10 things you should know about networking two buildings

28 August 2008

Date: August 6th, 2008

Author: Rick Vanover

Connecting the networking components of two buildings can be a pretty daunting task. Here’s a little practical advice to help make the process go more smoothly.

Note: This information is also available as a PDF download.

#1: Wireless may not be the best solution

Too often, when a team is contemplating how to connect two buildings, someone will offer a wireless solution. Yes, there are wireless solutions that will connect two buildings, and antenna boosting equipment for better service. However, a hard line connection is more reliable if installed in conduit correctly. Here’s a general rule of thumb: “Use a hard line connection unless you can’t.”

Site-to-site connections using wireless connections are frequently disrupted by an obstruction, weather (in some technologies and applications), or interference. Also, wireless technologies have a shorter lifespan, as replacement technologies are rapidly developing for this market space.

#2: When dealing with conduit, think big

Most building connections today will be a fiber connection in hard plastic conduit. This conduit is usually buried about two feet below the ground. When sizing out what type of conduit to use (even if you’re working with a heavy equipment or installation professional), always think larger than you need.

Consider this example: You can fit the bare cable of fiber optic networking in just about any size conduit. However, if this project is a “one of a kind” type, you may have some price pressure to deliver the best solution for the technology need. When you size up the equipment and supplies, you may require a set of fiber cutting tools to end the line at each point. But the most cost-efficient solution may be simply ordering a to-length fiber optic cable that’s pre-terminated. In this case, you may save a great deal on fiber tools, but you should go up to the next size (and test the entire fit) for pushing a termination through conduit. For a recent project I did, we pulled two SC connectors through 1-inch conduit.

Best practice

When pulling fiber through a conduit, be careful with the line. Take the following steps to make it easier on the pull:

  • Get the pull line to the end of the conduit the easy way: Make a small ball of tape, put it in a plastic bag (sandwich size), tape the pull line to it, and pull it through with a medium duty vacuum on the end side.
  • Have conduit straightened out before pulling the fiber through.
  • Insulate the header of the cable well with electrical tape. Any pressure will then be taken by the tape instead of the connector or cable.
  • Have people on each side pulling at the end and feeding the cable into the beginning to minimize stress points.

#3: Go absolute cutting edge for physical media

Thinking for all future connections, select the best physical connection (usually fiber or multiple fiber lines) for what will be buried. You don’t want to have to dig it up or remove this connection once it’s in place. It makes no sense to run CAT-5 over copper when in a few years, you may remove this medium for the backend of most networks.

#4: Call before you dig!

Each state has a “call before you dig” service. A simple Google search of Call before you dig Ohio (or any other state) will take you to the site that can give you procedural information, underground line requirements for your state, and other important facts. When networking two buildings, you will want to use orange markings to identify the connection as a communications system. Most locations use orange for all communications media, but check your local requirements before starting any work and arranging your support staff for the project.

Important safety note

Digging can be very dangerous, as there are many underground utilities, including gas and electric, that can be deadly. It goes without saying to follow all relevant precautions and enlist the services of heavy equipment and facilities or installation professionals for projects of this nature.

Best practice: When digging, it’s advisable to have a team that’s familiar with operating the necessary equipment to help you lay the conduit. A ditch digger may seem like a fun tool, but enlist your facilities maintenance staff or others more suited to operate this equipment.

#5: Run extra media through the conduit

While you’re there, you may want to tag on an extra line or two. For example, if you plan to connect two buildings with a fiber connection, run an extra fiber and maybe a few CAT-5 lines as well. These extra lines may come in handy later. You can group relevant categories of connections in the conduit freely. You can’t, however, run power through these lines–no mixing communications and power types. PoE (power over Ethernet) may be considered a power conduit instead of a communications conduit if you seek to pair it with another type.

#6: Leave a pull string in the conduit

In case you decide to pull another type in the conduit in the future, leave a pull string (even high test fishing line does well) in the conduit. Simply tape it to the header of the piece you’re pulling through and when you feed your fiber or other type in, also feed the pull string.

#7: Avoid the telco whenever possible

If your buildings aren’t very close together, you may not be able to avoid a telco for the connection. But in short-distance situations, you might be able to work out arrangements with local authorities and property neighbors to coordinate the installations of private conduit. If the two buildings are fairly close, it may be worth the effort and higher initial cost to get a private conduit instead of the ongoing cost of an ISP or carrier service.

#8: Think below protocol layers

When designing the basic objectives of your connectivity project, don’t think in terms of VLANs and IP addresses at first. You want to establish your connectivity in a way that extends your manageability to the highest level, so focus on Layer 1 and Layer 2 of the OSI model. Who knows, we may dump TCP/IP in a few years anyway for something better, if IPv6 is not well received. You may also consider using WAN protocols for efficiency or segregation on this connection instead of simple TCP/IP configurations.

#9: Share Internet connection points

The last thing any IT department wants is an additional monthly payment, so be sure to keep your Internet connection points centralized where possible. Ensure that your networking configuration allows you to manage the access by the different geographical locations (buildings), by user, or by some other manageable mechanism. Also, having two connection points (one in each building and a LAN connection between the buildings) poses a security threat of multiple entry points. However, a case can be made from a disaster recovery or business continuity perspective to have a backup carrier connection in another building, yet accessible.

Best practice

Be sure that the Internet traffic, or any other traffic, is throttled, cached, or otherwise managed from a QoS perspective if there’s a large number of clients or a lot of traffic in the other connection point.

