2022-07-25 13:11 | -- (permalink)

ietf wireless network

We are investigating reports and our monitoring is confirming that the ietf production network is some issues with wireless connections.

The NOC team is actively working on this issue.

Post-Mortem

Root Cause

  1. Devices were sticking to access points not roaming on the ietf network
  2. multicast Bonjour traffic from the clients on the Wireless Lan Controller (WLC) was flooding the air with broadcast traffic.

Resolution

  1. We’ve tuned the “optimized roaming” feature that kicks out low signal clients so that they try to roam to a better AP more aggressivly.
  2. We’ve turned on “global Multicast Domain Name Service (mDNS) snooping” that enables IPv4 mDNS snooping and suppress multicast traffic. We had historically enabled mDNS snooping between SSID's but now have it per SSID. It’s only for IPv4 as our current controller doesn’t support IPv6 mDNS snooping.

2022-07-25 11:23 | -- (permalink)

IPv6 issues

We are investigating reports and our monitoring is confirming that the ietf production network is having performance issues.

We have identified and made a change that has improved the IPv6 issues. We are still trying to determine the root cause.


Update 2022-07-26 15:44

We have determined the root cause of the Duplicate Address Detection (DAD) replay. The distribution and core switches build an embedded client database to aid in the mitigation of things such as rogue RAs. To determine if clients are "alive" the switches will send a neighbor solicitation for the client's IPv6 address. However, since the switches do not have IPv6 addresses configured on them, they choose to use an all-zeros IPv6 source address. This results in packets that resemble DADs.

The feature has been disabled on the ports facing the wireless network (for now) and will be disabled on ports more broadly for the next meeting. Wireless clients should no longer be receiving replayed DAD packets.


2022-07-21 19:53 | -- (permalink)

IETF 114 Network Information – Philadelphia, PA

External Connectivity

The IETF 114 network connects to the Internet via two 10Gb/s uplinks. The first is donated by Comcast direct via EDI. The second is Comcast EPL for transport to the IX; Netrality providing cross-connect to Hurricane Electric for connectivity. The IETF uses 2001:67c:370::/48 and 2001:67c:1230::/46 for IPv6 and 31.133.128.0/18 and 31.130.224.0/20 for IPv4. We supply bandwidth for the conference space and venue hotel guest rooms.

Guest Room and Public Space WiFi

The IETF network covers the guest rooms and limited coverage in the public spaces throughout the hotel using the 'ietf-hotel' SSID. If you have performance issues with this network, please let us know.

We are seeing significant signal bleed of the 'ietf-hotel' SSID into the meeting space. When you are in the meeting rooms, please make sure you aren't still associated to the guest room network.

While we are using the IETF meeting network for Internet connectivity, we are using the hotel's acccess points to cover the guest rooms and public spaces, so there are limits to the improvements we can make.

If you have trouble with the 'ietf-hotel' SSID, please contact the Help Desk or send email to support @ ietf.org and we are glad to help!

Meeting Room Wireless

WiFi (802.11 a/g/n/ac) is provided throughout the venue on 2.4 and 5 GHz bands with IPv4 and IPv6.

Most users should choose the 'ietf' SSID:

user: ietf
password: ietf

Here’s a quick summary of the available WiFi networks:

SSID Description Encrypted Frequencies IP Versions
ietf The default network yes 5Ghz only v4 and v6
ietf-legacy114 For legacy and unencrypted use no 2.4 and 5Ghz v4 and v6
ietf-2.4ONLY An encrypted network for 2.4Ghz users yes 2.4Ghz only v4 and v6
ietf-v6ONLY IPv6 only yes 5Ghz only v6 only
ietf-nat64 IPv6 stack with NAT64 to access IPv4 resources yes 5Ghz only v6 with NAT64 & DNS64
ietf-nat64-unencrypted IPv6 stack with NAT64 to access IPv4 resources no 2.4 and 5Ghz v6 with NAT64 & DNS64
eduroam Educational users yes 2.4 and 5Ghz v4 and v6

All networks marked as encrypted provide layer 2 security. They use WPA2 Enterprise with 802.1X (PEAP or TTLS) authentication and AES encryption. Although all users are using the same credentials (user 'ietf', password 'ietf'), each user gets unique session encryption keys. The certificate for services.meeting.ietf.org is signed by Starfield Technologies, Inc., with the following fingerprint.

hash f(x) fingerprint
SHA1 DB:2A:E7:D1:AF:B5:5A:03:43:11:BC:B0:AD:77:E9:D1:D7:12:A7:25
SHA256 8A:AC:ED:35:86:7F:FC:35:C2:82:33:AA:E4:6A:CA:C5:8E:97:20:9C:6D:73:82:9E:CB:26:77:D6:A4:72:A9:C5

The WiFi network implements two BCP38-like filters:

A Note For Android Users

Here are the relevant settings for connecting Android devices to the secure ietf networks.

A Note For Windows Users

Connecting to the 'ietf' SSID on Windows 7 requires a few extra steps. If you're struggling to get connected to an encrypted SSID on your Windows laptop, please come by the Network Help Desk. Alternatively, you can try yourself; instructions are here

Terminal Room

The Terminal Room is located in Salon 10. The Terminal Room is open 24 hours each day beginning Sunday, July 23rd, 2022 at 16:00 and ending on Friday, July 29th, 2022 at 15:00. The room itself consists tables seats, providing some wired access and 110V 60 Hz Type A power ports.

The terminal room has no terminals, PCs, or other user-accessible machines. It is simply a place to get power, wired and WiFi Internet access, and/or work quietly.

When using the Ethernet connections in the Terminal Room, IPv4 addresses are provided by DHCP. Please use Stateless Auto-configuration for IPv6 (SLAAC). A DHCPv6 server or RDNSS will provide network information.

Please note that at the request of the IETF Chair, demonstrations are no longer permitted in the Terminal Room.

Help Desk

IT support is being provided next to the Registration Desk on the BR level, and will be staffed the following hours:

Day Hours
Sunday 16:00 - 19:00
Monday 8:00 - 17:00
Tuesday 8:00 - 17:00
Wednesday 8:00 - 17:00
Thursday 8:00 - 17:00
Friday 8:00 - 15:00

NOC and Ticketing

There are several ways to communicate with the NOC staff.

Send an email to support @ ietf.org with as much detail regarding your issue and configuration as possible.

Please provide the following information:

This information will expedite ticket processing. If you're on site and need direct network assistance (i.e - you have no network) please go to the Help Desk.

The Secretariat has a ticket system to report problems with the meetings. Please send mail to: support @ ietf.org to request help. The Secretariat is responsible for helping with:

Printing

There is a printer at the Network Help Desk and is available to all IETF users. The printer is an Epson WF-3820 and is accessible via LPD, Bonjour, standard TCP/IP on port 9100. The hostname for it is ietf114-printer.meeting.ietf.org.

Name Model Capabilities IPv4 Address IPv6 Address Notes Drivers
ietf114-printer.meeting.ietf.org [Epson WF-3820] Inkjet w/Duplexer 31.133.160.18 2001:67c:370:160::18 Bonjour name: ietf114-printer Printer Drivers

Instructions for MacOS using Bonjour auto-setup (DNS-Based Service Discovery)

(Note that this method is not available if you have configured an explicit DNS search list. Please see below for the manual configuration instructions.

  1. Open System Preferences -> Printers & Scanners -> "+" below printer list
  2. Select the "Printer" icon at the top of window
  3. You should see the printers discovered by Bonjour. Pick the right one.
  4. Enjoy hassle-free printing.

Instructions for MacOS using manual configuration

  1. Open System Preferences -> Printers & Scanners -> "+" below printer list
  2. Select the "Globe" icon at the top of window
  3. Enter "ietf114-printer.meeting.ietf.org" in the Address field.
  4. Select "Airprint" from the Protocol field drop down menu
  5. Leave the Queue field blank.
  6. Click Add

Instructions for Windows

  1. Download and install the appropriate driver from: https://epson.com/Support/Printers/All-In-Ones/WorkForce-Series/Epson-WorkForce-Pro-WF-3820/s/SPT_C11CJ07201
  2. If you have difficulty installing the printer for ietf114 please visit the Network Help Desk adjacent to the IETF Registration Desk on the Lobby Level.

EPSON Connect

  1. Email the document or file you wish to print as an attachment to ietf114@print.epsonconnect.com
  2. Retrieve your printout from the printer located near the Network Help Desk located in the Registration Area.

Services

The following network services are provided:

Service Address Notes
SMTP smtp.meeting.ietf.org Provides SMTP relay for the IETF network
NTP ntp.meeting.ietf.org A stratum 2 time service is provided via IPv4 and IPv6 unicast
DNS ns1.meeting.ietf.org ns2.meeting.ietf.org Validating recursive resolvers. The local domain is meeting.ietf.org.

These services are being provided from both of the following servers:

name IPv4 IPv6
services-1.meeting.ietf.org 32.31.130.229.6 2001:67c:370:229::6
services-2.meeting.ietf.org 33.31.130.229.7 2001:67c:370:229::7

Geolocation

There is a geolocation feed published here: https://noc.ietf.org/geo/google.csv

Geolocation service for event networks is hit or miss. Suggestions/assistance is welcomed. You can also try searching via https://www.google.com/ncr (no country re-direct).

Experiments

Experiments on the IETF network need to be approved by the IETF Chair. For IETF 114, no network experiments requested.

Thanks

The terminal room and IETF network are made possible by contributions from our sponsors and the efforts of our volunteer team. If you see them in the halls, be sure to thank them for their work!

Contributors:

Connectivity:

Volunteers:

Staff: