copyright 2003 ubc wireless.ubc.ca the world’s largest wi-fi campus network jonn martell wireless...
TRANSCRIPT
Copyright 2003 UBC
wireless.ubc.ca
The World’s Largest Wi-Fi Campus Network
Jonn MartellWireless Project Manager, [email protected]
Presentation MaterialV2.30 August 2003
Copyright 2003 UBC
University of BC (UBC) A “Research 1” university Public (and research) funded Motivation: Estrategy and UNP $30.6 M CDN wired project of which
10% was allocated to a specific wireless budget and project.
High level support and buy in.
Copyright 2003 UBC
The wireless project status
Over 1000 APs installed, operational and documented
More than 1200 APs planned (by Sept’03) 1600 AP drops already installed (1800
planned) Over 3000 unique users 2002-2003 Over 100 GB of transfer/week All types of ceilings and space On target, on budget $3.6M Near 100% coverage for September
Copyright 2003 UBC
Copyright 2003 UBC
Prime Directives User centric & ease of use. Estrategy self service tools.
Faculty, Student, Staff and guests/affiliate with sponsor
Zero cost networking University funded Cost to user (dollars, time, grief etc).
Built on standards and modular Meeting UBC’s mission
Copyright 2003 UBC
EDU Environments Various “Hostile indoor environments”. A University network is really a mix of enterprise
networking and hotspot/public access. Users only use security if it’s easy and
transparent. Could limit communication with secure protocols
only (SSL, VPN, EAP)… or use proprietary security but it’s not practical.
Favoring openness helps adoption. Added wireless security with 802.1x (PEAP/LEAP) Off campus: VPN always needed for off campus
Copyright 2003 UBC
Technology 802.11b 11 Mbps everywhere 802.11g 54 Mbps as upgrade in the
fall ‘03 802.11a 54 Mbps in heavy areas,
mostly planned for Q1/04 (depending on pricing issue).
Mostly enterprise Cisco AP1200 and some AP1100
Copyright 2003 UBC
Seamless – Web login Plug and play Automatic Web login Any browser will work to
authenticate users (except Sony Clie and Apple Newton)
Keeps track of users, traffic generated, time on/off
Reached over 3000 users during the 2002/2003 school year.
Very little support issues
Copyright 2003 UBC
Interaction with users Web driven with
backend database Tied with Project
status Allows us to
communicate effectively on this fast track project.
Feedback has been very positive.
Web based Management tools
Copyright 2003 UBC
Web driven administration Everything is Web
driven Tracks buildings,
APs, etc. Status of buildings
and service bulletins
Web driven Q&As
Copyright 2003 UBC
DB based documentation
Copyright 2003 UBC
Project Milestones May 2001 – Library wireless Project July 2001 – Site Surveys start campus wide Sept 2001 – Indoor/outdoor pilot Dec 2002 – RFP for equipment Feb 2002 – Library operational Mar 2002 – Project team finalized May 2002 Equipment Selection “Version 1” for September
2003 Sept 2002 – Campus wide over 35% coverage Oct 2002 – “Version 2” plans: VLAN APs, POE switches and
WPA March 2003 – Final equipment arrival, installation/replacement. September 2003 – Completion date for Version 2.
Copyright 2003 UBC
Critical Path Issues 802.1x deployment
PEAP vs LEAP vs 802.11i Doesn’t have to be perfect, just “good” “Cisco only” wireless network will help us bridge
standards gap. Expect upgrades as part of 802.11g and 802.11a
Deploy VPN V.2.0 (with .group pools) 802.11g (54 Mbps) upgrade in October Expand management tools – vendors
tools are currently lacking.
Copyright 2003 UBC
Key to success Designing for “zero cost” using Standards-based
NICs, automatic Web page redirect. Self service model means low support requirements as we scale deployment.
Login requirements (and status feedback) makes users more responsible.
All information is logged (time, traffic, machine) via RADIUS & SQL.
Channel RF issues and unknowns haven’t stopped us from deploying but we know it’s an isue with load. Enabling very interesting research in this area.
Copyright 2003 UBC
Security – solving The issue Current work arounds
Web Login – automatic and painless VPN (both Microsoft PPTPv2 and IPSec) back to RADIUS
(storing MSCHAP in LDAP ) Antivirus (in progress) Network and Personal Firewalling (in progress and built
in on XP) Intrusion Detection (in progress) VPN (as extra protection, with virtual .group support)
Future 802.1x with PEAP/WPA/LEAP (in testing) 802.11i (if they ever finish it)
Copyright 2003 UBC
Surprises In late 2001 – FCC limitation:UNII-I antenna limits. The lack of good enclosures for public indoor space (still
today!) Microsoft VPN support with non-Microsoft backends. The lack of intelligence with the Pocket PC 2002 VPN client
(only connects for .dotless servers making it useless for wireless). Palm Tungsten C works very well with PPTP.
People don’t seem to care about security: how many conference wireless networks are wide open?
Still get the question “Do we really need to authenticate users?”
TOC doesn’t have be a killer if systems are well implemented. Being Early Adopters often means encountering problems not
seen by others and vendors.
Copyright 2003 UBC
Implementation VLANs to support multiple type of “virtual
wireless networks”. Supporting multiple Open, 802.1x and TKIP
private networks. Want to avoid rogue APs (and cross-domain RF
management) although in a distributed EDU environment this can only be done by delivering what users want.
Standards-based NICs (we need to make sure that good interoperability is enforced by the Wi-Fi Alliance). WPA and WPA2.
Copyright 2003 UBC
Conceptual Network Diagram
Copyright 2003 UBC
Uses Student, Faculty, Staff and visitors Email, calendaring, messenging Voice over wireless (campus wide Wi-Fi
cordless phones) Instrumentation Online voting, score keeping One Card vending machines Wireless photocopier/printers Utilities – plant operations Wireless labs and faculties
Copyright 2003 UBC
External Visitors Identified over 10000 external users with some
relationship with the University Library card holders Affiliated colleges Affiliated hospitals Conferences and external bookings
Developing the Hotspot Model Build/Buy – not that difficult Outsource – coming to terms with best way to protect
interests of the University. Peering partnerships (T-Mobile, Fatport and others).
Copyright 2003 UBC
Managing a large network Management tools
becomes more important as size of the network grows.
Need to manage each AP and switch (especially as authentication/encryption moves down to APs)
Standardize images and configurations helps in management
Copyright 2003 UBC
Manageability affects cost of operation and service levels
•Management tools need to understand VLANs.•Need to automatically map network, simply too big to do it by hand.•Need way to make building maps available to Sysadmins based on CWL roles.
Copyright 2003 UBC
Internal challenges Troubleticketing. Change management. Time tracking (where was the time
spent, why and can it be optimized?)
Copyright 2003 UBC
External Challenges Finding “off the shelf” tools to manage the large
wireless network (APs and switches) as one. 1500+ managed devices.
Getting our AP vendor to support true “virtual” wireless network (open of broadcast SSID on all SSID, not just primary).
Provide a way to allow departmental wireless networks to authenticate to local Microsoft Domains.
Getting desktop vendors to support both open and closed (non SSID broadcast) equally.
Fighting fuzzy (optional) standards