radius?

[John Uff]

Hi All

Looking at the open-mesh stuff and I know that it goes against the
spirit of the free-access concept but somebody's got to pay for the
infrastructure so we're planning a higher-bandwidth commercial layer
aswell as lower bandwidth free access.

We could quite happily use the mac-code-whitelist but it must have a
finite size so I don't think that's appropriate

Has anybody made efforts with radius or something similar to control
user access ?

Regards

John Uff
jo...@fax.co.uk

[RobD]

I don't forsee too great a problem in someone swapping out NoDog for
Chillispot or similar which would give you splash/auth with a radius
backend. There are just packages from openWRT afterall....

Rob

> j...@fax.co.uk

[s...@bristolwireless.net]

Hmm interesting comments about radius.

I was thinking about how these mesh networks could spread, and advertise
themselves.

Is it possible for the mesh nodes to treat other devices that are/are not
running batman in different ways?

My idea is this

1) Make default configuration of the boxes was to grant 10 minutes access to
non-batman running clients each day.

2) After the 10 minutes free browsing to re-direct to a splash page which
explains that to get unlimited free browsing they either need to get a mesh box
from http://open-mesh.com/ (or similar). Or to install batman on a device of
their choice.

3) The splash page could also offer a paid login for unlimited access as a
alternative to buying a box.

This set up would IMHO have these advantages:

1) Social conscience- those that are really hard up can get 10 mins access a
day.

2) Appeals to self interest - those that can afford a box of their own are
likely to buy one and extend the network.

3) Compatible with paid deployment models - the option to pay for unlimited
access could remain, by having the incentive for people to buy their own boxes
the network spreads organically and more potential customers are within range
of the spreading network.

Is this at all feasible?

Thanks

Sam

Quoting RobD <rob...@gmail.com>:

About us;
http://www.bristolwireless.net/wiki/index.php/NetworkSolutions

---------------------------------------------
This email message was delivered by Psand.net

[Andrew Gearhart]

From the stand point of coding the walled garden, I think it would be possible... however, the implications of it could be very negative for the network. I can't think of how it would easily determine how many hops the person is already from the gateway... and therefore... whether they could "simply add a node" to extend the network.

Remember, BATMAN (like most mesh network protocols) degrades over multiple hops. The only way it doesn't is if you're dealing with dual radio equipment. If you're dealing with dual radio equipment, I don't think we're talking the simple "add a node to extend the network" architecture because of the cost of the nodes. After about 3-4 hops... you need a new gateway.

Radius is likely the way to go with the network AAA. Right now, there's nothing built into Open-Mesh.com's NoDogSplash OR DogOnRails to talk to Radius, however, both have made comments that "at some point" it would be. No timeline has been set though for the features.

Hope that helps,

Andrew Gearhart
Entrepreneur, EtherFly
Co-Founder, OpenSourceMesh

[RobD]

As Andrew says, it's not just nodes to build out the coverage, but the
uplinks too. This is why the FON model works so well: add an uplink
and share bandwidth = network roaming; otherwise pay for access.

For me its about providing services within the network rather than
focusing on out-of-network access, i.e. to the internet. These
features encourage people to a) join up to extend coverage and b) add
uplinks to gain access. I'm thinking about things like p2p trackers,
community (i.e. geosensitive) information, messaging services, hosting
&tc.

My reason for this dual approach (internet + intra-network services)
is that community provided networks need to a) know what need they are
servicing (DSL alternative? closing the digital divide? non-commercial
hotspots? etc...) and b) have some value in them beyond the free/open
infrastructure.

I think that the dynamic here is, in a nutshell, the ever present free-
loader problem. Things do have a cost - how much of their purchases
are people prepared to give away? Meraki rate-caps people, as did
LocustWorld from the very beginning...

As I said, adding splash/auth shouldn't be too hard. A public wifi
interface with radius, another interface for network meshing. There
are benefits for adding some kinda auth control: in a virtual
environment certain technical measures are necessary to preserve the
integrity of the network (I'm thinking MAC blocking here - something
that meraki does). But this comes with its issues too, for example
access to the network when the radius server is unavailable. There
would need to be some scripts to handle such eventualities.

This is why I like the NoDog local MAC auth as it allow for some
localised management (white listing) without too much hastle.

Anyway... it's late. Comments please! Rob

[ric...@positivecomputing.co.uk]

Richard is away now until 7th April.

Please call the office on 01485 572253 for help.

Thanks

[ric...@positivecomputing.co.uk]