Work In Progress WORK IN PROGRESS Work In Progress

AHM2008 - Report and conclusions


These notes summarize what was done to arrange the networking for the AHM2008 conference held in Appleton Tower and the Informatics Forum over the period 8-11 September 2008.

The intention is to provide a template that can be used should such an event ever be hosted again, to outline the lessons learned, and to flag up issues that require more thought in advance of any similar event.

1. Wired network

The general requirement for the wired network was to:

  • Provide wired connectivity to 28 exhibition booths (16 in the AT concourse, 12 on the Informatics Forum ground floor).
  • Provide wired connectivity to two 'Demo Rooms' and one 'Presentation Room' on the AT mezzanine level. (These rooms are unnumbered but are the rooms which effectively constitute one big room on the mezzanine level which can be subdivided using partitions.)
  • Provide wired connectivity to AT lecture Theatres 1, 2 and 3.
  • Provide wired connectivity and phone to the registration desk on the Forum ground floor.

Initial thought was to provide LapLan2 throughout: good job we didn't, since that service hands out private addresses and uses NAT, which would have broken certain exhibitors' requirements. Moreover the requirement to manually authenticate the connection would almost certainly have caused problems.)

We decided to use Informatics subnet carried on VLAN 110 (aka Conf110) throughout,

VLAN exported to AT via uplinks:

All ports involved (both Forum and AT) carry VLAN 110 as the single untagged VLAN

Infrastructure machine: toscanini (DHCP, routing, iptables)

Primary router: klemperer (routing, iptables)

Firewall: allow outgoing to all except Inf subnets; block all incoming except for things specifically requested in advance. A (better, safer, and easier to implement) ruleset of 'allow all outgoing except to' wasn't possible since three exhibitors were from Ed Uni and couldn't easily specify their exact requirements.

Ruleset in the AHM2008-iptables RPM

It would not be acceptable to use LapLan2 even if an acceptable firewall configuration could be provided: the requirements of some exhibitors' preclude the use of private addresses and NAT.

A late decision was to change the ports in the 'Demo' rooms, 'Presentation' rooms, and Lecture Theatres from LapLan2 to VLAN110. This was just to provide consistency and avoid confusion.

NOTE: we now have to unexport VLAN 110 from At to ensure that our IP addresses aren't being used via DHCP!!!

2. Wireless network

Standard University 'central' wireless, plus some EduRoam wireless provided by two loan WAP's from IS.

Everybody - exhibitors, organisers and delegates - provided with a 'guest' wireless account.

EduRoam is clearly not well understood by many and requires some expertise to use. Most people appear to have used the (simpler) 'guest' accounts and the wireless authentication gateway.

Two people reported problems of accessing their remote institution's VPN via our wireless service. the suspicion is that the problem occurs since the wireless service here now hand out private IP addresses, although one person affected claimed to have[previously accessed his VPN via a wireless service which was using NAT.

-- IanDurkacz - 12 Sep 2008

Topic revision: r1 - 12 Sep 2008 - 13:39:52 - IanDurkacz
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies