Big Temporary Networks

Måns Nilsson mansaxel at besserwisser.org
Fri Sep 14 07:34:35 UTC 2012


Subject: Re: Big Temporary Networks Date: Thu, Sep 13, 2012 at 05:45:55PM -0400 Quoting Jay Ashworth (jra at baylink.com):
> ----- Original Message -----
> > At all possible cost, avoid login or encryption for the wireless.
> 
> Yes, and no.

<snip> 

Just keep in mind that every action you make the visitors have to perform
to get Internet connectivity is a support workload.
 
> (For example, I have no problems blocking outbound port 25 and redirecting
> recursive DNS -- though I do want a system that permits me to whitelist 
> MACs on request.  But I would do those on the guest and dealer nets, and
> not on the staff one.)

Remember that DNSSEC breaks quite easily if you redirect DNS and since
this is three years in the future, the uptake on DNSSEC may well have
hit the point where there is visual feedback on validation in client UI.
 
> > While things have become much better, doing 802.1x on conference
> > wireless probably is a bit daring. OTOH eduroam does it all over Europe.
> 
> If I did try to do that, it would probably only be on the staff network; 
> it's a much more contrained environment.

It'll work much better there, and FWIW, will be a little yet perhaps
effective speedbump for intruders.
 
> > And get v6.
> 
> Yeah, I assumed that, though it will be interesting to see how much play 
> it actually gets; these are SF geeks, not networking geeks.

Again, even in North America, the uptake may well have accelerated
enough that it is To Be Expected. Besides, IME, SF geeks are computer savvy
more than others.
 
> Oh yeah.  I'm fond of leases as short as 30 minutes, though if I have
> a /16, I won't care as much.

A couple hours will get the user over a lunch break if not overnight,
which means that long TCP sessions survive on Proper Computers (that
don't tear down TCP on link loss. I'm looking at you, Microsoft!). This
is Really Nice. Open up computer from sleep and press enter in xterm
and ssh session is up. (my personal record is for telnet, an untouched
connection survived two taxi trips,  one night, some NATed wlan at the
hotel and when i got back to the right network I just plugged the cable in
and continued in the same session. But I cheated and had fixed addresses.)
  
> Very nice, Måns; thanks.

My pleasure. 

-- 
Måns Nilsson     primary/secondary/besserwisser/machina
MN-1334-RIPE                             +46 705 989668
He is the MELBA-BEING ... the ANGEL CAKE ... XEROX him ... XEROX him --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120914/d823b45e/attachment.bin>


More information about the NANOG mailing list