Best Bufferbloat Analogy – Ever

My friends frequently ask, “Why is my network so slow?” And often, the answer is “latency” or the screwy term, “Bufferbloat” – the “undesirable latency caused when a router buffers too much data.” But what the heck does that mean?

A while back, I attempted a layman’s explanation of Bufferbloat. I compared it to a ski shop. It was pretty unsuccessful: it just didn’t have any intuitive appeal.

That’s why I was delighted that Waveform.com published what I believe is the Best Bufferbloat Analogy – Ever. (I am pleased to have contributed to the final version of their description.) That page also has a well-designed web-based Bufferbloat Tester (on a par with the Ookla Speedtest or the Cloudflare speed test).

They asked, Can you explain bufferbloat like I’m five? and noted that flows of liquids were sort of like flows of packets. The analogy was when a friend dumps a bucket of water into a sink with a narrow drain, it slows other flows (like a teaspoon of oil) from emptying out. Read the whole description…

This made me think about having a SmartSink™ to give a visual image for understanding how a well-designed router can decrease latency.

What’s a SmartSink™?

Instead of accepting a full bucket of water all at once, a SmartSink controls the bucket of water with a valve. It allows just enough water into the sink to keep the drain full. If the water gets too low, the SmartSink opens the valve: if it gets “too full”, it closes it a bit.

A SmartSink also works when lots of friends have their own buckets, pouring in colored water – pink, blue, etc. The valves on the SmartSink control each color. If the SmartSink notices too much pink water, it closes that valve a bit to bring back balance, so that each color gets its “fair share” of the drain’s capacity. And because there’s never too much water (of any color) in the sink, a small new flow always drains quickly.

Reality check: This is just an analogy. I realize that a SmartSink is a ridiculous idea. But it helps me visualize how small flows can drain quickly while big flows share the drain capacity fairly.

What does this have to do with routers?

The Smart Queue Management (SQM) algorithm in a router works like the SmartSink. When a device starts sending a lot of data (maybe a phone starts uploading photos to the cloud), SQM controls the amount of data queued for each flow (each separate upload, videoconference, voice call, gaming session, Youtube, Bittorrent, etc) to prevent any one flow from using more than its share. Instead of operating valves to control the flow of water, SQM controls the size of each flow’s queue by:

  1. Separating every traffic flow’s arriving packets into their own queue.
  2. Removing a small batch of packets from a queue, round-robin style,
    and transmitting that batch through the (slow) bottleneck link to the ISP.
    When each batch has been fully sent, retrieving a batch from the next queue, and so on.
  3. Offering back pressure to flows that are sending “more than their share” of data.

This process provides these desirable effects:

  • Most importantly, SQM provides low latency. Small flows (with just one or a few small packets) get sent right away in their next “round robin” batch.
  • Equal sharing of the bottleneck: If there are multiple senders, each can send an equal amount of data with each round-robin opportunity.
  • No waste of the bottleneck: If there’s only one sender (one queue with data), that one gets the full capacity of the link.
  • Offering backpressure to bulk senders minimizes lost packets and re-transmissions, making the network globally more efficient.

Does SQM work?

YES! Can I get a router with SQM today? YES!

Got questions? Send them to me and I’ll include them in Part 2 (coming soon) of this blog. Thanks.

Astonishing Lidar View of NH

The NH Stone Wall Mapper project uses Lidar data to display small variations in ground elevation. A UNH project built this map to identify stone walls in the state.

This site can be “misused” (in a good way) to show lots of other topographic features. Here’s a “Lidar view” of the grounds of Loch Lyme Lodge, near Post Pond. The features are shaded as if the sun were shining from the northeast. (Update: 31 Dec: Thanks to the good folks at the NH Geological Survey, the link now goes directly to the desired view!)

But wait… there’s more! You can turn on and off various “layers” to see other kinds of information. To do this:

  1. At the top-left, click the Layers Icon to display various layers
  2. Check on or off the Hillshade box to “show or hide the trees”…
  3. Click the More… icon to enable other features, such as the “Swipe Layers” that lets you compare two layers…

So much fun – play around!. Turn on/off layers, scroll to other parts of NH. If you find something interesting, send me a note and I’ll post it. Enjoy!

WireGuard Vanity Keys

A WireGuard VPN provides a fast, secure tunnel between endpoints. It uses public/private key pairs to encrypt the data.

If you have several clients, you have to enter their public keys into your server. Keeping track of those keys gets to be a hassle, since ordinarily, the keys are essentially random numbers.

I found a great project to help this problem: WireGuard Vanity Address. It continually generates WireGuard private/public key pairs, printing keys that contain a desired string in the first 10 characters. For example, I generated this public key for my MacBook Pro (MBP): MBP/DzPRZ05vNZ0XS3P9tlokZPrLy/1lb1Zsm3du4QA= Note the MBP/ at the start – it makes it easy to know that this is my Mac’s key.

To do it, I ran the wireguard-vanity-address program. Here is sample output:


$ ./wireguard-vanity-address MBP/
searching for 'mbp/' in pubkey[0..10], one of every 299593 keys should match
one trial takes 28.7 us, CPU cores available: 2
est yield: 4.3 seconds per key, 232.30e-3 keys/s
hit Ctrl-C to stop
private qMKPNrCMId59XTn5vgDICUh/QzIfhqZdrZ+XQBIJj2w= public zmbP/YEpC8Zl6MacYhcY1lq126tL2UudFjmrwbl2/18=
private HHtPY8IwGBxQ5OTtJY6GcuFpImXtDp9d187zvI0axFo= public qhIiSMbp/extT5irPy4EJfLRPR9jTzQZHlM15Fo/P2E=
private BEnEu1lVdcRI997nj2uPNGsyCZNPhBTCNfgJuYPPJHA= public hZzmBP/8EthWPOFp5wroEGPeJTHGxZ5KENnMiZvniGY=
private 8HRj+YZfSBnYZn38MPE09W2g03JvRJoGbjlDkHQ0Wnk= public mBP/q2dOd+m457PyKTIvI7MDTuXLCneG6MM0ir9rwRc=
...
private dFE8xsDDWNNNY1OjOIlxQiNVbp7Z6tZhXsaOo/5gPH0= public MBP/DzPRZ05vNZ0XS3P9tlokZPrLy/1lb1Zsm3du4QA=
^C
# This last line contains a public key starting with "MBP/"

For more details, read the github page, and also the issue where the author addresses security concerns about decreasing the size of the key space.

Update: I created a Dockerfile to make it even easier to run wireguard-vanity-address. Check out my personal github repo for details.

WireGuard GUI on macOS

A WireGuard VPN provides a fast, secure tunnel between endpoints. A macOS GUI client is available from the App Store

It works great. But its documentation is minimal. Even though the required keywords (which you must type manually) are the same as other clients, the GUI doesn’t give a hint about whether it’s right until you type it exactly correctly. Consequently, it can be a pain to configure it properly.

This screen shot shows a correctly configured (although fictitious) VPN tunnel. To get to this configuration window, use the Wireguard Manage Tunnels menu, click  and choose Add Empty Tunnel… then fill in the resulting window as shown below:

Screen shot of macOS WireGuard GUI

Although there are plenty of guides to explain WireGuard, this summarizes my best understanding of the meaning of these fields. There may be additional ways to configure the VPN, but following this advice will result in a working secure configuration.

[Interface] Section

  • PrivateKey: Private key for this computer. WireGuard uses this key to encrypt data sent to its peer, and decrypt received data. WireGuard displays the corresponding PublicKey (which you’ll enter into the peer) at the top of the window.
  • Address: Address for the VPN tunnel interface on this computer. Use a /32 address chosen from an address range that not is in either this network or the peer’s network. (This example uses 10.0.10.2/32 for this end. The peer (not shown) is 10.0.10.1/32. They were chosen because the 10.0.10.0/24 subnet is not in use on either side of the tunnel.)
  • DNS: (Optional) Address(es) of DNS servers to be used by this computer. It’s OK to leave this out – by default, WireGuard will use the underlying OS DNS servers.
  • ListenPort: (Optional) WireGuard listens on this port for traffic from its peer. It’s OK to leave this out – by default, WireGuard will select an unused port.

[Peer] Section

  • PublicKey: The public key of the remote peer. WireGuard uses this key to decrypt the packets sent from the peer, and encrypt packets sent to the peer.
  • PresharedKey: (Optional) This key will be used to encrypt the session. If specified, it is used in lieu of the public/private key pair for the peers.
  • AllowedIPs: A comma-separated list of IP (v4 or v6) addresses with CIDR masks which are allowed as destination addresses when sending via this peer and as source addresses when receiving via this peer.
  • Endpoint: (Optional) The address (or DNS name) and port of the remote peer. If specified, this peer will attempt to connect to the endpoint periodically.
  • PersistentKeepalive: (Optional) The number of seconds this peer waits before sending another keep-alive message. These messages “keep the session alive” through NAT.

I would appreciate comments on these descriptions so I can make them more helpful/useful.

Additional Thoughts

The following thoughts are refinements to the advice shown above.

    • The example above only allows traffic to/from the 192.168.4.0/24 and 172.30.42.0/24 subnets to travel through the tunnel. To send all traffic through the tunnel (say, to avoid prying eyes of your ISP, etc), you can set the AllowedIPs to 0.0.0.0/0. To send all IPv6 traffic through the tunnel, add ::/0
    • It neither necessary nor recommended to include the peer’s Address in the AllowedIPs list.
    • Although both Endpoint and PersistentKeepalive are listed as optional, you normally set both when using the macOS WireGuard client. Activating the tunnel (from the WireGuard menu), causes WireGuard to begin sending Keepalive packets to the Endpoint, which starts up the tunnel.
    • Dealing with NAT. If your ISP requires your remote peer to be behind NAT, you must configure your ISP’s router/modem to pass the WireGuard packets through. The setup varies from ISP to ISP, but in general, you’ll need to set up some kind of “virtual server”, “DMZ”, or “port forwarding” in the ISP router/modem to pass the WireGuard packets (on the port specified in the Endpoint) to the peer device.

Transmission of Covid-19

A friend (thanks, Ted!) directed me to a nice science-based article that assigns some probabilities of risks of transmitting a disease like coronavirus. The author highlights two major scenarios:

  1. Warm body transmission: how far apart should you be from other people if you want to avoid transmission from another “warm body”
  2. Surface-based transmission: what precautions should you take when you go somewhere that others have passed through recently.

You won’t be surprised by the takeaways:

  • 6 foot distancing is good
  • wearing a mask is good
  • washing hands is good

…but some of the discussion and details are interesting. View the full article at Medium.

Get a better microphone…

Now that we’re computer conferencing all the time, I needed a better microphone, (My MacBook Pro’s built-in microphone doesn’t work well. The volume is too low – perhaps there’s something wrong.) I suspect many others would benefit from a better microphone, too. Not only do they give a better sound, but a microphone close to the mouth minimizes other nearby sounds.

So I went on a quest to find a better solution. I found a variety of options, and tested several. I put my notes here so I can remember:

  • Bluetooth earpieces Any Bluetooth headset/earpiece that is advertised to work with your cellphone will probably work. They’re lightweight, have decent microphones, and boast a certain amount of noise cancellation. (Look for ones that can be paired to two devices, so you can use it with both your computer and your cell phone.) I own the Plantronics M70 – it works fine, and has 11-hour talk time (and when I don’t use it, the charge lasts for weeks). Apple AirPods or knock-offs should also work well, although I have not tested them.
  • Earbuds with cables Apple EarPods (corded) ($15 with shipping from MacSales) or from Amazon work fine for videoconferencing.
  • External microphone if you want to include multiple people on your end, or if you don’t want to be “cabled” to the computer… I own the Amazonbasics Desktop Microphone because it was highly-rated in a Wirecutter article. It works great.
  • USB Audio In Since not all computers have a combined headphone and microphone jack, you can add a USB “sound card” to virtually any computer. I checked out the TROND External USB AudioAdapter Sound Card and it works fine with all the 1/8 inch (3.5mm) audio inputs.
  • Gaming headsets These large (and heavy) headphones have a microphone on a stalk to pick up your voice. I own one, and it works just fine. But it’s obtrusive (viewers see those “cans” on my head) and not terribly comfortable. There are a zillion options: you can Google “gaming headset” to see the range.
  • My favorite For years, I used a Plantronics headset with my cordless phone. It’s lightweight, has good sound, and it’s cheap ($20). But it has a 2.5mm plug – so I bought an adapter cable ($8). This plugs right into the headphone jack of my MacBook Pro (both headphone and microphone work perfectly). But if this doesn’t work on your computer, get the TROND adapter.

All this assumes your computer has either USB, Bluetooth, or 1/8 inch/3.5mm headphone inputs. (All modern computers do.) I’ve included links to Amazon, but most items are available from lots of places.

Let me know what you’re using for your videoconferencing pleasure – richb.lyme@gmail.com. Thanks!

Enable Virtual Public Meetings

Change.org is hosting a petition calling on Governor Chris Sununu of NH to allow for “virtual meetings” for the normal business of towns and municipalities. I would include Select Boards as well as those listed below. As I said on the petition page:

It will be months before we are “back to normal”. Most town boards or committees might be able to “skip a meeting” because of an emergency. But real residents have real needs, and cannot realistically wait for boards that have been shut down for a protracted period of time.

Specifically, the petition requests the Governor to:

  • Allow and encourage for both state and local municipal boards to continue with standard timelines and regularly scheduled board hearings through a virtual meeting template, such as Zoom. This includes, but is not limited to, historic district commissions, conservation commissions, planning and zoning boards.
  • Allow and encourage board members, city staff, design professionals and the public to participate through an open video forum and email regardless of city or town charter.
  • Provide state guidelines on how the local municipalities should conduct meetings and insist that mandated timelines for board decisions be maintained.

If you agree, please go to the petition at: https://www.change.org/p/new-hampshire-governor-chris-sununu-enable-virtual-public-meetings-for-planning-and-zoning-boards-in-nh and pass the word to your friends. Thanks.


