Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

LTT LAN Party from WAN Show -- Questions

Go to solution Solved by Chase Douglas,

I don't remember the whole WAN show clip, but we don't have plans to go through with doing separate VLANs within the LAN itself.

@LinusTech watching last weeks WAN show the discussion about the LAN gaming area in the LTT Lab building.  Lots of interesting thoughts there but as a network engineer, my brain started thinking about the networking aspects of what you are proposing.  Not just a (singular) LAN gaming event, but possibly multiple LAN gaming groups, playing different games.  What are the networking implications of doing this.  Has this been considered??

For example, would you simply deploy a single large flat network...  ie single vlan with a /20???  All gamers are L2 adjacent, rock and roll??? 

Or is there a benefit (beyond security) to segmenting this environment.  So lets say the Unreal Tournament folks are on vlan 10, PubG folks VLAN 20, CS-GO VLAn 30 etc etc etc.  What about segmenting based on group.  Kinda like renting a bowling lane.  You and your group show up, you get a Private VLAN, unique IP space...  You could deploy using Ansible and using dynamic routing could do automated turn up and turn down of these segments.  Could even go as far as Wifi so when a user logs on to wifi you could use something like 802.X to steer clients to vlan or MAC registration to land user to VLAN (not unique SSID that would be bad)

 

The main question here is would there be a benefit to this... Beyond security....  

Examples:  Private VLAN constrians broadcast traffic used for server and cient discovery.  Thus making group selection in game easier and less cluttered.

Performance gains?  Less network, traffic being processed by your machine the more it can concentrate on FPS.  Less traffic here because each client would see less broadcast traffic etc born of the number of clients in the segment. Things like SMB traffic from windows clients.  Less heard th3 better.

 

What say you. 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

32 minutes ago, eece_ret said:

So lets say the Unreal Tournament folks are on vlan 10

damn, is it 2007 again?

the last unreal tournament game was in 2014, and it was never finished, iirc the last before that was UT Black in 2007 (correct me on this if im wrong)

I could use some help with this!

please, pm me if you would like to contribute to my gpu bios database (includes overclocking bios, stock bios, and upgrades to gpus via modding)

Bios database

My beautiful, but not that powerful, main PC:

prior build:

Spoiler

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Implementing a VLAN per game group is going to be hell. You either need to try and instruct people how to tag their traffic or have someone change the switch ports over when someone is done with group A and wants to play with group B -or- you have a port per person per VLAN which gets crazy difficult to deal with all the same.

 

Segmentation like this makes no sense, heck there are LANs with thousands of people that don't really do this aside some basic stuff (VIPs get a better priority switch etc) at things like DreamHack. If your computer gets overwhelmed with some broadcast traffic with 100 people or so you've got other problems than FPS to deal with.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

This seems like an overly complicated solution to something that is barely an issue.

I haven't watched the video where he talks about it, but judging by your description it sounds like it is just to allow some employees to play some games. These people are already on the same network all day so security wise it does not really matter, especially not if you are suggesting giving them a way to jump between networks anyway. Any malware will already be spreading like wildfire in their office at other points in time.

 

Performance wise, I would agree with you if we were talking about thousands of clients all sending a bunch of broadcast traffic all over the place, but here we are talking about a small number of people. It won't be an issue.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, LAwLz said:

This seems like an overly complicated solution to something that is barely an issue.

I haven't watched the video where he talks about it, but judging by your description it sounds like it is just to allow some employees to play some games. These people are already on the same network all day so security wise it does not really matter, especially not if you are suggesting giving them a way to jump between networks anyway. Any malware will already be spreading like wildfire in their office at other points in time.

 

Performance wise, I would agree with you if we were talking about thousands of clients all sending a bunch of broadcast traffic all over the place, but here we are talking about a small number of people. It won't be an issue.

I believe he's referring to the pop-up shop idea that's been discussed on the WAN show they plan to have in the next month or two which will also be a scaled down LAN party (100ish people I think was the max)

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

I don't remember the whole WAN show clip, but we don't have plans to go through with doing separate VLANs within the LAN itself.

Link to comment
Share on other sites

Link to post
Share on other sites

Security is a big concern when you host some event with many people, device count does not matter, it's the people count that matters.

A single huge L2 pool is a single point of failure with hundreds of users, each of them has the ability to cause a failure, due to malice or incompetence. 

Link to comment
Share on other sites

Link to post
Share on other sites

20 minutes ago, TomChaai said:

Security is a big concern when you host some event with many people, device count does not matter, it's the people count that matters.

A single huge L2 pool is a single point of failure with hundreds of users, each of them has the ability to cause a failure, due to malice or incompetence. 

Not really, it'd be fairly easy to set up sections of the LAN on independent switches, and then isolate a specific switch if someone on it causes an issue.

 

And for a 100 person LAN?  Gigabit is more then enough to run it, with room to spare.  

Link to comment
Share on other sites

Link to post
Share on other sites

13 minutes ago, tkitch said:

Not really, it'd be fairly easy to set up sections of the LAN on independent switches, and then isolate a specific switch if someone on it causes an issue.

 

And for a 100 person LAN?  Gigabit is more then enough to run it, with room to spare.  

In our organization we usually use /24, /22 at most.

/20 is unusually large for one L2 LAN, not to mention this is not a workplace with managed devices, but a LAN party where all walks of life with whatever hardware and software could join.

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, TomChaai said:

In our organization we usually use /24, /22 at most.

/20 is unusually large for one L2 LAN, not to mention this is not a workplace with managed devices, but a LAN party where all walks of life with whatever hardware and software could join.

Wha?  a 100 person lan would likely be on a /24 without any issue?  

 

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, tkitch said:

Wha?  a 100 person lan would likely be on a /24 without any issue?  

 

From device count perspective it is fine, you can use it this way as long as you trust all users on it or you have some control on the access switch to limit attacks that may crash the network or spread malware.

As I said this is probably easier in a company where all devices are managed and people can be disciplined, which is usually not the case for a LAN party.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, TomChaai said:

From device count perspective it is fine, you can use it this way as long as you trust all users on it or you have some control on the access switch to limit attacks that may crash the network or spread malware.

As I said this is probably easier in a company where all devices are managed and people can be disciplined, which is usually not the case for a LAN party.

For a public LAN like this?  They'd probably plug a switch, separate router, or use the DMZ and bypass the internal network entirely.

 

That's what I'd do if I was running a LAN at a business.  

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, tkitch said:

For a public LAN like this?  They'd probably plug a switch, separate router, or use the DMZ and bypass the internal network entirely.

 

That's what I'd do if I was running a LAN at a business.  

That's what I'm saying. Devices work exactly as they are designed, it's the people giving you all the headaches.

Link to comment
Share on other sites

Link to post
Share on other sites

Why bother? 

>>>>>>Thats pretty much what Im asking about.  Put your thinking hat on... Groups of people playing different games and or same games in competition with other groups, local and remote, seems like a recipe for trickery 

 

So instead of naysaying,  think how managed network practices could be used for a next level LAN hosting site.

 

>>>> Anti-Cheat through segmentation.  Players "attacking/hacking/DOS/whatever" other players... Cant really control when L2 adjacent.  Place in separate L2/L3 segments... Now you have an enforcement point....  So they could DOS their group mates but not other groups....

 

>>>> Local Hosting, and or hosting local hosting:  Segmentation would allow for the group to bring and use their own private game server. OR, all for the site to spin up a VM for the group to be that local private game server... for a small fee of course.....(lttstore.com -- Game Hosting credits... You could even make them NFT's -- ! --, Yeah bro NFT's  😉 ) 

 

>>>> Protecting your Wifi CLients:  802.1X WPA Enterprise would also allow staff to quickly correlate traffic to a specific user/device in case of malfucntion or other mal-traffic. Protect end users WiFi traffic in a public setting.  802.1X provides a greater level of security to end users WiFi traffic as packet caputers/wifi-sniffing wifi an 802.1X WPA Enterprise secured network does not work the same as a WPA protected network. In other words, an 802.1X WPA Enterprise network is better than WPA PSK, in the many of the same ways a WPA PSK secured network is better than an Open/UnSecured Wifi network., 

 

>>> Basically, a well tended 802.1X authentication system would be a great tool here.  Also its been supported in Linux, Mac and Windows since early 2000's.  At worst in windows, for wired connections you have to enable the wired supplicant service (its a check box in services). 

 

 

>>>>Legal stuff:  By having users create a local account with the hosting site at time of first participation, it gives the host site the ability to have clients agree to and accept the sites terms of services etc etc etc..  Anyone who has ever gone to a go-kart track knows the drill, sign your consent waivers, dont be stupid and we reserve the right to boot you for any reason etc etc etc.  Collect email and phone

 

>>>> One Time Onboarding :  Once a client has been onboarded they can show up, with their Wired and Wireless devices and logon to the network using. 802.1x simply and easily. 

No captive portal required, although, wouls still be a decent idea.  Kind of a "click here" to confirm you are who you say you are style CP.

 What could be very interesting would be to display any and all information to teh user via captive portal at time of confirmation.  USERID: X MAC:Y IP:Z right above the "Yes is me" button.  a CP coudl also allow a user to choose what Group they are part allowing for dynamic dynamic vlans.

Either way, once authenticated The infrastructure would dynamically plop the user on teh correct VLAN based on Radius Reply Attributes. This would take a bit more dev time to stand up teh whole first time user onboarding stuff as well as deploy radius, configure radius, and then integrate Radius and your  infrastructure to properly reply with the proper VLAN ID in teh reply attributes. 

 

 

Too Hard???

>>>> Sounds like a lot but its actually pretty darn straight forward, Linux host with HTTPD/PHP/MYSQL/FREERADIUS...  A healthy bit of Dev time to create front end, database, ansible playbook creation, execution etc.  Infrastructure guy to work with Dev to work on the Ansible executions  Radius integration with Switching and Wifi. 

 

From the L3 perspective,   With dynamic routing protocols and Ansible you could light up L2 and route L3 segments in a very deterministic fashion.  Using a bit of Dev time you could wrap up the Ansible side of the equation with a simple Form based Web front end that then dispatches teh Ansible playbook to be run out of your mgmt stack. You would need some simple DB style VLAN/PREFIX inventorying to preclude collisions, then a text generator to create playbooks which you woudl then have your app layer deploy.  Now you have VLAN TAG, L3 (CIDR/GW) where you need it.  ie GW interface is up, VLAN is on your switching...  Northbound links are advertising the new prefix to your firewall, which has policies accounting for the aggregate IP block from which you are subnetting,  now you just need clients to Auth to your Segment... (or more ansible....)

Create a garbage collection ansible job that runs when the shop is closed to clobber any straggling L2/L3 stuff remaining.

As far as clients having to tag their interfaces.  No no, that would be nightmare status, but you have a valid point... Clients would have to be constrained to a set of wall jacks which have been configured (Ansible) with their VLAN in an untagged state.  This could be difficult if you want clients to be transient within the site .

Only outstanding issue I see is DHCP.  You could always cheat that a bit and preprogram DHCP segments on a cetralized DHCP server and ensure your prefix allocations align.  IN that way when you create your GW interface you would simply assing IP helper to that interface (SVI/IRB potatoe poetato.) poinitng to that DHCP....  Or.. .More Dev time on ansible to dynamically create DHCP scopes at yoru centralized server.  Again.. not too bad. 

Just time effort and vision.

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

The biggest hurdle is actually getting everyone out to the world because most modern games need to call home or be hosted remotely and everyone's going to need to load up big steam downloads and a caching server only does so much 

Intel 4670K /w TT water 2.0 performer, GTX 1070FE, Gigabyte Z87X-DH3, Corsair HX750, 16GB Mushkin 1333mhz, Fractal R4 Windowed, Varmilo mint TKL, Logitech m310, HP Pavilion 23bw, Logitech 2.1 Speakers

Link to comment
Share on other sites

Link to post
Share on other sites

On 7/3/2022 at 12:50 PM, eece_ret said:

@LinusTech watching last weeks WAN show the discussion about the LAN gaming area in the LTT Lab building.  Lots of interesting thoughts there but as a network engineer, my brain started thinking about the networking aspects of what you are proposing.  Not just a (singular) LAN gaming event, but possibly multiple LAN gaming groups, playing different games.  What are the networking implications of doing this.  Has this been considered??

For example, would you simply deploy a single large flat network...  ie single vlan with a /20???  All gamers are L2 adjacent, rock and roll??? 

Or is there a benefit (beyond security) to segmenting this environment.  So lets say the Unreal Tournament folks are on vlan 10, PubG folks VLAN 20, CS-GO VLAn 30 etc etc etc.  What about segmenting based on group.  Kinda like renting a bowling lane.  You and your group show up, you get a Private VLAN, unique IP space...  You could deploy using Ansible and using dynamic routing could do automated turn up and turn down of these segments.  Could even go as far as Wifi so when a user logs on to wifi you could use something like 802.X to steer clients to vlan or MAC registration to land user to VLAN (not unique SSID that would be bad)

 

The main question here is would there be a benefit to this... Beyond security....  

Examples:  Private VLAN constrians broadcast traffic used for server and cient discovery.  Thus making group selection in game easier and less cluttered.

Performance gains?  Less network, traffic being processed by your machine the more it can concentrate on FPS.  Less traffic here because each client would see less broadcast traffic etc born of the number of clients in the segment. Things like SMB traffic from windows clients.  Less heard th3 better.

 

What say you. 

 

 

 

 

Multiplayer games don't normally use that much bandwidth. You could probably get away with 20 people playing games on your home network just fine.

Link to comment
Share on other sites

Link to post
Share on other sites

50 minutes ago, danomicar said:

Multiplayer games don't normally use that much bandwidth. You could probably get away with 20 people playing games on your home network just fine.

20?  

Most home routers are gigabit.  That could easily hold 100 players (assuming the router can actually handle the clients.  Not all will.)

 

Link to comment
Share on other sites

Link to post
Share on other sites

17 hours ago, tkitch said:

20?  

Most home routers are gigabit.  That could easily hold 100 players (assuming the router can actually handle the clients.  Not all will.)

 

I would be curious if you would be more limited by the processing power of the router rather than the bandwidth. Could a regular comcast router handle 100 clients activity sending/receiving at once? Would the sheer number of active connections cause it to crap out?

 

This is all assuming that the 100 clients connected are only using the connection to play a game and not to stream any files. 

Link to comment
Share on other sites

Link to post
Share on other sites

Seems like much of the perspective here is all users one LAN.  Strikes me as a very "home based" LAN party mentality. If LTT (or any business) was thinking of creating and charging for a LAN space for people/groups to come to and play at, I would think feature added benefits like the ability to segment the network, support for private local game servers (BYO, or resell VM time?) could be next level features whose potential would be interesting to explore.

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, eece_ret said:

Seems like much of the perspective here is all users one LAN.  Strikes me as a very "home based" LAN party mentality. If LTT (or any business) was thinking of creating and charging for a LAN space for people/groups to come to and play at, I would think feature added benefits like the ability to segment the network, support for private local game servers (BYO, or resell VM time?) could be next level features whose potential would be interesting to explore.

Again, I don't know what has been said because I don't want LTT videos anymore, but it sounds like a very complicated setup for little to no benefit.

And by "complicated" I don't mean "I don't know how to configure it" (although I doubt anyone at LMG would be able to configure it based on their previous videos regarding networking). I mean, why complicate things by involving multiple servers that dynamically change config when it offers little to no benefit?

 

It wouldn't increase security because if you allow the user itself to change which network their computer is on then any potential malware will be able to spread to other segments anyway. The main point of segmenting a network, when talking about security, is to fence off users from one another. If you put massive gates in the fences and allows users to just walk right through whenever they want then you defeat the purpose.

 

Performance? We are talking about a low amount of devices here, probably on gigabit networking. Some gaming will not saturate these links, especially not if we are just talking about broadcast traffic. 

 

Not really sure why dynamic routing would be needed. Chances are all L3 networks would be located in the same router, so routing protocols would be completely unnecessary as everything would be "directly connected".

 

 

On 7/6/2022 at 9:49 PM, eece_ret said:

>>>> Anti-Cheat through segmentation.  Players "attacking/hacking/DOS/whatever" other players... Cant really control when L2 adjacent.  Place in separate L2/L3 segments... Now you have an enforcement point....  So they could DOS their group mates but not other groups....

I am not sure what you mean. How exactly are you suggesting this enforcement is made and why do you think it couldn't be done on switch port level? Because it absolutely can, if that is even something that is desirable (which I highly question to begin with in this scenario).

 

On 7/6/2022 at 9:49 PM, eece_ret said:

>>>> Local Hosting, and or hosting local hosting:  Segmentation would allow for the group to bring and use their own private game server. OR, all for the site to spin up a VM for the group to be that local private game server... for a small fee of course.....(lttstore.com -- Game Hosting credits... You could even make them NFT's -- ! --, Yeah bro NFT's  😉 ) 

Again, has this even been something they have mentioned wanting to do?

Judging by other peoples' comments it sounds like it was some throw-away idea they thought would be fun and easy to do. Not turn it into a major part of their business, where they try to sell subscriptions to people for server hosting.

 

 

On 7/6/2022 at 9:49 PM, eece_ret said:

>>>> Protecting your Wifi CLients:  802.1X WPA Enterprise would also allow staff to quickly correlate traffic to a specific user/device in case of malfucntion or other mal-traffic. Protect end users WiFi traffic in a public setting.  802.1X provides a greater level of security to end users WiFi traffic as packet caputers/wifi-sniffing wifi an 802.1X WPA Enterprise secured network does not work the same as a WPA protected network. In other words, an 802.1X WPA Enterprise network is better than WPA PSK, in the many of the same ways a WPA PSK secured network is better than an Open/UnSecured Wifi network., 

What? Packet capture works EXACLTY the same regardless of which authentication method you uses, WPA PSK or Enterprise.

But this even assumes LMG has someone who not only has the expertise to look through packet captures (again, I doubt this is the case based on previous networking related videos), but it also assumes that they have someone who has time to do so, which I also doubt.

Have they even said they were going to offer Wi-Fi to LAN-party guests?

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×