Home Networking: Ethernet, powerline adapters, and Wifi

Not at all - well worth investigating.

In semi-lay terms (based on a very foggy memory from diagnosing all this about years back) ADSL/2/2+ VDSL/2 all use HF signalling over copper using Discrete Multi Tone spread out over many sub-channels or bins in the bandwidth of the standard - up to 2.2 Mhz for ADSL2+ and 12 Mhz for VDSL2. Each of these bins as a given bit loading based on the frequency response of the bin, which is determined when the connection is established with the DSLAM or node. Once the router has worked out the deal with the DSLAM/Node, it literally enters a state called “Showtime” or at least that was the case for ADSL2+. I always had a giggle with that.

At the time, I had a router that gave a detailed log of the negotiation and establishment - and with a command from memory like “show dsl int atm0” it would display loads of data including a very handy table of “DMT bits per bin” …

OK, so here’s an email I just located which shows the detail from one of my sessions …

> show dsl int atm 0
ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:     0x01                            0x1
Vendor ID:       'STMI'                          'BDCM'
Vendor Specific: 0x0000                          0x93D1
Vendor Country:  0x0F                            0xB5
Chip ID:         C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Capacity Used:   100%                            99%
Noise Margin:     3.0 dB                         10.0 dB
Output Power:    19.5 dBm                        12.5 dBm
Attenuation:     54.5 dB                         31.5 dB
FEC ES Errors:    0                               0
ES Errors:       19                               2
SES Errors:       0                               0
LOSES Errors:     0                               0
UES Errors:       0                               0
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0xB5
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      16566 (0 spurious)
PHY Access Err:  0
Activations:     2
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR_4.0.018.bin
Operation FW:    AMR-E-4.0.018.bin
FW Source:       external
FW Version:      4.0.18
                 Interleave             Fast    Interleave              Fast
Speed (kbps):          5504                0           864                 0
DS User cells:      2774731                0
US User & Idle cells:                               4529182                0
Reed-Solomon EC:      55312                0             1                 1
CRC Errors:              10                0             1                 0
Header Errors:           12                0             1                 0
Total BER:                1059E-9                0E-0
Leakage Average BER:      1059E-9                0E-0
                        ATU-R (DS)      ATU-C (US)
Bitswap:               enabled            enabled
LOM Monitoring : Enabled
LOM watch configured for 250 times
LOM appeared continuously for 0 times
DMT Bits Per Bin
000: 0 0 0 0 0 0 0 8 A A A B B B B B
010: B B B B B B B B A A A A A 9 9 8
020: 0 9 A A B C C C C D D D D D D D
030: C D D D D D E E D E E D D D D D
040: 0 D D D D D D D 2 C C C C B 9 B
050: B B B B B B B A 9 A 9 A A B B B
060: B B 9 9 A B B 9 B A B A A A 9 9
070: A B B B A A 8 A A A A A 9 9 9 9
080: 9 9 8 8 7 7 7 7 7 7 7 7 7 7 7 7
090: 7 7 7 7 7 8 8 8 8 8 8 8 8 8 8 8
0A0: 8 8 8 8 8 7 6 8 8 7 7 7 7 7 7 7
0B0: 7 7 7 7 7 4 0 5 6 7 7 7 6 6 6 6
0C0: 6 5 5 5 5 5 5 5 5 4 4 4 4 4 4 3
0D0: 0 0 3 3 3 3 2 0 0 0 0 0 0 0 0 0
0E0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0F0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
DSL: Training log buffer capability is not enabled
>

Now if we hop over to a site like this: Nigel Franklin: Charting DMT bits per Bin data from xDSL routers

We can paste in that DMT bits per bin data and see a graph of essentially how good our connection is based on the frequency respinse of the line/etc …

image1042×670 85.9 KB

Now to illustrate, lets assume someone turns on a device that creams a really consistent chunk of the HF spectrum we are using on xDSL - to demonstrate this, I’ve just edited the DMT bits per bin to zero for a big chunk on this handy graphing site …

image1046×673 83.1 KB

All those nicely coloured lines are bits in your bins the taller they are is how good each bin is - all the bins together make up your aggregate bandwidth. Small lines or big chunks missing is bad. HF interference can do this. Ethernet over powerline is just one potential source of HF interference, others include televisions, set top boxes, AM radios, mothers in law - ok I made that one up, but you might find it useful. To be fair, the ham living next door to you, running his linear amp and rag-chewing with a guy in Lithuania is also a potential source of HF badness from an xDSL perspective … and if the interference is lower level but much broader as I perceive it might be from Ethernet over power-line, you might just see sadness across the whole bandwidth in terms of lower bits per bin but no specific chunks missing … that’s a bit of a guess.

My story involved 4 households who all experienced massive ADSL issues twice per day during the week - dawn-ish until school time, and end of school until about when primary school kids go to bed, 7 or 8pm. This took me a long while correlate … the owner of the dodgy old-school tube tele eventually fessed up that the times I and two neighbours had logged almost exactly coincided with their kids television habits. Weekends were toast. I was logging the bits per bin every couple of minutes 24x7 for months - I could have told you to within minutes when that television was switched on, and off … The television was retired - the problem went away permanently.

Apologies to people more knowledgeable in current xDSL than I - my memory is a little vague, but I think that captures it and is to a large extent still valid …

So yes, worth checking

As a footnote: people bag Telstra, but it was a team of telstra guys if I recall correctly based somewhere north of Sydney who educated me on the evils of HF interference and the strange and wonderful cases they had dealt with where xDSL was trashed by some unsuspecting device. The suggestions they made were going out with an AM radio tuned OFF-station high in the AM range and walking up and down the street listening for increases in the noise floor. Another suggestion they made was when finding a suspect house, locating the main switch and ‘turning it off’ to see if the problem went away. The guy who told me that did so verbally, and suggested it was a last resort

I’ll let you @draughtrider know how this goes, assuming I can get a report out of the modem. It will be a change from planting tube stock for a bit! Well, to hex looking at the counts for each bin?

thanks

Not much luck @draughtrider.

I have removed temporarily from our system the powerline ethernet adaptors. It has made zero difference. There is definitely an external influence per the following basic ADSL signal reports from the modem:

When we set up the Broadband and phone service I was working away more than at home, so the service with Westnet came with the default Bob2. That left the less techie at home with a simple support path. No direct access to the data you suggest, however I did have an ancient Thompson modem that used to produce data tables in hex that look like your examples. It no longer exists!

There is definitely an issue affecting the ADSL2+ service connection that appears external to our property. Our ISP like most others forced on us an updated CSG as a condition of a better and changed contract conditions, several years back when the NBN started to be rolled out in earnest. There is little hope of Telstra or the ISP sorting this.

Previously we had a rock solid 12Mbps down. Now the feedback from the ISP is that unless the service falls below basic ADSL service at 500kbps, they have no obligation to remedy. For BrisVegas we now have HFC on the outside wall, and available. I won’t comment on the cost of a month to month NBN contract vs our current deal other than it will cost $15-$20 more per month to get back the speed we used to get. The internal cabling is another issue and cost. Data and phone. Given there is a choice of carriers in the area and >50mbps current mobile data speeds the option to rely on mobile data is tempting.

Some techie stuff:
Day and Time Downstream Attenuation SNR
Sunday pm1 <1500kbps (per Ookla speed test)
Reset connection by physical disconnection off line and turn modem off for 5 mins
Sunday pm2 >12000kbps (per Ookla speed test)
Monday 5:46am 4599kbps 29dB 22dB
Monday 10:21am 1716kbps 29dB 34dB
Reset connection by physical disconnection off line and turn modem off fro 5 mins
Monday 10:37am 14109kbps 28dB 9dB
Next week 1753kbps 32dB 27dB

The incoming copper cable appears to have only 5 pairs for five customers, all used and no spares. It could be any of our neighbours or something down the street, or the architects office next door or??

I guess in this instance it is what it is. For our those in NBN FW and satellite service areas who elect to keep their ADSL services (if they currently have access) it may be more problematic if there are issues with the quality of the ADSL service. Internal cabling or Wifi may never be an issue?

It may be worth trying a different ADSL modem (particularly a different make or model). Can you borrow a modem from a friend?

Also see whether there is updated firmware for your existing modem.

I would skip doing a speed test and just focus on the synch speed (downstream).

How many kms are you from the exchange (as the wire runs, not the crow flies)? Metropolitan area or rural/regional?

Some ADSL modems have an SNR setting. My old Billion 7800 did and messing with it changed downloads from about 8mbps to 11-12 mbps. They run hotter and the ADSL port runs hotter so the ISP are not exactly enthusiastic about discussing it.

Here is the original discussion I stumbled on. It might help or not.

https://forums.whirlpool.net.au/archive/1567481

I appreciate the prompt feedback and suggestions, @person and @PhilT.
We are moving a little away from the topic of the best strategy for internal household network connections, although they can be the source of many issues.

For me there are two aspects in what I have observed.

One possibly of broader interest to other members of the community and consumers relates to ongoing maintenance of the copper network. Critically is there any public accountability for this need and data on the performance of the remnants that are being left in service?

There is a separate Choice topic that considers the CSG. That Copper will be the ‘Achilles heal’ of the NBN VDSL connections is a given. It will also impact as I mentioned previously on all customers in NBN FW or Satellite service areas who choose to retain their copper.

The second aspect is the simple technical one. In my instance an ADSL2+ based service. Fault identification and remedy. This assumes it is not due to the copper connection. At least I have two alternatives for our BrisVegas home - mobile data or NBN HFC!

Somewhere I may have another ADSL2 modem to swap out, and will have another shot at seeing where this leads. Dropping from 12Mbps to 1.5- 1.8 Mbps due to apparent line noise is a dramatic change? As the crow flies the exchange is almost next door. By cable length per the original Westnet service setup report 2,200m by memory!

P.S. It may seem a pointless exercise.
The interest in the complexity raised by both of the points raised is also relevant to our rural property in the Glass House Mountains. It is now waiting for a FW tower to go up that may not reach our property or delivery adequate signal strength. We can stay on ADSL2+. It is easy to also note that there are line issues in our street and the spares to our street connection box are now U/S. The lines and pits date back to at least 1984!

The public paid formerly publicly owned but now private company Telstra for its badly maintained and terribly degraded copper network. The public now has a responsibility (through NBN Co) to fix it, while Telstra has a responsibility to pay its shareholders all that unexpected windfall - through improved profits, distribution of gains and/or ‘building the business’.

Of course, this only remains a problem for government while the NBN is in public hands - hence the unseemly rush to plan for its sell-off.

As I have NBN Fixed Wireless a tech savvy friend suggested I use the plug ins for security purposes. As I do all my banking online he said anyone sitting outside my house in a car with the right equipment could pick up my wireless NBN signal and thus my passwords.
I did have one problem–I couldn’t get them to work first of all and he solved it by telling me they both had to be plugged into the same circuit.

The home wifi network should be using WPA2 security with a robust passphrase. Most people cannot break this encryption easily, there are faults but they take some sophistication to undertake the attack/s. You run just as much risk for this as for when someone gets between your house and the nbn™ wireless tower as this is also encrypted wireless traffic. What your friend has suggested is only good for your home network and the plugs will not fix the network connection you have to the nbn™ tower.

One thing the plugins do well for you is to avoid the extra electro-magnetic field (EMF) disruption/interference from things like walls, fridges, hands free phones, microwaves, & TVs. The plugs must be on the same power circuit to transmit the data in your house as you found out and this is not always possible. A way around this problem is to get network cabling installed to the rooms you want to access the internet from but this can be expensive. But honestly if you are only using them to avoid the security issue of broadcasting your home’s wifi signals then you really haven’t fixed the interception issue entirely and only removed part of it.

And in other news, a new WiFi standard was recently published that has new (and already broken) WPA3 security. Hint to anyone trying to develop security - either use tried and tested means, or do it in the open so you can learn about your mistakes early!

The WPA3 program was open to allow testing and disclosure with the faults being acknowledged and hopefully being patched…this excerpt from the article that says “Late in the analysis and disclosure period” hints at this open status. Further, the problems the flaws enabled is being addressed and is stated in the response by the Wi-Fi Alliance at https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update-april-2019.

I have high hopes that once patched and new Wi-Fi CERTIFIED™ requirements are established, that WPA3 will be the only way to go if you want robust Wifi security. New routers and modems of course will be required to upgrade from the WPA2 standards but it will be a small price to pay for much greater security.

WPA3 was developed behind closed doors, then released for testing. That doesn’t work in the modern Internet security environment.

And client devices?

The discussion makes clear that downgrade attacks are a problem but no downgrade attack is even needed if you want to continue to use clients that can’t or won’t be updated to WPA3. Heck, I’ve got client devices that only do WPA i.e. don’t even do WPA2.

It would cost me a heap of money to upgrade everything by throwing it away. It is unclear whether the change to WPA3 is a software only change and/or a firmware change and/or a hardware change.

There are no weak wireless passphrases here though - all computer generated, random and long - so just need to worry about KRACK et al.

I should have included network cards, embedded chips & devices and thank you for addressing that.

I am not totally familiar with WPA3 devices yet but there have been some already manufactured that are/will be patched for these vulnerabilities. But I can speak to the change from WEP to WPA and if the device manufacturer still supported the older WEP ones they did get firmware updates to use WPA. However not all older hardware could be updated to support WPA2 because they lacked hardware support for AES.

WPA3 firmware/software updates could be possible across older WPA2 devices if the hardware requirements have not altered (unsure of this but there is some talk it will just need software updates). This would also require the manufacturers to write the firmware/software updates for a whole slew of devices that they probably don’t even support anymore and as such is realistically not going to happen for many if any older units(maybe really new ones though may get updated).

Cost compared to security is what many will have to weigh as to whether to upgrade or not. But if you are using WPA still then your security is already at high risk, it is almost trivial to break WPA if someone is inclined. A move from WPA to WPA2 is while not a perfect answer, cheap to do in most cases and would provide at least some improved security.

WPA?

Chinese Sungrow PV Inverters act as a WEP AP for maintenance and system access!
You can set them to connect to your home network using WPA2, however the Sungrow WEP AP remains active and accessible at the same time?

Some PC Inverters have cabled ethernet options for monitoring. Most now appear to offer wifi as standard and possibly a cloud connection to enable remote monitoring.

This is exactly what I am getting at and would like/need to know for sure.

And that right there is the problem. Maybe there is an issue for government / Choice there.

I do have a dedicated SSID for WPA devices, hence limiting the disclosure to the password for that SSID and of the traffic on that SSID. However a motivated attacker could presumably hijack any WPA device and then use it to attempt to break in to other devices on the LAN (using some other security bug) - unless I took steps to further isolate traffic.

Ah well if I am going to pay to phase out all remaining WPA devices, I might as well wait until WPA3 is defect free and available.

No WEP here at least !

Ugh. Should be illegal to sell in Australia. WEP has been known to be insecure for almost 20 years.

What - addressing planned obsolescence? The global casino - I mean, economy - would crumble if governments ever decided to get serious about that!

I suppose the positive thing about WiFi security is that it can only be broken locally - not by someone on the other side of the world. (I am referring here just to the WiFi security standards, not to all the insecure practices that individual device manufacturers might build into their devices - like baby monitors that don’t use encryption for their online data streams.)

I had in mind: addressing insecure abandonware.

If Choice had an interest in the topic, they could start by explaining to government what is happening and persuading government that it’s a problem. I am not specifically advocating a course of action by government.

Another reason that I am not too worried about still having a few devices that are only capable of WPA.

How do you think ‘we consumers’ would respond if a government declared an otherwise perfectly working device to be illegal because although it met the standards (even best practices?) when sold it has evolved to a potential security problem for the owner over the years, and ‘we consumers’ had to replace it at our cost, not even a tax deduction for doing so? After that the topic would move on to landfill, recycling, and so on.