[GRLUG] Mesh networking, localnet and Internet infrastructure

Michael Mol mikemol at gmail.com
Mon May 18 16:33:41 EDT 2009 

On Mon, May 18, 2009 at 1:05 PM, Adam Tauno WIlliams
<awilliam at whitemice.org> wrote:
> On Mon, 2009-05-18 at 12:43 -0400, Michael Mol wrote:
>> On Mon, May 18, 2009 at 12:30 PM, Bob Kline <bob.kline at gmail.com> wrote:
>> > I wonder whether this is another reason
>> > Comcast got a yen for implementing
>> > monthly byte quotes.  A router ( I'm
>> > assuming this is a router? ) with that kind
>> > of range could provide free Internet access
>> > to a big piece of a neighborhood if no
>> > encryption is used.
>> I'm not certain that you actually need a shared key (or even RADIUS
>> auth, as in WPA-Enterprise).  Were I to implement something like this,
>> I'd want to use WPA2 with a TKIP pairwise cypher, but no key required
>> for associating with the AP itself; You get the benefits of encryption
>> between the user and the AP, as well as freedom from knowing a shared
>> key.
>
> I wonder if a current DD-WRT/Open-WRT box would have the features to
> support a mesh network; I thought they added WDS, but I don't know if
> they do WDS+AP which would be required for a real mesh.  But I've also
> heard horror stories about the compatibility of WDS implementations.

I'd have to read up on WDS.

>
> Given the scant resources available on an AP I'd just leave security
> entirely out of the network and have the client associate with the
> nearest AP and establish a tunnel to the gateway (leaving security
> between the client and the gateway).  In relation to clients let the
> mesh behave equivalent to an LER in an MPLS network.  That would also
> solve any trouble with bearing IPv4 over and IPv6 network, etc...

The logic behind WPA2 is pretty quick these days, and the encryption
is hardware-accelerated.  The bigger computational expense is going to
be routing.

Besides, part of the value of a localnet is to not *require* access to
the open Internet to interact with the local community.

>
>> Of course, you're still at the mercy of whoever controls the AP
>> hardware,
>
> Not if you just tunnel across the network to a "trusted" gateway.
>
>> Comcast has no say or control over it, with the exception that their
>> contract almost certainly prohibits resale and sharing of their
>> services. (All of the broadband ISPs ostensibly require one to only
>> have a certain number of computers hooked up to the Internet
>> connection, though their support techs don't really care.
>
> Their techs may not care, but if they catch wind of a large-scale
> redistribution their lawyers certainly will.

Yup.  And the only reason the techs don't care is because most people
don't intentionally allow their Internet access to be reached outside
their home.  They'll care about service theft as much as any other
division of the cable or phone company if it becomes obvious one is
intentionally acting in a manner that may deprive them of additional
service contracts.

-- 
:wq

More information about the grlug mailing list