network – Jan Taczanowski's tech blog

Linux box as an IPv6 router with SLAAC and DHCPv6-PD

03/05/2017 Jan Taczanowski 3 Comments

Some time ago I replaced my Mikrotik router with linux box which is working as a router for my home network and as a server for some services.
I had to spend some time to set up IPv6 on linux in such way, that everything was working automatically and without need to configuring anything in statically way. This post will be only about IPv6 part of router configurations.
I omit IPv4 part and configurations of network interfaces, because it is well documented in internet.

My router is running on linux openSUSE leap 42.2. The configurations are the same for other distros but file paths of config files may be different.

eth0 – wan interface of the router

eth1 – lan interface of the router
To make the router working, I had to:

change some sysctls to obtain IPv6 address on wan interface of my router by Stateless autoconfiguration (SLAAC).
I used wide-dhcpv6-client client to obtain IPv6 adresses pool (DHCPv6-PD) to redistribute addresses from pool on my devices in home network.
Redistributing addresses is done by dnsmasq.

First step – sysctls:
Part of my /etc/sysctl.conf confgured to obtain IPv6 address from Stateless autoconfiguration (SLAAC) on wan interface – eth0:

# Enable IPv6 forwarding
net.ipv6.conf.all.forwarding = 1

# Obtain IPv6 address on wan interface by Stateless autoconfiguration (SLAAC)
net.ipv6.conf.eth0.accept_ra = 2

# I want to have one IPv6 address on my wan interface, based on my mac address. 
# Without this my router will also have temporary, random IPv6 addresses which will be changing over time.
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0

# Enable IPv6 forwarding

net.ipv6.conf.all.forwarding = 1

# Obtain IPv6 address on wan interface by Stateless autoconfiguration (SLAAC)

net.ipv6.conf.eth0.accept_ra = 2

# I want to have one IPv6 address on my wan interface, based on my mac address.

# Without this my router will also have temporary, random IPv6 addresses which will be changing over time.

net.ipv6.conf.all.use_tempaddr = 0

net.ipv6.conf.default.use_tempaddr = 0

After reboot I can see that my wan interface has public IPv6 address:

eth0      Link encap:Ethernet  HWaddr 00:4F:62:XX:XX:XX  
          inet addr:37.X.X.X  Bcast:37.X.X.X  Mask:255.255.254.0
          inet6 addr: fe80::24f:62ff:fe16:bd48/64 Scope:Link
          inet6 addr: 2a03:XXXX:0:252:24f:62ff:fe16:bd48/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:264107 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38333 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:33499400 (31.9 Mb)  TX bytes:25331826 (24.1 Mb)

eth0 Link encap:Ethernet HWaddr 00:4F:62:XX:XX:XX

inet addr:37.X.X.X Bcast:37.X.X.X Mask:255.255.254.0

inet6 addr: fe80::24f:62ff:fe16:bd48/64 Scope:Link

inet6 addr: 2a03:XXXX:0:252:24f:62ff:fe16:bd48/64 Scope:Global

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:264107 errors:0 dropped:0 overruns:0 frame:0

TX packets:38333 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:33499400 (31.9 Mb) TX bytes:25331826 (24.1 Mb)

Second step – wide-dhcpv6-client:
Configuration of wide-dhcpv6-client which will be obtaining IPv6 address pool (DHCPv6-PD) for lan interface (eth1)

router:~ # cat /etc/wide-dhcpv6/dhcp6c.conf 
# eth0 is my wan interface
interface eth0 { 
# request a non-temporary address   
    # request prefix delegation address
    send ia-pd 1;
    request domain-name-servers;
    request domain-name;
};

id-assoc pd 1 {
        prefix ::/64 infinity;
        prefix-interface eth1 {
                sla-len 0;

