Wireless questions

Thu Jan 30 22:14:40 PST 2003

Quoting Brian Street (brian.street at bayarea.net):
> I wonder how many of you out there have experience in wireless
> networks. I'm being asked by a client if it is possible to set up
> a wireless network for 125 tenants in an apartment complex. Of
> course, I said it was but wasn't
...

Bear with me for a moment...

I just bought a house in an area of oakland hills that had no
Internet.  Moving from static-IP DSL, and with a two system
admin house, this was ungood.  I played with getting a T1 and
paying for it by doing wireless Internet for neighbors.  Maybe
a little cohosting for some friends who are paying for it
elsewhere.  All for the "cause" and all that.

It was such a good idea that a guy down the street was doing
just the same thing.

(And a layoff meant that a cheaper solution was quickly desired,
so I'm on AT&T broadband for a couple months).

Okay, the guy down the street is a cellular guy, not a computer guy.
So he's been recommending certain antennae (fine) and a Cisco "wireless
bridge".  Up to 8 ARP addresses per box for several hundred $$$.

It wants line of sight from his house or the house of another person
on the net.  Mostly.

Slightly more tangentially:
I've been working with small boxes like various Soekris boxes.  A
pair of wireless cards means one uplink, and one (optional) for
inside the house.  Two built in ethernets.  Boots from a compact
flash, runs BSD, does NAT and IPv6 and perhaps the whole proprietary
Cisco spanning tree stuff and 8 ARP addresses per remote box can
go away.

What are your issues gonna be?
Well, walls are a big one.  You don't mention the building.  I
talked about a T1 with an NYC apartment building near an old
apartment I had.  Pre-wireless, but running Ethernet to 200 apartments
was pretty moot since they had cable running to all the apts.  They
wouldn't have done wireless because of lots of brick and plaster
with wire lathe (faraday cage) meant that reception for *FM* *radio*
was pretty bad.

You don't mention the building, but what it's made of it key.
How it's laid out is key.

You're gonna have to run some cable.  Either ethernet and/or antenna.
Antennae only go so far, but running ethernet once for each of
several apartments and burying a small A.P. either in a cooperative
apt (they're not high power) is easier than Ethernet per apartment.
Power over Ethernet (PoE) works for lots of newer devices.

You have Coax cable to each apt (cable), how hard would it be to pull
CAT 5 for each of those? Esp since 30-50% might not be interested
at all at first.

Hell, is injecting your own ethernet onto the Coax possible with
end users using cable modems?  My college redistributed cable
and we added a couple channels for school use.  It's doable,
but you become the local cable company for the apt. dwellers.

Privacy:
WEP is crap.  128bit wep isn't much better than 56bit.  It's like
speaking piglatin, but faster to maintain privacy.  Wireless invites
sniffing and hacking into it.  You *could* change keys every week
or so.  You could force an additional authentication (like hotels:
log into a web page, your ARP address is allowed for N hours).
IPSec for 125 people would suck.  It's a problem with no simple
solution.

Several Access Points should cover 125+ people depending on the
layout.  A single box can provide two separate access points,
I believe (2 or 3 cards, antennae distributed up to 30' away)
There's tons of info out there and that density is not something
I've dealt with.  The first Apple Airports could support maybe
15 people per unit.  I know that's cranked up a bunch with newer
devices (including newer Airports)

Antennae are key.  There are several that are powerful and/or
attractive for inside use.  My (orig) airport doesn't cover a (good
sized, non-pennisula, drywall) house well. A little antenna changes
that.  A good one means that I talk to the guy down the street
really well (800 feet and through another house).

Will a T1 work for them?  I couldn't say.  My (ex) office had 125
technical people on the computers a lot and a T1; worked mostly
pretty well.  I might run a decent mail server inside the network.
1000 people is trivial - a Pentium/600 with 256MB of RAM running
an IMAP server can do what you need with decent disk.  Another for
anti-spam/virus filtering, maybe webmail.  More value add.  But that's
me and I run mail a lot.

Bandwidth shaping will be key (every school knows this).  Limiting
web per user to keep bandwidth hogs from killing everyone.  Leave
SOME I/O for email, etc.  ALTQ does this adequately.

Disruption:  802.11g is almost a spec, so products are coming out.
Much faster than 11a, but that's only useful for peer to peer, not
the T1.

It sounds like an interesting challenge.