BBH Central IconBBH Central Home Page
  CENTRAL home  |   BBHL home About/Contact Us  |   Subscribe  |   Index by Topic  
You are here: Central > Broadband Home Labs > About Our Broadband Condo > PC and Internet: Key Technologies
Updated 3/2/2006

Our Broadband Condo: PC and Internet: Key Technologies We'll Need

After exploring alternative approaches, we decided we'd need to learn about--and probably install--three key technologies:

  • Virtual Private Networking (VPN)
  • Dynamic DNS
  • Wireless Bridges

Virtual Private Networking (VPN)

Virtual Private Networking (VPN) will play a key role in achieving our goals. VPNs use encryption and secure protocols to ensure privacy. Corporations typically install VPN technology for employees when they need to access corporate networks from home or when traveling. The technology is considered sufficiently secure so that an employee entering a corporate network from the outside through a VPN is considered as safe as one operating inside the building.

VPN technology is quite complex and until recently equipment was quite expensive. But the IPSec VPN standards are part of the open Internet protocols and the cost of the technology has dropped to the point where we can consider using it ourselves.

We expect we'll use "VPN gateways." A VPN gateway acts as a combination firewall and VPN router, facing the Internet on one side and the internal network on the other. The firewall's job is to let internal users access the Internet, and to block all outside intruders except those specifically authorized to come in.

There are two main types of VPN connections--client to gateway, and gateway to gateway.

  • The "client to gateway" connection is used for employees on the road, say at a hotel. The employee uses VPN client software on a notebook PC to establish the VPN connection to the gateway; in this case, the connection is always initiated from the outside.
  • The "gateway to gateway" connection is typically used to connect a branch office with a home office. A gateway on each network establishes a "tunnel" so that PCs in either location can communicate with each other as though they were all in the same building.

We will need both types of VPN connections. We'd like to set up VPN gateways at the condo and at home with a "gateway-to-gateway" tunnel between them. When we're on the road and away from the condo, we'll want to establish gateway-to-client connections using VPN client software on our PCs and the VPN gateway at our home office.

We'll need to make sure that our VPN setup doesn't get in the way of guests who want to use their own VPN clients to access their corporate networks from the condo.

Dynamic DNS

There are two ways for VPN client software or a gateway to identify another gateway:

Domain Name Service (DNS)--one of the core technologies that makes the Internet possible--converts an FQDN to an IP address. FQDNs usually refer to hosts with fixed or static IP addresses; www.BroadbandHomeCentral.com has the fixed address 206.67.176.3. So when you want to reach this website, you don't have to type in 206.67.176.3, but just www.BroadbandHomeCentral.com.

A home network connected with a broadband modem generally does not have a static IP address. Instead, it has a dynamic IP address assigned by the broadband provider using DHCP. Dynamic addresses tend to change when the modem is powered off or on a periodic schedule. If we assigned a "regular" FQDN to our home network, it would have one IP address one week and a different one the next week.

A fairly recent technique called "dynamic DNS" (DDNS) provides an elegant solution to this problem. A dynamic DNS server keeps track of FQDNs associated with dynamic IP addresses. The device that has the IP address -- typically a computer or a router connected to a broadband modem -- includes a DDNS client that tells the DDNS server whenever its IP address changes. Several companies (such as Dynamic DNS Network Services) specialize in DDNS service; they can assign an FQDN or work with domain names owned by customers.

We should be able to use DDNS to assign FQDNs to the VPN gateways in the condo and at home. That way, the gateways can find each other by name even as their IP addresses change over time.

Wireless Bridges

A wireless bridge is the reverse of a wireless access point. While an access point is designed to connect one or more wireless devices to a common Ethernet port, a wireless bridge is designed to connect one or more Ethernet devices to a common wireless link.

We'd like to use a wireless bridge to establish a reliable broadband connection from our condo through the wireless access point in the complex. We expect to have a good wireless signal just inside the porch facing the clubhouse. So we plan to mount a bridge inside the wall to the porch, and run a Category 5e cable from there to the VPN gateway.

If the wireless bridge doesn't work well, we'll install a cable modem in the condo.


Next: Progress To Date