[156309] in North American Network Operators' Group
Re: Big Temporary Networks
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Fri Sep 14 09:39:01 2012
Date: Fri, 14 Sep 2012 09:38:17 -0400 (EDT)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <20120914073435.GS24232@besserwisser.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "M=C3=A5ns Nilsson" <mansaxel@besserwisser.org>
> 05:45:55PM -0400 Quoting Jay Ashworth (jra@baylink.com):
> > ----- Original Message -----
> > > At all possible cost, avoid login or encryption for the wireless.
> >
> > Yes, and no.
>=20
> <snip>
>=20
> Just keep in mind that every action you make the visitors have to
> perform to get Internet connectivity is a support workload.
I understand entirely. =20
That was the reason for my "remember each MAC address for the entire event"=
=20
approach to captive portal. I forsee the guests entering a code from their=
=20
event badge the first time they use each device. Unlike most events, I als=
o
forsee a single page "How to use our Internet connectivity" sheet that actu=
ally
tells you what you need to know. :-)
> > (For example, I have no problems blocking outbound port 25 and
> > redirecting
> > recursive DNS -- though I do want a system that permits me to
> > whitelist
> > MACs on request. But I would do those on the guest and dealer nets,
> > and
> > not on the staff one.)
>=20
> Remember that DNSSEC breaks quite easily if you redirect DNS and since
> this is three years in the future, the uptake on DNSSEC may well have
> hit the point where there is visual feedback on validation in client
> UI.
Good point.
=20
> > > While things have become much better, doing 802.1x on conference
> > > wireless probably is a bit daring. OTOH eduroam does it all over
> > > Europe.
> >
> > If I did try to do that, it would probably only be on the staff
> > network; it's a much more contrained environment.
>=20
> It'll work much better there, and FWIW, will be a little yet perhaps
> effective speedbump for intruders.
Was my plan, yes. This isn't, really, defcon. :-)
> > > And get v6.
> >
> > Yeah, I assumed that, though it will be interesting to see how much
> > play it actually gets; these are SF geeks, not networking geeks.
>=20
> Again, even in North America, the uptake may well have accelerated
> enough that it is To Be Expected. Besides, IME, SF geeks are computer
> savvy more than others.
I've heard that asserted. I'm not certain to what extent it's actually tru=
e.
> > Oh yeah. I'm fond of leases as short as 30 minutes, though if I have
> > a /16, I won't care as much.
>=20
> A couple hours will get the user over a lunch break if not overnight,
> which means that long TCP sessions survive on Proper Computers (that
> don't tear down TCP on link loss. I'm looking at you, Microsoft!).
Well, I'm a firm believer in Least Recently Used, so as long as my DHCP blo=
ck=20
is larger than my userbase, everyone will have the same address all weekend
anyway.
> This
> is Really Nice. Open up computer from sleep and press enter in xterm
> and ssh session is up. (my personal record is for telnet, an untouched
> connection survived two taxi trips, one night, some NATed wlan at the
> hotel and when i got back to the right network I just plugged the
> cable in
> and continued in the same session. But I cheated and had fixed
> addresses.)
Nice. :-)
=20
Cheers,
-- jra
--=20
Jay R. Ashworth Baylink jra@baylink.=
com
Designer The Things I Think RFC 2=
100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover =
DII
St Petersburg FL USA #natog +1 727 647 1=
274
