A blueprint for low cost urban wifi based on mesh technology
Transcription
A blueprint for low cost urban wifi based on mesh technology
A blueprint for low cost urban wifi based on mesh technology Paul Scollon B.Sc. IT Management 2012 Dundalk Institute of Technology A blueprint for low cost urban wifi based on mesh technology Acknowledgements Acknowledgements • My long suffering fiancée Mary, who has not only taken over the majority of our wedding arrangements while I completed this paper, but listened to me speculate endlessly about how much wireless mesh networks would change the lives of people all over the world, even though she doesn't quite see it! • Brendan Minnish, CTO at Westnet.ie for his advice on the Irish Linux Users mailing list and his subsequent participation in the interviews during Chapter 4. • Robert Henderson, ICT Operations Manager for The Convention Centre in Dublin for his participation in Chapter 4. • Chris Murphy at Image IT Group, Drogheda for his participation in Chapter 4. • Brenda at the Dundalk Chamber of Commerce for her help getting my user survey questions out to local business owners. • Martin McCourt, my project supervisor, for his endless advice and insight into the issues raised in my project. • All the other lecturers I've had over the last 3 years, who allowed me to interrupt their classes with questions and never once blamed me for the fact they couldn't login to Moodle, even though I probably did have something to do with it. i A blueprint for low cost urban wifi based on mesh technology Abstract Abstract Imagine leaving a tap running outside your business and telling people, thirsty people on a hot summer afternoon, that they are not allowed to drink this water because you pay the rates and they do not. Instead, you would rather let the water just wash away down the drain. As crazy as this analogy sounds, this is what happens in town centres every day with small businesses paying for flat rate broadband that only they use for a couple of minutes a day in total. The public cannot access this bandwidth as it is either not advertised or is encrypted in some way. Wouldn't it better if each business could share out a portion of their unused bandwidth to a larger network for customers and tourists all over the town to use? Wouldn't it be better again if customers connected to this network where informed of special offers? If visitors were directed to the nearest restaurant and able to view the menu online? All this would be possible by implementing a community mesh network using local small businesses as gateways to the Internet. A wireless mesh can be seen as a special implementation of a wireless ad-hoc network with a more planned configuration, and is usually deployed to provide dynamic and cost effective connectivity over a large geographic area like a town or city. However, urban mesh networks are not very popular in Europe, and are not even considered as a solution in Ireland. Why is this? Is it awareness? Do people know they exist? Maybe there are technical reasons why they just won't work? Or is it because most mesh projects are Open Source and are therefore dismissed as a hobby for 'nerds' or 'geeks'? This project aims to explore all facets of mesh networks, from defining what exactly they are, exploring the available technology, gathering public feedback to implementing an actual working model and making recommendations to anyone planning their own implementation. The outcome will be everything you need to know about wireless mesh and other technologies required to build a working network in your town. ii A blueprint for low cost urban wifi based on mesh technology Table Of Contents Table of Contents Abstract...................................................................................................................... i Acknowledgements....................................................................................................ii Table of Contents......................................................................................................iii List of Figures............................................................................................................ v List of Tables............................................................................................................. vi Chapters 1 - Introduction...............................................................................................1 Fictional Scenario............................................................................2 Researching the Topic.....................................................................4 Expected Outcome..........................................................................6 2 - Literature Review......................................................................................7 Defining Wireless Mesh Networks (WMNs).....................................7 Advantages of WMNs....................................................................10 Uses of WMNs...............................................................................12 Security Concerns.........................................................................14 Routing Protocols..........................................................................17 Deployment Issues........................................................................21 Conclusions...................................................................................24 3 - Technology Review.................................................................................28 Overview........................................................................................28 Wireless Mesh Networking Principles..............................32 OLSR - Our Protocol Of Choice?.....................................33 Hardware.......................................................................................37 Firmware........................................................................................46 Dashboards...................................................................................53 Content Filtering............................................................................59 Filtering with a Proxy........................................................60 Filtering with DNS............................................................66 Conclusions...................................................................................70 4 - Case Study...............................................................................................71 Overview.......................................................................................71 Survey...........................................................................................76 Interviews......................................................................................78 Site Visit.........................................................................................83 Conclusions...................................................................................86 5 - Investigation............................................................................................87 Building Your Own Mesh Network..................................................87 Configuring and Deploying Hardware...............................87 Dashboard Configuration.................................................88 iii A blueprint for low cost urban wifi based on mesh technology Table Of Contents Implementing Content Filtering........................................92 Desktop Configuration for (hidden) secure SSID............100 Adding Web Technologies............................................................106 Captive Portal Setup......................................................106 Mesh Community Website.............................................108 Other Considerations...................................................................109 6 - Results...................................................................................................115 Cost Analysis...............................................................................116 Technical Feasibility.....................................................................118 Deployment Checklist..................................................................119 Recommendations.......................................................................122 7 - Conclusion.............................................................................................127 Appendix A................................................................................................................ vi Appendix B.............................................................................................................. ix References.............................................................................................................. xx Glossary................................................................................................................. xxii iv A blueprint for low cost urban wifi based on mesh technology List Of Figures List of Figures Fig. 1. Typical Wireless Mesh Network ...................................................................................1 Fig. 2. Mesh Network utilising Solar Panels ...........................................................................9 Fig. 3. Smartdust .................................................................................................................. 14 Fig. 4. 802.1x authentication ................................................................................................. 16 Fig. 5. Optimized Link State Routing ....................................................................................19 Fig. 6. non-overlapping channels (1, 6, 11) ...........................................................................22 Fig. 7. Uses of Mesh Networking ..........................................................................................21 Fig. 8. Monitoring mesh nodes via a dashboard ...................................................................31 Fig. 9. Network plot of mesh with backbone .........................................................................32 Fig. 10. OLSR Multihopping .................................................................................................. 34 Fig. 11. Linksys WRT54g Hardware .....................................................................................38 Fig. 12. Meraki Mini .............................................................................................................. 39 Fig. 13. Open-mesh OM1P ................................................................................................... 40 Fig. 14. OM1P mesh device connected to LAN port of a standard D-Link Router ................42 Fig. 15. Firetide Outdoor 7020 .............................................................................................. 43 Fig. 16. Meshing with Firetide Hardware ..............................................................................45 Fig. 17. OpenWRT Firmware ................................................................................................ 47 Fig. 18. Upgrading Firmware on WRT54G Device ...............................................................48 Fig. 19. Freifunk Firmware .................................................................................................... 48 Fig. 20. Robin-Mesh Firmware ............................................................................................. 49 Fig. 21. Nightwing Firmware ................................................................................................. 51 Fig. 22. CloudTrax Dashboard .............................................................................................. 54 Fig. 23. OrangeMesh Dashboard .........................................................................................55 Fig. 24. CloudTrax with Google Maps plugin ........................................................................59 Fig. 25. Filtering traffic transparently with Squid/SquidGuard ...............................................60 Fig. 26. Filtering traffic transparently with Squid/SquidGuard on a mesh network ................63 Fig. 27. Using our own DNS server to cache address lookups .............................................69 Fig. 28. Outdoor Enclosure Casing for OM1P ......................................................................70 Fig. 29. Proposed positioning of Mesh APs and GWs in Phase 1 ........................................71 Fig. 30. Paths created by default configuration in Phase 1....................................................72 Fig. 31. In Phase 2 businesses in or near town centre are asked to host gateway nodes.....73 Fig. 32. In Phase 3, businesses with no existing broadband and residents...........................74 Fig. 33. APs off the main town still have multiple paths to the nearest gateway ...................75 Fig. 34. Setting max upload /download via CloudTrax ..........................................................75 Fig. 35. The Drogheda wifi is far from being a mesh, in fact it is 4 separate networks..........85 Fig. 36. Creating a new network on cloudtrax.com................................................................89 Fig. 37. Adding a new node on cloudtrax.com.......................................................................90 Fig. 38. Configuring the Public SSID.....................................................................................91 Fig. 39. Speed test from a mesh AP......................................................................................92 Fig. 40. SSH Session to the DNS Server..............................................................................93 Fig. 41. Installing dnsmasq using the APT Repositiories in Ubuntu.......................................94 Fig. 42. SSH Session to a mesh node...................................................................................96 Fig. 43. Alternate Server configuration on Cloudtrax.............................................................97 Fig. 44. Blocked Page on the mesh network as result of content filtering..............................98 Fig. 45. Private SSID configuration on Cloudtrax................................................................101 Fig. 46. Our own Secure Network Configuration Tool..........................................................102 Fig. 47. Splash Page for the Nice One Network..................................................................107 Fig. 48. Website at http://www.niceonedundalk.net.............................................................108 Fig. 49. Mobile Application (app) to view nearby nodes.......................................................110 Fig. 50. Evolution of the Mesh Potato..................................................................................111 Fig. 51. Using a grid to address where there is no coverage...............................................120 Fig. 52. Node required at grid reference A10.......................................................................121 Fig. 53. Splitting the mesh network into four to ease scalability...........................................123 Fig. 54. Sample QR Code................................................................................................... 131 Fig. 55. Application of a QR Code.......................................................................................132 v A blueprint for low cost urban wifi based on mesh technology List Of Tables List of Tables Table. 1. Nodes = 100, Packet length = 50,000 bytes ..........................................................34 Table. 2. Nodes = 100, Mobility = 30(m/s). ...........................................................................35 Table. 3. Overall performances of protocols .........................................................................35 Table. 4. Results of survey with local business owners.........................................................77 Table. 5. Total cost of deployment........................................................................................117 vi A blueprint for low cost urban wifi based on mesh technology Introduction 1. Introduction Wireless mesh networks is a recent emerging technology that realises the dream of a truly wireless world. Unlike standard wireless modems and routers, a mesh access point need not be connected to any physical infrastructure whatsoever, and can even be powered by solar panels when no power outlet exists. This allows for mesh points to be mounted almost anywhere, spreading wireless networking not just out into your garden, but down the street and even across your town or city. Mesh "nodes" are usually configured with specific firmware that allows them to interact with each other and the larger network using a process known as dynamic routing. Only one (or a few) nodes need to be physically wired to the network. Those nodes share their connection with their "wireless" neighbours, so if a node has no access to the Internet, it passes the request along to the next node, which does a similar check and so on until a gateway is found. In my project, I propose to produce a guide on how to implement an urban wifi (sometimes “WiFi” or “wi-fi”) solution using wireless mesh technologies like those described above, and investigate the practicality of such a network in a real world scenario. Fig. 1. Typical wireless Mesh Network (Jun and Sichitiu, 2008) A fictional scenario I have created for this project is detailed on the following page. 1 A blueprint for low cost urban wifi based on mesh technology Introduction 1.1. Fictional Scenario The Dundalk "Nice One Network" is a free community wireless network for shoppers in Dundalk Town Centre and is an extension of the Nice One Dundalk Campaign. Anyone with a wireless receiver in their laptop, computer or mobile device can freely access the network for casual browsing while in the town centre. Based on mesh technology, the idea is to expand the network as far as possible across the town by piggy-backing on existing Internet connections at business locations. The more locations that come on board, the faster and more dynamic the network becomes. The network is free because all components are donated by different parties based on the fact that they weren't using them anyway. Dundalk Institute of Technology, for example, kindly donated a server and some bandwidth to manage the controller software for the network, local broadband company Digiweb kindly donated one of their virtual servers to assist with the filtering of the Internet traffic, and so on. 1.1.1 Phase 1 Phase 1 is sponsored by local authorities, and involves providing network connectivity to the town centre. When complete, anyone at the centre of town will be able to connect to the Internet for free, piggy-backing on the main Internet gateway, with backup DSL connections provided by local authorities. Several 'sponsored' devices will hopefully also be placed in certain buildings/structures in the vicinity to spread the load. This will start the spread of the network down the neighbouring streets that lead to town centre. 1.1.2 Phase 2 Local businesses with existing broadband connections will be asked to donate some of their (unused) Internet bandwidth to the mesh and hook on to the connections created in Phase 1. This will create extra points and help expand the network (as 2 A blueprint for low cost urban wifi based on mesh technology Introduction well as speed it up!). It's quite simple - all that is required is for the business to install a small mesh device (a router configured by ourselves using 3 rd party firmware or an off the shelf mesh AP) for about 50 euro. It plugs into their existing router's LAN port but keeps their private network firewalled away from the mesh. It's perfectly safe, and can be switched off at any time. In return for donating some bandwidth to the project, businesses will be given an advertisement banner on the portal website, linking to their own business website, permanently. They can also have the wireless point at their business location redirect to their own website on login, if they wish. 1.1.3 Phase 3 In Phase 3 small shops without existing Internet connection and anyone living in town centre will be asked to host a standalone point. These points will hop local users off to the nearest connected points created in Phase 2 (which is how a mesh really works!). Where the signals overlap, this is where the network will be at it's strongest. These users don't get a sponsor logo on the website or a free email address, but they DO get a free wireless Internet connection on their premises for a once off fee of 50 euro. The connection for these Phase 3 units is very limited, so please note that participating in this manner is by no means a substitute for a business having their own fast broadband service. User's from Phase 2 can also use additional standalone units to expand their existing mesh points and provide coverage in previously uncovered areas. An outdoor casing is available should anyone wish to install a device in an outside area. When complete, as well as forming totally free urban wifi network, the mesh will become a self-healing entity. For example, if a business using eircom broadband suffers network outage because eircom have a technical issue, users at that point on the mesh will remain online because traffic will be continuously diverted until a mesh point is reached that is not connected to eircom eg. a Digiweb or Imagine router. Alternatively, if a node point on the mesh fails for some reason, traffic will take a 3 A blueprint for low cost urban wifi based on mesh technology Introduction different route to direct a user to the Internet. 1.2. Researching the Topic The research studies mostly available on mesh technology and chosen for the Literature Review in Chapter 2 focused on Deployment Issues in Enterprise Wireless LANs, particularly those relating to security and the high overhead involved in both deploying and maintaining such a network. Several of the source articles came from Computer Communications, The International Journal for the Computer and Telecommunications Industry, and it seems to be the main source for publication for experts in this particular field. I also investigated research by members of the Department of Computer Science, Stony Brook University, New York and several other academic sources. The main whitepaper studied was "From Applications to ROI: System Architecture for Wireless Meshes." by the Farpoint Group, but other papers were also read in some detail. The main book reviewed, and one I will be referencing throughout this project, is Hossain, E. and Leung, K, (eds), 2007, 'Wireless Mesh Networks Architectures and Protocols' New York, Springer. This book has 12 chapters by multiple authors, all experts in their field, with crucial chapter titles such as 'Channel Assignment Strategies for Wireless Mesh Networks' and 'Security Issues in Wireless Mesh Networks'. Keywords used when searching online databases were wireless, mesh, urban, deploy, routing, security, issues. The main things I would hope to achieve from the literature review are as follows: • A solid definition of what a wireless mesh network (WMN) is and what distinguishes it from a mobile adhoc network (MANET) • Some of the uses and obvious advantages of wireless mesh networks in the modern world • A list of the various routing protocols used in wireless mesh technology today and hopefully an ideal candidate for deployment 4 A blueprint for low cost urban wifi based on mesh technology Introduction • The types of security issues to consider and how best to protect against them • Deployment issues to consider and prepare for in the planned network rollout For the Technology Review in Chapter 3, I would hope to explore the different packaged solutions for building a mesh network, as well as make some comparisons between available hardware devices, firmware for these devices and web-based dashboard solutions for monitoring and controlling the devices. I need to also establish the best method for filtering traffic on the network, so a comparison of proxying versus DNS-based filtering will be necessary. In Chapter 4 I will detail some interviews with individuals working in the field of wireless technology, as well as a survey of local business users in an attempt to gauge how people feel about the overall concept and gather specific data needed later on. In Chapter 5 I will begin to document my “howto”, and start to actually build a functional mesh network. All the various components will be detailed and explained as I go. Chapter 6 is a review of the process, with a breakdown of costs encountered and a description of actual technical feasibility for such a project in the hands of nonprofessionals. This chapter will also include a checklist of what to do and in what order if building a mesh network, based on my findings. Some basic recommendations are made prior to making final conclusions. 1.2.1. Me, myself and I When possible I will try and write using first person narration, but sometimes this rule needs to be bent for contextual reasons. You will be able to carry out steps in configurations and sometimes we will see what happens next. This deviation from the normal point of view is unavoidable sometimes in this kind of paper. I have tried to use “I” in all places, but there were instances where it just did not feel right. I hope this does not interfere with the reader's experience. 5 A blueprint for low cost urban wifi based on mesh technology Introduction 1.3. Expected Outcome The outcome of my investigations will be a blueprint for anyone wishing to build a public wifi network using existing infrastructure in a scenario similar to the one described here. The 3 main parts will be cost analysis, technical feasibility and a step by step guide on how to deploy with detailed milestones and per-requirements for deployment. In addition, I have planned to build a small working model of such a network, layered on top on the DkIT wired infrastructure (simulating the business users) using 3 or 4 mesh access points, for demonstration at the end. I will provide (at least) basic content filtering for this mesh and demonstrate deployment configuration via a third party dashboard (either vendor or open source based, depending on outcome of the Technical Review). I will also be adding at least 2 SSIDs to the network, one secure and one 'open' using Captive Portal or similar – again, solutions will be determined during the Technical Review. A setup program for auto configuration of devices with complex security settings for the second SSID* will be provided. Finally, I plan to build and demonstrate a website, perhaps a “walled garden” solution only available to users on the network. This site will be critical for gathering user feedback, promoting new features on the network, informing users of security issues, displaying node information etc. I will use PHP and MySQL to build this site, technologies I am quite familiar with. If time allows, I may add Social Networking components to the site to show how businesses can use the network for usertargeted marketing and service promotion. As you can see, my project has as many practical components as it has written. Configuration files and code snips will be made available as we go. * service set identifier, a 32-character unique identifier attached to the header of packets before transmission over a wireless network, ensuring only authorised devices can connect. Although there are 2 types, the Extended Service Set Identification (ESSID) and the Basic Service Set Identification (BSSID, used in ad hoc wireless network with no access points), the ESSID is still referred to as the SSID quite often. Note that these 2 terms will interchangeable in this project. 6 A blueprint for low cost urban wifi based on mesh technology Literature Review 2. Literature Review 2.1. Defining Wireless Mesh Networks (WMNs) Wireless Mesh Networks (WMN for short) are a good example of the common phrase “necessity is the mother of invention”, which can be taken to mean “difficult problems usually give rise to ingenious solutions”. Vasseur and Dunkels (2010) state that in 1900 only 13 per cent of the world population actually lived in urban areas. By the middle of this century that number is expected to be more like 70 per cent, and remember that the world population is also increasing constantly (our 7 billionth inhabitant was recently announced). At this rate of expansion, and with public spending getting lower and lower, how can current infrastructure support such a high population, who with each generation get more and more “connected” and more reliant on Internet services and IT in general? They go on to point out that the integration of information technology with development projects can change the urban landscape, resulting in so called “smart cities” encouraging businesses to invest and promoting sustainability. This idea that wireless connectivity “on tap” will help promote business has appealed to me from the start, and if you think about it, it makes sense. The idea gets even more appealing if you consider wireless technology that is itself smart and capable of “self-healing”. Also, smart cities could take advantage of mesh technology in many other ways than general Internet use for the residents, and I'll get to that in while. So what constitutes a mesh network exactly? Moskaluk (2010) states that a wireless mesh network is made up of three or more wireless access points, all working in harmony with each other to create an interconnected electronic pathway for the transmission of data between computers. It is useful to know that 3 points or more qualifies as a wireless mesh, and I will use this assumption when it comes to the testing phase later. 7 A blueprint for low cost urban wifi based on mesh technology Literature Review A WMN however must also contain mesh routers, where the mesh routers* form a wireless backbone and interwork with the wired networks to provide multihop wireless Internet connectivity to the mesh clients (Hossain and Leung, 2007). Note, the mesh client is not the end user - the mesh APs themselves are the clients in the network. The mesh clients (or “nodes” or sometimes APs) are small devices with built in radio transmitters. They generally require power either directly from a power source or using Power Over Ethernet (POE) technology. The requirement for power does somewhat limit where the nodes are placed, but using mesh technology frees us up to put them anywhere power exists (eg. mounted on a street light) and not have to worry about network connectivity. The node will simply hop the user traffic to the next node and so on until the traffic reaches one of the backbone routers (or gateways). Other variations on the definition of a WMN include: “A WMN typically consists of a set of static mesh routers that use multi-hop transmissions to form a backbone network for facilitating communications between mesh clients”. (Pal and Nasipuri, 2011) and “In its general form, a WMN is a set of wireless nodes that can communicate with each other, forwarding each others packets. Like in MANETs, each node is both a host and a wireless router. ” (Jun and Sichitiu, 2008) * Routers in this case means Layer 2 routing, as opposed to Layer 3 routing. Layer 2 networks forward all traffic, including ARP and DHCP broadcasts. Anything transmitted by one device is forwarded to all devices. By contrast, layer 3 devices restrict broadcast traffic such as ARP and DHCP broadcasts to the local network. Layer 2 routing is therefore better for mesh networks. 