Jump to: navigation, search

SECN Tutorial


SECN Tutorial

Introduction

This tutorial is intended as an introduction to the Village Telco - Small Enterprise Campus Network (VT-SECN) firmware, which runs on a variety of commodity and special purpose router devices.

The purpose of the SECN firmware is to provide a simple way to set up a network of wifi devices which connect together using mesh networking in order to provide data and telephony services to client devices such as personal computers, tablets and smartphones. The intention is that such networks can be established largely without the use of network cabling, and so can be established relatively easily in situations which might otherwise be problematic, such as in remote areas or emergency response situations.

The geographic scale of such networks is obviously limited by the range of the wifi nodes used to construct the mesh network. With typical devices with omni directional antennas, inter-node distances of several hundred metres in open areas are quite feasible, and larger distances can be realised with the use of more specialised nodes with directional antennas and mounted in locations with good 'visibility' of other nodes.

The SECN firmware is based on software from a number of Open Source projects, primarily OpenWrt (wifi router), Batman-adv (mesh network) and Asterisk (telephony) and is essentially used to configure these software packages in various ways, and to provide some status indication of their operation. It is important to realise that almost none of the SECN code actually runs when the devices are in normal operation - it is used just to set up the configuration of the device. The small amount of SECN code that does run in normal operation consists of a script that is executed periodically to display the status of the mesh and wifi connections on the SECN Status page,

For the purposes of this tutorial, the operation of the SECN firmware will be illustrated using the MP02 device developed by Village Telco, however the firmware is also available for a number of commercially available devices and the operation is essentially the same on all devices, allowing for the different physical facilities offered by the different devices.

The MP02-Phone model offers one facility not generally available in the other supported devices, and that is an FXS telephony subsystem which allows a standard telephone handset to be plugged in to the device. This provides a simple way of building a telephone network without wiring or a central exchange. Even without using this special purpose hardware, the SECN firmware will support softphone applications running on Smartphones or personal computers, thus providing a telephone network where even the telephones are virtual, to an extent.

On devices with a single wifi radio subsystem, the SECN firmware supports the use of two simultaneous wifi interfaces:- an AP interface to support the connection of wifi client devices, and an AdHoc interface which supports the operation of the wireless mesh networking. Obviously in this arrangement the wifi bandwidth is shared between the two interfaces.

On devices with dual radio subsystems, the SECN firmware supports the same multiple wifi interfaces on both radio subsystems, but also allows the functions to be split between the two radio subsystems, thus providing full bandwidth on each interface.

The MP02 Device

The MP02-Basic model is a 2.4GHz WiFi router based on the Atheros AR9331 chipset and built on the Dragino MS14-P Linux IoT Appliance (http://www.dragino.com/products/mother-board/item/71-ms14-p.html) It has two RJ45 Ethernet ports and a USB port, and is powered from a nominal 12 Volt power supply with a power consumption of 1 Watt.

The MP02-Phone model adds an FXS telephony subsystem and a RJ11 telephone port, allowing a normal telephone handset to be connected.

The MP02 can be configured to operate in many different ways, ranging from a simple wifi Access Point (AP) to a mesh node providing a telephony network for softphone equipped devices.

The MP02 consists of the following key network components:

  • A router, which has a LAN side and a WAN side, with Network Address Translation (NAT) and firewall operating in between.
  • A LAN Ethernet port which is connected to the LAN side of the router.
  • A WAN/LAN Ethernet port which may be connected to either the LAN or WAN side of the router.
  • A Wifi Access Point (AP) which is connected to the LAN side of the router.
  • A WiFi Mesh interface which may be connected to either the LAN or WAN side of the router.
  • A WiFi Client interface which may be connected to the WAN side of the Router.
  • A USB Modem interface which may be connected to the WAN side of the router.

In general only one interface may be activated on the WAN side of the router at any time.

On the LAN side, the WiFi Access Point, the LAN Ethernet port, and the mesh interface may all be active at the same time. This allows a collection of devices to form a mesh network with each node connected to all the other nodes at Network Layer 2. The connection between one node and another may be direct if they are within WiFi range, or the connection may be indirect, connecting via an intermediate mesh node.


