[isf-wifidog] 1 Gateway + Authserver for 96 locations?

Matthew Tavenor mtavenor at nlpl.ca
Ven 21 Oct 12:39:46 EDT 2011


Thanks Alex. I think I have a better understanding of what would need to happen for me to pull that off.

Thanks,
Matt

-----Original Message-----
From: wifidog-bounces at listes.ilesansfil.org [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of acv
Sent: Friday, October 21, 2011 12:17 PM
To: WiFiDog Captive Portal
Subject: Re: [isf-wifidog] 1 Gateway + Authserver for 96 locations?

I assume that that libraries route all their traffic to the central point (either directly over leased lines or through a VPN)? If so then there's not networking reason why that might not work.

Internally, WifiDog makes a number of expectations about clients, one of them is that a MAC address is a unique client. You have to make sure that whatever technique you use to bridge the 96 branches to the central gateway(s) will carry the level 2 traffic.

A number of the data structures used inside the Gateway are double-linked lists. This can get expensive to traverse with many clients and things like counter refresh could become issues, this however can be handled by breaking up the 96 libraries over a multitudes of virtual interfaces and setting up a different gateway instance for each interface. A modern x86-64 servers should be able to handle even 96 instances with ease I would think.

My 2 cents,

Alex

On Fri, Oct 21, 2011 at 11:49:04AM -0230, Matthew Tavenor wrote:
> From: Matthew Tavenor <mtavenor at nlpl.ca>
> To: "'WiFiDog Captive Portal'" <wifidog at listes.ilesansfil.org>
> Date: Fri, 21 Oct 2011 11:49:04 -0230
> Subject: Re: [isf-wifidog] 1 Gateway + Authserver for 96 locations?
>
> 96 Locations in 96 Communities.  96 Firewall/routers at each site, 96 Wireless Access Points at each site.  A Firewall rule at each location to send all traffic from each Wireless network to the 1 WifiDog Gateway server for the Captive Portal Page and authentication.  Thus eliminating the need for 96 WiFiDog Gateways.
>
> Not sure if I can explain it much better without drawing up a diagram.
>
> Thanks,
> Matt
>
> -----Original Message-----
> From: wifidog-bounces at listes.ilesansfil.org
> [mailto:wifidog-bounces at listes.ilesansfil.org] On Behalf Of Aaron Z
> Sent: Friday, October 21, 2011 10:23 AM
> To: WiFiDog Captive Portal
> Subject: Re: [isf-wifidog] 1 Gateway + Authserver for 96 locations?
>
> ----- Original Message -----
>
> > From: "Matthew Tavenor" <mtavenor at nlpl.ca>
> > To: "wifidog at listes.ilesansfil.org" <wifidog at listes.ilesansfil.org>
> > Sent: Friday, October 21, 2011 8:15:17 AM
> > Subject: [isf-wifidog] 1 Gateway + Authserver for 96 locations?
> > Here is my Quesiton:
> > ???Is it possible to have 1 Gateway located in the same location as
> > the Authentication server? Can that one Gateway then authenticate
> > all 96 nodes if I forward all data from the Wireless of each site
> > directly to that Gateway????
> So, if I understand it, it will be as it you had 96 wireless access points plugged in behind a single gateway?
> If so, it should work, but there may be significant latency if all traffic goes from the WAP to an offsite Gateway then on to the internet from there.
> I know that on WifiDog 1.1.5 it works to have a "Dumb" WAP plugged into the LAN side of a WRT54GL running as a WAP/Gateway.
>
> What are you hoping to gain from moving your gateway to a central location?
>
> Thanks
>
> Aaron Z
> Jr. Systems Administrator
>
> Pioneer Library System
> 2557 State Rt. 21
> Canandaigua, New York  14424
> Phone: (585) 394-8260
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
>
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
>
> This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.
>
> If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.
>
> If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.
> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog

This communication, including all attachments, is intended solely for the use of the person or persons to whom it is addressed and should be treated as a confidential NLPL document.

If you are not the intended recipient, any use, distribution, printing, or copying of this email is strictly prohibited.

If you received this email in error, please immediately delete it from your system and notify the originator. Your cooperation is appreciated.


Plus d'informations sur la liste de diffusion WiFiDog