                # elated with ia-pd to configure subnet on lan interface - eth1
                sla-id 1;

                # "postfix" of IPv6 address on lan interface. 
                # if not configured interface will has EUI-64 (mac based) address.
                # In this case, eth1 will get a IPv6 ending with ::1
                ifid 1;
        };
};

router:~ # cat /etc/wide-dhcpv6/dhcp6c.conf

# eth0 is my wan interface

interface eth0 {

# request a non-temporary address

# request prefix delegation address

send ia-pd 1;

request domain-name-servers;

request domain-name;

};

id-assoc pd 1 {

prefix ::/64 infinity;

prefix-interface eth1 {

sla-len 0;

# elated with ia-pd to configure subnet on lan interface - eth1

sla-id 1;

# "postfix" of IPv6 address on lan interface.

# if not configured interface will has EUI-64 (mac based) address.

# In this case, eth1 will get a IPv6 ending with ::1

ifid 1;

};

Unfortunately package of wide-dhcpv6-client does not provide configuration file for systemd. To start up wide-dhcpv6-client by systemd I created wide-dhcpv6.service entry:

router:~ # cat /usr/lib/systemd/system/wide-dhcpv6.service;
[Unit]
Description=wide-dhcpv6
Before=dnsmasq.service
After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service

[Service]
ExecStart=/usr/sbin/dhcp6c -c /etc/wide-dhcpv6/dhcp6c.conf -P default -d -D -f eth0
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

router:~ # cat /usr/lib/systemd/system/wide-dhcpv6.service;

[Unit]

Description=wide-dhcpv6

Before=dnsmasq.service

After=network.target ypbind.service nfs.service nfsserver.service rpcbind.service SuSEfirewall2_init.service

[Service]

ExecStart=/usr/sbin/dhcp6c -c /etc/wide-dhcpv6/dhcp6c.conf -P default -d -D -f eth0

RemainAfterExit=true

[Install]

WantedBy=multi-user.target

Enable it on system startup:

router:~ # systemctl enable wide-dhcpv6.service
Created symlink from /etc/systemd/system/multi-user.target.wants/wide-dhcpv6.service to /usr/lib/systemd/system/wide-dhcpv6.service.

1 2	router:~ # systemctl enable wide-dhcpv6.service Created symlink from /etc/systemd/system/multi-user.target.wants/wide-dhcpv6.service to /usr/lib/systemd/system/wide-dhcpv6.service.

After reboot I can see that my lan interface (eth1) has assignment IPv6 address with prefix:

eth1      Link encap:Ethernet  HWaddr C0:3F:D5:6D:F4:5C  
          inet addr:192.168.51.1  Bcast:192.168.51.255  Mask:255.255.255.0
          inet6 addr: fe80::c23f:d5ff:fe6d:f45c/64 Scope:Link
          inet6 addr: 2a03:XXXX:252f:e900::1/56 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:361458 errors:0 dropped:0 overruns:0 frame:0
          TX packets:92615 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:61669608 (58.8 Mb)  TX bytes:31434041 (29.9 Mb)
          Interrupt:20 Memory:f7c00000-f7c20000

eth1 Link encap:Ethernet HWaddr C0:3F:D5:6D:F4:5C

inet addr:192.168.51.1 Bcast:192.168.51.255 Mask:255.255.255.0

inet6 addr: fe80::c23f:d5ff:fe6d:f45c/64 Scope:Link

inet6 addr: 2a03:XXXX:252f:e900::1/56 Scope:Global

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:361458 errors:0 dropped:0 overruns:0 frame:0

TX packets:92615 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:61669608 (58.8 Mb) TX bytes:31434041 (29.9 Mb)

Interrupt:20 Memory:f7c00000-f7c20000

Last step – dnsmasq:
Part of configuration of dnsmasq (/etc/dnsmasq.conf) to redistributing IPv6 addresses in home network. Dnsmasq will also work as dns cache. :

# don't listen to anything on eth0
except-interface=eth0

bogus-priv

# IPv6 Route Advertisements
enable-ra

# Create a IPv6 range from address on the interface. The ::1 is related to the ifid in /etc/wide-dhcpv6/dhcp6c.conf.
dhcp-range=tag:eth1,::1,constructor:eth1, ra-names, 12h

# ra-names - it gives DNS names to IPv6 hosts
local=/home/

# don't listen to anything on eth0

except-interface=eth0

bogus-priv

# IPv6 Route Advertisements

enable-ra

# Create a IPv6 range from address on the interface. The ::1 is related to the ifid in /etc/wide-dhcpv6/dhcp6c.conf.

dhcp-range=tag:eth1,::1,constructor:eth1, ra-names, 12h

# ra-names - it gives DNS names to IPv6 hosts

local=/home/

Enable dnsmasq on system startup:

router:~ # systemctl enable dnsmasq.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

1 2	router:~ # systemctl enable dnsmasq.service Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.

After reboot, devices in home network should be able to use internet by IPv6 🙂

But now, devices in home network are avaible from outside. Each of device has own public IPv6 address which is awailable from outside (internet).

We have to secure it, by allowing only for connections which are initialized from our internal network. It can be done by ip6tables.

ip6tables -A FORWARD -m state --state NEW -i eth1 -o eth0 -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -P FORWARD DROP

ip6tables -A FORWARD -m state --state NEW -i eth1 -o eth0 -j ACCEPT

ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

ip6tables -P FORWARD DROP

It’s all, described configuration works flawlessly for me for days 🙂

Capturing wifi traffic with Cisco Aironet access point.

10/04/2016 Jan Taczanowski No Comments

It is possible to use Cisco Aironet as wifi sniffer. The device can operate in monitor mode and sending packets to specified destination. This is implemented by WIDS (Wireless IDS?) protocol.
In this case, the packets were capturing using Wireshak. I configured access point to work in monitor mode and to send packets to my computer on address 192.168.51.24 and on 5555 port.

ap#config
Configuring from terminal, memory, or network [terminal]? 
Enter configuration commands, one per line.  End with CNTL/Z.

ap(config)#interface dot11Radio 0
ap(config-if)#station-role scanner 
ap(config-if)#monitor frames endpoint ip address 192.168.51.24 port 5555
ap(config-if)#channel 6

ap#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

ap(config)#interface dot11Radio 0

ap(config-if)#station-role scanner

ap(config-if)#monitor frames endpoint ip address 192.168.51.24 port 5555

ap(config-if)#channel 6

Now device sends packets to my computer, I can launch Wireshark and see them. There is need to set proper packets decoding as CWIDS.

decode_traffic

Additionally I set filters to only see traffic from the access point.

((udp.dstport == 5555) && (ip.proto == 17)) && !(icmp.code == 3)

1	((udp.dstport == 5555) && (ip.proto == 17)) && !(icmp.code == 3)

wireshark

It is important to note, that the device is able to monitor only one channel in the same time, but channel can be easily changed:

ap(config-if)#channel 7

1	ap(config-if)#channel 7

Raspberry Pi 2b as a home router with Cisco switch and VLANs

28/02/2016 Jan Taczanowski 5 Comments

Hi!

Some time ago I configured my Raspberry Pi as a home router. Below, in short brief is shown my configuration.
raspberry_cisco_switch

On the Cisco switch, I have created two vlans:
vlan10 – WAN (Internet connection)
vlan20 – LAN (Home network)

The first port of the Cisco switch is connected to the the Internet, and is configured as access port for vlan10. The second port is connected to the Raspberry Pi as trunk port – traffic from vlan10 and vlan20 is tagged on this port. Third port is in access mode and is connected to the home access point.

interface FastEthernet0/3
 switchport access vlan 20
!
interface FastEthernet0/2
 switchport mode trunk
!
interface FastEthernet0/1
 switchport access vlan 10
!
interface Vlan20
 ip address 192.168.50.2 255.255.255.0

interface FastEthernet0/3

switchport access vlan 20

interface FastEthernet0/2

switchport mode trunk

interface FastEthernet0/1

switchport access vlan 10

interface Vlan20

ip address 192.168.50.2 255.255.255.0

Switch#show vlan brief 

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/4
10   INTERNET                         active    Fa0/1
20   LAN                              active    Fa0/3