Mesh Networking Basics

The SECN firmware uses the Batman-adv software package to provide mesh networking. An AdHoc wifi interface is established and bound to the batman-adv interface, which may then be used like any other network interface, for example it may be included in a LAN bridge along with an Ethernet interface and a wifi AP interface.

In this arrangement, local devices (such as a PC or Laptop) may be connected to a mesh node via Ethernet or WiFi, and a device attached to one node in the mesh will effectively be networked to other devices attached to other nodes, just as if they were all connected to a network switch. This arrangement can thus provide a simple LAN without network cabling in order to share network resources such as Internet access or printers amongst the client devices.

An alternative arrangement which is supported in the SECN firmware, is to attach the batman-adv network interface to the WAN side of the router. In this arrangement, the WAN side of all the nodes are connected together as if plugged into a network switch, while each node can provide a private network subnet with its own DHCP service, on the LAN side. Client devices attached to each node operate in their own network 'cell' while having access to upstream network resources.

The mesh operates at Layer 2, so it can carry traffic for many networks operating at Layer 3. This means, for example, that you can have multiple IPv4 subnets (address ranges) operating over the mesh.

Tutorials

The following tutorials will step you through a very simple introduction the mesh networking and the SECN firmware.

Work through the tutorials in order, starting at Tutorial 1 through to Tutorial 5.

At this point you will have a simple mesh of two nodes with one node connected to an upstream router and sharing the Internet connection across the mesh.

If you have an FXS equipped device you can also do Tutorial 6.

Tutorial 1: Out of the Box Zero Config Mesh

Newly delivered (or newly flashed) SECN devices are configured to automatically mesh together using the default settings. This tutorial will demonstrate a simple mesh with no configuration required. It is assumed that you have at least two SECN devices and a PC connected to a local LAN via Ethernet cable and able to access network resources on the local LAN.

Proceed as follows:

  • Connect your PC to the local LAN and ensure that it is operating correctly with access to network resources such as an Internet connection.
  • Disconnect your PC from the local LAN and connect it instead to the LAN port of one SECN device.
  • Using a second Ethernet cable, connect the LAN port on the other SECN device to the local LAN.
  • Apply power to the two SECN devices. Allow a couple of minutes for startup. The WiFi LED will begin to flash as the startup process completes.
  • Once the mesh network is established, you should be able to access network resources from your PC, with the data flowing through the mesh between the two SECN devices.
  • Connect a wifi client device such as a laptop PC to the SECN Access Point (SSID: VT-SECN-AP Passphrase: potato-potato) and check that it can access network resources from the local LAN.
  • Try adding more wifi client devices.
  • Try adding more SECN nodes and attaching client devices to them with Ethernet cables.

NOTE: In the above, be sure to use the LAN Ethernet ports on the SECN devices, and not the WAN ports.


Tutorial 2: Accessing the SECN Configuration Page

When set to the Factory Default settings, a SECN device is configured with the WiFi Access Point, LAN Ethernet port and mesh interface bridged on the LAN side of the router, and assigned an IP address of 10.130.1.20. There is no DHCP service running on the LAN side.

To access the web based SECN configuration interface, you will need to configure a static IP address on your PC in the same IP subnet at the SECN device, and point your browser to the default SECN device address (10.130.1.20) where you will see the Basic configuration web page.

Proceed as follows:

  • Power up one SECN device only. Allow a couple of minutes for startup.
  • Connect your PC to the LAN port on the SECN device with an Ethernet cable.
  • On your PC Ethernet port, set up a static IP address of 10.130.1.99, with Netmask of 255.255.255.0 and Gateway/Default Route of 0.0.0.0
  • Start a browser application such as Chrome or Firefox and enter a URL of 10.130.1.20
  • You should see the SECN Basic Configuration web page appear.
  • Click on the tabs to show the Advanced and Status pages.
  • On the Status page you will see entries for other mesh nodes in the top section, and for any attached wifi clients in the bottom section.


