Monday, September 1, 2014

Making Your Private Network Public. Hello, World. Got DHCP?


I want to talk about one little issue that keeps popping up over and over to reiterate something that might be overlooked, as it is so many times in the field:

DHCP Scope Size on Public Wireless Networks

It sounds ridiculous, I know, but I've had to troubleshoot so many networks where the DHCP scope was not configured to:
  1. Accommodate the number of users that were anticipated to join the network, 
  2. Have the appropriate lease time set to expire out the clients that were no longer there.

My advice is to keep in mind the combination of those two items in order to properly plan out your network. Building out a public wireless network isn't just about providing great RF coverage and signal quality, it's about making sure the network capacity is there, and the network is set to support the onboarding of so many new users.

As a best practice what I do, for a number of different reasons including security and networking configuration, is set the access point up as a DHCP server, if it's supported, for the guest network. Grant most of the deployments are single AP in retail, however in an enterprise environment there is usually a controller or cloud service that allows me to do to support multiple APs. Since the guest network is usually the lowest priority and offered as an amenity, I don't have to worry about routing or static IPs, specific ports being opened up, etc. Segmenting it onto it's own subnet and enabling client isolation on the AP is usually the recipe I use.

One of the key reasons that I started to use DHCP services on my own equipment, aside from any networking configuration the end user might have, was for ease of install and desire not to tinker with something on the customers existing network.  

I don't have to tell any integrator how many times I've been to the customer site, plugged in a piece of equipment that does nothing other than receive a DHCP lease from their server, and I'm the one who ends up destroying the network because of a static IP issue. The way I figure, the less interaction I have with their network, the better. Most retail plays and a majority of one-offs are an over-the-top service to their existing infrastructure, so this saves me and the customer some heartache.

The one thing that I think gets overlooked the most is the DHCP lease time. If you have a router that's unable to set the DHCP lease time and you're thinking about making your network publicly available or offering free Wi-Fi, go buy something that supports it. 

Secondly, when setting your least time think about how much time the average user spends at your facility, shopping mall, coffeehouse, etc. and set the lease time according to that. Each situation is different and there is no specific time that fits for everyone. An hour at a coffee shop, 3 hours at a clothing store, 6 hours at a mall, 8 hours at my pediatrician (seriously, she must have the worst waiting room time EVER.) The key here is to have the leases expire as soon as they can so that everyone has a fair chance at getting on the network. Keep in mind, the lease will be re-requested at the halfway mark; if it's set for 3 hours, 1.5 hours into it a DHCP transaction will fire off.



I've seen it happen too many times where the size of the pool is usually appropriate but the least time is not appropriate (usually it's set to the factory-default 24 or 72 hours). That means you have to wait a day or so before those leases expire. For the next 12 to 36 hours, those clients that have long since gone are taking up spots that could be given to other users who are trying to use network resources.

In the almost perfect storm case of a local shopping center in the Silicon Valley area:
The least time was set to 72 hours, the standard default setting up at Draytek router. There's a great restaurant in there that usually has a great lunch and dinner crowd. All it takes is a busy lunch and dinner where before you know it 200 leases are dished out .. and hung on to for a day and a half. By the time the lunch crowd comes in the next day, they're down to only a few leases that have expired out, and by day 3, there are no more or very few IPs.

All in all, I guess the point of this whole post just to make sure that you check the DHCP server when you decide to offer free Wi-Fi access. There's so many things that can go wrong with the network, taking for granted the DHCP is working fine is a simple oversight they can affect everything. 


No comments:

Post a Comment