Re: [Debconf-team] PSU Network Requirements

To: Kees Cook <kees@debian.org>
Cc: debconf-team@lists.debconf.org, debconf14-team@lists.debian.org
Subject: Re: [Debconf-team] PSU Network Requirements
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Thu, 5 Jun 2014 07:38:51 -0500
Message-id: <[🔎] 20140605123851.GC79369@gwolf.org>
In-reply-to: <[🔎] 20140605013355.GK5422@outflux.net>
References: <[🔎] 20140605013355.GK5422@outflux.net>

Kees Cook dijo [Wed, Jun 04, 2014 at 06:33:55PM -0700]:
> Hi,
> 
> I talked on the phone today with the head of the PSU network. I can't say I
> have good news at all.

Umh, right. Although they can be seen in a good light: This saves us
from the work of setting up the network :)

> They don't want us setting up our own wifi network because it will
> collide with theirs. The /16 they'd mentioned is for their entire campus,
> not just for our conference. Their guest wifi network is a captive
> portal that needs email registration on a per-MAC per-day basis. All
> externally-initiated traffic is blocked. Their wifi and wired networks are
> separate segments.

The main thing that worries me here is that I've seen very few Wifi
setups where the infrastructure is adequate for the density we usually
handle. Yes, also in DebConf we have saturation problems, but at least
we know our guys know their way setting up APs in the right channels
to minimize the problem (and whatever other configmagic I do not know
about). Can PSU provide at least the facility for their network admins
to do the needed changes if they are pointed out? How many APs do they
have per working space?

We could consider having enough switches and cables for people to
connect, in order to avoid starvation syndrome.

> What they can do:
> 
> - light up 1 port per conf room with access to their wired network
> - disable port security for our rooms so we can add our own switches
> - add hardcoded MACs to the wifi guest ACL that avoids the captive portal
> - support thousands of people on their wifi network

If this is so (and *done properly*), I think we won't have much
problems. If they can set up *more than* one port, that would be great
— If for nothing else, to separate video streams from regular
traffic.

We can ask attendees to provide their MAC addresses beforehand, so we
are all on the ACL whitelist by the time we get there?

I don't see the captive portal as much of a problem, unless it's one
of those captive portals that kicks you out and drops your connections
too often (but if you say it requires one login a day, it's not that
bad).

> (...)
> Do we _need_ to have arbitrary inbound access? If so, why?

It's nice to have, but we don't _need_ it, and we have often not had
it.

> Do we _need_ wired switches in all the rooms? If so, why? (I suspect I can
> answer this one, but I want to hear other voices.)

I'd say, yes. Because wireless is much fail-prone. Also, because
several people come with devices other than laptops they want to work
on, and those devices don't always have a wireless interface.

> Do we expect to host an archive mirror or other services somewhere on
> the wired network? If so, why?

It would be good. Because having a mirror strongly reduces network
load — Some hundreds of Debian people working on Debian time will be
hammering ftp.us.debian.org otherwise.

> If we bring in an ISP, it's going to get messy and costly. I would
> really like to avoid this, but it seems to be our only fallback if we
> can't live peacefully on their existing infrastructure. IIUC, they peer
> with at least with Integra. Possibly ComCast. I'm getting an up to date
> list shortly.

I don't think we will need an external ISP.

Reply to:

References:
- PSU Network Requirements
  - From: Kees Cook <kees@debian.org>

Prev by Date: Re: [Debconf-team] PSU Network Requirements
Next by Date: Re: [Debconf-team] PSU Network Requirements
Previous by thread: Re: [Debconf-team] PSU Network Requirements
Next by thread: Re: [Debconf-team] PSU Network Requirements
Index(es):
- Date
- Thread