N4L: help freely given

[Tim Harper]

Hi all,

This is a thread to bring queries about N4L to with a view to solving issues that people have.  The aim is for us all to work co-operatively to get things functioning to maximise benefits for schools.

I will start by declaring where I sit and many of you know this already.  I work with N4L to assist schools in two ways:

1. Transition Support:  primarily this involves supporting SchoolZone schools to move to N4L but I will help any school.  I frequently assist schools to support them with domain changes and email changes (mostly to Google Apps Education Edition)
2. ICT Advisory:  I work to provide advice to N4L connected schools to assist to maximise the benefits of their N4L connection.  See the summary at:  http://www.n4l.co.nz/ictadvisoryservice/

So, let's start making this work ...

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Pete Mundy]

> So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

[Arnold Santos]

Hi Tim,

Right timing because I'm about to move our connection to N4L. Got some concerns to clarify with regards to the managed network.

1. Regarding VLAN, I know they will provisioned the Cisco 2951 based on your network design but should we have an access to the web console on VLAN configuration once we transfer our pfsense config to their router? My concern is sometimes we need to make some changes on our internal network and most of the time we always do this during the wee hour of the night, e.g. VLAN, DHCP config. If I'm gonna use their setting that seems to be a one-size fits all profile at the moment, we don't have control of our internal network. The 1:1 redirection of their router to our pfsense will be the best case if that doesn't work. What should be the boundary with regards to this within the school internal network?

I have no problem with the filtering and firewall rules features

Can you give us an advice please.

Regards

On 27 August 2014 07:19, Pete Mundy <pe...@fiberphone.co.nz> wrote:

> So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

--

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Technical Coordinator 10.8
Apple Certified Support Professional 10.8

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

[Mike Etheridge]

So far I have not been given access to the router and have no indication that I ever will have. Indeed, it seems that N4L don't have any kind if write access and have to ask Spark to make changes on our behalf. Most unsatisfactory so far.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Bevan McNaughton]

In regards to the Cisco 2951's, is there nothing else in the range more 'space' friendly that is within Spark's approved range? So far the ones we've livened up on site are far in excess of fitting in a standard wall-mount Comms cabinet (SNUP grade), and I've only seen 2 sites so far that were able to be mounted.  I am keen to know of any creative ways these have been otherwise placed since some schools have sat them (either by themselves or Chorus) atop a comms cabinet rather than in it.

I apologise if this is somewhat outside of scope of this thread.

Regards,

Bevan

--
Bevan McNaughton

Intranet Manager

Southland Girls' High School

328 Tweed Street

Invercargill 9812

Phone: +64 3 211 6030

Fax: +64 3 216 9010

[Andrew Godfrey]

Hi Arnold,

We are (have been since August the first) in the process of moving over to N4L. Thankfully, we added an extra NIC to our pfsense box so we can have two routes out to the internet for redundancy.

GenI have had to update their router firmware twice and they are coming out this morning to replace what they suspect is a faulty router (bus errors). Being able to switch the default route in pfsense has been a godsend and without that, student learning and teaching would have been hugely compromised.

My advice is to have a Plan B in place.

_______________________________________

 

Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand

--

[Alan at Wadestown School]

I think you've made your point now, Pete.

[Mike Etheridge]

Needs repeating. It's causing us serious headaches and needs to be fixed. Our supposed 500 mbps N4L connection is a joke compared to the open peered 100 Mbps connection we had before.

Mike

[Mike Etheridge]

Hi People

Interesting. I can't post from email on our N4L connection. Third attempt to post this. Initial attempt was to the Cloud Backup thread, hope you are not getting repeats. I'm not. I'm assuming this thread is for people who have serious problems, not just fanboys. Read on….

I have to report that, having just transitioned to what is supposed to be a 500 Mbps N4L connection, we are also experiencing what appears to be session-based shaping, although I have had one N4L engineer insist very strongly that there is no shaping. (In general, I have found N4L staff to be very keen to listen and help). I'm sure that N4L intend that there be no shaping, but I don't think it's them that are doing it. It's Spark.

See if you can figure this one out:
For lots of reasons, including safety of our students, our LAN is behind a pfSense transparent proxy, on 10.0.0.0/8. This is not going to change. Basic reason: we are not allowed to work on the N4L router configuration ourselves.
Between the psSense box and the N4L router, there is a DMZ, 192.168.3.0/24.
From a laptop set up somewhere on the DMZ, it pulls good speed tests from everywhere (in NZ), up towards theoretical in the mid 400Mbps from some places.
From my desk, on the 10.0.0.0/8 LAN, I get 10 or 20Mbps  speedtest anywhere in New Zealand (ah hah you say, its your proxy…but wait!) EXCEPT from Wellington Spark server (and only the Wellington one), which I pull 470 Mbps from. Now, if it was my proxy that is the problem, the Wellington Spark server would also be slow.
If I move the pfSense box to another IP on the DMZ, behaviour doesn't change. If I put a laptop at the pfSense DMZ address, it goes good. You still think it's the proxy, right? Don't forget the good result from the Wellington server when behind the proxy.
The result is that users who were on 100 Mbps open peered connection from local ISP report that the N4L connection, which is supposed to be 5 times faster, is sluggish.
I get the same results if I tunnel out through a Linux box which has an interface on the LAN and one on the DMZ, i.e. good from Wellington, poor everywhere else.
It looks to me like Spark has set up their Wellington server, routing and shaping to give good test results (for benign line performance testing or nefarious wool-pulling, wouldn't know), but everything beyond that is shaped.
I would be very interested to see if other people get this differentiation between the default speedtest server and another one of their choosing - even another Spark one.

Anyone think of how I could defeat the shaping, given that a plain non routing host on my DMZ gives good results? I don't think I am being unethical wanting to defeat the shaping, as the N4L people promised us no shaping, and have reiterated "no shaping" several times, including in (electronic) writing.

Mike

[Patrick Dunford]

Some of our schools are on one-size-fits-all Watchdog filtering and others more granular filtering using site based firewalls to give different profiles to different groups of users. The question is what N4L filtering can provide out of the box. Are we limited to a single profile for all groups of users or can it be more granular, do schools have to pay to get a more granular or multi profile filtering option.

On Tuesday, August 26, 2014 9:58:06 PM UTC+12, Tim Harper wrote:

[Patrick Dunford]

We are having to put the unit into a cabinet elsewhere and VLAN it across internal fibre to the perimeter but the Spark representative was most insistent that he didn't believe it was possible.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Alan at Wadestown School]

Apropos > In regards to the Cisco 2951's, is there nothing else in the range more 'space' friendly

Over the last few months I worked through the SNUP site design with the project manager from TorqueIP and one of the major considerations was creating a 'server cabinet' that was big enough to house the N4L router.

[Arnold Santos]

Different VLAN with different filtering profiles is what I'm hoping for, that is what our pfsense have. Pfsense firewall will be keep for a awhile I suppose. Will this gonna impact the performance of the network if you have a double-NAT?

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

[Craig Knights]

Posting from Dunedin.

Since moving to N4L from a different managed fibre (eHub, like SchoolZone (was on SZ before that)) the staff around here seem to be happy enough with the internet speed.

But for my own curiousity I tried some speedtests..

Spark Wellington 35 / 82  but we do have around 550 devices on the wifi right now at the end of second period..

Vodafone Wellington 13 /18 with a ping of 44ms instead of 17ms on the Spark test. 

But we're happy enough with the N4L speed, but would love some sort of per user or group filtering, but I concede that is tricky without auth proxies.

ta

Craig

--

[Patrick Dunford]

Spark are not allowed to give access to the config as we have been advised so that will not be allowed.

My understanding, there is a VLAN queue for internet traffic and one for everything else which is speed limited. The slow IP address range may be in the wrong VLAN.

