Log in
Register
Home
Forums
New posts
Search forums
What's new
Featured content
New posts
New profile posts
Latest activity
News
Members
Current visitors
New profile posts
Search profile posts
Features
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
New posts
Search forums
Menu
Install the app
Install
Reply to thread
Home
Forums
Pro Audio
Varsity
Large scale concert production TCP/IP networking
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Jeff Stevens" data-source="post: 48683" data-attributes="member: 236"><p>Re: Large scale concert production TCP/IP networking</p><p></p><p></p><p></p><p>I second everything Tim said except turning off the encryption. There is a huge risk in doing that for a small performance gain. Just because your SSID is not being broadcast does not mean that the network cannot be found. There are scores of utilities that can sniff out non-broadcasting networks and the traffic going across them. Given just a few packets, they can determine your IP address scheme and how to spoof any network application, subjecting you to a possible Man-in-the-Middle attack. While I believe that most are just innocents looking for the quickest way to Facebook, it is never a good idea to leave the front-door unlocked.</p><p></p><p>The way I tend to do these things is every rack gets a network switch. All static devices get an IP address statically assigned (i.e., if it is mounted in the rack, then it is static to that rack) with the rack number (e.g. 192.168.[Rack Number].[Device Number]). Then, the master rack that holds the intercom, also gets a managed gigabit switch and an enterprise router. Every rack then connects to that switch in its own VLAN using the gigabit uplink ports and routing between networks is handled by the router, also through a gigabit port. This way, I can talk to any device and if any of the links goes down, the rack will still function individually. Plus, using the router, I can block certain traffic from talking to each other to reduce overhead (to make device discovery easy, things like wireless use a lot of broadcast traffic to identify themselves, but this goes to all devices in the LAN, wasting their resources) and enable Quality of Service so audio traffic is prioritized over data.</p><p></p><p>I only use wireless for "client" machines like laptops and tablets. I prefer keeping the number of access points to a minimum since most consumer access points do not have the ability to adjust their frequency to avoid conflicts with adjacent access points. I secure the networks by disabling SSID broadcast, disallowing users to connect to the access points' admin functions through the wireless itself, and using WPA 2 encryption. If you know all the devices that are going to be connecting to any given WAP, you can also use the MAC address filter. Generally, it is a PITA to administer if you want to change to a new device, but it will prevent the WAP from responding to any requests from devices it does not recognize (it is very easy to spoof a MAC address, though, so you still need the encryption to prevent that data from from being stolen).</p><p></p><p>~Jeff Stevens</p></blockquote><p></p>
[QUOTE="Jeff Stevens, post: 48683, member: 236"] Re: Large scale concert production TCP/IP networking I second everything Tim said except turning off the encryption. There is a huge risk in doing that for a small performance gain. Just because your SSID is not being broadcast does not mean that the network cannot be found. There are scores of utilities that can sniff out non-broadcasting networks and the traffic going across them. Given just a few packets, they can determine your IP address scheme and how to spoof any network application, subjecting you to a possible Man-in-the-Middle attack. While I believe that most are just innocents looking for the quickest way to Facebook, it is never a good idea to leave the front-door unlocked. The way I tend to do these things is every rack gets a network switch. All static devices get an IP address statically assigned (i.e., if it is mounted in the rack, then it is static to that rack) with the rack number (e.g. 192.168.[Rack Number].[Device Number]). Then, the master rack that holds the intercom, also gets a managed gigabit switch and an enterprise router. Every rack then connects to that switch in its own VLAN using the gigabit uplink ports and routing between networks is handled by the router, also through a gigabit port. This way, I can talk to any device and if any of the links goes down, the rack will still function individually. Plus, using the router, I can block certain traffic from talking to each other to reduce overhead (to make device discovery easy, things like wireless use a lot of broadcast traffic to identify themselves, but this goes to all devices in the LAN, wasting their resources) and enable Quality of Service so audio traffic is prioritized over data. I only use wireless for "client" machines like laptops and tablets. I prefer keeping the number of access points to a minimum since most consumer access points do not have the ability to adjust their frequency to avoid conflicts with adjacent access points. I secure the networks by disabling SSID broadcast, disallowing users to connect to the access points' admin functions through the wireless itself, and using WPA 2 encryption. If you know all the devices that are going to be connecting to any given WAP, you can also use the MAC address filter. Generally, it is a PITA to administer if you want to change to a new device, but it will prevent the WAP from responding to any requests from devices it does not recognize (it is very easy to spoof a MAC address, though, so you still need the encryption to prevent that data from from being stolen). ~Jeff Stevens [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
Pro Audio
Varsity
Large scale concert production TCP/IP networking
Top
Bottom
Sign-up
or
log in
to join the discussion today!
