Available IP Addresses - Future Strategies

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Available IP Addresses - Future Strategies

Postby johnshaw » Mon Nov 14, 2011 3:06 pm

I've mentioned moving into this prototype building in the past, our first meetings a week ago were Stake Conference, so that was a baptism by fire sort of thing. During Priesthood leadership I was approached about why the wireless isn't working. I started investigating and found that all the addresses were used up. We have 13 units and if you assume 4 out of 5 in the Bishopric/execsec/clerk attending, I have 52 possible phones accessing the LDS Access wireless. I know our Stake Presidency all have phones connecting, and 4 of the 5 have tablets. If a percentage of the Bishoprics have tablets as well... that gets us well over the default number - default on 881W is 64 addresses total in the range with 1-14 (at least, I don't know technically where the dhcp range starts) but my WAP's are 10-14... I have 2 printers setup on 8,9 and if need be I can set the clerk computers to 4-7. But this still leaves approx 50 IP addresses.

So where I'm going with this is what is the strategy going forward? If the desire is to allow members of the church to use LDS Access with their devices, many of my suburban wards will have 200-250 devices with husband/wife/teen phones and tablets for many of them.. Stake Conference is going to be crazy?

One thing I don't want to hear in the conversation is that people will have to learn to turn on and off their wireless... we've progressed well beyond that, and there are plenty of ways to allow members of the church to connect and not have to worry about it. In my current job we are re-designing the wireless network to account for the possibility that everyone will have at a minimum an IP phone, mobile phone, tablet, mp3 player, and laptop at their desks all connecting to wireless.... no longer do you pull a single cable run to a cube, or plan for a single wireless connection per cube, but now we're looking at 5 wireless connections per cube area. This is the reality facing many wards today.

If the church truly wants us to be able to access the Internet at church, then they must anticipate that we will use it.

Does the church have a strategy and implementation methodology for this yet? Is there anything else that I'm not thinking about?

What do i do with my old firewalls that aren't licensed like the 881W?

russellhltn
Community Administrator
Posts: 20729
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Nov 14, 2011 4:55 pm

People are reporting success with setting up a router behind the church firewall to dish out more IPs. But you're right. The church needs to figure out a better plan.

I'd guess it involves changing the IP structure of the network.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Tue Nov 15, 2011 6:43 am

RussellHltn wrote:People are reporting success with setting up a router behind the church firewall to dish out more IPs. But you're right. The church needs to figure out a better plan.

I'd guess it involves changing the IP structure of the network.


Russell, I agree with you, but one comment that I have is if there are all these smartphones out there, then they should be using their own connection instead of the church's. Sure the church's is faster, but to me the church network is only to be used for church purposes, such as showing a video, looking up lessons and so forth. Not to do facebook, check personal email (although, I do that) or looking up information for you work.

It does sound like the church needs to rethink their IP addressing scheme, but the question is do they go from a /27 to a /26. The reason is then will there be enough addresses to cover all the building that have Internet access.

It will be interesting.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Tue Nov 15, 2011 7:03 am

The 881W are configured as a /26 already... I'm thinking every building should have a /24 - maybe only the DHCP range needs to be changed - we could use the 10.x.x.x for 'infrastructure (printers, clerk computers, WAP, firewalls [these would need to be assigned statically]) and move the dhcp range to one of the other reserved IP spaces and give it a /23.

I don't disagree that a smartphone has its own connection, but most people will configure to use a network if they can to save on charges... I don't have an issue with that... also many tablets being purchased do not have a plan and so will require a network connection.

At last word, members will be able to access the SSID LDS Access using their LDS Account... I haven't heard that it's only used for ... but I know why it should be used... I would just prefer to have a design where a clerk or STS doesn't have to worry about filling up IP addresses. What I see as a typical pattern in this world is this... Make a decision... Implement that decision... realize there are issues with it... local volunteer STS or Clerks can spend hours working around that issue... even if it is multiple hours... multiple times....

I'd rather envision a ridiculous scenario (2 apostles and 3 members of the seventy are in a stake center with all stake presidencies and bishoprics from an 8 stake area - the Apostle can't get on LDS Access - because there are no available IP addresses - but nobody knows that... STS/Clerks are rushed away from their families to figure it out.... announcement is made.. brethren could one or two of you turn off your phones so that Elder xxxx can get on the network)

When we have the ability to predict an ultimate scenario we should design for that... rather than a design, which to my thinking, is very 1 unit centric.... I guess we need to understand what the Church IT team wants to define as 'members having access to wireless through their LDS Accounts' means

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Wed Nov 16, 2011 10:36 am

JohnShaw wrote:The 881W are configured as a /26 already... I'm thinking every building should have a /24 - maybe only the DHCP range needs to be changed - we could use the 10.x.x.x for 'infrastructure (printers, clerk computers, WAP, firewalls [these would need to be assigned statically]) and move the dhcp range to one of the other reserved IP spaces and give it a /23.

I don't disagree that a smartphone has its own connection, but most people will configure to use a network if they can to save on charges... I don't have an issue with that... also many tablets being purchased do not have a plan and so will require a network connection.

