Big Temporary Networks
jra at baylink.com
Fri Sep 14 13:38:17 UTC 2012
----- Original Message -----
> From: "Måns Nilsson" <mansaxel at besserwisser.org>
> 05:45:55PM -0400 Quoting Jay Ashworth (jra at baylink.com):
> > ----- Original Message -----
> > > At all possible cost, avoid login or encryption for the wireless.
> > Yes, and no.
> Just keep in mind that every action you make the visitors have to
> perform to get Internet connectivity is a support workload.
I understand entirely.
That was the reason for my "remember each MAC address for the entire event"
approach to captive portal. I forsee the guests entering a code from their
event badge the first time they use each device. Unlike most events, I also
forsee a single page "How to use our Internet connectivity" sheet that actually
tells you what you need to know. :-)
> > (For example, I have no problems blocking outbound port 25 and
> > redirecting
> > recursive DNS -- though I do want a system that permits me to
> > whitelist
> > MACs on request. But I would do those on the guest and dealer nets,
> > and
> > not on the staff one.)
> Remember that DNSSEC breaks quite easily if you redirect DNS and since
> this is three years in the future, the uptake on DNSSEC may well have
> hit the point where there is visual feedback on validation in client
> > > While things have become much better, doing 802.1x on conference
> > > wireless probably is a bit daring. OTOH eduroam does it all over
> > > Europe.
> > If I did try to do that, it would probably only be on the staff
> > network; it's a much more contrained environment.
> It'll work much better there, and FWIW, will be a little yet perhaps
> effective speedbump for intruders.
Was my plan, yes. This isn't, really, defcon. :-)
> > > And get v6.
> > Yeah, I assumed that, though it will be interesting to see how much
> > play it actually gets; these are SF geeks, not networking geeks.
> Again, even in North America, the uptake may well have accelerated
> enough that it is To Be Expected. Besides, IME, SF geeks are computer
> savvy more than others.
I've heard that asserted. I'm not certain to what extent it's actually true.
> > Oh yeah. I'm fond of leases as short as 30 minutes, though if I have
> > a /16, I won't care as much.
> A couple hours will get the user over a lunch break if not overnight,
> which means that long TCP sessions survive on Proper Computers (that
> don't tear down TCP on link loss. I'm looking at you, Microsoft!).
Well, I'm a firm believer in Least Recently Used, so as long as my DHCP block
is larger than my userbase, everyone will have the same address all weekend
> is Really Nice. Open up computer from sleep and press enter in xterm
> and ssh session is up. (my personal record is for telnet, an untouched
> connection survived two taxi trips, one night, some NATed wlan at the
> hotel and when i got back to the right network I just plugged the
> cable in
> and continued in the same session. But I cheated and had fixed
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the NANOG