hoakley Macs, Technology

Network hardware – shifting packets

Can you tell a router from a switch, do you know the MAC of your Mac, and what is the difference between IEEE 802.11b and g?

The most basic network – a Mac or two, printer, and modem-router – is easy to configure and comprehend. Whether over Ethernet cables or radio connections, the Macs send data packets (Ethernet ‘frames’) to the router within the modem-router. It inspects the destination IP address of each packet: if it is on the local subnet, it routes the packet out to the other Mac or printer as appropriate; if the address is outside the local subnet, it routes it out through the modem and thus the great wide Internet beyond.

In reality this is a little more fundamental, as Ethernet frames do not use IP addresses such as 192.168.0.1, but the unique hardware Media Access Code (MAC) address built into every network interface, such as an Ethernet port or Airport transceiver. Look in System Information, under the Network section, and you might find that your Mac’s built-in Ethernet port has a MAC address of a8:20:66:10:89:ab, for instance.

Connecting

A slightly larger and more complex network might have two clusters of Macs, printers, and other devices, each centred on a hub or switch. Hubs are the more basic, and simply broadcast all received frames to all connected devices, sharing out the available bandwidth between them.

A switch is smarter, as it knows where each device – identified by its MAC address – is, and sends received frames to the right port and on that device, giving as much bandwidth as it can to each. It is therefore likely to achieve higher transfer speeds than a simple hub. The best configuration is therefore to hook each cluster of devices up to a local switch, then connect the two switches.

Bridges are even more sophisticated at handling frames with different addresses, and can be used to join up two or more subnets, perhaps in different buildings. If you had 300 Macs to connect, for example, you could not do so on a single subnet, which is limited to around 255 devices, each with its own IP address, such as 192.168.0.0 to 192.168.0.254 (reserving 192.168.0.255 for broadcasting).

You could run one subnet using those IP addresses, and the other using 192.168.1.0 to 192.168.1.254. The device that would then route between those subnets is a bridge, which is similar to the router found most commonly in combination with a modem, to connect a local network with the Internet.

Protecting

Firewalls are most often implemented in software within a modem-router (or router alone), but more sophisticated devices suitable for larger networks can be standalone appliances. They inspect each packet passing through them, applying specified rules to their transmission. They can, for example, filter out all packets trying to initiate a connection from the Internet, or block the use of specific ports.

Modem-routers, firewalls, and other network devices can include support for other schemes, such as Virtual Private Networking (VPN), Network Address Translation (NAT), and of course the assignment of IP addresses on a local network using DHCP.

When we change to IPv6 addressing, there will no longer be the same need for local IP subnet addresses such as 192.168.0.1, as the IPv6 address space is so large that every connected device can have its own IPv6 address (much as network ports have a unique MAC address). However you can still opt to use local subnets, and IPv6 compatible network hardware will happily route within a private network if you wish.

When you use IPv6 rather than IPv4, all your network hardware needs to be compatible with IPv6: hubs should still work fine as they only broadcast, but switches and routers may need to be replaced.

Wireless

Wired Ethernet connections run at the fastest speed that each Ethernet port and the cabling can accept. Wireless (Airport, WiFi) connections are more complex, as they may employ different standards, radio frequencies and channels.

Wireless networking systems are centred on the IEEE 802.11 family of standards. The first to be widely available, 802.11b, was introduced in 1999, uses the 2.4 GHz radio band, and peaks at a raw data speed of 11 Mbits/s, around a tenth the speed of vanilla wired Ethernet (100 Mbits/s).

About This Mac's System Report will show you which wireless protocols your Mac supports.
About This Mac’s System Report will show you which wireless protocols your Mac supports.

Introduced in 2003, 802.11g is the current baseline standard, still using 2.4 GHz radio, but attaining five times the speed of 802.11b (54 Mbits/s raw). Aim if you can to meet 802.11n, introduced in 2009, as it can support four streams at up to 600 Mbits/s, performing midway between vanilla 100 Mbits/s and 1 Gbits/s wired Ethernet. Incoming standards include 802.11ac and 802.11ad which are even faster. To find out which your Mac supports, they are detailed in System Information.

Set a WiFi router to a minimum of WPA2 security, or you risk intrusion.
Set a WiFi router to a minimum of WPA2 security, or you risk intrusion.

These are quite separate from the wireless security standards WEP (Wired Equivalent Privacy, now hopelessly inadequate) and WiFi Protected Access (WPA, also WPA2), which determine the encryption applied to data transferred by WiFi, authentication, and whether connections are limited to devices with specific MAC addresses. As an absolute minimum you should use WPA2 security on all WiFi systems now, with a long and robust password.

Updated from the original, which was first published in MacUser volume 30 issue 04, 2014.