On Wednesday, August 27, 2014 10:19:10 AM UTC+12, Mike Etheridge wrote:

Hi People

Interesting. I can't post from email on our N4L connection. Third attempt to post this. Initial attempt was to the Cloud Backup thread, hope you are not getting repeats. I'm not. I'm assuming this thread is for people who have serious problems, not just fanboys. Read on….

<snip> 

[Mike Etheridge]

If I'm on a slow address (according to N4L engineer, it's flat, all addresses the same) why is the Wellington server fast?

[Stephen]

I can confirm that they will provide different filtering profiles based on  internal ip range (in a non-VLAN'd) school at no extra cost (currently anyway). I assume this would apply for VLAN's too as that essentially just makes the management of that easier. 

-- 

Stephen 

[Andy Schick]

Hi all,

Just jumping in here from the N4L side of things ... I'm a new poster on this particular forum, but I have met and know a few of you.  

I want to make you aware that we are seeing this conversation, and are noting the issues raised.  I know that on many fronts, including filtering granularity, peering and "shaping", work is being done to provide clarity and where necessary progress featureset development.  Given that I'm not technical, it would be foolish of me to attempt to convey more detail than this - as I'd almost certainly get it wrong.  

Having said that, if you have operational problems, PLEASE get in touch with us.  We have a team of really great engineers here to help get to the bottom of these problems.  As Mike has pointed out, they are keen to listen and help, and we do work through to resolution.  

While I'm sure we sure we won't resolve all operational issues and network clarity requirements today, I'll can make sure someone with technical authority posts here today to provide some more substantial information to help the conversation along. 

Regards,

Andy Schick

Marketing Manager, Network for Learning

On Tuesday, August 26, 2014 9:58:06 PM UTC+12, Tim Harper wrote:

[Patrick Dunford]

I'm not personally up with the play, I had our expert sitting next to me and he told me to write that as the answer.

However I believe that in general, running the Ookla Speedtest site may not give you accurate results because that is one of a number of sites that may have been specifically excluded from the speed limiting or some other aspect of traffic management.

[Mike Etheridge]

Download results for ISOs etc similar. Abysmal. Will struggle on.

[Mike Etheridge]

It needs reiterating. It is causing us serious headaches and p poor performance and needs to be sorted.

Mike

[Mike Etheridge]

Hi People

This is a repost of one that failed - N4L issues! to the cloud backup thread. I hope this thread hasn't been created to keep the N4L problems out of view of people considering the tarsition. My advice right now would have to be to hold off. Read on….

I have to report that, having just transitioned to what is supposed to be a 500 Mbps N4L connection, we are also experiencing what appears to be session-based shaping, although I have had one N4L engineer insist very strongly that there is no shaping. (In general, I have found N4L staff to be very keen to listen and help). I'm sure that N4L intend that there be no shaping, but I don't think it's them that are doing it. It's Spark.

See if you can figure this one out:
For lots of reasons, including safety of our students, our LAN is behind a pfSense transparent proxy, on 10.0.0.0/8. This is not going to change. Basic reason: we are not allowed to work on the N4L router configuration ourselves.
Between the psSense box and the N4L router, there is a DMZ, 192.168.3.0/24.
From a laptop set up somewhere on the DMZ, it pulls good speed tests from everywhere (in NZ), up towards theoretical in the mid 400Mbps from some places.
From my desk, on the 10.0.0.0/8 LAN, I get 10 or 20Mbps  speedtest anywhere in New Zealand (ah hah you say, its your proxy…but wait!) EXCEPT from Wellington Spark server (and only the Wellington one), which I pull 470 Mbps from. Now, if it was my proxy that is the problem, the Wellington Spark server would also be slow.
If I move the pfSense box to another IP on the DMZ, behaviour doesn't change. If I put a laptop at the pfSense DMZ address, it goes good. You still think it's the proxy, right? Don't forget the good result from the Wellington server when behind the proxy.
The result is that users who were on 100 Mbps open peered connection from local ISP report that the N4L connection, which is supposed to be 5 times faster, is sluggish.
I get the same results if I tunnel out through a Linux box which has an interface on the LAN and one on the DMZ, i.e. good from Wellington, poor everywhere else.
It looks to me like Spark has set up their Wellington server, routing and shaping to give good test results (for benign line performance testing or nefarious wool-pulling, wouldn't know), but everything beyond that is shaped.

I would be very interested to see if other people get this differentiation between the default speedtest server and another one of their choosing - even another Spark one.

Anyone think of how I could defeat the shaping, given that a plain non routing host on my DMZ gives good results? I don't think I am being unethical wanting to defeat the shaping, as the N4L people promised us no shaping, and have reiterated "no shaping" several times, including in (electronic) writing.

Mike

[Mike Etheridge]

Download results for ISOs etc similar. Abysmal. Will struggle on.

Mike

[Tim Harper]

Hi Mike,

... this is all without my N4L hat on.

Are you using pfSense in transparent proxy mode to supply differentiated user filtering?  If so how are you managing https filtering?

At Mt Aspiring I originally used pfSense as a non-transparent proxy to support differentiated filtering.  I was able to support https proxy rules as users had to define the https proxy to their device.  Now I only use it to manage local firewall rules.  My intention is to dump it from that role and rely solely on the N4L router to provide firewall services.  I really don't want to have to manage yet another device and the fewer I have the better off I feel that I am.  My intention is to get rid of pfSense at Mt Aspiring over the Christmas break.  We do not need it any more.  I am more than happy to pass all firewall management to others.

What specifically in regard to student safety do you see as being compromised by not using pfSense?

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Tim Harper]

Hi Mike,

putting your SMTP query into this thread  (and again with out my N4L hat on.)

Because we use Google for mail I've directed everything outbound for email via Google's mail servers.  That includes our photocopiers.  So far I have not found any devices on our network that cannot use Google's servers to send email - our photocopiers all work really well.  See:

http://google.mtaspiring.school.nz/photocopiers

Thus I have not had to use the N4L provided relay that Pete described.  But if it works like the SZ mail relay then it can accept mail from any device.  SZ has two mail relays - one that is authenticated and another that does not require authentication.  The unauthenticated relay is only accessible to hosts inside the SZ network.  It would be interesting to find out about the N4L one but I've never needed it.

I know some schools use the hmail server locally (https://www.hmailserver.com/) and they then use this to relay mail to their Google accounts if they do have legacy systems that do not like to use Google's connection directly.

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Mike Etheridge]

Copiers etc can use Google BUT as I explained in other thread, Google relay  changes your reply - to to whatever the default is for the account you used to authenticate. This is ok in many situations but not all. And some systems can't authenticate or use SSL. e.g KM copier email concentrator and Greentree accounting software. I chose neither but I'm stuck with them. Got N4L relay working fine now, however.

[Tim Harper]

Yes - I've seen the older KM's in particular fail to use Google SMTP.  Their newer copiers seem OK and my post at http://google.mtaspiring.school.nz/photocopiers shows the config on our KMs before we switched to Ricoh a few of year ago.  To be honest from a user perspective I see no difference.  IT-wise things are identical.  And they all break down - such are the foibles of mechanical paper handling devices.  I guess the bean-counters are the ones who see things differently.

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Mike Etheridge]

Actually our copiers are pretty good and can use Google. But we've got a KM device on site (they call it Sentinal) that polls all the copiers (it's a big site) and relays the mail out. And it can't use SSL. KM like us to hit their own SMTP and by getting N4L to unblock 25 I think we can now do that. Beats me why any outbound port needs to be blocked at N4L router, actually. Running at about one per day asking them to unblock. Which they do very quickly, it has to be said.

[Tim Harper]

I'd be surprised if the KM Sentinel server was not allowed on the N4L firewall?  I know I permitted it outbound on the SZ firewalls for all schools.

Clayton:  it might be worth a check?  IPs 206.130.99.238, 206.130.121.216 and 203.97.79.101 on ports 25/110 (tcp) are allowed on the SZ systems.

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Mike Etheridge]

I got the dump from our N4L firewall. It wasn't on the list. Port 25 blanket block. N4L bad, not ours or KMs. But KM should wake up and get their software using SSL I agree. Still, sorted now.

[Clayton Hubbard]

Hi Mike,

For older devices that do not support authentication, you can use the google to send outbound mail and use IP based authentication by following this link - https://support.google.com/a/answer/2956491 and the relay settings are https://support.google.com/a/answer/176600?hl=en.

The N4L Mail relay platform allows port 25 specifically to address the issue of copiers, UPS, NAS devices etc.

In regards to the N4L Firewall. If a school uses the N4L firewall then by default we allow port 25 to the N4L relay servers and if a school requires additional rules then this is added during the design phase. The reason for blocking this outbound is add additional security around potential spam bots, and therefore the client would need to specifically know the outbound relay to get out.

If a school chooses not to take the N4L firewall then there is no blocks put in place.

Clayton

Clayton Hubbard 
Senior Engineer, The Network for Learning Ltd

D: 09 972 2906 | M: 022 043 0155 | W: http://www.n4l.co.nz
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Bevan McNaughton]

We use hMailServer (free) to do a redirect for our old copiers as well as for monitoring software that doesn't like SSL SMTP. hMailServer just sends the e-mails on behalf from a set up GMail account for it.

i.e. the e-mail address on the older KM's is m...@school.local, hMailServer sends it via smtp...@southlandgirls.school.nz - a dedicated account just for that sort of stuff. I've used it at several sites with ease.

Bevan

[Sam McNeill]

Hi All,

As a non-N4L school, I'm following this with interest. 

It's especially interesting hearing that some schools are getting close to the promised 500Mb/s speeds. My question, however, is this: in your day-to-day usage, what sort of average speeds are you actually seeing? I'm at a Yr1-13 co-ed school with 1350 students, ad-hoc BYOD across all levels, but compulsory from Yr9 this year moving forward. We'd have 600+ concurrent wireless connections during the day, plus computer suites etc. 

We would routinely hit between 100-150Mb/s during class time, but probably average closer to 70-80Mb/s and see extreme peaks of 200Mb/s (see attached for last 24hrs).

I know we all plan for the future, but I'd be curious to know if any of you are peaking near the 500Mb/s threshold N4L is theoretically delivering.

Cheers

Sam

[Bevan McNaughton]

Hi Sam, if you want a comparison from another non N4L school, see http://weathermap.reannz.co.nz/node.php?src=and28&int=ge_1_1_8 (our school connection).

This is with around 1,200 students and 700+ wireless device users - many of these ad-hoc BYOD users too. A local caching proxy is onsite here for student-only traffic, so absorbs some of our statistics however, but is tended for caching up bulk content such as 'New Apple OS day'.

Measuring peak speed use is a real issue that requires consistent flows. For schools with a very fat pipe, the throughput is often not visible from the sometimes very short bursts of data.
Only a select few of us here can chew up the pipe, however if you have offsite services such as DR/replication then these will indeed eat up smaller connections significantly.

What would you anticipate your main data to be going out in general?

Kind regards,

Bevan

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Harper]

Hi Sam,

on our 100Mb (90/10) N4L connection with a roll of 730 students from Y7-13 we see peaks in the 30-40Mb/s range, mostly it hovers around 20Mb/s.  If I stress the connection by doing eg multiple downloads off eg eTV I can easily see peaks of 70Mb/s or more.  The graph below is live from our systems just now.  No idea why it stopped recording the download data for a minute or so but uploads were clearly continuing.

Lunch has just started!

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

On 29 August 2014 12:35, Sam McNeill <s...@mcneill.co.nz> wrote:

--

[Sam McNeill]

Cheers for those replies.

We have around 900 in the secondary school, and of course, they consume far more than our preparatory school students.

Unlike some schools I've looked at, lunchtimes don't see a massive spike in traffic - it is usually a reduction (despite some sites such as Facebook being allowed during lunch, but not class time)

Tim - am I reading your "90/10" comment correctly saying you've only got 10Mb/s upload?

Bevan - we technically have a 1Gb/s connection but it's nominally shaped at 300Mb/s. We can max that out with local downloads such as ISO's from UC, but even with heavy YouTube/ETV traffic is barely registers to be honest.

We push nightly offsite backups to another HS, we shape this to max 70Mb/s. It's data heavy as back up entire VM images,not just differential.

This week we have also started a new nightly DR of our SMS to AKL but that is only around 10GB of data we push up.

Cheers

[Tim Harper]

Hi Sam,

the way all the school UFB/RBI connections are organised the circuits have two components.  One is for general browsing, the other is reserved for applications like eg VOIP that would work best in their own space.  The "internet" component supports up to 90Mb/s; the reserved component supports up to 10Mb/s.  Currently there is nothing running in the 10Mb/s component.

Uploads can happen at up to 90Mb/s.

Here is a speedtest.net result over N4L to Voda in Auckland that was completed just now:

In terms of our local systems this resulted in this on the graphs:

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

--

[Bevan McNaughton]

Oddly enough that spike in today's data is exactly that - an ISO download of CentOS 7 from UC.
Tim'll describe the 90/10 better but it isn't download/upload exactly.
One thing we don't do here is traffic shape as such as haven't yet had the need to.
I suppose that when it comes to Facebook traffic it's designed to be efficient, so the likes of the real important Facebook features such as Messaging and posting Selfies are only short bursts rather than compounding streams for example.

Traditional http://www. traffic isn't really heavy on a link, but you are right that YouTube/eTV traffic can be. Simultaneous streaming and buffering of clips seems to be completely random so you don't really have 50+ students watching Youtube clips simultaneously from exactly the same start time, but rather staggered to reduce load.

It's going to be interesting to see (except for HD movie streaming online) how the consumer finds the shift from ADSL2+ to VDSL to UFB for all other standard traffic where multiple simultaneous users aren't involved, yet there is such a need in marketing to move up.

Bevan

On 29 August 2014 13:39, Sam McNeill <s...@mcneill.co.nz> wrote:

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[trevor storr]

and here's ours from waimate high.  300 students, chromebooks byod; 90 + 10 RBI/N4L.  Bursts to around 50.

Cheers

Trevor

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
cheers

Trevor

Trevor Storr
Director of eLearning, CantaNET http://educo.vln.school.nz
Waimate High School
Waimate
New Zealand

[Jeremy Nees]

Hi Sam,

Here is one of the more busy graphs over the last couple of days. Graph is sampled as 5min averages so it doesn’t reflect bursts as well as it could.

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/

A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

--

[Jeremy Nees]

Sorry, was using a diff mail app - this time embedded

[Jeremy Nees]

Hi Pete,

Hope all is well in Nelson. 

Peering at APE for the N4L network is currently in delivery with Spark. I don’t have an exact timeframe for completion right now but it is happening (i.e. order in with Citylink)

Hopefully that’s good news :)

Thanks

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 7:19 am, Pete Mundy wrote:

So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

Attachments:

- smime.p7s

[Jeremy Nees]

Hi Mike,

We have taken note of the feedback from schools regarding firewall rule changes in particular, and have been working with Spark to get this happening more rapidly. 

Sorry I can’t give a more definitive response right now.

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 8:56 am, Mike Etheridge wrote:

So far I have not been given access to the router and have no indication that I ever will have. Indeed, it seems that N4L don't have any kind if write access and have to ask Spark to make changes on our behalf. Most unsatisfactory so far.

On 27/08/2014 8:28 AM, "Arnold Santos" <arn...@queenstown.school.nz> wrote:

Hi Tim,

Right timing because I'm about to move our connection to N4L. Got some concerns to clarify with regards to the managed network.

