|
Navas Cable Modem/DSL Tuning GuideTM |
|
Cable Modem and DSL (e.g., ADSL, G.lite, IDSL, SDSL) tips on increasing speed, enhancing security, fixing problems, sharing a connection, and more.
Copyright 1999-2017 The Navas
GroupSM, All Rights
Reserved.
Permission is granted to copy for private non-commercial
use only.
Posted as <http://cable-dsl.navasgroup.com/>.
A: The only Windows 95/98/Me/NT/2000/XP network setting that has any real effect on DSL or Cable Modem speed is the TCP Receive Window size, which can be controlled with the following Registry settings:
Everything else commonly recommended (e.g., TTL) are urban myths that won't help.
To modify your TCP Receive Window size, use one of the following two methods:
Method
1
Save the appropriate four (4) lines of text below to your Desktop in the file name indicated (or just click the accompanying link while holding down the Shift key to download the file), and then double-click on the resulting file to add the setting into your Registry. However, this does not clean out any dial-up modem "tweaks" that might interfere with Cable Modem/DSL speed -- if you need to do that, use Method 2 (preferred). | |||
Normal Latency* (e.g., normal DSL or 2-way cable) 32K Window |
Windows 95/98/Me
TCPRW32K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP] |
Removal** TCPRWundo.inf |
Windows NT
NTTCP32K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] |
Removal** NTTCPundo.inf |
|
Windows 2000/XP
2KTCP32K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] |
Removal** 2KTCPundo.inf |
|
High latency* (e.g., poor DSL or 1-way cable) 63K Window |
Windows 95/98/Me
TCPRW64K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP] |
Removal** TCPRWundo.inf |
Windows NT
NTTCP64K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] |
Removal** NTTCPundo.inf |
|
Windows 2000/XP
2KTCP64K.REG |
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] |
Removal** 2KTCPundo.inf |
* Latency: Check latency with 'ping' (or 'traceroute') to a number of distant hosts and use the highest typical value. (See Important Note below under "Latency") Reasonable rough rules of thumb are that low latency is below 100 ms, and high latency is above 200 ms (with normal latency in the middle).
** Removal: INF files are provided that will automatically remove these Registry entries, restoring default behavior. Click the link to start the download; save the INF file to your desktop; right-click on it, and then choose Install to run it. The INF file can then be discarded. Reboot your system for the change to take effect.
Notes:
As an alternative to the fixed Registry settings in Method 1 above, a single Windows 95/98/NT script provides not only an adjustable TCP Receive Window size, but also the ICS fix (see Q230116 "Slow Transfer Rates with ICS and High-Bandwidth Devices") and the ability to clean out any dial-up modem "tweaks" that might interfere with Cable Modem/DSL speed (see Important Note below under "MTU"). To run this script you must have Windows Script Host/Windows Script 5.0 or higher installed. (If it is installed, you will have WSCRIPT.EXE in the WINDOWS directory with a version number of 5 or greater.) Click while holding down the Shift key to download set_rwin.vbs. (1.20 is the current version number. If you have problems downloading the vbs file, a zipped version is also available for download as set_rwin.zip; you must unzip the file with a utility like WinZip after downloading.) Save the downloaded file to your Desktop (and unzip if zipped); then double-click to run it. If the script does not run correctly, your Registry may be corrupted; try downloading and reinstalling Windows Script Host. (Report problems to John Navas.) This script can also be used to restore all settings to default values (i.e., to remove the Receive Window tweak). |
Windows Vista has a new feature called Receive Window Auto-Tuning that is supposed to adjust the TCP Receive Window size automatically. While it works properly much of the time, it can cause problems in some situations:
To resolve problems with Receive Window Auto-Tuning in Windows Vista:
Caveat: The following information has not been tested by this author. USE AT YOUR OWN RISK.
TCP Receive Window can be adjusted with the "tcp_rwin_mss_multiplier" setting of the OT Advanced Tuner from Sustainable Softworks. This author suggests a starting value of 20. You may need to experiment to find your own optimum setting(s). For more information, see:
Note: This author has no connection to Sustainable Softworks.
TCP is a packet-based protocol where data is transmitted in variable-sized blocks, typically with a maximum size of 500-1500 characters (usually 1500 characters for Cable Modem or DSL). Two important characteristics of the TCP protocol:
As an example, consider the case of downloading a file at 100 kilobytes per second from a remote server over a Cable Modem or DSL connection. The default TCP Receive Window of about 8K bytes will be consumed in only about 80 milliseconds, which is often less than the round-trip latency on the Internet. At this point the sender has to stop sending until an acknowledgment that data was received comes back from the receiver. With a TCP Receive Window of 32K bytes, the sender can continue for as long as 325 milliseconds without an acknowledgment, which should permit uninterrupted data flow even when latency is 100-200 milliseconds or more. (With a TCP Receive Window of 63K bytes, the sender can continue for as long as 650 milliseconds.)
See animations in TCP Receive Window Illustration.
The following table can be used to determine the minimum TCP Receive Window size needed for given (1) downlink speed (see "How to check your connection speed") and (2) latency:
Minimum TCP Receive Window Needed |
||||||
|
||||||
Downlink speed in kilobits per second |
||||||
500 | 1000 | 1500 | 2000 | 2500 | ||
Latency |
50 | 2K | 5K | 7K | 10K | 12K |
100 | 5K | 10K | 15K | 20K | 24K | |
150 | 7K | 15K | 22K | 29K | 37K | |
200 | 10K | 20K | 29K | 39K | 49K | |
250 | 12K | 24K | 37K | 49K | 61K | |
Windows 95/98/NT default |
8K |
|||||
Windows Me/2000/XP default |
16K |
|||||
32-63K |
This TCP Receive Window tweak is needed because Windows 95/98/Me/NT/2000/XP do not do a proper job of automatically adjusting the TCP Receive Window size to accommodate different network speeds and latencies. (Other operating systems may do a better job and not need this kind of tweaking; in this author's tests, for example, Red Hat Linux 6.0 performed as well without tweaking as Windows 98 with tweaking, even though Linux was running on much slower hardware.)
Latency and packet loss can be measured with the 'ping' command. Open a Command window and type "ping remotesite" where remotesite is the domain name or IP address of the remote server (e.g., "ping www.yahoo.com"). For more information, see "How to find out what's slowing you down".
In basic terms, latency is the time needed for a round trip over the Internet between two points (e.g., your computer and remote host). Latency is usually not a problem with a proper TCP Receive Window (see "Why TCP Receive Window matters"), but high latency can adversely affect interactive applications such as on-line real-time gaming. High latency is usually caused by Internet routing and/or congestion issues. There's usually not much you can do about such issues other than complaining or even switching service providers. However, if your latency is is higher due to "interleaved mode" then it may be possible to get some improvement. See "What is 'Interleaved Mode?'"
Data is transmitted over the Internet in blocks known as packets. Packets usually reach their destination, but may be lost due to such things as network congestion. When a packet is lost, it takes a significant amount of time for: the receiver to notice that a packet has been lost; the receiver to notify the sender to resend the lost packet; and packet(s) to be retransmitted. Ideally zero, packet loss should be less than 1%; packet loss over 5% is generally considered severe. There's usually not much you can do about packet loss other than complaining or even switching service providers. There is no adjustment that you can use to decrease packet loss. However, if you are suffering from packet loss, the adverse effects may be reduced by decreasing the TCP Receive Window. See "Why TCP Receive Window matters".
Your upload speed (sending to a remote host) will be limited by your Internet connection, network path, and remote host. It may also be limited by capping (see "How the Upstream Cap can affect Downstream Speed"). It is not limited by settings you can adjust; i.e., there is no adjustment that you can use to increase upload speed.
The purpose of TTL is to guard against impossible or erroneous routing (e.g., loops where a packet would otherwise go around and around forever); for example, given an intended route from A to E:
A -> B -> C -> D -> C -> D -> C -> D -> C -> D ... |
In this case (looping between C and D) the TTL counter would run down to zero and expire, bringing an end to the loop:
32 31 30 29 28 27 26 25 24 23 ... 0 |
The objective is to have TTL large enough that packets will always reach their destinations over valid routes even with lots of hops, but not so large that excessive resources are wasted when erroneous routing (e.g., looping) is encountered.
In Windows 95 TTL defaults to 32. In almost all cases this is sufficient, since normally the number of hops will be less than 32 (usually much less). However, if and when the number of hops does exceed 32, then packets won't reach the intended destination (and communication won't be possible at all). To guard against unusual cases where the number of hops does exceed 32, default TTL was increased to 128 in Windows 98.
The bottom line is that TTL is not a parameter that increases or decreases speed. If packets are reaching the intended destination, then increasing TTL won't have any effect at all. TTL only matters when packets aren't able to reach the intended destination over a valid route; i.e., when there is no speed at all.
You can check the number of hops on a given route in Windows by using "tracert" (Microsoft-speak for "traceroute") in a command window; e.g.,
>tracert -d www.yahoo.com |
(The trace above was performed over a dialup modem connection. The times in ms would normally be much lower on a Cable Modem or DSL connection.)
For more information on TTL, see RFC 791.
The claim is that the tweak (IRQn=4096) improves network performance by allocating 4 megabytes of memory as a buffer for the IRQ (n) used by your network adapter. However:
While it doesn't help, the good news is that (like TTL) this setting doesn't hurt (assuming you don't screw up your SYSTEM.INI file) -- Windows just ignores settings that it doesn't recognize.
Note: This may have gotten its start as confusion over the real SYSTEM.INI settings COMnIrq and COMnBuffer, which are used to control serial port IRQ assignment and buffering (the latter of which can help serial port throughput). But these settings pertain only to the standard Microsoft serial port driver, not to network adapters.
To accurately measure the speed of your local link, download a large file (at least one million bytes) from a local server under light load (e.g., Internet software from your ISP in the wee hours) and time how long it takes. When all the various overheads are taken into account, with optimum configuration of your computer (see "Increasing TCP Receive Window") your binary FTP download speed in bytes per second will be about 1/10 of the raw link speed in bits per second (e.g., about 150 KBytes/sec over 1500 Kbits/sec link; about 38 KBytes/sec over 384 Kbits/sec link).
If you are running Windows 98, you can continuously monitor the speed at which data is being sent and received over a network adapter (commonly used to connect a cable or DSL modem) by installing Network Monitor Agent, which is located in the Windows 98 CD directory \Tools\ResKit\NetAdmin\NetMon. Once installed, you will be able to add Network Monitor Performance items to the display in System Monitor. (Network Monitor Agent is also available for Windows 95 in the Windows 95 CD directory \Admin\NetTools\NetMon, and can also be downloaded from Microsoft by HTTP or FTP. The executable files in the Windows 95 download are exactly the same as the Windows 98 CD version, so the download should also work for Windows 98, notwithstanding the warning on the Microsoft web page. It may work for Windows Me as well.) For more information see Q200910 "How to Install Network Monitor in Windows 95/98".
If you are running Windows NT/2000/XP, you can continuously monitor the speed at which data is being sent and received over a network adapter (commonly used to connect a cable or DSL modem) with Performance Monitor. The Object to use is Network Interface. (For information on Instances, see Q154535 "Multiple Instances of Network Interface in Performance Monitor".)
The usual symptoms of network under-capacity are high latency (the time it takes a packet to cross the network path from one end to the other) and packet loss (where transmitted data is literally lost because of insufficient network capacity). High latency has an adverse effect on interactive use; e.g., real-time gaming over the Internet. Packet loss has an adverse effect on just about everything.
The best way to pinpoint the source of a network problem is to use a standard TCP/IP network tool called 'traceroute', which measures both latency and packet loss at every network "hop" between you and your destination (remote server). Windows 95/98/Me/NT/2000/XP comes with a free version of traceroute called "tracert". It does a pretty good job, but the output can be hard to understand if you're not into networking. (See Microsoft's Q162326 "Using TRACERT to Troubleshoot TCP/IP Problems in Windows NT" [which also applies to Windows 95/98/Me])
One of the best traceroute alternatives is VisualRoute (shareware: $37.50) by Visualware, available for a variety of platforms, including Windows 95/98/Me/NT/2000/XP, Solaris, and Linux. A fully-functional 30-day demo is available for free download. It combines excellent ease of use with a high level of functionality, notably the ability to analyze the cause of network problems and display the results in English; e.g., (real example, emphasis added):
Analysis: Node 'ftp.cdrom.com' was found in 7 hops (TTL=249). But, problems starting at hop 6 in network "CRL Network Services, Inc" are causing IP packets to be dropped. Connections to HTTP port 80 are working. |
Other good traceroute alternatives include:
Although downstream speeds are usually high (typically in the range of 768 Kbps to 1.5 Mbps), consumer-grade Cable or DSL service often has an upstream cap (artificial limit) of 128 Kbps, which is only about 4 times faster than a V.90 (56K) dial-up modem (limited to about 31 Kbps upstream), and a fraction of the downstream speed.
What is not generally well-known is that the upstream cap can also affect the downstream speed -- if the upstream is saturated by uploading (e.g., sending a large PowerPoint file to the boss, or running a Napster or other public service), the downstream will drop to about the same speed. This is due to a weakness in the basic TCP Internet protocol, not Cable or DSL per se, and not the service provider.
Cable Internet is more vulnerable to this problem than DSL. Unlike DSL, where each subscriber has a dedicated connection to the head-end (DSLAM), the Cable Internet upstream path to the head-end (CMTS) is shared by all subscribers on a given cable segment. If that upstream gets saturated, which might be caused by only a relatively few subscribers, downstream speeds take a big drop for all subscribers on that segment.
As an illustrative example, consider a DOCSIS cable segment with 4 upstream channels per downstream channel, and 1000 subscribers (a recommended maximum).
- The upstream channels can be anywhere from 160 Kbps (200 kHz QPSK) to 10 Mbps (3.2 MHz QAM 16), with 800 Khz QPSK perhaps the most common in practice, giving an upstream channel capacity of 640 Kbps.
- The downstream channel can be 27 Mbps (QAM 64) or 36 Mbps (QAM 256), with 27 Mbps (QAM 64) perhaps the most common in practice.
The aggregate upstream capacity of 4 channels would be about 2.5 Mbps, as compared to downstream capacity of 27 Mbps. If the upstream saturates, the downstream rate will drop to about the same speed, a dramatic slowdown of about 90% (2.5 Mbps as compared to 27 Mbps).
Even with cable modems capped to 128 Kbps upstream, 2.5 Mbps upstream capacity can handle only 20 (2.5 Mbps / 128 Kbps) simultaneously active modems before saturation. That's generally not a problem if cable modem usage is typically (1) infrequent, (2) downstream [e.g., web surfing], and (3) interactive [e.g., fetch-use]. The system can break down if those conditions are not met.
This makes it easier to see why certain Cable Internet providers condemn continuous use of upstream (e.g., running a popular public service) as "abuse" -- each such subscriber consumes capacity normally allocated for 1000 / 20 = 50 subscribers. Worse, there's a threshold effect: If the upstream is running at (say) 80% of capacity with typical subscribers, it takes only 4 (out of 1000) heavy upstream users at 128 Kbps to drive the upstream into saturation, thereby slowing downstream to a crawl for all subscribers on that segment. (Exact numbers, of course, depend on actual channel numbers and speeds.)
For more information, see RFC 3449 "TCP Performance Implications of Network Asymmetry".
Microsoft has confirmed a TCP/IP retransmission bug in Windows 95, 98, and NT that can adversely affect upload (not download) throughput over "high-delay networks (for example, satellite links)." Standard Cable Modem or DSL service should not be affected by this bug; i.e., the fix is usually not needed. For more information see:
Windows 2000 and Windows XP come with a "DNS Client" Service that automatically caches (temporarily saves) DNS addresses. This boosts performance by avoiding repetitive DNS lookups of the same address -- the results of a successful lookup (positive response) are saved and reused until the cache expires.
By default the DNS Client also caches negative responses (including the lack of any response from the DNS server). Unfortunately, that can prevent you from recovering from transient DNS errors for an extended period of time. If, for example, the DNS servers at your ISP are temporarily overloaded, or slow to respond due to network congestion, the DNS Client will cache the negative response. Until that cache entry expires, which can take several minutes, it won't even try to lookup that name again -- you'll just get an immediate error. That prevents you from quickly recovering from DNS errors by simply retrying, the recommended thing to do. This can lead to frustrating delays and seeming loss of connectivity problems.
The best way for the typical Internet user to deal with this issue is to disable negative caching, leaving positive caching intact. (Completely disabling the DNS Client is like throwing the baby out with the bathwater because you would then lose the benefits of positive caching.) Negative caching can be disabled by adding three Registry Values (NegativeCacheTime, NegativeSOACacheTime, and NetFailureCacheTime, all not normally present), setting them to zero. Since manual editing of the Registry is a tricky and risky business, I've provided a simple Registry script to do the job. (Click the link to start the download; save the script to your desktop; and then double-click on it to run it. When you get the "Are you sure you want to add the information..." dialog box, click Yes. The script can then be discarded.)
There is no real downside to making these changes -- just delay if you make repeated tries to an invalid Internet name. (Nevertheless, please note that you do this at your own risk, and that it's always a good idea to back up your Registry before making any change.)
To go back to Windows default behavior, simply remove the three Registry Values described above. Since manual editing of the Registry is a tricky and risky business, I've provided a simple INF script to do the removal. (Click the link to start the download; save the INF file to your desktop; right-click on it, and then choose Install to run it. The INF file can then be discarded.)
For a more complete discussion and explanation of this issue, see "Broadband Tip: How to keep DNS Errors from slowing you down!"If you are running Windows 95/98/Me, at a minimum you should make sure that the built in capability for File and Print Sharing can't be used against you over the Internet using one of the following methods:
Case A: Disable File and Print Sharing You don't want to share files or printers on a local area network. (Your computer and workgroup names will still be visible, but that does not actually make you less secure.) |
|
Case B: Disable NetBIOS over TCP/IP You want to conceal your computer and workgroup names from the Internet (even though that does not actually make you more secure), or you do want to share files or printers on a local area network using (only) NetBEUI (which is safe from the Internet, unlike TCP/IP) for File and Print Sharing. Note: Disabling NetBIOS over TCP/IP may cause connection problems with some Internet Service Providers. If you experience problems, or simply want to avoid any problems, use Case A, Case C, or Case D, which are equally secure. |
|
Case C: Unbind TCP/IP from File and Printer
Sharing You do want to share files or printers on a local area network using (only) NetBEUI (which is safe from the Internet, unlike TCP/IP) for File and Print Sharing. (Your computer and workgroup names will still be visible, but that does not actually make you less secure.) |
|
Case D: Set a Scope ID for File and Printer
Sharing over TCP/IP You do want to share files or printers on a local area network or over the Internet using TCP/IP for File and Print Sharing. (Your computer and workgroup names will not be visible except to other computers with the same Scope ID.) |
See "Increasing NetBIOS Security with Scope ID". |
If you are running Windows NT/2000/XP, security is considerably more complex than for Windows 95/98/Me. Start with:
For more information on the real risks of Microsoft Networking, see "File and Printer Sharing (NetBIOS) Fact and Fiction".
For greater security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:
» | AnalogX PortBlocker (free, port blocking only) | |||
» | BlackICE Defender | |||
» | ConSeal PC Firewall (Recommended) | |||
» | eSafe Protect Desktop | |||
» | Internet Guard Dog | |||
» | Internet Firewall 98 For Personal Computers | |||
» | Internet Firewall 2000 For Personal Computers | |||
» | LockDown 2000 (trojan scanning) | |||
» | McAfee.com Personal Firewall
(MPF)
(Recommended) (formerly ConSeal Private Desktop) |
|||
» | NetWatcher 2000 | |||
» | Norton Internet
Security (partially derived from WRQ AtGuard) |
|||
» | Norton Personal Firewall (partially derived from WRQ AtGuard) |
|||
» | PC Viper | |||
» | PGP Desktop Security | |||
» | SOS Best Defense | |||
» | SPHINX Personal Firewall | |||
» | Sygate Personal Firewall (free for personal use) | |||
» | Tiny Personal Firewall (free for personal/home use; ICSA-certified technology; recommended) | |||
» | WinRoute Pro | |||
» | WRQ AtGuard | |||
» | ZoneAlarm (free; recommended for those on a budget) |
If you are willing to spend more money, you can get even better protection by using a separate standalone (hardware) firewall. See "Hardware Firewalls (SOHO Routers)".
Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:
If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering:
» | Hardware |
|||
» SonicWALL + Content Filter List Subscription (Recommended) |
||||
» | Software |
|||
» Cyber Patrol | ||||
» Cyber Sentinel | ||||
» Cyber Sitter | ||||
» SOS Kidproof |
For real security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:
Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:
If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering, based on either software or hardware (e.g., SonicWALL).
For real security, run a "firewall" -- special software that actively works to protect you. You can run firewall software on your own computer:
» | DoorStop | |||
» | NetBarrier |
If you are willing to spend more money, you can get even better protection by using a separate standalone (hardware) firewall. See "Hardware Firewalls (SOHO Routers)".
Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:
If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering:
» | Hardware |
|||
» SonicWALL + Content Filter List Subscription (Recommended) |
||||
» | Software |
|||
» Cyber Patrol |
You get the best possible external protection by using a separate standalone (hardware) firewall. (Software firewalls may still provide better protection against internal attacks; e.g., trojans, spyware.) Many of these products also include NAT (network address translation, see RFC 1631) for sharing a single Cable Modem or DSL connection (see "How to run multiple computers on Cable Modem or DSL"):
* Products based only on NAT are less effective than true firewalls.
See also "ADSL Modem Guide (DMT issue 2)" for products that include packet filtering or firewall.
Not all firewalls are created equal (i.e., some firewalls are better than others). If you want the best possible protection, look for:
If you have children, be warned that there is a lot of dangerous and frightening material on the Internet, so it's also a good idea to install content filtering, based on either software (e.g., NetNanny) or hardware (e.g., SonicWALL).
If you are a "power" user, you can build your own low-cost firewall with:
» | Linux e.g., | |||
» Astaro Security Linux (free for private home use) | ||||
» Coyote Linux (variant of Linux Router Project) | ||||
» FirePlug EDGE Project | ||||
» Freesco (successor to Ballantain) | ||||
» Linux Router Project | ||||
» NetBSD/i386 Firewall | ||||
» NetMAX (not free) | ||||
» ShareTheNet (not free) | ||||
» | FreeBSD | |||
» | GNATBox (Recommended) | |||
» | IPRoute | |||
» | OpenBSD |
Recommended websites that offer checking services:
Not recommended websites that offer checking services:
For a review of checking services, see ZDNet "Online Security Services".
(HackerWhacker is a claimed trademark of HackerWhacker. "Shields UP!" is a claimed trademark of Gibson Research Corporation. CERT is a registered service mark of Carnegie Mellon University.)
Although the Internet can be an incredibly valuable resource, it can also be used against your interests, often without your knowledge or consent. Businesses (and other organizations) now routinely use the Internet to gather and compile personal information profiles. All too often these profiles are traded between businesses and aggregated into even more comprehensive profiles, to which just about anyone can get access, even those with bad intentions. In addition to basic information, these profiles can include employment information, financial information (e.g., bank accounts, credit card numbers, brokerage accounts), medical information, personal habits (e.g., what you buy, what you read, what you do), and much more. Here's how this works:
Some providers are touting PPPoE ("dynamic IP") as safer than bridge/routed service, but this is a dangerous misconception -- PPPoE is not significantly safer.
PPPoE currently requires either:
Allied Data Technologies | |||||
» CopperJet 800/E | |||||
» CopperJet 800/USB | |||||
» | Cisco Routers | ||||
» | D-Link DI-701 Residential Gateway | ||||
Linksys | |||||
» BEFSR11 EtherFast 1-Port Cable/DSL Router | |||||
» BEFSR41 EtherFast 4-Port Cable/DSL Router | |||||
» BEFSR81 EtherFast 8-Port Cable/DSL Router | |||||
» | Macsense XRouter (NAT only*) | ||||
» | MaxGate | ||||
» Ugate-Plus | |||||
» Ugate-3000 | |||||
» Ugate-3200 | |||||
NETGEAR | |||||
» Gateway Router RT311 (Recommended) | |||||
» | Cable/DSL Firewall Router FR314 (stateful inspection; IPsec VPN pass-through) (Recommended) | ||||
» Cable/DSL Router RT314 (Recommended) | |||||
» | Netopia Routers | ||||
NexLand | |||||
» ISB2LAN (NAT only*; multi-session IPsec VPN pass-through) | |||||
» ISB SOHO (NAT only*; single-session IPsec VPN pass-through) | |||||
» ISB Processional Series (wide range of models) | |||||
» | SMC Barricade | ||||
» | SonicWALL (supports IPsec VPN) (Recommended) | ||||
ZyXEL | |||||
» Prestige 310 | |||||
» Prestige 312 | |||||
» Prestige 314 | |||||
» Prestige 316 (wireless) | |||||
» Prestige 641 | |||||
» Prestige 642 |
- DHCP (long hangs)
- If you are running PPPoE software on Windows, and your computer seems to "hang" at startup and/or at times while you are accessing the Internet, the cause may be DHCP timeout. The fix is to set a private IP address (e.g., 192.168.0.1, with a Subnet Mask of 255.255.255.0) Under Windows 95/98/Me, go to Control Panel - Network - TCP/IP pointing to something other than Dial-Up Adapter - Properties - IP Address.
- Internet Explorer "No Connection" Problem
- If Internet Explorer 5.0 keeps reporting that there is "No Connection" but recovers with "Try Again" try installing Service Pack 1, or upgrade to Internet Explorer 5.5 (or above).
- MTU (access problems)
- Certain PPPoE implementations do not work well with an MTU setting of 1500 (the Microsoft Windows default). The work-around is to manually set MTU to a lower value in the range of 1400-1492. This problem is reportedly fixed in Enternet 1.31 for Windows and 5.09b for Macintosh.
- Staying Connected
- To keep Windows NT/2000/XP connected after logging off, see Q158909 "How to Keep RAS Connections Active After Logging Off".
- Win98SE NDIS Problem
- If you are running PPPoE software on Windows 98 Second Edition, see Q243199 "Windows 98 Second Edition Problems with NDIS Intermediate Drivers"
For vendor/provider perspectives on PPPoE, see:
For subscriber perspectives on PPPoE (particularly problems resulting from premature deployment), see:
Some providers are touting PPPoA ("dynamic IP") as safer than bridge/routed service, but this is a dangerous misconception -- PPPoA is not significantly safer.
PPPoA requires hardware with PPPoA support:See also:
Windows 98 Second Edition and Windows 2000/XP include Internet Connection Sharing (ICS), which provides basic functionality for sharing a single Internet connection on a small peer-to-peer network. The drawback is that such sharing only works when the sharing computer ("gateway") is up and running, which can be inconvenient. Information on using ICS can be found in:
A third-party alternative that gets high marks for compatibility (e.g., with PPPoE) and ease of use is All Aboard! from InterNetShare.com. (Recommended)
For Apple Macintosh, similar sharing functionality is available in:
Other alternatives for sharing include:
Standard cabled networking hardware:
» | Intel | |||
» | Kingston | |||
» | NETGEAR (Recommended) | |||
» FA310TX 10/100 Fast Ethernet PCI Adapter | ||||
» DS106 10/100 Mbps Dual Speed Hub (6 port) | ||||
» DB104 10/100 Mbps Ethernet Kit | ||||
» | 3Com | |||
» | Good place for network cable: Home Depot (yes, Home Depot) |
Networking without having to run network cables:
* Wireless networking presents security risks -- see "Security of the WEP algorithm".
In addition to typical server tasks (e.g., file storage, printing), a dedicated network server can also be used for sharing a Cable Modem or DSL service (e.g., network address translation, proxy) and to provide security (e.g., firewall, filtering), with the advantage that such sharing does not depend on any other computer. (See "How to run multiple computers on Cable Modem or DSL" and "Security on Cable Modem or DSL") It can also make it possible to have a more complete Internet presence by providing such services as DNS (domain name service for a custom domain), email, HTTP (World Wide Web pages), FTP, and VPN (virtual private networking, providing secure access to your local network from anywhere on the Internet -- see "VPN/PPTP over Cable Modem or DSL"). Options:
BSD variants provide a wealth of standard Internet tools, and are available by download and on CD at little or no cost (e.g., CheapBytes). BSD is generally regarded as being more solid than Linux. Although peer support is available on the Internet, setting up and administering BSD can be difficult for those without UNIX experience. Complete BSD distributions include:
Linux also provides a wealth of standard Internet tools, and is available by download and on CD at little or no cost (e.g., CheapBytes). Linux is generally regarded as having a more complete feature set than BSD. Although peer support is available on the Internet, setting up and administering Linux can be difficult for those without UNIX experience. Complete Linux distributions include:
Solaris from Sun Microsystems is the operating system that largely powers the Internet, excelling in both power and reliability. Sun now offers two ways to get Solaris at low cost (for media and shipping):
Setting up and administering Solaris can be difficult for those without UNIX experience.
Microsoft used to offer a Small Business Server 4.5 Guided Tour Evaluation Kit for only US$20 that was fully functional with no time limitation, albeit limited to 6 client access licenses. However, that offer was replaced with the Small Business Server 2000 Evaluation Kit, which is time-limited to 120 days, leaving Windows unaffordable as a home/SOHO server.
Dynamic IP means that your Internet (IP) address changes from time to time, sometimes every few hours, sometimes at much longer intervals. (A static IP address remains the same indefinitely.) Running services (servers) on dynamic IP is not normally possible because the current address is not known to outside world. The solution is to use a "Dynamic DNS" service that tracks changes in your IP address. Dynamic DNS providers include:
Notes:
UPDATE (10/10/2000): Microsoft Windows 95/98/Me Share Level Password Vulnerability (bugtraq 1780) makes NetBIOS (Microsoft Networking) Share Level passwords easy to defeat if Scope ID is not used (see "Increasing NetBIOS Security with Scope ID"). If NetBIOS is not disabled (see "Security on Cable Modem or DSL"), then installing the Microsoft patch is strongly recommended!
Windows (95/98/Me/NT/2000/XP) includes the capability of sharing files and printers over a network connection by means of NetBIOS (Microsoft Networking). With "NetBIOS over TCP/IP" such sharing can take place over the Internet. Scope ID should be used to enhance NetBIOS security -- see "Increasing NetBIOS Security with Scope ID". Note that NetBIOS provides authentication, but not encryption; for greater security, use VPN/PPTP. (See "VPN/PPTP over Cable Modem or DSL")
Caveat: Some Internet Service Provider (ISP) filter (block) ports used for NetBIOS because of hysteria over NetBIOS (see "File and Printer Sharing (NetBIOS) Fact and Fiction") and/or genuine concern for subscribers that might inadvertently expose themselves to NetBIOS security risks (see "Security on Cable Modem or DSL"). In such cases it will not be possible to use NetBIOS over the Internet unless you can persuade the ISP to remove the filter (block) on your particular Cable Modem or DSL connection.
For more information on using NetBIOS sharing over the Internet, see:
An excellent way to remote control your own computer over Cable Modem or DSL is with free Virtual Network Computing (VNC) software. (Recommended)
VPN (Virtual Private Networking) is a means of creating secure connections over the Internet between two computers and/or local area networks (LAN's). Microsoft includes a form of VPN called PPTP (Point-to-Point Tunneling Protocol) in Windows NT/2000/XP, as well as PPTP clients for/in Windows 95/98/Me.
The most robust and secure form of VPN is generally considered to be IPsec (described in Standards Track RFC 2401).
VPN resources:
Suppose you need to use Windows 95/98/Me Dial-Up Networking (DUN) to connect to your employer's network. The usual problem is that you lose the use of your Cable Modem or DSL connection during the DUN connection. The reason that happens is that DUN automatically gets higher routing priority than your Cable Modem or DSL connection because Windows 95/98/Me can only have one default route. In other words, your Cable Modem or DSL connection is still alive, but Windows 95/98/Me won't use it.
The solution to this problem is a two-step process:
1. Prevent DUN from getting higher routing priority.
Now when you connect with this particular DUN connectoid, your Cable Modem or DSL connection will still work, but the DUN connection won't. To get the DUN connection working, proceed with the second step below after you have connected.
2. Add manual route(s) for your DUN connection.
Syntax: |
|
Example: |
|
Destination | Mask | Means all destinations starting with | Example |
207.200.75.0 |
255.255.255.0 |
207.200.75. |
ROUTE ADD
207.200.75.0 MASK 255.255.255.0 206.170.4.214 |
207.200.0.0 |
255.255.0.0 |
207.200. |
ROUTE ADD
207.200.0.0 MASK 255.255.0.0 206.170.4.214 |
Note: This author has no connection to these companies and has not tested these products.
"Cap" is a reference to an artificial limit on downstream and/or upstream speeds. Such caps are common on consumer-grade service. "Un-capping" is thus an attempt to remove such limits (and thereby increase speed).
However, un-capping is an urban legend (or hoax, take your pick) -- subscribers cannot un-cap cable or DSL modems:
(Note that if you did somehow find a way to do it, that might be construed as theft of service, with unpleasant consequences.)
See also
Open public news servers tend to be few and far between, and to disappear without warning, because they can easily be overwhelmed by freeloaders, and abused by spammers. Here are some ways to find one:
Ethernet
|
|
|
|
|
|
Bottom line: Ethernet is preferred unless there is a compelling reason to use some other type. USB is better suited for low-speed devices (e.g., mice) than for Cable Modem or DSL.
The software distributed by @Home normally autoloads proxy settings, preventing bypass of the proxy. To remove the autoload of the @Home proxy settings under Windows:
If your "ping" time to the closest/first node (often called a "gateway") is less than 30 ms, your DMT ADSL is probably configured for Fast Mode. Otherwise, unless the physical distance to that closest/first node is unusually far, your DMT ADSL is probably configured for Interleaved Mode. (See "How to find out what's slowing you down")
For most uses the difference in latency is usually not significant, and the increase in reliability can be useful or even vital. However, the difference in latency can be important for fans of real-time gaming over the Internet. If you fall into that category; are on DMT and aren't on G.lite; aren't unusually far from the closest node; and experience latency to the closest node of more than about 30 ms, you may be able to persuade your provider to switch you from Interleaved Mode to Fast Mode if such a switch is possible. (It may not be.)
If you experience DSL problems, particularly when those problems seem to be worse at certain times of the day, you can check for this possible cause by completely disconnecting all lighting dimmer switches and halogen lights. Putting the DSL modem on a power line RFI filter (included in many surge suppressors -- see "Surge/lightning suppression for cable/DSL") may or may not solve the problem.
If you do determine that a lighting dimmer switch is causing interference, you may be able to solve the problem by replacing it with a switch that generates less interference (i.e., a switch with better RFI filtering). Cheap switches may have little or no RFI filtering; better switches that normally have good RFI filtering may be defective. Switches with good filtering are made by a number of manufacturers, including:
For more information on dimmer switch RFI, see the Lutron FAQ (frequently asked question), "What is radio frequency interference (RFI)?"
See "Other sources of DSL interference" for similar problems caused by switching power "bricks" (external AC power adapters).
For general technical information on tracking down sources of RFI, see "Track and Solve Electrical Interference" by the ARRL (American Radio Relay League, Inc.).
For more information, see "Exorcizing DSL Demons" (from Outside Plant).
Unfortunately, there is not much that a DSL subscriber can do about many of these sources of interference (except as noted) other than asking the DSL provider to try to correct any problems.
When this happens, normal Internet connectivity is lost. Often the only way to recover is to manually remove power from the modem; wait several seconds; and then restore power, whereupon the modem reinitializes, resyncs, and resumes normal operation.
Another possible aspect of this problem is ARP (Address Resolution Protocol). It has been reported (but not verified by this author) that the Alcatel ADSL modem will substitute its own MAC address for that of the "gateway" when the DSL link is down. Since ARP entries are cached, this could result in packets not reaching the gateway for some time after the DSL link has recovered (i.e., until the bogus entry for the gateway expires from the cache). If you have a Windows machine networked directly to an Alcatel modem (i.e., not through a router), you can check your ARP cache with the "ARP -a" command, and you can delete specific entries (e.g., your gateway) from the cache with the "ARP -d" command. (Restarting your computer or your router is a clumsy but sure way to flush the entire ARP cache.)
For more technical information on this problem, see "Alcatel ADSL Modem Sync/NoSurf" by Lawrence Baldwin of myNetWatchman.com.
(Thanks to Bob Carter for passing this tip along.)
According to Alcatel:
Some PC's running Win98, Win98 SE or Win ME get a corrupted registry after 3 or 4 reboots or unplug-replug sequences. This causes windows to crash or a hangup while rebooting.
For a fix, see the Alcatel FAQ SpeedTouch USB, Q10 in the "Windows Drivers" section.
(This kind of problem is one of the reasons that Ethernet is preferred over USB -- see "Which is better: Ethernet or USB or PCI?".)
Researchers associated with the San Diego Supercomputer Center at the University of California, San Diego have identified multiple implementation flaws in the Alcatel Speed Touch ADSL "modem" (actually an ADSL-Ethernet router/bridge). These flaws can allow an intruder to take complete control of the device, including changing its configuration, uploading new firmware, and disrupting the communications between the telephone central office providing ADSL service and the device.
For more information, see:
Important things to know:
In the meantime you can:
Most ADSL deployments are based on Alcatel-compatible hardware. On such systems, you generally should be able to use any device that is compliant with (ANSI T1.413) DMT issue 2.
Important notes:
1 May be compatible with Alcatel, but no specific mention of Alcatel compatibility.
2 Sold only through service providers, not directly to end users.
3 According to Cisco, the 677 is not compatible.
4 According to a report, the Remote 810 is not compatible.
IFITL stands for "integrated fiber in the loop," another name for "fiber in the loop" (FITL) or "fiber to the curb" (FTTC). This use of optical fiber can extend the reach and/or increase the speed of DSL by shortening the length of the final copper wire run to the home. When fiber reaches all the way to the home, the term becomes "fiber to the home" (FTTH), which can provide very high-speed service without DSL (which works only over copper wire), typically using ATM. For more information, see:
If the most common forms of broadband Internet -- Cable, DSL, and Satellite -- are unavailable and/or unattractive in your area, are you out of luck? Maybe not. Fixed terrestrial (as opposed to satellite) wireless, sometimes called "Wireless DSL," is a group of newer technologies that are starting to be deployed in some areas. Here's a quick guide to this type of service:
Service in the first two cases is available only to those with direct line-of-sight to a transceiver, although the technology used by BroadLink tends to provide more complete coverage (less line-of-sight interference) and to be more scalable (fewer subscribers per transceiver). The balance of this section will focus on the technology used by BroadLink.
All products are not the same -- cheaper products may not be such a bargain when you take into account functionality, quality, and support. Even on the same product, the best price may not be the best deal -- consider also:
|
|
Recommended on-line merchants (for value and service):
Good deals:
|
Hard to find & unusual items: |
Auctions:
You may find a great deal, or you may actually wind up paying more than retail. The seller might be reputable, or a fly-by-night con artist. Be careful! Auctions:
- AuctionWatch (multiple sites at once)
- eBay (by far the biggest)
How do you know you will actually get what you won and paid for? You can lower your risk with an on-line payment/escrow service:
- i-Escrow
(escrow)- Internet Clearing Corporation
(escrow)
- PayPal
(pay by credit card, fraud protection)- WebTradeInsure
(auction and/or shipping insurance)
Not recommended on-line merchants:
As wireless networking based on IEEE802.11b becomes ever more popular, retail businesses, groups, and even individuals are starting to provide wireless Internet access to the public, often at no cost (at least for now). All you need is a notebook computer or PDA with a "WiFi" transceiver card. For more information see:
See also:
Caveat: The following information has not been verified by this author. USE AT YOUR OWN RISK.
This page has been viewed |
|
times. | |
Protect children while protecting free speech on the Internet.
Trademarks belong to their respective owners.