8 A blueprint for low cost urban wifi based on mesh technology Literature Review So far so good – the accepted definition for what a WMN actually is matches up with what I thought it was quite well. Several of the sources have mentioned MANETs also, so best to clarify at this point what those are and how they differ from WMNs. I should also note similarities and shared technologies. MANETs are a kind of wireless ad hoc (also written “adhoc” or sometimes “ad-hoc”) network that usually has a routeable networking environment on top of a Link Layer ad hoc network. Referring back to Jun and Sichitiu (2008) and their work on proposing a new routing protocol for mesh networks, they explain that WMNs are actually an implementation of MANET (mobile ad hoc networks) rather than an alternative to it. What differentiates WMNs, they explain, is that all traffic either originates or terminates at the gateway. Also, in WMNs, nodes are neatly classified as either stationary (providing connectivity and coverage) OR they are mobile (using the coverage provided by the stationary nodes). It is assumed that in MANETs nodes can be can be in both states at the same time – they have 'homogeneous mobility characteristics'. Lastly, in WMNs, traffic flows between the clients and the Internet. In MANETs, it is more likely that any particular node is the source or destination of the traffic. WMNs are also not to be confused with WDS (Wireless Distribution Systems). WDS is a system that allows for the interconnection of multiple 802.11 access points over a wireless network. WDS is a simple point to point link. It normally will have everything on one channel, and very indeterminate behaviour (particularly if your network is cross-connected, resulting in network loops which will cause all kinds of issues). The general rule of thumb is if you are intending to provide coverage to a single building then use WDS. If it's for a neighbourhood or urban area network, then use meshing. It might be worth noting also the similarities between wireless networks and mobile phone networks. “A base station in the cellular networks corresponds to an access point in the wireless LANs, and a mobile phone in cellular networks corresponds to a client device in wireless LANs. Several of the deployment problems have been extensively studied in the context of cellular networks. ” (Chiueh, 2003). It would not be a huge leap to assume that solutions applied to mobile phone coverage in urban 9 A blueprint for low cost urban wifi based on mesh technology Literature Review areas could be applied to WMNs. I have also confirmed that WMNs are self-configuring, self-organising and selfhealing (Muogilim et al, 2011) They are also incredibly scalable, flexible and cheap to deploy (more on these advantages later). So the Literature Review has given us a clear definition of what a wireless mesh network actually is. I will now investigate if the accepted advantages of such technology are similar to those speculated upon in the introductory chapter. 2.2. Advantages of WMNs The Farpoint whitepaper reviewed (From Applications to ROI: System Architecture for Wireless Meshes, 2007) claims than urban wireless networks (or "metro-scale" wifi as they call it) have 3 key advantages, namely: • Architectural Flexibility • Application Support • Total Cost of Ownership (TCO) The TCO mentioned is interesting, and can be evaluated with variables like the the number and cost of the mesh nodes, number and capacity of wired backhaul links (originally designed to carry only voice traffic but now having to cater for high bandwidth) and non-recurring installation costs. This warrants further investigation and when I come to costs of deployment later I will probably need to revisit this material in detail. However, surely there are more obvious advantage to this technology? Referring back to the Wireless Mesh book I read: Different from traditional wireless networks, WMN is dynamically self-organized and selfconfigured. In other words, the nodes in the mesh network automatically establish and maintain network connectivity. This feature brings many advantages for the end-users, such as low up-front cost, easy network maintenance, robustness, and reliable service coverage. In addition, with the use of advanced radio technologies, e.g., multiple radio 10 A blueprint for low cost urban wifi based on mesh technology Literature Review interfaces and smart antennas, network capacity in WMNs is increased significantly. Moreover, the gateway and bridge functionalities in mesh routers enable the integration of wireless mesh networks with various existing wireless networks, such as wireless sensor networks, wireless-fidelity (Wi-Fi), and WiMAX. Consequently, through an integrated wireless mesh network, the end-users can take the advantage of multiple wireless networks. (Gungor et al. 2007) Jun and Sichitiu (2008) list the main advantages of WMNs (in comparison with traditional network technologies) as dramatically cheaper to fund and deploy, as well as the 'market coverage' (especially in and around parks, high buildings, any kind of obstruction really). They also make reference to reliability and provision for mobile user access. The literature review I carried out uncovered a fairly concise list of advantages of wireless mesh networks. The main ones are, in no particular order of importance: 1. Cost – reduced cabling can drastically reduce deployment costs for the network 2. In stark contrast to regular wireless networks, in WMNs the more nodes you rollout, the bigger, faster and more reliable your network becomes 3. WMNs rely on the same standards (802.11a/b/g) already in place 4. Convenience – mesh networks can be easily deployed where Ethernet wall sockets already exist 5. They do not depend on 'Line Of Sight'. Mesh networks will always adjust and try to find a clear path 6. WMNs are self-configuring – new nodes are automatically incorporated without the need for configuration (“zero conf”) 7. WMNs are self healing – the network always finds and uses the most reliable path 8. Mesh networks are fairly easy to install and even easier to expand as required It's also worth noting that Vasseur and Dunkel (2010) went so far as to say that mesh networks will dramatically improve the quality of life itself in the local population, and this, if true, is a very important advantage indeed. It is also one that this researcher whole-heartedly agrees with and believes in. The biggest advantage of all has got to be that wireless mesh networks are TRULY wireless (How Wireless Mesh Networks Work, 2007). Most traditional wireless APs, 11 A blueprint for low cost urban wifi based on mesh technology Literature Review even the expensive kit found in Dundalk Institute of Technology, still needs to be connected to a physical network via Ethernet cable. This usually means running and terminating cables, configuring switches etc. Mesh APs can be put anywhere as long as there is power, and some of them can even function with the use of solar or wind power (Sayegh et al, 2007) Fig. 2. Mesh Network utilising Solar Panels (http://www.jessan.com/) 2.3. Uses of WMNs The Farpoint Group (2007) firmly believe that mesh nodes are not just becoming fixtures but an expectation on a global scale. Wireless mesh networks, in their most basic form, can provide infrastructure and testing environments for research and education, public sector infrastructure and outdoor wireless access for the general population. “Typical applications are, broadband home network, enterprise network, community network, metropolitan area network, intelligent transportation network, Industrial automation network, sensor network, and emergency or rescue networks.” (Kandikattu and Jacob, 2008). 12 A blueprint for low cost urban wifi based on mesh technology Literature Review These are very general uses, so perhaps some real world examples would make the applications of WMN make a lot more sense. Real world examples come from exploring website of actual WMN projects, as well as dissecting the generic scenarios presented in some of the literature and applying it on a local level. For Dundalk, I would list the following application for a mesh network: • Shoppers and visitors to Dundalk could check their email, social media and get tourist information on the move • Local authorities could monitor the diagnostics of the town's power and water supply by installing nodes in sewerage facilities, generator stations etc. No need to dig up roads or run cabling • DkIT could broadcast the eduroam SSID (an idea that really caught HEAnet's interest when I suggested it) around town, so students and others (eg. visiting academics) could access not just DkIT services but services at their own home institute right from the centre of town Mesh can of course be used not just in towns, but in faraway, less developed places where there is no infrastructure, not even telephones or electricity. Solar powered nodes like those described by Sayegh et al (2007) would be used in these instances. Then comes the stuff of science fiction – things like “smartdust”, autonomous sensing and communication in cubic millimetre units developed and funded by DARPA due to the potential military applications of mesh-based technology (Smartdust, 2010). Imagine scattering this stuff over a battlefield and have it deliver important strategic data back to high command before sending in troops. The enemy ignore it because, well, it's just “dust”. Companies have been developing low power solutions for smartdust with in-field operations times in excess of one and a half years. They have achieved such low power consumption by combining smart and efficient power management techniques 13 A blueprint for low cost urban wifi based on mesh technology Literature Review with communication methods that impose minimum requirements on bandwidth. Fig. 3. Smartdust (http://robotics.eecs.berkeley.edu) Now imagine scattering smartdust over urban areas to achieve 100% wifi coverage. All possible in the foreseeable future. 2.4. Security Concerns No network is without security issues, and wireless networks even more so as actual “physical access” in not required. All a potential attacker needs is a wireless device (which is pretty much anything these days) some custom software and the knowhow. For this reason, an important part of the literature review is to uncover the potential security risks with wireless mesh technology. According to Zhang et al (2007), for any application (not necessarily on WMNs), the following general goals are desired to ensure security. 1. Confidentiality or Privacy: The communication between users must be secure 2. Integrity: The paths must be protected to ensure the messages are not altered 3. Availability: Applications should provide reliable delivery of messages 4. Authentication: There should be some processes to identify the user to prevent fabrication 5. Authorisation: There should be mechanism to ensure users have the correct 14 A blueprint for low cost urban wifi based on mesh technology Literature Review permissions 6. Accounting: Some process should be able to measure the resources the user consumes The shared nature of wireless, the absence of a globally trusted central controller, and the lack of any physical protection of mesh routers pose the main challenges for securing a WMN. Kandikattu and Jacob (2008) are convinced that without some pre-established security associations, especially over wireless and dynamic connections, building low-cost secure network is still a challenge, and will be for some time. Some of the immediately obvious security issue with mesh technology are worms and viruses (as all devices belong to different users and no form of Network Access Control is used) and nodes being compromised by unverified router information and network status messages. A not so obvious security concern is actual physical damage, accidentally or through an act of vandalism. Further reading, particularly the work of Muogilim et al (2011) reveals a multitude of security concerns, almost enough to put you off building a WMN at all! They range from the common Denial of Service attack (DoS) and the even worse Distributed Denial of Service attack (DDoS) to signal jamming (an attacker jams the interface of a transmitting or routing node on the physical channel) to forging, where the attacker forges network notification messages and broadcasts incorrect notification about the network status. Some of the techniques discussed are just plain nasty, but also quite ingenious and not to be ignored. Here is a list of other types of attack not mentioned already: • Batter exhaustion attacks • Wormhole attacks • Blackhole attacks • Location Disclosure attacks • False message attacks • Rushing attacks • Resource depletion attacks 15 A blueprint for low cost urban wifi based on mesh technology • DNS Spoofing • Route cache and Table Overflow Literature Review and there are probably more. While the security of WMNs is a fairly new research topic, there are still very obvious ways to secure at least the user session. 802.1x authentication is a good candidate, where the network is secured using EAP/PEAP encryption with MSCHAPv2 and Radius Authentication. Server side certificates prevent rogue APs pretending to be gateways, resulting in a very secure network where the user does not need any extra software or even a copy of the certificate installed. Fig. 4. 802.1x authentication However, the downside of this is that your radius server usually points at a directory system (Active Directory, eDirectory or maybe OpenLDAP), but in an urban wifi network, advertising free public access, how do we know who our users actually are? How do we issue them with passwords and ensure their laptop is configured correctly for WPA2 (not so easy on Windows, but I have recently researched this and I will present solutions later on in the project) and 802.1x? 16 A blueprint for low cost urban wifi based on mesh technology Literature Review A proper urban mesh should have 2 SSIDs really, one for public access secured by a Captive Portal solution (not so secure, but the user will be made aware of this) and one for use by public officials and emergency services, secured using WPA or WPA2. All other security will need to be handled behind the scenes, using firewall scripts on the nodes themselves and inside the actual routing protocols chosen for the WMN. So a list of all security measures to investigate during such a project would look like the following: • Authentication • Cryptography and Encryption • Firewall (either hardware of software) • WPA or WPA2 • AES (not TKIP, it's no longer considered secure) • Intrusion Detection • Access Lists • Mesh Security Management Software I have also concluded that a secure MAC layer would be a really good idea as it would ensure that all traffic from the mesh network is authorised, and that perhaps, if possible, a traffic engineered multi-protocol solution would safeguard against all the issues listed. 2.5. Routing Protocols Zhang et al (2007) claim that in WMNs, the data travels via multiple wireless hops from the source node to its destination. The routing protocols for WMNs are designed to achieve 3 main functions: 1. Self-configuration of the routing tables. 2. Self-adaptation to changes in the wireless link quality. 3. Maximised performance metrics such as end-to-end delay, throughput and packet loss rate. 17 A blueprint for low cost urban wifi based on mesh technology Literature Review The routing protocols for wireless ad hoc networks have very similar requirements such as routing through wireless multihop links, self-configuration and selfadaptation. Without proper protection, the routing mechanisms on a WMN could be attacked by either external or internal attackers (like those listed earlier), so choice of routing protocol plays a part in security as well all the above listed functions. Also, routing protocols have to be designed with security in mind, not just quality and delivery of service. OLSR, An ad hoc wireless mesh routing daemon and probably the most commonly used, is based on the Inria (the National Institute for Research in Computer Science and Control in France) implementation, and it is an optimised link-state, table-driven protocol originally designed for MANETs. It is a proactive link-state routing protocol, using HELLO and topology control messages to discover link state information on the network. Individual nodes use this topology information to calculate next hop destinations for all nodes in the network using shortest hop forwarding paths. OLSR is a good candidate for wireless mesh networks for the following reasons: 1. Routes to all destinations within the network are available within the standard routing table 2. The routing overhead generated does not increase with the number of routes 3. Default and network routes can be injected into the system allowing for connection to the Internet or other networks 4. Timeout values and validity information is contained within the messages conveying information allowing for differing timer values to be used at differing nodes However, the original definition of OLSR does not include any provisions for sensing of link quality and assumes that a link is up if a certain number of HELLO packets have been received. This is no good. Enter the B.A.T.M.A.N. (Better Approach To Mobile Adhoc Networking) routing protocol (http://www.open-mesh.org), under development several years now and intended to replace OLSR. A version of B.A.T.M.A.N. is also implemented in RobinMesh, a popular, easy-to-use open source firmware for small, widely available routers such as the Linksys WRT54G series and the Open-Mesh OM1P (more later). 18 A blueprint for low cost urban wifi based on mesh technology Literature Review This researcher has had experience with several flavours of Robin in the past, particularly as the previous version of the DkIT wireless network was built using WRT54GL routers, and we looked into implementing mesh using the Robin-based Freifunk firmware at one point. I also must confess to having played with the OpenMesh OM1P devices in preparation for this project. So let's say I like OLSR, and to be more specific, it's intended successor B.A.T.M.A.N. (disregard Robin for the moment). Does this protocol tick the boxes for the 3 functions specified earlier? Remember, the ideal candidate must be selfconfiguring, self-adapting and maximise all available performance metrics while retaining a decent level of security. Koksal (2008) shows how to define a relay-quality aware routing as an extension of OLSR easily, partly due to it's proactive routing scheme. He conforms that OLSR involves regular exchange of topology information among network nodes and employs designated nodes called Multi Point Relays (MPRs) to facilitate controlled flooding of topology information. He then suggests that MPRs are also the sole constituent nodes in the route between any source-destination pair in the network. Fig. 5. Optimized Link State Routing A Neighbour Table at each node stores the information about the one-hop neighbours. Upon receiving a HELLO message, a node creates or updates the neighbour entry corresponding to the node which sent the message. This is an example of self-configuration. The routing table is evaluated based on the connectivity information in the neighbour table and topology table. Shortest path algorithm is employed for route calculation 19 A blueprint for low cost urban wifi based on mesh technology Literature Review and each resulting route consists of the destination entry, the next node up and number of hops to the final destination. This seems like a good example of selfadapting. Finally, according to Koksal, based on the information obtained from the HELLO message, each node in the network can selects a set of nodes amongst its symmetrically-linked neighbours, helping to control the flooding of broadcast messages. This set of nodes is the Multi Point Relay set. The neighbours of the node which are not in its MPR set, receive and process broadcast messages from the node, but do not retransmit them. The MPR set is selected such that it covers all the nodes that are two hops away. This demonstrates sufficient maximisation of performance metrics, in my opinion. Also, it's worth pointing out that OLSR's derivative B.A.T.M.A.N. improves on this yet again by completely replacing the OLSR pro-active routing (requires every node in the network to calculate the whole routing path). B.A.T.M.A.N. nodes compute the next hop ONLY. To wrap it all up and settle on an OLSR-based protocol (and therefore B.A.T.M.A.N or some implementation of Robin) as the ideal candidate for the WMN, I need to just check some facts on it's regard for network security. OLSR is actually highly vulnerable to attacks directed at availability, DoS attacks for example. An attacker could launch OLSR packets containing false information in large amounts. This could lead to a situation where processing of this data could claim all resources on the receiving nodes, leaving them not able to handle any other tasks. Eventually the OLSR service could crash leaving the node not available. Andreas Hafslund et al (2004) suggested an extension to OLSR that uses timestamps. This is great, as it allows us to positively identify delayed messages thus preventing nodes from repeating old (and correctly authenticated) information. The work of Andreas Hafslund would be referenced frequently over the next decade by those studying 'Trusted Routing' in OLSR MANETs, and would be the basis for the B.A.T.M.A.N. project. 20 A blueprint for low cost urban wifi based on mesh technology Literature Review Yet another project, the wonderfully named (and very recent) BatCave, extend the B.A.T.M.A.N. routing protocol so routing advertisements are only accepted from authorised stations in the network. They propose using either pre-configured or short-lived certificates to identify and verify clients - useful if say, you wanted to secure your network for emergency services use only. I feel it is now safe to say that OLSR or a derivative is a good protocol choice for my deployment and should be fully investigated in the Technical Review (next chapter). However, I should point out here that security is really NOT the job of the routing protocol. Sure, the protocol of choice should be secure, but this is NOT the same thing. Proper wireless security like described in Section 2.4 is still required. 2.6. Deployment Issues Finally, I would like to uncover the common deployment issues, the 'caveats' that I will need to consider when deploying the network. Although a popular and much discussed idea, in the bigger picture enterprise level deployments of WMNs are fairly limited, if not non-existent if you look at Ireland. Raniwala and Chiueh (2003) attribute the initial slow uptake to the fact that the original implementation of 802.11 failed to fulfil the promise of pervasive connectivity and mobility. Their studies however concentrate not on the WHY but the on the WHERE and the HOW – where to place access points and how to configure their various parameters. It's hard to balance the WHERE part, and this is where many deployments fail. Placing too many nodes not only has a major effect on your budgets costs but technically can lead to unwanted interference. Also, many projects fail to consider another big part of the urban landscape, the human traffic element. Kim et al (2009) give an example of how on a congested street nodes cannot travel at their desired speed. Furthermore, the location of streets, hallways, etc. restricts the position of nodes, and traffic lights impact the flow of nodes. Finally, people do not wander the simulated region at random, rather, their mobility depends on whether the person is at work, at lunch, etc. There's an awful lot of variables there and some very complex 21 A blueprint for low cost urban wifi based on mesh technology Literature Review study to be done to get it right. The second big problem is what is known as the 'overlapping channel problem', something I have had personal experience with. How do we know which channel to use for which node? And how to avoid overlaps? To effectively assign node channels, proper planning of nodes location is required. It's important to have enough access points to provide adequate signal coverage throughout the area, but we also need to make sure that access points are far enough apart so that you'll be able to assign non-overlapping channels (eg. channels 1, 6, and 11) to nodes that are within range of each other. As a result, it's considered crucial to perform an RF (radio frequency) site survey before assigning access point channels. Fig. 6. non-overlapping channels (1, 6, 11). In reality, there are actually 5 channels that can be used with minimal issues due to overlap - 1,4,8,11,13 Altogether I have identified 6 key issues when deploying a wireless mesh network: 1. AP Placement - the primary goal is coverage. The placement of nodes is a governing factor, with high user density areas requiring more coverage than others. 2. AP Configuration - several parameters need to be set to ensure optimal performance. The overlapping channel problem form earlier needs to be carefully considered. 3. Physical RF Site Survey - a painstaking but necessary step if you are building a network from scratch. Raniwala and Chiueh (2003) define a site survey as measuring 22 A blueprint for low cost urban wifi based on mesh technology Literature Review network performance at various locations and finding coverage and performance issues. 4. Security Provision - often cited as the main reason for failure on large scale deployments. These concerns can be overcome if using modern standards like 802.1x rather than older compromised security methods. Also, see the previous section on choice of routing protocols. 5. Mobility Support - this is concerned with the ability to keep a session live while the user moves about the network. Mobility needs to be supported at 2 distinct levels, the link layer and IP layer. 802.11 supports link layer mobility by switching users over to newer access points, but for mobility across subnets we need to be more careful. 6. Quality of Service (QoS) - the age old problem. We need to ensure that one user FTPing a large file or streaming media does not hog the bandwidth for everyone else. I have also identified 6 key steps to a deployment plan. Note that these steps do not necessarily align with the 6 issues identified earlier (but some do). • Designating Coverage Areas • Capacity Planning • Coverage Planning • Preliminary AP Positioning • Channel Allocation • Physical RF Site Survey All literature reviews in the area of WMN deployment can very quickly descended into incredibly mathematical and scientific jargon, language way beyond the understanding of this researcher. I obviously am not an outstanding mathematics student, so for the most part I will be steering clear of mathematics and scientific notation in the main project. It is suffice to say that most of this work will be taken care of for me either by the chosen routing protocols, the firmware implementing the protocol and any third party, GUI-based tools I may use for planning and monitoring out network. Remember, the deployment as described in 1.1.1 – 1.1.3 is a very different twist on 23 A blueprint for low cost urban wifi based on mesh technology Literature Review the regular WMN deployment. The underlying infrastructure is already in place in the form of the various businesses that will participate and their existing broadband connections. The site survey will involve mostly deciding which of these locations would make the best gateways. The network engineers are not really going to be in position to move nodes around to their pleasing, or else the plan falls apart. However, even though I cannot fully control AP Positioning, I am very much in control of AP Configuration as I intend to add my own devices into the mix, and leave the business routers untouched. I can also do my best to cater for mobility, security and QoS, with careful planning. 2.7. Conclusions This Literature Review has uncovered some important new information and confirmed some facts I already suspected. It has helped to make several design decisions ahead of the next phase, namely: 2.7.1 General Design Decisions Each of the mesh points must meet the following requirements: • It must be low cost and affordable • It must be robust • It must not require any configuration and be installable business owners or residents with no training • It must be manageable by non-trained business owners and remotely accessible if necessary • It must provide a connectible signal indoors without additional equipment • It must be able to let people know when there is a problem (such as being unplugged) 24 A blueprint for low cost urban wifi based on mesh technology Literature Review 2.7.2. Routing Protocol The routing protocol of choice will likely be OLSR or an OLSR-based protocol like B.A.T.M.A.N. In version 3 of B.A.T.M.A.N., a computer or router running that protocol can be deployed on a central point, like a church or another high building, and have several wired or wireless network interfaces attached to it. When so deployed, B.A.T.M.A.N. can relay network data in more than one direction without any retransmission delay. Announcing devices not running B.A.T.M.A.N. themselves has also been included in this version, which is useful. For this reason, further investigation into the advantages and disadvantages of both protocols is required. It is likely the functionality of whatever the chosen routing protocol is will be hidden below the choice of firmware and network management console (dashboard). 2.7.3. Hardware B.A.T.M.A.N. (and OLSR for that matter) can be deployed in many forms on many devices, including the Open-Mesh project 'open hardware' devices OM1P or OM2P (802.1n compatible). It can also be used on WRT54 series routers from Cisco (they have 4mb of RAM and are powered by a Linux kernel which can be replaced). One of these 2 devices or something similar will be used, depending on the outcome of the Technology Review later. 3.7.4. Security No matter which hardware is decided on, wireless security is required, with a tradeoff between ease of use and protection to be considered. Ideally, I might use a captive portal based solution for casual users (e.g. Dundalk Shoppers) on one SSID, and perhaps a secure WPA or WPA2 (AES) encrypted SSID, non-broadcasting, for public workers to access when required. Something not brought up anywhere in the literature review is how to filter the traffic on the network. Sure, this is not high priority for functionality, but if you review the 25 A blueprint for low cost urban wifi based on mesh technology Literature Review proposed scenario, it would be incredibly bad for there to be free, easy to access pornographic material accessible to thousands of school children in town centre at lunchtime every day. It would be worse again if the network providing the questionable content is to be part funded by local business owners, part funded by local authorities. Imagine the headlines! I should look into a solution later using a Squid based proxy server with transparent redirects (perhaps using iptables) or else investigate DNS filtering solutions that I could implement myself. 2.7.5. Dashboards & Device Firmware Of course, the 2 main pieces of software is the firmware on the nodes themselves and the software to control/monitor the nodes. Firmware options include: • Freifunk • Robin • Nightwing (another Batman character!) Although I have a preference for Robin, and some experience with it and Freifunk, Nightwing is completely new to me. It promises both Captive Portal and WPA2 security, DNS filtering using OpenDNS servers, and improved security. I will have to have a closer look at this firmware and make comparisons between it, Robin and other contenders in detail if at all possible. Dashboards, the web-based control panel for managing the network, come in even more variations. The major contenders are: • CloudTrax • OrangeMesh • J.O.K.E.R. (keeping with the Batman theme) • Robin-Dash Some of these projects are unmaintained, others are practically dead but their 26 A blueprint for low cost urban wifi based on mesh technology Literature Review source is still available via CVS. CloudTrax is the official dashboard of the OpenMesh project, and is based on Robin-Mesh. It obviously will work quite well with the Robin firmware. Orangemesh is a good alterative to CloudTrax, and is completely open source, allowing to users make any changes they want as required. J.O.K.E.R. (JOomla KEeper for Robin) is interesting as I will likely use the Joomla CMS for the customer web portal. It claims support for 802.1x and use of your own Radius server. This concludes the Literature Review. I have accomplished the following to date: 1. Defined Wireless Mesh Networks and touched on MANETs and WDS 2. Listed the advantages of WMNs and applied them to my scenario 3. Listed the uses of WMNs and suggested some extra ones 4. Raised some security concerns and made recommendations 5. Discussed Routing Protocols and introduced B.A.T.M.A.N. the Better Approach To Mobile Adhoc Networking 6. Discussed some possible deployment issues, including overlapping channels 7. Concluded the Literature Review and listed some possible candidates for Technical Review based on the previous steps 27 A blueprint for low cost urban wifi based on mesh technology Technology Review 3. Technology Review 3.1. Overview As already discussed, mesh networks are the next big thing for providing wireless Internet coverage to hard to reach areas such as town centres and country villages. They can be used for casual Internet access (public users, tourists), local authorities (emergency use, maintenance) or a combination of both. Fig. 7. Uses of Mesh Networking (http://www.firetide.com/) Meshes work by using the hardware nodes themselves to relay data packet on to other nodes in the mesh. The nodes can be powered by small adapters, over Ethernet using POE (Power Over Ethernet) or from an external source such as wind or solar power. Nodes may also be stationary (attached to buildings or streetlights) or mobile (on a train or bus). These types are represented in the above diagram. 28 A blueprint for low cost urban wifi based on mesh technology Technology Review Namely, the types are: 1. Node mounted on streetlight in outdoor area with no buildings in vicinity. Likely powered by solar panel. 2. Node mounted on top of building. AC adapter or POE power recommended, depending on eight of pole. 3. Node hosted inside moving vehicle. Likely using vehicles internal electrics or a battery source. 4. Node hosted inside a building. Use AC adapter. Algorithms (managed by the protocol) keep track of the mesh's configuration as it changes, and determine how to route packets from node to node. The big advantage here is that a mesh can form one, single LAN way beyond the normal range of wireless Ethernet. It also acts as it's own backhaul*, because as long as one node has access to the Internet, ALL nodes have access. With a mesh network covering your town centre, there is no need to run fixed Ethernet around or have a wireless AP attached to a building. Imagine the red dotted lines, representing wireless traffic in the previous diagram (Fig. 7), were actually category 5 Ethernet cable. That would not be very practical at all, would it? In fact, if you factor in the moving vehicles, it would be impossible. In a mesh, you simply configure one (or more) access points as a gateway, and the rest can share that connection over the wireless on to the Internet. Configuration and monitoring of nodes is done via your mesh dashboard. This solution is ideal for providing broadband to a large, outdoor area. * The backhaul portion of a network is the intermediate links between the core network and the small subnetworks at the "edge" of the entire hierarchical network. In a wireless environment, backhaul can also refer to the transmission of network data over an alternative wireless route when the normal route is unavailable. 29 A blueprint for low cost urban wifi based on mesh technology Technology Review My idea involves finding a low cost solution to providing wireless broadband in the town centre. The network should not belong to any one body, it should be a community network made up of units bought by different businesses with backhaul services provided by local authorities and other services donated by larger business and maybe the local college. I have already investigated the feasibility of the scenario, and it is very possible. What needs to be solved though is the technological aspects – the perfect hardware and software solutions with the right trade-off between cost and reliability/maintainability. In this chapter I will review open source alternatives to the following required components of the mesh network: • Hardware – available models, unique features, cost? • Firmware – what is available, feature comparison, is the project maintained? What is the protocol used? • Dashboard - ease of use, features, compatibility I will also investigate an all-in vendor based solution (namely Firetide) as in order to stay objective all alternatives should be investigated. Should we choose a 3rd party dashboard for monitoring and configuration of the network, Dundalk IT has offered to host a server for this within their DMZ, with a publicaly accessible IP address to use in the network configuration. 30 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 8. Monitoring mesh nodes via a dashboard (http://www.gi-link.com) Finally, with content filtering being considered from the start, I will compare DNS Based Filtering with a HTTP Proxy solution to determine which is the best solution and which will integrate easily with the final project. Local broadband provider Digiweb have kindly donated a business class Linux server for me to host the final solution on if the project were to be realised, so I will actually implement the chosen solution and demonstrate it at the end of the project as if this were the case. 31 A blueprint for low cost urban wifi based on mesh technology Technology Review 3.1.1. Networking Principles of a WMN Building on the discoveries in the previous Literature Review, it is important to note the following for the Technology Review from Johnson et al (2007): • Communication between mesh nodes are based on Wi-Fi radios (IEEE 802.11 a/b/g) attached to directional or omni-directional antennas. • Each node in the WMN should have the same ESSID (name) and BSSID (number) - the BSSID should be fixed to prevent partitioning of the wireless network. • In an ideal WMN, each node should be able to “see” at least two other nodes in the WMN. This allows full fail-over in case any node goes out of commission (e.g. due to a hardware failure or power failure). Fig. 9. Network plot of mesh with backbone 32 A blueprint for low cost urban wifi based on mesh technology • Technology Review No non-mesh wireless device connects directly to a wireless mesh node (mesh nodes provide a wireless back-bone). This infrastructure is considered critical infrastructure and should be managed for the highest availability as the rest of the network depends on the availability of each node. • All nodes in the WMN will operate on the same channel (frequency). • All radios should be set to ad-hoc mode (not client mode or AP mode). • Each IP address in the mesh network should be unique to allow any computer in the network to connect to any other computer in the network. • One or more mesh nodes may be connected to a specially prepared node linking into a distant network. This node may also be a mesh node, but will not be configured the same as the local mesh nodes. • A mesh routing protocol (OLSR maybe?) will route IP traffic between the wireless interfaces of the mesh nodes. The protocol learns the potential routes by listening to the routing information exchanged in the network and maintains routing tables dynamically. This feature provides routing faulttolerance by providing an alternative route when a node fails, if one is available. 3.1.2. OLSR - Our Protocol Of Choice? While I still need to decide on specific hardware, firmware and a dashboard for the mesh network, the choice of Routing Protocol was indicated during the Literature Review. It is very obvious at this point that OLSR (Optimized Link State Routing Protocol) is by far the best choice and any hardware or firmware we choose must support this or one of it's forked projects. I already justified this decision in the Literature Review, but here's a recap of the technology and a more detailed breakdown for this chapter's purpose. OLSR is a routing protocol optimised for mobile ad-hoc networks and mesh networks 33 A blueprint for low cost urban wifi based on mesh technology Technology Review such as the one proposed by this project. OLSR is essentially a proactive link-state routing protocol, using HELLO and topology control messages to discover and extract link state information on the network. Each node can use this topology information to calculate next hop destinations for all nodes in the network. Fig. 10. OLSR Multihopping (http://tldp.org) Host and network association (HNA) messages are used by OLSR to disseminate network route advertisements in the same way TC (topology control) messages advertise host routes. OLSR is highly scalable. It has been known to run on community wireless mesh networks with 2000+ nodes with no degradation in performance. Table 1 and Table 2 give a summary on performances of the 2 most popular routing protocols (OLSR and it's derivative B.A.T.M.A.N.) in which "1" denotes the best performance and "3" denotes the worst performance. Parameter Packet Delivery End to End Delay Routing Load Throughput Ratio (PDR) Protocol BATMAN 2 3 3 3 OLSR 1 1 1 2 Table. 1. Nodes = 100, Packet length = 50,000 bytes (http://www.ijetae.com ) 34 A blueprint for low cost urban wifi based on mesh technology Parameter Packet Delivery Technology Review End to End Delay Routi g Load Thro ughput Ratio (PDR) Protocol BATMAN 2 2 3 2 OLSR 1 1 2 1 Table. 2. Nodes = 100, Mobility = 30(m/s) (http://www.ijetae.com) According to Sandhu and Sharma (2012), OLSR performs best because OLSR has shorter delay. B.A.T.M.A.N. (Better Approach To Mobile Adhoc Networking) would seem to have better performance when mobility increases, but still a lot less than OLSR itself. Maximum number of nodes with Maximum Packet length. OLSR > BATMAN Maximum number of nodes with Maximum Mobility. OLSR > BATMAN Table. 3. Overall performances of protocols Since OLSR is on layer 3, it is also highly portable. However, does this not contradict what was said at the start of the Literature Review chapter about Layer 2 routing being better for mesh networks? In reality, most wireless mesh devices offer a Layer 2/Layer 3 hybrid implementation, which highlights the positives from both technologies and does away with the shortcomings, such as Layer 2′s lack of scalability and Layer 3′s latency. Take for example Firetide’s mesh technology. Their hardware (which we will review shortly) looks like a Layer 2 switch to the outside world. But internally it uses a Layer 3 approach to deliver the packets from an injection point of the mesh to an exit point. This hybrid approach makes the wireless network more scalable as well as greatly enhances its performance. I also hinted in the last chapter that OLSR alone might not be enough for a mesh network due to it's susceptibility to DoS attacks, and that the more 'trusted' routing protocol B.A.T.M.A.N. would be a smarter choice. But is one really better than the 35 A blueprint for low cost urban wifi based on mesh technology Technology Review other? After much research on the subject, I no longer think so. Let me explain. Until recently, differences between B.A.T.M.A.N. and OLSR were seriously tainted by significant hardware differences that would cast doubt into any results. The theory on why OLSR may perform better (see previous tables) and, surprisingly, provide significantly better range between nodes and from nodes to clients, is that it is not as "noisy" as the currently implemented version of B.A.T.M.A.N. In other words, the fundamental design of each of the two protocols is such that B.A.T.M.A.N. sends out more packets per minute to discover and maintain the mesh then OLSR does. This saturates the airwaves with junk that leaves little room for actual data. More saturation leads to greater packet loss, which degrades the system as a whole. However, and crucially, the memory requirements of OLSR have been shown to increase at a far sharper rate than B.A.T.M.A.N. due to its need to store complete routing tables for the whole network (Johnson et al, 2008). So performance between the 2 is a trade-off really. What about security then? Ultimately, either protocol is pretty vulnerable to malicious nodes as neither depends on a central authority. The thing about central authorities is the assigning IP addresses. This is not an OLSR issue as OLSR says nothing about how to assign IP addresses to routers (you need some external system to do this). OLSR simply lets these routers find routes amongst themselves without talking to a central authority. B.A.T.M.A.N. also doesn't say anything about how to assign IP addresses to routers as it operates below IP (Layer 3), and routes based on MAC addresses. However, because it's layer 2, it allows us to slip DHCP in there - even a malicious DHCP server. If you set the lease times very high on such a server, the problem would not get resolved very quickly. As both OLSR and B.A.T.M.A.N. have their good points and their bad points, I would like to have the best of both worlds. This is where R.O.B.IN comes in (the name is interchangeable with the previously mentioned Robin-Mesh). R.O.B.IN is an open source wireless mesh project for the OpenWRT (sometimes “OpenWrt”) operating system - an embedded Linux operating system for Linksys 36 A blueprint for low cost urban wifi based on mesh technology Technology Review WRT54G and other devices. OpenWRT/R.O.B.IN is central to the Open-Mesh project and runs on a number embedded architectures with the Atheros AP51 chipset. R.O.B.IN supports BOTH protocols, OLSR and B.A.T.M.A.N. R.O.B.IN stands for “routing OLSR and BATMAN inside” and it is hopefully going to allow the use of either or both popular mesh protocols in our finished project. 3.2. Hardware There are several contenders for hardware choice when building a mesh network. Linksys WRT54G The Linksys WRT54G (and variants WRT54GS, WRT54GL, and WRTSL54GS) is a home wifi gateway from Linksys (now owned by Cisco) costing about 50 euro. The devices have two removable antennas* connected through Reverse Polarity TNC connectors (larger 7db antennas can be attached in their place). It's a powerful device, with 16 MB of RAM and 8 MB of Flash memory. Since most firmwares only use up to 4 MB flash, a JFFS2-based read/write filesystem can be created and used on the remaining 4 MB free flash. After Linksys was required to release the WRT54G's firmware source code under terms of the GNU General Public License, there have been many third party projects enhancing that code as well as some entirely new projects using the hardware in these devices. Three of the most widely used are DD-WRT, Tomato and OpenWRT. Linksys released the WRT54GL in 2005 to keep for support third-party firmware based on Linux, after the original WRT54G line was switched from Linux to VxWorks. The units also use a 32-bit MIPS architecture processor, manufactured by Broadcom. * “Depending on the used technique, multiple antennas can provide power, diversity and multiplexing gain and therefore increase the transmission range, reduce the transmitting power, mitigate interference, increase channel reliability and increase data throughout.” (Raniwala. A. and Leung, 2008) 37 A blueprint for low cost urban wifi based on mesh technology Technology Review I have extensive experience with the WRT54GL variant of this device, as we used it in conjunction with OpenWRT firmware here on DkIT campus in our previous wireless network. I have taken 3 or 4 of the decommissioned units and tested them in a mesh configuration using the Freifunk firmware. Depending on the used technique, multiple antennas can provide power, diversity and multiplexing gain and therefore increase the transmission range, reduce the transmitting power, mitigate interference, increase channel reliability and increase data throughout. The hardware has a very high range, especially when used with the 7db antennae. Having 4 LAN ports on the unit is a unique feature to this hardware over other mesh hardware on review. The key features are: • Security Features: Stateful Packet Inspection (SPI) Firewall, Internet Policy • Enhanced Internet Security Management Functions including Internet Access Policies with Time Schedules. • Easily flashed with 3rd Party Firmware • Moulded plastic casing is stackable with other similar devices Fig. 11. Linksys WRT54g Hardware 38 A blueprint for low cost urban wifi based on mesh technology Technology Review A good solid piece of hardware with nice features and great range, but unfortunately not weather-proof and no outdoor casing is available. No known POE solution either. Good for an internal mesh network, but probably not ideal for use in an urban environment. Meraki Mini In early 2007, the US-based firm Meraki (http://www.meraki.com) launched a mini wireless mesh router, the "Meraki Mini". It claims speed of up to 50 megabits per second and the 802.11 radio within the unit has been optimised for long-distance communication, providing coverage over 250 metres. This is a good example of a single-radio mesh network being used within a community as opposed to multi-radio long range mesh networks that provide multi-functional infrastructure. The unit could be flashed with 3rd party software to enable network enthusiasts to experiment with the meshing capability of the hardware. The firmware uses the SrcRR routing algorithm to determine the highest throughput routes between the hardware devices. Fig. 12. Meraki Mini Each device periodically broadcasts, and all other devices in range will report their routes. Then the devices use that information to route packets to the nearest gateway. Only about one in ten repeaters needs to be physically connected to the Internet for the mesh design to work well. It then searches for other nearby Meraki 39 A blueprint for low cost urban wifi based on mesh technology Technology Review nodes and advertises itself. Recent business decisions at Meraki have thrown their original promise of community based wireless mesh networks promise off course, leaving the field open for projects like Open-Mesh. In early 2008 the company introduced a more restrictive EULA (End User License Agreement) covering sales of new equipment requiring that, "Meraki Hardware may only be used with Meraki Software", effectively shunning the open source community and prohibiting reverse engineering, adding, removing or otherwise altering the software on the device. Shortly after the new EULA was imposed, Meraki sent an unsolicited firmware update to their units in the field which disabled future firmware updates by customers and grinded all research into extra mesh features on these devices to a halt. To add insult to injury, the price of the units (originally about 50 euro) then shot up to 150 euro, putting them outside most people's price range. This signalled the end of the Meraki Mini for most people. While still available to buy, I did not actually test this hardware for the above listed reasons. Open-Mesh OM1P The OM1P is an ultra-low cost (50 to 60 euro) professional wireless mesh router ideally suited for providing robust Internet coverage just about anywhere you need to share a connection. Examples include hotels, apartments, neighbourhoods, coffee shops, shopping malls etc etc. Fig. 13. Open-Mesh OM1P 40 A blueprint for low cost urban wifi based on mesh technology Technology Review Each router is an access point, mesh gateway and repeater all in one tiny reliable package (about the size of a cigarette box). From the earlier reading in the previous chapter, remember the differences between these: • Access Point - A device that allows wireless devices to connect to a wired network using wifi standards. Traditionally, an access point usually connects to a router (via a wired network), and can relay data between the wireless devices and the wired devices on the network. However, in a mesh configuration access points are not necessarily connected to any other device physically. • Gateway – Like an access point, but is always connected to a point on the physical network, thus allowing traffic from the access points out to the Internet. Gateways also act as access points. In one possible setup, gateway units could be OM1P devices connected to the LAN port on the business router, just like any other laptop or PC on the premises. An internal firewall keeps traffic on the mesh completely separate to traffic on the internal network of the business. • Repeater - When two or more hosts ought to be connected with one another over the IEEE 802.11 protocol and the distance is too long for a direct connection to be established, a wireless repeater bridges the gap. In this sense mesh access points also act as repeaters. The OM1P is also two networks in one with both open (public) and secure (WPA) encrypted SSIDs so you can share a connection without sharing your data. The device includes a hardware watchdog chip that will restart the router should it lock up due to environmental or power spikes or short outages. There is also an outdoor casing available for the unit so it can be weather-proofed, and each of these casing comes with a POE Injector so the units can be as far from the nearest network point as your CAT 5 cable will stretch. This allows for mounting units on the front of the building, a nearby lamp post etc. These units come pre-configured with ROBIN Firmware and can be controlled via the CloudTrax dashboard almost immediately (see http://www.open-mesh.com). Initial tests with these units were very favourable, and a small test network was up 41 A blueprint for low cost urban wifi based on mesh technology Technology Review and running in no time as I did not need to “flash” the devices with any 3 rd party firmware to achieve the desired results. Key features include: • Zero Config / Plug & Play • Self Forming / Self Healing Mesh • Hardware Watchdog Chip • Free Online Hosted Management • Open Source firmware • Open Source Dashboard options Just plug one router into any available Internet connection (wall panel, eircom router, network swich etc). Then place additional routers around the area you want to cover. Each will repeat the wireless signal extending the range by up to 150 feet and give virtually everyone “5 bar" coverage. There is also a new OM2P which caters for 802.1n with built-in PoE support and dual Ethernet ports. Fig. 14. OM1P mesh device connected to LAN port of a standard D-Link Router. The yellow cable is this router's outgoing connection to the Internet via the chosen ISP 42 A blueprint for low cost urban wifi based on mesh technology Technology Review Firetide Outdoor 7020 The only non-open source solution on review is mesh hardware from US company Firetide. According to their website (http:/www.firetide.com) infrastructure mesh technology from Firetide provides municipal, industrial and enterprise users with the bandwidth needed to expand the reach of their existing networks, while adding a variety of fixed and mobile applications eg. city-wide video surveillance, traffic management, intelligent transportation systems. The company's 7000 and 7020 mesh models provide superior throughput and latency for delivery of multiple high speed "fibre-like" services over wireless to end consumers, including high-resolution real-time video surveillance, high speed Internet uploads and downloads, high definition TV service, multi-user interactive gaming, multiple voice and video streams over IP, on-demand video, and high speed infrastructure backhauls. Fig. 15. Firetide Outdoor 7020 (http://www.firetide.com) 43 A blueprint for low cost urban wifi based on mesh technology Technology Review To maximise performance, dual-radio nodes support two radio modes. In the “bonded” mode, both radios are combined to operate as a single unit that provides double the bandwidth of a single radio equivalent. In the “linear” mode, both radios operate independently enabling sustained bandwidth levels over an unlimited number of hops. This enables long linear topologies, such as when networking a railway line, and provides a sustained level of service to every node, which is also critical for large municipal networks. The hardware can operate in the 2.4 GHz and 5 GHz bands and provides the flexibility to operate in channel widths of 5, 10, 20 and 40 MHz. Key Features: Firetide claim that their mesh delivers best-in-class performance with throughput of up to 400 Mbps, exceeding that of current wired solutions like T1, Fast Ethernet and OC-3 fibre, and provides a viable alternative to fibre or leased lines. • Up to 400 Mbps throughput; fibre equivalent latency at .9 ms per hop; 1,000 VoIP calls per node • Built-in interference mitigation; intelligent routing; end-to-end QoS (Quality of Service*) on a per-flow basis • Integrated spectrum analysis; network capacity planning and antenna alignment tools • Dual configurable radios in 2.4 and 5 GHz frequency bands; indoor and outdoor models with optional license key. * Quality of Service is a method to guarantee a bandwidth relationship between individual applications or protocols. This allows, for example, a full speed download via FTP without causing jittering on a VOIP chat. The FTP will slow down slightly as bandwidth is needed for the VOIP, provided VOIP was given greater priority. 44 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 16. Meshing with Firetide Hardware (http://www.firetide.com) These units are incredibly expensive compared other units, costing around 2000 euro each. This does not make them a good candidate for community meshing projects. However, for a completely local authorities sponsored project, they would probably be ideal. The low cost, flexibility and continues support of the Open-Mesh OM1P make it the ideal hardware for this project, in my opinion. 45 A blueprint for low cost urban wifi based on mesh technology Technology Review 3.2. Firmware Because I have already looked at protocols, it is obvious that the firmware needs to support OLSR, B.A.T.M.A.N or both ie. the chosen firmware needs to be ROBINbased. There are many matching firmwares out there for these devices, each ROBIN-based and each one having several forked projects with additional features again. For this purpose, I am limiting the review to 4 of the most popular firmwares, compatible with the hardware already reviewed. Any mesh firmware we test needs at least • Automatic discovery of neighbour mesh nodes • Automatic address assignment among mesh nodes • Automatic routing and route distribution • Automatic distribution of nameservers • Automatic distribution of hostnames As most router firmwares are based on OpenWRT (which caters for all of the above), it is also best to explain what OpenWRT is exactly as I keep mentioning it. OpenWRT is a GNU/Linux distribution for embedded devices compiled for Atheros SoC (system on chips atheros) processors like the Linksys WRT54GL (now owned by Cisco). Instead of trying to create a single, static firmware, OpenWRT provides a fully writeable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customise the device through the use of packages to suit any application (for example, install a local mail server on the device itself). For developers, OpenWRT is the framework to build an application without having to build a complete firmware around it. For users 46 A blueprint for low cost urban wifi based on mesh technology Technology Review this means the ability for full customisation, to use the device in ways for which it was never intended. Fig. 17. OpenWRT Firmware Linksys WRT54GS or WRT54GL based routers with 8MB of flash memory are very desirable for mesh and can load additional software. We are going to test each firmware on a WRT54GL or similar router. This is just for convenience, it does not effect the final choice of hardware. I have access to this model, in abundance, as the previous incarnation of the DkIT Wireless network used this hardware. Several units were donated to the Computing Department, but I have some units still in my office. Replacement firmware can be easily uploaded to test units via their web interface (usually at http://192.168.0.1). Failing this, it is possible to TFTP a firmware file to the unit during the 2-3 second windows just after the unit powers on. You need to be a very fast typist to use this method! Freifunk OpenWRT-based, German software supporting wireless mesh networks with OLSR and B.A.T.M.A.N. Freifunk can be installed on a wireless router to set up a typical OLSR node quickly and easily. The firmware runs on Linksys WRT54G type devices (depending on hardware revision). Installation on a WRT54GL was simple, using the built-in "Firmware Upgrade" feature in the Linksys default firmware to upload the Freifunk package and then reboot the device (this method of installation is the same for most, if not all 3 rd party 47 A blueprint for low cost urban wifi based on mesh technology Technology Review firmwares). Fig. 18. Upgrading Firmware on WRT54G Device After the installation, telnet is deactivated and the SSH server dropbear is started. A firewall configuration protects the local network from everything outside of 192.168.x.x. Internet surfing via OLSR is possible using NAT (Network Address Translation) provided there is a another station on the network announcing Internet access. Fig. 19. Freifunk Firmware 48 A blueprint for low cost urban wifi based on mesh technology Technology Review The Web interface is divided into two parts - a public area and a password protected administration area. The public area allows visitors to view information about the current routing table and a scan of WLAN base stations in the vicinity. Overall a solid meshing firmware, but seemed to take a long time to poll other nodes in the immediate vicinity. The absence of an overall mesh controller, in the form of a hosted dashboard or otherwise, was a big issue also. Robin-Mesh Robin-Mesh is an easy-to-use open source firmware for small, widely available routers such as the Linksys WRT54G series, the Fonera ("crowdsourced" hardware) and the Open-Mesh OM1P. Robin-Mesh allows users to spread a single Internet connection over a large area using meshing technologies. It is managed through a web-based dashboard (Robin-Dash or similar) which can configure settings such as the SSID name (for the Public and Private WLANs), as well as provide advanced reporting and statistical information such as graphs, and logs. Robin-Mesh is always based on top of the most recent release of the OpenWRT firmware. Fig. 20. Robin-Mesh Firmware 49 A blueprint for low cost urban wifi based on mesh technology Technology