Switch#show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4

10 INTERNET active Fa0/1

20 LAN active Fa0/3

Network configuration on Raspberry Pi looks as follows:

root@raspberrypi:/home/pi# cat /etc/network/interfaces 
auto lo

iface lo inet loopback
# Management
iface eth0 inet static
        address 192.168.100.1
        netmask 255.255.255.0
        post-up ifup vlan10
        post-up ifup vlan20

# Internet
auto vlan10
iface vlan10 inet dhcp
        hwaddress ether 00:12:2a:a7:f7:c0
        vlan-raw-device eth0
# Home network
auto vlan20
iface vlan20 inet static
        address 192.168.50.1
        netmask 255.255.255.0
        vlan-raw-device eth0

root@raspberrypi:/home/pi# cat /etc/network/interfaces

auto lo

iface lo inet loopback

# Management

iface eth0 inet static

address 192.168.100.1

netmask 255.255.255.0

post-up ifup vlan10

post-up ifup vlan20

# Internet

auto vlan10

iface vlan10 inet dhcp

hwaddress ether 00:12:2a:a7:f7:c0

vlan-raw-device eth0

# Home network

auto vlan20

iface vlan20 inet static

address 192.168.50.1

netmask 255.255.255.0

vlan-raw-device eth0

On eth0 interface I have set 192.168.100.1 address for management purpose in case of problems with access to the Raspberry Pi from vlan’s side. On vlan10 interface I have to set the custom mac address to obtain IP address from my internet provider. Vlan20 with addresses 192.168.50.1/24 is for my home network.
The rest of my configuration like NAT, dhcp, dns is pretty standard and will not be posted about it here. If you have questions, I will be happy to answer in the comments 🙂

How Raspberry Pi performs as a router on my 100/50 Mb/s internet connection? Quite nicely for a network card supported by USB – which has Raspberry.
4931071421

802.11n vs 802.11ac performance comparison – cisco aironet 2600, 2700 series

10/01/2016 Jan Taczanowski 1 Comment

It will be my first post on this blog 🙂

Today I want to show my tests of two wireless access points. The short specification of this two devices presents as follows:

802.11N – Cisco Aironet 2600 series AIR-CAP2602I-E-K9 with autonomous ap IOS software 15.3.3-JC
“802.11n with 3×4 multiple-input multiple-output (MIMO) technology with three spatial streams, which sustains 450-Mbps rates”
Full spec: Link

802.11AC – Cisco Aironet 2700 series AIR-CAP2702I-E-K9 with autonomous ap IOS software 15.3.3-JC
“802.11ac with 3×4 multiple-input multiple-output (MIMO) technology supporting three spatial streams. This architecture offers a sustained 1.3-Gbps rates”
Full spec: Link

So both devices have 3×4 spatial stream. The main purpose of this test is to show performance diffrence between 802.11N and 802.11AC wireless standard. The differences between the two standards in the brief are:

– the width of a channel, 802.11N supports up to 40Mhz channel while 802.11AC (phase 1) support up to 80Mhz, and for phase 2 of this standard it is 160Mhz. Cisco Aironet 2700 is a 802.11AC phase 1 device.

– the modulation, 802.11N supports up to 64-QAM, for 802.11AC it is 256-QAM

As wireless client I will use notebook Dell Latitude e7240 with Intel 7260AC wireless card which has 2×2 spatial stremas. The notebook is running under Opensuse Linux 13.1 with 4.2.5-1 kernel version and iwlwifi-7260-15 firmware for wireless card. Unfortunately I do not have device supporting 3×3 spatial stream.

Let’s get to the test…

I set radio interface on both devices like shown below.
Cisco Aironet 2600:

interface Dot11Radio1
 description 802.11N 5GHz Radio
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 !
 ssid JAN
 !
 antenna gain 0
 peakdetect
 dfs band 1 2 3 block
 beamform ofdm
 channel width 40-below
 channel 5240
 station-role root access-point
 world-mode dot11d country-code PL both
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
!

interface Dot11Radio1

description 802.11N 5GHz Radio

no ip address

no ip route-cache

encryption mode ciphers aes-ccm

ssid JAN

antenna gain 0

peakdetect

dfs band 1 2 3 block

beamform ofdm

channel width 40-below

channel 5240

station-role root access-point

world-mode dot11d country-code PL both

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

Cisco Aironet 2700:

interface Dot11Radio1
 interface Dot11Radio1
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid JAN
 !
 antenna gain 0
 peakdetect
 no dfs band block
 stbc
 channel width 80
 channel 5240
 station-role root access-point
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!

interface Dot11Radio1

no ip address

encryption mode ciphers aes-ccm

ssid JAN

antenna gain 0

peakdetect

no dfs band block

stbc

channel width 80

channel 5240

station-role root access-point

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

For performance testing I use iperf3 between two computers. One of them is connected by gigabit ethernet to the access point, and the second (Dell Latitide) is connected to the wireless network. It looks like below.
access_point_test
Let’s see how the connection looks, when I connect notebook to Aironet 2600. The distance between devices is about 2 meters. I’ll check the statistics of wireless interface in notebook.

interface Dot11Radio1
JAN-DELL:/home/jan # ethtool -S wlp2s0
NIC statistics:
     rx_packets: 605591
     rx_bytes: 695567571
     rx_duplicates: 1
     rx_fragments: 605486
     rx_dropped: 248
     tx_packets: 443918
     tx_bytes: 608352571
     tx_filtered: 0
     tx_retry_failed: 0
     tx_retries: 568
     beacon_loss: 0
     sta_state: 4
     txrate: 300000000
     rxrate: 300000000
     signal: 230
     channel: 0
     noise: 18446744073709551615
     ch_time: 18446744073709551615
     ch_time_busy: 18446744073709551615
     ch_time_ext_busy: 18446744073709551615
     ch_time_rx: 18446744073709551615
     ch_time_tx: 18446744073709551615

interface Dot11Radio1

JAN-DELL:/home/jan # ethtool -S wlp2s0

NIC statistics:

rx_packets: 605591

rx_bytes: 695567571

rx_duplicates: 1

rx_fragments: 605486

rx_dropped: 248

tx_packets: 443918

tx_bytes: 608352571

tx_filtered: 0

tx_retry_failed: 0

tx_retries: 568

beacon_loss: 0

sta_state: 4

txrate: 300000000

rxrate: 300000000

signal: 230

channel: 0

noise: 18446744073709551615

ch_time: 18446744073709551615

ch_time_busy: 18446744073709551615

ch_time_ext_busy: 18446744073709551615

ch_time_rx: 18446744073709551615

ch_time_tx: 18446744073709551615

I am especially interested in two parameters – txrate, rxrate. It look’s very good, the Intel 7260 wireless card achieved maximum connection bitrate for 2×2 spatial stream device in 802.11N standard – 300Mb/s Rxrate and 300Mb/s Txrate.
Now I launch iperf to see how the performance looks, when device passes real TCP traffic.
On the server I started iperf which is listening for incomming connections on 8888 port.

iperf3 -s -p 8888

1	iperf3 -s -p 8888

I’m going to perform download test. On the client I launched iperf in 10 processes to simulate 10 tcp sessions:

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000 -R
[  4]  24.00-24.87  sec  3.50 MBytes  33.6 Mbits/sec                  
[  6]  24.00-24.87  sec  1.85 MBytes  17.8 Mbits/sec                  
[  8]  24.00-24.87  sec  3.42 MBytes  32.9 Mbits/sec                  
[ 10]  24.00-24.87  sec  1.28 MBytes  12.3 Mbits/sec                  
[ 12]  24.00-24.87  sec  2.52 MBytes  24.2 Mbits/sec                  
[ 14]  24.00-24.87  sec  1.81 MBytes  17.4 Mbits/sec                  
[ 16]  24.00-24.87  sec  3.11 MBytes  29.8 Mbits/sec                  
[ 18]  24.00-24.87  sec  1.89 MBytes  18.1 Mbits/sec                  
[ 20]  24.00-24.87  sec  1.73 MBytes  16.6 Mbits/sec                  
[ 22]  24.00-24.87  sec  1.85 MBytes  17.8 Mbits/sec                  
[SUM]  24.00-24.87  sec  23.0 MBytes   220 Mbits/sec

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000 -R

[ 4] 24.00-24.87 sec 3.50 MBytes 33.6 Mbits/sec

[ 6] 24.00-24.87 sec 1.85 MBytes 17.8 Mbits/sec

[ 8] 24.00-24.87 sec 3.42 MBytes 32.9 Mbits/sec

[ 10] 24.00-24.87 sec 1.28 MBytes 12.3 Mbits/sec

[ 12] 24.00-24.87 sec 2.52 MBytes 24.2 Mbits/sec

[ 14] 24.00-24.87 sec 1.81 MBytes 17.4 Mbits/sec

[ 16] 24.00-24.87 sec 3.11 MBytes 29.8 Mbits/sec

[ 18] 24.00-24.87 sec 1.89 MBytes 18.1 Mbits/sec

[ 20] 24.00-24.87 sec 1.73 MBytes 16.6 Mbits/sec

[ 22] 24.00-24.87 sec 1.85 MBytes 17.8 Mbits/sec

[SUM] 24.00-24.87 sec 23.0 MBytes 220 Mbits/sec

and upload:

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000
[  4]  19.00-20.00  sec  2.13 MBytes  17.9 Mbits/sec    0   29.7 KBytes       
[  6]  19.00-20.00  sec  2.18 MBytes  18.3 Mbits/sec    0   31.1 KBytes       
[  8]  19.00-20.00  sec  2.10 MBytes  17.7 Mbits/sec    0   29.7 KBytes       
[ 10]  19.00-20.00  sec  1.97 MBytes  16.5 Mbits/sec    0   26.9 KBytes       
[ 12]  19.00-20.00  sec  2.02 MBytes  17.0 Mbits/sec    0   26.9 KBytes       
[ 14]  19.00-20.00  sec  1.97 MBytes  16.5 Mbits/sec    0   26.9 KBytes       
[ 16]  19.00-20.00  sec  2.05 MBytes  17.2 Mbits/sec    0   28.3 KBytes       
[ 18]  19.00-20.00  sec  1.96 MBytes  16.5 Mbits/sec    0   26.9 KBytes       
[ 20]  19.00-20.00  sec  2.03 MBytes  17.0 Mbits/sec    0   28.3 KBytes       
[ 22]  19.00-20.00  sec  2.10 MBytes  17.6 Mbits/sec    0   29.7 KBytes       
[SUM]  19.00-20.00  sec  20.5 MBytes   172 Mbits/sec    0

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000

[ 4] 19.00-20.00 sec 2.13 MBytes 17.9 Mbits/sec 0 29.7 KBytes

[ 6] 19.00-20.00 sec 2.18 MBytes 18.3 Mbits/sec 0 31.1 KBytes

[ 8] 19.00-20.00 sec 2.10 MBytes 17.7 Mbits/sec 0 29.7 KBytes

[ 10] 19.00-20.00 sec 1.97 MBytes 16.5 Mbits/sec 0 26.9 KBytes

[ 12] 19.00-20.00 sec 2.02 MBytes 17.0 Mbits/sec 0 26.9 KBytes

[ 14] 19.00-20.00 sec 1.97 MBytes 16.5 Mbits/sec 0 26.9 KBytes

[ 16] 19.00-20.00 sec 2.05 MBytes 17.2 Mbits/sec 0 28.3 KBytes

[ 18] 19.00-20.00 sec 1.96 MBytes 16.5 Mbits/sec 0 26.9 KBytes

[ 20] 19.00-20.00 sec 2.03 MBytes 17.0 Mbits/sec 0 28.3 KBytes

[ 22] 19.00-20.00 sec 2.10 MBytes 17.6 Mbits/sec 0 29.7 KBytes

[SUM] 19.00-20.00 sec 20.5 MBytes 172 Mbits/sec 0

Wow! 🙂 220 Mb/s download and 172 Mb/s upload speed. In my opinion these are very good results for 802.11n standard.

Let’s check the 802.11AC with Aironet 2700. The connection status on Dell Latitude is showing:

interface Dot11Radio1
JAN-DELL:/home/jan # ethtool -S wlp2s0
NIC statistics:
     rx_packets: 2458256
     rx_bytes: 3658398341
     rx_duplicates: 1
     rx_fragments: 2458183
     rx_dropped: 181
     tx_packets: 472888
     tx_bytes: 442820819
     tx_filtered: 0
     tx_retry_failed: 0
     tx_retries: 3045
     beacon_loss: 0
     sta_state: 4
     txrate: 866700000
     rxrate: 650000000
     signal: 222
     channel: 0
     noise: 18446744073709551615
     ch_time: 18446744073709551615
     ch_time_busy: 18446744073709551615
     ch_time_ext_busy: 18446744073709551615
     ch_time_rx: 18446744073709551615
     ch_time_tx: 18446744073709551615

interface Dot11Radio1

JAN-DELL:/home/jan # ethtool -S wlp2s0

NIC statistics:

rx_packets: 2458256

rx_bytes: 3658398341

rx_duplicates: 1

rx_fragments: 2458183

rx_dropped: 181

tx_packets: 472888

tx_bytes: 442820819

tx_filtered: 0

tx_retry_failed: 0

tx_retries: 3045

beacon_loss: 0

sta_state: 4

txrate: 866700000

rxrate: 650000000

signal: 222

channel: 0

noise: 18446744073709551615

ch_time: 18446744073709551615

ch_time_busy: 18446744073709551615

ch_time_ext_busy: 18446744073709551615

ch_time_rx: 18446744073709551615

ch_time_tx: 18446744073709551615

Despite the short distance connection parameters were not as stable as in the case Aironet 2600. I do not know why Intel 7260 did not achieve full rate, which is 866Mb/s Rx/Tx Rate for 2×2 spatial stream client on 80 Mhz channel width. I saw 866Mb/s rates only temporarily. In Addition, there was a problem with the client connection which was hanging up every minute. I solved this problem by remove 802.11d configuration.

interface Dot11Radio1
no world-mode dot11d country-code PL both

1 2	interface Dot11Radio1 no world-mode dot11d country-code PL both

I do not understand why it had such an impact. These settings works well in 802.11N.

But, how real speeds I can achieve in iperf test with Aironet 2700?
Download speed:

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000 -R
[  4]  72.00-73.00  sec  3.56 MBytes  29.9 Mbits/sec                  
[  6]  72.00-73.00  sec  4.18 MBytes  35.1 Mbits/sec                  
[  8]  72.00-73.00  sec  8.95 MBytes  75.1 Mbits/sec                  
[ 10]  72.00-73.00  sec  7.93 MBytes  66.5 Mbits/sec                  
[ 12]  72.00-73.00  sec  3.97 MBytes  33.3 Mbits/sec                  
[ 14]  72.00-73.00  sec  6.93 MBytes  58.2 Mbits/sec                  
[ 16]  72.00-73.00  sec  3.30 MBytes  27.7 Mbits/sec                  
[ 18]  72.00-73.00  sec  4.19 MBytes  35.2 Mbits/sec                  
[ 20]  72.00-73.00  sec  5.80 MBytes  48.7 Mbits/sec                  
[ 22]  72.00-73.00  sec  3.86 MBytes  32.3 Mbits/sec                  
[SUM]  72.00-73.00  sec  52.7 MBytes   442 Mbits/sec