#10: Make long-term infrastructure decisions now

For the network clients in the second building, make decisions about the local name resolution, file server storage resources, e-mail servers, and authentication/directory servers that may be local to the first building. Should the second building involve a small number of clients and less traffic, you may not want to have a true data room there. You can simply extend the back-end services from the primary building. But if the second building will double traffic to your server room–and possibly over a limited-speed connection–you may need to make some of those resources central to the destination.

Comments (0)

How To Install Hamachi On Fedora 9

25 August 2008

Version 1.0
Author: Andy Ru <webtechy [at] gmail [dot] com>

This tutorial explains how to install Hamachi on a Fedora 9 server. Hamachi is a VPN service that easily sets up in 10 minutes, and enables secure remote access to your business network, anywhere there’s an Internet connection. It works with your existing firewall, and requires no additional configuration. Hamachi is the first networking application to deliver an unprecedented level of direct peer-to-peer connectivity. It is simple, secure, and cost-effective.

This howto is meant to document things specifically for Fedora 9 and can be used as a guide for other distributions but mainly describes steps which are needed in Fedora-based distributions.
 
This document comes without warranty of any kind! I want to say that this is not the only way of setting up this configuration. There are many ways to configure the setup below but I do not issue any guarantee that this will work for you!

1 Download Hamachi

Hamachi can be downloaded from the main website here:

https://secure.logmein.com/products/hamachi/download.asp

Download the 0.9.9.9-20 Linux version with the following filename:

hamachi-0.9.9.9-20-lnx.tar.gz

Or skip all that and do a wget on the file from the link here:

wget http://files.hamachi.cc/linux/hamachi-0.9.9.9-20-lnx.tar.gz

Ungzip and extract the tar file to a folder and then cd into the directory:

tar-xvf hamachi-0.9.9.9-20-lnx.tar.gz
cd hamachi-0.9.9.9-20-lnx

Make sure you are able to sudo or su to root for the next step.

 

2 Install and recompile tuncfg

In order to run hamachi you will need to fix the path for ifconfig in most Fedora-based distributions.

cd tuncfg

(I took this information from a post by feistyfeline on linuxquestions.org here is a link to the original post http://www.linuxquestions.org/questions/linux-software-2/cant-log-in-with-hamachi.-409344/)

Rename the original tuncfg file in that folder (only if you need to):

mv tuncfg tuncfg.backup

Use your choice of text editor to edit the tuncfg.c file. Search for the piece of code that has ifconfig. There is only one instance of that.

Change:

"ifconfig %s %u.%u.%u.%u ", ctx[i].dev,
TO
"/sbin/ifconfig %s %u.%u.%u.%u ", ctx[i].dev,

Then:

gcc tuncfg.c -o tuncfg

That recompiles tuncfg to incorporate the changes you made. Next, if you had already started tuncfg, kill all instances of tuncfg with:

killall tuncfg

Next, run the following as root to install the new tuncfg:

make install
/sbin/tuncfg

Finally, run "hamachi start" as a regular user and you may proceed as indicated in the README file.

 

3 Install & start Hamachi

Per the README file, install hamachi as a regular user by running hamachi-init:

hamachi-init

Initializing Hamachi configuration (/home/aru/.hamachi). Please wait ..

generating 2048-bit RSA keypair .. ok
making /home/aru/.hamachi directory .. ok
saving /home/aru/.hamachi/client.pub .. ok

hamachi start

Starting Hamachi hamachi-lnx-0.9.9.9-20 .. ok

 

4 Configure Hamachi

Once you are able to start Hamachi, you can then proceed to configure it to join a network:

# join "networkname" "networkpassword"

If no command is specified, hamachi displays its status including version, pid, online status and the nickname. Or you can get a list of commands by typing:

hamachi help

Once you’ve created or joined a network you can set up hamachi to start on boot by editing the rc.local file:

sudo vi /etc/rc.local

  /sbin/tuncfg    su - user -c "hamachi start"

 

Or you can set up Hamachi as a service by using a init.d script like the one described in the blog here by cannin: http://idahospuds.blogspot.com/2006/03/scitech-hamachi-as-service-in-fedora.html

  
#!/bin/bash
#
# hamachi         This shell script takes care of starting and stopping
#                 hamachi.
#
# chkconfig: 345 99 9
# description: hamachi is a zero-configuration VPN
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0
[ -f /etc/hamachi/client.pri ]  exit 0
[ -f /etc/hamachi/client.pub ]  exit 0
[ -f /usr/bin/hamachi ]  exit 0
# See how we were called.
case "$1" in
start)
 echo "Starting hamachi..."
 /sbin/tuncfg
 /usr/bin/hamachi -c /etc/hamachi start
 ;;
stop)
 echo "Stopping hamachi..."
 killall tuncfg
 /usr/bin/hamachi -c /etc/hamachi stop
 ;;
restart)
 stop
 sleep 1
 start
 ;;
  *)
 echo "Usage: hamachi {startstoprestart}\n"
 exit 1
esac
exit 0

(I actually just went with the rc.local commands as I found that as long as I leave my server running most of the time my need for a service isn’t all that great. I just needed it to startup when there is a power outage.)

Make sure to verify that both tuncfg and hamachi are running afterwards by doing a ps:

ps -ef | grep tuncfg
ps -ef | grep hamachi

Now you can access your server from anywhere you are able to install a hamachi client from. If you want a GUI interface, you can also look into installing one from the links below.

 

5 Links

 
Comments (0)

Get free blog up and running in minutes with Blogsome | Theme designs available here