New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plan and fit the excellent networking in the new space #598

Closed
paulfurley opened this Issue Nov 2, 2017 · 103 comments

Comments

@paulfurley

paulfurley commented Nov 2, 2017

For those of us that spend most of our time working remotely with others, the quality of our network connection is a high priority for video calling and collaboration.

And an excellent tech community deserves an excellent internet connection!

It was clear from pub discussion that I have some strong opinions on what that means!

Here are my suggestions:

Encourage wired internet

Naturally some devices need to connect via WiFi, but the performance of WiFi degrades exponentially with the number of clients. So it's better for everyone if we encourage wired connections for those devices which support it.

Practically, we should:

  • aim to get ethernet to every desk
  • help people understand why it's good for everyone to use that
  • recommend a USB ethernet dongle thing for fat-free laptop users

Have a good uplink & download speed

Of course, we need a good internet speed both ways, and we should be sure we're getting what we think we're getting.

Not sure what performance we actually need, but for reference a single device doing HD video will use ~3.5Mbps.

Have (at least 1) static IPv4 address

We're going to be doing our own NAT (sadly) and we shouldn't have any more NAT boxes upstream of us. This means we can manage our own port forwarding and run servers and stuff inside DoES.

Also, NAT is evil, so...

Have IPv6

The UK is embarrassingly behind most of the world on IPv6.

Since DoES is clearly the most interesting tech scene in the city which will apparently soon have world-class connectivity, we should be blazing the trail here. (I've had IPv6 at home for a few years now...)

No captive portals, ever!

Captive portals are those awful things which pop up and break your internet connection while you wait for a pointless 'Connect now' button to appear.

They complicate getting things online - particularly internet-of-things things - and they serve absolutely no purpose.

We can measure and monitor performance

From my experience it's actually really complicated diagnosing why a video call doesn't work well. It's really helpful if you've got some data to look back on.

I'm happy to volunteer on this one - we should be a bit pre-emptive about measuring and monitoring our connection and our WiFi clients, channels and throughput so that when we do have problems we can identify whether it's the router, too many clients, unreliable provider, whatever.

We could try out a city-wide network name

This is bit off the wall and it's harking back to the MerseyNet idea from a few years ago.

Wouldn't it be lovely if we and other places in the city used the same network name (SSID), so you could just roam freely between places?

@amcewen's suggestion is still my fave:
network name: ourwifi
password ourwifi

Please pitch in and let's work out what we want!

@zarino

This comment has been minimized.

Show comment
Hide comment
@zarino

zarino Nov 3, 2017

Member

Good start! Maybe also:

Work out the optimum router placement / configuration for good wifi coverage

How many routers, which models, in which positions? Do we have one SSID for maximum ease of use, or multiple SSIDs (á la DoESLiverpool/DoESDinky), so we can force devices onto the strongest network in their area of the building?

Good internet as a selling point for the events / meeting rooms

If we want to encourage repeat customers for the event spaces and meeting rooms, ensuring we have wifi that is easy to connect to, and can support business activities like video calls, will put us ahead of the competition, and could result in more repeat bookings. (I know my organisation is pretty ruthless with finding a new meeting space if the previous one had poor wifi.)

Member

zarino commented Nov 3, 2017

Good start! Maybe also:

Work out the optimum router placement / configuration for good wifi coverage

How many routers, which models, in which positions? Do we have one SSID for maximum ease of use, or multiple SSIDs (á la DoESLiverpool/DoESDinky), so we can force devices onto the strongest network in their area of the building?

Good internet as a selling point for the events / meeting rooms

If we want to encourage repeat customers for the event spaces and meeting rooms, ensuring we have wifi that is easy to connect to, and can support business activities like video calls, will put us ahead of the competition, and could result in more repeat bookings. (I know my organisation is pretty ruthless with finding a new meeting space if the previous one had poor wifi.)

@johnmckerrell

This comment has been minimized.

Show comment
Hide comment
@johnmckerrell

johnmckerrell Nov 6, 2017

Member

Thought I should add that we have a specific requirement to have wired networking in the events room, the meeting room and the soundproof room. This should be met by "Encourage wired internet" but needs to be listed specifically on the off chance we change our minds on that.

Member

johnmckerrell commented Nov 6, 2017

Thought I should add that we have a specific requirement to have wired networking in the events room, the meeting room and the soundproof room. This should be met by "Encourage wired internet" but needs to be listed specifically on the off chance we change our minds on that.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 6, 2017

In regards to measuring connectivity issues... has anyone come across Wireshark at all? I've used to capture locally between my laptop and my WiFi, but I'm no expert when it comes to analysing the data afterwards though but it would give some obvious clues to look into and work issues out. It goes without saying that it would need to be configured to capture specific test computer/connections because it's hacker level stuff.

Although I don't work in IT, I am CompTIA certified A+ and Network+ (not quite cisco level though, but very broad nonetheless). So if I can be of any help just give me a shout. I'd be quite happy to help wire up unless it'll be outsourced.

ghost commented Nov 6, 2017

In regards to measuring connectivity issues... has anyone come across Wireshark at all? I've used to capture locally between my laptop and my WiFi, but I'm no expert when it comes to analysing the data afterwards though but it would give some obvious clues to look into and work issues out. It goes without saying that it would need to be configured to capture specific test computer/connections because it's hacker level stuff.

Although I don't work in IT, I am CompTIA certified A+ and Network+ (not quite cisco level though, but very broad nonetheless). So if I can be of any help just give me a shout. I'd be quite happy to help wire up unless it'll be outsourced.

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

@de14n - I believe Wireshark comes in handy when troubleshooting networking issues at protocol level. I don't think it is very useful if the problems are caused by speed or latency (or lack off) - as suggested in the original post.

@paulfurley - re: Measure and monitor Performance - I have looked into this for some clients, and there doesn't seem to be an easy answer. To truly have a useful tool, one would need a tool which records and stores traffic flow and content characteristics over time, with high frequency, and high granularity - including all protocols used at a particular point in time, origin IP addresses, destination IP addresses, and size/number of packets for each one of these aspects. This is a large amount of data, and requires quite a bit of processing power. However, I am still on the look-out for a tool which would do the above efficiently - maybe there is one out there :-)

xj25vm commented Nov 7, 2017

@de14n - I believe Wireshark comes in handy when troubleshooting networking issues at protocol level. I don't think it is very useful if the problems are caused by speed or latency (or lack off) - as suggested in the original post.

@paulfurley - re: Measure and monitor Performance - I have looked into this for some clients, and there doesn't seem to be an easy answer. To truly have a useful tool, one would need a tool which records and stores traffic flow and content characteristics over time, with high frequency, and high granularity - including all protocols used at a particular point in time, origin IP addresses, destination IP addresses, and size/number of packets for each one of these aspects. This is a large amount of data, and requires quite a bit of processing power. However, I am still on the look-out for a tool which would do the above efficiently - maybe there is one out there :-)

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

re: Have a good upload and download link - what type of connection and speed will be available at the new premises (and within budget)? FTTC, FTTP, microwave?

xj25vm commented Nov 7, 2017

re: Have a good upload and download link - what type of connection and speed will be available at the new premises (and within budget)? FTTC, FTTP, microwave?

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

You can do things with Wireshark but imho it is a pain to get anywhere with it.

A standard install will give you wireless packets for your device with the interesting radio fields stripped off. Depending on the wireless adapter hardware you have and what its drivers support you may be able to put it into a promiscuous mode (so you can see all the packets flying over the air) and get the additional radio information out.

I've done this and whilst I'm relatively au fair with Wireshark (I've written 802.15.4 plugins to decode a proprietary mesh protocol received through a serial gateway->local pipe->wireshark) I still found it fairly incomprehensible to try to work out what was going on.

e.g. https://wiki.wireshark.org/CaptureSetup/WLAN

However there are some decent tools out there I think. I can't recall names off the top of my head but wireless coverage / hand off and so forth is quite an active area so we should be able to dig up something simpler to use than wireshark

For example I've got this thing on my laptop which gives quite a nice overview of the channels the networks around me are sitting on

image

Contributor

ajlennon commented Nov 7, 2017

You can do things with Wireshark but imho it is a pain to get anywhere with it.

A standard install will give you wireless packets for your device with the interesting radio fields stripped off. Depending on the wireless adapter hardware you have and what its drivers support you may be able to put it into a promiscuous mode (so you can see all the packets flying over the air) and get the additional radio information out.

I've done this and whilst I'm relatively au fair with Wireshark (I've written 802.15.4 plugins to decode a proprietary mesh protocol received through a serial gateway->local pipe->wireshark) I still found it fairly incomprehensible to try to work out what was going on.

e.g. https://wiki.wireshark.org/CaptureSetup/WLAN

However there are some decent tools out there I think. I can't recall names off the top of my head but wireless coverage / hand off and so forth is quite an active area so we should be able to dig up something simpler to use than wireshark

For example I've got this thing on my laptop which gives quite a nice overview of the channels the networks around me are sitting on

image

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

@ajlennon - I was thinking more along the lines of monitoring network traffic - a software on the gateway, which looks at all incoming and outgoing traffic and stores metadata about it for later analysis - such as which protocols are used, how much bandwidth various applications use, when are the busy times of the day etc.

There are various tools for analysing wifi networks as well - but I found that, in general, once the wifi setup is working properly, there doesn't seem to be much need to monitor that side of things.

xj25vm commented Nov 7, 2017

@ajlennon - I was thinking more along the lines of monitoring network traffic - a software on the gateway, which looks at all incoming and outgoing traffic and stores metadata about it for later analysis - such as which protocols are used, how much bandwidth various applications use, when are the busy times of the day etc.

There are various tools for analysing wifi networks as well - but I found that, in general, once the wifi setup is working properly, there doesn't seem to be much need to monitor that side of things.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

So kind of like what the NSA does with the Utah data centre? [Edit: *officially]

Contributor

ajlennon commented Nov 7, 2017

So kind of like what the NSA does with the Utah data centre? [Edit: *officially]

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

Err - no - not really. They (presumably) collect actual data. For the purposes of managing a network, it is metadata that is mostly needed. Speed, latency, which applications or type of traffic use bandwidth and when. Although, I accept that there could be some privacy issues involved even when collecting metadata.

xj25vm commented Nov 7, 2017

Err - no - not really. They (presumably) collect actual data. For the purposes of managing a network, it is metadata that is mostly needed. Speed, latency, which applications or type of traffic use bandwidth and when. Although, I accept that there could be some privacy issues involved even when collecting metadata.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

Surely meta-data is data? (There's quite a big discussion about this as relates to privacy...)

Contributor

ajlennon commented Nov 7, 2017

Surely meta-data is data? (There's quite a big discussion about this as relates to privacy...)

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

Interesting piece here -

https://opendatasecurity.io/what-is-metadata-and-what-does-it-reveal/

Stallman is as good as ever on surveillance here -

https://www.wired.com/2013/10/a-necessary-evil-what-it-takes-for-democracy-to-survive-surveillance/

I'd be pretty unhappy to be surveilled in this way myself.

Contributor

ajlennon commented Nov 7, 2017

Interesting piece here -

https://opendatasecurity.io/what-is-metadata-and-what-does-it-reveal/

Stallman is as good as ever on surveillance here -

https://www.wired.com/2013/10/a-necessary-evil-what-it-takes-for-democracy-to-survive-surveillance/

I'd be pretty unhappy to be surveilled in this way myself.

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

Sorry - I just realised Github is only displaying my username - instead of the full name.

@ajlennon - yes, there could be some privacy issues involved there. I suppose the alternative is only to look at the traffic flow characteristics in real time if and when there are connectivity issues - in order to solve those specific problems - and not store anything. One way or another, some level of access to the network data is needed if connectivity issues are to be solved, no?

Sebastian

xj25vm commented Nov 7, 2017

Sorry - I just realised Github is only displaying my username - instead of the full name.

@ajlennon - yes, there could be some privacy issues involved there. I suppose the alternative is only to look at the traffic flow characteristics in real time if and when there are connectivity issues - in order to solve those specific problems - and not store anything. One way or another, some level of access to the network data is needed if connectivity issues are to be solved, no?

Sebastian

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

@DoESsean @amcewen @paulfurley et al can we add an agenda item to any relevant upcoming meeting to come up with a statement of principle from DoES on how privacy is to be interpreted in terms of DoES users' communications (including that DoES presumably has some legal responsibilities on this nowdays?)

Contributor

ajlennon commented Nov 7, 2017

@DoESsean @amcewen @paulfurley et al can we add an agenda item to any relevant upcoming meeting to come up with a statement of principle from DoES on how privacy is to be interpreted in terms of DoES users' communications (including that DoES presumably has some legal responsibilities on this nowdays?)

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

One way or another, some level of access to the network data is needed if connectivity issues are to be solved, no?

I don't see that as required. no. Signal tests / IP connectivity tests can be carried out in isolation from users' usage I would have expected, or in the very worst case on a client-side opt-in basis

Contributor

ajlennon commented Nov 7, 2017

One way or another, some level of access to the network data is needed if connectivity issues are to be solved, no?

I don't see that as required. no. Signal tests / IP connectivity tests can be carried out in isolation from users' usage I would have expected, or in the very worst case on a client-side opt-in basis

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

I was thinking of the specific case in which some users might complain that they have problems with their specific application - such as video conferencing for example. Without being able to look at the outgoing/incoming traffic for the whole site, work out which applications or protocols use the bandwidth and how - and then work on a solution involving QoS or some reconfiguration of existing network clients. This is just one example. I'm not sure how else would this be approached, if there is no access to some form of network statistics?

Sebastian Arcus

xj25vm commented Nov 7, 2017

I was thinking of the specific case in which some users might complain that they have problems with their specific application - such as video conferencing for example. Without being able to look at the outgoing/incoming traffic for the whole site, work out which applications or protocols use the bandwidth and how - and then work on a solution involving QoS or some reconfiguration of existing network clients. This is just one example. I'm not sure how else would this be approached, if there is no access to some form of network statistics?

Sebastian Arcus

@zarino

This comment has been minimized.

Show comment
Hide comment
@zarino

zarino Nov 7, 2017

Member

@DoESsean @amcewen @paulfurley et al can we add an agenda item to any relevant upcoming meeting to come up with a statement of principle from DoES on how privacy is to be interpreted in terms of DoES users' communications (including that DoES presumably has some legal responsibilities on this nowdays?)

@ajlennon Maybe you should create a new issue? That way, at the very least, it’ll get picked up in the "let’s go through the issue tracker!" segment of Community Meetings.

Member

zarino commented Nov 7, 2017

@DoESsean @amcewen @paulfurley et al can we add an agenda item to any relevant upcoming meeting to come up with a statement of principle from DoES on how privacy is to be interpreted in terms of DoES users' communications (including that DoES presumably has some legal responsibilities on this nowdays?)

