A temporary network on a budget for Southern California Linux Expo

Exhibitors want isolated booth networks, attendees want more bandwidth, and nobody has much money. Here's how VLAN and QoS support on Linux routers helped keep a conference network up and running

By Orv Beach, LinuxWorld.com, 06/11/07

 Start a discussion    Print article

 Comments (1)    Print article

Running a network is hard. But assembling one in a day, letting a motley assortment of virus-infected Microsoft Windows PCs, rogue DHCP servers, and beaconing boxes use it -- and still maintaining full network functionality -- is more than challenging.

The Southern California Linux Expo is in its fifth year, and was held this year at the Westin LAX Hotel. Like other tech events, the Expo provides a network for exhibitors, speakers and guests. Stu Sheldon, the Tech Committee chair for SCALE,  not only expects things to go wrong when setting up the Expo network, he plans for it. Stu has been Tech Committee chair for the last four Expos. I sat down with Sheldon after the dust had settled from SCALE 5x and asked him about the challenges of planning, installing, and operating a network under such difficult conditions.

Explain the network architecture you designed for this year's SoCal Linux Expo. What are the design criteria?

With SCALE, the design criteria is simple, Provide stable and balanced Internet access for both exhibitors and guests. That sounds easy doesn't it? Oh, one other thing -- I needed to make it so I could pick the entire network up and rearrange it every year. This has been my task since the very first SCALE. I officially took over the Tech Committee chair position shortly after SCALE 1, and now host and maintain the three SCALE public servers year-round in my colocation facility in Thousand Oaks, Calif.

Did I mention budgets yet? The network is only used once a year, so we really couldn't commit tons of money to it. I think the budget for SCALE 1 was $200 for cable. All the network equipment back then was loaned or donated.

This year's network design incorporated several major security and reliability enhancements, as well as a complete re-thinking of what fair and equal network access means. I went all out to try to solve all the problems I had encountered over the past four years.

The design idea was all about isolation. I put every booth on its own virtual LAN (VLAN). I pushed other key services such as registration and wireless onto their own VLAN. Everyone had their own little island on the LAN. Now I could treat them as individual interfaces on the Debian Linux router I built for the show.

For the first time in SCALE history, one booth could not see any traffic from their neighbors, and wireless was an island of its own. This required some serious planning, but I think the benefits were clear.

Click to see: SCALE network diagram

The end results were impressive for a temporary network

* More than 2.5 miles of Cat 5E cable.

* 76 VLANs with 76 firewalled networks.

* 10 Wireless access points.

* Nine VoIP Phones throughout the venue.

* An Asterisk server, which received incoming calls from the SCALE 800 number and routed them to the proper phone at the venue.

* A central Debian-based firewall to manage and secure all the VLANs, as well as provide DNS, DHCP, NTP and so on to all the hosts on the network. It also managed all the QOS for the show.

* A management PC to monitor the whole thing in real time.

What was your incentive for this design? Why was it designed in this manner?

My main incentive was reliability. Setting up a network for an event this size is like standing in the middle of a circle of people and telling them all to throw knives at you. You have hundreds or maybe thousands of network devices that you have never seen before being put on the network, and you have no idea of their health or configuration. You also might have people that for whatever reason want to try to attack or monitor your network with the goal of doing bad things.

Actually, most real network problems are due to stupid mistakes, not deliberate acts. You haven't lived until someone brings a server from their office and plugs it into their booth network port, with it still running DHCPD and giving out IP addresses to everyone on the network. Or someone plugging a virus-infected laptop into the show network and proceeding to DOS everyone on the LAN.

There is also the issue of available bandwidth. A good friend once said, "Stu, if you gave them an OC3, they'd still use it all.". Truer words have never been spoken. And yes, we ran our Internet access at full tilt for the entire show. That's where the QoS settings came in. By setting up several weighted classful queues, and balancing the classes through carefully designed filters, I was able to provide the fairest network access ever for SCALE. This combined with VLAN separation, delivered unprecedented network performance and stability. Other than a couple of defective booth cables Saturday morning, the network delivered 100% uptime to all its users until the network was brought down Sunday night.

Invalid query - session: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

About Us | Contact Us | Advertising Info | Terms of Service/Privacy

Copyright, 2006-2007 Network World, Inc. All rights reserved.