Large Conference Wifi

High Density Guidelines

The following relates to many (but not all) indoor events with attendee numbers in their thousands. It was originally targeted at a very dense web developer conference that required high availability and multi-gigabit throughput. It is not intended to be a comprehensive or complete design artefact in any way. Rather, it should serve as a ‘cheatsheet’ of sorts and/or catalyst for gatherng requirements and subsequently formulating SADs, HLDs, LLD/DDDs, surveys etc.

Client Side Requirements

• One to three devices per attendee (all manner of smartphones and laptops)
• 2.4 GHz and 5GHz support
• Minimum RSSI -67dBm @ 5GHz and SNR 25dB in coverage areas (Consider better RSSI for LTE co-existence ~ -63dBm or -60dBm)
• Minimum of 5/5Mbps throughput to maximum 26/26mbps (depends on fan-in ratios / contention)
• Application traffic types are primarily miscellaneous web browsing
• HD video conferencing and voice should be available and prioritised
• Sub 5ms response from default gateway
• Sub 5ms response from cached DNS entries
• Multicast and local client to client connectivity not supported except in smaller spaces
• Limited wired connections of 100/100Mbps for all speakers and those wanting to do live demos.

RF / WiFi Design and Configuration

• MCA(Multi-Channel Architecture) which rules out Meru!
• Distributed WiFi micro-cell architecture (rules out Xirrus!)
• Overhead directional ‘patch’ antennas
• 2.4GHz ‘-legacy' and 5GHz '' ESSIDs (throughout) unless running dual-band ESSID intentionally with band-steering enabled
• 2.4GHz 200ms beaconing to help dual band capable clients to choose 5GHz faster
• ESSID’s anchored to major spaces (named accordingly vs. full site roaming if sticky issues)
• Limited layer 2 roaming (just to help keep broadcast segment size down)
• 20MHz only channel widths for maximum spectrum re-use and clean air
• 802.11g/n only (802.11ac in some locations but not needed/recommended as an SNR of ~30dBm is required for 256QAM and wider channel widths come with spectrum re-use penalties!)
  • also as we are limiting throughput per client device it’s somewhat moot albeit we do want to preserve airtime as much as possible so faster modulation schemes are nearly always desirable depending upon SNR
• Basic (i.e. mandatory) 6, 12, 24Mbps data rates in 5GHz and above only (see https://mcsindex.com )
• Predictive modelling/full survey but mandatory post-validation survey
  • SNR to 25dB in all expected coverage areas
  • ~10dBm roaming overlap of cells
  • Apple OSX roaming delta RSSI is 10dBm (see roaming_note)
  • Windows laptops should be set to aggressive where possible
• 30-50 client STA associations per AP (rough guideline)
• Full WIPS dedicated APs and mobile spectrum analyzer
• 802.11k (and/or proprietary load balancing in mini-radio clusters in super dense client areas). Not all clients support.
• Careful use of RX-SOP (if available ;)

Wired Backbone and Data Services

• Minimum dual active/active 10Gbps ISP transit links via disparate vendors/metro rings (with ability for vendors/exhibitors to terminate their own feeds)
• Minimum 40Gbps+ capable edge routing/firewalling
• 10Gbps dual redundant access edge uplinks to distribution
• Full 20-40Gbps or more primary campus backbone/infrastructure to the CORE
• N+1 redundant architecture throughout as far as the access/edge and APs
• Well architected L3 domains (to partition and minimise L2 failure domains)
• Routers should route and firewalls should firewall, thus DNS and DHCP should be provided for via dedicated servers or appliances
• DHCP lease time minimum of 1 day with very large scopes to avoid exahaustion and excessive broadcasts
• IAM(Identity and Access Management) can use a form of wildcard based 802.1X credentials for any user/pass combination to ensure per device keying (HT: #31C3)
  • PSK(Pre-Shared Key) can be used once users understand the shared nature of the medium with shared keys
  • Open SSIDs are the easiest for onboarding but provide no security whatsover (even w.r.t. non-attendees in range and can result in leeching also)
• Software caches and/or major CDN edges onsite
• Local redundant / Anycast DNS resolvers and/or caches (i.e. not performed on routers/FWs)
• Dedicated physical links and paths (where possible) for exhibitors/vendors and/ or workshops or labs.
• L7 Application Visibility / DPI (Deep Packet Inspection) and associated shaping/throttling or queuing to a scavenger class for known bandwidth hogs
• Optional per-client SRC IP bi-directional rate limiting

NetOps / SecOps and Customer Service

• A full NoC (Network Operations Centre) that also engages attendees via locally hosted status pages and other social media channels i.e. Twitter etc..
• All digital signage giving informative and constant network info/updates
• Constant and distributed monitoring via humans/sensors/APs to adjust for a growing noise floor and to track down any ‘evil twin’ APs or strong rogues
• Full standard Network Management System, ongoing Capacity Management, full Alerting etc.
• Technically qualified volunteers to assist attendees get connected including at event hubs and booths

Note: There is no escape however from doing basic maths with respect to things like availability, the number of supported CAM table and ARP entries per infrastructure device, and the TCP session set up per second or concurrent NAT sessions at layer 3 boundaries (if you don’t have publicly routable IP space!).