Overall a good article, although the claim that "WiFi has 11 channels and can give you 220Mbit in the air" is just wrong. You'll never deploy on all 11 channels without causing massive adjacent channel interference. 802.11 likes 25 MHz per AP, and the 2.4GHz channels are only 5 MHz apart. Deploying on anything other than 1, 6 or 11 will cause more problems than it will solve.
Additionally, dismissing the 5 GHz channels by claiming "those have lots of issues with many devices" is a facile argument. Deploying 5GHz channels (of which there are many more than 2.4GHz) is an excellent strategy in many cases - it enables you to offload 5GHz-capable clients (laptops, tables) from the 2.4GHz radios, freeing them up for 2.4GHz-only systems (smartphones, old laptops).
Anybody looking to deploy WiFi at a large conference needs to read Aruba Networks' High-Density Validated Design Guide, regardless of the hardware vendor you choose:
I might have been a little harsh on the 5GHz. There is currently a pretty widespread active problem (might depend on AP hardware/software) with some Apple hardware that is pretty much impossible to debug on a large scale, so that the only option we found was to disable it.
I think the most interesting bit here is "At JSConf we introduced social traffic which links all traffic to Twitter identities."[0][1] That is pretty... epic.
Hey @BandwidthHog stop hogging all the intertubes. You making puppies cry!
The problem is that if your event only has 100 people, that means that every attendee has to be willing to pay an extra $50 in order to have someone guarantee that the WiFi will work. That's why most event organizers just take their chances.
Upvoting. I realize this is a single vendor link, but I recently spent a long time redesigning my home network and settled on the same unifi system.
It's really worth looking at commercial grade access points if you are looking for a more robust networking solution, even at home. There are other good manufacturers besides ubnt, but their 3 unit unifi price point is pretty good. 2.4 ghz only however.
q: i've never attended such a conference. when the users move from room to room they would have to reconnect to another SSID ? or did you setup something like a mesh setup ?
this would only work if you aren't using encryption, like in your case ? (or encryption won't change a thing, except a lot heavier on CPU and there goes all down the drain)
How many attendees were there? I tried to find some numbers real quick and couldn't manage to find them. For conferences (or any high density user environment), the density of users has a massive impact on how the network needs to be designed (omni vs. directional antennas, output power, individual channel selection, switching infrastructure, etc.). There reaches a point where the device density is so high that even narrow beam antennas at the lowest power setting can easily be hitting max associations. Really the only way to provide good coverage at any sort of event is to plan ahead (months in advance, especially for tech-heavy conferences) and not trust that the IT department of the venue will know how to properly set up the access.
At the last JSConf, 370 attendees, ~1000 devices online. You are absolutely right. At a certain density all bets are off. We were pretty close to this point at several points in time. The problem gets much harder with more people.
The blog post is very much not about technical details. Having people who actually care is what really counts. This is all, of course, presented in term of not-for-profit-conf where paying people to get it right is usually not an option.
Yeah, that's definitely in the "too small to pay a company but big enough to have real problems to solve" range. I completely agree that just having people who care (and plan ahead) goes the furthest.
At a previous employer, the number of "Oh, we have a conference going on and the internet access sucks, please fix it" or "Yeah, we have a conference this weekend with <ABSURD NUMBER OF ATTENDEES>, can you get it built out for us?" calls we got were absolutely insane.
"Deploying on anything other than 1, 6 or 11 will cause more problems than it will solve,"
This is a fundamental mistake. You are correct that the transmit mask of WiFi allows for 3 'non-overlapping' channels in the 2.4GHz band, but the receivers won't allow simultaneous operation on these three channels since the advent of 802.11g (and 802.11n made the situation worse.)
The receivers don't have enough adjacent channel rejection (ACR) to deal with a strong (i.e. closer or high-EIRP) signal on an ajacent channel.
At 6Mbps, the IEEE standard requires 16 dB of adjacent channel rejection. The amount of ACR required by the standard is lower as the modulation rate increases. At 18Mbps the IEEE standard requires 11dB of ACR. At 54Mbps, the ACR required by the standard is -1dB. While some chipsets perform above these requirements one has to assume that the clients perform at the minimum, since there is no way to control what client will wander into the room next.
Nobody wants to believe it, but the way to make 2.4GHz WiFi work for large conferences is to run all the APs on the same channel (in any given 'band')
Most conferences that have encrypted WiFi will use PSK. Given the pre-shared key and observation of the handshake, you can calculate the session key and decrypt all traffic between a user and the access point. Compiling aircrack is no longer "grandmother" territory, but it is certainly "average linux geek" territory. Aircrack creates a virtual network interface, so you can even use it with Firesheep with no extra modification.
So turning off encryption is really not that bad when you consider that all it did was hog CPU and give people a false sense of security.
This is, in fact, what happened. An enterprising douchebag used Firesheep to sniff Twitter credentials, then #poopin'd a bunch of attendees. Malte makes oblique reference to this in the post.
I'm not convinced it's the WiFi provider's job to hold users' hands here. Most of us don't maintain separate browsing habits for public networks and private networks. I know that I never had an "aha, should use Twitter over HTTPS now" moment once I started using the WiFi at JSConf, and that's my fault.
In other words, session stealing can be resolved by the site itself (by forcing everything onto https, like GitHub has done), by the WiFi provider (by selectively redirecting traffic onto https and reminding people that the network is unencrypted), or by the end user (by being justifiably paranoid). In my mind, the former two aren't _obligated_ to help here, but may do it anyway just to avoid headaches all around.
I don't know about this conference, since I wasn't there. But speaking as someone who has helped organize conferences attended by a few thousand people, there are two points I would like to respectfully make:
1. Sometimes, the conference is about PEOPLE and the content of the sessions. I confess that at more than a few of the events I helped organize, it was no accident that the WiFi was wonky or non-existent. Yes, some people bitched and moaned, but the overall effect was that that attendees and speakers felt engaged with each other because everyone put their laptops away and actually paid attention to one another. In conversations and after-event surveys, the #1 bit of positive feedback was, "Hurray for having an event where the WiFi was turned off."
Yes, we all know that a lot of people attend events and use Social Media to bring in a larger audience from those who could not attend (I do), but all too often, I see people sitting there with laptops open to work e-mail. They're not there to add anything to the discussion, and really, what's the point of even being there?
Of course, a good conference organizer has already worked to insure that the speakers are well-prepared, moderators are trained and will actually do their job, and the content is valuable (not a sales pitch). It pains me to no end when I attend an event that waste my time by not having those three items checked off.
2. "Now you booked a venue and they say that they can handle the WIFI for you. Chances are, they are lying."
Respectfully, there's no conspiracy here. If your event is taking place at a hotel or conference center, then more times than not, WiFi is an expensive add-on (all things are expensive add-ons in the hospitality industry, but that's a subject for a much longer post). You have no control over it, and in fact, if you try to rig up a few routers and roll your own hotspot, you're often in violation of your facility's contract which means fines or blacklisting from future events.
Just my two cents from my own experience. Yours may differ, so we may disagree, but no flames, please.
38 comments
[ 3.8 ms ] story [ 76.9 ms ] threadAdditionally, dismissing the 5 GHz channels by claiming "those have lots of issues with many devices" is a facile argument. Deploying 5GHz channels (of which there are many more than 2.4GHz) is an excellent strategy in many cases - it enables you to offload 5GHz-capable clients (laptops, tables) from the 2.4GHz radios, freeing them up for 2.4GHz-only systems (smartphones, old laptops).
Anybody looking to deploy WiFi at a large conference needs to read Aruba Networks' High-Density Validated Design Guide, regardless of the hardware vendor you choose:
http://www.arubanetworks.com/pdf/technology/DG_HighDensity_V...
Appendix B and C contain some excellent information on planning and theory.
Hey @BandwidthHog stop hogging all the intertubes. You making puppies cry!
[0]http://social-traffic.streamie.org/preso/static/#slide17
[1]https://github.com/cramforce/social-traffic
http://www.thebestpageintheuniverse.net/c.cgi?u=epic
Pardon the title.
It's really worth looking at commercial grade access points if you are looking for a more robust networking solution, even at home. There are other good manufacturers besides ubnt, but their 3 unit unifi price point is pretty good. 2.4 ghz only however.
I don't mind a vendor link as long as it is a recommendation from experience.
The blog post is very much not about technical details. Having people who actually care is what really counts. This is all, of course, presented in term of not-for-profit-conf where paying people to get it right is usually not an option.
At a previous employer, the number of "Oh, we have a conference going on and the internet access sucks, please fix it" or "Yeah, we have a conference this weekend with <ABSURD NUMBER OF ATTENDEES>, can you get it built out for us?" calls we got were absolutely insane.
This is a fundamental mistake. You are correct that the transmit mask of WiFi allows for 3 'non-overlapping' channels in the 2.4GHz band, but the receivers won't allow simultaneous operation on these three channels since the advent of 802.11g (and 802.11n made the situation worse.)
The receivers don't have enough adjacent channel rejection (ACR) to deal with a strong (i.e. closer or high-EIRP) signal on an ajacent channel.
At 6Mbps, the IEEE standard requires 16 dB of adjacent channel rejection. The amount of ACR required by the standard is lower as the modulation rate increases. At 18Mbps the IEEE standard requires 11dB of ACR. At 54Mbps, the ACR required by the standard is -1dB. While some chipsets perform above these requirements one has to assume that the clients perform at the minimum, since there is no way to control what client will wander into the room next.
Nobody wants to believe it, but the way to make 2.4GHz WiFi work for large conferences is to run all the APs on the same channel (in any given 'band')
Even your grandmother can steal sessions with Firecookie these days.
So turning off encryption is really not that bad when you consider that all it did was hog CPU and give people a false sense of security.
I'm not convinced it's the WiFi provider's job to hold users' hands here. Most of us don't maintain separate browsing habits for public networks and private networks. I know that I never had an "aha, should use Twitter over HTTPS now" moment once I started using the WiFi at JSConf, and that's my fault.
In other words, session stealing can be resolved by the site itself (by forcing everything onto https, like GitHub has done), by the WiFi provider (by selectively redirecting traffic onto https and reminding people that the network is unencrypted), or by the end user (by being justifiably paranoid). In my mind, the former two aren't _obligated_ to help here, but may do it anyway just to avoid headaches all around.
1. Sometimes, the conference is about PEOPLE and the content of the sessions. I confess that at more than a few of the events I helped organize, it was no accident that the WiFi was wonky or non-existent. Yes, some people bitched and moaned, but the overall effect was that that attendees and speakers felt engaged with each other because everyone put their laptops away and actually paid attention to one another. In conversations and after-event surveys, the #1 bit of positive feedback was, "Hurray for having an event where the WiFi was turned off."
Yes, we all know that a lot of people attend events and use Social Media to bring in a larger audience from those who could not attend (I do), but all too often, I see people sitting there with laptops open to work e-mail. They're not there to add anything to the discussion, and really, what's the point of even being there?
Of course, a good conference organizer has already worked to insure that the speakers are well-prepared, moderators are trained and will actually do their job, and the content is valuable (not a sales pitch). It pains me to no end when I attend an event that waste my time by not having those three items checked off.
2. "Now you booked a venue and they say that they can handle the WIFI for you. Chances are, they are lying."
Respectfully, there's no conspiracy here. If your event is taking place at a hotel or conference center, then more times than not, WiFi is an expensive add-on (all things are expensive add-ons in the hospitality industry, but that's a subject for a much longer post). You have no control over it, and in fact, if you try to rig up a few routers and roll your own hotspot, you're often in violation of your facility's contract which means fines or blacklisting from future events.
Just my two cents from my own experience. Yours may differ, so we may disagree, but no flames, please.