[ietf78-tech] Notes from July 5, 2010 IETF78-Tech call

Jim Martin jim at daedelus.com
Tue Jul 6 06:39:53 PDT 2010 

	Again, thanks to Geert Jan for taking the notes!

	- Jim

---------


		Minutes IETF78 conf call
		Jul 5 2010, 17:00 UTC

Attendees:
	jim
	chris
	sjoerd
	john
	menno
	randy
	karen
	rob
	geertj (scribe)


1. Shipping
Chris:	Final list sent to Verilan on tuesday.
	No response yet, no shipping quote received yet
	Little uncertain about fiber jumper cables
	19 SFP's
	Will get 2nd quote from Stephanie once Verilan quote is in [Jim: Unlikely ... we'll just go with sho-air]
	
	We're likely to use same (or similar) equipment in Beijing.

Jim:	need to confirm Juniper router loan

	What VM's will we use? Basically IETF75, w/ changed (and un-changed)
	IP's and vlans for Anaheim

Randy:	Beijing crew wants to know software for DNS, DHCP, ...
	Chris to answer

	ACTION: chris to ping verilan on quote / shipping
	ACTION: jim to confirm loan with Juniper
	ACTION: chris to give DNS, DHCP, ... software details to Beijing crew


2. Initial Design
Jim:	similar to IETF75 design: same vlans, same addressing.
	Added: 2 vlans:
		outside <--> portal box
		portal <--> inside



3. VM's
	VM's are being upgraded to FreeBSD 8. 
	Chris is working with Joel on this.
Rob:	should we use FreeBSD 9? 
	Randy: I'm using it, no issues, but it is early.
	Consensus is to stay with FreeBSD 8 for now.



4. Captivator (portal)
John: 	Experimenting with test setup, small Dell + switch
	test at ietf-nac.route-views.org (XXX does not exist)
	Initially no IPv6, John added ip6tables support and IPv6 works now,
	 auth is IPv4 only.
	captivator ties MAC <-->IPv4 address, this means IPv4 addresses
	 should not chance, hence loooong DHCP leases.
	performance: iptables+ip6tables, uses hashing, looks workable.
?:	q: same MAC on different VLANs yields different IP,
	 does this work? a: yes
?:	q: does one need to re-auth if IP changes? a: yes
?:	q: what will this do on the on the 3 MACs/token limit? a: we'll see
randy:	q: 3 MACs: is that simultanious, or total number of auths? a: tbd
geertj:	q: doesn't understand as it takes manual effort to change from
	 802.11a capable VLAN to somewhere else, then why fuss about re-auth?
	 a: Such a move indeed will need manual config work, hence re-auth
	 is no big problem.

	freeradius author heard about this and is interested, offered to help

	ACTION: rob  to contact freeradius author



5. captive portal hardware
jim:	menno, we'll need 2 more servers, problem?
	 we don't have specs as we're still experimenting captivator,
	 but we'll need 2 ethernets. menno: no problem, I need to confirm
	 RIPE NCC IT mgr (brian).
john:	q: captivator box wants 3rd NIC as mgmt port. Problem?
	 a: RIPE to check / buy
	john to send captivator specs to list
	consensus is to run freeradius on services

	ACTION: NCC to confirm availability of 2 more servers, with 3 NICs each
	ACTION: john to send captivator specs to list


6. printer
sjoerd:	NCC printers survived the flood, are OK, need to ask IT mgr for avail
	q: get extra toner

	ACTION: Sjoerd to confirm 2 printer avail with brian, and get toner



7. name / SSL cert for portal
	work in progress. Since this will go via CA, better inform the
	powers-that-be that they can expect a request and need to approve.



8. status 130.129.0.0/16 
geertj:	IP is still hot. Jim to coordinate to stop announcements

	ACTION: jim to have ICANN net folk undo BGP config 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100706/497d8a80/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3675 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100706/497d8a80/attachment.bin

More information about the ietf78-tech mailing list