PSU Network Requirements

To: debconf-team@lists.debconf.org, debconf14-team@lists.debian.org
Subject: PSU Network Requirements
From: Kees Cook <kees@debian.org>
Date: Wed, 4 Jun 2014 18:33:55 -0700
Message-id: <[🔎] 20140605013355.GK5422@outflux.net>

Hi,

I talked on the phone today with the head of the PSU network. I can't say I
have good news at all.

They don't want us setting up our own wifi network because it will
collide with theirs. The /16 they'd mentioned is for their entire campus,
not just for our conference. Their guest wifi network is a captive
portal that needs email registration on a per-MAC per-day basis. All
externally-initiated traffic is blocked. Their wifi and wired networks are
separate segments.

What they can do:

- light up 1 port per conf room with access to their wired network
- disable port security for our rooms so we can add our own switches
- add hardcoded MACs to the wifi guest ACL that avoids the captive portal
- support thousands of people on their wifi network

Non-negotiable items:

- they will not allow us to set up unauthenticated bridged wifi to their
  wired network since this exposes campus services to the outside world.
- they will not turn off the bulk inbound firewalling for their network.

Negotiable:

- if we bring an ISP in, they'll route it to our conf rooms, and they'll
  help us set up our own wifi gear to interfere as little as possible with
  their existing wifi network. But they'd rather not.


In my prior attempts to gather networking requirements, I've only heard
about "past conference did XYZ", rather than understanding what specific
services need to be supported by the DebConf network infrastructure.

The only hard requirement I've heard so far is that a single IP needs
unfiltered inbound connections for providing the video streaming. Is this
accurate? Does the video team need more than this?

Do we _need_ to not have a captive portal on the wifi? If so, why?

Do we _need_ to have arbitrary inbound access? If so, why?

Do we _need_ wired switches in all the rooms? If so, why? (I suspect I can
answer this one, but I want to hear other voices.)

Do we expect to host an archive mirror or other services somewhere on
the wired network? If so, why?

If we bring in an ISP, it's going to get messy and costly. I would
really like to avoid this, but it seems to be our only fallback if we
can't live peacefully on their existing infrastructure. IIUC, they peer
with at least with Integra. Possibly ComCast. I'm getting an up to date
list shortly.

-Kees

-- 
Kees Cook                                            @outflux.net

Reply to:

Follow-Ups:
- Re: [Debconf-team] PSU Network Requirements
  - From: Richard Hartmann <richih.mailinglist@gmail.com>
- Re: [Debconf-team] PSU Network Requirements
  - From: Carl Karsten <carl@nextdayvideo.com>
- Re: [Debconf-team] PSU Network Requirements
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: [Debconf-team] PSU Network Requirements
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: Artwork jobs DC14
Next by Date: Re: [Debconf-team] PSU Network Requirements
Previous by thread: Re: Artwork jobs DC14
Next by thread: Re: [Debconf-team] PSU Network Requirements
Index(es):
- Date
- Thread