1. Regarding VLAN, I know they will provisioned the Cisco 2951 based on your network design but should we have an access to the web console on VLAN configuration once we transfer our pfsense config to their router? My concern is sometimes we need to make some changes on our internal network and most of the time we always do this during the wee hour of the night, e.g. VLAN, DHCP config. If I'm gonna use their setting that seems to be a one-size fits all profile at the moment, we don't have control of our internal network. The 1:1 redirection of their router to our pfsense will be the best case if that doesn't work. What should be the boundary with regards to this within the school internal network?

I have no problem with the filtering and firewall rules features

Can you give us an advice please.

Regards

On 27 August 2014 07:19, Pete Mundy <pe...@fiberphone.co.nz> wrote:

> So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

--

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Technical Coordinator 10.8
Apple Certified Support Professional 10.8

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeremy Nees]

Hi Craig,

The filtering product does provide group/user filtering which can be integrated with LDAP or SAML2. It also does provide HTTPS/SSL filtering with a cert on the local device. 

We are creating some instructions for this and making sure our support teams are trained, plus have just had some legal review done to make sure we collectively understand any impacts etc. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 10:37 am, Craig Knights wrote:

Posting from Dunedin.

Since moving to N4L from a different managed fibre (eHub, like SchoolZone (was on SZ before that)) the staff around here seem to be happy enough with the internet speed.

But for my own curiousity I tried some speedtests..

Spark Wellington 35 / 82  but we do have around 550 devices on the wifi right now at the end of second period..

Vodafone Wellington 13 /18 with a ping of 44ms instead of 17ms on the Spark test. 

But we're happy enough with the N4L speed, but would love some sort of per user or group filtering, but I concede that is tricky without auth proxies.

ta

Craig

On Wed, Aug 27, 2014 at 10:19 AM, Mike Etheridge <mike.et...@gmail.com> wrote:

Hi People

Interesting. I can't post from email on our N4L connection. Third attempt to post this. Initial attempt was to the Cloud Backup thread, hope you are not getting repeats. I'm not. I'm assuming this thread is for people who have serious problems, not just fanboys. Read on….

I have to report that, having just transitioned to what is supposed to be a 500 Mbps N4L connection, we are also experiencing what appears to be session-based shaping, although I have had one N4L engineer insist very strongly that there is no shaping. (In general, I have found N4L staff to be very keen to listen and help). I'm sure that N4L intend that there be no shaping, but I don't think it's them that are doing it. It's Spark.

See if you can figure this one out:
For lots of reasons, including safety of our students, our LAN is behind a pfSense transparent proxy, on 10.0.0.0/8. This is not going to change. Basic reason: we are not allowed to work on the N4L router configuration ourselves.
Between the psSense box and the N4L router, there is a DMZ, 192.168.3.0/24.
From a laptop set up somewhere on the DMZ, it pulls good speed tests from everywhere (in NZ), up towards theoretical in the mid 400Mbps from some places.
From my desk, on the 10.0.0.0/8 LAN, I get 10 or 20Mbps  speedtest anywhere in New Zealand (ah hah you say, its your proxy…but wait!) EXCEPT from Wellington Spark server (and only the Wellington one), which I pull 470 Mbps from. Now, if it was my proxy that is the problem, the Wellington Spark server would also be slow.
If I move the pfSense box to another IP on the DMZ, behaviour doesn't change. If I put a laptop at the pfSense DMZ address, it goes good. You still think it's the proxy, right? Don't forget the good result from the Wellington server when behind the proxy.
The result is that users who were on 100 Mbps open peered connection from local ISP report that the N4L connection, which is supposed to be 5 times faster, is sluggish.
I get the same results if I tunnel out through a Linux box which has an interface on the LAN and one on the DMZ, i.e. good from Wellington, poor everywhere else.
It looks to me like Spark has set up their Wellington server, routing and shaping to give good test results (for benign line performance testing or nefarious wool-pulling, wouldn't know), but everything beyond that is shaped.
I would be very interested to see if other people get this differentiation between the default speedtest server and another one of their choosing - even another Spark one.

Anyone think of how I could defeat the shaping, given that a plain non routing host on my DMZ gives good results? I don't think I am being unethical wanting to defeat the shaping, as the N4L people promised us no shaping, and have reiterated "no shaping" several times, including in (electronic) writing.

Mike

On Tuesday, August 26, 2014 9:58:06 PM UTC+12, Tim Harper wrote:

Hi all,

This is a thread to bring queries about N4L to with a view to solving issues that people have.  The aim is for us all to work co-operatively to get things functioning to maximise benefits for schools.

I will start by declaring where I sit and many of you know this already.  I work with N4L to assist schools in two ways:

1. Transition Support:  primarily this involves supporting SchoolZone schools to move to N4L but I will help any school.  I frequently assist schools to support them with domain changes and email changes (mostly to Google Apps Education Edition)
2. ICT Advisory:  I work to provide advice to N4L connected schools to assist to maximise the benefits of their N4L connection.  See the summary at:  http://www.n4l.co.nz/ictadvisoryservice/

So, let's start making this work ...

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Craig Knights]

OK, that's great to hear.. 

thanks

Craig

[Sam McNeill]

Hi Jeremy,

Is that for just one school? (sorry for ignorance, I see your role is with N4L,not a school hence the question)

Tim - here is a screenshot of a speediest to the same AKL Vodafone server for us:

Interestingly, crosstown to snap isn't markedly faster:

Just realised my wifi might be the bottle neck so did again off a windows VM to Snap:

Cheers

Sam

[Jeremy Nees]

Hi Stephen, 

Yes this is available for different internal ip-ranges including with different VLAN’s as well currently, and as you state this is at no extra cost. 

The group based filtering and SSL filtering will also be available at no extra cost, however you will need to configure your own LDAP server and install SSL certs on devices. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 10:47 am, Stephen wrote:

I can confirm that they will provide different filtering profiles based on  internal ip range (in a non-VLAN'd) school at no extra cost (currently anyway). I assume this would apply for VLAN's too as that essentially just makes the management of that easier. 

-- 

Stephen 

On 27/08/2014, at 10:37, Arnold Santos <arn...@queenstown.school.nz> wrote:

Different VLAN with different filtering profiles is what I'm hoping for, that is what our pfsense have. Pfsense firewall will be keep for a awhile I suppose. Will this gonna impact the performance of the network if you have a double-NAT?

On 27 August 2014 10:29, Patrick Dunford <kahuk...@gmail.com> wrote:

We are having to put the unit into a cabinet elsewhere and VLAN it across internal fibre to the perimeter but the Spark representative was most insistent that he didn't believe it was possible.

On Wednesday, August 27, 2014 9:02:57 AM UTC+12, Bevan McNaughton wrote:

In regards to the Cisco 2951's, is there nothing else in the range more 'space' friendly that is within Spark's approved range? So far the ones we've livened up on site are far in excess of fitting in a standard wall-mount Comms cabinet (SNUP grade), and I've only seen 2 sites so far that were able to be mounted.  I am keen to know of any creative ways these have been otherwise placed since some schools have sat them (either by themselves or Chorus) atop a comms cabinet rather than in it.

I apologise if this is somewhat outside of scope of this thread.

Regards,

Bevan

On 27 August 2014 08:56, Mike Etheridge <mike.et...@gmail.com> wrote:

So far I have not been given access to the router and have no indication that I ever will have. Indeed, it seems that N4L don't have any kind if write access and have to ask Spark to make changes on our behalf. Most unsatisfactory so far.

On 27/08/2014 8:28 AM, "Arnold Santos" <arn...@queenstown.school.nz> wrote:

Hi Tim,

Right timing because I'm about to move our connection to N4L. Got some concerns to clarify with regards to the managed network.

1. Regarding VLAN, I know they will provisioned the Cisco 2951 based on your network design but should we have an access to the web console on VLAN configuration once we transfer our pfsense config to their router? My concern is sometimes we need to make some changes on our internal network and most of the time we always do this during the wee hour of the night, e.g. VLAN, DHCP config. If I'm gonna use their setting that seems to be a one-size fits all profile at the moment, we don't have control of our internal network. The 1:1 redirection of their router to our pfsense will be the best case if that doesn't work. What should be the boundary with regards to this within the school internal network?

I have no problem with the filtering and firewall rules features

Can you give us an advice please.

Regards

On 27 August 2014 07:19, Pete Mundy <pe...@fiberphone.co.nz> wrote:

> So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

--

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Technical Coordinator 10.8
Apple Certified Support Professional 10.8

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Bevan McNaughton

Intranet Manager

Southland Girls' High School

328 Tweed Street

Invercargill 9812

Phone: +64 3 211 6030

Fax: +64 3 216 9010

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Technical Coordinator 10.8
Apple Certified Support Professional 10.8

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jeremy Nees]

Hi Sam,

Yes that is for one school, but is just the aggregate across the school so has the benefit of being multiple devices/sessions/etc. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Jeremy Nees]

Hi Alan,

Unfortunately nothing smaller at this stage, although we will continually be looking at the latest models coming out. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 10:36 am, Alan at Wadestown School wrote:

Apropos > In regards to the Cisco 2951's, is there nothing else in the range more 'space' friendly

Over the last few months I worked through the SNUP site design with the project manager from TorqueIP and one of the major considerations was creating a 'server cabinet' that was big enough to house the N4L router.

[Tim Harper]

Hi Sam,

I look forward to seeing our roll go over the 750ETF to make us eligible for 500Mb/s - and also seeing the RBI connection we are on be able to support it.  In the mean time I'm happy that our N4L connection via Spark is performing so all is good in our world. We never max it out (yet) but in time I guess we will.  There is no doubt that our data appetite will continue to grow - when I arrived in Wanaka there was only 48k dial up.  From there we went to a 1Mb/s iHug Starnet dish for downloads - uploads were sill via the phone at 48k.  We've been through various incarnations of DSL and fibre since then and it jsut keeps getting better. 

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Jeffrey Burke]

Spark really needs to implement their network security and structure on their provider gear so that the cpe stuff can be managed by the local IT people.  Having to wait for someone to wake up and get to work in order to do a simple firewall change is untenable.  Watchdog will give you access to the cpe if you prove you know what you are doing.  It's not like school IT people are idiots, I have CCNP making me probably as qualified or more so as the people I would need to pander to under N4L.  Why cripple schools unnecessary.  I hope N4L has managed IPv6 as spark native connections seem to have have managed and having that would have prevented at least a day worth of dodgey net when half the net core routers overflowed their available route memory and started pruning chunks of the internet.  Sure stuff like private shaped vlans between schools would need central configuration but handling of local address space (as long as it's not overlapping) with route advertising should be manageable locally otherwise you are just adding days to weeks to any internal network changes.

Sent from my Windows Phone

---

From: Jeremy Nees
Sent: ‎29/‎08/‎2014 2:10 p.m.
To: techies-f...@googlegroups.com
Subject: Re: [techies-for-schools] N4L: help freely given

Hi Mike,

We have taken note of the feedback from schools regarding firewall rule changes in particular, and have been working with Spark to get this happening more rapidly. 

Sorry I can’t give a more definitive response right now.

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 8:56 am, Mike Etheridge wrote:

So far I have not been given access to the router and have no indication that I ever will have. Indeed, it seems that N4L don't have any kind if write access and have to ask Spark to make changes on our behalf. Most unsatisfactory so far.

On 27/08/2014 8:28 AM, "Arnold Santos" <arn...@queenstown.school.nz> wrote:

Hi Tim,

Right timing because I'm about to move our connection to N4L. Got some concerns to clarify with regards to the managed network.

1. Regarding VLAN, I know they will provisioned the Cisco 2951 based on your network design but should we have an access to the web console on VLAN configuration once we transfer our pfsense config to their router? My concern is sometimes we need to make some changes on our internal network and most of the time we always do this during the wee hour of the night, e.g. VLAN, DHCP config. If I'm gonna use their setting that seems to be a one-size fits all profile at the moment, we don't have control of our internal network. The 1:1 redirection of their router to our pfsense will be the best case if that doesn't work. What should be the boundary with regards to this within the school internal network?

I have no problem with the filtering and firewall rules features

Can you give us an advice please.

Regards

On 27 August 2014 07:19, Pete Mundy <pe...@fiberphone.co.nz> wrote:

> So, let's start making this work ...

If you mean getting routes announced to the route reflectors at NZ's open peering exchanges... good luck!

--

Arnold B. Santos
ICT Systems Administrator
Queenstown Primary School
________________________

Apple Certified Technical Coordinator 10.8
Apple Certified Support Professional 10.8

This email may contain confidential information intended for the recipient. If you receive this email in error please contact me.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Click here to report this email as spam.

[Andrew Godfrey]

Hi Sam,

We have been testing our N4L for the last month with mixed results and even another drop out this morning - thank goodness we have a backup line and pfSense is soooo quick to change the default route.

As far as speed goes, we have a 500Mb line which I have managed to push about 460Mb through with a speedtest. PFsense is definitely not a bottleneck as I can get 960Mb through it when I have speedtests running over N4L, NEN, and SNAP concurrently.

Our speed usage usually hovers between the 150 and 200Mb mark during class time and drops off during class breaks and we have about 1000 student wireless devices connected during the day (plus another 500 staff laptops, netbooks and chromebooks on wireless).

I think my longer term plan might be to have just a 100Mb backup line with our local ISP and have pfsense automatically cutting over if / when N4L goes down as at the moment it is a manual process (albeit quick).

(Shameless plug warning)

What is also quite stable is our onsite LineWize web filter which does a fantastic job at filtering by user and computer.

Feel free to come again for a visit some time.

Cheers

_______________________________________

 

Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand

On 29 August 2014 12:35, Sam McNeill <s...@mcneill.co.nz> wrote:

--

[Jeremy Nees]

Hi Andrew,

Just checked with one of the guys and it sounds like the router had a memory issue this morning causing the drop out. I am just confirming, but I believe replacement memory + a memory upgrade is scheduled to head your way. 

I’ve also asked Paul, who heads our support teams to have a look through your migration and support history, to see what we can do to improve any mixed results. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Mike Etheridge]

If the N4L router in on the LAN, people from outside your school can see the activity by IP on your LAN. They can then make inferences which can be shared with third parties. Other visitors to our school are vetted, in most cases by police. We don't know anyhting about the people looking inside the router. You asked...

On Thursday, August 28, 2014 6:37:24 PM UTC+12, Tim Harper wrote:

<snip>

What specifically in regard to student safety do you see as being compromised by not using pfSense?

<snip>

[Mike Etheridge]

Yes, to transparent. Waste of time trying to filter secure stuff once a few ports are open. If you base any implementation of security on ignorance, e.g. your users don't know how to tunnel, you're kidding yourself.

<snip>

Are you using pfSense in transparent proxy mode to supply differentiated user filtering?  If so how are you managing https filtering?

<snip>

[Robert Baird]

We connected to N4L a couple of weeks ago and have seen pretty good performance. We're a high school with over 2000 students with the 500mbit plan. As at 15:10 today (school finished) for Spark Chch Speedtest server we get around 460mbit up and down, Vodafone Akl server scraping the roof of 400. LA Dreamhost server around 40 up and down. I'll do some testing on Monday and get some stats for peak usage. 

If anyone's got requests for speedtests for me to do yell out.  

Something we've heard on the grapevine is N4L filtering can hurt network speeds a bit. We've got an onsite firewall (Sonicwall) and haven't had any speed issues so far. A couple of strange ones where a small handful of websites get blocked randomly but that's the only complaint.

Rob Baird

ICT Technican

Hagley Community College

[Jeremy Nees]

Hi Mike,

All I can say is that we have some very interested techs here looking at your results. No answers yet, but we will keep looking into it.

Have a good weekend. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 10:08 am, Mike Etheridge wrote:

Hi People

This is a repost of one that failed - N4L issues! to the cloud backup thread. I hope this thread hasn't been created to keep the N4L problems out of view of people considering the tarsition. My advice right now would have to be to hold off. Read on….

I have to report that, having just transitioned to what is supposed to be a 500 Mbps N4L connection, we are also experiencing what appears to be session-based shaping, although I have had one N4L engineer insist very strongly that there is no shaping. (In general, I have found N4L staff to be very keen to listen and help). I'm sure that N4L intend that there be no shaping, but I don't think it's them that are doing it. It's Spark.

See if you can figure this one out:
For lots of reasons, including safety of our students, our LAN is behind a pfSense transparent proxy, on 10.0.0.0/8. This is not going to change. Basic reason: we are not allowed to work on the N4L router configuration ourselves.
Between the psSense box and the N4L router, there is a DMZ, 192.168.3.0/24.
From a laptop set up somewhere on the DMZ, it pulls good speed tests from everywhere (in NZ), up towards theoretical in the mid 400Mbps from some places.
From my desk, on the 10.0.0.0/8 LAN, I get 10 or 20Mbps  speedtest anywhere in New Zealand (ah hah you say, its your proxy…but wait!) EXCEPT from Wellington Spark server (and only the Wellington one), which I pull 470 Mbps from. Now, if it was my proxy that is the problem, the Wellington Spark server would also be slow.
If I move the pfSense box to another IP on the DMZ, behaviour doesn't change. If I put a laptop at the pfSense DMZ address, it goes good. You still think it's the proxy, right? Don't forget the good result from the Wellington server when behind the proxy.
The result is that users who were on 100 Mbps open peered connection from local ISP report that the N4L connection, which is supposed to be 5 times faster, is sluggish.
I get the same results if I tunnel out through a Linux box which has an interface on the LAN and one on the DMZ, i.e. good from Wellington, poor everywhere else.
It looks to me like Spark has set up their Wellington server, routing and shaping to give good test results (for benign line performance testing or nefarious wool-pulling, wouldn't know), but everything beyond that is shaped.

I would be very interested to see if other people get this differentiation between the default speedtest server and another one of their choosing - even another Spark one.

Anyone think of how I could defeat the shaping, given that a plain non routing host on my DMZ gives good results? I don't think I am being unethical wanting to defeat the shaping, as the N4L people promised us no shaping, and have reiterated "no shaping" several times, including in (electronic) writing.

Mike

[Mike Etheridge]

Hi Jeremy

Next week I hope to get enough time to try some of the tests your guys suggested, starting with plugging our router straight into the Spark router, effectively making our dmz a piece of cable and cutting out the layer 2 switch. I've set up some short TTLs on the DNS so I can move the LAMP server hosting our moodle and other services back on to the local ISPs fibre while we do this. Unfortunately the normal business of the school carries on during all of this. I guess what we are doing is getting all the passengers out of one plane and into another while they are both in the air. Can't say I'm not enjoying it at one level, but it is time consuming...

[Arnold Santos]

Do we have an access to any monitoring and analysis tools on router? How do we know who is looking on OUR network when we don't have access to the router itself?

Regards,

Arnold

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

[Mike Etheridge]

Exactly. That's why we use our own proxy. Some degree of privacy for our users.

[Clayton Hubbard]

Hi Arnold,

We have a monitoring platform that is been built and we are constantly improving to measure the different aspects of the network and ensuring they are performing as expected.

These things include all your Router statistics, Latency, Packet loss etc. This also extends into service availability (i.e. DNS etc)

We have a number of dashboards within our operations team that show the status of the schools and any alerts generated. We look to be as proactive as possible. 

We have a number of other tools available that the team use as well to see firewall logs etc for troubleshooting.

We are currently working through the process to make this available as we understand some schools would like the visibility.

Will provide further details soon.

Clayton Hubbard 
Senior Engineer, The Network for Learning Ltd

D: 09 972 2906 | M: 022 043 0155 | W: http://www.n4l.co.nz

A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Jeremy Nees]

Yep, just to emphasise what Clayton said, we are building these tools to make them available to schools. 

Unfortunately they aren’t all built with multi-tenancy in mind so are just working on this now. 

-- 

Jeremy Nees 

CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/

A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Arnold Santos]

Correct me if I'm wrong here, we have an existing infrastructure with those tools being used which we control then when we move to N4L now, we just surrender all of these things without any question, because they are not yet available. Would it be possible to retain this on our existing then once they are available, that will be the time we adopt this.

Regards,

[Mike Etheridge]

I kind of thought that is what we would be getting. Subtleties of no longer being open peered didn't occur to me. My bad. Until we get access to the tools, we will be looking for the lightest management and firewall possible and use our existing setup (which was working perfectly well). Even after having access to tools, we are wary of exposing the fine grain of our traffic meta data to outsiders i.e. down to LAN host level.

[Jeremy Nees]

Hi Arnold,

Sorry, didn’t 100% understand the question but our model allows you to keep your existing firewalls and/or filtering in place if that is what you want. You can also use a combination of both. At a later date if you want to change the configuration you can. Early on we had some feedback through the MLE group on what schools wanted (or didn’t want), and tried to cater for as many options as possible through deployment. We are also open to further suggestions and improvements - we expect to always have to be improving things and do want the feedback. 

Also to your last sentence, N4L isn’t compulsory if that is what you are asking. But again we are open to suggestions as to how we can cater for your needs so you can use what you want of our services. Each school goes through an audit and design process to try to create the right solution for you. 

Hope that helps and if you want to discuss I am more than happy to have a conversation. All my contact details are in my signature, and anybody can call me etc. 

Thanks and enjoy your weekend. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Mike Etheridge]

I see 450+ Mbps to and from my desktop *from Wellington Spark server only*. So I know the connection has this capability. Everything else down around the 10 Mbps mark. I can start multiple sessions on the same workstation and get 10 Mbps to each. Apparently this shaping is not intended by N4L and work is being done to find out what is going on here. Hoping for a resolution soon.

Mike

[Ict Manager]

On Saturday, August 30, 2014 6:07:28 PM UTC+12, Mike Etheridge wrote:

I see 450+ Mbps to and from my desktop *from Wellington Spark server only*. So I know the connection has this capability. Everything else down around the 10 Mbps mark. I can start multiple sessions on the same workstation and get 10 Mbps to each. 

gosh, that sounds exactly like per-client traffic shaping with the wellington spark server having its own rule. i can see the page on my security appliance where i could set it. are you sure its not your transparent proxy? we don't have fibre yet, but i've been setting up in readiness and i've got per-client limits with burst enabled on my MX100, with exceptions for some sites. if it is N4L that's quite scary to hear because it means they don't know what they are doing, if it is spark then that's a breach of the terms of the connection.

incidentally, we could only get a guaranteed minimum rate of 5MB/s from spark - on a 100M link.

[Mike Etheridge]

If it was the transparent proxy, then I wouldn't get the food Wellington result. There are no rules on the box applying to my workstation and none that target those destination domains. So a bit disturbing. ..

[Tim Harper]

Hi Flow,

At Mt Aspiring we used the Telecom/Spark Education+ connection prior to N4L.  It performed admirably and it was 90/10 too - that is how the RBI connections all work.  I did do specific testing to ensure that the circuit performed.  The Gen-i (as they were then) tech guys have an iperf server and I set up one at Mt Aspiring.  We were able to prove +80Mb/s tcp transfers consistently in both directions, including doing multi-session iperf testing.  Thus I expect that you will have no issues once your connection goes live.  If you do have any issues with Education+ I know who to contact to get things investigated.