At last word, members will be able to access the SSID LDS Access using their LDS Account... I haven't heard that it's only used for ... but I know why it should be used... I would just prefer to have a design where a clerk or STS doesn't have to worry about filling up IP addresses. What I see as a typical pattern in this world is this... Make a decision... Implement that decision... realize there are issues with it... local volunteer STS or Clerks can spend hours working around that issue... even if it is multiple hours... multiple times....

I'd rather envision a ridiculous scenario (2 apostles and 3 members of the seventy are in a stake center with all stake presidencies and bishoprics from an 8 stake area - the Apostle can't get on LDS Access - because there are no available IP addresses - but nobody knows that... STS/Clerks are rushed away from their families to figure it out.... announcement is made.. brethren could one or two of you turn off your phones so that Elder xxxx can get on the network)

When we have the ability to predict an ultimate scenario we should design for that... rather than a design, which to my thinking, is very 1 unit centric.... I guess we need to understand what the Church IT team wants to define as 'members having access to wireless through their LDS Accounts' means


John, I was wrong about the subnetting mask. You have a good suggestion, but we need to look at this from an enterprise level. With the 10 net addressing they put out there is maximum of 16 million IP addresses. Now with the church at nearly that many members, the allocation needs to be done in such a way that everyone is accomidated.

Now a /24, as you probably know, gives you 254 usable addresses. and a /23 give you 510 usable addresses. From an enterprise level, putting a /23 in each building is overkill and will waste a lot of IP addresses. A /23 allows you to have 65,536 networks and I'm sure that the church has more than 65,000 buildings. With a /24 you can have 131,072 networks and with a /25 you can have 262,144. So I'm sure that the IT department at the church is looking at the number of buildings and what the best allocation of IP address space is for the entire church.

My thinking was more along the lines of a /25, which would give you 126 addresses. The other thing is to question what is taking up all the IP addresses. To have 50 devices connected at one time, is in my book high. If that is the case then I think some other investigation needs to take place to see if something is taking all the IP addresses. One way to help would be perhaps to turn off the FHC computers and allow them to release the addresses.

but I think a better thing for the church to do, is to change the subnet for a building to a /25, which still would allow them to still cover 262,144 buildings. Then we, the STS, may have to come up with a different solution in order to make sure that there are enough IP addresses to go around.

Just my two cents worth.

russellhltn
Community Administrator
Posts: 20729
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Nov 16, 2011 10:45 am

The question I have is why does everyone need a church-wide unique address? I'm sure that would be nice for manging fixed assets like routers, WAPs, printers, etc. But why every wireless user? I say put them on a overlapping 192.168.x.x subnet.

I'm not sure if the routers we have will support that, but I suspect IT will have to look hard at their desire for church-wide unique addresses.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Wed Nov 16, 2011 1:08 pm

RussellHltn wrote:The question I have is why does everyone need a church-wide unique address? I'm sure that would be nice for manging fixed assets like routers, WAPs, printers, etc. But why every wireless user? I say put them on a overlapping 192.168.x.x subnet.

I'm not sure if the routers we have will support that, but I suspect IT will have to look hard at their desire for church-wide unique addresses.


Especially when, as you say, that they want users to be able to access the network. They will probably have to NAT a 192.168.x.x address at each building and use it say for wireless only. Hard wire would keep the 10 net address.

scgallafent
Church Employee
Church Employee
Posts: 1043
Joined: Mon Feb 09, 2009 4:55 pm
Location: Riverton, Utah

Postby scgallafent » Tue Nov 22, 2011 12:01 pm

JohnShaw wrote:I'd rather envision a ridiculous scenario (2 apostles and 3 members of the seventy are in a stake center with all stake presidencies and bishoprics from an 8 stake area - the Apostle can't get on LDS Access - because there are no available IP addresses - but nobody knows that... STS/Clerks are rushed away from their families to figure it out.... announcement is made.. brethren could one or two of you turn off your phones so that Elder xxxx can get on the network)


Our scenario was a stake conference using the webcast communicator. The webcast communicator was having trouble and had to be rebooted. When it finished rebooting, it couldn't get an available address because all of the mobile devices in the stake center had exhausted the DHCP pool.

In our case we solved the problem by disconnecting the access points in the building for the rest of the conference session.

lajackson
Community Moderators
Posts: 6129
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Tue Nov 22, 2011 2:23 pm

scgallafent wrote:In our case we solved the problem by disconnecting the access points in the building for the rest of the conference session.


Which we plan to do first, since our bandwidth is so small. We can barely get the actual broadcast through.

harddrive
Member
Posts: 445
Joined: Thu Jan 03, 2008 7:52 pm

Postby harddrive » Wed Nov 23, 2011 6:31 am

scgallafent wrote:Our scenario was a stake conference using the webcast communicator. The webcast communicator was having trouble and had to be rebooted. When it finished rebooting, it couldn't get an available address because all of the mobile devices in the stake center had exhausted the DHCP pool.

In our case we solved the problem by disconnecting the access points in the building for the rest of the conference session.


Why not put the webcasting on a static IP address instead of letting it get a DHCP address? That would be my plan in the future.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest