Best WAP For Dense Crowds?

An anonymous reader writes "A local community organization has asked me to help them set up Wi-Fi access for an upcoming event, with some unusual (to me) requirements. All users (up to 500 people) will occupy a relatively small area and more-or-less have line-of-sight to the WAP, so issues like signal strength and wall penetration don't matter. Security also does not matter, as we plan to open this to anyone wanting to connect. Cost always matters, but we realize a $50 Linksys or three won't cut it here. In the past, I have used Cisco AP1200s for a few dozen users to great satisfaction, but they only handle 50 connections at a time, and practically count as antiques at this point anyway. My research on the matter tells me that 802.11n performs far better in this regard, but I want to support 802.11g as well. I have no objection to using two APs to split those apart (with n limited to 5.8GHz, as per the suggestion of several comments in a recent Ask Slashdot), but physical constraints make it preferable to minimize the total number of APs needed — Ten WRT54s might cost about the same as one Aironet, but I only have three good places to mount these. I welcome any suggestions and real-world experiences with similar situations, including the ever-popular Ask Slashdot refrain of 'What kind of idiot would do it like that, when you can just do this?' Ideally, I would like to know model numbers and how well they held up under real-world loads comparable to my situation."

Best WAP For Dense Crowds?

[theolein]

You don't have to hit 'em, mate. Just find another crowd that's brighter.

What's the event?

[rolfwind]

Will all 500 users connect at the same time and continuously (like some type of LAN party w/o the LAN) or is this much more haphazard and random with far less users at any one time?

Re:What's the event?

[MichaelSmith]

And why wasn't I invited?

how cheap? pfsense?

[itzdandy]

consider running a small pfsense box with a number of wifi adapters. You could pick up some cheap directional antennas to help limit connections to any one radio somewhat. Alternatively you could just run 4 sids and do a script to hide a sid when the user count got so high so the next users would only see the less loaded ones.

Re:how cheap? pfsense?

[itzdandy]

I might add that you are going to be stuck with 4 channels ( 1,4,7,10 ) which means that 500 people will be hard to support without highly directional antennas. Maybe try to split the space into 4 with directionals.

Re:how cheap? pfsense?

I did a little googling because I was worried about the number of clients. 802.11 uses CSMA which means that every client must wait for every other client to go silent before transmitting.

That means that you would have to take the minimum latency and multiply it by 500 since all clients will be equals. That puts you into 500ms of theoretical latency per packet.

What this means practically is that with 500 clients using all roughly the same bandwidth at 54Mb (unrealistic BTW) you would have just 110Kb per second available to each with 500ms+ latencies, which will compound exponentially.

Though on paper you might be able to show that ability to connect this many clients but realistically, on HIGH end hardware your are going to have a 50 client MAX simply because of CSMA requiring everyone to take turns but less any bandwidth sharing.

To make things worse, the amount of data having to be moved just to keep everyone connected and to communicate who is 1st,2nd,3rd, etc in line to speak is going to cut your bandwidth to a tiny fraction of the link speed.

I highly suggest that you take one of the early poster's advice and drag some cat5e around. You might have some lucky with 'CELLS' of WRT54g type routers with a carefully selected channel scheme where a set of 4 routers would have channels 1,4,7,10 and the next closest 2,5,8,11 and the next 3,6,9 and then start over. The channels will overlap somewhat but having 11 SSIDs for 500 people even with some channel interference would get you to somewhere around 50.

you could extend that to put some 5Ghz band routers in each router bunch and hope that people are fairly evenly split between G and 5Ghz N

Re:how cheap? pfsense?

[afidel]

Well, I would use true dual band WAP's and have the 5Ghz radios setup for 802.11a with an SSID per channel. 802.11n 5Ghz radios are fully backwards compatible with 802.11a.

Re:how cheap? pfsense?

[zappepcs]

This is the thing, more than one problem to deal with in the same physical space. Cheap AP equipment may give you issues under load. With just a couple connections a cheap Linksys will work fine, push the load on it and I find that performance degrades exponentially with traffic increase. Home routers are not built/designed for business loads, or 500 user environments.

The problems: limited mounting space, limited frequencies, limited to mix mode, client movement, (re)registration issues and so on.

Since none of us know the exact physical construct of your problem, suggestions of directional antenna systems, alternating channels etc. have to be used. Cellular systems work in similar ways. 11g mode pointing north/south on chan 2 and 8, 11g mode east/west on chans 5 and 11, ne corner with chan 3 etc etc etc. The low tech testing/wardriving to find the right power levels is a solid suggestion, though this might limit your choices of AP equipment. Pick AP gear that can give you flexibility with antenna systems, power levels, op mode and channel settings.

You will also have to adjust your planning to account for movement of clients. If they are likely to move from ne to se physically, will they need to re-register? Is that a problem? It takes a lot of thinking to get this job done. Enterprise gear will take you toward meshing, and on the pricier end of things move the control out of the AP to allow better performance independent of physical movement.

All of this can get a bit trickier if you have multiple floors with large signal loss between floors. At that point, antenna systems become a stronger tool. At some physical point you'll find clients seeing enough sig strength to end up bouncing on/off one ap and off to another, then back again, never really staying registered long enough to do any good. There you have to fine tune signal strength. Some of the higher end meshing gear gives you options to deal with that, but that becomes a budget issue.

Start with your fixed constraints, evaluate how fixed they are. With some antenna systems, you might find that you have room in more than three places to use APs which would dramatically change your overall problems. The actual AP gear you choose will help discern what you can do about the remaining problems. Don't be afraid to call a sales/marketing engineer for advice, it's usually given free at some level of interest. That's not even to mention this: http://lmgtfy.com/?q=how+to+set+up+mesh+mode+wireless+networking

I think that the process of trying more to understand what the real problems you will have is going to help you further figure out what you need to do.

One last thought, an extra 1500 bucks on the limo now is a lot less than you would spend to find one ready to go on prom night, so to speak. Read to see what the equipment on your short list does under load, how it works in high volume situations etc. that lmgtfy link might show you some good examples to read about.

Re:how cheap? pfsense?

[dgatwood]

And that's a pretty serious problem. In my experience (which admittedly is mostly as a user, not an admin), most OSes aren't happy with high-latency wireless networks. With a fast, low-latency network with no packet loss, it can take a couple of seconds to do a DHCP request. With a slow, high-latency link with packet loss, I've seen it take a couple of *hours* to do a successful DHCP request. Sadly, such connections are easy to get when you have a few dozen people on an AP downloading porn^H^H^H^Hmovies^H^H^H^H^H^Hlegitimate software bits.

Something you might do to alleviate this is to use the 10 network for all your access points. Never reuse IPs and set your DHCP server to cache IP assignments and always ack when a host requests to extend its assignment. Oh, and set the lease time to a month or something. Doing this should reduce the number of DHCP packets that have to be sent. IIRC, for a re-request, you're down to one packet in each direction instead of (at least) two in each direction. Of course, if you can't get the response back within about two seconds, the client is likely to give up and fall back to a full-blown DHCPDISCOVER....

You should probably use a fast switch with a fast backbone between the APs and your core router/DHCP server to minimize latency between the AP and your DHCP server.

I would not use the same machine for the upstream router and the DHCP server. By keeping those separate, you are further reducing the wired portion of your latency because your DHCP discover/request packets aren't getting backed up behind outbound network traffic on the wire. Be sure to use a reasonably fast box for the DHCP server and a FAST box for your router/firewall/NAT box. Do not, under any circumstances, use the NAT built into any consumer router boxes.... The CPUs just aren't anywhere near fast enough.

Get several radios going, crank the gain down as much as is practical without losing bars of signal as seen from the devices, use directional antennas to dice up the space into as many distinct zones as possible, and organize the zones to maximize the distance between APs on the same channel. I'd probably put external antennas spaced periodically down each wall in alternation, forming a series of alternating cone-shaped zones. The exact distances depend on the spread angle of the antenna and the width of the room. Alternatively, you might consider hanging them from the ceiling pointing down, spaced in a grid formation.

If you can, try to make your APs give top priority to DHCP messages, thus minimizing the number of these packets that get dropped before they make it out (in either direction).