Feel free to share this post on Facebook, LinkedIn, Twitter, or email by clicking one of the icons below. Any opinions expressed here are solely my own, and not those of any public bodies, such as the Lyme Planning Board or the Lyme Community Development Committee, where I am/have been a member. I would be very interested to hear your thoughts – you can reach me at richb.lyme@gmail.com.

Renewable Sources of Energy article on the Warrant

I am pleased to present my first “guest posting” here on the blog. I support this article, and I hope you can cast your vote on the ballot at Town Meeting, March 10, 7am to 7pm.

Jim Nourse has been working over the last six months to gather support for an article on the Warrant in March to encourage the Town of Lyme to use 100% renewable sources of energy by 2030. Here’s his open letter to the Town, with the text of the Article 22 appended:

As we look forward to Town Meeting, I wanted to give you an update on where the effort to put forward a warrant article moving the Town and its residents away from fossil fuels and towards clean, renewable energy stands. The Energy Committed has voted 7-0 to support this article; the Select Board voted 3-0 to support the article. I have attached the article below.

I will be speaking in favor of the article at Little Town Meeting on Tuesday, March 3, 7 pm. I would love some support, if appropriate, from members of the audience. I would also encourage you to talk about the article with your neighbors and friends. It would send a very clear message if the votes at Town Meeting were overwhelmingly positive. A few talking points:

  1. This article is a non-binding advisory article to give a “sense of the Town” in moving in the direction of a non-fossil fuel energy future. As such it does not mandate any actions by either town officials or residents. It is assumed that town officials and residents will continue to be fiscally prudent as we make this transition.
  2. The Energy Committee sees this as the start of a town-wide conversation about how Lyme makes a transition to a non-fossil fuel, sustainable future.
  3. The article discusses the major reasons that this transition is both necessary and immediate. Fossil fuels are finite in supply and even as advances in technology make it possible to extract the remaining supplies (think fracking as an example), the cost of that extraction will continue to become more expensive. And, perhaps the most important reason, the need to solve rapidly intensifying climate change which in large part is driven by our burning of fossil fuels.
  4. People will ask what this transition might look like. If, as we expect, most voters support this article, it will give the Select Board and town committees a clear sense that this is the direction the town wishes to go in. It might mean a review and reshaping of energy guidelines for new municipal construction. It might mean the amending of zoning regulations to make it more conducive for community solar projects. It will guide the town’s committees as they update the Town Master Plan. It will most likely mean more community-wide initiatives like Weatherize and Solarize Lyme. It may lead to increased collaboration with area towns to aggregate electricity purchases in an attempt to both secure the most economical rate as well as purchasing from renewable sources of electricity. It may mean seeking state and federal grants for renewable energy projects. It will mean making sure that those residents who cannot afford to move to renewable energies are included in projects that provide access to those energies that are affordable.
  5. A final point for me is the recognition that this transition will not be easy or straightforward. There will probably be times when the town or residents choose a “better” alternative, but not the “best” alternative given financial or logistical limitations. People may wonder how we will ever arrive at 100% renewable electricity by 2030, or for heating and transportation by 2050. My response is that these are goals, that the sooner we begin to work towards them, the farther along we will be. If by 2030, only 65% of our electricity comes from clean, renewable sources then that’s still more than it is today.

And speaking of beginning right away – there are two town projects on the immediate horizon that should be influenced by a goal of transitioning away from fossil fuels and towards renewable energy. You will most likely hear about these at both town meetings. The pellet boilers that serve the town garage are in need of replacement and there are plans to construct a new fire station. There are choices in what type of heating source to install as well as design choices for the new fire station that will impact whether it can be easily retrofitted to renewables, i.e. PV panels, in the future. I hope that you will add your voices in calling for those in charge of making these decisions to move away from fossil fuels and towards a future of renewable energy.

Many thanks for your support of this transition. Let me know if you have any questions or suggestions.

Best,
Jim

Article 22-Renewable Sources of Energy

(Can’t read the PDF above? Download it at
https://randomneuronsfiring.com/wp-content/uploads/2020/02/Warrant-Article-22-Final-02.20.2020.pdf
)

Public Meetings, February 22 & 25

There will be two public meetings at the Converse Library in Lyme to discuss the petitioned Planned Development amendment. Not only does it provide a measure of fairness for landowners near commercial properties on Route 10 but it enables new housing opportunities here in Lyme.

I support this Planned Development amendment. We all know that Lyme (and the entire Upper Valley) have a housing problem. Seniors can’t downsize in Lyme, many people who work here can’t afford to live here, and there’s no economical way to build modest price housing.

We are looking for a lively but civil conversation on this important topic. Please attend and let your friends know about the meetings. Thank you.

Saturday, February 22, 11am, Converse Library
Tuesday, February 25, 7pm, Converse Library