will certainly help with coverage and roaming. The increased throughput may not be noticeable. The current WiFi standard (802.11ax) that exceeds 1Gbps is not finalized, this is true. But the current 802.11ac standard goes to 1067 Mbps, which *IS* gigabit. In practical implementation, Apple gets to 900 Mbps in real the world. (Ubiquity UniFi WAPs *CAN* match Apple's performance, by disabling the guest networks and using 80 Mhz frequencies.) EFTA00821397 Apple achieves this speed by "beam-forming" multiple-in-multiple-out (MIMO) connections to the router, which could have theoretical negative impact on multiple user scenarios, BUT each wireless channel supports up to 26 simultaneous connections. Even if every device fully utilized all four MIMO connections, EACH wireless access point could still support 6 devices communicating full speed at the same time, before the subsequent devices would be demoted to the slower radio(s). In other words, in orderfor that to be afactor, the boss would have to 6 devices streaming 8K video at the same time, right next to each other (because they all have to be talking to the same access point, otherparts ofthe network are unaffected) and still wouldn't see any issues until the 7th device tried to join. Where there *will* be issues is that the 80Mhz band has much shorter range than the more common 20 & 40 Mhz bands. Higher band = faster connection but shorter range. ALSO, this whole discussion ONLY affects the wireless access points we choose to deploy. It does not impact wiring. We'll have to upgrade the Access Points within the next couple years no matter what vendor we implement - the technology is improving constantly. This is irrelevant to the wiring standards. • CATS is rated to 100Mbps, • CAT5E & CAT6 do 1000Mbps (aka gigabit), • CAT6A & CAT7 do 10000 Mbps (10 Gigabit aka "IOGBE"). These standards are quite established and settled. I have existing client networks running 10GBE wired data networks over single CAT6A wiring. Dual CAT6A could theoretically get you 20GBE... but at thatpoint you should be runningfiber optic cables instead to be cheapen MUCH easier to work with and give you higher bandwidth). NO ONEIS WIRING DUAL CAT6A. Gigabit Fiber intemet — 1000 Mbps speed connection to the intemet — is quite prevalent is the areas of NYC that are Fiber-enabled. Several vendor are offering multiple-gigabit fiber intemet options that *can* utilize multiple NICs (network interface cards), but gigabit fiber is a COMMON single NIC setup. The reason multiple NICs are employed is not because of unsettled standards, it's because 10GBE NICs are 10x the cost of 1Gbps NICs.... Which really is the only reason 10GBE networks aren't more common. Wiring. The Ruckus systems are POE (power over ethernet), which is why he needs a new switch. I worry that the existing wiring won't support it. Costs. • The itemized estimate doesn't itemize any of the costs. • The Ruckus "licenses" are recurring (annually?). • His labor estimates are "optimistic", considering the age of some of the existing wiring. • The estimated cost for wiring itself is too low — CAT6A is around $1/foot. A single run to the back of the 3rd floor will be >150 foot alone. EFTA00821398 Privacy. We should have a clear statement on what information their monitoring system will expose. Thank you, James Ce your Personal Genius ❑ Certified Support Professional 10.6 Intplipersonalgenius.c6 On Apr 24, 2018, at 11:49 AM, Richard Kahn < > wrote: attached is proposal for Ruckus system that jee requested along with Al memos can you please review and comment thank you Richard Kahn HBRK Associates Inc Begin forwarded message: From: Al Buonanno Subject: Wireless and Wired network information and proposals. Date: April 24, 2018 at 11:40:52 AM EDT To: Richard Kahn < Hello Rich, Please find attached documentation as requested. I am available by cell phone should you need any assistance. Thank you. Regards, Al Original Message From: Richard Kahn [mailto: Sent: Tuesday, April 24, 2018 10:57 AM To: Al Buonanno Subject: Re: EFTA00821399 ok Richard Kahn HBRK Associates Inc. On Apr 24, 2018, at 10:47 AM, Al Buonanno < > wrote: Sending documentation before noon. On Apr 23, 2018, at 6:07 PM, Richard Kahn <1 > wrote: reminder to send writeup as i will be meeting with boss tomorrow at 2pm thanks Richard Kahn HBRK Associates Inc. On Apr 20, 2018, at 2:14 PM, Al Buonanno < > wrote: Sony busy catchup day. I am available to speak. Original Message From: Richard Kahn [mailto I Sent: Friday, April 20, 2018 12:13 PM To: Al Buonanno Subject: Re: free now if that works for you thanks Richard Kahn EFTA00821400 HBRK Associates Inc On Apr 20, 2018, at 10:38 AM, Al Buonanno • > wrote: After 12PM Original Message From: Richard Kahn [mailto Sent: Friday, April 20, 2018 9:19 AM To: Al Buonanno Subject: Re: what time are you free to talk today? Richard Kahn HBRK Associates Inc. On Apr 19, 2018, at 3:34 PM, Al Buonanno < > wrote: Went well. Yes tomorrow is good. On Apr 19, 2018, at 3:24 PM, Richard Kahn < > wrote: how did visit go? can we discuss tomorrow? thanks Richard Kahn EFTA00821401  tel fa ce <18041O_Data_Wiring_Findings.pdf> <180423_WiFi deployment findings and solutions.pdf> <180423rf Epstein_Wireless_Budget.pdf> <180423rf Epstein_Wired_Budget.pdf> EFTA00821402