Review Features: • Fully open source mesh firmware • Installs on relatively cheap hardware • Dual ESSIDs possible, typically one "open" and one "private", although both can be WPA encrypted • Bandwidth can be limited up and down, per user on the first "public" ESSID • Public ESSID has an optional splash page feature. The splash page is fully editable via an HTML/WYSIWYG editor. You can add user authentication and billing options via third-party solutions from Coova.org, WiFi-CPA.com, WorldSpot.net, or use any RADIUS server with a Captive Portal login screen (dashboard required to manage all this) • You can "redirect" users to any web page on login on the public ESSID • Firewall prevents public users from accessing the wired LAN or private ESSID (can be disabled) • Nodes automatically update firmware to latest stable version • SSH is supported and you can change the network password if desired Nightwing Nightwing is yet another firmware based on OpenWRT. It uses B.A.T.M.A.N. and like all mesh firmwares it allows the deployment of a system that provides free Internet access to an area or community in a collaborative way. 50 A blueprint for low cost urban wifi based on mesh technology Technology Review Features: • Zero Config: All the interfaces, wireless as wired, are configured automatically basing it in the MAC address that each router has in its Atheros wifi device. This way, all the Nightwing devices are located in the same channel and with the same essid. • VAP (Virtual AP): As well as participating in the mesh, each node provides coverage in the immediate area, behaving like a normal wifi “Hot-Spot” and allowing mobile or fixed users to access the Internet through an open AP without encryption. In this case, it's possible to connect rapidly from any operative system. A captive portal solution controls the session timing and assigned bandwidth to each open connection. • Security: Every node can be connected to a local network (LAN) without compromising its security, meaning that the external users connected to the open AP get completely isolated from the local traffic and vice versa. They are also isolated from each other. • Intelligent functioning: When a node is connected to the local network but does not find access to the Internet locally or though another node, it will not attempt to interfere with the existing configuration of that local network (this is useful if a node becomes damaged in some way). Fig. 21. Nightwing Firmware 51 A blueprint for low cost urban wifi based on mesh technology Technology Review The core of the zero config functioning of Nightwing is the script /etc/init.d/nightwing. This script, that auto-executes after the normal boot of OpenWRT, creates and configures the interfaces eth0 (local network), ath0 (open VAP), ath1 (encrypted VAP) and ath2 (mesh in ahdemo mode*). At this point the node must choose its roll, meaning if the interface eth0 automatically acquires an IP address and it is possible to access the Internet the node will switch to Gateway mode. The batmand demon will be executed over the interface ath2, announcing itself as gateway to the rest of the mesh. The Robin-Mesh firmware, pre-installed on OM1P mesh nodes, is probably the best solution for this project's firmware needs. It is rich in features, maintained by a large community and compatible with nearly all available dashboard solutions. Having the firmware pre-installed will reduce both deployment time and troubleshooting issues significantly. * Ahdemo mode is handy for long shot point to point connections as you avoid the RTT (round-trip time) and inefficiency of the control packets in standard BSS (basic service set) mode. 52 A blueprint for low cost urban wifi based on mesh technology Technology Review 3.3. Dashboards The dashboard is the hub of a mesh network. It is a cloud-based solution that gives you complete control of your network from a browser anywhere in the world. With it you can control firewall settings, cap bandwidth, monitor nodes, design splash pages etc. A good dashboard is an essential component for this project, so here I investigate the more popular options. CloudTrax CloudTrax (sometimes “Cloudtrax”) provides a free administration, alerting and mapping system for Robin-Mesh networks. It allows you to configure the SSID, splash page, passwords, and bandwidth allocation for your network. Some of its features include: • Daily summary email alerts of outages - ideal for property managers • Network Diagram showing node links and signal strength and users • Node List mode with 24-link quality graph and average metrics for each node • Detailed Google map with colour-coded nodes showing quality and users • Complete "Network Status" page with all of the above These features are focused on creating networks that are easy to deploy, manage and understand. You'll be able to see when nodes aren't working well over time and see, using simple maps and diagrams, where you have poor connectivity between nodes. 53 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 22. CloudTrax Dashboard While everything should work properly using Microsoft Internet Explorer, it is developed and optimised for Mozilla Firefox. CloudTrax is the default dashboard for ROBIN nodes, and used by Open-Mesh.com. I have tested it fully with my WRT54GL devices and with some Open-Mesh OM1P devices I acquired for this project. No issues with either if using Robin-Mesh firmware. OrangeMesh OrangeMesh is a network management dashboard for ROBIN wireless mesh networks. It provides powerful network status visualisation tools and a centralised network configuration for your networks. It's specifically designed for community wireless networks, with tools to help manage community members and to grow the network organically. If you ever decide to run your own dashboard server with OrangeMesh rather than CloudTrax, you can do that later on in your setup: both dashboards can be used together, separately or you can redirect node traffic usually sent to Open-Mesh.com to your own dashboard server with a simple configuration setting. 54 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 23. OrangeMesh Dashboard This project is currently on hold, and has not been updated in 2 years. For this reason, and this reason only, it will not be used for our mesh network. I have installed an OrangeMesh server on DkIT campus to monitor both my test OM1P and WRT54GL nodes. It works quite well, and would have been an ideal solution if I was not concerned with maintenance and security updates, but I am. Robin-Dash While all the other dashboard on offer help control open source firmware on mesh units, Robin-Dash is the only true open source alternative to the dashboards currently on offer. It is in the early development phase (however, it can be considered stable). The developer aims to keep up with the latest features of Robin-Mesh. Benefits of using Robin-Dash, compared with others include: • Speed: The pages are clean, fast and easy to read • Size: The configuration is stored in tiny XML files (as well as CSV files for logging) so that you do not have to have to rely on a resource intensive MySQL server 55 A blueprint for low cost urban wifi based on mesh technology • Technology Review Reliability: Because you can host your own version, on your own server, internally or on the Internet, you know that your server will be up and working when you want it to • More Reliability: Cloud Hosted version available, hosted on Amazon EC2 which has a 99.95% up-time guarantee • Up-to-date feature set: You will always have the latest features avaliable because it is developed by a member of the Robin-Mesh development team, and updates are pushed out as they are made live to the Cloud Hosted version Features unique to Robin-Dash: • Nodes checkin data is forwarded to the CloudTrax dashboard (if you so choose), so you can view graphs and other information with ease • Integration with your own POMADE server. Poor Man Dashboard Environment (Po.Ma.D.E.) is a popular dashboard extension offering total control on the provisioning process • Custom Firmware Uploader You can signup for a free account using the Cloud Hosted version at http://www.robin-dash.net. This is the easiest way as there is no need to install anything on your nodes, and all new features are added automatically by the developer. 56 A blueprint for low cost urban wifi based on mesh technology Technology Review J.O.K.E.R. J.O.K.E.R. (JOomla KEeper for Robin) is a proposed component for the Joomla CMS (Content Management System) dedicated to wireless communities. This dashboard will have this features : Backend • All settings from the Open-Mesh dashboard but you change options allowing you to see all Robin parameters • Support for multi networks • Peer Base config of single device (for example you can set a different password for any devices) • support for your own radius server • you can hide private SSIDs • protection over http request for heartbeart • google map editor with geocode and reversegeocode abilities • Fonera community like system for deploy networks (the user of your site can add his own hotspot in networks or only hotspot that you have sold/donated to it) • export maps in kml format for use in any geolocation system (googleearth, maps.google.com, radiomobile, other) • Preview of robin config to user 57 A blueprint for low cost urban wifi based on mesh technology • Technology Review autonaming of hotspot (set prefix, length and a counter for generating automatic labels) frontend • googlemap with 'hotspots' marked • login for users with hotspot autodetect for supplying different content based on location • the login page uses standard redirect and the JSON interface of coovachili I am particularly interested in this project as I intend to use Joomla to build the Mesh Community Website later on. Having total integration with the dashboard within the system would be HIGHLY desirable, allowing all web functions to be managed from the one site. However, no release of this component has ever surfaced, making it a non-runner for this project (I hope to email the developers and offer to contribute some of my skills to the project following this dissertation). Again, because CloudTrax works out of the box with the Open-Mesh OM1P mesh nodes, it is the obvious choice. However, I really like the look of Robin-Dash, and time permitting will be bringing up a server to run alongside CloudTrax. However, this is a “nice” feature rather than a required feature of the project. The following page has a screenshot of my 3 test nodes (OM1P hardware with Robin-Mesh firmware) as viewed via Google Maps plugin in the CloudTrax Dashboard. 58 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 24. CloudTrax with Google Maps plugin Note the 3 units have detected each other and started to form a mesh network. This is the basis for the rest of the project. Eventually an alternate path will develop between the 2 furthest nodes as the internal tables are updated. 3.4. Content Filtering It would very foolish to launch any free, open Internet service in a town centre without considering content filtering from the outset. Content filtering is a method where Internet traffic is blocked or allowed based on its content, rather than its source network. However, source URL is a factor, as some web domains are obviously hosting nothing but illegal or questionable material (pornography, for example). There are various ways to filter traffic, and usually there is some way around each method too. I want to use an open source solution for this so that I can manipulate the solution as much as I want and integrate seamlessly with the mesh network. The filtering should be “transparent”, as is in configuration is required on the user's end in order to access the Internet properly. Content needs to filtered at the mesh node or above the nodes on the network topology. 59 A blueprint for low cost urban wifi based on mesh technology Technology Review 3.4.1. Filtering with a Proxy The first method I will investigate is filtering with a proxy server, namely with Squid (a popular proxy server solution) and SquidGuard, a combined filter, redirector and access controller plugin for Squid. To clarify the difference between the two: Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other computer network lookups for a group of people sharing network resources, to aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including TLS, SSL, Internet Gopher and HTTPS. SquidGuard is a URL redirector used to use blacklists with Squid. There are two big advantages to squidGuard: it is fast and it is free. Fig. 25. Filtering traffic transparently with Squid/SquidGuard 60 A blueprint for low cost urban wifi based on mesh technology Technology Review This solution would be highly desirable, as Squid itself is very powerful. It allows for ACLs (Access Control Lists) based on MAC address (only our nodes would be allowed to access the Internet) and Traffic Shaping/QoS straight out of the box. We could do the following if all traffic was transparently redirected to a Squid server: • set max download sizes (reply_body_max_size) • plugin a rewrite program eg. SquidGuard (url_rewrite_program) • deny file types based on MIME type eg. torrents (deny_mime_torrent) • use delay pools to shape traffic eg. after downloaded 1500000 bytes the download speed will be reduced to 500000 bytes/s A sample configuration for the above can be seen in Appendix A. SquidGuard has a it's own separate configuration file, and it specifies the following: • The location of the text files containing blocked/allowed domains • Any time based rules for the filters • Where to redirect traffic if it meets a “blocked” rule The configuration could resemble this one from my tests: dbhome /var/lib/squidguard/blacklists logdir /var/log/squid3 time workhours { weekly mtwhf 08:00 16:30 date **01 08:00 16:30 } dest local { } 61 A blueprint for low cost urban wifi based on mesh technology Technology Review dest adult { domainlist adult/domains redirect http://niceonedundalk.net/Blocked/ } dest warez { domainlist warez/domains redirect http://niceonedundalk.net/Blocked/ } dest redirector { domainlist redirector/domains redirect http://niceonedundalk.net/Blocked/ } dest good { domainlist whitelist/domains } dest bad { domainlist blacklist/domains } acl { default { pass good !bad !adult !warez !redirector all redirect http://niceonedundalk.net/Blocked/ } } Each "dest" entry in the previous config refers to a directory in /var/lib/squidguard/blacklists. Each directory can have lists of domains, precise URLs or expressions inside text files that will be blocked or passed. 62 A blueprint for low cost urban wifi based on mesh technology Technology Review Fig. 26. Filtering traffic transparently with Squid/SquidGuard on a mesh network While default lists are provided, new sites come online every day that would also be undesirable on our network, so how to block those? The Université Toulouse in France provides a free, community maintained list of blocked domains for your redirector program (not necessarily SquidGuard, others exist and they all use the same file format). I have written and tested an update script that can be scheduled to run each night on the server, and keep our blacklists up to date. I then only need to maintain the whitelists which will contain URLs I don't want to be blocked (whitelists are processed AFTER blacklists and are specified in the destination “good” in the previous script). 63 A blueprint for low cost urban wifi based on mesh technology Technology Review Here is my updated script: #!/bin/bash # BLACKDIR=/var/lib/squidguard BLKDIRADLT=${BLACKDIR}/blacklists # # # Download the latest adult.tar.gz, warez.tar.gz and redirector.tar.gz files from the Université Toulouse in France (updated daily) cd $BLACKDIR wget ftp://ftp.univ tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz wget ftp://ftp.univ tlse1.fr/pub/reseau/cache/squidguard_contrib/warez.tar.gz wget ftp://ftp.univ tlse1.fr/pub/reseau/cache/squidguard_contrib/redirector.tar.gz # # # stop squid /etc/init.d/squid3 stop # # # Install the new adult and redirector blacklist tar C ${BLKDIRADLT} xvzf ${BLACKDIR}/adult.tar.gz tar C ${BLKDIRADLT} xvzf ${BLACKDIR}/warez.tar.gz tar C ${BLKDIRADLT} xvzf ${BLACKDIR}/redirector.tar.gz # # # Change ownership of blacklist files # chown R proxy.proxy ${BLACKDIR}/blacklists # # Rebuild database? # #squidGuard C all # # # Cleanup, start squid /etc/init.d/squid3 start sleep 5s rm ${BLACKDIR}/adult.tar.gz 64 A blueprint for low cost urban wifi based on mesh technology Technology Review rm ${BLACKDIR}/warez.tar.gz rm ${BLACKDIR}/redirector.tar.gz echo "The squidGuard update script on proxy.niceonedundalk.net ran successfully" exit 0 So far so good. I have a proxy server up and running. It is filtering content based on blacklists, and the blacklists are updated nightly. I can test this setup by pointing all traffic on port 80 from my laptop to the proxy server address (port 3128) while on the mesh, and it works. However, remember that this needs to be transparent, which means handled on the nodes themselves somehow redirecting port 80 locally to port 3128 on the server with some sort of NATing solution. My initial reaction is to try this with an iptables rule on the node itself. As my Squid proxy server is running outside the mesh network the nodes need to redirect all users browsing on port 80 to the cache on the proxy. The rule for this looks something like: iptables t nat A PREROUTING p tcp dport 80 ! d <mymesh.ip> j DNAT todestination <server.ip>:3128 and this works, kind of. The value <mymesh.ip> assumes there is a management lan, where the proxy is located. But I am hoping to have the proxy server OUTSIDE the network altogether in the final design, in the college on the outskirts of town for example. Also, I'm getting worried that my solution, while good, is not very efficient when dealing with a limited backhaul on the mesh network (the OM1P device will setup the Ethernet link to 10Mbit/s / half-duplex). Other mesh developers on Internet forums have indicated the followings settings might work: #@#config management enable.proxy 1 #@#config general services.via_proxy <server.ip>:3128 65 A blueprint for low cost urban wifi based on mesh technology Technology Review but I have tried in vain to get this to work. I suspect it might not be supported on the firmware version that comes pre-installed on the OM1P (newer firmware can be installed, namely 'ng' from Open-Mesh – next generation firmware, which is currently in beta mode). For this reason, and because of time constraints, I am going to move on and explore an alternative method of filtering. 3.4.2. Filtering with DNS DNS filtering is another method worth investigating. The CloudTrax Dashboard has a configuration setting that allows you to specify the URL to a shell script file hosted somewhere on the Internet. When the mesh nodes checks in, it will download this script and execute it if the timestamp is different from last time. I propose using this method to alter the resolv.conf file in the Linux filesystem of the firmware. The resolv.conf file tells the node where to direct all DNS lookups, and this DNS information is passed to the client machine in the DHCP request when they join the mesh network. This way I can have the user's device route all request for URLs to my own or another DNS server, and if that DNS server is configured for filtering, I can prevent certain URLs from being accessed. A sample script to make this happen and to be referenced from the dashboard is found below. #!/bin/sh rm /etc/resolv.conf echo "#custom nameserver" >> /etc/resolv.conf echo "nameserver 208.67.222.123" >> /etc/resolv.conf echo "nameserver 208.67.220.123" >> /etc/resolv.conf exit 0 This script fully implements my first suggested solution for DNS filtering. The nameserver addresses you see there are actually the public OpenDNS servers (http://www.opendns.com), and more specifically, their “Family Shield” servers. These servers are pre-configured to block adult material, and are free to use. The 66 A blueprint for low cost urban wifi based on mesh technology Technology Review company encourage users to set their home routers to these DNS servers in order to protect your children online. I probably could just leave it at that, but this gives little or no control of blacklisting or whitelisting domains, we are at the mercy of OpenDNS to decide for us. In most cases this would be fine, but what if a (fictional) local business owner, William Butler, who sells clothes for larger gentlemen, discovers his website bigwillys.ie is blocked? It would be incredibly hard and take a lot of time to get this whiteisted at OpenDNS. Meanwhile, “Big Willy” himself is losing potential business in town and getting very agitated. This is no good, so other solutions need to be investigated. The open source DNS server BIND 9 provides the ability to filter out DNS responses from external DNS servers containing certain types of data in the answer section. According to the Linux man* pages, it can “reject address (A or AAAA) records if the corresponding IPv4 or IPv6 addresses match the given address match list of the deny-answer-addresses option”. It can also reject CNAME or DNAME records in a similar manner. Rejecting addresses is all well and good, but if I'm correct this will leave the user with just unresolved URLs, and no meaningful error message or redirection to a “blocked” web page. It would be possible to add entries to BIND 9 for blocked URLs (processed from a flat file or database) but because of how BIND works a DNS “zone” for every blocked URL would be required, redirecting it to the web server with the “blocked” page. The more zones BIND has, the slower it gets, and we are talking about tens of thousands of blocked URLs here. For these given reasons, BIND 9 is not really an option either. Dnsmasq is a lighter, more easy to configure DNS forwarder and DHCP server that does not use zones as part of it's configuration (well it does, but it does not have a separate file for each). It is designed to provide DNS and optional DHCP functionality to networks. * man pages are built in manuals accessible at the Linux command line 67 A blueprint for low cost urban wifi based on mesh technology Technology Review Dnsmasq keeps DNS zones as single lines in it's configuration file, so it would be quite easy to have a line for each blocked domain, pointing requests for that domain to a local webserver (as in same IP address of server) with the required blocked page. An example line would be address=/www.pokerroom.com/10.100.31.158 All requests for http://www.pokerroom.com will now get the blocked page, dished up by a web server at http://10.100.31.158 (which could be the same box). The trick would be updating the list regularly. However, I could easily modify the previous update script for SquidGuard to download the files as usual, then rewrite the lines from the blacklists into the config with the above format. Something like the following script would suffice. # the ipaddress where we want to send the requests to addcatcherip='10.100.31.158' configfile=/etc/dnsmasq.conf # download domain list(s) like previously and extract wget ftp://ftp.univtlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz tar C /tmp xvzf /tmp/adult.tar.gz rm /tmp/adult.tar.gz cd /tmp/adult # location of a file where hostnames not listed can be added extrasfile='/etc/hosts.manual' # more temp files to use tmpfile="/tmp/adult/domains" tmpconffile="/tmp/.dnsmasq.conf.$$" # add the extras [ f "$extrasfile" ] && cat $extrasfile >> $tmpfile # check the temp file exists OK before overwriting existing list if [ ! s $tmpfile ] then 68 A blueprint for low cost urban wifi based on mesh technology Technology Review echo "temp file '$tmpfile' either doesn't exist or is empty; quitting" exit fi # get a fresh list of server addresses for dnsmasq to refuse cat $configfile | grep v "address=" > $tmpconffile while read line; do ADDRESS="/${line}/${addcatcherip}" echo "address=\"${ADDRESS}\"" >> $tmpconffile done < $tmpfile mv $tmpconffile $configfile $reloadcmd /etc/init.d/dnsmasq restart rm R /tmp/adult exit This script would be scheduled to run nightly, keeping the content filtering up to date. I will likely have separate files for whitelisted and blacklisted addresses in the final project. Fig. 27. Using our own DNS server to cache address lookups has the added advantage of overriding chosen URLs. Note that because the DNS server address is in the mesh units resolv.conf file, it does not matter what DNS server is specified at any point beyond that (including attached gateway router devices). The connected wireless device will always use the 'closest' configuration. For this reason other devices have been omitted from the diagram 69 A blueprint for low cost urban wifi based on mesh technology Technology Review 3.5. Conclusion This concludes the Technology Review. I have now accomplished the following: 1. Identified the separate components of a mesh infrastructure 2. Investigated OLSR a bit further and concluded that my chosen firmware will need to be ROBIN-based 3. Decided on Open-mesh OM1P as the best hardware to use. The finished network will have a combination of these units connected to the LAN port on already existing routers at business' premises (gateways) and mounted on the outside of building using the available Outdoor Enclosure Casing (APs) Fig. 28. Outdoor Enclosure Casing for OM1P (http://ww.open-mesh.com) 4. Decided on Robin-Mesh as the best firmware to use 5. Decided on CloudTrax as the best dashboard to use 6. Investigated different methods of content filtering and decided on DNS-based filtering using Dnsmasq 70 A blueprint for low cost urban wifi based on mesh technology Case Study 4. Case Study 4.1. Overview Let's review the 3 Phase scenario from the Introductory Chapter and pin down exactly what it is I am trying to achieve in the fictional scenario. 4.1.1 Phase 1 Phase 1 is sponsored by either local authorities or the Chamber of Commerce, and involves providing network connectivity to the town centre via a mesh network. When complete, anyone at the centre of town will be able to connect to the Internet for free, piggy-backing on the main Internet gateway, with backup DSL connections provided locally on site. Several 'sponsored' devices will hopefully also be placed in certain buildings/structures in the vicinity to spread the load. Fig. 29. Proposed positioning of Mesh APs and GWs in Phase 1 This will start the spread of the network down the neighbouring streets that lead to town centre (remember, the wireless broadcast from each unit is 50 – 100 metres, with the signal being stronger where overlaps occur). Fig. 29 shows the existing town 71 A blueprint for low cost urban wifi based on mesh technology Case Study centre area with suggested AP placement and routes between them. Note that Dundalk Town Centre has a number of light structures running through the Market Square area, so it would be ideal to install mesh points inside those structures – allowing them to be above street level and connected to a power source. The main backup gateway (GW) unit could be any of these, whichever is nearest a public office (remember that gateway nodes are also APs). Sponsored devices, as in units paid for by the town but located on business premises (eg. Specsavers at the Square), also act as GWs. It is hoped those units would all be gateways, as they could be connected to that businesses' in-house ADSL router. The following diagram shows the mesh created by the units in Phase 1. Imagine connection to the Internet itself extending from each of the GW nodes (green icons). With this configuration, and two of the gateways using different ISPs and the other being connected to a high-speed DSL or fibre router owned by local authorities, it is very unlikely that the Market Square area would be without connectivity unless there was a power outage (and we could even cater for that scenario using the Power over Ethernet injectors and a backup generator if connectivity was considered critical). Fig. 30. Paths created by default configuration in Phase 1. I won't display the paths in any further diagrams for clarity, they will simply be implied. 72 A blueprint for low cost urban wifi based on mesh technology Case Study 4.1.2 Phase 2 Local businesses with existing broadband connections will be asked to donate some of their (unused) Internet bandwidth to the mesh and join up with the connections created in Phase 1. Expanding the diagram, this looks like: Fig. 31. In Phase 2, businesses in or near town centre are asked to host gateway nodes by connect OM1P units to their existing broadband router. In return, they get free online advertising. There are obviously a lot more gateways than required at this stage, but remember each gateway is ALSO an AP, so what we see here is a mesh network with little or no distance to go for traffic to get on to the Internet. 73 A blueprint for low cost urban wifi based on mesh technology Case Study 4.1.3 Phase 3 In Phase 3 small shops without existing Internet connection and anyone living in town centre will be asked to host a standalone point. These points will hop local users off to the nearest connected points created in Phase 2 (which is how a mesh really works!). Where the signals overlap, this is where the network will be at it's strongest. The diagram now looks like: Fig. 32. In Phase 3, businesses with no existing broadband and residents near town centre can hook on to the mesh Let's watch the mesh in action. Imagine a resident near Union Street (marked “START” in Fig. 33) participating in the network during Phase 3. He powers up his standalone mesh device which he purchased for 50 euro (the MAC address of this unit was registered with the Dashboard before posting to the resident, or he was able to register the device himself through some sort of web page for mesh members – easily done). The unit immediately needs to work out the shortest path to the nearest gateway, taken care of by the firmware and underlying protocol. Graphically, this light look like the diagram on the following page. 74 A blueprint for low cost urban wifi based on mesh technology Case Study Fig. 33. APs off the main town still have multiple paths to the nearest gateway I'm suspecting that businesses in town will object at multiple levels to Phase 3, where their unused broadband is distributed to smaller businesses and homeowners in town centre. “That's not the point,” they will say when it is pointed out they are not using it anyway (and have said when casually asked by myself). Trying to encourage the overall vision of a community wireless amongst real people is probably the biggest challenge this project would face. However, it can be helped to a certain degree technically. Firstly, the speed on the mesh network is not going to be “super fast” by any account (the Ethernet port on the OM1P is set at 10 Mbit/s, not 100 Mbit/s like most LAN ports on domestic routers. This is an immediate restriction on super high speed Internet). The max speed per user would probably be set via the Dashboard at 0.5 Mbit/s, which is quite slow by today's standards. While good for checking email and doing some light (very light) surfing, it's not ideal and you would not want to use it continuously or for any bandwidth-heavy tasks. Fig. 34. Setting max upload /download via CloudTrax 75 A blueprint for low cost urban wifi based on mesh technology Case Study The other thing is that after business hours, even though the network could be sped up via the Dashboard, there is likely to be less Gateway nodes as business owners may decide to power down IT equipment on their premises in the evenings (even though they pay flat rate broadband, their electricity usage is still monitored). This other factor will discourage anyone using the mesh as a permanent home Internet connection (and potentially cause issues with the network backbone, something that should be investigated further in the next section). The true purpose of Phase 3, as well as to spread the mesh far and wide and letting shoppers view offers directions to shops online, is to help smaller, new start-up businesses off the ground by providing some infrastructure that they don't need to pay for straight away i.e. An Internet connection. Once they have established an online presence and business picks up, they can they invest in a broadband package. They could also be helped out immensely if VoIP (Voice over Internet Protocol) allowed them to phone wholesalers, other businesses and even customers in the area without the need for a landline or paying for mobile calls. I will attempt to gauge the feeling of existing businesses towards this and others issues raised here in my next section, the survey. 4.2. Survey For this section I created and hosted my own online survey with a brief explanation of the project and 11 questions to gather feedback from business users. I asked the local Chamber of Commerce to promote the survey website on their mailing list. 28 local businesses completed the survey in the first 10 working days. The following table of results are based on their feedback, the full details of the survey are found in Appendix A, with full versions of the questions asked and graphed responses. Question Yes No Not Sure Do you think the mesh network is a good idea? 28 0 0 Would you participate in the mesh network? 26 0 2 Would you be willing to give over ALL your unused bandwidth? 26 0 2 Could you convince a colleague to join the mesh? 4 0 76 24 A blueprint for low cost urban wifi based on mesh technology Question Case Study Yes No Not Sure Would you be AGAINST letting smaller businesses use a 6 portion of your bandwidth? 22 0 Do you think free public wifi could be good for local business? 28 0 0 Would you be interested in a Location Aware smartphone app? 28 0 0 Given you are interested in the app, would you pay a fee? 22 6 0 Would you buy extra units to provide full coverage? 13 14 1 8 0 14 0 Would you be interested in free phone calls to other businesses within the mesh? 20 Would the above free phone calls help sway your opinion of 14 the mesh? Table. 4. Results of survey with local business owners I have also written code to generate graphics from the gather data. The PHP code used is outside the scope of this project (it is not required for the mesh network), but the graphs outputted are presented with each question in Appendix B. Overall the results of the survey are very encouraging, and graphically they look very well with a few 100% values in there. The split never really goes beyond 50/50, so it can be said that overall people are in favour of the mesh network and the services it could potentially offer. The most encouraging result is that business owners would not only be willing to give over unused bandwidth, but they would be willing to give over ALL their bandwidth to the mesh when not in use. They would also be willing to pay for additional services such as Location Aware apps. 77 A blueprint for low cost urban wifi based on mesh technology Case Study 4.3. Interviews For the interview stage of my case study I interviewed Brendan Minish, CTO and one of the founders of Westnet.ie, a Wireless ISP covering Mayo and parts of neighbouring counties using a mix of wireless technologies (802.11a, WiMax, Licensed P2P etc). They are in operation since 2006. I was also hoping to offset my own, incredibly positive attitude to mesh technology as I am aware it may not be completely realistic. Brendan did not disappoint. I also interviewed Robert Henderson, the ICT Operations Manager for The Convention Centre in Dublin. He has approximately 16 years experience in the technology sector having worked for companies such as Telecom Eireann, BT Ireland (Esat Net) and Anacapa Group (free-hotspot.com). Brendan Minish Prior to founding Westnet.ie, Brendan Minish was a founder member of the Group Data Scheme Society, a non-profit society set up to foster community owned data 'Co-Ops' covering rural communities. His experiences with mesh have not been good at all. He does not believe that this is a 'protocol problem' more an RF engineering issue. He says he had "relatively high hopes for mesh once". Brendan's background is in radio and electronics (Atlantic College, DIT Kevin St). One of the early Co-Op's he worked with used a large mesh network to cover approximately 30 square km. A lot of work was put into trying to engineer the mesh to a point where it worked reliably, performed well and was stable. This included building a separate 802.11a backhaul network on top, using multi-channel nodes etc. The eventual solution was to re-engineer the entire network at considerable expense to build a fully routed network. See http://www.boards.ie/vbulletin/showthread.php? t=141521 for more information. The interview was carried out online on 26 th March, 2012. 78 A blueprint for low cost urban wifi based on mesh technology Case Study Q: You have read the first 3 chapters of this project, what do you think of the overall idea for a hybrid community network with elements sponsored by local authorities? My survey suggest local business like the idea, but what do you think? A: There aspects on the ISP side of things that do not scale very well at the low end. These include backhaul, IP address resources, technical support. In my experience, communities want networks and will support networks but also don't really want to take on the work involved in managing and running such a network long term. Q: Am I going about this the right way? Can you see any flaw in my plan? A: Yes. Mesh protocols are not a good fit for typical internet usage patterns. They test very well under light use but don't scale to significant numbers of concurrent users. They do have a role to play in low bandwidth (compared to the access medium bandwidth), 'bursty' networks like sensor networks and perhaps VoIP (if the underlying network is very lightly loaded) Q: What do you think of the choices made for protocol, hardware, dashboard and so on? A: They're fine, the primary issue is with mesh technology itself. It's not going to scale. Build routed networks with dynamic routing protocols (such as OSPF) instead. Q: Could you elaborate on this Brendan? A: There are lot of assumptions made about mesh that ignore the underlying operational realities of the 802.11 protocols in real world environments. The problem with mesh is that it nearly always seems to work impressively well until you start filling it up with real-world user traffic. Then you run into the limitations inherent with mesh networks. The other problem is that IP networking types tend to view mesh as a 'protocol problem' of how to best handle routing between a bunch of nodes that have links between them and fail to properly visualise what is happening at layer 1 (i.e it's not a 79 A blueprint for low cost urban wifi based on mesh technology Case Study big bunch of point to point links as in a wired network, it's a big pile of links on a shared medium with a high percentage of hidden nodes and terrible collision detection/control). It's actually not a 'protocol problem' at all, it's a radio planning problem and regretfully the laws of physics bite. You simply can't expect a large bunch of devices with varying radio paths between them to all share a (couple of) channel(s) and to get anything like reasonable channel throughput. Q: Do you think the plan for content filtering using DNS is sufficient? Again, can you see any flaws? A: No, I think you either need to provide unfettered access or to do DPI (Deep packet inspection) at the network edge, DNS based systems are easy to circumvent. There are also logging and data retention responsibilities. Q: In your opinion, if a node on a business site went offline out of hours, how much of a problem would this really be? Also, if we were running location aware software, and customers were paying a small fee to use it, how much would nodes going offline impact this service? Would this be a show stopper? A: It's a problem if people want access to their business IT systems out of hours. Offsite backup is a growing service and increasingly people are accessing things like security systems (CCTV) out of hours to check on their premises. Q: This leads really to the question of ownership and support in a semi-community network. Who's problem is it really if nodes on business premises go offline and cause gaps in the coverage? Is there really any way to avoid this in your opinion? A: Yes, each member signs a simple contract where they give an undertaking to leave equipment on 24/7. Battery backup is also required, here alarm supplies work well but the batteries will only last about a year if the power is off every day out of hours. Expect 3 to 5 years in conventional standby service. Q: If I were to implement this plan in a real world scenario, what advice could you offer me? 80 A blueprint for low cost urban wifi based on mesh technology Case Study A: Avoid mesh for Internet access networks! They don't scale for this application. Instead consider building a redundant routed network, the costs will be broadly similar since the dominant costs are not the routers themselves but the civil work, antennas & mounting hardware, power supplies, configuration, administration etc. Robert Henderson When he worked for BT Ireland, Robert was responsible for the development of one of Ireland's first commercial wireless networks, BT Openzone, a network of wireless hotspots with pay as you go Internet access. The technologies he has worked with in the wireless space include, wireless local loop, WiMax, Wi-Fi and 3G. The interview was carried out online on 9 th April, 2012. I asked him the exact same questions as I has asked Brendan Minnish. Q: You have read the first 3 chapters of this project, what do you think of the overall idea for a hybrid community network with elements sponsored by local authorities? My survey suggest local business like the idea, but what do you think? A: I think this is a viable solution for rural and large urban areas. In my experience for such a solution to develop and be successful it needs the backing of local community, local business and local authorities. We all have our part to play in the development of local communities and this is one solution where everyone can win. One of the challenges is who owns the system and maintains it. For me the solution is a shared ownership model split three ways (local community, local business and local authorities). The business can help fund it by allowing access to their premises and in some cases services, the authorities an support it through promotion the community and allow access to services such as electricity and possible office space for auxiliary support. The community can support it in number a number of ways, primarily using the service and the second is to provide auxiliary support, for example community colleges could make part of their courses that student must do tech support etc., this provides “free” support to those who use it and provide valuable work experience to the students. It is important to know the boundaries of the solution so as not to over extend what can be offered and ensure that the service doesn’t enter a “commercial” business phase which would see it's downfall, 81 A blueprint for low cost urban wifi based on mesh technology Case Study remember it is “by the community for the community”. Q: Am I going about this the right way? Can you see any flaw in my plan? A: I think it is a good approach, the flaws will be that business and local authority don’t buy into the solution for the long term. They need to be able to see the long term benefits. Q: What do you think of the choices made for protocol, hardware, dashboard and so on? A: I am most familiar with the Linksys products, these are good solid devices at a reasonable prices. There are plenty of open source operating systems which can be run and are supported by a wide following of the “online community”. As these devices are based on a Linux platform there may be the possibility in the long term to develop your own operating system which if was developed correctly could be sold (donation based) to other community projects and this would develop a small income for the network. Q: Do you think the plan for content filtering using DNS is sufficient? Again, can you see any flaws? A: You can never 100% capture all content using any solution, OpenDNS is possibly a good first step and in the long term it would need to be a solution which fits with the entire network as it grows. Q: In your opinion, if a node on a business site went offline out of hours, how much of a problem would this really be? A: At the start it will be important but as the service grows and users are aware of the restrictions in specific zones it should become less of an issues. It could be something used as an upsell to attract businesses, as they wouldn’t be using their internet bandwidth at night so it makes more sense to allow the service run outside business hours as a contribution to the community, balancing the benefits they receive during business hours. 82 A blueprint for low cost urban wifi based on mesh technology Case Study Q: Also, if we were running location aware software, and customers were paying a small fee to use it, how much would nodes going offline impact this service? Would this be a show stopper? A: Once users are aware of the restrictions in specific locations and this could be part of the app it shouldn’t be an issue but it is important users are aware of this from the start. If a node was offline more than it was online this could become an issue. Q: This leads really to the question of ownership and support in a semi-community network. Who's problem is it really if nodes on business premises go offline and cause gaps in the coverage? Is there really any way to avoid this in your opinion? A: Ownership has to be a group responsibility you are in affect building a “co-op” solution and support I would reference my points in questions one. You can’t avoid the issue of coverage gaps it will happen and who’s problem it is will depend on the overall model developed with the businesses. Q: If I were to implement this plan in a real world scenario, what advice could you offer me? A: There are scenarios of this type of solution in the USA and Europe, the ones which have failed have done so in my opinion due to lack of support from all parties or the are trying to deliver a commercial service. A strong balance needs to be reached for it to be success. 4.4. Site Visit As part of a drive to regenerate business in Drogheda using new technologies, urban wifi was recently supplied to the town centre as part of RTE’s 'Local Heroes' programme by Drogheda-based IT company Image IT Group. The outgoing Internet connection was supplied by Dundalk based company Digiweb. Local businesses allowed the installation of the hardware on the outside of their premises, and it is hoped the project will eventually help promote business and 83 A blueprint for low cost urban wifi based on mesh technology Case Study tourism in the town. The estimated total cost of the project is 5,000 euro. Drogheda also now has the 'iguide Drogheda on the Boyne' smartphone app, a virtual guide aimed at promoting tourism, local businesses and jobs in the area. It has never been stated publicly weather or not the wireless project uses mesh technology, and coverage seems to be only really in the main street of the town, consisting of 4 nodes. I paid a visit to Drogheda with my laptop just to see the network for myself. The network is open, and users are presented with a splash screen at each location. This appears to be a captive portal solution, but without authentication. Once the user clicks through this screen they are assigned a different IP address and are free to browse at a maximum speed of 1.5 Mbit/s. After 2 hours of browsing the user is disconnected and not able to reconnect to the network that day (or for 48 hours I Iater found out, which sees an extreme restriction, but Digiweb insisted on it). No content filtering is in place on the network and a user can browse to any webpage unrestricted. Connectivity is quite good, a ping to www.google.com took on average 6 ms to return a packet. I contacted Image IT Group and spoke with Chris Murphy, who was very helpful in explaining how the network worked. As well as the limitations I had already discovered, he explained that there was a maximum 8 Mbit/s download limit on each AP no matter how many users where connected (could this mean just one user on an AP could potentially get the full 8 Mb speed if they lifted the existing 1.5 Mb restriction? I forgot to ask). This constraint was put in place by Digiweb as they were providing the pipe. The average use on the network currently is about 1.4 Gb per week. He explained that the network is not a mesh, just 4 individual APs positioned along the centre of the town, on different channels. The biggest issue they have is signal interference from other networks (the overlapping channel problem from Chapter 2). The signal is broadcasting on 2.4 GHz with a 5 GHz backhaul wireless network. 84 A blueprint for low cost urban wifi based on mesh technology Case Study Fig. 35. The Drogheda wifi is far from being a mesh, in fact it is 4 separate networks Each AP is mounted on the outside of a business premises with no connection to the business network at all. He explained that each point is essentially 2 transmitters (one for the network, one for the backhaul) and a router not unlike a WRT54GL for the splash page, DHCP and other services (it sounds like they use OpenWRT or something similar). Each AP has it's own splash page and it's own IP address range, there is no central controller. To me their solution seems to actually just be 4 completely separate wireless networks that happen to share the same gateway to the Internet. Finally I asked him about content filtering and the lack of it. Had they considered it? What solutions had they looked at? He seemed not bothered by content filtering and said it was not their concern, which I was quite surprised by. I asked what about all the schoolchildren with mobile devices on the town every lunchtime and he suggested they would access these site anyway on their own 3G connections. Also, keeping the blacklist up to date would be “troublesome” and not worth the effort. 85 A blueprint for low cost urban wifi based on mesh technology Case Study 4.5. Conclusion The combined feedback from both the survey and the interviews is encouraging but promotes caution. I are working on the assumption that the network will not be used heavily by large amounts of users at any one time, but steps should be taken where possible to ensure that if usage is heavy that the network does not “fall over”. I have to point out that while I respect Brendan's Minnish's views on mesh and acknowledge his experiences, that quite a while has passed since he tried it out and that there have been some significant improvements. Also, if DNS filtering was as easy to get around as he claims, then services like OpenDNS and NortonDNS would not exist. The Open-Mesh devices have safeguards built in against some of the flaws he pointed out – remember, these devices are purpose built for mesh networks, not something that was 'hacked' together from existing hardware. Both Brendan Minnish and Robert Henderson had concerns about ownership and support for the network, and this is invaluable feedback which we will factor into the project later on. Brendan's concerns and experience with network scalability are noted, and something to be concerned about. Robert has confirmed for me that the 3 way approach of community, business and local authorities is a good model for supporting the network, and has given me some good ideas about how to ensure success with such a project. It was well worth carrying out the interview part of this chapter. The Drogheda urban wifi project seems incredibly flawed and not much effort was put into the deployment. Responsibilities are shifted up the chain by each party and nobody really wants to take ownership of it. I cannot see much of a future for that project after the first 12 months, and it is a good example of what can happen if a town does not embrace the network from the start, much like Robert Henderson warned. There is so much more potential there for promoting business, creating a community and so on. All they have is 4 individual broadcasts with no encryption, a half-hearted deployment that ticked a box on a form somewhere at a meeting. The same scenario can be found in nearly any street of any town, just not on purpose. Lessons need to be learned from this and the same mistakes should not be repeated in Dundalk. 86 A blueprint for low cost urban wifi based on mesh technology Investigation 5. Investigation 5.1. Building Your Own Mesh Network In this chapter I will start investigating the actual process of building a mesh wireless network from the ground up, using the building blocks mentioned in the previous chapters and taking into consideration issues raised in our Case Study (Chapter 4). It's important to remember as you read this chapter that these findings and suggestions are based on a hybrid mesh network, with managed, central elements supplied by local authorities (servers, Phase 1 nodes) and other elements being community based and effectively unmaintained by local business (Phase 2 nodes) and the general population (Phase 3 nodes). Both the interviewees in the last chapter referred to this scenario as a co-op. It is undecided if the actual roll out and basic maintenance of the network would be managed by local authorities or a small IT company given the contract, but note that somebody should be responsible at least for the recording of MAC addresses on mesh nodes as they are sent out to individual sites. These MAC addresses need to be added to the dashboard in the following section 5.1.2. Also, it would be the same person or company that would receive email alerts about offline nodes and decide how to act on them. 5.1.1 Configuring and Deploying Hardware The OM1P mesh nodes can be bought online from http://www.openmesh-uk.com. When purchased in bulk certain discounts can be applied. It is hoped that units can be given out locally at a cost of 50 euro per business. I emailed this company regarding discounts and they assured me something could be worked out for large orders. I then ordered an initial 3 units and had the Dundalk Town Council pay for them so I could investigate the feasibility of a mesh network in Dundalk Town Centre. I also ordered the outdoor enclosures for these devices that came with PoE injectors. The nodes work straight away out of the box, all that is needed is to add them to the 87 A blueprint for low cost urban wifi based on mesh technology Investigation dashboard for them to start working as a proper mesh. For this you must first record the MAC address printed on the underside of each device. An abbreviation for 'Media Access Control' address, a MAC address is a unique hardware address for each node on a network. The open-mesh nodes also have preassigned public IP addresses in the form 5.x.x.x, so that you can open an SSH connection directly to a particular node if need be for maintenance purposes. It would be advisable to record these IP address as well as the corresponding MAC address on a spreadsheet listing the location and/or business where each node is to be deployed. 5.1.2 Dashboard Configuration Dashboard configuration is managed via http://www.cloudtrax.com. The following information is from their online manual. The first time you use CloudTrax, you need to create a Master Login. You are required to fill in the following information: Master login ID: This is your master login you will use to access ALL networks you create. Password: This is your master administrator password. Email: Youll receive an email at this address asking you to confirm this master login to continue. Your First Name: Used to address you in email correspondence. When finished, click Create/Edit to save your account settings. In a few moments, youll receive an email asking you to confirm the account you just created. Just click on the Verify Account link to create your new CloudTrax Master Login. Youll automatically be taken to a page to create your network. Fill in the information found on the following page. 88 A blueprint for low cost urban wifi based on mesh technology Investigation Network Name: This is the name you want to give this specific network. You will use this name to make changes to the network, display reports, etc. Password: This is the password for local administrators and should be different from your master account login. This limits access and prevents users from making changes to your network. Fig. 36. Creating a new network on cloudtrax.com Email: Enter your email address or the address of a local administrator to contact. Network Location: Enter a street address for the first node. To add nodes, you will be shown a map that you click on to place nodes. By entering an address here, you will be centred on the correct location for your network. If you dont have a full address, that is OK - enter at least a city or town. Email for Notifications: Enter the email addresses, separated by spaces, for all people youd like to receive "outage" notifications. These are sent hourly. When finished, click "Create" to save your new network settings. Youll be taken to the General Settings tab of the Edit Network page. On the top of the Edit Network page is an Add/Edit Nodes button. Click it. 89 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 37. Adding a new node on cloudtrax.com A Google map, centred on the address you entered when you created the network, will appear in a popup. Click the map where you want to add your first node and enter all the required data. The latitude and longitude are determined by where you place the marker, so zoom in closer and switch to satellite view if required. There are many other settings that can be changed via the dashboard eg. manually setting the transmission power for APs (this is used to reduce transmission power on dense indoor networks) , but the remaining critical configurations are SSID based, so you need to create at least one SSID to complete your setup. CloudTrax also allows a second SSID to be enabled. The second SSID is usually used as a private or corporate SSID and is useful for setting up an administrative network. It can be hidden and/or encrypted as necessary and can have different traffic limits than the primary SSID. You MUST setup the first, public SSID at this point, and can decide later if you want the second one. For this investigation I am creating a public SSID of 'niceonedundalk.net'. 90 A blueprint for low cost urban wifi based on mesh technology Investigation The following figure shows the fields that are presented when creating the primary SSID: Fig. 38. Configuring the Public SSID As well as configuring the network name, I am going to use CloudTrax as the captive portal solution, enable the Splash Screen (more later) and set the redirect URL to http://www.niceonedundalk.net (the project website). None of the other options are required at this time, except for the all important maximum upload and download limits. Setting these values will not only help keep decent amounts of bandwidth for each business to use themselves, but make the mesh network not worthwhile for anybody as a permanent Internet connection. 91 A blueprint for low cost urban wifi based on mesh technology Investigation The download limit I am setting at 2048 kbps and the upload limit at 512 kbps. Fig. 39. Speed test from a mesh AP This will mean if anybody want to check their email and Facebook page, then the mesh network is fine. If they want large downloads of data and to stream video regularly, they should probably look into getting their own provider. I have also enable the second, private, SSID with a name of 'secure1' and password 'qwerty123' (WPA encryption) and hidden the broadcast. Later on I will discuss enabling network engineer laptops to connect to this SSID automatically. In the advanced settings I have enabled a root password for logging into individual nodes and I have also set the address of the custom.sh server to http://www.niceonedundalk.net. If you recall from the Technology Review, this address allows up to now have a script file hosted at http://www.niceonedundalk.net/custom.sh which will be automatically downloaded when a node checks in. The script rewrites the local /etc/resolv.conf file on the node and points it at our own DNS server for all DNS queries. Configuration of our own DNS server will now be discussed in detail. 5.1.3 Implementing Content Filtering As previously stated, I would not be prepared to launch any publicly accessible network without implementing content filtering (even though others seem to disagree). I have also decided upon DNS as the best way to do this in Chapter 10. To have your own DNS server I would recommend a Linux based server at a publicly accessible IP address. Many of the hosting companies like Digiweb offer pre- 92 A blueprint for low cost urban wifi based on mesh technology Investigation installed cloud solution that you can access from a control panel and use to run whatever services you wish. Such a server can cost as little as 10 euro per month. I have convinced Digiweb to donate a server to me for this project should it ever become reality. Alternatively, you could install your own Debian or Ubuntu Linux server on your own chosen hardware using downloaded ISO files, and host on your own network with a forward facing IP address. Installation of Linux to a server is outside the scope of this project, but is really quite simple and there is plenty of help available online. I have brought up a new Ubuntu Linux based server for the purpose of this chapter which I will now configure as a DNS server for our filtering solution, in a step-by-step manner. It is the IP address of this server that should be pointed to in the resolv.conf file on the nodes, so modify your own custom.sh accordingly. I want to be able to connect to the server remotely via SSH, so the first this I need to do is install an openssh server on my Ubuntu box. # sudo apt-get install openssh-server Now I can login to the server remotely as a user I configured during installation, as long as I have given it a permanent static IP address on the network so I can always get to it. It may also be necessary to open port 22 (SSH) on any local firewalls. Fig. 40. SSH Session to the DNS Server 93 A blueprint for low cost urban wifi based on mesh technology Investigation Now we install the dnsmasq package. Fig. 41. Installing dnsmasq using the APT Repositiories in Ubuntu This installs dnsmasq and starts the service with the default configuration. At this point it is safe to alter the custom.sh file and test that DNS is working from a laptop connected to the mesh. The proposed alterations to custom.sh are as follows: #!/bin/sh #this forces the script to be read rm -f /etc/update/custom.md5 rm /etc/resolv.conf echo "#custom nameserver" >> /etc/resolv.conf echo "nameserver 10.100.31.158 " >> /etc/resolv.conf exit 0 You may also want to run a basic sanity test and check that the server is indeed acting as a proper DNS server while you are still logged on to that box. 94 A blueprint for low cost urban wifi based on mesh technology Investigation root@niceone-dns:~# dig @127.0.0.1 dkit.ie ; <<>> DiG 9.7.0-P1 <<>> @127.0.0.1 dkit.ie ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31686 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dkit.ie. IN A SOA ns-int01.dkit.ie. ;; AUTHORITY SECTION: dkit.ie. 7882 IN root.dkit.ie. 2012031502 28800 14400 604800 302400 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Feb 15 16:04:03 2003 ;; MSG SIZE rcvd: 75 As you can see, we can resolve dkit.ie using the locally installed DNS server. I am now altering the custom.sh file hosted on the niceonedundalk.net web server and booting up my test mesh nodes so they can acquire the new configuration. After 15 minutes or so the mesh nodes check-in with the dashboard and are prompted to check the URL http://www.niceonedundalk.net/custom.sh for any new version of the custom script. If one is found, which there is, it is downloaded and executed. This results in resolv.conf on the nodes getting, and using, the new DNS server address. I can verify this has happened by connecting to one of the nodes via SSH and inspecting the file. 95 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 42. SSH Session to a mesh node However, I've noticed that propagation of that DNS server address to devices connected to the nodes is unpredictable at best, and does not always occur. paul@paul-laptop:~$ cat /etc/resolv.conf # Generated by NetworkManager nameserver 101.145.30.1 Here my laptop is using the DNS server address passed down to it in the DHCP on the open-mesh public network address space (101.145.x.x) and not the address now listed on the node. This is highly undesirable, as it means the content filtering could be bypassed altogether at intervals. The solution for this is to abandon the custom.sh method for DNS server specification and go back to the CloudTrax dashboard. Here we can add a nameserver entry in the Alternate Servers section of our network configuration. 96 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 43. Alternate Server configuration on Cloudtrax (If desired, an Alternate Dashboard eg. OrangeMesh and alternate SMTP server address could be specified in this section also). A quick check shows that this actually works with a hardcoded blocked URL in dnsmasq, even though my laptop's resolv.conf file remains unchanged. A line like so in the dnsmaq.conf file: address=/www.pokerroom.com/193.1.40.167 results in the webpage shown on the next page. 97 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 44. Blocked Page on the mesh network as result of content filtering I queried this on the Robin project forums and it seems to be correct, the contents of the laptop's resolv.conf does NOT represent the DNS server being used for resolution after you enter a value for Alternate Nameserver IP on the dashboard. I'm going to leave both methods intact as a form of fallback for custom DNS configuration. If one method fails for some reason, the other will likely take over. Now all that remains is to configure and test my filtering script on the DNS server to keep the black list up to date with inappropriate URLs that should be blocked on a public network. At /usr/local/bin/blacklists on the DNS server I have added the script found on the following page and made it executable. It is basically a tidied up and tested version of the script suggested in the last chapter. 98 A blueprint for low cost urban wifi based on mesh technology Investigation # I have a dedicated webserver running on campus with just a "blocked" page, so lets's send the IPs there. The server is Debian Linux with Light HTTPD. addcatcherip='193.1.40.167' configfile=/etc/dnsmasq.conf cd /tmp # download publicly accessible domain list(s) and extract wget ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz tar -C /tmp -xvzf /tmp/adult.tar.gz rm /tmp/adult.tar.gz cd /tmp/adult # location of a file where hostnames not listed can be added extrasfile='/etc/hosts.manual' # more temp files to use tmpfile="/tmp/adult/domains" tmpconffile="/tmp/.dnsmasq.conf.$$" # add the extras [ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile # check the temp file exists OK before overwriting existing list if [ ! -s $tmpfile ] then echo "temp file '$tmpfile' either doesn't exist or is empty; quitting" exit fi # get a fresh list of server addresses for dnsmasq to refuse cat $configfile | grep -v "address=" > $tmpconffile while read line; do ADDRESS="/${line}/${addcatcherip}" echo "address=\"${ADDRESS}\"" >> $tmpconffile done < $tmpfile mv $tmpconffile $configfile $reloadcmd /etc/init.d/dnsmasq restart rm -R /tmp/adult exit 99 A blueprint for low cost urban wifi based on mesh technology Investigation When executed, this script adds about 5000 lines of blocked URL entries to the dnsmasq configuration file and restarts the service. The whole process take about 2 minutes, so ideally it would run nightly as a scheduled task using the special @daily cron keyword in Linux: @daily /usr/local/bin/blacklists or alternatively add the command to the file /etc/cron.daily and restart the process. Content filtering is now in place on the mesh network and verified to be working. By default, we are blocking domains containing adult material, but a quick look at ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/ will show other lists that could be similarly integrated into our solution. 5.1.4 Desktop Configuration for (hidden) secure SSID The second, private SSID offered by the CloudTrax dashboard for our network has multiple advantages for network admins. It can: Be hidden from normal network users Can be bridged with the LAN, allowing us to assign our own DHCP addresses and given clients access to LAN resources Allow wired clients access to the network Use WPA, WPA2 or RADIUS server authentication The second SSID is also free of constraints like upload and download limits. It will use whatever resources it can get access to. These are all highly desirable features, so I propose enabling the second SSID and creating an easy way for admins to get access to this network without knowing the name of the SSID or any associated credentials. 100 A blueprint for low cost urban wifi based on mesh technology Investigation The settings for the second (private) ssid are as follows on the dashboard: Fig. 45. Private SSID configuration on Cloudtrax What I now want to do is provide an executable program that when executed will create a wireless profile on the user's Windows laptop and allow them access to this hidden SSID. The executable could them be hosted on the local council's file server or in a secure area of the project website somewhere the public have no access to. 101 A blueprint for low cost urban wifi based on mesh technology Investigation SU1X is a tool designed to automatically configure Windows XP/Vista/Win7 clients easily for use on a wired and wireless network. Designed with mass deployment and easy customisation in mind, originally for academic environments using 802.1x authentication. The project website is at http://sourceforge.net/projects/su1x/ I have used this open source tool before to create the wireless connection wizard for DkIT's own wirless network. Here I am going to explain how to customise the tool to create our own installer for the second SSID. The result will be a setup program like the one shown here: Fig. 46. Our own Secure Network Configuration Tool Simply clicking Install configures the laptop for immediate use. The user need not know any required username or password for the WPA encrypted network, and does not even need to be able to see it. He simply must be in range of a node for successful completion. 102 A blueprint for low cost urban wifi based on mesh technology Investigation When you down and extract the SU1X setup files from the archive, the directory structure is as follows: . |-- bin | |-- config.ini | |-- exported-sp2.xml | |-- exported.xml | |-- getprofile.exe | |-- images | | |-- big.jpg | | |-- bubble1.jpg | | |-- bubble-vista.jpg | | `-- lis-header.jpg | |-- Profile.xml | |-- ReadMe.txt | `-- su1x-setup.exe `-- source |-- config.ini |-- eduswan.au3 |-- exported-sp2.xml |-- exported.xml |-- getprofile.au3 |-- images | |-- big.jpg | |-- bubble1.jpg | |-- bubble-vista.jpg | `-- lis-header.jpg |-- Native_Wifi_Func_V3_0b.au3 |-- Profile.xml `-- ReadMe.txt We are not interested in changing how the program works at all, so ignore the entire source directory and it's contents. This leaves the bin directory, and there are only some essential files in here that are needed. Some of those files I will alter, others I will rename for the purpose of this project. First though, I need to actually set up a 103 A blueprint for low cost urban wifi based on mesh technology Investigation wireless profile on my Windows 7 laptop for the hidden network 'secure1'. Once that is done, I run the program getprofile.exe, which exports all the profile settings to Profile.xml, including network name, authentication method encrypted version of password etc. Here is the complete XML file: <?xml version="1.0"?> <WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> <name>secure1</name> <SSIDConfig> <SSID> <hex>73656375726531</hex> <name>secure1</name> </SSID> </SSIDConfig> <connectionType>ESS</connectionType> <connectionMode>auto</connectionMode> <MSM> <security> <authEncryption> <authentication>WPAPSK</authentication> <encryption>TKIP</encryption> <useOneX>false</useOneX> </authEncryption> <sharedKey> <keyType>passPhrase</keyType> <protected>true</protected> <keyMaterial>01000000D08C9DDF0115D1118C7A00C04FC297EB01000000201EDB7690028643B26 241A5AFEFF17B0000000002000000000010660000000100002000000079CDA080A6068D1EE3C8B1 A7B7294BDA4AEC369928D4A65C7362216047306536000000000E80000000020000200000003D364 B41FB26DF0608F3FBAC679A1C7E3913C4F2672A58C0D51505648CFF1654100000004B2D9BCAD 6CC94221217EF097BAE8C1740000000EC1487DCAC58707F81C8D9ACFC41251B89E88F68F1724 F0DD9BF050D9B50FCED610375C2A6B9DFEE09097B33D25690A8CD2973511A2569CEF3A5FA572 9D67ABD</keyMaterial> </sharedKey> </security> </MSM> </WLANProfile> 104 A blueprint for low cost urban wifi based on mesh technology Investigation It's job done, I can now remove getprofile.exe from the directory. I've also altered images/lis-header.jpg to include the project logo, and finally altered config.ini to change the setup tool name, the welcome message etc. Now I remove all unwanted files and rename su1x-setup.exe to niceone-securesetup.exe The new structure is as follows: . |-- config.ini |-- images | `-- lis-header.jpg |-- niceone-secure-setup.exe `-- Profile.xml This is zipped up into an archive named setup.zip and is ready for distribution to network engineers and anyone else who wants to use the secure network. I have included this file on the project CD for demo purposes. Note that the secure network should also be used for any monitoring devices or other services layered on top of the mesh later on. It should be pointed out that the Open-Mesh system is limited to a point with multiple SSIDs. By default, there are 2, the public and private. But what if more SSIDs were required? What if there was a requirement to have different VLANs* on different SSIDs with access to wired resources for various departments in your local council? Unfortunately, Open-Mesh on the OM1P may not be the solution in this scenario (unless maybe you change the firmware and build your own dashboard). * A VLAN is a collection of nodes that are grouped together by switches into a single broadcast domain, usually based on something other than physical location. 105 A blueprint for low cost urban wifi based on mesh technology Investigation However, some clever network engineering could be employed if push came to shove. If using the second SSID with WPA2 Enterprise/Radius Authentication, users could be assigned different roles or even different IP addresses depending on their group. Don't forget we can use dnsmasq for our own DHCP server as well as DNS, if we wanted. It would be possible to put some kind of NAC (Network Access Control) into the flow just before DHCP and and drop a user into a particular VLAN based on their credentials, NOT the particular SSID they have connected to. This would introduce multiple extra layers of troubleshooting to our network, as well as elements that are neither self-managed (like the DNS filter) or manageable from our dashboard, so it is not something I would immediately recommend if the need arose for different VLANs. 5.2. Adding Web Technologies In order to have a complete experience for users of the network, it is necessary to also incorporate web elements to the infrastructure, mainly for providing critical security information and gathering user feedback. However, web technology can also be used to show local news and embed data from the CloudTrax dashboard so users can see the nearest nodes, how much traffic on the network etc etc. Redirecting users to a website after they connect to the network is handled with the 'Redirect URL' value on the dashboard. I have set this value to http://www.niceonedundalk.net. Redirection only works if using a captive portal solution on the public SSID, as it is your captive portal page (or splash page if not authentication the user) that does the redirecting. 5.2.1 Captive Portal Setup I am using the default Captive Portal option in the primary SSID which comes with several splash page templates and the ability to use vouchers, Paypal etc. to sell 'tokens'. I am opting to keep the network completely open and free, and have decided to use my own splash page template, which is the very first thing a user sees when opening the browser after network connection. 106 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 47. Splash Page for the Nice One Network The actual HTML used for the template is probably not necessary to go through, but suffice to say it can be edited directly form the CloudTrax dashboard. You can also use one of the pre-configured splash templates, designing your own splash page is purely optional. The splash can also be disable if desired. 107 A blueprint for low cost urban wifi based on mesh technology Investigation 5.2.2 Mesh Community Website I have built a complete community website for this project at the redirection site. Fig. 48. Website at http://www.niceonedundalk.net This is what the user will see after they read and click Enter on the previous splash page (unless they are on a mobile device, in which case they are presented a lower resolution version with less content). The site is built using the Joomla! CMS (Content Management System) found at http://www.joomla.org. It uses PHP and a MySQL database backend. Open source CMS systems generally have a wide large community of developers and testers, so there is a broad selection of templates and extensions that can be used to achieve the required result. The purpose if the site is as follows: Provide an overview of the mesh project Embed public elements from the dashboard including network map and bandwidth usage Show local news (imported using RSS Feed available at dundalk.ie) 108 A blueprint for low cost urban wifi based on mesh technology Investigation Give advice on wireless network security Display the Usage Policy for the network Provide a method of contacting the network administrators Display logos for sponsors of the project Display logos and/or advertisements for businesses that host gateway nodes User Surveys Generate additional revenue by using Google Custom Search facility, targeted at local business Later on this site could be used for other features, eg. Video chat, instant messaging etc. The redirect URL on the network can be disabled, or just set to http://www.google.ie or similar, if you want. You do not necessarily need to build your own. 5.3. Other Considerations As well as the other web features listed previously, something well worth considering is location aware apps for mobile devices. The survey in the previous chapter revealed people would be interested in this feature, and might even pay for it. Because each mesh node has a latitude/longitude position, and a unique identifier in the form of a MAC address (which is associated with a particular business), it is not unreasonable to assume that a mobile device application could be written that would alert network uses to special offers in certain shops as they passed by on the street, if they had previously registered for such alerts via our community website. I've quickly written a small app for the Android operating system that simply shows the nearest nodes on the network from your location, as a proof of concept. The app can be downloaded at http://www.niceonedundalk.net/app/NiceOneNetwork.apk and is also included on the project disk. A link on the main screen takes the user to the mobile version of the project website. Illustrated overleaf is how the app might look on both an iPhone (if the codebase was migrated) and an Android phone (which I have compiled for). 109 A blueprint for low cost urban wifi based on mesh technology Investigation Fig. 49. Mobile Application (app) to view nearby nodes Something else worth considering is that because the mesh network is basically one large, closed network between all the shops and shoppers in the town, that VoIP phones could be connected to the network and used to make free calls within the network. This would probably require the newer OM2P units with the LAN ports, and the bridging features of the secondary private SSID would be used. Phone devices could authenticate off a RADIUS server using their MAC addresses for security and monitoring of traffic. Something like Asterisk or FreeSwitch could be used to handle the VoIP, and it might even be possible to allow the use of a SIP client on smart phones so users can make free calls from anywhere in the mesh while keeping the same number. Another method to consider for the phone network would be the 'Mesh Potato' approach for handsets. Mesh Potatoes are mesh enabled devices with an RJ11 port to connect an inexpensive phone and an RJ45 to connect any desired IP device. 110 A blueprint for low cost urban wifi based on mesh technology Investigation According to http://villagetelco.org, the name comes from combining 'Mesh' with POTS (Plain Old Telephone Service) and ATA (patata is also Spanish for 'potato'). The project has had several iterations, but has now evolved into a full product, sponsored by billionaire Mark Shuttleworth of Ubuntu Linux fame, that can be purchased for about 100 euro per unit. Fig. 50. Evolution of the Mesh Potato note the attached OM1P device in the centre image! A business decision would need to be made as to which is cheaper on hosted sites an Open-Mesh AP with connected VoIP phone, or a Mesh Potato with a regular old fashioned handset attached. As regards monitoring, it is inevitable that some level of support and expertise will be required in the long term for the network. Even if somebody was able to login to the Linux server managing DNS to do some troubleshooting, they would need to be very comfortable with Linux commands to get the data they requires. They would then need to be fairly IT literate to know what to do with that data. For example, the following command tail -f /var/log/dnsmasq.log | grep checkin.open-mesh.com will filter out DNS traffic logs and show just check-in activity from the nodes. Useful, if you knew how to do this. Mar 27 10:23:18 dnsmasq[1610]: query[A] checkin.open-mesh.com from 10.106.82.15 Mar 27 10:23:18 dnsmasq[1610]: cached checkin.open-mesh.com is 50.17.245.251 111 A blueprint for low cost urban wifi based on mesh technology Investigation Mar 27 10:28:36 dnsmasq[1610]: query[A] checkin.open-mesh.com from 10.106.82.15 Mar 27 10:28:36 dnsmasq[1610]: cached checkin.open-mesh.com is 50.17.245.251 Using this command I was able to troubleshoot a mis-configured device in my early tests, and rectify the issue quite quickly afterwards. Also, the CloudTrax dashboard will send out mails if a node goes down, but who to send these too? It would need to be somebody who can actually act on the information, and know which nodes are relevant and which are not. From: [email protected] To: [email protected] Subject: niceonedundalk.net Node Alerts The following node(s) are down at niceonedundalk.net: 00:12:CF:D2:91:1E. Last Check-in: This is an automated hourly alert. that is alerting. 1 Hours, 49 Minutes. You will only receive this once per node If you receive it more often, then the node came back up before going down again. Brendan Minnish raised concerns in his interview about support for the network, and he was right. Careful consideration needs to be given to how exactly this network will be monitored and maintained. To help keep support down, filters may be required to only alert on gateway nodes that are not hosted on business premises for which there is no access outside of hours, for example. Again, somebody would need to be brought onboard with enough expertise to create these filters (and to carry out a multitude of other ongoing micro tasks). He also brought up the issue of logging and data retention on the network. I have made modifications to dnsmasq to enable logging of all queries. The log file can now be parsed to gather some additional data about the network traffic, see http://www.tannerwilliamson.com/2012/03/03/analyzing-dnsmasq-log-with-awk/ for an example. I also sent an email to the Data Commissioner to find out exactly what the law is 112 A blueprint for low cost urban wifi based on mesh technology Investigation when it comes to community based wireless network, and how projects like this are effected by the Communications Bill 2009 (and subsequent Communications Act 2011). From: [email protected] To: [email protected] Subject: retention of data on a community wireless network Dear Sir/Madam, I am seeking clarification on when exactly the data should be retained and how it should be retained when dealing with urban wireless networks. In essence the Communications (Retention of Data) Bill 2009 requires telecommunications companies, Internet service providers, and the like, to retain data about communications (though not the content of the communications); phone and mobile traffic data have to be retained for 2 years; Internet communications have to be retained for one year. My query is concerning community based wireless mesh networks, like those that can be built using equipment from Open-Mesh (http://www.open-mesh.com), for example. Does data need to be retained somehow in this instance? Who would be responsible if each member of the network is simply sharing out some of their existing broadband from different providers? Also, would this be different if local authorities were involved in providing some of the bandwidth? DHCP would still be handled elsewhere way above the local network, but DNS would be local and logs could be kept. Would this be sufficient? I look forward to your response, Paul Scollon They replied to my mail, but only to forward me to the Department of Justice. I went back meantime to Chris Murphy at Image IT Group and queried him about logging. His response was that they didn't officially keep any, other than the last 24 hours or so of DHCP requests on the router itself. He reckoned Digiweb were likely keeping traffic logs and as they were officially the ISP, then the onus was likely on them not themselves, however he had not come across or been presented with any legal 113 A blueprint for low cost urban wifi based on mesh technology Investigation requirements during the network deployment. By this logic, no logging would actually be required on the mesh network as each gateway is connected to a different ISP via a business router, and it is therefore the responsibility of that router's ISP to keep logs of traffic coming from that particular gateway node. This was also confirmed by the eventual response from the Department of Justice. From: [email protected] To: [email protected] Subject: re: fw: retention of data on a community wireless network Dear Mr. Scollon, I refer to your correspondence concerning the Communications (Retention of Data) Act 2011. You will appreciate that it is not appropriate for me to comment on an individual case or to give an interpretation on how the law might apply in any particular instance. From my understanding of your query, it would appear that it is the responsibility of the primary / underlying internet service providers (such as Eircom, Vodafone, O2 etc.) to retain the information required under the Act. I trust that this explains the position and I hope you find it helpful. Yours sincerely, Criminal Law Reform Department of Justice and Equality However, it is very likely an abuse of the Terms & Conditions of the service provided to use a router as a gateway in a public mesh network, something for which it was not originally intended when it was sent out to the customer. Further investigation would therefore be recommended in a real world scenario, although officially we can now say that the Department of Justice has confirmed that logging does not need to occur within the mesh itself. 114 A blueprint for low cost urban wifi based on mesh technology Results 6. Results All projects should produce results of some kind, and I believe a project like this one should ask the following before completion: • Cost Analysis – how much will it really cost to implement? Is it affordable and is there significant savings to make using Open Source technologies worth the “risk”? Business people and investors in the project will want to know. • Technical Feasibility – can this network actually do what what was proposed in the beginning? Does the hardware, software and expertise exist to implement this network successfully without any potential major delays? Is there any risk that the deployment might be canceled due to a technical problem that cannot be overcome? • Deployment Checklist – is it possible to produce an easy, step-by-step guide for deployment of the mesh network based on everything we have investigated up to now? Could this guide be followed by someone with only a moderate interest in technology? Can we give alternatives to steps that might be deemed too difficult to implement? • Recommendations – are there any caveats to using this technology that should be made clear? Are there any specific recommendation based on the research carried out? What new information has been discovered that may not have been available before to anyone wishing to build their own wireless mesh network? 115 A blueprint for low cost urban wifi based on mesh technology Results 6.1. Cost Analysis Going back to the title of this project “A blueprint for low cost urban wifi based on mesh technology”, it is important to revisit the “low cost” element. The technology has been fully investigated and proven to work, but could such a network be rolled out on a large scale at low cost? If not, the user may as well just contract an IT company to install off the shelf products and have warranties, support etc. in place if there is no difference in the cost. If cost saving is significant, as will now be investigated, then it is worth the extra effort to use open hardware and open software solutions and to invest some time in learning to use them. Municipal wifi networks can cost up to $125,000 per square mile to set up and maintain, depending on building heights and the city's terrain, according to city officials in Los Angeles when interview by the Los Angeles Times in 2007. At that cost, the price tag for covering Los Angeles' 498 square miles could reach more than $62 million (latimes.com, April 2007). Admittedly we are working with a smaller area if talking about any urban area in Ireland, but even just one square mile would cost 93,000 euro by these calculations. When asked what the budget for such a project in Dundalk would be, the local authorities told me they would be willing to pay in the region of 85,000 euro for just the town centre, so the figures are accurate enough. It is assumed this is the "all-in" cost, hardware, software, licenses, installation, maintenance and so on. Let's also add on an estimated annual recurring cost of 15,000 euro for maintenance, support, hardware repair etc. I now need to try and determine the equivalent all-in cost for an urban mesh network using the technologies discussed to date in this project. Like all good budget forecasts, the estimates should be as pessimistic as possible to try and come out with maximum possible cost for the network deployment. Even though many businesses in town will pay for and host mesh nodes as either gateways connected to their routers or as standalone access points, I will still factor in the cost of these units so that the final figure may represent not just a hybrid network solution but cost of a full solution to local authorities. Also, even though many of the servers could be donated in such a project as I determined early on, we will count the cost of such servers for the same reasons. 116 A blueprint for low cost urban wifi based on mesh technology Results The following table represents a breakdown of all costs involved. Description Qty Cost Open-Mesh OM1P Units 100 50 Open-Mesh OM1P Outdoor enclosures with PoE Injectors 50 10 Dell Poweredge R410 Server 1 1540 Debian Operating system and built-in Open Source software 3+ FREE Co-location of servers at hosting company 1 1800 per annum Installation and maintenance contract 1 10,000 per annum Total Cost of Deployment Recurring Annual Cost Total Notes This figure is more than enough to completely cover the greater 5000 urban area. Remember, each unit has a broadcast radius of 50-100 metres. Assuming half the units are 500 hosted on the exterior of buildings or on light posts etc. Using Xen (http://www.xen.org) for virtualisation, multiple servers can be hosted on one piece of 1540 hardware. These include DNS, Joomla website, possible 3rd party dashboard solution and so on. Debian is one of the most trusted Linux distribtions on the world. FREE Scales well and supports Xen Virtualisation. This would likely not be required, as the server could be racked at 1800 per local authorities data centre, or annum the servers could be donated by different parties and therefore hosted at different locations. There would not be much work involved in this, so 10,000 euro is a generous estimate. It is my opinion that this is the amount the contract should be offered for, 10,000 per and no more. The installers would annum be responsible for hiring of any equipment for mounting nodes on external poles, buildings etc. This amount should also cover purchasing and replacing of faulty units over time. 18840 11800 Table. 5. Total cost of deployment The absolute maximum cost of deployment for the urban mesh is 18,840 euro with annual recurring costs of 11,800 euro. However, maximising on the community element of a mesh network could bring the total cost in at as little as 5000 euro if this option was explored (the same cost as the wireless rollout in Drogheda last year). These figures are significantly lower than any local authority seems to be willing to 117 A blueprint for low cost urban wifi based on mesh technology Results pay, and therefore the idea of a mesh wireless network based on open technologies is at least worth exploring before deciding on vendor based solutions. 