Oh, yes, and turn off 802.11b support if you can. Allowing 802.11b means that every packet sent at high speed requires additional crap before and after it so that the 802.11b radios don't choke. If that's not possible, set up a separate segregated network for legacy 802.11b clients and stick it on its own channel---probably one AP for the whole room.

Finally, if at all possible, make sure your DHCP server sends ACK using unicast where possible. AFAIK, every major OS should be able to handle this. IIRC, broadcast packets on 802.11 are particularly expensive. The more you can minimize them, the better off you are. While you're at it, crank up the multicast rate (basically, the minimum signal level that a client must maintain before the AP throws you out). This will force clients to associate with new stations more frequently, but should increase network performance and decrease latency under (particularly multicast/broadcast) load.

Oh, and one more thing. I'd like to echo the comments about not using home router gear. Get yourself Cisco APs. Most home routers just don't have the CPU to keep latency low enough when routing that much traffic, and many don't have sufficient control over power levels, external antenna jacks, etc.

you will need more than 2 APs

[jeffstar]

there was a slashdot the other day about the wifi at a python conference.

any AP is only going to handle 50 users or so because 802.11x is contention based.

So go ahead and get yourself 10 APs, spread them out, and make sure the ones near eachother are on different channels.

Re:you will need more than 2 APs

[Vancorps]

Or buy two Xirrus units which are all in one turn-key arrays of access points all that will auto-tune for you. They have a 16 access point and an 8 access point versions that would handle this setup without any problem.

Re:WAP?

[KiwiSurfer]

WAP = Wireless Access Point.

Mikrotik a possible choice?

[lordsilence]

Even though they're suspected GPL offenders (opinions differ) I still have to put in my word for mikrotik. These guys know how to build wifi in rural areas with plenty of subscribers, stable hardware and good software at low cost. Even their cheaper products are very well up to the task and can be expanded upon with different wireless-transmitters and antennas. If that is not enough you can always look at their more "enterprise:ish" products. I've only good things to say about them, and we used their products for well over 5 years when we still ran a WISP.

Re:Mikrotik a possible choice?

[tagno25]

try Ubiquti instead for just an AP (or CPE)

Choices

[the+eric+conspiracy]

I have a Netgear WNDR3700 that I use as an access point. It has a lot of good features including two independent radios (2.4 and 5 GHz), gigabit switch and a pretty fast processor. It is about as good as it gets for hardware of its type.

The firmware based on OpenWRT. Some of the features like the attached storage are dodgy, but that doesn't matter for this application.

For your application though - high density, lots of users why don't you take some of the load off the airwaves by offering wired connections too? People who aren't actually physically roaming will appreciate the choice and better performance of wired.

Meru Networks

[zerofoo]

Not the cheapest stuff, but Meru's access points and controllers will allow you to run all the APs on one channel, and the controller "load balances" the users across the available access points within reach of the client.

We use them at my place of employment (6 APs scattered throughout the building servicing around 200 laptops), and the performance is quite good.

-ted

Not cheap, but...

[mmccarn]

Xirrus 'Arrays' are designed for what you're doing. I've used 2 4-radio Xirrus arrays to serve 240 users in a single ballroom. http://store.xirrus.com/SearchResults.asp?Cat=4

Re:Not cheap, but...

[Kizeh]

The parent means Xirrus will cause the event organizers to mortgage a house. Still, Xirrus can have tons of radios in one device, all with segmented antennas, and they really are a good fit for this kind of stuff. They even have a pole/tripod mounting option where you can set up more if need be. See about the sponsoring or maybe renting.
Alternatively, get external 60 degree segment antennas for something like Cisco 1250s and do hexagonal cells, like wireless carriers do. For dual band MIMO you need six antennas per AP, so it'll get out of control mighty fast.
Worst case, get a bunch of APs, have three of them use the three 2.4 GHz channels with MIMO (but no channel bonding!) and as many 5 GHz ones as you can, since you have many more non-overlapping channels to work with. Chances are that anyone stuck on 2.4 GHz is going to hate life. Plan power levels as well, and don't run radios hotter than they need to be, despite the temptation.
Also, very, very important: DISABLE LOW DATA RATES. Mandate 5 or 11 Mbps as the lowest supported rate at all the radios. Otherwise the 1 Mbps Nintendo DS's and phones will eat up all the airtime and starve everyone of access. If you can get away with turning off 802.11b support and only offering 802.11g on 2.4 GHz, do so.
Finally, ignore any comment suggesting consumer gear.

airport extreme

[saleenS281]

It won't have anywhere near the granularity in configurations, but I will say apple airport extreme's tend to "just work". They support both g and n operating at the same time since they have multiple antenna's, and they also have a sort of sandbox guest environment you can set.

If you want fall-down easy to setup and manage, they'll get the job done. If you want granular control, don't waste your time. I got sick of trying to make dd-wrt work with WAP, wireless-n and g at the same time a year ago, and just bit the bullet on the apple units. I can say it's been one purchase I don't regret.

consumer equipment is the wrong answer

Background on me to qualify my comments: I am a cisco engineer specialising in wireless and security. My product recommendations later come from this experience but there are other products capable of the same performance such as the aruba equipment which would be my close second recommendation but i have no specific product knowledge.

I think you need to refine your requirements. It is highly unlikey that a crowd of 500 people will create 500 connections. You will probably end up serving 100-150 clients simultaneously but not all of them requesting data at the same time unless there is something specific that all users need to connect to at the same time throughout the event.

Without much better information everyone is just throwing out a product, not a design. And as you clearly are not a wireless expert (as you asked for 802.11n "as well as .11g) i would recommend finding someone who is to consult properly.

And for those suggesting consumer products, your dreaming. Without some form of spectrum management in this situation the asker is doomed to provide a very poor service with no roaming and massive 2.4ghz congestion. In addition, those people recommending wired access, WTF? You very clearly do not understand what you are talking about. Are you expecting 500 desks with RJ45 ports, or multiple 48 switches places around the room for people to huddle around with their laptops (and only laptops as no mobile device even has an RJ45 port). This is clearly a fallacious argument.

Answer the following questions and we can all get very specific.

3 points to place APs. Is this to physically mount or a cabling limitation? Can you mount more but have no cabling? Un-manged switches can help with this for less than $50 each. If only to mount then you are stuffed, There is nothing out there that will handle 500 clients with any useful service. It's not a limitation of the products it's the contention of the medium as mentioned earlier.

What services are they accessing? Are they local or is it just the internet? If the internet, what is the upstream bandwidth available? If local access at high speed (100Mb/s +) then you will end up with contention issues. If it is the internet and the pipe isn't fat you are not looking at contention issues you are looking at number of users connected. Most modern APs do not have practical limits of associated clients but most recommend around 25 per AP.

What is the nature of the event? Basically, are you providing a service that is required constantly throughout the event leading to 100% of attendees connecting all the time. Also, are users accessing a high bandwidth service (streaming video for example) all the time or things like static web pages delivered via http? The later will deliver small amounts of data to each person but will then take time to read by the attendees al will also be cached locally meaning subsequent connections will require even less bandwidth. If streaming video, someone should have though of this earlier and you will need a consultant/engineer 100% or expect to fail.

An off the cuff answer without the above knowledge assuming http type data required, cabling limitation not mounting, the more realistic 150 simultaneous users and internet link at less than 30Mb/s:

1x Cisco 2112 Controller (100Mb ports not important as limited upstream)
5-9x Cisco 1142 APs (very nice 802.11n dual band with the ability to force people to move to 5Ghz if they have it 6.0+ code)
3x gigabit unmanaged switches (something like dlink DGS-1005D)

It would not be far fetched to contact decent size Cisco/Aruba/VendorX partner and get loan equipment for a price + a consultant as part of the deal.

Aruba

[mixmaster]

Saw a presentation of the new Aruba 3 OS last week, and also got a demo of the AirWave used in the Aruba headquarter. This is a very good solution if you want to have full control and it's an event that you want to have control over and maybe have them on a regular basis. Could be that it's an overkill for this kind of event, but take a look here http://www.airwave.com/resources/demos/ to get a some new thoughts. It can also give you a heatmap of the coverage of all your AP's around in the event area.

Use ALL 14 WIFI channels !

