Hotspot for 2 hundred people in one place

"filomaters" hath wroth:

200 journalists? I think critical mass for journalists, where they all go nuclear, is about 20 journalists. If they're broadcast media journalists, the noise will be deafening when they go critical.

Will all 200 be using their laptops simultaneously? What will they be expected to be doing?

Most low end routers can't handle large number of simulaneous connections. Hardware is the least of your problems.

I've done a few of those. The real problem is that you have to have a good idea of what these journalists are going to do with the wireless. In most cases, I've found that the use is limited by the backhaul bandwidth and not the number of access points. What manner of backhaul to the internet do you have available?

For a single large room, you're plan of 3 access points is usually sufficient for the faire, hotel, and convention applications that I've done. Any more radios and you'll have mutual interference problems. However your choice of hardware is a problem. Look into better hardware from Cisco, Sonicwall, 3com, or one of the wireless switch vendors. I suspect that this is a temporary installation. You might also consider renting the wireless system from some vendor.

Also, if temporary, be sure to have a spare access point handy. The problem isn't failure. It's that they tend to get stolen. Also, if easily accessible, be sure to plug up the hole for the reset button as there are vandals out there that like to punch reset at conventions and shows. Also, spare runs of CAT5 cable to replace those that get trampled by the attendees. Also a small UPS for each AP as I've had the whole network crash when the light came on and the power glitch hung the various access points. Also.... we'll, you get the idea. Cover thy ass and you'll be fine.

You'll need to have some type of monitoring system working. With 200 journalists, you're highly likely to have at least one laptop infected with a worm or virus. Look for excessive SMTP traffic and block their MAC address on all 3 access points. Bandwidth management and QoS might be a good idea, but if your router can limit the bandwidth per user IP, it should be sufficient to keep one user from hogging all the backhaul bandwidth.

Your access points should have "AP protection" or "client protection" feature enabled. That will prevent any wireless client to client connections and attacks.

In the past, I would simply run an open system with no encryption. That was convenient, but it caused a few security issues. So, I implimentented WPA encryption and discovered that a large number of wireless clunkers would still not do WPA. However, these days, I think it's safe to use WPA-PSK-TKIP. The nice side effect was that typing a simple password (twice) when it asked was way over the heads of most attendees, thus reducing the system load. Nobody complained, probably because it would imply an admission that they were clueless.

I've also found with conventions that many people say that they'll bring their laptops, but usually hate to drag their laptops with them. There are better things to do at conventions and it's also kinda hard to hold a laptop and a drink at the same time. The result is that the laptops stay in the hotel or car. For 200 journalists, you may see only about perhaps 30 dragging their laptops with them and even fewer using them. As I've notice at various events, the stories get written AFTER the event, not during.

Thank you, very much for your advices. You're right, it is a temporary installation. Our bandwitdh to the interent is 40 Mbits. It won't be convention or conference. It will be sport championship. I suppose, that journalists are going to send articles about competiton to their companies everyday. In this gym there are also about 50 ethernet sockets on tables. We try to get Cisco AP1240 instead of that devices. MK

"filomaters" hath wroth:

Warsaw, Poland?

I'm jealous. 40Mbits/sec should be more than enough. It might even be enough for a video feed. If that's what the journalists are thinking of doing, you may have some bandwidth issues. As I indicated before, you need to know what the journalists are going to be doing.

I must confess that I've never done wireless at a sports event. I rarely attend sports events and don't know how the sports journalists operate. You might want to ask them if they write they're stories during the event, after the event, plan to use VoIP as a live feed, or plan to use video as a live feed.

That will make it very easy. I suspect most of the journalists will plug their laptops directly into the ethernet rather than deal with wireless issues. Therefore, I predict your wireless load to be very light. 3 access points will do fine. Be sure to have some spare CAT5 ethernet cables for those journalists that are addicted to wireless and have forgotten their cables.

This is a good dual band unit (802.11a/b/g). Having 5.7GHz available will be a big help to reduce the wireless traffic load.

Incidentally, I found the chart I was looking for on the maximum number of simultaneous connections. It's a good reason why you don't want to use consumer grade wireless access points and routers for systems with a large number of connections:

Under "Benchmarks" pull down to "Maximum Simultaneous Connections".

Um i think thats sesions going out of the router - not wireless conections to the ap

whist revising using the Ciso press guide to site installation for heavy use they quote 10-12 clients per ap - light use up to 20 per. ap.

you might be ok just have some hubs/switches avaible to increase the numebr of wired connections.

for a more high end solutions might you could try 3 cells 1 6 and 11 covering the room with 2 or 3 ap's per cell but that would require the ap's to load share.

ISTM there are several types of limits at work. WiFI is a half-duplex contention media and more than a couple heavy users per radio and will and you'll never see full speed for anyone. Streaming video to all reports could kill you. If IP multicast (the correct solution) has made it to consumer equipment, I missed it.

Consumer-grade routers have (or had) limits related to the number of open connections and NAT and these had little to do with the TCP load, just open connections and a robust implementation of NAT. Web browsers classically don't keep connections open but they create connections at a fearsome rate and too many users could find bugs in a crappy NAT box.

IME, if you use a bit of consumer computer equipment in a fashion not shown in the glossy literature or manual, you are asking to be screwed at the worst possible moment.

snipped-for-privacy@panix.com (Al Dykes) hath wroth:

It's wireless, not wired but it does involve the router section. IxChariot opens multiple simultaneous connections (both wired and wireless) for testing. In fact, their licenses steps are by the number of simultaneous connections that the software will simulate. Some details on how the tests were performed can be found here:

I don't currently have an IxChariot license so I can verify the claims. However, I've seen the effects of too many connections using some proprietary simualtion software. What happens is that the wireless access point has a MAC address to port number table that has to be maintained. The table contains other information (speeds, protocols, metrics, whatever) which can make the table grow quite large. However, the RAM inside the access point and router sections is rather limited and eventually the table will overflow. To prevent a crash, this table is probably updated with a "least recently used" algorithm that dumps old entries in favor of new fresh entries. The speed at which this can be done is the major problem. If new MAC addresses arrive faster than the access point can flush stale entries, it will eventually refuse or fail to accept a connection. Some of these tables are very small. The router also has buffers and can also overload or overflow

Note that new MAC address connections is quite different from using IPerf with the -P (parallel) option, which opens a large number of simultaneous IP sockets. I can usually benchmark with several hundred simultaneous parallel connections and not have the router die while the same router will choke on a much smaller number of simultaneous MAC addresses.

Also, if want to have fun breaking routers, here's Microsoft BitTorrent simulator:

I haven't tried it yet, but it looks like fun.

Yep. Lots more such as Peer to Peer appliacations that open up huge numbers of IP sockets and corresponding buffers. When the router manufacturers finally woke up and realized that 60% or more of the internet traffic is peer to peer, they had to scramble to tweak their firmware to accomidate it. Screaming video, gaming, and VoIP all required tweaks and tunes to make the routers work correctly.

The number of simultaneous wireless connections should only be an issue with commerical installations which might actually have a large number of such connections. The typical home user will never see it. Yet, the use of bottom of the line wireless devices in commercial applications (i.e. hot spots) has inspired the manufacturers again to improve their firmware. As new applications arrive, I expect more tweaks and tunes.

Yep. However, there's a problem with wireless connections. Even clients that have no permission, authorization, or need to connect to an access point must first initiate a connection in order to have the encryption or security system refuse to allow them to move traffic. In the simplest case, a Netstumbler probe request will still create an entry in the access point's MAC address table on the assumption that a connection is about to be initiated. Since this is well before the encryption key exchange cerimony, this entry sticks around until the next MAC address tries to connect. In a busy area, it's possible to have hundreds of MAC addresses in the table, but only a small number of valid connections (that pass the security).

Yeah, I know, but following instructions is no fun.

yeh i keep toying with seting up a wireless network for a conference i'me going to later in the year a few second hand wrt54g's and some tempory cat 5 as a ds shou'd do it.

" snipped-for-privacy@thuk.co.uk" hath wroth:

Throw something together crudely and it will work ummmm..... crudely.

I was thinking more like a central wireless switch and a mess of expendable wireless access points with an assortment of antennas. The problem is that where I usually get involved is when someone else's WLAN system becomes unmanageable due to abuse, security, or the traditional bad planning. For example, a hotel conference room, where everyone brings a laptop to the seminar, everyone turns it on at the same time, and every single laptop decides that this is the time to do a massive download in order to update an assortment of application. Same thing but add the attendee with a worm infested laptop, video phone, or running a P2P file sharing application, that are hogging all the outgoing bandwidth. My job seems to be identifying these people and pulling the plug on them.

In order to make such a portable WLAN work, methinks there has to be some central management. For example, if I identify the source of a worm by MAC address, I could easily filter/block them from the WLAN. However, I don't want to spend my life entering the same info into every single access point. Same with parameters for load balancing, bandwidth management (Qos), traffic monitoring, pretty graphs, and of course, authorization and authentication (if necessary).

It would also be tempting to do it all via wireless, using 5.7GHz as a backhaul from the remotes. Most of the mesh network vendors have such dual radio, dual band products. However, they cost much more than the CAT5.

This has probably been worked out by dealers that rent out WLAN systems, but I can't seem to find much on the topic on the web. Well, maybe it hasn't.

Incidentally, one of my friends did an outdoor event last summer. I think it was a chili cookoff. Started with 6 access points. Ended up with zero as they were systematically stolen during the event. I supplied 2 replacements to keep the network barely alive, which fortunately did not get stolen. He also managed to "borrow" a 1000ft roll of CAT5, which he has not bothered to replace. Are you *SURE* you want to do this?

Or you are hosting software engineers and one of then forgets that he has a DHCP server running on his laptop. :-(

The "Free WiFi" hackers have written linux-based software for their hotspots. The basic software makes each new user agree to terms of service and gives him a connection to the outside world. I'm sure that it has the ability to throttle heavy users.

I'd put an entry in the local DNS server that "black holed" update.microsoft.com, or whatever it's called, for my public WiFi network.

These folks have authored some of the WiFi software. They've redesigned the site so you've got to look for yourself.

Well its only one hotel and i recon only 20-30 delegates with have the laptop's and the conference hall is in the same hotel

though i ought to investigte geting some one" in side the wire" to see if we could borrow a few 1510's :-)