Basic tips for smoother home networking

Thanks to its UNIX underpinnings, Mac OS X is a remarkably robust network client. I knew not what this really meant until I had to build a QuickTime streaming server broadcasting all around France over a NAT-protected WiFi link crossing the Seine river and get it to play music in front of the national press.

However, despite its outstanding resiliency, Mac OS X has a difficult time coping with many home networks. Indeed, the ballet of IP addresses and DNS time-outs, which human users often do not notice, can wreck havoc with its networking stack leading to seemingly random network cuts. While an orderly reboot of all the networking pieces involved never fails to clear the problem, such a solution is not only impractical, it is often impossible to effect when troubleshooting problems remotely.

Today, I would like to share with you a few tips and tricks that, while simple to implement, have helped me set up networks that are near-impossible to bring down through bugs and ISP quirks alone. Needless to say, plenty of other things could bring your network down — crackers and hardware failures to name a few — but these steps should bring peace of mind to most home and small business settings.

Most importantly, you can implement them where they matter most today: on your own network, at your grandparents' or at the few friends' that you often help remotely. Obviously, the following will be standard practice for businesses and those whose network is already tightly organised, but most home users happily live (or so they think) with the defaults.

Switch everything to Ethernet

While not a Mac OS X-specific tip, it bears repeating that WiFi connections should not be considered fit for primary network use. Certainly, Mac OS X is a wonderful mobile platform, and enjoying ubiquitous networking is a great feeling. When it comes to reliability, however, a WiFi link never tops the charts. If you are, in any way, planning to cater for a network remotely, switching it to Ethernet will alleviate many pains, if only because cabling is less susceptible to the interference of modern life, such as cordless telephones, microwave ovens and wireless security cameras.

Obviously, you should say no to other forms of non-Ethernet cabling, such as USB modems. Apart from Apple's very own network adapter, I know of no USB networking device that can successfully replace a real Ethernet connection and, even then, Apple's own contraption tends to clog up quickly.

If you can't go the Ethernet route

Some users connect exclusively through community networks or inhabit homes that are not fit for cabling. In this case, I recommend considering a router with WiFi built-in for easy remote troubleshooting, or an AirPort base station. In urban areas, implementing 802.11n over 5 GHz is a must, as the traditional 2.4 GHz band is almost entirely claimed by city WiFi, coffee shops and washing machines.

When dealing with channels, it often pays to set up the base station to use a pre-selected channel instead of letting it chose automatically. Try and scan the local airwaves for existing networks at representative hours depending on whether your area is a residential or industrious one. An application like APGrapher or similar "stumbling" utilities can assist you in that task.

If the wireless network is to be a location's primary network, do not, by all means, make it a hidden network. Not only does it fail to improve the security of the network, it often causes Mac OS X to simply overlook the network, even if it is properly set up in System Preferences. Why, I could not say, but I have seen it happen with both Apple and third-party access points.

New-ish technologies allow administrators to use power lines as networking links. If your installation is recent, this is probably a neater alternative to WiFi networking where Ethernet is not practical.

Disable unnecessary network interfaces

While expert users will be comfortable using a network location accepting inputs over FireWire, WiFi and Ethernet, newcomers may be confused about "the Internet" not working. It often happens that, instead of using the Ethernet connection you lovingly set up, a Mac uses the neighbour's insecure WiFi link instead or edges in and out of the network provided by the coffee shop across the street. To a computer, all networks are good, but, to a user, they may not be, especially if you lovingly set up things like AirTunes, iPhone remotes and wireless printing.

The solution is to only enable whatever interfaces are really needed. If enabling both AirPort and Ethernet, ensure the computer does not automatically remember networks and provide it with the proper credentials for these it ought to connect to. Then, enable the AirPort menu and show users how to turn AirPort on and off when, for example, "using the Internet at home."

Certainly, you could create multiple locations instead, but I find "the big wafer in the menu bar" to be an easier target than a sub-menu in the Apple menu.

Set up DNS at both the router and computer level

ISP DNS is the devil in computer form. Whatever you do, you will want to subscribe to a service such as OpenDNS or Recursive DNS. Then, set this up both at the router level and for each network interface on Mac OS X. Why in both places? Because it will help your router find updates and generally better evaluate its connectivity — routers sometimes rely on hard-coded NTP and update servers, which they need to find easily.

Good DNS will not only make for a speedier and safer browsing experience by diminishing look-up delays and deterring cache poisoning attacks, it will get rid of these micro-cuts users experience when their ISP's DNS servers fail partially or totally. Often, Mac OS X recovers poorly from timed out and failed look-ups, requiring a good cache clearing session (or the aforementioned reboot) before finding its bearing once again. Hence, the better the DNS servers you select, the fewer trouble you will experience.

Switch to manual network addressing

DHCP is to networking what gel is to hairdressing. It's a slick way to make things stick together. Unfortunately, much like hair gel, it tends to flake at the end of the day. Sometimes, routers are slow to hand out IP addresses and your computer ends up thinking it has no network connection while network access is simply delayed by a few seconds.

On small company networks, users never expect local machines to change IP addresses, and the very fact computers remain on at night means they often never do until a power cut or upgrade cycles causes the network map to change entirely.

To remove any DHCP trouble, speed-up network access and help Mac OS X recover from network cuts, I suggest switching to Manual network configuration. Configure your router so that each machine gets a unique, reserved IP, based on its MAC address, and set up Mac OS X accordingly. No DHCP worries means smoother reboots across your network and easier remote troubleshooting.

On the flip-side that is obviously not practical for large networks. DHCP came into being for a good reason!

Tame your your NAT

NAT is not a firewall. Like firewalls, it does, however, cause a lot of trouble. NAT does have plenty of advantages, among which that of enabling any user on a network to create a small mini-network of its own. NAT allows you to network your devices at home, and getting rid of all NAT installations is just not possible. However, networks with nested NAT set-ups are just asking for trouble: designate a single NAT server on your network — your router — and configure wireless access points to sit transparently in the middle. Not only will this solve weird slowdowns and incompatibilities, it is a pre-requisite to attempt any kind of remote troubleshooting.

If you are concerned about security, and you ought to be, invest in a proper router that features a stateful firewall.

Disable IPv6

IPv6 is very cool, but it has no place on a regular home network at the moment. Not only does it not bring much to most users, it has different ideas about network topography. Yes, a Mac with IPv6 enabled will work perfectly on an IPv4 network: Macs ship with both enabled. However, IPv6 has been known to cause weird incompatibilities with features like AirTunes and it is a whole other addressing scheme to worry about. Just disable it for the time being on both your router and client machines, unless, of course, you have a particular reason for playing with it.

Request a fixed IP

Nothing impairs the remote trouble-shooter more than not knowing the randomly-attributed IP address of the network to troubleshoot. Certainly, that information is easy enough to obtain but the easiest method over time, by far, is to request a fixed IP from your ISP. It will probably cost you a few dollars but it is well worth the expense.

Once that address has been attributed, be sure to set up your router so that it does not request an address to your ISP over DHCP. I'm sure your ISP would answer with the same address every time — the one they gave you — but one cannot be too cautious.

You will now be able to remotely connect to the router, provided it is configured to allow such connections and reach individual machines on the network through VPN if need be. Most importantly, your network connection will no longer be cut for 10 minutes every day at 3 AM or whatever time your ISP chooses to re-allocate its pool of addresses. Maybe not all ISPs are that inefficient but those of us used to working nights can attest to wonky behaviour whenever your local operations team thinks "honest people should be in bed."

If you cannot get a fixed IP or justify the expense, get a free Dynamic DNS hostname so that you can always locate the machine. (Full disclosure — DynDNS.com is a former client of mine, but I was recommending their services long before they even knew I existed.)

Conclusion

None of these tips is earth-shattering, but, when used together, they create much simpler, more manageable home networks that are easy to troubleshoot, even remotely, and require far less troubleshooting because most of the troublesome variables are taken out of the equation.

For the home networker, Mac OS X's weakest spot, by far, is its management of DNS over unreliable links. If you invest a few minutes in properly setting up your router, your should enjoy a relatively worry-free networking experience, and be free to experiment with cooler things like Bonjour networking and Back to my Mac.