Managing Bandwidth – All You Need To Know
Managing bandwidth is as essential part of your on board IT services as cybersecurity or IT support. Fast, stable, and reliable internet aboard is no longer seen as a luxury but an essential prerequisite for both the safe management of large yachts and owner, guest & crew requirements.
“Our internet is slow” or “who is using all the bandwidth?” are comments uttered every day on yachts globally!
The physical network on board a yacht has grown massively in terms of roles and complexity over the years. Ten years ago, you would have seen a separate AV network, a separate internet network (possibly with some wireless access points), a separate telephone PABX network etc etc. All independently wired and discrete with very limited integration of these different networks. Today, all equipment on board is generally IP based so can operate across both a wired and wireless network. The actual demand for internet data both in terms of volume and bandwidth has also rocketed. 10 years ago, a yacht could simply connect to the internet via a dial-up for a few minutes 2 or 3 times a day using a few MB of data. Today we are seeing yachts demanding (and using) 10 GB data a day and have had one yacht use 100GB in a day, and this is why managing bandwidth is so important.
Bandwidth and data is expensive and unfortunately is not finite – unless you have a very generous owner! It is essential to be able to ‘see’ both what data is available, and also who or what is using it. This is the essence of bandwidth management.
Firstly, we need to define some of the terms used:
Off-vessel connections or Wide Area Networks (WANs) is the term given to the different internet connection methods utilised to connect the yacht to the internet. There are different types of WANs available depending on size of the yacht, number of users and budget. These are:
- VSAT – Generally for yachts above 30m due to large antenna size (usually 1m but smaller 60cms antennas are available) and high running cost. There are a huge number of options available in terms of speeds, volume, capped, uncapped, MIR, CIR etc. Latency is high around 600ms – 1000ms.
- Fleetbroadband – smaller antennas but are very costly to operate service with speeds up to 432kbps. Not cost effective for large data usage apart from an emergency backup point of view. Can be used on a small managed network such as one PC connecting, collecting email or briefly pulling down a web page. Essential to remember to disconnect.
- Marina WiFi. Very cost effective hardware and often free or low-cost service. Effectively you are connecting to a terrestrial public WiFi network. Speeds average, latency low and suitable for marina based yachts. Often walled-garden issues and blocking issues of certain ports & protocols.
- 3G/4G. This service has really come of age in the last two years, especially with the availability of a single near-global roaming SIM. Low latency combined with great speeds often up to 30mbps. Costs can mount up as you are effectively paying per GB so it needs to be managed. Speeds can be extremely variable depending on the roaming agreements in place locally plus 4G coverage is still very patchy and you can get bumped down to 3G or even GPRS.
- Shore Ethernet / ADSL. Common in certain marinas and great for stationary yachts / out of season. Fast speeds & low latency.
- Iridium – similar to Fleetbroadband in terms of smaller antennas but again, a very costly service and really slow speeds 9.6kbps! Iridium Pilot (Openport) increased speeds to around 134kbps. Not viable for data apart from an emergency backup point of view or limited to just one user. Best for voice.
Yachts in the >40m+ range generally have two or three of these WAN options which provides redundancy and increased bandwidth. An ocean going 40m sailing yacht needs different WANs to a marina based 40m motor yacht. A heavily chartered yacht needs different WANs to a completely private yacht.
Now these WAN connections all come into a single device which is termed the gateway. The gateway’s primary role is to manage the WAN connections and enable traffic routing to the on board Local Area Network (LAN). The gateway may also be the DHCP server in charge of the allocation of IP addresses to LAN devices. The gateway provides the key to effective bandwidth management. Before we look at the gateway, we need to look at the subnet and different LAN structures.
Single subnet Local Area Network (LAN). On smaller yachts, a single LAN can be used. This is effectively a single network such as 192.168.1.XXX providing up to 255 IP addresses for up to 255 devices. So, for example, the gateway can be on 192.168.1.1, the next device is on 192.168.1.2 and so on. Devices can be fixed IP (desktops, servers, NAS, AV, printers) or dynamic IP such as laptops, smartphones, owner & guest devices. Sometimes you see dual or multiple independent networks on board a yacht for different systems.
Virtual LAN (VLANs). A simple way to understand VLANs is to imagine partitioning the network ports on a switch. So, for example, if you have a VLAN capable 16 port switch, then you could assign 8 ports to one VLAN (VLAN 1) and 8 ports to another VLAN (VLAN 2). VLAN 1 will not see any of VLAN 2’s traffic and vice versa. So logically, you now have two separate switches. This is a far more effective method of managing the LAN network. We recommend wherever possible the use of VLANs across the wired & wireless network. The use of VLANs ensures that broadcast traffic is limited within each VLAN, which increases security and optimises network traffic. Example VLANs could be: OWNER, GUEST, CREW, AV, CCTV, TELEPHONE etc.
VLANs are more efficient as you have a far less ‘noisy’ network, reduce packet collisions which can improve performance. The VLAN network is based on multiple subnets. In addition, the crew, owner, guest and AV VLANs can be integrated into the wireless network. This allows the owner or guests to wirelessly connect to their dedicated VLAN and have internet access only or, for example, can stream via Airplay to the AV VLAN. You can restrict access from owner, guest & AV VLANs to any other VLAN so, for example, a guest cannot inadvertently (or deliberately) access ‘Ships Documents’ on a PC on the crew VLAN and find out what the Captain earns! Now VLAN capable switches can also be configured to allow inter-VLAN routing from e.g. owners VLAN to AV VLAN – in this case to allow streaming of a film from an iphone on the owners VLAN to an TV on the AV VLAN. Huge number of options and permutations!
Finally, the Wireless network. More and more devices rely totally on the wireless network. Again, this has advanced massively over the years. 10 years ago, you would see one or two wireless access points (often Apple) whilst today we regularly see 10-20 wireless access points of a 50m yacht. A vast range of options which we cannot cover in depth here, such as mobility express, rapid transitioning, wireless LAN controllers, PoE, multiple SSIDs etc. Often we see in excess of 100 wireless devices on board a yacht – all demanding bandwidth. Correct wireless network design and deployment, weak-coverage areas, overlapping etc is often overlooked with the shipyard just ‘randomly’ placing a number of access points around the yacht. Implementation of a wireless network along with security is a precise science which cannot be covered in depth here but we often see shockingly bad wireless networks on even new yachts.
Wired and wireless networks are generally several orders of magnitude faster than even the fastest WAN connection, so the WAN speed can be the bottleneck, which is why it is essential to limit the amount of unnecessary WAN requests through network design.
Good (efficient) and poor networks. When an owners’ laptop is making a request for a webpage, there are numerous factors involved which massively influence the perceived speed that the owner receives that webpage, and this is not just down to the speed of the WAN connections. For example, we can see e.g. 2mbps being delivered by the VSAT airtime provider, 2mbps on the gateway but the captains laptop is only connected at 0.8mbps. This loss can often be associated to other devices all eating into the 2mbps connection, but, if there are no other devices using the WAN, then this loss can simply be attributed to a poor network. There are multiple issues that can affect the ‘speed’ of the network such as physically poor cabling, incorrect cable / connectors, and cable interference, incorrect wireless network coverage, plus configuration & design issues such as incorrect DNS, multiple DHCP, incorrect wireless network settings. One area that is often mentioned is packet loss, whereby devices broadcasting their presence by sending small packets of data across the network. Packet loss occurs when one or more packets of data travelling across a computer network fail to reach their destination. Packet loss is typically caused by network congestion and packet loss increases latency due to additional time needed for retransmission – hence a slower network. Good network design is another huge topic which cannot be covered in depth here. Needless to say, it is essential to ensure that your network on board is running correctly and efficiently before assuming that the VSAT or other WAN services are slow.
The gateway. As briefly mentioned above, the gateway is the key to efficient bandwidth management. It is essential to identify both the WAN connections and LAN users in terms of devices and users. For example, in the simplest form, you could have a single WAN connection with 2mbps off-vessel connection and this is going to one user on board who should be receiving all 2mbps. As soon as you scale this up, and have say 10 users then the gateway has to juggle this single 2mbps pipe and allocate it to the different users, normally done on a first come, first serve basis. This is where the issues start as there will not be enough bandwidth to share if all 10 users are requesting bandwidth, plus different processes have different demands. So, streaming a movie to a device uses a lot of download bandwidth whilst sending an email uses a small amount of upload bandwidth.
Let’s scale this up to a more familiar scene, 2 WANs both online – VSAT and 4G – and both connected to the gateway. Depending on the model & budget, gateways can offer some very clever load balancing algorithms for ‘combining’ the WANs or allocating each individual device to a specific WAN depending on the bandwidth available. So, a 2mbps VSAT and 10mbps 4G service is effectively load-balanced in a 1:5 ratio, so the first user is assigned the VSAT connection and the next 5 users are assigned a 4G connection. Whilst this is effective for steady speeds, it is too clunky for variable speeds. In the example above, imagine if the 4G drops to 50kbps GPRS, but the gateway will still be assigning 5 users to this connection. Far from ideal. More expensive gateways can perform traffic shaping and dynamic load balancing assigning users to the best connection. One other option we use is to assign one WAN, e.g. 4G to the owners VLAN and the VSAT to the crew VLAN. This is a far more common solution as it is quite straight-forward to manage the users on the VLANs. Also, if you have a second or third 4G router then these connections can be allocated to different VLANs with VSAT assigned to a fail-over role.
As well as the above examples of managing bandwidth to individual VLANs, a more common policy, especially with large crew, is to manage individual users. Devices can be grouped by individual owner or specific device type. Each owner of a group of devices or each specific device type can be assigned either a specific volume of data e.g. 1GB per week or a specific speed e.g 100kbps. In reality, this can be quite dictatorial to administer and a certain element of trust is always required. A capped volume per individual which can be shared between their personal devices is often more preferable.
Also, time schedules can be assigned to limit personal devices during work hours so the majority of the bandwidth is assigned to devices involved with work tasks. Often, we set up a ‘Facebook’ rule which is popular with the captain (but less so with the crew) whereby Facebook is simply blocked between 08:00 – 18:00hrs. Establishing robust firewall rules within the gateway to restrict access to unsuitable / unwanted content is far more efficient that simply allowing unrestricted access and then trying to control bandwidth allocation to individual users or devices.
Of course, with multiple active WANs, one connection can be assigned to the owners VLAN and/or guest VLAN without any restriction and the VSAT (or second/third 4G) assigned to the crew VLAN with the restrictions outlined above. This works well although there is always the issue of a crew member knowing the guest VLAN wireless login in order to provide this information to a new guest, but ‘accidently’ using the guest VLAN for ‘personal’ use!
It’s easy to be fairly relaxed when you have multiple, fast, WAN connections. However, what happens when the yacht leaves the marina and 4G stops? This is when a fast stable VSAT connection is still essential and this is when the gateway and bandwidth management rules really need to work. Flexible VSAT services are now far more common whereby you can request a short-term boost. For example, one VSAT airtime provider – Marlink – offer a week-by-week ‘boost’ service with download speeds up to 25mbps (obviously subject to the hardware on board and region). So, you could massively increase the VSAT bandwidth for a short-term period when the owner and guests are on board. You still need to have solid gateway rules to allocate the large proportion of the VSAT to the owner & guests but in a flexible manner that still provides key crew internet access so as not to hinder the safe operation of the yacht. Just allocating say 80% of the bandwidth to the owner VLAN is fine when the owner is using the bandwidth, but often we seen situations where the owner is not actually using any of the bandwidth but, with the example above, the crew are restricted to only 20% and the 80% is completely unused. Again, a flexible approach based on priority whereby the owner has first ‘bite’ of the bandwidth but if not required, this bandwidth is then available to other users of VLANs may be a more pragmatic solution.
Therefore, in order to ensure the owner and guests have the best internet possible, it is essential to have multiple, flexible WAN connections, an efficient wired and wireless network and a decent gateway that allows full visibility and control of both the WANs and on board users, groups, VLANs and/or devices.