Tutorial 3: Setting Individual IP Addresses for Each Node

In order to be able to access the configuration interface of individual nodes on the mesh, it is important to assign an individual IP address to each MP02. In this tutorial you will set up two nodes with individual IP addresses of 10.130.1.101. and 10.130.1.102 It is assumed that you have two devices with Factory Default configuration.

Proceed as follows:

  • Power up one SECN device only.
  • Configure your PC for a suitable static address as in the previous tutorial.
  • Allow a couple of minutes for startup, then point your browser to the SECN Configuration page at the default IP address 10.130.1.20
  • Edit the IP address in the Basic Configuration page - change the last octet from the default .20 to .101
  • Click on the Save button and wait for the page to refresh and show the new IP address.
  • You should see the new IP address as 10.130.1.101

At this point the change has been saved, ready to used at the next restart of the device.

  • Remove power from the device.
  • Repeat the above procedure for the second device with the IP address of 10.130.1.102
  • Remove the power when the change has been saved and confirmed.
  • Apply power to both devices. It will take several minutes for the devices to start up and establish the mesh operation.

When the two devices start up again, they will be operating at the new IP addresses.

NOTE: Setting individual IP addresses is not actually required for the mesh network to operate. The devices will mesh without setting individual IP addresses, as in Tutorial 1 above, but you will not be able to access the individual configuration screens for the nodes in this situation. In a practical mesh network, you should *not* have more than one device running with the same IP address (e.g. the default 10.130.1.20) at any time, as they will automatically mesh and you will not be able to determine which device you are configuring from the web interface due to the IP address conflict.

Tutorial 4: Setting up a Basic Mesh

Once you have set up two devices with their new individual IP addresses and they are both operating, they will automatically form a mesh network and you can access the configuration screens on each device.

This means that if you connect a PC (with a static IP address in the correct IP subnet e.g 10.130.1.11) to one node, you will be able to access the web interface of both nodes at their respective IP addresses (eg 10.130.1.101 and 10.130.1.102)

Similarly, if you connect a second PC (e.g. set to 10.130.1.12) to the other node, you will be able to ping one PC from the other.

The mesh operates at Network Layer 2, and so is independent of the IP address used by attached devices, because the IP address is a Network Layer 3 configuration.

You only need to use the same IP address range as the nodes (10.130.1.x) on your PC if you want to be able to access their administrative interface via ssh or web browser.

You can connect devices to each other via the mesh nodes using any valid IP addresses. You can think of the mesh as a network switch, with each node acting as a port on the switch, with connections via either Ethernet or WiFi.


Tutorial 5: Mesh with Modem-Router for Internet Access

A good example of using the mesh is to provide access to a modem-router connected to the Internet, for client devices connected to the mesh nodes.

To set this up, connect the LAN Ethernet port of your modem-router to the LAN Ethernet port of one of the MP02 mesh nodes.

If you now connect a PC (with its Ethernet port set to obtain an IP address by DHCP) to the LAN Ethernet port of another mesh node, it will communicate with the modem-router via the mesh and obtain its IP address from your modem/router just as if it was connected directly, and it will then be able to access the Internet.

Similarly, if you connect your PC to a mesh node via WiFi (using the SSID and Passphrase of the mesh node Access Point) it will connect to your modem-router via the mesh and be able to access the Internet.

If you assign the same SSID and Passphrase to all Access Points on mesh nodes, then your PC will be able to connect to any of the nodes, and will typically be able to roam around the area covered by the mesh, connecting to the best available signal.

NOTE: The ability to roam between mesh nodes using the same SSID is dependent on the capability of the wifi client devices. Most modern devices handle this well, but older devices may not do so. In this case it may help to assign different SSIDs to each node and ensure that the device can connect to each node individually.


Tutorial 6: Using MP02-Phone Devices

If you are using MP02-Phone devices as nodes in your mesh you will be able to make calls between them once the mesh is running and you have assigned unique addresses to the nodes.

To call the phone attached to a particular MP02-Phone mesh node, simply dial the last octet of the IP address of that node.

For example, if you have nodes set up with IP addresses of 10.130.1.101 and 10.130.1.102, to make a call to the phone attached to the node at 10.130.1.102, simply dial "102".