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000 -R

[ 4] 72.00-73.00 sec 3.56 MBytes 29.9 Mbits/sec

[ 6] 72.00-73.00 sec 4.18 MBytes 35.1 Mbits/sec

[ 8] 72.00-73.00 sec 8.95 MBytes 75.1 Mbits/sec

[ 10] 72.00-73.00 sec 7.93 MBytes 66.5 Mbits/sec

[ 12] 72.00-73.00 sec 3.97 MBytes 33.3 Mbits/sec

[ 14] 72.00-73.00 sec 6.93 MBytes 58.2 Mbits/sec

[ 16] 72.00-73.00 sec 3.30 MBytes 27.7 Mbits/sec

[ 18] 72.00-73.00 sec 4.19 MBytes 35.2 Mbits/sec

[ 20] 72.00-73.00 sec 5.80 MBytes 48.7 Mbits/sec

[ 22] 72.00-73.00 sec 3.86 MBytes 32.3 Mbits/sec

[SUM] 72.00-73.00 sec 52.7 MBytes 442 Mbits/sec

Upload speed:

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000
[  4]  10.00-11.00  sec  3.55 MBytes  29.8 Mbits/sec   16   35.4 KBytes       
[  6]  10.00-11.00  sec  3.40 MBytes  28.5 Mbits/sec   19   36.8 KBytes       
[  8]  10.00-11.00  sec  3.37 MBytes  28.3 Mbits/sec   18   35.4 KBytes       
[ 10]  10.00-11.00  sec  3.28 MBytes  27.5 Mbits/sec   26   31.1 KBytes       
[ 12]  10.00-11.00  sec  3.79 MBytes  31.8 Mbits/sec   19   36.8 KBytes       
[ 14]  10.00-11.00  sec  3.48 MBytes  29.2 Mbits/sec   24   32.5 KBytes       
[ 16]  10.00-11.00  sec  3.52 MBytes  29.5 Mbits/sec   18   32.5 KBytes       
[ 18]  10.00-11.00  sec  3.71 MBytes  31.1 Mbits/sec   22   38.2 KBytes       
[ 20]  10.00-11.00  sec  4.15 MBytes  34.8 Mbits/sec   30   36.8 KBytes       
[ 22]  10.00-11.00  sec  3.26 MBytes  27.3 Mbits/sec   17   33.9 KBytes       
[SUM]  10.00-11.00  sec  35.5 MBytes   298 Mbits/sec  209

iperf3 -c 192.168.50.222 -p 8888 -P 10 -t 1000

[ 4] 10.00-11.00 sec 3.55 MBytes 29.8 Mbits/sec 16 35.4 KBytes

[ 6] 10.00-11.00 sec 3.40 MBytes 28.5 Mbits/sec 19 36.8 KBytes

[ 8] 10.00-11.00 sec 3.37 MBytes 28.3 Mbits/sec 18 35.4 KBytes

[ 10] 10.00-11.00 sec 3.28 MBytes 27.5 Mbits/sec 26 31.1 KBytes

[ 12] 10.00-11.00 sec 3.79 MBytes 31.8 Mbits/sec 19 36.8 KBytes

[ 14] 10.00-11.00 sec 3.48 MBytes 29.2 Mbits/sec 24 32.5 KBytes

[ 16] 10.00-11.00 sec 3.52 MBytes 29.5 Mbits/sec 18 32.5 KBytes

[ 18] 10.00-11.00 sec 3.71 MBytes 31.1 Mbits/sec 22 38.2 KBytes

[ 20] 10.00-11.00 sec 4.15 MBytes 34.8 Mbits/sec 30 36.8 KBytes

[ 22] 10.00-11.00 sec 3.26 MBytes 27.3 Mbits/sec 17 33.9 KBytes

[SUM] 10.00-11.00 sec 35.5 MBytes 298 Mbits/sec 209

442 Mb/s download and 298 Mb/s upload speed.
Nice, almost half gigabit per second. But I was expecting a better result in spite of twice the width of the channel and denser modulation in 802.11ac

That sums up.
speed_chart
Is it worth to upgrade wireless infrastructure from 802.11N to 802.11AC?
It depends on your needs. 802.11N is still fast enough for most applications, and it is stable. But if you work with tasks which are generating heavy network traffic, such as copying big files over local network, you should consider switch to 802.11AC.