nanog mailing list archives
Re: who offers cheap (personal) 1U colo?
From: "Stephen Sprunk" <stephen () sprunk org>
Date: Sun, 14 Mar 2004 19:14:49 -0600
Thus spake "Vivien M." <vivienm () dyndns org>
Actually, you're forgetting what I think is the biggest reason for doing this: before the user registers via the web-based DHCP thing, they are shown the AUP and have to say they agree to it. If you just leave straight IP connections available in rooms, and people violate the AUP, they can QUITE credibly argue "But I never read this AUP". The web-based DHCP registration system prevents that.
Students have an existing legal relationship with the school; they can be required to accept the AUP in writing at some point during the enrollment process.
Other advantages would be A) It prevents students (or at least, all but the most clueful) from
taking
multiple IPs and having hubs and such in their rooms
There's nothing inherently wrong with that.
B) It makes it very easy to track what MAC address/IP address is which person, as you yourself admitted. Sure, this system requires a bit of
effort
to set up initially (though I think open source implementations are easily available), but afterwards, you don't need to have your most clueful
network
engineer dig through to try and figure out which room is what IP. If you lower the clue level required to operate an abuse desk, I would argue you improve its efficiency in many cases...
Tracking an IP address to a particular switch port via ARP and bridging tables is straightforward; however this relies on detailed cabling plant data.
C) It avoids issues of changing ports. Let's say I'm in room 101, and my friend Bob is in room 102. I take my laptop to Bob's room and plug it into the network and go and do something dumb... If you hunt down my MAC address to a particular port, it looks like Bob is the AUP violator. If you have a registration system, you know that this MAC address belongs to me, not Bob.
Or, if you use 802.1x, you can skip the MAC registration and identify the user directly each time he logs in.
Oh, and what about wireless networks? I have my nice 802.11b card, how do you propose to track that without MAC registration (or hackish VPN systems, which are also deployed in some campuses)?
802.1x S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
Current thread:
- Re: who offers cheap (personal) 1U colo?, (continued)
- Re: who offers cheap (personal) 1U colo? Eric Brunner-Williams in Portland Maine (Mar 15)
- Re: who offers cheap (personal) 1U colo? Christopher L. Morrow (Mar 15)
- Re: who offers cheap (personal) 1U colo? Paul Vixie (Mar 15)
- Re: who offers cheap (personal) 1U colo? Eric Brunner-Williams in Portland Maine (Mar 15)
- New email virus? Geo. (Mar 13)
- Re: who offers cheap (personal) 1U colo? Steven M. Bellovin (Mar 13)
- Re: who offers cheap (personal) 1U colo? Stephen Sprunk (Mar 13)
- Re: who offers cheap (personal) 1U colo? Sean Donelan (Mar 13)
- Re: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 13)
- RE: who offers cheap (personal) 1U colo? Vivien M. (Mar 14)
- Re: who offers cheap (personal) 1U colo? Stephen Sprunk (Mar 14)
- Re: who offers cheap (personal) 1U colo? william(at)elan.net (Mar 14)
- Re: who offers cheap (personal) 1U colo? Laurence F. Sheldon, Jr. (Mar 14)
- Re: who offers cheap (personal) 1U colo? Michael Loftis (Mar 14)
- Re: who offers cheap (personal) 1U colo? David A. Ulevitch (Mar 14)
- Re: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 14)
- RE: who offers cheap (personal) 1U colo? Andrew Dorsett (Mar 14)
- Re: who offers cheap (personal) 1U colo? Suresh Ramasubramanian (Mar 14)
- Re: who offers cheap (personal) 1U colo? Laurence F. Sheldon, Jr. (Mar 14)
- Re: who offers cheap (personal) 1U colo? Ken Diliberto (Mar 14)
- Re: who offers cheap (personal) 1U colo? Petri Helenius (Mar 15)