Wireless: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
Line 103: Line 103:
==== Wireless Interface Configuration ====
==== Wireless Interface Configuration ====


First, configure the wireless interface. Use the following snippet:
Insert the following snippet into /etc/network/interfaces, replacing IFACE by the interface connected to auth3net (examples would be br0 and eth0.192):


auto ath0
auto ath0
Line 113: Line 113:
wireless-channel 36
wireless-channel 36
wireless-essid csc-wireless
wireless-essid csc-wireless

Second, make a bridge between the wireless and auth3net. Use the following snippet, replacing IFACE by the interface connected to auth3net
auto br192
auto br192
Line 121: Line 123:
up ip route add 129.97.192.0/23 dev br192
up ip route add 129.97.192.0/23 dev br192


==== Brouting Configuration ====
You will also need to enable routing, by adding this to sysctl.conf:


Additional setup is needed to enable fast communication between mathstudentorgsnet and auth3net. We take the minimally invasive approach of pulling packets destined for mathstudentorgsnet off the bridge and routing them, masquerading as wireless-nat.csclub.uwaterloo.ca. Masquerading is needed to ensure responses are routed correctly.
net.ipv4.ip_forward=1


Finally, add 129.97.134.85 as a secondary IP address. You might do so by adding this snippet, replacing IFACE by the interface connected to mathstudentorgsnet:
Finally, add 129.97.134.85 as a secondary IP address. You might do so by adding this snippet, replacing IFACE by the interface connected to mathstudentorgsnet:
Line 132: Line 134:
netmask 255.255.255.0
netmask 255.255.255.0
network 129.97.134.0
network 129.97.134.0

Second, enable routing, by adding the following snippet to sysctl.conf:

net.ipv4.ip_forward=1

Third, configure ebtables to pull packets of the bridge. Type:

ebtables -t broute --flush
\
ebtables -t broute -A BROUTING -i ath0 \
-p ipv4 --ip-src 129.97.192.0/23 --ip-dst 129.97.134.0/24 \
-j redirect --redirect-target DROP
invoke-rc.d ebtables save

Finally, configure iptables to masquerade wireless users as wireless-nat.csclub. Type the following, replacing

iptables -t nat --flush
iptables -t nat -A POSTROUTING -o eth0 \
-s 129.97.192.0/23 -d 129.97.134.0/24 \
-j SNAT --to-source 129.97.134.85
invoke-rc.d iptables save


=== External Links ===
=== External Links ===

Revision as of 23:44, 11 March 2008

Motivation

The UW wireless network has a couple of major deficiencies:

  1. Weak signal in MC 3036, preventing some laptops from connecting
  2. Aggressive throttling of bandwidth, even to wired systems within the club office

The second point is quite important: UW's wireless will begin to throttle high bandwidth connections after a minute or two, decreasing bandwidth slowly from 1MB/s or more down to 100KB/s or less. Members can expect to sit in the office for an hour or more if they want to download many packages off of the CSC mirror.

To work around this problem we have an access point in the Computer Science Club.

Configuration

  • ESSID: csc-wireless
  • AP: 00:19:5B:7D:DB:FE
  • Channel: 36 (5.18 GHz)
  • Network: auth3net (129.96.192.0/23)

Clients must authenticate to the Network Authentication Appliance (NAA) as with uw-wireless, in accordance with this IST policy, points #2 through #4.

Technical Overview

The AP connects to acesulfame-potassium through a secondary NIC. On acesulfame-potassium, the following decision is made:

  • IP packets destined for mathstudentorgsnet are brouted with SNAT to wireless-nat.csclub.uwaterloo.ca
  • All other ethernet frames are bridged to auth3net

The network is identical to connection through uw-wireless in all respects, except for the special treatment of mathstudentorgs traffic. This special treatment bypasses uw-wireless throttling for machines on our network.

Wireless Performance

Tests were done on a 700MB Ubuntu ISO at an off peak time.

  • uw-wireless
    • Initial speed: 1.3MB/s
    • Final speed: 40KB/s
    • Time: aborted after 27 minutes (got bored) with 67% remaining, ETA increased steadily throughout
 mike@freyr:/tmp$ time wget http://mirror.csclub.uwaterloo.ca/ubuntu-releases/7.10/ubuntu-7.10-desktop-i386.iso
 --23:54:09--  http://mirror.csclub.uwaterloo.ca/ubuntu-releases/7.10/ubuntu-7.10-desktop-i386.iso
 Resolving mirror.csclub.uwaterloo.ca... 129.97.134.71
 Connecting to mirror.csclub.uwaterloo.ca|129.97.134.71|:80... connected.
 HTTP request sent, awaiting response... 302 Found
 Location: http://citric-acid.csclub.uwaterloo.ca/iso/ubuntu-gutsy/ubuntu-7.10-desktop-i386.iso [following]
 --23:54:09--  http://citric-acid.csclub.uwaterloo.ca/iso/ubuntu-gutsy/ubuntu-7.10-desktop-i386.iso
 Resolving citric-acid.csclub.uwaterloo.ca... 129.97.134.37
 Connecting to citric-acid.csclub.uwaterloo.ca|129.97.134.37|:80... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 729608192 (696M) [application/x-iso9660-image]
 Saving to: `ubuntu-7.10-desktop-i386.iso'
 
 11% [===>                                    ] 86,583,824   377K/s  eta 13m 34ss
 33% [========================>               ] 241,791,104 39.5K/s  eta 55m 48s
 
 
 real	27m40.165s
 user	0m1.008s
 sys	0m4.252s
  • csc-wireless
    • Initial speed: 1.83MB/s
    • Final speed: 1.93MB/s
    • Time: aborted after 6 minutes (ran out of disk) with 10% remaining, steady progress
 --00:27:07--  http://mirror.csclub.uwaterloo.ca/ubuntu-releases/7.10/ubuntu-7.10-desktop-i386.iso
 Resolving mirror.csclub.uwaterloo.ca... 129.97.134.71
 Connecting to mirror.csclub.uwaterloo.ca|129.97.134.71|:80... connected.
 HTTP request sent, awaiting response... 302 Found
 Location: http://citric-acid.csclub.uwaterloo.ca/iso/ubuntu-gutsy/ubuntu-7.10-desktop-i386.iso [following]
 --00:27:07--  http://citric-acid.csclub.uwaterloo.ca/iso/ubuntu-gutsy/ubuntu-7.10-desktop-i386.iso
 Resolving citric-acid.csclub.uwaterloo.ca... 129.97.134.37
 Connecting to citric-acid.csclub.uwaterloo.ca|129.97.134.37|:80... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 729608192 (696M) [application/x-iso9660-image]
 Saving to: `ubuntu-7.10-desktop-i386.iso'
 
  1% [>                                                                            ] 14,380,544  1.83M/s  eta 6m 29s 
 33% [========================>                                                    ] 243,488,896 1.92M/s  eta 4m 46s 
 65% [=================================================>                           ] 475,945,024 1.90M/s  eta 2m 21s 
 91% [=====================================================================>       ] 670,317,304 1.93M/s   in 6m 5s  
 
 
 Cannot write to `ubuntu-7.10-desktop-i386.iso' (No space left on device).
 
 real	6m4.935s
 user	0m2.124s
 sys	0m11.161s

While these are quite unscientific, they do demonstrate the huge performance advantage of csc-wireless. I will repeat them without aborting, when I have time.

Detailed Configuration

Required Packages

To install required packages, type:

sudo aptitude install madwifi-source madwifi-tools wireless-tools vlan bridge-utils ebtables iptables

Then build the modules for the installed kernel via:

sudo m-a a-i madwifi

Wireless Interface Configuration

First, configure the wireless interface. Use the following snippet:

auto ath0
iface ath0 inet manual
        pre-up wlanconfig ath0 destroy || true
        pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
        post-down wlanconfig ath0 destroy
        wireless-mode master
        wireless-channel 36
        wireless-essid csc-wireless

Second, make a bridge between the wireless and auth3net. Use the following snippet, replacing IFACE by the interface connected to auth3net

auto br192
iface br192 inet manual
        bridge_ports IFACE ath0
        bridge_stp yes
        up brctl setbridgeprio br192 40000
        up ip route add 129.97.192.0/23 dev br192

Brouting Configuration

Additional setup is needed to enable fast communication between mathstudentorgsnet and auth3net. We take the minimally invasive approach of pulling packets destined for mathstudentorgsnet off the bridge and routing them, masquerading as wireless-nat.csclub.uwaterloo.ca. Masquerading is needed to ensure responses are routed correctly.

Finally, add 129.97.134.85 as a secondary IP address. You might do so by adding this snippet, replacing IFACE by the interface connected to mathstudentorgsnet:

auto IFACE:nat
iface IFACE:nat inet static
       address 129.97.134.85
       netmask 255.255.255.0
       network 129.97.134.0

Second, enable routing, by adding the following snippet to sysctl.conf:

net.ipv4.ip_forward=1

Third, configure ebtables to pull packets of the bridge. Type:

ebtables -t broute --flush
 \
ebtables -t broute -A BROUTING -i ath0 \
    -p ipv4 --ip-src 129.97.192.0/23 --ip-dst 129.97.134.0/24 \
    -j redirect --redirect-target DROP

invoke-rc.d ebtables save

Finally, configure iptables to masquerade wireless users as wireless-nat.csclub. Type the following, replacing

iptables -t nat --flush

iptables -t nat -A POSTROUTING -o eth0 \
    -s 129.97.192.0/23 -d 129.97.134.0/24 \
    -j SNAT --to-source 129.97.134.85

invoke-rc.d iptables save

External Links