nanog mailing list archives
Re: Big Temporary Networks
From: Måns Nilsson <mansaxel () besserwisser org>
Date: Fri, 14 Sep 2012 09:34:35 +0200
Subject: Re: Big Temporary Networks Date: Thu, Sep 13, 2012 at 05:45:55PM -0400 Quoting Jay Ashworth (jra () baylink com):
----- Original Message -----At all possible cost, avoid login or encryption for the wireless.Yes, and no.
<snip> Just keep in mind that every action you make the visitors have to perform to get Internet connectivity is a support workload.
(For example, I have no problems blocking outbound port 25 and redirecting recursive DNS -- though I do want a system that permits me to whitelist MACs on request. But I would do those on the guest and dealer nets, and not on the staff one.)
Remember that DNSSEC breaks quite easily if you redirect DNS and since this is three years in the future, the uptake on DNSSEC may well have hit the point where there is visual feedback on validation in client UI.
While things have become much better, doing 802.1x on conference wireless probably is a bit daring. OTOH eduroam does it all over Europe.If I did try to do that, it would probably only be on the staff network; it's a much more contrained environment.
It'll work much better there, and FWIW, will be a little yet perhaps effective speedbump for intruders.
And get v6.Yeah, I assumed that, though it will be interesting to see how much play it actually gets; these are SF geeks, not networking geeks.
Again, even in North America, the uptake may well have accelerated enough that it is To Be Expected. Besides, IME, SF geeks are computer savvy more than others.
Oh yeah. I'm fond of leases as short as 30 minutes, though if I have a /16, I won't care as much.
A couple hours will get the user over a lunch break if not overnight, which means that long TCP sessions survive on Proper Computers (that don't tear down TCP on link loss. I'm looking at you, Microsoft!). This is Really Nice. Open up computer from sleep and press enter in xterm and ssh session is up. (my personal record is for telnet, an untouched connection survived two taxi trips, one night, some NATed wlan at the hotel and when i got back to the right network I just plugged the cable in and continued in the same session. But I cheated and had fixed addresses.)
Very nice, Måns; thanks.
My pleasure. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 He is the MELBA-BEING ... the ANGEL CAKE ... XEROX him ... XEROX him --
Attachment:
signature.asc
Description: Digital signature
Current thread:
- RE: Big Temporary Networks, (continued)
- RE: Big Temporary Networks Tony Hain (Sep 20)
- Re: Big Temporary Networks Masataka Ohta (Sep 20)
- Re: Big Temporary Networks William Herrin (Sep 21)
- Re: Big Temporary Networks Masataka Ohta (Sep 21)
- Re: Big Temporary Networks William Herrin (Sep 21)
- Re: Big Temporary Networks Masataka Ohta (Sep 22)
- Re: Big Temporary Networks JÁKÓ András (Sep 23)
- Re: Big Temporary Networks William Herrin (Sep 23)
- Re: Big Temporary Networks JÁKÓ András (Sep 24)
- Message not available
- Re: Big Temporary Networks Måns Nilsson (Sep 16)
- Re: Big Temporary Networks Måns Nilsson (Sep 14)
- Re: Big Temporary Networks Jeroen Massar (Sep 14)
- Re: Big Temporary Networks Jay Ashworth (Sep 14)
- Re: Big Temporary Networks Brandon Ross (Sep 14)
- Re: Big Temporary Networks Mikael Abrahamsson (Sep 14)
- Re: Big Temporary Networks Nick Hilliard (Sep 14)
- Re: Big Temporary Networks Nat Morris (Sep 14)
- Re: Big Temporary Networks Nick Hilliard (Sep 14)
- Re: Big Temporary Networks Nat Morris (Sep 14)
- Re: Big Temporary Networks Tore Anderson (Sep 14)
- Re: Big Temporary Networks Mikael Abrahamsson (Sep 14)