[afnog] Wireless Network

Geert Jan de Groot GeertJan.deGroot at xs4all.nl
Wed Jan 6 14:05:07 UTC 2010


In addition to the excellent points already made by others:
- With a network of this capacity, split up functionality, that is,
  your AP's should be just that (AP's), other smarts such as 
  DNS/DHCP/routing should be handled by other, dedicated boxes.
  If you don't have capacity problems now, you will, and you'll be
  glad that you can update components without dependencies.

  As Joel pointed out in his presentation, some AP's simply reboot
  if they get too many associations. For one, it would be nice if,
  should this happen, all people loose is their currently-connected AP 
  (and they can just statelessly roam to another AP), 
  and not their DHCP lease and something essential like that.
  Secondly, once AP's start rebooting because of load, the users will
  roam to another AP, which, because of the additional load, might
  crash and reboot as well. You might find waves of rebooting AP's,
  and the only recurse is less users, or more AP's, so make sure you
  have hot standby spares at hand.

- Don't get your hopes up regarding re-couping of unused IP's.
  With many devices "suspending"/"sleeping" you will find that an IP
  that became free (and can't be ping-ed) might awaken later, 
  when you already gave out the IP again to another device:
  not all devices do re-start the DHCP dance if they loose
  connectivity and devices *will* submarine-up if you don't want them to.
  Make sure your DHCP / NAT / IP-space pool is big enough
  so that you don't need to re-cycle them. For a conference,
  I try to size things so that IP's only need to be issued once,
  and not recycled, at least not during the conference.

- *Assume* a certain amount of bad behaviour and plan for it,
  certainly with "anonymous" conference networks.
  Some people, unfortunately, show irresponsible behaviour if they
  realize they're "anonymous", and sometimes, not the person,
  but the inadvertent livestock on the laptop shows bad behaviour.
  Realize that these people really are anonymous, that is, what do you
  do once you identified a certain IP/MACaddress and want to talk
  to it's owner?
  I've experimented with portals where people would need to 
  identify themselves, but a. most have issues, b. they don't scale well,
  c. people (rightfully) have reservations about giving out 
  personal information (even if it is just an email address).
  I have not found a solution yet that I would give to a community of
  even a few hundred people, with me answering their help requests.
  If someone knows of a portal solution that works on this scale,
  I'd be interested to hear about it.

- When you say 2000 users, is this a community of 2000 users, 
  or 2000 concurrent, active users doing things simultaniously?
  In the latter case, think what happens with NAT-boxes, should you
  deploy them, and scale accordingly. Expect to run out of ports.

- Incoming bandwith is always an issue. While some users simply do 
  think they absolutely need to torrent some TV eposides during the 
  busiest part of the day, another thing is automated updates.
  I do understand that when Apple, Mozilla and others release an
  update, it is in everyone's interest that these updates be installed
  everywhere, but if all you have is a very saturated 256k link,
  I very much would like a way to at least temporary suspend these updates
  so they be done when the uplink is less saturated.
  But, each of these systems use their own update mechanism 
  and the only way you can tell is of suddenly, a fair percentage 
  of your community start downloading files from the same source 
  simultanilously and that simply makes things very difficult.
  Most conference-network papers simply say "get more bandwith", 
  but that this isn't always easy on the African continent and sometimes
  one has to make do with what you can get.

Please tell us how it goes,

Geert Jan




More information about the afnog mailing list