Router setup summary

Over time we've enabled and disabled various functionality on our internet router (a DrayTek Vigor 2860ac running firmware 3.8.6_BT), so here's a summary of what's what and why:

WANs

We have BT Infinity 1 FTTC as our primary WAN connection, with a cellular modem on the EE 4G network set up as a failover connection.

The setup for BT Infinity requires little configuration. Leave the DSL mode as Auto and Modem Code as Default. Set the Active Mode to Always On, and check the Load Balance box. For BT Infinity you should enable the VLAN tags in the VDSL2 Service cell in the table. Set the Tag Value to 101, and the Priority to 0.

The setup for the cellular modem is focused on the failover mode. Set Active Model to Failover, uncheck the Load Balance box, and set the failover on WAN Failure. Set the Active When option to Any, and ensure that at least WAN1 is checked.

Internet access via the WAN connections requires BT Infinity to be set up as PPPoE/PPPoA, and the cellular modem to be set up in DHCP mode.

Internet Access configuration for BT Infinity is minimal, just set the Username to bthomehub@btbroadband.com and the MTU to 1492.

Internet access via the cellular modem is also straightforward. We're using the EE network, so just set the APN Name to everywhere.

LAN

We have the router set up with IPv6 disabled, and located at IPv4 address 192.168.1.1. We're only using the 192.168.1.x address space, so the subnet mask is set to 255.255.255.0. The router hosts a DHCP server, but we manually allocate addresses 192.168.1.2 through to 192.168.1.149. The DHCP server leases addresses for 1 day (86400 seconds), and periodically clears the leases for inactive devices. The DNS servers are not specified, so the ones allocated by the active WAN connection are used.

Manually allocated IP addresses are bound to device MAC addresses. We do not use strict binding, i.e. if the device's MAC address isn't in the list then it is not allowed to use the network, as it would be a pain to have to register friends and family's devices every time they visited or changed.

WiFi

WiFi connectivity is provided by the router, as well as two additional access points. A single SSID is used at all three transceivers, on both 2.4GHz and 5GHz bands. Additionally two more SSIDs are used, but hidden, one each on each band, for devices that struggle with the single common SSID.

To minimise the possibility of interference the router is on Channel 1, whilst the two other access points are on Channel 11 (to enable the WDS bridge), and all access points are set up in Mixed Mode with 20MHz channels.

Each SSID is secured using a Pre-Shared Key (PSK) exchanged with WPA2 only.

The extension of WPA2 called WiFi Protected Setup (WPS) is disabled due to known vulnerabilities.

In order to promote the use of the 5GHz band, to maximise the bandwidth available for the WDS wireless link from the house to the workshop, Band Steering is enabled. When the access points detect a device trying to simultaneously connect to the common SSID on both 2.4GHz and 5GHz bands, the device will be deliberately stopped from joining 2.4GHz for 15 seconds. By which time the device should have connected to the 5GHz band.

The setup for the 5GHz band is similar to the 2.4GHz band.

As the 20MHz channels in the 5GHZ band do not overlap with each other, the router uses Channel 36, whilst the other access points use Channels 40 and 44. These are in the A-Lower (5150-5250GHz) band, so Dynamic Frequency Selection (DFS) and Transmission Power Control (TPC) do not apply.

Security on the 5GHz band is setup the same as the 2.4GHz band, and WPS is also disabled on the 5GHz band.

Hardware Acceleration

We do not use hardware acceleration, so that all traffic passes through the Data Flow Monitor and Traffic Graphs.

UPnP

Universal Plug and Play (UPnP) is disabled, as it is insecure by design and enables devices on the LAN to open up ports in the Firewall in order to communicate with external servers.

IGMP

The BT TV YouView PVR uses a combination of the terrestrial aerial to receive FreeView channels and IPTV to stream the other channels via Infinity. This means the PVR needs to be able to join IP Multicast groups, so the IGMP proxy must be enabled. Additionally to avoid swamping the WiFi with multicast packets IGMP Snooping and IGMP Fast Leave should be enabled.

Dynamic DNS

The router is dynamically assigned an IP address for the WAN interface, so in order to enable VPN access to the LAN via the router there are 2 dynamic DNS entries maintained. Every 1 day (1440 minutes) the router reconfirms the WAN IP address with the dynamic DNS service.

These are provided by the free service No-IP.com, and are set up with a Domain Name, Login and Password provided by No-IP.com.

VPN

The router runs a VPN server so that we can connect remotely to the home network via smartphone or laptop in order to access the security cameras, or geo-locked services such as the BBC iPlayer when travelling abroad. We use the Draytek Smart VPN Client, which has clients for the two OS that we use: Android and Windows.

First we will enable VPN via an SSL Tunnel.

Then add a Remote Access user account, with access via the SSL Tunnel enabled, and a 5 minute timeout.

If you create more than one Remote Access user account, you can individually activate and deactivate them.

When the user connects remotely this is indicated with green text, rather than red text.

More detailed stats on the connection are also available.

On a Windows PC you need to install the Smart VPN Client, and then Insert a new Profile for the router that uses the SSL Tunnel and supplies the same credentials as the Remote Access user account.

Once connected Windows sees a new virtual network connection called DraySSLTunnel.

On an Android phone the Smart VPN Client is available through the Google Play App Store, and once installed is available either via the app matrix or via the VPN Settings.

As per the Windows setup, first create a Profile using the + symbol at the bottom of the screen.

 

Then pressing on the Profile connects and disconnects the phone to the router via the SSL Tunnel.

Power switching - wall socket v. smart plug

It is that time of year when we bring trees indoors, which then sprout lights and hide wall sockets out of reach. Not only does it get tricky to get to the socket to turn things on and off, but it also intrigues me to know how much extra power the festive decorations are using.

So I had a quick look around for the options for smart power switching. Ideally I'd like to replace the wall sockets themselves with smart versions. There are a couple of options here, Den (which is due to launch in early 2018) and Energenie. The downside to these are the lack of power monitoring, and unavailability in the case of Den.

There are far more options available for smart plugs, even with power monitoring built in. There's the TP-Link Wi-Fi Smart Plug with Energy Monitoring, the Belkin WeMo Insight Switch, the Energenie Smart Plug+, the Elgato Eve Energy, the Efergy Ego Smart WiFi Socket, to name a few. Some connect directly to your WiFi, some connect to a home automation hub, and almost all work with Amazon's Alexa and Google's Assistant. The exception is the Elgato Eve Energy, which is Bluetooth connected and only works with Apple/Siri/iOS devices. There's not that much differentiation between each product, except on price where the TP-Link is the cheapest at £29.99 and the Belkin the most expensive at £49.99. I bought the TP-Link HS110,

which has a prodigious and unnecessary amount of packaging. It certainly doesn't need a plastic insert inside a cardboard inner box, inside a cardboard outer box.

Setting it up is pretty easy, just plug it in and let it initialise itself (flashing orange light). As with all smart home systems there's a cloud backend to keep tabs on your devices and enable remote control. You need to download the Kasa for Mobile app from your respective app store, which gives you the option to create a new account with the TP-Link Cloud.

Right now the web interface to TP-Link Cloud is only focused on their video cameras, so you can log in using the account credentials you supplied to Kasa, but the web interface just reports that "no camera exists in this account". Maybe in the future the web interface will encompass all of TP-Link's smart devices.

Back in the Kasa app you'll need to add a new device. To do this the app disconnects your phone from your WiFi, and scans for the HS110 which has set up it's own WiFi hot spot. Once detected you can set up the WiFi the HS110 ought to connect to, and configure a friendly name and icon for it. When all is done the HS110 displays a solid green light, which is mimicked in the Kasa app.

I am quite impressed with the lack of latency between switching on the app and the HS110 responding, it is as immediate as you really need. And if you can actually reach the HS110, you can turn it on and off via a button on the front of it.

Enabling voice control with Amazon's Alex was pretty straight forward. First use the Alexa app to enable the TP-Link Kasa skill, then go into the Smart Home section and Add Device. Alexa and Kasa integrate at their respective backend clouds, so the Alexa app will take you to the TP-Link Cloud to authorise that integration. Then you can simply say "Alexa, turn on Christmas Tree".

For Google's Assistant the process is the same, but the order of the steps is slightly different. Instead of enabling a skill then adding a device, in the Google Home app you go to Home Control and add a device, then scroll down the list of integrations under Add New to find TP-Link Kasa. The Google Home app will again take you to the TP-Link Cloud to authorise the integration, before finally getting you to allocate the HS110 to a Room.

With both Alexa and Assistant the delay between the spoken command and the tree lights switching on and off is pretty small. Not quite as immediate as using the Kasa app, but certainly quicker than getting up off the sofa, crossing the room, fighting through the tree, and switching the lights off at the plug.

Honeywell Evohome - Multiple Bindings

For a while now each evening there's been a Comms Fault message on the Evohome Controller. But the heating has been working fine, so I've pressed on the checkmark and ignored it, thinking that some random external interference had interrupted communication between the Controller and the heating BDR91 wireless relay in the airing cupboard.

But looking at the system log this fault was happening at exactly the same time every evening, which made the chances this was random very slim.

Some searching on the internet brought up some advice from Richard Burrows at the Evohome Shop, which suggested that the Controller and BDR91 could have multiple duplicate bindings. Thinking back I did have to rebind the BDR91s after a power cut, and I've probably got the system into a situation where the Controller and BDR91s are bound to each other twice. So the solution is to clear the bindings, and rebind the Controller and BDR91s afresh. However the key is clear the bindings at both ends, i.e. not just at the BDR91s.

So first use the long press on the Settings button on the Controller to get into the system settings. Then set the System Devices and set the Boiler Demand and Sundial Valves to None.

The inconsistent naming in the Evohome Controller really annoys me. "Boiler Demand" on the System Configuration page becomes "Boiler Heat"...

... and "Sundial Valves" becomes "Hot Water Configuration".

Both Boiler Demand and Sundial Valves set to None.

With the two BDR91 bindings cleared at the Evohome Controller, now pop off the front fascia and remove the batteries.

To clear the bindings at the BDR91s in the airing cupboard, hold the button on them down for about 15 seconds. After about 5 seconds the lower red light will "long flash", and then after 15 seconds the red light will "short flash". Once in "short flash" the binding has been cleared.

Back at the Controller I replaced the batteries and fascia, confirmed the date and time settings, and then long pressed the Settings button to get to the system settings and the System Devices page.

I rebound the hot water BDR91 first by setting it to Stored Hot Water. The first thing to rebind is the CS92 storage cylinder water temperature sensor. Hold the button down on the CS92 for about 5 seconds, when the button/light will start alternating between green and red. Then press the button again, and the controller should detect the CS92.

Next the Controller asks whether you've got a "2 or 3 port valve" or a "hot water valve". Our system is a Sundial Y-Plan, so the correct setting is a "hot water valve", but it is a little confusing as it has a mid-position valve, which is a valve with 2 ports. Anyway, a 5 second press on the hot water BDR91 to get it into binding mode, and then a press on the Bind button on the Controller and the two are paired again.

Likewise the Boiler Demand is set back to Boiler Relay, and a 5 second press on the heating BDR91 and a press on the Bind button on the Controller, and everything is re-binded (rebound?). Hopefully this has done the trick, and regular Comms Fault messages are a thing of the past.

IGMP and WiFi

Since the arrival of BT TV we noticed an interesting/annoying behaviour with our WiFi. All of the non-FreeView channels are streamed to the YouView box over the internet. As mentioned in the last post, to get this to happen I needed to enable an IGMP proxy on our DrayTek Vigor 2860ac router. This lets the YouView box join the multicast group for the channel we want to watch. Initially this appeared to be all that we needed to do. However we found that when watching an HD channel delivered this way all WiFi traffic ground to a halt. Wired computers and gadgets didn't have a problem, but anything connected via WiFi would essentially see their data connection time out. The WiFi itself was still up and broadcasting, and our phones and tablets could see the signal, but with no data traffic. Switching to a streamed SD channel got the WiFi working again, so initially I thought this was a bandwidth issue, with the YouView box commandeering all the available broadband bandwidth. However according to the router's traffic graph an HD channel is only about 6.5Mbps, leaving more than enough bandwidth for other devices. And all the wired computers were able to use the internet just fine, so bandwidth wasn't the issue.

A knowledge base article from DrayTek states that only the IGMP proxy on their routers "need typically be enabled on a home network". However the router offers two optimisation settings for IGMP; Snooping (the ability to only forward multicast packets to LAN sockets that have devices that have subscribed to that multicast group) and Fast Leave (the ability to stop forwarding multicast packets when it detects there are no more multicast group subscribers). These two options "could be useful on larger networks or networks with a large quantity of IGMP packets that could limit normal LAN throughput".

I guess we have one of those networks then, although DrayTek don't specifically mention WiFi in their article. Our YouView box was already connected to a different LAN socket on the router to the other wired devices, and by enabling both IGMP Snooping and Fast Leave the ability to simultaneously watch streamed HD channels and surf the internet on our phones and tablets was restored. My best guess is that previously when the YouView box subscribed to a multicast group, the multicast packets for that channel were sent to all connected wired and wireless devices, which swamped the WiFi. Now they're not even going to the other wired connections let alone the wireless connections.

BT fibre shambles

Fibre has arrived in our neck of the woods! Wohoo!

Now, let the fun and games begin. So, off to the BT website I go and look at the packages available. First a bit of a speed check:

So given that I'm currently paying £45.99 per month for my copper broadband and BT Sport (for the MotoGP) via an app, when I see that I could go to fibre, get BT Sport in 4K UHD, and 100-odd other TV channels with a PVR for £54.99 per month I'm definitely up for it. Even though it appears I could get the 76Mbps service, it is £10 a month more expensive than the 52Mbps deal, and a quick reality check shows that 52Mbps is more than sufficient.

And this is where the disappointment begins. So first of all, this deal is only available to new BT customers. If you're an existing customer, then you have to pay more. I'm not sure why you'd penalise your existing customers and incentivise them to check out the competition, but there you go.

As an existing customer I can get fibre for £44.99 per month, and BT TV with all the channels for £19.99 per month, for a total of £64.98. And these two deals are only available if you phone BT, rather than use their website, which are about £1 per month more expensive. I found this out when I phoned them up to find out why I couldn't get the banner deal on the website. Eventually I managed to get the bad taste out of my mouth, and Sky is even more expensive, so phoned back and placed the order.

Six days later ParcelForce arrive with the VDSL2 router (which I'm not going to be using) and the PVR (which I am). But the PVR is the YouView+ box, rather than the YouView Ultra HD box.

Given how much money this is all costing, I definitely want the full monty PVR, so I get back on the phone with BT. The first person on the line puts me through to someone who can check the status of my order, and confirms my fear that the order has placed incorrectly. But their job is only to report on the status of orders, not do anything about issues, and I'm informed that there are two options. Let the order proceed and then upgrade to the UHD box, or cancel the order and start again. As they can't confirm whether I'd be charged for upgrading to UHD from HD, I decide that cancelling and starting again is the way forward, so I'm transferred to the cancellation department. There's a brief glimmer of hope when they realise that this should be easy to sort out, but after a chat with the manager I'm told that cancelling is the only option. And... I have to wait for 24 hours to make sure the entrails of this order have fully passed through BT's system before I try and place an order again.

So I arrange for ParcelForce to come back and take the YouView+ box away, take the Smart Hub to the Post Office, and two days later start the whole process again. This time I see that the website is offering an upgrade for £34.99 per month, which given the BT TV Max bundle is £20 per month, means we're back to £54.99 all in. Confused? Me too.

This time I decide to take things one step at a time. Get the fibre broadband first, then add the TV package. So I placed the broadband order online and got my confirmation email, with further details to come.

Then... nothing.

A week later I phone back to find out what has happened to my order, and they can't find it in the system. I'm transferred to the Customer Options team, who start the order process again, for the 4th time. This time the chap on the phone offers me fibre for £34.99 and the Max bundle for £15, the cheapest combination yet. After a couple of explicit queries to confirm this includes the Ultra HD box, I went ahead with the order. Just as the chap was completing the order his system wanted to boost the price of the fibre up to £49.99, so I was back on hold while he talked to his manager. The manager agreed to apply an In Flight Save, to bring the monthly cost of the fibre back down to £34.99, but I'm warned that the confirmation email will reflect the higher price.

Over the next few days some confirmation emails come in from BT. They confirm the activation date for both the fibre and the TV, and inform me that the kit will arrive the day before the activation date. Which, of course, it doesn't. This isn't a major issue, as the DrayTek router is set up to automatically switch to the cellular modem when the copper broadband is disconnected, and then switch back to the fibre as soon as that is connected. BT were helpfully imprecise with letting us know how long the switchover would take, and when during the day it would happen: "anytime up until midnight". But if you were a regular domestic broadband customer, you'd be left without any internet while you waited for ParcelForce to deliver the new Smart Hub.

To give BT some credit, the service did actually switch over on the day they predicted, and the switchover took about 15 minutes from ADSL disconnection to VDSL connection. The cellular modem kicked in as predicted, albeit it did drop the VoIP phone mid-call, but all in all the switchover was about as smooth as I could have hoped for.

Everyone I had spoken to at BT had gone to great pains to let me know that the fibre speed would fluctuate over the first 10 days of use, so if I didn't get the contracted speed immediately I shouldn't worry. But also, if it wasn't up to speed after 10 days to get in contact so they could troubleshoot it. Given that I had asked for the 52Mbps service I was surprised to see that the modem initially connected at 80Mbps, with a 20Mbps upload rate!

However the DrayTek diagnostics page was even more optimistic, with an "Attainable Rate" of over 100Mbps for downloads and over 30Mbps for uploads! Given that previously the router was connecting to ADSL kit in the exchange over a mile from house, whereas now the router is connected to VDSL kit in the cabinet less than a quarter of a mile away, it is no surprise to see much lower SNR on the line, so those speeds are entirely believable. I'm sure that at some point in the next 10 days BT will artificially cap the connection speed, once they're happy that the line is trouble free.

Later in the day ParcelForce did turn up with the YouView Ultra HD PVR, but not the Smart Hub. The PVR was fairly straightforward to set up. I did my usual thing of binding the PVR's MAC address to a predefined IP address, and also enabled the router's IGMP proxy. Outside of the FreeView channels coming in via the terrestrial aerial, the other channels are streamed in via IPTV. This means the PVR needs to be able to join IP Multicast groups, which by default the DrayTek router does not pass through from WAN to LAN. But with one click the proxy can be enabled, and the full channel lineup become available.

Now I'm left to wonder if/when the Smart Hub will arrive.

(Edit on 27-Nov-2017: Having given it a couple of weeks and no Smart Hub I called BT. Somehow the hub had been missed off the fibre broadband order, so a new order was created and a couple of days later the Smart Hub arrived.)

(Edit on 1-Dec-2017: The first bill from BT since placing the order has arrived, and sure enough the In Flight Save I was promised when placing the order has gone missing in action. Instead there's a £3 "special offer discount", bringing the monthly broadband fee down from £49.99 to £46.99. Additionally the router is still connecting at the 80Mbps/20Mbps speeds of Infinity 2 rather than the 52Mbps/10Mbps speeds of Infinity 1. I fire up the chat window with BT and get talking with Aparna, who just confirms what my bill has already told me, and so she connects me to the Retention Team. Another chat with a manager ensues and I'm promised that the original £34.99 deal will be honoured and my bill updated.)

(Edit on 7-Dec-2017: Money has now left my account and the £46.99 for Infinity has been taken. Started a chat window with Robin and asked him to transfer me to the Retention Team. Yet another conflab with a manager, and I'm told that there isn't the option on their system to charge me £34.99 per month for 18 months anymore, so by way of an apology I'm going to be put on a £30.99 tariff for 12 months. If I'm automatically bumped up to the £49.99 tariff after 12 months then I'm going to about £50 worse off over 18 months. But I guess I'll have the option to depart BT after 12 months and go elsewhere if there isn't a better deal available.)

Autonomous cars & speed limits

The progression of electric vehicles is being mirrored by the progression of autonomous vehicles, with most mainstream manufacturers now offering varying levels of driver assistance and autonomy. SAE Level 2 autonomy enables "hands off" driving, where the vehicle maintains speed, braking and steering, whilst the driver remains "in control" and ready to take over should the vehicle not choose the correct course of action. Essentially any vehicle with adaptive cruise control and lane departure warning technology is knocking on the door of Level 2 autonomy.

This year the UK government gave the go-ahead for the first trials of platooning vehicles, which is expected to happen later in 2018. The significance of this trial is not in the technology; this has been proven in the lab and on closed tracks and there is no way that the public highway would or should be used to find out if technology works. The significance is to characterise the known unknowns, especially how other drivers and vehicles on the road interact with the platooning vehicles, and the emergent behaviours this will create.

There appear to be two main objections to platooning vehicles on UK motorways; firstly that they'll obstruct slip roads, and secondly that they'll obscure signage. On a personal level I disagree with both of these points. Slips roads are signposted a mile in advance, giving vehicles plenty of time to filter into the left hand lane, and bigger vehicles can already obscure signage from smaller vehicles, so this is not an issue caused by platooning vehicles.

However the huge significance of this trial for me is that permission has been given for platooning vehicles to break rule 260 of the Highway Code, i.e. "...keep a safe distance from the vehicle in front". In this trial the platooning vehicles will not be a safe distance from each other, if they were being driven manually. And this is an important point, as platooning vehicles are operating at Level 3 autonomy, where the driver is not able to take control should the vehicle not choose the correct course of action. At Level 2 autonomy the vehicle is always being operated safely, as the driver is ready to take over if the autonomous systems are not operating the vehicle safely.

So this trial is setting a precedent whereby a Level 3 autonomous vehicle need not meet all the rules of the Highway Code. Rules 124 and 125 immediately spring to mind, as they deal with speed limits. The key to this debate is the unbalanced nature of these rules, especially as captured in rule 125: "The speed limit is the absolute maximum and does not mean it is safe to drive at that speed irrespective of conditions." I don't think many people would argue that in the depths of a snowy winter driving exactly at the 30mph limit down a street crowded with festive shoppers may not be not safe. But I also don't think many people would argue that exceeding the speed limit by a few mph on a dry, deserted motorway is any less safe than at the speed limit.

So the debate that is looming is this: if a Level 3 autonomous vehicle can determine when it is safe to platoon, surely a Level 3 autonomous vehicle can also determine when it is safe to exceed the current speed limits, and by how much. And this will be a debate based on opinions and feelings rather than cold hard facts. There is hard data to prove that autonomous systems can safely drive a car well in excess of the speed limit, but many drivers are still wary of much simpler driver aids. For example I know many experienced drivers who shun manual cruise control. These are the people that need to be won over.

Hopefully they will be won over, because higher levels of vehicle autonomy are key to free-ing up the UK's motorway network. Instead of smart motorways with variable speed limits and roadworks to add lanes to already congested roads, we could have more cars, travelling faster, closer together, and all safer than we are at the moment. What's not to like about that?