This biggest issue that I have seen that by default the Cisco gear for Education+ came with a manually set 100/Full speed/duplex setting on it's NIC.  Because it is Cisco gear having the Cisco-facing NIC on your MX100 set identically is essential.  Having the Cisco-facing NIC set to auto/auto is not good enough.  Thus check the email documents that you get from Spark and make sure that the NIC on your MX100 that is connected to the Spark Cisco is configured for speed/duplex identically to the Cisco that Spark sends you.

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Jeremy Nees]

Hi All,

Sorry I haven’t had a chance to provide any info on this topic thus far today. 

As Andy said, if there are service issues, please do report them. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

On Wednesday, 27 August 2014 at 11:03 am, Andy Schick wrote:

Hi all,

Just jumping in here from the N4L side of things ... I'm a new poster on this particular forum, but I have met and know a few of you.  

I want to make you aware that we are seeing this conversation, and are noting the issues raised.  I know that on many fronts, including filtering granularity, peering and "shaping", work is being done to provide clarity and where necessary progress featureset development.  Given that I'm not technical, it would be foolish of me to attempt to convey more detail than this - as I'd almost certainly get it wrong.  

Having said that, if you have operational problems, PLEASE get in touch with us.  We have a team of really great engineers here to help get to the bottom of these problems.  As Mike has pointed out, they are keen to listen and help, and we do work through to resolution.  

While I'm sure we sure we won't resolve all operational issues and network clarity requirements today, I'll can make sure someone with technical authority posts here today to provide some more substantial information to help the conversation along. 

Regards,

Andy Schick

Marketing Manager, Network for Learning

On Tuesday, August 26, 2014 9:58:06 PM UTC+12, Tim Harper wrote:

Hi all,

This is a thread to bring queries about N4L to with a view to solving issues that people have.  The aim is for us all to work co-operatively to get things functioning to maximise benefits for schools.

I will start by declaring where I sit and many of you know this already.  I work with N4L to assist schools in two ways:

1. Transition Support:  primarily this involves supporting SchoolZone schools to move to N4L but I will help any school.  I frequently assist schools to support them with domain changes and email changes (mostly to Google Apps Education Edition)
2. ICT Advisory:  I work to provide advice to N4L connected schools to assist to maximise the benefits of their N4L connection.  See the summary at:  http://www.n4l.co.nz/ictadvisoryservice/

So, let's start making this work ...

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

--

[Robert Baird]

Speedtest to Singtel Singapore at our peak time today got 30mbits up and down (symmetrical). Our edge firewall had a maximum usage of 250mbits and hovered at around 70.

[Patrick Dunford]

I think you will discover NEN?  is about to be pulled, N4L has been running round all the participant schools getting them on in double quick time so they can stop the funding. They insisted one of our schools had to go live last week, in the middle of the day, only three days after they turned up to install the box.

[Patrick Dunford]

There is something I believe in the router's config that has Speedtest specifically listed in it (along with a whole lot of other sites like the ICT Helpdesk). A long list of exclusions - except I can't remember what for :)

[Mike Etheridge]

Same experience ourselves. Quite a big rush. Although, to be fair, they do seem to be pulling out all the stops to iron out the problems and get us up and running properly (not quite there yet…)

Mike

[Mike Etheridge]

Sure, but downloads are also affected badly. Getting a disk image down now is a real mission, whereas it should be a snap at 500 Mbps

Mike

[flow in]

what doesn't make sense is that you are not seeing this behaviour from in front of your pfsense firewall. if there was any kind of filtering happening with N4L, i'd expect to see it anywhere, not just in a small segment of the network. my debug radar says look at your firewall really thoroughly.

--

Flow In, MA hons Cantab, MSc | ICT Technician | WESTLAND HIGH SCHOOL

Phone: 03 755 6054 | Cell: 022 027 5107 | Fax: 03 755 6269 | i...@westlandhigh.school.nz
PO Box 154, 140 Hampden Street, Hokitika 7842
http://www.westlandhigh.school.nz/

WHAKATERE I Ā TĀTOU HAERENGA - NAVIGATING OUR JOURNEYS

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/pRdoJoPSH1E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.

[Mike Etheridge]

Sure - but why do I get good results from Wgtn. Spark server (only). No rules or routes on the firewall to cause that, not as far as I can see. Could be packet/retransmission errors between firewall and N4L router, but the exact same config on the firewall worked fine when connected to Inspire router. It's not straightforward…

Mike

[flow in]

that is the question. if a laptop in the dmz gets good speeds everywhere, then there is something specific to your firewall. i've never run a pfsense one. what hardware, what OS? unless there is a rule in outside config that targets the mac/ip of your firewall's external port (possible, i guess, if you've told them what that is) then it _has_ to be something in your firewall.

--

Flow In, MA hons Cantab, MSc | ICT Technician | WESTLAND HIGH SCHOOL

Phone: 03 755 6054 | Cell: 022 027 5107 | Fax: 03 755 6269 | i...@westlandhigh.school.nz
PO Box 154, 140 Hampden Street, Hokitika 7842
http://www.westlandhigh.school.nz/

WHAKATERE I Ā TĀTOU HAERENGA - NAVIGATING OUR JOURNEYS

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

[Mike Etheridge]

I'd say the opposite. If I get good to one site behind f/w and there's no relevant rules or routes, then it's not the f/w config. Maybe the hardware. The fast speedtest server also has lowest latency (not much in it) but might be enough to trip packet size change and cause difference. Pulling the whole show apart tomorrow to try to get to bottom.

PfSense doesn't run on an OS. It's a BSD distribution customized for use as a router and firewall - it's an OS plus a number of packages. I've got it running on a recent, custom built server box with dual Intel server grade NICs on board, should be no problem for it, generally running about 3% CPU. Hardware could be crook of course. Hope to establish if this is the case tomorrow.

[flow in]

queue limit on the interface? 

--

Flow In, MA hons Cantab, MSc | ICT Technician | WESTLAND HIGH SCHOOL

Phone: 03 755 6054 | Cell: 022 027 5107 | Fax: 03 755 6269 | i...@westlandhigh.school.nz
PO Box 154, 140 Hampden Street, Hokitika 7842
http://www.westlandhigh.school.nz/

WHAKATERE I Ā TĀTOU HAERENGA - NAVIGATING OUR JOURNEYS

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

[trevor storr]

I would take the speedtest server out of the testing and use iperf both in net and out of the N4L to establish the speed your connection is capable of.  There's an iperf package for pf, although from recollection the straight linux package has more options (which i suspect are also available from the command line in pf, not the gui).

Also have a look at you mtu and ensure they are optimal.

cheers

Trevor

Trevor Storr
Director of eLearning, CantaNET http://educo.vln.school.nz
Waimate High School
Waimate
New Zealand

[Mike Etheridge]

Getting stuck in with Wireshark and iperf tomorrow. Didn't know there was a pf iperf package, cheers for that, will look into it.

Mike

[Mike Etheridge]

That's a thought.

[Andrew Godfrey]

Hi Mike,

I wonder whether it is the Cisco filter proxy that is causing you trouble. I don't know if your speedtest to Spark wellington (222.153.223.206) will be passing through that filter or not but other speedtest servers will.

On 1 September 2014 17:04, Mike Etheridge <mike.et...@gmail.com> wrote:

Sure - but why do I get good results from Wgtn. Spark server (only). No rules or routes on the firewall to cause that, not as far as I can see. Could be packet/retransmission errors between firewall and N4L router, but the exact same config on the firewall worked fine when connected to Inspire router. It's not straightforward…

_______________________________________

 

Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand

[Robert Baird]

What image are you trying to download? Just downloaded a 1.2GB ISO from the UC mirror in about 3 minutes, although UC is basically down the road from us. 1GB from Citylink took 12min, 700MB from linux.org.au took 6min. We are not using any N4L filtering. 

Rob.

[Mike Etheridge]

Downloads of images from UC start slow (browser suggests 20-30 min) then slow down more, left for a couple of hours then I gave up. Smaller downloads from offshore, e.g wireshark stall on a mini connected to core switch but take about 5 min at my desktop out at the edge. Strange.

On 2/09/2014 10:12 AM, "Robert Baird" <bair...@gmail.com> wrote:

What image are you trying to download? Just downloaded a 1.2GB ISO from the UC mirror in about 3 minutes, although UC is basically down the road from us. 1GB from Citylink took 12min, 700MB from linux.org.au took 6min. We are not using any N4L filtering. 

Rob.

--

[Peter Mancer]

Guys

I agree with Andrew Godfrey.  The Cisco web filtering sends http and https requests to Cisco's proxy servers in Australia so I suspect that must have an effect on performance.  I understand that ACLs can be set up to bypass the proxy so maybe the fast local sites bypass this.

Kind regards

Peter

____________________________________________________
Peter Mancer
CEO & CTO
Watchdog Corporation Ltd
PO Box 314 008
Orewa 
Auckland 0946
New Zealand

Ph +64(0)9-426-1101 x797
Fax +64(0)9-426-1102
Mobile +64(0)21-366-469

www.watchdog.net.nz

peter....@watchdog.net.nz

This email is confidential.  If you received it in error, please notify the sender and delete the email.

Smarter Internet Management

[trevor storr]

Hi Peter,

I stand to be corrected but that will depend on if you are connected to the Auckland or Sydney Towers.

Trevor

[Mike Etheridge]

That's what I thought. N4L techs having a look at some switching issues on our network right now, but I'm wondering if they shouldn't just lift the filters and see what happens.

Mike

[Andrew Godfrey]

We've just removed all N4L filtering now which seems to have solved a couple of problems including eftpos over N4L.

You do have to make sure your internal filtering is running well if you do that though. Watchdog used to be our backstop on the NEN and we never had issues with them but I'm now wondering what else we could use as a backstop - probably some sort of DNS lookup service type of filter a la opendns.

_______________________________________

 

Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand

[Jeremy Nees]

Hi Trevor,

Just to clarify, you are all connecting through the NZ towers. 

-- 

Jeremy Nees 
CTO, The Network for Learning Ltd

D: +64 9 972 1676 | M: +64 21 919 220 | W: http://www.n4l.co.nz/
A: Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052
P: PO Box 37118, Parnell, Auckland 1151

[Tim Harper]

Tower 10101 here.

regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

[Craig Knights]

We used opendns some time ago.. Was a little bit slow... But usable for a couple of years...

[Peter Mancer]

Andrew

Watchdog is still an option for you as a backstop but there is a small cost.  Email me offline if you want more info.

Kind regards

Peter

Peter Mancer

CEO & CTO

Watchdog Corporation Ltd

Watchdog International Ltd

Internet Filtering and Education Service Specialists

Phone +64-9-426-1101

Mobile +64-21-366-469

www.watchdog.net.nz

www.watchdoginternational.net

[Pete Mundy]

Hi Jeremy

That is absolutely fantastic news. Especially so if it actually does happen! Thank you for passing it on.

I've just returned from a visit to our PBXs in the Vibe rack at 220 Queen. We have very fast access into APE from that location and I'm really looking forward to being able to route our N4L schools' VoIP traffic over that link too.

Regards,

Pete Mundy

Still on copper? We'll show you the light!

  www.fiberphone.co.nz | 0800 001-900

On 29/08/2014, at 2:07 PM, Jeremy Nees <Jerem...@n4l.co.nz> wrote:

Hi Pete,

Hope all is well in Nelson. 

Peering at APE for the N4L network is currently in delivery with Spark. I don’t have an exact timeframe for completion right now but it is happening (i.e. order in with Citylink)

Hopefully that’s good news :)

Thanks

[Pete Mundy]

Hey Jeffrey,

+1 for that IPv6 desire!

:)

Pete


On 29/08/2014, at 2:33 PM, Jeffrey Burke <Jef...@krs.ac.nz> wrote:

> Spark really needs to implement their network security and structure on their provider gear so that the cpe stuff can be managed by the local IT people. Having to wait for someone to wake up and get to work in order to do a simple firewall change is untenable. Watchdog will give you access to the cpe if you prove you know what you are doing. It's not like school IT people are idiots, I have CCNP making me probably as qualified or more so as the people I would need to pander to under N4L. Why cripple schools unnecessary. I hope N4L has managed IPv6 as spark native connections seem to have have managed and having that would have prevented at least a day worth of dodgey net when half the net core routers overflowed their available route memory and started pruning chunks of the internet. Sure stuff like private shaped vlans between schools would need central configuration but handling of local address space (as long as it's not overlapping) with route advertising should be manageable locally otherwise you are just adding days to weeks to any internal network changes.
>
> Sent from my Windows Phone

[Bevan McNaughton]

I can see device management from Spark's perspective where specific configurations may conflict with their infrastructure design - i.e. QonQ or other oddball requirements are strictly controlled.

Some of us are well capable of looking after our own gear (ever played with Juniper stuff?), but it's 'too hard' to know for every school who is capable of managing the gear and who isn't. It's easier for Spark to keep it in-house and keep track of each config where required.

That way they can't blame the school for issues like they automatically do now for non Spark managed routers..

Bevan

--
Bevan McNaughton

Intranet Manager

Southland Girls' High School

328 Tweed Street

Invercargill 9812

Phone: +64 3 211 6030

Fax: +64 3 216 9010

[Jeffrey Burke]

There in lies the problem with it, it is telecoms network for schools to use at telecoms leisure. We go from having the ability to make changes and test things to having to ask permission and hope for the green light. For most things that will work fine but will cause delays and complications when they may not be necessary. 

This is what happened at most of the UK LEA broadband providers.  While the N4L is so far shaping up to be much better in this regard I do hope that their standards and helpfulness don't slip when they have a network they are happy with and one or two schools want something a little different.  The UK variety ended up requiring harsh calls from school principals just to get ports opened after x weeks of fruitless helpdesk calls.

There is the risk that someone may mess up with config access but even transparent read access to the switch and router config at this point would let people know what the router is doing so they can trust the firewall and help with troubleshooting and suggestions.  A syslog output into the local network would also be nice to see when things change or misbehave.  Differing access levels like that have been built into cisco gear for ages.  If the config is changeable there could be safeguards in place like route summarization and route filtering to prevent people tripping over other ip ranges and the configs could be centrally backed up periodically.

Not as simple but built to be configurable and transparent as opposed to the situation now where local firewalls are in use because of the lack of transparency of the CPE equipment.

Jeffrey.

Sent from my Windows Phone

---

From: Bevan McNaughton
Sent: ‎2/‎09/‎2014 6:08 p.m.
To: techies-f...@googlegroups.com
Subject: Re: [techies-for-schools] N4L: help freely given

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Click here to report this email as spam.

[flow in]

it really sounds like n4l could do with hiring you, Jeffery.

--

Flow In, MA hons Cantab, MSc | ICT Technician | WESTLAND HIGH SCHOOL

Phone: 03 755 6054 | Cell: 022 027 5107 | Fax: 03 755 6269 | i...@westlandhigh.school.nz
PO Box 154, 140 Hampden Street, Hokitika 7842
http://www.westlandhigh.school.nz/

WHAKATERE I Ā TĀTOU HAERENGA - NAVIGATING OUR JOURNEYS

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.

--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/pRdoJoPSH1E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.