6 tips from the CCC on how to set up stable WiFi for many guests

Planning a WLAN for an event requires more than for the mesh at home. Since there could be more of them soon, here are some tips from the CCC.

The corona pandemic is not over, but with more and more vaccinations there could soon be more face-to-face events with many guests. Such events with thousands of people can be for wireless networks a real challenge be.

The question arises: How is it possible to equip so many guests with a stable and high-performance network connection? How can interference between different access points (AP) be reduced and a comprehensive connection still be established?

Admins who already maintain and plan wireless networks themselves know that achieving this is not exactly easy. We asked the CCC for advice and received some tips on how to do this at our own congresses. The editorial team’s own experiences are also incorporated. The advice can also be applied to other scenarios such as large warehouses, new offices or meeting rooms and large events, although in special cases the priorities and requirements will certainly be different.

The following approach applies to the CCC: The capacity of the network should be placed before the area covered. For the network team at a congress, it is important that access points do not radiate excessively into other parts of the site. Hardware should therefore be positioned in such a way that it covers a seminar room, but not the hallway behind the wall, for example.

Before setting up a new WLAN infrastructure, we should first be clear about where and how access points can be set up in our own buildings. Floor plans or fire protection and escape plans help. We can use them as Basis for a network concept use. A router set up right next to solid walls or large furniture shines less through these obstacles and is more accessible from other sides. The radio power of many enterprise access points can also be set in the firmware. This is helpful in particularly small conference rooms or offices when the standard transmission power is actually too high.

Almost finished!

Please click on the link in the confirmation email to complete your registration.

Would you like more information about the newsletter?
Find out more now

Avoid collision domains

The CCC goes one step further: In order to be able to use the shared medium of the ether better, should The collision domain be kept as small as possible. These are network segments in which different data transmissions can overlap and only one participant is allowed to send data within this segment while the others wait for their interval. As a result, large collision domains with many clients can greatly reduce the performance of the network.

At trade fairs such as the Chaos Communication Congress, several virtual local area networks (VLAN) are used to divide clients into logically separate subnets. In order to relieve access points, VLANs are tunneled to a central Radiusserver managed. The network protocol Remote Authentication Dial-in-User Service (Radius) controls the authentication, administration and authorization of clients on a given network. The central control should also have the advantage that the individual access points on the large site are relieved and only have to take care of the data transmission themselves. The CCC uses to set up the server Freeradius – an open source project that can implement the protocol.

Nevertheless, there is still a need for further optimization. The network team assumes that many of the guests arrive with at least three network-enabled devices. What would the congress be without tech-savvy fans? In order to reduce DHCP requests and multicasts on the shared medium, each client should be assigned a fixed IP address that does not change over the entire visit. The assigned VLAN can be changed automatically using the radius protocol. The static IP address is generated from the public IPv4 and IPv6 address space. Comprehensive subnets with subnet masks of / 18 or less are also used at large events – depending on how many visitors are expected.

Routers with sensible broadcast filtering are therefore important in order to generate as little unnecessary traffic as possible in a collision domain. An ARP and NDP proxy should also be set up to reduce ARP and NDP requests to an unnecessarily large number of members in the network. The Address Resolution Protocol is used on the OSI data link layer (Layer 2) for the resolution of IPv4 addresses into Mac addresses. The Neighbor Discovery Protocol is used, for example, to convert IPv6 addresses into much simpler IPv4 addresses. The latter is not necessary in some applications, for example if IPv6 does not have to be used internally in company networks.

Settings on the access points themselves help to ensure acceptable data rates for as many clients as possible.

In smaller home networks, functions such as channel bonding are useful, as this can significantly increase the data rates of individual devices. However, this is not possible at large events without unrealistically high hardware costs. The following therefore applies: Channel bundling is switched off in order to also support more clients. Instead, only the individual 20 megahertz channels into which the WLAN signals are divided are used. Both frequency bands are to be used: 2.4 gigahertz and 5 gigahertz.

Although the 2.4 gigahertz band supports many more channels, the CCC’s network team only uses four different ones. This is due to the fact that adjacent frequencies can interfere with each other and cause interference. For this reason, 2.4 gigahertz communications in Europe are limited to four channels: 1, 5, 9 and 13. In North America, the 2.4 gigahertz band does not provide for a 13th channel; there, for example, channel 11 has to be used.

Switch off unused standards

In order to comply with EU guidelines, care should also be taken to ensure that DFS channels in the five gigahertz band are always kept free. Radar communications, which must have absolute priority, also run on these. Radar traffic is therefore monitored separately and the corresponding DFS channels are temporarily switched off if necessary.

These restrictions can result in a large number of clients in a collision domain on individual channels. It is calculated with around 50 to 75 devices per channel. Therefore, there should be enough routers in a single room to handle such a large amount. In general, the CCC recommends using 3 × 3 MIMO devices in crowded areas – such as entrance areas and break areas – that can address more devices at the same time. In less frequented locations, 2 × 2 antennas are also sufficient.

It can also make sense to completely switch off slower WLAN standards in your own network. The CCC recommends deactivating the outdated 802.11b and restricting 802.11 a + g to higher data rates. The goal is to transfer packets as quickly and as quickly as possible. Slower connections occupy valuable time intervals on the medium for a longer period of time. In this case, however, very old or inexpensive end devices could no longer work. Therefore, before deactivating older standards, we should be clear about which hardware in our network interacts with each other.

No automatic channel change

With the steady spread of Wi-Fi 5 and 6 – 802.11ac and 802.11ax – more and more clients with five-gigahertz compatibility are also being used. A few years ago, the CCC assumed a share of 60 to 70 percent. Almost all newer devices now also use five gigahertz frequencies.

In order to use the resources on both frequency bands, the network team therefore uses different SSIDs for 2.4 and 5 gigahertz. According to their own statements, the CCC network team regards band steering, i.e. the automatic selection of the correct frequency band by the client itself, as unreliable. Such functions are switched off accordingly. At events such as the 36C3, SSID, open guest networks, encrypted private WLAN or the networks of community projects were also operated in parallel.

In general, however, the following applies: Too many different SSIDs in the same network can occupy an unnecessarily large amount of air time, which on the other hand could be used for better performance. This is due to the periodically sent beacon frames and probes that are sent on the WiFi signal for each SSID. So we shouldn’t create too many SSIDs, especially when resources are tight. Several VLANs that are assigned to an SSID via dynamic VLAN assignment can help here.

From general room planning to implementation of the hardware: It is important that network teams come up with a meaningful step-by-step concept and are also aware of what they want to achieve with their wireless networks.

Even before Corona, events like the 36C3 showed in an extreme form how important a good network plan is. Experience has shown that the network connection at the CCC events is stable, even when there are large gatherings of people. The club gave us a detailed Documentation from the manufacturer Aruba recommended. This again goes into the installation of WLAN with at least 100 devices per cell and gives tips.

The author of the article is Oliver Nickel.

You might be interested in that too

Categories:   General

Tags:  ,