2022-10-04 18:39 | -- (permalink)
External Connectivity
The IETF 115 network connects to the Internet via two 1Gb/s uplinks donated by BT. The IETF uses 2001:67c:370::/48 and 2001:67c:1230::/46 for IPv6 and 31.133.128.0/18 and 31.130.224.0/20 for IPv4. We supply bandwidth for the conference space and venue hotel guest rooms.
Guest Room and Public Space WiFi
The IETF network covers the guest rooms and coverage in the public spaces throughout the hotel using the 'ietf-hotel' SSID. If you have performance issues with this network, please let us know.
There may be some signal bleed of the 'ietf-hotel' SSID into the meeting space. When you are in the meeting rooms, please make sure you aren't still associated with the guest room network.
While we are using the IETF meeting network for Internet connectivity, we are using the hotel's access points to cover the guest rooms and public spaces, so there are limits to the improvements we can make.
If you have trouble with the 'ietf-hotel' SSID, please contact the Help Desk or email support @ ietf.org, and we are glad to help!
Note for 115
IPv6 on the guestroom wireless ietf-hotel SSID may be unreliable. The 'ietf-hotel' SSID is doing layer 2 client isolation to minimize potential network issues. Thus far, when enabled on the Hilton hardware, we've noticed that router solicitations do not work, among other things. The NOC has worked to mitigate this by sending router advertisements with a higher frequency, but you might need to disable IPv6 if you have issues on ietf-hotel. We have contacted the vendor, who believes this would be resolved with beta firmware.
Meeting Room Wireless
Note for 115
As we renew our certificate for the 802.1X authentication every year, the certificate has been updated between IETF 114 and IETF 115. The NOC team has discovered that some devices with an existing profile for an IETF SSID (e.g., ietf) with the old certificate have a network association problem. This is most noticeable on Apple iOS devices. You may get an “unable to join the network” error message on your device if you have this problem.
If you have a problem associating with any 802.1X-based IETF SSIDs, the solution is to forget the SSID/network from your device and then try to associate with it again.
The fingerprints of our new certificate have been updated below.
WiFi (802.11 a/g/n/ac/ax) is provided throughout the venue on 2.4 and 5 GHz bands with IPv4 and IPv6.
Most users should choose the 'ietf' SSID:
user: ietf
password: ietf
Here’s a quick summary of the available WiFi networks:
| SSID | Description | Encrypted | Frequencies | IP Versions |
|---|---|---|---|---|
| ietf | The default network | yes | 5Ghz only | v4 and v6 |
| ietf-legacy115 | For legacy and unencrypted use | no | 2.4 and 5Ghz | v4 and v6 |
| ietf-2.4ONLY | An encrypted network for 2.4Ghz users | yes | 2.4Ghz only | v4 and v6 |
| ietf-v6ONLY | IPv6 only | yes | 5Ghz only | v6 only |
| ietf-nat64 | IPv6 stack with NAT64 to access IPv4 resources | yes | 5Ghz only | v6 with NAT64 & DNS64 |
| ietf-nat64-unencrypted | IPv6 stack with NAT64 to access IPv4 resources | no | 2.4 and 5Ghz | v6 with NAT64 & DNS64 |
| eduroam | Educational users | yes | 2.4 and 5Ghz | v4 and v6 |
All networks marked as encrypted provide layer 2 security. They use WPA2/WPA3 Enterprise with 802.1X (PEAP or TTLS) authentication and AES encryption. Although all users are using the same credentials (user 'ietf', password 'ietf'), each user gets unique session encryption keys. The certificate for services.meeting.ietf.org is signed by Starfield Technologies, Inc., with the following fingerprint.
| hash f(x) | fingerprint |
|---|---|
| SHA1 | 87:E7:53:8B:42:E1:FD:4E:D8:B2:D6:0B:48:69:D3:71:D2:F7:01:B6 |
| SHA256 | 08:36:E8:E3:B4:CE:82:FC:30:9D:69:7E:B6:FE:A3:57:5E:6D:61:44:06:CA:74:AF:DB:1D:02:C6:CC:B0:B4:87 |
The WiFi network implements two BCP38-like filters:
- Packets from manually configured IPv4 addresses that are not assigned by DHCP are dropped. DHCP packets are snooped by our wireless LAN controllers to perform this filtering.
- Packets from IPv4 and IPv6 addresses that cannot be resolved via ARP/ND are filtered out. Proxy ARP/ND is performed by our wireless LAN controllers for this filtering.
A Note For Android Users
Here are the relevant settings for connecting Android devices to the secure ietf networks.
- Network name (e.g. ietf): ietf
- Security: WPA/WPA2-Enterprise
- EAP Method: PEAP
- Phase 2 authentication: MSCHAPv2
- CA Certificate: Use system certificates
- Do not verify
- Domain: services.meeting.ietf.org
- Identity: ietf
- Password: ietf
A Note For Windows Users
Connecting to the 'ietf' SSID on Windows 7 requires a few extra steps. If you're struggling to get connected to an encrypted SSID on your Windows laptop, please come by the Network Help Desk. Alternatively, you can try yourself; instructions are here
Terminal Room
The Terminal Room is located in Admiral 2. The Terminal Room is open 24 hours each day beginning Sunday, November 6, 2022, at 16:00 and ending on Friday, November 11, 2022, at 15:00. The room consists of table seats, wired access, and 220V power ports.
The terminal room has no terminals, PCs, or other user-accessible machines. It is simply a place to get power, wired and WiFi Internet access, and work quietly.
When using the Ethernet connections in the Terminal Room, IPv4 addresses are provided by DHCP. Please use Stateless Auto-configuration for IPv6 (SLAAC). A DHCPv6 server or RDNSS will provide network information.
Please note that at the request of the IETF Chair, demonstrations are no longer permitted in the Terminal Room.
Help Desk
IT support is being provided next to the Registration Desk in the West Wing Lobby and will be staffed during the following hours:
| Day | Hours |
|---|---|
| Sunday | 16:00 - 19:00 |
| Monday | 8:30 - 17:00 |
| Tuesday | 8:30 - 17:00 |
| Wednesday | 8:30 - 17:00 |
| Thursday | 8:30 - 17:00 |
| Friday | 8:30 - 15:00 |
NOC and Ticketing
To communicate with the NOC staff, send an email to support @ ietf.org with as much detail regarding your issue and configuration as possible.
Please provide the following information:
- MAC Address
- Current Location
- Device type and operating system
- Description of the issue
This information will expedite ticket processing. If you're on-site and need direct network assistance (i.e., you have no network), please go to the Help Desk.
The Secretariat has a ticket system to report problems with the meetings. Please send mail to: support @ ietf.org to request help. The Secretariat is responsible for helping with the following:
- A/V in meeting rooms
- Beverage and food
- Jabber
- Projectors
- Room temperature (too hot/cold)
Printing
A printer at the Network Help Desk is available to all IETF users. The printer is an Epson WF-4820 and is accessible via LPD, Bonjour, and standard TCP/IP on port 9100. The hostname for it is ietf115-printer.meeting.ietf.org.
| Name | Model | Capabilities | IPv4 Address | IPv6 Address | Notes | Drivers |
|---|---|---|---|---|---|---|
| ietf115-printer.meeting.ietf.org | [Epson WF-4820] | Inkjet w/Duplexer | 31.133.160.18 | 2001:67c:370:160::18 | Bonjour name: ietf115-printer | Printer Drivers |
Instructions for macOS using Bonjour auto-setup (DNS-Based Service Discovery)
(Note that this method is unavailable if you have configured an explicit DNS search list. Please see below for the manual configuration instructions.
- Open System Preferences -> Printers & Scanners -> "+" below printer list
- Select the "Printer" icon at the top of the window
- You should see the printers discovered by Bonjour. Pick the right one.
- Enjoy hassle-free printing.
Instructions for macOS using manual configuration
- Open System Preferences -> Printers & Scanners -> "+" below printer list
- Select the "Globe" icon at the top of the window
- Enter "ietf115-printer.meeting.ietf.org" in the Address field.
- Select "Airprint" from the Protocol field drop-down menu
- Leave the Queue field blank.
- Click Add
Instructions for Windows
- Download and install the appropriate driver from: https://download.epson-europe.com/pub/download/6374/epson637458eu.exe
- If you have difficulty installing the printer for ietf115, please visit the Network Help Desk adjacent to the IETF Registration Desk on the Lobby Level.
EPSON Connect
- Email the document or file you wish to print as an attachment to ietf115 @ print.epsonconnect.com
- Retrieve your printout from the printer near the Network Help Desk in the Registration Area.
Services
The following network services are provided:
| Service | Address | Notes |
|---|---|---|
| NTP | ntp.meeting.ietf.org | A stratum 2 time service is provided via IPv4 and IPv6 unicast |
| DNS | ns1.meeting.ietf.org ns2.meeting.ietf.org | Validating recursive resolvers. The local domain is meeting.ietf.org. |
These services are being provided from both of the following servers:
| name | IPv4 | IPv6 |
|---|---|---|
| services-1.meeting.ietf.org | 32.31.130.229.6 | 2001:67c:370:229::6 |
| services-2.meeting.ietf.org | 33.31.130.229.7 | 2001:67c:370:229::7 |
Geolocation
There is a geolocation feed published here: https://noc.ietf.org/geo/google.csv
Geolocation service for event networks is often incorrect. Suggestions and assistance are welcomed. You can also try searching via https://www.google.com/ncr (no country re-direct).
Experiments
Experiments on the IETF network need to be approved by the IETF Chair. For IETF 115, no network experiments were requested.
Thanks
The terminal room and IETF network are made possible by our sponsors' contributions and our volunteer team's efforts. If you see them in the halls, be sure to thank them for their work!
Contributors:
- Juniper Networks
- Cisco
Connectivity:
- BT
Volunteers:
- Hirochika Asai (Preferred Networks/WIDE)
- Rob Austein (Arrcus)
- Joe Clarke (Cisco)
- Bill Fenner (Arista)
- Bill Jensen (University of Wisconsin–Madison)
- Hans Kuhn (NSRC)
- Warren Kumari (Google)
- Karen O'Donoghue (ISOC)
- Clemens Schrimpe
Staff:
- Daniel Branik
- Sean Croghan
- Nick Kukich
- Con Reilly
- Paul Smith