@ajlennon Maybe you should create a new issue? That way, at the very least, it’ll get picked up in the "let’s go through the issue tracker!" segment of Community Meetings.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

@zarino I was trying not to proliferate issues. Maybe I can find the meeting notes from the last meeting and add it there as we seem to go through those the next time around. What's best practise @DoESsean ?

@xj25vm I'm sure there are lots of edge cases for problems we haven't encountered yet. My own personal opinion is strongly that espoused by Stallman above. Any data collected will be misused (incuding what is termed 'meta-data') and thus data should not be collected unless absolutely necessary. Where determined to be absolutely necessary that collection should be done transparently giving individuals an opt-out

Contributor

ajlennon commented Nov 7, 2017

@zarino I was trying not to proliferate issues. Maybe I can find the meeting notes from the last meeting and add it there as we seem to go through those the next time around. What's best practise @DoESsean ?

@xj25vm I'm sure there are lots of edge cases for problems we haven't encountered yet. My own personal opinion is strongly that espoused by Stallman above. Any data collected will be misused (incuding what is termed 'meta-data') and thus data should not be collected unless absolutely necessary. Where determined to be absolutely necessary that collection should be done transparently giving individuals an opt-out

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 7, 2017

@ajlennon

I agree that Wireshark might be overkill, it is a beast. I was just looking up on what level of the OSI model it can work on, and it seems it can do up to level 2, leaving level 1, the physcial level left for interpretation. In which case you're looking at expert level RF analysing with a VNA or something insane like that.

Or we can just use the same kind of software you have pictured up there showing the strength of signals and their channels. You can get these type of software on mobiles too, might make it easier to scope the area for signal issues.

But if we're getting wired network then video conferencing should be fine. Wifi for mobiles and tablets.

ghost commented Nov 7, 2017

@ajlennon

I agree that Wireshark might be overkill, it is a beast. I was just looking up on what level of the OSI model it can work on, and it seems it can do up to level 2, leaving level 1, the physcial level left for interpretation. In which case you're looking at expert level RF analysing with a VNA or something insane like that.

Or we can just use the same kind of software you have pictured up there showing the strength of signals and their channels. You can get these type of software on mobiles too, might make it easier to scope the area for signal issues.

But if we're getting wired network then video conferencing should be fine. Wifi for mobiles and tablets.

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

@ajlennon - agreed with the idea of as little data collection as possible. Maybe even take the approach of designing the system as well as possible, and re-discuss ways of dealing with things if problems arise.

I was thinking that maybe QoS should be added to the original list of things to consider. VoIP and video conferencing depend on low latency - other protocols less so.

Also, maybe security should have its own little heading? Will there be devices internally on the network which will require more protection (as opposed to people bringing their own laptops in and taking care of their own firewalling etc.)? Or will the network be made up purely of client workstations - and everyone is responsible for their own?

Sebastian

xj25vm commented Nov 7, 2017

@ajlennon - agreed with the idea of as little data collection as possible. Maybe even take the approach of designing the system as well as possible, and re-discuss ways of dealing with things if problems arise.

I was thinking that maybe QoS should be added to the original list of things to consider. VoIP and video conferencing depend on low latency - other protocols less so.

Also, maybe security should have its own little heading? Will there be devices internally on the network which will require more protection (as opposed to people bringing their own laptops in and taking care of their own firewalling etc.)? Or will the network be made up purely of client workstations - and everyone is responsible for their own?

Sebastian

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

@xj25vm I do agree re: QoS / and security is a big thing from a number of viewpoints.

We've seen what happened to the NHS recently when hit by WannaCry and I was half expecting to come in around then and find my systems on the WiFi had been encrypted so there's a huge potential risk there in future. Given we're all on the same network segment more or less we're all pretty exposed to whoever walks in off the street which is a concern.

Similarly I have ongoing issues with Skype which probably relate to some routing setting somewhere or other and which would be nice to get to the bottom of one day...

Contributor

ajlennon commented Nov 7, 2017

@xj25vm I do agree re: QoS / and security is a big thing from a number of viewpoints.

We've seen what happened to the NHS recently when hit by WannaCry and I was half expecting to come in around then and find my systems on the WiFi had been encrypted so there's a huge potential risk there in future. Given we're all on the same network segment more or less we're all pretty exposed to whoever walks in off the street which is a concern.

Similarly I have ongoing issues with Skype which probably relate to some routing setting somewhere or other and which would be nice to get to the bottom of one day...

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 7, 2017

@ajlennon - talking about security, some thinking might need to go into how accessible the wifi will be to guests, outsiders, visitors, attendees etc. Maybe even create a separate SSID on a separate VLAN for DoES'ers - on a slightly more secure network, and a separate one for visitors - to add some security layering and separation.

xj25vm commented Nov 7, 2017

@ajlennon - talking about security, some thinking might need to go into how accessible the wifi will be to guests, outsiders, visitors, attendees etc. Maybe even create a separate SSID on a separate VLAN for DoES'ers - on a slightly more secure network, and a separate one for visitors - to add some security layering and separation.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Nov 7, 2017

Contributor

+1 for a guest network definitely!

Contributor

ajlennon commented Nov 7, 2017

+1 for a guest network definitely!

@paulfurley

This comment has been minimized.

Show comment
Hide comment
@paulfurley

paulfurley Nov 9, 2017

OK I've tried to summarise that into what appears to be 3 new principles:

Protect privacy by collecting as little data as possible

Any data collected will be misused (including what is termed 'meta-data') and thus data should not be collected unless absolutely necessary. Where determined to be absolutely necessary that collection should be done transparently giving individuals an opt-out

Prioritise voice and video

VoIP and video conferencing depend on low latency - other protocols less so. We should consider implementing Quality of Service (QoS) to prioritise that traffic over low sensitivity traffic.

Provide security through network segregation

If we're all on the same network segment more or less we're all pretty exposed to whoever walks in off the street.

We could provide a separate SSID on a separate VLAN for DoES'ers (or equivalent config for wired) - on a slightly more secure network, and a separate one for visitors - to add some security layering and separation.

We should do this in a way which makes visitors feel completely included and not some 'other'.

paulfurley commented Nov 9, 2017

OK I've tried to summarise that into what appears to be 3 new principles:

Protect privacy by collecting as little data as possible

Any data collected will be misused (including what is termed 'meta-data') and thus data should not be collected unless absolutely necessary. Where determined to be absolutely necessary that collection should be done transparently giving individuals an opt-out

Prioritise voice and video

VoIP and video conferencing depend on low latency - other protocols less so. We should consider implementing Quality of Service (QoS) to prioritise that traffic over low sensitivity traffic.

Provide security through network segregation

If we're all on the same network segment more or less we're all pretty exposed to whoever walks in off the street.

We could provide a separate SSID on a separate VLAN for DoES'ers (or equivalent config for wired) - on a slightly more secure network, and a separate one for visitors - to add some security layering and separation.

We should do this in a way which makes visitors feel completely included and not some 'other'.

@xj25vm

This comment has been minimized.

Show comment
Hide comment
@xj25vm

xj25vm Nov 9, 2017

From a security point of view, it really depends on what else is/will be connected to the DoES network. If we are talking just about people using their own laptops, having only one SSID/network would mean you are no worse off than being connected to any hotel or café wifi. But if there are any internal file sharing services involved (not p2p, the 'old fashioned' smb/nfs type), or IoT devices - or anything else that might not have its own full firewall - then the case for a separate network makes sense.

Sebastian

xj25vm commented Nov 9, 2017

From a security point of view, it really depends on what else is/will be connected to the DoES network. If we are talking just about people using their own laptops, having only one SSID/network would mean you are no worse off than being connected to any hotel or café wifi. But if there are any internal file sharing services involved (not p2p, the 'old fashioned' smb/nfs type), or IoT devices - or anything else that might not have its own full firewall - then the case for a separate network makes sense.

Sebastian

@amcewen

This comment has been minimized.

Show comment
Hide comment
@amcewen

amcewen Nov 9, 2017

Member

How many times does someone have to visit before they stop being a "visitor"? (This is all excellent to watch going , I'm just throwing in the fact that there's less of a hard distinction between visitor and not-visitor in the DoES community :-)

Member

amcewen commented Nov 9, 2017

How many times does someone have to visit before they stop being a "visitor"? (This is all excellent to watch going , I'm just throwing in the fact that there's less of a hard distinction between visitor and not-visitor in the DoES community :-)

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Mar 31, 2018

A thing of note is the HP ProCurve 2510-24 seems to only support 1000Mbps on 2 ports so I'm not sure how useful this switch is.

skos-ninja commented Mar 31, 2018

A thing of note is the HP ProCurve 2510-24 seems to only support 1000Mbps on 2 ports so I'm not sure how useful this switch is.

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 2, 2018

Just to note it down here.

The three unifi ap's that had arrived have been setup and are ready to be plugged in via PoE injectors for now.
Also we now have a raspberry pi setup running the UniFi controller software on https://192.168.1.2:8443 that is in the cabinet, do note that this pi is set to a static ip of 192.168.1.2 which the ap's are expecting for the controller software. This pi can be moved and plugged in else where if need be and is not required for the ap's to be working.

@johnmckerrell has ordered the other pieces of equipment and we hope it should arrive early this week. I'm happy to come by after work one day once it has arrived to help set this up too.

The login details for the UniFi software and the pi are currently on my laptop, if an organizer would like the details please contact me and I can forward them to you.

skos-ninja commented Apr 2, 2018

Just to note it down here.

The three unifi ap's that had arrived have been setup and are ready to be plugged in via PoE injectors for now.
Also we now have a raspberry pi setup running the UniFi controller software on https://192.168.1.2:8443 that is in the cabinet, do note that this pi is set to a static ip of 192.168.1.2 which the ap's are expecting for the controller software. This pi can be moved and plugged in else where if need be and is not required for the ap's to be working.

@johnmckerrell has ordered the other pieces of equipment and we hope it should arrive early this week. I'm happy to come by after work one day once it has arrived to help set this up too.

The login details for the UniFi software and the pi are currently on my laptop, if an organizer would like the details please contact me and I can forward them to you.

@Thingomy

This comment has been minimized.

Show comment
Hide comment
@Thingomy

Thingomy Apr 2, 2018

Current state of play is, wifi is up, and the 4 network points in event space are live, but most of it is still on 100Mb due to issues with the switch. All of this is somewhat temporary as things are still a bit up in the air.

Wifi coverage seems excelent from a brief walk around.

Thingomy commented Apr 2, 2018

Current state of play is, wifi is up, and the 4 network points in event space are live, but most of it is still on 100Mb due to issues with the switch. All of this is somewhat temporary as things are still a bit up in the air.

Wifi coverage seems excelent from a brief walk around.

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 5, 2018

One thing I have noticed is that the router @mattwilsondotuk has provided is doing DHCP but is locked to balticbroadband which means we can't do static ips right now as we are unable to reserve the addresses. Is there a way around this?

skos-ninja commented Apr 5, 2018

One thing I have noticed is that the router @mattwilsondotuk has provided is doing DHCP but is locked to balticbroadband which means we can't do static ips right now as we are unable to reserve the addresses. Is there a way around this?

@Thingomy

This comment has been minimized.

Show comment
Hide comment
@Thingomy

Thingomy Apr 6, 2018

Last night all of the remaining network lines were put in bundles and fed up into the networking cupboard ready to be terminated by @magman2112 . Room side termination was done on the pillar in the middle of the main space.

Thingomy commented Apr 6, 2018

Last night all of the remaining network lines were put in bundles and fed up into the networking cupboard ready to be terminated by @magman2112 . Room side termination was done on the pillar in the middle of the main space.

@DoESLiverpool DoESLiverpool deleted a comment from Thingomy Apr 6, 2018

@magman2112

This comment has been minimized.

Show comment
Hide comment
@magman2112

magman2112 Apr 8, 2018

The current state of play for the network wiring is that all of the accessible wall plates and sockets have now been installed and terminated (thanks to JR for his great efforts on this). The remaining terminations are:

  • two floor boxes which are currently buried under flooring or furniture
  • two wall mounted boxes between the front windows
  • One socket high on the meeting room wall
  • the connections in the quiet room, as the termination point has not been decided upon yet.

We need 4 more wall plates to complete this fit out, 1 metal clad and 3 plastic. I will order these later today.

In the wiring closet, 16 of the cables have been terminated so far. This covers all of the wi-fi and doorbot sockets and all of the sockets in the Events room. There is currently only one LAN connection patched through to the Events room, but more can be patched if required for Monday’s event. @johnmckerrell has ordered the patch panel we need to complete the termination in the wiring closet, this should be with us in the next few days, then we can look to complete the termination for all of the cables, ideally within the next week.

Wi-Fi is up and appears To be working well. I suspect some tuning is required though, as two of the devices appear to be using the same channel and @mattwilsondotuk has suggested that the nodes be set to a lower power mode.

There have been some discussions about LAN switches recently, we may need to discuss this further, especially deciding how many LAN ports that actually need to be patched in the space, along with whether VLAN’s are needed to separate co-workers from other potentially disruptive LAN traffic from the maker space, etc.

The only other aspect to completing this wiring is documentation. As much as possible, we are aiming to make the patching self documenting, by using logical naming and labelling standards. We will still need to generate some documentation, ideally electronically (especially for wiring runs, etc.). I asked @amcewen about drawing files for The Tapestry, as these would seem the most logical starting point for a wiring diagram. I will also build a spreadsheet for all of the wiring points to allow recording of usage as required.

magman2112 commented Apr 8, 2018

The current state of play for the network wiring is that all of the accessible wall plates and sockets have now been installed and terminated (thanks to JR for his great efforts on this). The remaining terminations are:

  • two floor boxes which are currently buried under flooring or furniture
  • two wall mounted boxes between the front windows
  • One socket high on the meeting room wall
  • the connections in the quiet room, as the termination point has not been decided upon yet.

We need 4 more wall plates to complete this fit out, 1 metal clad and 3 plastic. I will order these later today.

In the wiring closet, 16 of the cables have been terminated so far. This covers all of the wi-fi and doorbot sockets and all of the sockets in the Events room. There is currently only one LAN connection patched through to the Events room, but more can be patched if required for Monday’s event. @johnmckerrell has ordered the patch panel we need to complete the termination in the wiring closet, this should be with us in the next few days, then we can look to complete the termination for all of the cables, ideally within the next week.

Wi-Fi is up and appears To be working well. I suspect some tuning is required though, as two of the devices appear to be using the same channel and @mattwilsondotuk has suggested that the nodes be set to a lower power mode.

There have been some discussions about LAN switches recently, we may need to discuss this further, especially deciding how many LAN ports that actually need to be patched in the space, along with whether VLAN’s are needed to separate co-workers from other potentially disruptive LAN traffic from the maker space, etc.

The only other aspect to completing this wiring is documentation. As much as possible, we are aiming to make the patching self documenting, by using logical naming and labelling standards. We will still need to generate some documentation, ideally electronically (especially for wiring runs, etc.). I asked @amcewen about drawing files for The Tapestry, as these would seem the most logical starting point for a wiring diagram. I will also build a spreadsheet for all of the wiring points to allow recording of usage as required.

@amcewen

This comment has been minimized.

Show comment
Hide comment
@amcewen

amcewen Apr 9, 2018

Member

I've just dug out the SVG that I was talking about @magman2112, only to realise that it was before all of our fit-out, and so doesn't have any of the internal walls in it.

@zarino, maybe you could put the one you prepped somewhere-safe?

Member

amcewen commented Apr 9, 2018

I've just dug out the SVG that I was talking about @magman2112, only to realise that it was before all of our fit-out, and so doesn't have any of the internal walls in it.

@zarino, maybe you could put the one you prepped somewhere-safe?

@zarino

This comment has been minimized.

Show comment
Hide comment
@johnmckerrell

This comment has been minimized.

Show comment
Hide comment
@johnmckerrell

johnmckerrell Apr 9, 2018

Member

@magman2112 FYI the patch panel has arrived.

Member

johnmckerrell commented Apr 9, 2018

@magman2112 FYI the patch panel has arrived.

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 23, 2018

At the end of play today I have now installed our Unifi Security Gateway.

The network is now setup to run on the 10.0.0.0/8 subnet.
All of the networking gear is given static ip's in 10.0.0.0/24.
Currently anything given DHCP address is given an ip in 10.0.29.0/24.

Again I still have the details for how to login which an organiser will need to grab off of me.

If a local static IP is needed then someone with access to the unifi dashboard will be able to give them one.

I had a chat with @mattwilsondotuk about the network tonight in which we both agreed that DoES being given a static IPv4 and possibly a range for IPv6 would be our best bet as currently the network is getting triple NAT'd which isn't great. Matt has said it will come in the future and he will email DoES when he's ready to switch to a static IP.

Once we have a range for IPv6 we should allow people to request an IP with ports forwarded if they want for any little IoT device that they would like to access from the external network.

skos-ninja commented Apr 23, 2018

At the end of play today I have now installed our Unifi Security Gateway.

The network is now setup to run on the 10.0.0.0/8 subnet.
All of the networking gear is given static ip's in 10.0.0.0/24.
Currently anything given DHCP address is given an ip in 10.0.29.0/24.

Again I still have the details for how to login which an organiser will need to grab off of me.

If a local static IP is needed then someone with access to the unifi dashboard will be able to give them one.

I had a chat with @mattwilsondotuk about the network tonight in which we both agreed that DoES being given a static IPv4 and possibly a range for IPv6 would be our best bet as currently the network is getting triple NAT'd which isn't great. Matt has said it will come in the future and he will email DoES when he's ready to switch to a static IP.

Once we have a range for IPv6 we should allow people to request an IP with ports forwarded if they want for any little IoT device that they would like to access from the external network.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 23, 2018

Contributor

Fantastic news! Very keen that before any ports might be forwarded internally we have a collective chat about VLANs, security and such?

Contributor

ajlennon commented Apr 23, 2018

Fantastic news! Very keen that before any ports might be forwarded internally we have a collective chat about VLANs, security and such?

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 24, 2018

Yeah a security talk will need to happen before any port forwarding is done and even then it might be worth looking at separating the network more as currently everything is just sat on the same VLAN with no security around it which doesn't seem ideal.

Another thing that was mentioned by Julian yesterday was if we could give people a page in which they could find all devices on the network and their IP. I'm not sure how we would want to do this at the moment but seems like a good idea for all the Pi's!

skos-ninja commented Apr 24, 2018

Yeah a security talk will need to happen before any port forwarding is done and even then it might be worth looking at separating the network more as currently everything is just sat on the same VLAN with no security around it which doesn't seem ideal.

Another thing that was mentioned by Julian yesterday was if we could give people a page in which they could find all devices on the network and their IP. I'm not sure how we would want to do this at the moment but seems like a good idea for all the Pi's!

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 24, 2018

Contributor

"Julian yesterday was if we could give people a page in which they could find all devices on the network and their IP. I'm not sure how we would want to do this at the moment but seems like a good idea for all the Pi's!"

Absolutely. If we could do something around Bonjour/Zeroconf discovery and make that easily available to people I think that would be neat.

Contributor

ajlennon commented Apr 24, 2018

"Julian yesterday was if we could give people a page in which they could find all devices on the network and their IP. I'm not sure how we would want to do this at the moment but seems like a good idea for all the Pi's!"

Absolutely. If we could do something around Bonjour/Zeroconf discovery and make that easily available to people I think that would be neat.

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 24, 2018

Well with the joys of UniFi is that their dashboard already has this information available so we can just query this API to get most of the information required.

skos-ninja commented Apr 24, 2018

Well with the joys of UniFi is that their dashboard already has this information available so we can just query this API to get most of the information required.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 24, 2018

Contributor

Awesome!

Contributor

ajlennon commented Apr 24, 2018

Awesome!

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 24, 2018

I also wonder if it's worth designing a mount for our router, pi and baltic broadband's router to fit in a 1U as currently they aren't secured very well as they're just sat on top of one of the switches and it would tidy up the cabinet a bit.

skos-ninja commented Apr 24, 2018

I also wonder if it's worth designing a mount for our router, pi and baltic broadband's router to fit in a 1U as currently they aren't secured very well as they're just sat on top of one of the switches and it would tidy up the cabinet a bit.

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 24, 2018

Contributor

This is on my todo list as well @skos-ninja. If you want to get together to chat about how we mount RPis in cabinets I would be v. keen to do so. I have a plan for some automated testing....

Contributor

ajlennon commented Apr 24, 2018

This is on my todo list as well @skos-ninja. If you want to get together to chat about how we mount RPis in cabinets I would be v. keen to do so. I have a plan for some automated testing....

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 24, 2018

Contributor

This looks interesting. Quite simple to print

https://www.thingiverse.com/thing:177705

Fits on a 19in tray apparently?

http://www.ebay.co.uk/bhp/19-inch-rack-shelf

Contributor

ajlennon commented Apr 24, 2018

This looks interesting. Quite simple to print

https://www.thingiverse.com/thing:177705

Fits on a 19in tray apparently?

http://www.ebay.co.uk/bhp/19-inch-rack-shelf

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 24, 2018

Yeah that does look good.

I'm around Thursday evening to help @johnmckerrell with some doorbot setup and want to sort out #616 so you should see me hanging around the cupboard then.

skos-ninja commented Apr 24, 2018

Yeah that does look good.

I'm around Thursday evening to help @johnmckerrell with some doorbot setup and want to sort out #616 so you should see me hanging around the cupboard then.

@johnmckerrell

This comment has been minimized.

Show comment
Hide comment
@johnmckerrell

johnmckerrell Apr 25, 2018

Member

This cupboard is an important bit of DoES infrastructure and shouldn't be considered fair game by all and sundry to start piling hardware into without having a conversation first about what you want to put in here. (Obviously @skos-ninja designing something to better host the various infrastructure hardware is a great idea)

Member

johnmckerrell commented Apr 25, 2018

This cupboard is an important bit of DoES infrastructure and shouldn't be considered fair game by all and sundry to start piling hardware into without having a conversation first about what you want to put in here. (Obviously @skos-ninja designing something to better host the various infrastructure hardware is a great idea)

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Apr 25, 2018

Contributor

For myself, I have no intention of putting anything in the cupboard. My kit will be going elsewhere.

However commonality of mounting between @skos-ninja and what I am doing is helpful to us both.

Contributor

ajlennon commented Apr 25, 2018

For myself, I have no intention of putting anything in the cupboard. My kit will be going elsewhere.

However commonality of mounting between @skos-ninja and what I am doing is helpful to us both.

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Apr 25, 2018

I have got @johnmckerrell to order http://cpc.farnell.com/pulse/rksu-1u/rack-shelf-universal-1u/dp/DP32725 for us to mount the networking gear on. We hope it will arrive by tomorrow for Maker night however they make no guarantees ☹️

skos-ninja commented Apr 25, 2018

I have got @johnmckerrell to order http://cpc.farnell.com/pulse/rksu-1u/rack-shelf-universal-1u/dp/DP32725 for us to mount the networking gear on. We hope it will arrive by tomorrow for Maker night however they make no guarantees ☹️

@ajlennon

This comment has been minimized.

Show comment
Hide comment
@ajlennon

ajlennon Jun 10, 2018

Contributor

I've been having a clearout in the garage and found a PoE switch. Presumably this would be useful in the networking cupboard @magman2112 @skos-ninja ?

poe box

Contributor

ajlennon commented Jun 10, 2018

I've been having a clearout in the garage and found a PoE switch. Presumably this would be useful in the networking cupboard @magman2112 @skos-ninja ?

poe box

@skos-ninja

This comment has been minimized.

Show comment
Hide comment
@skos-ninja

skos-ninja Jun 22, 2018

So during Maker Night last night me and @paulgeering made the mounting holes for the baltic broadband router (Edgerouter Lite), our UniFi Security Gateway and the Pi (Unifi Controller).

This is now all mounted up and looks better and makes organising much easier now.

skos-ninja commented Jun 22, 2018

So during Maker Night last night me and @paulgeering made the mounting holes for the baltic broadband router (Edgerouter Lite), our UniFi Security Gateway and the Pi (Unifi Controller).

This is now all mounted up and looks better and makes organising much easier now.

@johnmckerrell

This comment has been minimized.

Show comment
Hide comment
@johnmckerrell

johnmckerrell Aug 2, 2018

Member

I think we can close this issue now, we've met the most important aims in @paulfurley 's origin comment, probably any further issues should be spun out as new issues. The main thing that's outstanding is the static IP but this is somewhat out of our hands.

Member

johnmckerrell commented Aug 2, 2018

I think we can close this issue now, we've met the most important aims in @paulfurley 's origin comment, probably any further issues should be spun out as new issues. The main thing that's outstanding is the static IP but this is somewhat out of our hands.

@johnmckerrell johnmckerrell moved this from In progress to Done in Fit out The Tapestry Aug 9, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment