Can't use australianfrequentflyer from Virgin lounge wifi in Brisbane

[greenfish]

I am still puzzled why people think restricting the lounge wireless will reduce problems, do you honestly think a better class of people is in the lounge versus outside it? Until a few years ago I must admit I did, until I had my laptop stolen, and on reporting it to the lounge manager I was told they had lots of issues including the rather large PCs walking.

There are two main benefits of restricting access:
1. Performance. Extra illegitimate users will be sharing the existing bandwidth - reducing performance for legitimate users.
2. Accountability. If authentication is tied to something like Velocity, all access will be able to be traced to an individual.

 

[markis10]

There are two main benefits of restricting access:
1. Performance. Extra illegitimate users will be sharing the existing bandwidth - reducing performance for legitimate users.
2. Accountability. If authentication is tied to something like Velocity, all access will be able to be traced to an individual.

Both are easily solved without the need to restrict open access, via deep packet inspection bandwidth management! Under law a hotspot operator does not have the same interception and accountability requirements of a last mile carrier negating the need for authentication, whilst modern APs can easily handle 200 users at full speed, giving the BNE lounge a capacity for 400 users connected to a DSL service that would deliver a residential like contention ratio or very little service problems. No one expects a lounge to have fibre like wireless service, so I think the issue with cling on users is somewhat overstated.

A legitimate user on the network could just as easily post something that blocks the IP address as a user outside the lounge, or a mods fingers could slip and result in a lounge user getting a banned IP address rather than a simple deleted post.

 

[greenfish]

Both are easily solved without the need to restrict open access, via deep packet inspection bandwidth management! Under law a hotspot operator does not have the same interception and accountability requirements of a last mile carrier negating the need for authentication, whilst modern APs can easily handle 200 users at full speed, giving the BNE lounge a capacity for 400 users connected to a DSL service that would deliver a residential like contention ratio or very little service problems. No one expects a lounge to have fibre like wireless service, so I think the issue with cling on users is somewhat overstated.

A legitimate user on the network could just as easily post something that blocks the IP address as a user outside the lounge, or a mods fingers could slip and result in a lounge user getting a banned IP address rather than a simple deleted post.

It is just sound design to minimise signal spill from the lounge; this minimises the risk of interference with other APs, and reduces opportunities for eavesdropping. I've successfully connected to the Virgin lounge from the Skytrain. That's sloppy design, in my view.

I'm personally ambivalent about authentication; yesterday's issue was the first issue I'd experienced with Virgin lounge wifi and I'm sure you're right, it was either created by a legitimate lounge user, or perhaps someone who forgot to log-off from one of the shared PCs.

If I were Virgin though, I'd certainly prefer not to have clusters of people blocking the airport passages and leaning against the outside of the lounge; having open wifi encourages this.

Bandwidth management cannot discriminate between legitimate users and those people leaching the bandwidth. More users = less performance. I don't know how many people use wifi concurrently in the lounge, but I doubt it is more than 20% of those in the lounge (and can they really fit 400 in the BNE lounge? Gosh you'd hardly be able to move). I suspect that 20 or 30 people on the outside can use similar amounts of bandwidth to those inside.

 

[markis10]

Bandwidth management cannot discriminate between legitimate users and those people leaching the bandwidth. More users = less performance. I don't know how many people use wifi concurrently in the lounge, but I doubt it is more than 20% of those in the lounge (and can they really fit 400 in the BNE lounge? Gosh you'd hardly be able to move). I suspect that 20 or 30 people on the outside can use similar amounts of bandwidth to those inside.

It certainly can and can be very granular, to the point where a spammer could be locked down in microseconds, peer to peer blocked etc etc. Legitimate users tend to have an app profile that's very consistent, making such control easy. For eavesdropping, again most corporate users would already have that covered through VPNs, they have been around since 97 ( I used to work for a company that acquired Shiva, one of the first remote access pioneers in the 90s).

If someone wanted to create havoc, it would be far easier to use a SSID of free wifi for instance and sit back with wire shark etc and enjoy the spoils, it happened recently in WA at a convention! As for leakage etc, really irrelevant, beam steering/forming and microcell management make the chances of interference minimal on a modern AP for the intended users, and there is not much you can do to stop a signal leaking out of a lounge via the windows to a station 200m away without reducing the signal strength for the intended users, which might be high in the first place to overcome jitter/RSSI if cell management is not in place.

I think the lounge has better priorities to worry about, after all the competition has the same setup for over 12 years.

 

[AsterisK]

for what it's worth, the 1 megabyte per second bit torrent speed at BNE is great

 

[greenfish]

It certainly can and can be very granular, to the point where a spammer could be locked down in microseconds, peer to peer blocked etc etc. Legitimate users tend to have an app profile that's very consistent, making such control easy. For eavesdropping, again most corporate users would already have that covered through VPNs, they have been around since 97 ( I used to work for a company that acquired Shiva, one of the first remote access pioneers in the 90s).

If someone wanted to create havoc, it would be far easier to use a SSID of free wifi for instance and sit back with wire shark etc and enjoy the spoils, it happened recently in WA at a convention! As for leakage etc, really irrelevant, beam steering/forming and microcell management make the chances of interference minimal on a modern AP for the intended users, and there is not much you can do to stop a signal leaking out of a lounge via the windows to a station 200m away without reducing the signal strength for the intended users, which might be high in the first place to overcome jitter/RSSI if cell management is not in place.

I think the lounge has better priorities to worry about, after all the competition has the same setup for over 12 years.

For the users who leach bandwidth near the lounge, their profile will look more or less identical to those in the lounge - we're not talking about bandwidth management at an ISP level. VPNs only protect people who use them - which would be very few tablet owners etc.

My experience has been that the VA BNE lounge seems to have absurdly good coverage outside the lounge; for whatever reason, the QF BNE lounge doesn't have quite the same coverage (possibly due to lounge location). I believe the same is true of QF in CBR and SYD.

VA therefore is providing a free wifi service to the masses at BNE. Given that bandwidth is not free, it really isn't in their interest to do this.

But I agree, VA have many other things to fix before worrying about this.

 

[AsterisK]

Bandwidth is next to free these days. I suspect they would simply be using a run of the mill ADSL2 connection for the lounge connection, and given the generous download limits most Australian ISP's are handing out these days, I don't think they'd really care. Even a dedicated business ADSL2 connection would be negligible at a couple hundred bucks per month with seemingly unlimited downloads.

 

[greenfish]

Bandwidth is next to free these days. I suspect they would simply be using a run of the mill ADSL2 connection for the lounge connection, and given the generous download limits most Australian ISP's are handing out these days, I don't think they'd really care. Even a dedicated business ADSL2 connection would be negligible at a couple hundred bucks per month with seemingly unlimited downloads.

If bandwidth didn't cost anything, wifi would be free everywhere. Costs have come down, but I still maintain that it is not in VA's interest to give this service away to people outside the lounge as:
1. Reduces speeds for everyone
2. Does cost something
3. Makes people loiter in the passage outside the lounge

On the flip side, what would it matter if some form of authentication was required? Is it that big a deal? I'd happily implement an authenticated captive portal for them in exchange for some lounge passes. It really isn't rocket science.

 

[AsterisK]

If bandwidth didn't cost anything, wifi would be free everywhere. Costs have come down, but I still maintain that it is not in VA's interest to give this service away to people outside the lounge as:
1. Reduces speeds for everyone
2. Does cost something
3. Makes people loiter in the passage outside the lounge

On the flip side, what would it matter if some form of authentication was required? Is it that big a deal? I'd happily implement an authenticated captive portal for them in exchange for some lounge passes. It really isn't rocket science.

yeah as it is you have to click the accept button to get the access, I honestly don't know why they don't go a step further. although, it would be a pain if you didn't memorise your velocity #, or auto-save it.

they should just implement 802.1x with WPA2, so we have some peace of mind with encryption, I'll be happy to still click through the terms and conditions also...

 

[greenfish]

yeah as it is you have to click the accept button to get the access, I honestly don't know why they don't go a step further. although, it would be a pain if you didn't memorise your velocity #, or auto-save it.

they should just implement 802.1x with WPA2, so we have some peace of mind with encryption, I'll be happy to still click through the terms and conditions also...

Yes, agreed. It would be trivial to create two ESSIDs, one with WPA2 and one without, so people could choose which to use (for devices that don't support encryption, or for people can't be bothered typing the key in).