Home/Office Broadband - Choosing a Router
The Line Interface
When selecting a broadband router the first thing you need to get right is the line-side interface. The following table illustrates this.
|
Line Type |
Router required |
Solwise offerings |
|
Cable
(from NTL/Telewest or similar). |
Ethernet Router
This type of router has ethernet connections on both the WAN (ie internet) side and the LAN (ie your) side. |
Range |
|
ADSL
(supplied on your BT line and provided by many ISPs, also from Kingston Communications if you are in the Hull area.) |
ADSL Modem/Router
Similar to an ethernet router except an ADSL modem is provided at the WAN interface for direct connection to your telephone line. |
Range |
There are other possibilities: For instance you could use a PC running routing software, in which case you could select the most appropriate line-interface(s) for your needs. A detailed discussion of solutions such as this is beyond the scope of this brief introduction.
Features
The range of features offered on routers is bewildering. However, your choice of router will probably be determined by a very small sub-set of these features, depending on what you want to use the router for. The following explanation of some of the main router features may help.
NAT
Network address translation describes the ability of the router to share a single internet address provided by your ISP amongst several devices on your local network. Your ISP allocates a single IP address to the router when you connect. Computers on your local network take addresses in a completely private range, which is not visible to the outside world. The router then controls the traffic passing through it by changing the reply addresses as the traffic passes. All Solwise routers support NAT and the vast majority of routers are run with this feature turned on. This is partly because of the sharing function, but also because NAT provides a good level of security by effectively hiding your computers from the internet.There is however a down-side to NAT. Because NAT changes the return address of outgoing packets from your network to match the WAN side of the router, it does not do well in handling data which is in a form which deviates from internet standards (TCP and UDP in this case). Now, if anyone was going to develop applications which were badly behaved in this way, you can imagine that Mr. Gates would be involved.
VPN (Tunneling and Termination)
IpSec Virtual Private Networking, provided with Microsoft operating systems, is a secure way of linking two computers or networks via the internet. Although there are other protocols which are badly behaved from a NAT point of view, Microsoft VPN is by far the most often requested. In order to make VPN work over NAT the router needs to recognise the data flowing through it and modify it as it goes. This is an example of an Application Layer Gateway, or ALG. An ALG for Microsoft VPN is provided with all Solwise routers, in the form of a VPN tunnel, which can handle a single channel of VPN traffic. As an alternative to providing channels for VPN traffic through the NAT, some routers have the ability to act as a termination point for the VPN traffic. This means that any device on your network can communicate through the VPN channel rather than just those devices with VPN client software. For instance you may want to set up a Voice-over-IP phone connection with your head office using a VoIP gateway.
ALGs, Application Layer Gateways
There are a number of applications which are badly behaved when used with NAT. The good news is that the main 'internet' application such as web (http&https), mail (pop and smtp), file transfer (ftp), telnet and many more do not require any special handling. However, if you need to run a particular protocol which does not conform to the TCP/UDP standards you should check that the router you select has an ALG to handle it.
Port Forwarding
If you want to operate a web or FTP server behind your router you will need to forward specific ports to the computer in question. For instance, if you want to run a web server you will need to forward port 80. All the Solwise routers can forward individual ports. Some, such as the SAR110 can forward ranges of ports, which can be useful for games-servers. The SAR7x5 family have a feature called 'Security Trigger'. This feature allows ports to be opened dynamically in response to the passing traffic, and is useful for H.323 applications such as NetMeeting and Voice over IP.
Firewall
Although routers running in NAT mode are considered to be inherently secure, you may like to enhance your peace-of-mind in the form of a firewall. The firewalls on routers have two basic roles. To mitigate 'denial of service' attacks and to control access to your system. If you know enough to specify a firewall then one assumes you already know enough to choose one!
|