6.2. Technical Feasibility Weather or not the project is technically feasible should not be an analysis of weather mesh technology is fit for purpose, as this has already been discussed and depends greatly on what you hope to actually achieve with the final network. For low bandwidth use like email and casual browsing the mesh will work fine, but this project has already decided that if you need heavy video streaming or intend to have multiple VLANs for local authorities then a mesh network like the one described here is probably not the correct solution. Technical feasibility in this instance should determine if it is indeed possible to deploy the network in a reasonable time-frame with the technology explored. Building a micro version of the network myself took very little time in the previous chapter, so once the initial infrastructure is in place, adding additional nodes and expanding the mesh should be painless in the real world scenario. It would be important to try and rule as many support issues as possible from the start, so documentation to show business owners how exactly to attach a mesh node to their existing router would be critical. It would be also important to get some kind of agreement to have nodes at critical points along the network (the backbone) powered up even outside of regular business hours (as highlighted by Brendan Minnish in Chapter 4). Further documentation on the maintenance of the network should be produced during deployment. This would include details on how to replace an existing node, update the MAC Address in CloudTrax and so on. It might be no harm to build multiple version of the DNS and web server on our Xen Platform and introduce high availability to counteract any maintenance issues with the server (particularly DNS, as failure at this point on the network will bring down the entire service). Xen Virtualisation fully support high availability clusters, and no extra costs would be incurred to implement this as all the technology is Open Source. However, for TRUE high availability, it would be advisable to use secondary hardware, so add another 118 A blueprint for low cost urban wifi based on mesh technology Results 1540 euro to the original deployment budget in this scenario. This makes the TCO (Total Cost of Ownership) for the network just over 20,000 euro. 6.3. Deployment Checklist A step by step checklist to follow as a guide for deployment can now be produced. This is a top level list of things to investigate before proceeding, and many of these steps obviously have sub-sections. Some steps may not be required, and others may need to be added depending on the exact scenario. 1. Decide if the network is to be completely community based or if it will have input from local authorities. Have initial meetings and make sure everybody involved in the deployment is in agreement with the plan. Agree on the budget for the project and how funding will be managed. It might be necessary to appoint a committee to oversee the project. Decide on who will actually carry out the deployment and support the network – depending on circumstances this may need to be in the form of a tender. Check the legalities of whichever solution you choose in your geographical area. 2. Order any equipment needed. This will include the first batch of mesh nodes and the server hardware that will be used. The deployment team, consisting of any contractors and the technical contact for the committee, should be responsible for sourcing and running CAT5 cable and any other related work. The following steps are inter-changeable with the committee and the deployment team. 3. Build the server, install virtualisation and add 'guest' operation systems. Bring up and test DNS (if using your own), and optionally any third party dashboards and/or community website. Install fail-over systems on both the initial server and any secondary hardware invested in. Arrange colocation of server if required, otherwise rack the server at the chosen location and test. 4. When the initial nodes arrive from Open-Mesh, create a CloudTrax dashboard and test one or two nodes straight away. Arrange a custom script on the webserver with DNS over-rides to point at your own DNS server(s) or enable OpenDNS in the dashboard. Test nodes again for DNS filtering. 119 A blueprint for low cost urban wifi based on mesh technology Results 5. If implementing a secondary, secure SSID, put this in place now and test. 6. Start deploying nodes. Work from the centre of town, where you want the highest concentration of nodes, particular gateways. This is facilitated by a higher concentration of businesses in the area who already have connections to the Internet. Be sure the “backbone” is in place, basically a line of nodes throughout the town which are guaranteed to never be powered off and though which there will always be at least one route to the Internet. The backbone could theoretically run in a straight line across the town with a gateway on one or either end (refer back to Fig. 9. on page 32) 7. Mount any external APs in town centre next. 8. Do extensive testing that traffic can route around the network and out to the Internet at this time. Use the Google Maps plugin in the dashboard to view the routes. Experiment with taking down different nodes and make sure the distances are correct for the traffic to reroute. It may be useful at this time to have a grid overly on a map of the town centre at this point (CloudTrax allows overlays on the map), the dimensions of each 'block' on the grid equaling the radius of a mesh node e.g. 25m. This way it can be seen exactly where no coverage exists and where to put an AP to correct this. This is best illustrated with a diagram. Fig. 51. Using a grid to address where there is no coverage 120 A blueprint for low cost urban wifi based on mesh technology Results The grid will help you see areas of the town with no wireless coverage at all, but it will also help identify and address 'risk nodes', nodes that if they go down the nodes beyond them have no route. An example in the above diagram is the node mostly occupying block B12. Should it go down, the node in B11 is cut off from the network. However, the grid helps to see that placing a new AP node at A10 will help overcome this. If the committee and the deployment team are using a grid like this, information about the network can be easily communicated and visualised by all. This will ease deployment. Fig. 52. Node required at grid reference A10 9. Do extensive testing on DNS filtering and server fail-over. This must be guaranteed before the network goes live. Publicity for the mesh network project will be unfavourable if local school children are viewing adult material for free on a network sponsored by local business! Also, test any logging that is required is working correctly at this time. 10. Go live with the network. Now that the network is up, growth becomes organic as different businesses request nodes and join the mesh. Ideally, the process is as follows: • Interested parties will fill out a form like the one found on the community website at http://www.niceonedundalk.net/contact.html 121 A blueprint for low cost urban wifi based on mesh technology • Results The committee will contact them and have them sign the network agreement and pay the once off fee to cover cost of hardware. • A mesh node is assigned to the business. It's MAC address and geographical location is added to CloudTrax. The node and installation instructions are dispatched to the business (by post or with a network engineer). The business logo is added to the sponsors section of the website (if it's a gateway). 6.4. Recommendations Building your own wireless mesh network in your town or village is not an impossible task if using purpose built hardware and free online services like CloudTrax for the dashboard, OpenDNS for filtering and one of the many popular CMS systems or even a Facebook page as your community website. Minimum IT knowledge is required unless you actually try to implement advanced features like some of those covered in this project (your own DNS, secure SSID software, Location Aware apps etc.) Cost of the network deployment depends on how big the network will be and how many advanced features you want. The biggest cost would be for support and maintenance if required. Building your own mesh network is far cheaper than paying for an all-in-one solution. It is important to make it known that the mesh network is designed for low bandwidth traffic like email, VoIP and so on. Media streaming and large downloads are not recommended. The network should not be depended on for mission critical tasks or anything relating to emergency services. However, monitoring of traffic lights or pay parking facilities would be entirely possible. A mesh network like the one described here will aid in the promotion of local business via the community website. Indications are that the the network would be fully supported by local business owners. For any that need further convincing, note that mesh nodes can actually be hard-coded to go directly to the website of that business, rather than the community website. A non-participating restaurant for example could be shown that patrons can be taken directly to the a webpage 122 A blueprint for low cost urban wifi based on mesh technology Results displaying the lunch menu as soon as they open their wireless device. Features like this and the possibility of location aware mobile phone apps will help sway anyone who is unsure about the idea. It is generally accepted and understood that mesh networks do not scale well. However, it would be possible to have separate mesh networks for, let's say, each quarter of the town and have them share the same primary backbone by design, as illustrated below. Fig. 53. Splitting the mesh network into four to ease scalability It would not be inconceivable to allow traffic to pass between the individual meshes at the points where they touch or overlap (there's an option in CloudTrax that prevents this from happening by default, it can be easily switched off). Traffic would only flow in this direction if the secondary backbone for this particular mesh went down and an alternative route to the Internet was suddenly required as no gateways were active in that quadrant. 123 A blueprint for low cost urban wifi based on mesh technology Results It is important to highlight that an open mesh network in an urban area like the one proposed here is by no means secure, in fact, it's terribly insecure. This is the tradeoff for making the network extremely easy to join and having no required login credentials. In a real world scenario the insecurity of the network should be highlighted repeatedly to the user. While data on the PCs at each business is firewalled away behind the mesh nodes, any shared files or folders on each individual user device are at the mercy of their own security settings, which are usually insufficient. Also, there is not much to stop wireless traffic being sniffed and analysed if no encryption whatsoever is in use. Remember from Chapter 2 that Zhang et al (2007) recommend the following to ensure security: 1. Confidentiality or Privacy: The communication between users must be secure 2. Integrity: The paths must be protected to ensure the messages are not altered 3. Availability: Applications should provide reliable delivery of messages 4. Authentication: There should be some processes to identify the user to prevent fabrication 5. Authorisation: There should be mechanism to ensure users have the correct permissions 6. Accounting: Some process should be able to measure the resources the user consumes At least 2 of these are sacrificed by keeping the network open. However, ensuring all these points are taken care of can make the network near unusable for a visitor to the town. Where would they get login credentials? If something like library membership number was to be the primary authentication method then steps would need to be taken to ensure any library number from any town, or even European city, worked. However, not many people actually are members of the local library. It would be nearly better, but still not 100% guaranteed, to allow authentication off Facebook using Oauth as more people have Facebook accounts and it does not matter really where in the world they are. To allow authentication like this, which is at Layer 7 on the Network Model, the user would need to be given some kind of access were they can access at least one web page to authenticate off. This is not unlike captive portal solutions that are already 124 A blueprint for low cost urban wifi based on mesh technology Results supported by CloudTrax. What is being proposed here is Captive Portal that can use Oauth (an open protocol to allow secure API authorisation) to authenticate off Facebook, Twitter, Google etc. Alternatively, the Captive Portal could allow “self registration” where the user fills in all their own details and a confirmation code is sent by SMS to their mobile phone. This idea of self registration would tick the boxes for authentication and accounting, but also add value to the earlier idea of location aware apps for mobile devices. Users could register interest in certain types of products or services eg. Hamburgers, Guinness etc. and then be notified as they pass nodes on the network where there are special offers on those items (by text message, audio alert, email or other method). The other captive portals offered in Open-Mesh allow for taking Paypal payments in exchange for access to the network, which would only really work if the cost was very low. In a larger town or city the charges collected for access to the mesh could eventually pay for maintenance and support, but realistically people are not going to pay for access if they can have unlimited Internet traffic from their provider on their 3G phone. Wireless mesh technology can often be the correct solution for low cost urban wifi. However, free (or even paid) urban wifi like this is something that has about 5 or 10 years life left in this and other countries before it is replaced with 4G technologies like WiMAX. According to http://www.wimax.com, WiMAX is an IP based, wireless technology that provides performance similar to 802.11g/n networks with the coverage and QoS of a cellular networks. WiMAX is specifically intended for wireless "metropolitan area networks", providing wireless access up to 50 km for fixed stations, and 5 - 15 km for mobile stations. In contrast, the WiFi/802.11 wireless local area network standard is limited in most cases to no more than 100 m. WiMAX itself is to soon replaced by LTE, which uses the latest digital signal processing techniques and modulations to greatly increase the capacity and speed of wireless data networks. Where mesh technology could have most impact in the future is in undeveloped countries where cost is an actual concern and the chief barrier to those countries catching up with the rest of the world. Connecting towns and villages with mesh networks would lead to better education and aid business in poverty stricken areas 125 A blueprint for low cost urban wifi based on mesh technology Results of the world. A quick search for mesh deployments globally will show that in Africa the technology is quite popular, probably because local authorities there have no choice but to explore it as the cheapest option. However, once deployed, they often find the technology is just as good as any expensive solution they could have invested in – assuming their goals are similar to those laid out in this project. One question that has repeatedly raised itself during this project is who actually owns the network, and who is responsible for the maintenance of the network? The recommendation on this would be that the network can belong to the community if we wish (each business actually owning the hardware on their premises and therefore a 'piece' of the mesh), but it would be considered critical that separate to this ownership a maintenance contract (and therefore overall responsibility) sits with a third party who are paid the annual fee mentioned in the total cost of deployment earlier. Otherwise, it will be quite hard for the mesh project to survive long beyond when the first nodes start to fail or some other factor leads to a breakdown in service. Without a responsible party for maintenance and other issues, the project will be very quickly abandoned by all concerned. This is of course drives the cost of having a mesh network in your town up much higher than originally envisioned, but it is a necessary evil to make sure the project is not just a gimmick but something longterm that can actually have real value. Having now produced a set up results and made recommendations based on these results, it is time to conclude the project in the following, final chapter. 126 A blueprint for low cost urban wifi based on mesh technology Conclusion 7. Conclusion In April 2012 Dublin City Council released a RFT (Request for Tender) for the “Provision of Public Wireless Access in Dublin City Open Spaces” (Concession to Provide WiFi Services in Dublin City, 2012). I have read over this document and decided it is an ideal candidate to test my 'blueprint for low cost urban wifi based on mesh technology' against. Can the proposed network in this project deliver a viable solution in a real world scenario? The document states that “Dublin City Council is seeking to offer a concession for an experienced network provider to supply Public Wireless Broadband Services in various locations throughout the City” but, critically, “the City Council will not pay for this service, which will be a matter for the successful tenderer to establish and fund.” Given they do not want to actually pay for this network (basically what “concession” means), low cost is obviously required (or FREE, as far as the city council are concerned). So, they might not want to spend any money, but they will however give access to resources like CCTV camera poles, the document states. It can also be assumed other useful resources would be at the disposal of the deployment team and there might even be scope to use fibre running throughout the city as part of the backhaul link (but we can't depend on that right now). Further reading reveals the motivation behind the need for urban wifi in Dublin. The City Council acknowledges the important role of telecommunications in the economic, social and physical life of the city. Measures to improve the quality of life for citizens are also a core feature of the Development Plan. Furthermore, improving the attractiveness of the city for people and investors as a key part of maintaining competitiveness and creating a vibrant place that attracts and retains creative people within the city is also a key approach. The provision of publicly accessible WiFi reinforces Dublin City Council’s commitment in this regard. (Concession to Provide WiFi Services in Dublin City, 2012) They actually mention improving the quality of life for citizens, something I speculated on very early in this project. This is incredibly encouraging! They also want to increase awareness of local business which is something that has featured 127 A blueprint for low cost urban wifi based on mesh technology Conclusion heavily throughout the project – remember businesses will make the mesh possible by hosting nodes, in return for driving traffic in their direction. The survey results earlier showed that nearly all businesses thought this to be a fair exchange and would participate. The document acknowledges that many cities around the world now have free urban wifi and indicates that Dublin wants to be part of this new way of thinking. The first city to offer free WiFi was Sunnyvale, California in 2005. More recently cities including New York, Paris, Barcelona, Bilbao, Wellington and London (launching 2012) have provided the service in large concentrations. (Concession to Provide WiFi Services in Dublin City, 2012) I cannot deny that the release of this Request for Tender is great timing just as I am concluding my project on free urban wifi based on mesh technology. Forget the previous fictional scenario in Dundalk, here is a real world scenario we can apply the template to, and therefore make an ideal concluding chapter. So let's go through the specified (technology) requirements of Dublin City Council as listed in the RFT document to see if the low cost mesh network I have proposed in this project would be a suitable candidate and if it would need much tweaking to fit their needs. The document asks for an experienced network provider to undertake the project, so let's assume this mesh is being deployed by a small to medium sized IT company who have tendered for the contract. In the following pages I will highlight and identify the major requirements in various sections of the RFT document, and try to match each requirement up to the various features of the mesh network outlined in this project so far. Additional suggestions and proposals will likely be required on my behalf to make the mesh template “fit” the real world requirements satisfactorily. 1.3.2. Tenderers should be aware that the successful Tenderer will be required to fully manage, maintain and operate the network. 128 A blueprint for low cost urban wifi based on mesh technology Conclusion This should not be a problem. By design, the network is mostly self-maintaining and each device is self-configuring. However, we would need to ensure there is a satisfactory response to nodes that go down (allowed, as units could be powered off on business premises) but do not come back up in a reasonable time. This response could be a simple phone call to the “owner” of the node and maybe a site visit if this does not solve the issue. Remember that we previously determined nodes should really be left powered on at all times, and the participants in the mesh network should sign an agreement to do this. Adding of the nodes to the dashboard could be handled either by the deployment team prior to posting/couriering node to the business premises, or by some form of self registration on a website that the business owner could carry out with the aid of documentation posted out with the node device (the same documentation contains instructions on how to connect mesh node to the existing broadband router). Also, during my research I have determined the following approximate speed reductions based on number of hops: • 0 hops (gateway) = full speed • 1 hop = 1/2 speed • 2 hops = 1/4 speed • 3 hops = 1/8 speed • 4 hops = 1/16 speed and so on For this reason, gateways should be as centrally located as possible to ensure no one node has more than 2 hops to make to get to the Internet. This needs to be kept in mind right from the start. 1.3.3. The City Council will not pay for this service, which will be a matter for the successful tenderer to establish and fund. This is where the “low cost” element becomes useful. No IT Company would undertake a project like this unless it really was low cost. Even if charging per use for network access, it would not be worthwhile if the deployment cost ran into hundreds 129 A blueprint for low cost urban wifi based on mesh technology Conclusion of thousands as it would take too long for a return on investment. There is no escaping that a large number of nodes would be required. To fully deploy in an urban area like Dublin City Centre, at least 25 or 30 nodes would be required per square mile, just to ensure proper coverage. Weather or not additional nodes would be needed would be determined by how much minimum bandwidth we wanted per user, how much bandwidth was actually available and just how many users with wireless devices would be present per square mile, on average. Realistically this figures would not be known until the first nodes were actually deployed and traffic logs were carefully analysed. However, even with hundreds or even thousands of nodes across the city, the mesh network will ultimately pay for itself. Each business that participates will “sponsor” a node, getting their logo on the mesh network homepage (or even having that node redirect all traffic to their own website, if that is what it takes to get them on board). A once off 50 or 60 euro charge for ongoing free advertising (potentially for years and years) is not something many businesses will turn down. This takes care of the basic hardware costs. Other costs like DNS filtering, backup DSL connections etc. can be easily covered by using a Captive Portal solution with payment via vouchers, which could be purchased in newsagents throughout the city. In fact, the CloudTrax dashboard actually has an option called “Require Vouchers” and when enabled you can specify access time durations or increased speed limits as the features that using a voucher actually gain for the user. You can also allow multiple additional devices to voucher users. It's highly configurable. Vouchers can be printed in the newsagents on a 3” printer like the Star Micronics TSP100, for example (similar to the devices that print mobile phone credit). A feature called “Lobby Assistant” allows authorised users to login for printing vouchers. I would propose allowing the sale of vouchers in Tourist Information offices and major newsagent franchises like Centra, Spar, Londis throughout the city (similar to how tram tickets are purchased in most European cities). This would of course add other factors such as logistics and additional support to the mesh network – how would tourists know where to go for vouchers? Where would the printing paper come from? Who would the outlet contact if the printer needed ink or maintenance? Other work may well need to be contracted out if vouchers became part of the big picture. 130 A blueprint for low cost urban wifi based on mesh technology Conclusion 3.4.1. The Dublin City Council WiFi project is focused on making internet access much more freely available to both the citizens of Dublin City and its visitors. The key aims of the City Council’s WiFi project are to: • Provide free public access to internet services at key destinations in the city centre. This is a given. I believe the best way to achieve this initially (first phase) would be to make an agreement with the same newsagent outlets selling the vouchers. Nodes placed at these locations will give a good spread over the city centre nearly straight away. I can think of at least 4 or 5 newsagents in Dame Street alone. • Promote Dublin as a forward-thinking and digitally inclusive city. The addition of an urban wifi solution and the publicity that could follow would definitely portray Dublin as forward thinking. Adding apps, VoIP and so on over time would only enhance this image. Tourists would immediately notice the network when they use their smartphones and other devices, and because of the easy access this would give them to tourist information, restaurant locations etc. any reports about digital integration in Dublin would be favourable when they return home. • Introduce WiFi as an aid to foster economic growth, making Dublin city centre a more attractive destination for citizens, business and visitors. As mentioned previously, there would be significant benefits of the mesh network for tourists. However, as detailed in the previous chapters, the main focus of the mesh is economic growth. By design the network grows as more businesses sign up, and in return traffic is directed towards these businesses via the main website. However, businesses also have the advantage of instance wifi hotspots on their premises for customer use, free VoIP phone calls within the mesh, the ability to integrate location aware apps into their business model (for example, Guinness have an app that informs you of the 131 A blueprint for low cost urban wifi based on mesh technology Conclusion nearest place to get a pint – something that would generate lots of revenue in the city for pubs and restaurants). Also, public information apps about traffic congestion, flooding etc. could be integrated into the mesh network easily. • Increase public access to on-line services and information. Aside from the obvious applications mentioned above, newer technologies like QR (Quick Response) codes code be employed to allow users access to public information while walking around the city. Because a user is technically as well as physically mobile as he walks around the mesh, there is no reason a QR code cannot contain information about an event, opening times, menu etc. Fig. 54. Sample QR Code The user simply scans the code with his smartphone and the required information (hosted online but linked to the pattern in the code when decrypted) is immediately displayed. Greater connectivity within the city would allow for this technology to be used more than it currently is. 132 A blueprint for low cost urban wifi based on mesh technology Conclusion Fig. 55. Application of a QR Code If you travel to New York you can see many instances of QR codes about the city, on major buildings, works of art, near museums etc. When the user scans the code they get access to a wide range of options including directions, history, opening times, ticket sales and so on. A feature like this in Dublin would very much aid the vision of a forward thinking city. 3.5.1. An essential part of the WiFi concession is that a sufficient amount of free time with excellent quality of service is provided. This is easily handled by the CloudTrax dashboard. All that would need agreement is the actual limits to enforce before users have to actually purchase a voucher. 3.5.3. As a minimum, the offer shall cover: • The Priority Locations identified by the City Council (as set out in section 3.7.1) 3.7.1 outlines the following locations (and a few others): 133 A blueprint for low cost urban wifi based on mesh technology • Smithfield Square • Barnardo’s Square • Clarendon Street • St. Patrick’s Park • O’Connell Street • Temple Bar Square • Merrion Square • Henry Street • Grafton Street Conclusion I cannot think of one of these streets that does not have either a Centra or Spar newsagent. This adds weight to my suggestion that an agreement could be entered into with these chains to both provide the network backbone across the city and also for vouchers to be purchased at these locations. It would however be critical to get an agreement such as this in place almost immediately. Once these locations were up and running, other businesses nearby would become aware of the mesh, and going by previous survey results most of them would be willing to join in (especially when they see they can have free advertising on the mesh network). • A daily period of free internet access for users, time and limitations to be included within the proposal Again, CloudTrax could easily allow all of these. • A Quality of Service with a minimum standard of broadband speed at peak/busy times The nature of mesh allows for a greater uptime than most networks, and QoS was fully investigated during the Technology Review. Admittedly some services will work better than others on the mesh, and there are some places where it will fall down. However, these limitations could be clearly defined on 134 A blueprint for low cost urban wifi based on mesh technology Conclusion the Splash Page. 3.5.4. Other areas of interest to the City Council would include additional hotspot areas with longer or unlimited usage, extending the coverage wider and the potential for the City Council information to be broadcast to users. Additional hotspots is of course the goal of the mesh (it wants to spread), and this would be facilitated by more businesses and hopefully city residents investing in node units like I described in the original plan. As individual nodes can be given commands so their behaviour over-rides the dashboard defaults, there is no reason why some nodes cannot have longer or even unlimited usage before vouchers are required. In the same way, certain nodes could redirect to Council pages to give out public information, or public information could be fed to the main site via RSS Feed (see how dundalk.ie news is displayed on http://www.niceonedundalk.net) 3.7.3. The preferred option for branding and advertising the Wifi location in the vicinity is to be included in the proposal. There is no reason the mesh network cannot be easily branded in any way required. All technologies used in the design are Open Source, which allow for easy customisation and rebranding of the network. Ideally a PR Company would be brought in to deal with the details of this, but anything is possible technically: website branding, app branding, export to Twitter and Facebook via RSS, etc. 3.7.4. Of significant importance to the vitality of Dublin City is its annual calendar of events. In assessing the provision of WiFi services in the city it would be appropriate that due consideration is given to the availability of this service on a temporary basis for one off/recurring events in the city such as the Innovation Dublin festival, the St. Patrick’s Festival, Tall Ships Festival and so forth. With this in mind, proposals for the provision of WiFi services for cultural/ international events on a temporary basis within the city will also be considered as part of the concession. Because of the nature of the mesh network, it would simply be a matter of connecting some APs in the vicinity of the event. These APs would relay traffic off to the nearest gateway, which should never be too far away if the mesh project proved 135 A blueprint for low cost urban wifi based on mesh technology Conclusion successful. There could be a group of nodes reserved for use at these events, and their MAC addresses could be easily reassigned on the CloudTrax Google Maps overlay as required. However, the ideal scenario is to position some nodes permanently in external enclosures at the common outdoor locations for these events (Trinity Campus, Docklands, RDS and so forth). The document states that the Council are willing to give access to CCTV poles, which is ideal as it keep nodes out of reach of the public and these pole also have power which the nodes could utilise. 3.10.1. Tenderers will be responsible for and set out procedures for registration, identification and verification of new users. As we intend the network to be open, registration of user details is not really necessary. However, if required it can be easily added to the Captive Portal in the form of self-registration. Users would be tied to both the MAC address of their device and possibly a voucher code they have entered. If vouchers were to be purchased online, we could capture their details then when they first try to purchase a voucher. They are several other variations, but suffice to say this could be catered for. We could even use Freeradius authentication or implement the Oauth/Facebook solution suggested in the previous chapter. 3.10.2. Tenderers will be responsible for and specify the appropriate filtering and reporting to be carried out in accordance with required legal standards. It is refreshing to see that Dublin City Council are actually concerned about filtering. I have maintained all throughout this project that public wifi without some form of filtering is not only irresponsible, put potentially illegal. I am happy to see that a real world scenario actually does require it. This is where the DNS Filtering detailed in this project would be the perfect solution, and is proven to have been worthwhile investigating. DNS logs could also be kept for the required period of time, and the Department of Justice have previously confirmed that in a mesh network such as this one the responsibility for any other logs would be with the ISPs for each gateway node. 136 A blueprint for low cost urban wifi based on mesh technology Conclusion 3.10.3. Tenderers will be responsible for and specify the control and maintenance of transaction records in accordance with data requirements. It is assumed the above mentioned DNS records would be include with this point, as well as any logs produced by the Captive Portal solution in relation to voucher use. 3.10.6. The approximate number of users and bandwidth availability per specified location should be set out clearly. In addition the “spine” network should be set out including linkages, capacities, and costs involved. The values requested here are those we would determine during Phase 1 when traffic logs are analysed (mentioned earlier in response to 1.3.3). It would not be a big problem to run simulations and clearly specify the results in a document. For example, for the purpose of the tender we could take 4 or 5 mesh nodes up to Merrion Square and leave them powered up for the day. An analysis of the logs would show us the number of users per hour at each AP (wireless devices will automatically connect to any SSID with no encryption enabled). This basic figure could be used to estimate the figures required by the RFT document. The “spine” network referred to is most likely what I have referred to repeatedly as the backbone network. This I am proposing as a series of nodes, all gateways, running across the city centre with DSL backups on either end on the backbone (one should ideally also be put at the halfway point). Each point along the way is hosted at either a Centra, Londis or Spar outlet (who also sell the vouchers) and firm agreements are in place that these nodes will always be powered on. The challenge here would be getting those franchises onboard quickly and getting those nodes in place first. Once they are up, we could approach the pubs and restaurants and possibly some of the major hotel groups – nodes at these location would very quickly fill in the gaps as there is such a high concentration of these types of business in Dublin City Centre (they are also the type who would benefit most from services layered on top of the network). Costs will be made up of the price of the nodes plus any costs relating to the backup DSL connections. It may also be required to mount several points on external structures to bridge gaps between the different outlets ie. There may be instances 137 A blueprint for low cost urban wifi based on mesh technology Conclusion where there is not another newsagent for more that 100 metres (I would propose using the newer OM2P devices here for longer range than the OM1P – it has 4 times the speed and 4 times the transmit power of the older device). 3.10.7. Tenderers should indicate how open the architecture proposed is, and how it accommodates the potential for future expansion. This should be done on a population basis, and will include “traffic capacity” and any thresholds requiring a quantum change in infrastructure. As explained in the previous chapters, the architecture proposed is VERY open, on purpose. This will certainly accommodate future expansion (meshes can even be joined to other mesh networks). The graphs and statistics produced by CloudTrax will indicate when the “organic” growth of the network is to be interrupted and additional nodes need to be placed at particular location. However, it should be possible to forecast when these thresholds are approaching and open up new negotiations with other business franchises about the city to gently push the organic growth of the network along. There are many franchises in the city, from Noodle Bars and Coffee Shop outlets to Bookmakers and Chemists. This answers all the technical requirements of the document, the rest are the usual business and legal requirements found in most Requests for Tender. As we can see, the blueprint for a low cost urban wifi mesh fits quite well into a real world request for city-wide connectivity with little or no budget provided. Very little tweaking was required to meet the requirements in the document. I believe this shows that an urban mesh, with elements supported by the local community (both residential and business) and local authorities (if possible) should at least be considered in any scenario where wireless is required over a large, public area. 138 A blueprint for low cost urban wifi based on mesh technology Appendix A Appendix A Sample SquidGuard Configuration #Allow ALL clients acl all src 0.0.0.0/0.0.0.0 # acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 #acl SSL_ports port 443 563 # #We are going to proxy port 80 only. Port 443 should be dealt with somewhere else. acl Safe_ports port 80 # #acl Safe_ports port 80 443 #acl Safe_ports port 80 21 443 563 70 210 102565535 acl CONNECT method CONNECT # # # Default configuration #### # http_access allow manager localhost http_access deny manager http_access deny !Safe_ports #http_access deny CONNECT !SSL_ports http_access deny CONNECT !Safe_ports http_access allow CONNECT http_access allow all http_access deny all icp_access allow all miss_access allow all # # General Config Stuff #### # cache_mem 64 MB cache_dir aufs /cache/ 10000 22 256 cache_store_log none half_closed_clients off maximum_object_size 1024 KB reply_body_max_size 50 MB http_port 10000 hierarchy_stoplist cgibin ? access_log /var/log/squid3/access.log squid url_rewrite_program /usr/bin/squidGuard refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 vi A blueprint for low cost urban wifi based on mesh technology Appendix A refresh_pattern (cgibin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 visible_hostname proxy.niceonedundalk.net icp_port 3130 coredump_dir /var/spool/squid3 # # Torrents by list, mime type, file extension #### # acl torrents browser "/etc/squid3/torrents.txt" acl deny_mime_torrent rep_mime_type application/xbittorrent acl deny_dot_torrent url_regex i \.torrent$ http_access deny torrents http_access deny deny_dot_torrent all http_reply_access deny deny_mime_torrent # # Refresh pattern optimisation #### # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 overrideexpire ignore nocache ignorenostore ignoreprivate refresh_pattern i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|xflv)$ 43200 90% 432000 overrideexpire ignorenocache ignorenostore ignoreprivate refresh_pattern i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 overrideexpire ignorenocache ignorenostore ignoreprivate refresh_pattern i \.index.(html|htm)$ 0 40% 10080 refresh_pattern i \.(html|htm|css|js)$ 1440 40% 40320 refresh_pattern . 0 40% 40320 # # DELAY POOLS CONFIG #### # #This is the most important part for shaping incoming traffic with Squid #For detailed description see squid.conf file or docs at http://www.squid−cache.org #We don't want to limit downloads on certain networks or from certain IPs... acl magic_words1 url_regex i 193.1.45 #acl magic_words1 url_regex i 192.1 #We want to limit downloads of these type of files #Put this all in one line acl magic_words2 url_regex i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .ram .rm .iso .raw .wav .mov #We don't block .html, .gif, .jpg and similar files, because they #generally don't consume much bandwidth besides we're caching them anyway #We want to limit bandwidth during the day, and allow #full bandwidth after business hours #Caution! with the acl below downloads are likely to break at 18:00. acl day time 09:0018:00 vii A blueprint for low cost urban wifi based on mesh technology Appendix A #We have two different delay_pools delay_pools 2 #First delay pool #We don't want to delay our local traffic. #There are three pool classes; here we will deal only with the second. #First delay class (1) of second type (2). delay_class 1 2 #−1/−1 mean that there are no limits. delay_parameters 1 1/1 1/1 #magic_words1: we have set before delay_access 1 allow magic_words1 #Second delay pool. #we want to delay downloading files mentioned in magic_words2. #Second delay class (2) of second type (2). delay_class 2 2 #The numbers here are values in bytes; #we must remember that Squid doesn't consider start/stop bits #50000/1500000 are values for the whole network #5000/1200000 are values for the single IP # #after downloaded files exceed about 1500000 bytes (approx 1.5 mb),(or even twice or three times as much) #they will continue to download at about 500000 bytes/s approx 0.5 mb) delay_parameters 2 500000/1500000 50000/1200000 delay_access 2 allow day delay_access 2 deny !day delay_access 2 allow magic_words2 #openmesh units will have further throttling options on them. Comment out above if necessary while troubleshooting viii A blueprint for low cost urban wifi based on mesh technology Appendix B Appendix B Results of Survey from Chapter 4 The following survey is designed to gather feedback from potential business users about this idea. Please take a few minutes to complete. First Thoughts This question is required Having read a description of the mesh network, do you think it is a good idea? Do you see value in it? Yes 100% Incredibly good and unexpected result No ix A blueprint for low cost urban wifi based on mesh technology Appendix B Participation This question is required Would you be inclined to participate in the mesh network? It would involve a once off cost of 50 euro, and in return you would get free online adverting on the mesh website. There would be no reduction in your speed and your own business network would be totally secure. You would simply be giving away a little bit of your Internet access that you weren't using anyway. Yes 92.86 % No Need more convincing 7.14 % Again, a great result. Only 2 companies needed more convincing. x A blueprint for low cost urban wifi based on mesh technology Appendix B This question is required Given that you are not using it anyway, would you be willing to give over ALL your unused bandwidth to the network? That is, would you be happy for customer on your premises to have higher speed Internet while you are not using it at all? Yes 92.86 % No 7.14 % A very unexpected high result for this one, and very reassuring. It reaffirms that the community spirit required for projects like this one does actually exist. xi A blueprint for low cost urban wifi based on mesh technology Appendix B This question is required Given that you are onboard with the idea, or will be later on, do you think you could easily convince a colleague or neighbouring business to also join the mesh? Yes 85.71 % No 14.29 % xii A blueprint for low cost urban wifi based on mesh technology Appendix B This question is required Would you be totally AGAINST the idea of letting smaller, neighbouring businesses use a portion of your flat-rate, unused bandwidth as well as regular shoppers? Yes 21.43 % No 78.57 % In retrospect, this question may have been slightly confusing. However, the result is very encouraging. Not as many people are against the idea as I thought would be. I expected more of a 50/50 split here. xiii A blueprint for low cost urban wifi based on mesh technology Appendix B Business Perspectives This question is required Do you think free public wifi could be good for business in Dundalk? Yes 100% A great response from real business owners in the area No xiv A blueprint for low cost urban wifi based on mesh technology This question is required Would you be interested in a Location Aware smartphone app to help promote your business on the network? For example, alert passers by to a sale inside the shop. This would be possible with this kind of network. Yes 100% No REALLY unexpected, but again, very encouraging. Something worth further investigation. xv Appendix B A blueprint for low cost urban wifi based on mesh technology This question is required Given you are interested in the app idea, would you pay a small fee for it? Yes 78.57 % No 21.43 % A surprisingly high percentage would pay for the app, possibly funding the development phase of such a product xvi Appendix B A blueprint for low cost urban wifi based on mesh technology Appendix B This question is required If you had a large premises, or multiple stories, would you be interested in buying multiple mesh units to provide full coverage to your business? Yes 42.86% No 50% Not Sure 7.14 % Exactly 50% of users would NOT buy and host more than one mesh unit if their premises was big enough. Of the 7.14% not sure, I feel they would say YES if actually faced with the scenario xvii A blueprint for low cost urban wifi based on mesh technology The Future This question is required Would you be interested in free business-to-business phone calls to within the mesh? Yes 71.43 % No 28.57 % I thought this might be higher, but it's a promising number xviii Appendix B A blueprint for low cost urban wifi based on mesh technology This question is required If you were not previously convinced about the mesh network, would the above free phone calls help sway your opinion? Yes 50% An interesting split on this last question No 50% xix Appendix B A blueprint for low cost urban wifi based on mesh technology References References 'From Applications to ROI: System Architecture for Wireless Meshes - Farpoint Group, Whitepaper', SearchTelecom. 2007. Available: http://media.techtarget.com/searchNetworking/downloads (5 Nov. 2011) 'How Wireless Mesh Networks Work' 20 June 2007. Available: http://computer.howstuffworks.com/how-wireless-mesh-networks-work.htm (10 Nov. 2011) 'Wireless Mesh Topology' November 2010. Available: http://www.moskaluk.com/Mesh/wireless_mesh_topology.htm (20 Nov. 2011) 'Smartdust' October 2010. Available: http://en.wikipedia.org/wiki/Smart_dust (8 Dec. 2011) Raniwala. A. and Chiueh, T. (2003) 'Deployment Issues in Enterprise Wireless LANs'. Stony Brook University, NY Hossain, E., and Leung, K. (eds), 2007, 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer Gungor, V.C., Natalizio, E., Pace. P and Avallone S. (2007) Hossain, E., and Leung, K. (eds), 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer. P24-50 Huang. J.-H., Wang. L.C., and Chang. C.J. (2007) Hossain, E., and Leung, K. (eds), 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer. p51-78 Sayegh A., Todd, T. and Smadi, M (2007) Hossain, E., and Leung, K. (eds), 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer. P188-210 Zhang. W., Wang. Z., Das. S.K. and. Hassan. M. (2007) Hossain, E., and Leung, K. (eds), 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer. P188-210 Koksal. C.E, (2007) Hossain, E., and Leung, K. (eds), 'Wireless Mesh Networks Architectures and Protocols'. New York, Springer. P247-265 Vasseur, J.-P., and Dunkels, A. (2010) 'Interconnecting smart objects with IP: The next Internet'. Burlington MA, Morgan Kaufmann Publishers/Elsevier Akyildiz, I., Wang, X. and Wang, W. (2005) 'Wireless mesh networks: a survey'. Computer Networks, Vol 47, Issue 4, p. 445-487 Muogilim, O., Loo, K. and Comley, R., (2011) 'Wireless mesh network security: A traffic engineering management approach'. Journal of Network and Computer Applications, Vol 34, Issue 2, p. 478-491 Pal, A. and Nasipuri A., (2011) 'A quality based routing protocol for wireless mesh networks'. Pervasive and Mobile Computing, Vol 7, Issue 5, p. 611-626 A blueprint for low cost urban wifi based on mesh technology References Kim, J., Sridhara, V. and Bohacek, S. (2009) 'Realistic mobility simulation of urban mesh networks'. Ad Hoc Networks, Vol 7, Issue 2, p. 411-430 Kandikattu, R. and Jacob, L. (2008) 'A Secure IPv6-based Urban Wireless Mesh Network (SUMNv6)'. Computer Communications, Vol 31, Issue 15, p. 3707-3718 Jun. J. and Mihail, S. (2008) 'MRP: Wireless mesh networks routing protocol'. Computer Communications, Vol 31, Issue 7, p. 1413-1435 Hafslund. A., Tønnesen, A.,Rotvik. R.B., Andersson. J. and Øivind. K. (2004) 'Secure Extension to the OLSR protocol'. OLSR Interop and Workshop Johnson, D., Ntlatlapa, N. and Aichele, C. (2008) 'Simple pragmatic approach to mesh routing using BATMAN'. 2nd IFIP International Symposium on Wireless Communications and Information Technology in Developing Countries, CSIR, Pretoria, South Africa, 6-7 October, pp 10 Gkelias . A. and Sharma, S. (2012) 'Performance Evaluation of BATMAN, DSR, OLSR Routing Protocols - A Review'. International Journal of Emerging Technology and Advanced Engineering, Vol 2, Issue 1, p. 184-188 Raniwala. A. and Leung , K.K. (2008) 'Multiple Antenna Techniques for Wireless Mesh Networks '. Department of Electrical and Electronic Engineering , Imperial College , London Jun. J. and Sichitiu , M.L. (2008) 'MRP: Wireless Mesh Networks Routing Protocol'. Department of Electrical and Computer Engineering , North Carolina State University , Raleigh Johnson. D., Matthee. K., Sokoya. D., Mboweni. L., Makan. A. and Kotze. H. (2007) 'Building a Rural Wireless Mesh Network - A do-it-yourself guide to planning and building a Freifunk based mesh network'. Wireless Africa, Meraka Institute, South Africa 'L.A. mayor wants citywide wireless access' 20 June 2007. Available: http://articles.latimes.com/2007/feb/14/business/fi-wifi14 (2 April. 2012) 'Concession to Provide WiFi Services in Dublin City', Dublin City Council. 2012. Available: http://www.etenders.gov.ie (18 April 2012) A blueprint for low cost urban wifi based on mesh technology Glossary Glossary Although by no means a complete list, these technical terms were used in the project and some of them may need further explanation or clarification. Most of the following definitions were taken from http://www.wikipedia.org, a free online encyclopedia built collaboratively using wiki software, and http://www.webopedia.com, a combined online computer dictionary and Internet search engine for technical support personnel. 802.11a IEEE 802.11a-1999 or 802.11a is an amendment to the IEEE 802.11 specification that added a higher data rate of up to 54 Mbit/s using the 5 GHz band. It has seen widespread worldwide implementation, particularly within the corporate workspace. The amendment has been incorporated into the published IEEE 802.11-2007 standard. 802.11b IEEE 802.11b-1999 or 802.11b, is an amendment to the IEEE 802.11 specification that extended throughput up to 11 Mbit/s using the same 2.4 GHz band. This specification under the marketing name of Wi-Fi has been implemented all over the world. The amendment has been incorporated into the published IEEE 802.11-2007 standard. 802.11g IEEE 802.11g-2003 or 802.11g is an amendment to the IEEE 802.11 specification that extended throughput to up to 54 Mbit/s using the same 2.4 GHz band as 802.11b. This specification under the marketing name of Wi-Fi has been implemented all over the world. The 802.11g protocol is now Clause 19 of the published IEEE 802.11-2007 standard. 802.11n IEEE 802.11n-2009 is an amendment to the IEEE 802.11-2007 wireless networking standard to improve network throughput over the two previous standards—802.11a and 802.11g - with a significant increase in the maximum net data rate from 54 Mbit/s to 600 Mbit/s (slightly higher gross bit rate including for example error-correction codes, and slightly lower maximum throughput) with the use of four spatial streams at a channel width of 40 MHz. 802.1X IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. Ad-Hoc The term ad hoc networking typically refers to a system of network elements that combine to form a network requiring little or no planning. AES Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. ARP Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses Co-Op A cooperative (also co-operative or co-op) is an autonomous association of persons who voluntarily cooperate for their mutual social, economic, and cultural benefit. Daemon In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user. DHCP The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default route and routing prefix. DNS The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. Ethernet Ethernet is a family of computer networking technologies for local area networks (LANs) commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies. Systems communicating over Ethernet divide a stream of data into individual packets called frames. Each frame contains source and destination addresses and error-checking data so that damaged A blueprint for low cost urban wifi based on mesh technology Glossary data can be detected and re-transmitted. Firmware In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices. FTP Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring Web pages from a server to a user's browser and SMTP for transferring electronic mail across the Internet in that, like these technologies, FTP uses the Internet's TCP/IP protocols to enable data transfer. GNU The GNU General Public License (GNU GPL or simply GPL) is the most widely used free software license, originally written by Richard Stallman for the GNU Project. The GPL is the first copyleft license for general use, which means that derived works can only be distributed under the same license terms. Under this philosophy, the GPL grants the recipients of a computer program the rights of the free software definition and uses copyleft to ensure the freedoms are preserved, even when the work is changed or added to. Hello OLSR makes use of "Hello" messages to find its one hop neighbors and its two hop neighbors through their responses. The sender can then select its multipoint relays (MPR) based on the one hop node that offers the best routes to the two hop nodes. HTTP Short for HyperText Transfer Protocol, the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. Internet The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite (often called TCP/IP, although not all protocols use TCP) to serve billions of users worldwide. It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies. Joomla Joomla (Joomla!) is a free and open source content management system (CMS) for publishing content on the World Wide Web and intranets. LAN A local area network (LAN) is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building. The defining characteristics of LANs, in contrast to wide area networks (WANs), include their usually higher data-transfer rates, smaller geographic area, and lack of a need for leased telecommunication lines. Linux A Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of Linux is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds. LTE 3GPP Long Term Evolution, referred to as LTE and marketed as 4G LTE, is a standard for wireless communication of high-speed data for mobile phones and data terminals. The LTE wireless interface is incompatible with 2G and 3G networks, so that it must be operated on a separate wireless spectrum. MAC The media access control (MAC) data communication protocol sub-layer, also known as the medium access control, is a sublayer of the data link layer specified in the seven-layer OSI model (layer 2). It provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. Ethernet. MANET A mobile ad-hoc network (MANET) is a self-configuring infrastructureless network of mobile devices connected by wireless links. Megabit When used to described data transfer rates, a megabit refers to one million bits. Networks are often measured in megabits per second, abbreviated as Mbps. Mesh A wireless mesh network (WMN) is a communications network made up of radio nodes organized in a mesh topology. MIPS MIPS (originally an acronym for Microprocessor without Interlocked Pipeline Stages) is A blueprint for low cost urban wifi based on mesh technology Glossary a reduced instruction set computer (RISC) instruction set architecture (ISA) developed by MIPS Technologies (formerly MIPS Computer Systems, Inc.). The early MIPS architectures were 32-bit, and later versions were 64-bit. MPR Multi Point Relays are nodes in wireless Ad-Hoc networks that do the job of relaying messages between nodes, they also have the main role in routing and selecting the proper route from any source to any desired destination node. Ms-Chapv2 MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. MS-CHAPv2 was introduced with Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MSCHAPv1. MySQL Relational database management system (RDBMS) that runs as a server providing multi-user access to a number of databases. OLSR The Optimized Link State Routing Protocolis an IP routing protocol optimized for mobile ad-hoc networks, which can also be used on other wireless ad-hoc networks. PEAP The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel. PHP PHP is A Server-side HTML embedded scripting language. It provides web developers with a full suite of tools for building dynamic websites. Proxy A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. QR Code QR is short for Quick Response. QR codes are used to take a piece of information from a transitory media and put it quicly in your smartphone. The reason why they are more useful than a standard barcode is that they can store (and digitally present) much more data, including url links, geo coordinates, and text. Generally a QR Reader app is required on the device in order to scan the QR code. Radius Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. Router A router is a device that forwards data packets between computer networks, creating an overlay internetwork . RSS RSS (Rich Site Summary) is a format for delivering regularly changing web content. Many news-related sites, weblogs and other online publishers syndicate their content as an RSS Feed to whoever wants it. SMTP Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. SPI In computing, any firewall that performs stateful packet inspection is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected. SSH Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively). SSID Service set identifier, a 32-character unique identifier attached to the header of packets before transmission over a wireless network, ensuring only authorised devices can connect. A blueprint for low cost urban wifi based on mesh technology Glossary SSL Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Switch A network switch or switching hub is a computer networking device that connects network segments or network devices. TCO Abbreviation of Total Cost of Ownership, a very popular buzzword representing how much it actually costs to own something (usually IT equipment). Most estimates place the TCO at about 3 to 4 times the actual purchase cost of the hardware. Telnet A terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. TKIP Temporal Key Integrity Protocol or TKIP is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP without requiring the replacement of legacy hardware. TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. TLS Transport Layer Security and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. W-Fi Wi-Fi (sometimes spelled Wifi or WiFi) is a popular technology that allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. The Wi-Fi Alliance defines Wi-Fi as any "wireless local area network (WLAN) products that are based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.11 standards". However, since most modern WLANs are based on these standards, the term "Wi-Fi" is used in general English as a synonym for "WLAN". WDS A wireless distribution system (WDS) is a system enabling the wireless interconnection of access points in an IEEE 802.11 network. It allows a wireless network to be expanded using multiple access points without the traditional requirement for a wired backbone to link them. WEP Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools. WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is a wireless communications standard designed to provide 30 to 40 megabit-per-second data rates, with the 2011 update providing up to 1 Gbit/s for fixed stations. It is a part of a “fourth generation,” or 4G, of wireless-communication technology. WMN A wireless mesh network (WMN) is a communications network made up of radio nodes organized in a mesh topology. WPA2 WPA2, which supersedes WPA, is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless computer networks. WPA2 implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security.