[Taco+Cowboy]

I have read very good recommendations of having cells of WIFI routers giving 1,4,7,11 in one, 2,5,8,12 in another and 3,6,9 in the third, why lock yourself in?

In Japan, you can use all the 14 WIFI channels, and if your event is the ONE TIME thingy, use all 14 channels !

Do a 1,5,9,13 on router A, then 2,6,10,14 on router B, then 3,7,11 on router C and 4,8,12 on router D on group them into one cell.

Try push all the users of router C and D to 5 GHz band, router B to 3.6 GHz band and router A to 2.4 GHz band.

Use directional antennas, aim router A to North, router B to East, router C to South and router D to West.

Then set up cells within the premise.

In that way the signals that overlaps are not of the same channel, and not in the same frequency band either.

Only one vendor can do this right...

[kidMike]

Wow, that's a string of misguided replies, with the occasional person that actually knows what they're talking about. Full disclosure: I'm an engineer for Aruba Networks, and this is exactly the kind of thing I/we do regularly. I've personally done the Interop shows in Javitts Center in NYC, the All-Star Game at Yankee Stadium, and various other conferences with 1,000 or more people. As a company, we've done the wireless network at Black Hat for years (without one failure or hack), the HoPe conference, as well as most of the hotels and conference centers in Vegas. Oh yeah, and every US Air Force base in the world. If you want this to work, here are the unique features that ONLY Aruba Networks provides for high density deployments (all without needing software on the clients or CCX extensions in the NIC card)...


- Band Steering: Use dual-radio access points. The Aruba gear detects if a client supports both 2.4g and 5g, and moves the client automatically to the 5g band, which is cleaner and has more channels available.
- Spectrum Load Balancing: Every vendor offers load balancing: there are 10 users on AP-1/Channel 1, and 20 on AP-2/Channel 6, so put the next user on AP-1. This ignores the fact that the only resource you're really constrained by is the amount of spectrum in use, not the number of users on an AP. If those 10 users are using most of the spectrum of Channel 1, while Channel 6 isn't being used as heavily by the 20 users, you'll get better performance by balancing the user to the less-utilized spectrum, rather than the lowest user-count AP.
- Co-Channel Interference: The Aruba architecture knows when a client is within range of two APs on the same channel, and schedules transmissions out of the APs so they don't collide in the air.
- Adjacent channel interference: Aruba ecognizes that there *will* be some bleed between transmissions on adjacent channels, and manages transmissions to avoid that.
- Airtime Fairness: Aruba recognizes the different client phy types (802.11a, b, g, and n-2.4/n-5) and allocates certain amounts of airtime to each client, so those old 11b clients don't drag your 11n clients to a screeching halt.
- Channel Reuse: modifying the collision threshold on the channel to allow you to reuse channels in much closer proximity to one another than normally possible.
- Dynamic Multicast Optimization: The APs can detect a multicast stream and determine if it's better to send the stream to all multicast clients at one, but at the normal lowest data rate, or convert the stream to a series of unicast transmissions that can be sent to each client at a much higher rate.
- Mode-aware Adaptive Radio Management: Deploy as many APs as you want. The Aruba architecture will automatically turn on (or off!) individual radios based upon RF needs; too much RF is worse than not enough, in most cases.
- Client bandwidth contracts: Set a rate limit for each user, so one person can't use half your bandwidth.
- Policy Enforcement Firewall: Allow your users to only do what protocols you want (http, https, dhcp, dns), and block all the others. iTunes/Bonjour/MulticastDNS from Apple products will KILL your network otherwise.


If you want more information on the physics of these methods, check out this white paper which has more info than you'll want to read:
http://www.arubanetworks.com/pdf/technology/whitepapers/wp_ARM_EnterpriseWLAN.pdf

Now, all of that said, here are some BAD ideas that people have suggested:

- Use all 14 channels!
------ Not only is this illegal almost everywhere, but most clients will use the operating system's country code and only use the channels that are supposed to be available. In the U.S. for example, only channels 1-11 are valid; client devices won't try to use channels 12-14.

- Use channels 1, 4, 7, 10 on one group of APs, then 2, 5, 8, 11 on the next set....
------ TERRIBLE idea. Because 802.11a