Here are a few things I wrote in a previous blog on sagewire.sage.org.
———
Monday November 03, 2003
07:28 PM
Lisa 2003 Network
Well Lisa 2003 has passed, and as usual I learned a few things about setting up conference networks. The big “duh” this time around is that *a* T1 can’t support 700 sysadmins. Second prize goes to determining that a Cisco 1200 will support 400 odd associations, however latency between the AP and the gateway will exceed 3 seconds on fast ethernet. Consolation prize is for finding out that Linksys consumer (is that redundant?) hardware freaks out when too many radios associate and decides to ARP as the gateway.
The latter two issues are easy to fix; use more APs. I knew the 8 I have on hand weren’t enough to cover all the meeting spaces we use at the Town and Country hence the borrowed Linksys WAP11s. I have a lead on getting some Cisco 350s donated which will help when next we use the Town and Country (Security 04).
The bandwidth issue is much harder to solve for a number of reasons which boil down to budget constraints. While you might pay $900 or so for a month of T1 service, in the last few markets I’ve shopped I haven’t been able to get service for less than 12 months. Early cancelation fees are the remainder of the contract value. You math wizards will have concluded that purchasing a month’s worth of T1 would cost us $10,800. Now multiply by the number of T1s sufficient to support 700 – 1200 folks… So we use the bandwidth available at the hotel. The Town and Country presently has one and a third T1s; we had one, the vendor exhibition had the third. Fortunately they’re dropping a DS1 to provide in-room bandwidth between now and when we are next onsite so things should be better next time. We’re in Atlanta for Lisa 04 and we’re working on getting sufficient bandwidth and IP space donated.
The Town and Country is a great hotel for us as they let us do whatever we want network wise (Me: “Mark, I want to put an access point on the roof; can I do that?” Mark-the-Convention-Services-Manager: “Sure – let me know when you want to do it.”). The Marriotts are somewhat less flexible. They give STSN an in-house monopoly on connectivity so we need to pay them off to bring in our own bandwidth. We also have to pay to use their cable plant. Funny that the hotel General Managers don’t want us stringing our own CAT5 for free and sullying their lovely hotel. “Use wireless” you say? Considering how easy it is to take down a wireless network I’d rather not use it for a backbone.
It is apparent that I need to run squid or somesuch in the future. I re-wrote the gateway’s pf rules to dedicate bandwidth and priority to crypto traffic on Thursday and put the rules in place on Friday. They seemed to help a bit towards making ssh sessions something other than a typing accuracy test of patience. I also noticed that for some reason clients were hitting the outside dns servers rather than using the presumbably available local one. This presented problems as the outside dns servers were four and five hops out respectivly with 10-20% packet loss and 150-200 odd miliseconds of latency betwixt. A P3-800 *should* be able to support dns for a busy network. Wonder what I need to optimize…
For suggestions for next year’s network please send e-mail to wireless@usenix.org or comment on this post. I have a flame-retardant inbox.
fun stuff:
$ grep hardware dhcpd.leases | awk ‘{print $3}’ | sort | uniq | wc -l
741
traceroute to voyager.usenix.org (131.106.3.1), 30 hops max, 40 byte packets
1 tserver.wifi.conference.usenix.org (10.0.0.1) 2.605 ms 2.204 ms 2.157 ms
2 64-169-229-1.ded.pacbell.net (64.169.229.1) 3.016 ms 43.824 ms 3.056 ms
3 68.121.201.45 (68.121.201.45) 184.303 ms 177.48 ms 188.723 ms
4 bb2-g5-0.sndg02.pbi.net (63.200.206.3) 120.311 ms 159.382 ms 163.837 ms
5 bb2-p11-0.lsan03.sbcglobal.net (151.164.241.133) 186.33 ms 150.877 ms 109.922 ms
6 bb1-p14-0.lsan03.pbi.net (67.116.100.33) 141.067 ms 162.693 ms 151.976 ms
7 core1-p6-0.cranca.sbcglobal.net (151.164.241.206) 146.568 ms 148.242 ms *
…
Matt’s traceroute [v0.49]
tserver.conference.usenix.org Wed Oct 29 13:18:00 2003
Keys: D – Display mode R – Restart statistics Q – Quit
Packets Pings
Hostname %Loss Rcv Snt Last Best Avg Worst
1. 64.169.229.1 0% 59 59 0 0 1 3
2. 68.121.201.45 0% 59 59 176 10 143 324
3. 63.200.206.3 11% 52 58 143 20 131 185
——-
Friday August 02, 2002
10:46 AM
JVM
So I’m at JVM in San Francisco at the moment. Very different crowd than some of our other conferences. When the sessions start, wireless network usage drops off significantly. At most conferences the network is very active during the sessions, and overloaded at the breaks and in the evening.
Our uplink is through the Hotel’s ISP, STSN, the same folks that put those funny little internet access boxes in the guest rooms. They have 3 T1s into the Hotel, but it looks like there are 3-4 hops until we get out, at least one of which is cross country, and one probably hits their headquarters in Utah:
1 10.0.0.1 (10.0.0.1) 2.967 ms 2.299 ms 2.26 ms
2 10.1.176.1 (10.1.176.1) 11.854 ms 11.743 ms 11.686 ms
3 192.168.17.45 (192.168.17.45) 51.668 ms 35.22 ms 33.124 ms
4 p1.n-usslc0.stsn.com (12.23.69.1) 35.067 ms 35.841 ms 44.904 ms
5 sl-gw9-kc-7-0-ts2.sprintlink.net (160.81.77.37) 82.301 ms 57.258 ms 75.563 ms
Another interesting bit is that they redirect outbound smtp traffic from guest rooms to their own server.
Otherwise the bandwidth isn’t too bad. I’m getting about 40KB/s on large downloads. Of course, we only have 20-30 users on the network right now. The Security conference that starts Sunday will be a different story.
—–
Monday July 29, 2002
04:29 PM
!uunet From: and .doc
I just spent an unreasonable amount of time converting 10 years of e-mail in at least 6 formats for import into a sendmail imap server. The mail files were mixed with other documents in a rather complex tree which needed to be seperated into an exact mirror structure. I’m sure a seasoned SA would have whipped out two lines of perl and had the thing done in an hour. I’ve been using Unix for a year so I did it mostly by hand.
Note to self: move Perl up on the list of stuff to learn.
Now that I’m done, I can get ready to set up the onsite network for JVM and Security. Shouldn’t take too long since the terminal room was nixed. Hotels are starting to treat internet access like any other in-house service – they have an in-house provider that costs too much and requires “corkage” to let an outside provider in.
The hotel’s isp wanted to charge us six times the amount in our contract for a couple of static IPs, some bandwidth, and the priviledge of setting up our network. What they were willing to give us for the contract price would have given us a 3 chair terminal room, a couple places for folks to plug laptops in, and 20 wireless users on one wireless access point. Of course, we found all of this out three weeks prior to the conference, which gave us no 3rd party option.
After some long and nasty negotiations, we managed to get what we needed to do wireless and our registration network at the expense of the terminal room. I know I’m going to hear plenty of complaints about it.
Factoid: At our conferences, each can of soda costs USENIX between $4 and $6US, most of which is service charges.
——
Tuesday July 16, 2002
10:51 PM
a few things
Two interesting things today. I found MacStumbler http://homepage.mac.com/macstumbler/ and gave it a whirl on my powerbook. Just what the doctor ordered for looking at wireless networks on OSX.
I had a little fun tonight bringing up my 80G Seagate disk on the OpenBSD box which is developing into my home server. The disk was previously in a Linux box and had a bunch of data on it, particularly old e-mail, that I wanted on the new box. OpenBSD mounts ext2fs without issue. It was all too easy. My e-mail files were from a windows Eudora install. Eudora keeps its mailboxes in .mbx format, so all I had to do was move the files into my imap directory and resync my mail client.
——
riday July 12, 2002
03:15 PM
New WAP
Whoo hooo! My new Wireless Access Point came today.
Supposedly it can function as a bridge, a router (DHCP and NAT), or as a repeater…all for the low low price of $160US. It is alleged to support 256 clients via wireless or LAN (there’s a 4 port 10/100 switch built in). The especially groovy thing about it is the wireless card inside is a Lucent/Orinoco WaveLan-alike with the little hole for an external antenna and there is a ready made hole and cable guide for attaching a pigtail.
I bought it for home use, but you might see these units at future USENIX conferences if it performs as advertised. We lost an Airport BaseStation at Annual Tech, and one of our Aironet access points is permanently on the fritz, so I’m down to four working access points. Lisa will be in three buildings this year, so I hope I can get more equipment.
Oh, the units are Buffalo Technology AirStations:
provantage.com
update
The model I bought doesn’t repeat…only the pro and basic bridge repeat. Good news is the basic bridge costs $140US.
Range is comparible to an Apple Airport Basestation as one would expect. The documentation and web configuration utility are poorly written.
——
hursday July 04, 2002
07:09 PM
the long dry spell is over
Finally, the sleeper has awaken. After 40 days and 40 nights in the desert of dial-up, my dsl line is live. I’m sure there’s some sort of analogy that could be made given today is independence day. I’ll not make it. PacBell had to replace a switch in the CO to get my line working which took literally a month. Now, I’m a patient man and understand how networking is frought with unforseen obstacles, but three of my neighbors and my wife were also waiting for my dsl line to go on…and they aren’t so patient.
My neighbors will be connected via wireless and sharing the cost of the line. Now I just need to find a crypto/auth solution that works with Windows XP, Mac OS9 and Mac OS X, and preferably runs under OpenBSD.
