Turn Off the WiFi

[Aczlan]

You can do a fair amount on the firewall side. Its not perfect, but it helps.
I used to work with a bunch of libraries and throttling made it so that even libraries with a lot of kids online (playing games like Minecraft or watching videos) could still do core functionality (checking out books, placing holds, etc). Before we implemented filtering, their connection was swamped to the point where the firewall was not responding regularly to pings (ie: ping times went from 30-40ms to 300+ms and 1/3 of the pings were not responded to). We implemented filtering (no other changes) and things still got slow, but they could do their work,

Alternatively, how about a way to switch on a device whitelist for wifi or internet access?
Connect your devices, pick which ones are critical (automatically whitelist all static addresses, then have checkboxes from a list of DHCP leases). Once its turned on, only the devices on the whitelist can access the internet. That would also allow the speaker to connect and use a device on the wifi without letting everyone else swamp the internet.

Aaron Z

[russellhltn]

I don't think the church is going to roll out a management interface to customize access for every meetinghouse. That would be a management nightmare. Some buildings have barely enough bandwidth to run a conference as it is. Turning off the WiFi is the safest way.

[Aczlan]

Turning off wifi works until you run into issues (like have been discussed in this thread) where you don't have the option to use a wired network (ie: using a tablet or a laptop without an Ethernet port).
IMO, those issues will become more prevalent as time goes on.

As for a management interface being a nightmare, thats that the Technology Manager already does, it lets you enable/disable wifi, it lets you reboot firewalls, view logs, view stats, view debug info, etc.
If you view a firewall and click on the gear next to a Zone with DHCP turned on, you will see a list of DHCP reservations there.
If you go to the ISP tab, it shows the advertised bandwidth (which is needed to do throttling)
What would be needed (to do a connection whitelist) would be a page to select from those addresses, put them in an ACL Object Group and activate a ACL that only allows the devices in the Object Group to access the internet.
I would redirect all other connections to a page that says "Your internet has been disabled to preserve bandwidth for a broadcast in progress. Thanks for your understanding, your access should return after the meeting when it is turned on, or automatically at HH:MM on DD-MMM-YYYY" (the date being an auto timeout X hours after it was disabled).

Aaron Z

[harddrive]

Acxlan,

The problem isn't at the firewall it is with the service providers. Once the packet leaves our router/firewall with a QOS bit set, the routers on the Internet will ignore that bit and everything on the Internet is best effort. So for inbound traffic to the firewall from the ISP would not be prioritized because the service provider won't honor the QOS bit. The Internet is just a free service and it is first come first serve and it will always be best effort.

The other issue is that no matter how much bandwidth you put in the old saying is true, you build it they will come. People will use bandwidth like its candy. So the best thing to do is turn off WIFI and that is easy with one click on the access point tab in TM.

[russellhltn]

Turning off wifi works until you run into issues (like have been discussed in this thread) where you don't have the option to use a wired network (ie: using a tablet or a laptop without an Ethernet port).
IMO, those issues will become more prevalent as time goes on.

And we've already discussed the word arounds. If desperate, you can plug a home router into the hardwired jack and then just share the id/password with the very few that would need it.

[Aczlan]

Yes, I can (and have) used a "home AP" (although, it was running OpenWRT not the stock firmware). It would just be nice to be able to have the wifi on

On QOS, I have seen where adding QOS on a library network made a saturated network usable for staff functions (IIRC, it was a 5mbps x 384kbps network with 7 public computers and 3 staff computers).
In that case (which I suspect is the case here), the uplink was saturated (IIRC the cablemodem stats said that the downlink was at 50-60% and the uplink was at 100%).
As such, rate limiting by the firewall made a huge difference because it reduced the outgoing traffic a little and sent the high priority traffic first.

Aaron Z

[russellhltn]

In that case (which I suspect is the case here), the uplink was saturated (IIRC the cablemodem stats said that the downlink was at 50-60% and the uplink was at 100%).
As such, rate limiting by the firewall made a huge difference because it reduced the outgoing traffic a little and sent the high priority traffic first.

If the uplink is saturating, I can see how that helps. But I'm more concerned about the downlink. I think when you start streaming a video that uses up much of the downlink, that changes the dynamic.

I'd also note that your library has a down to up ratio of 13. The worst in my stake is 7. (Others are 3 and 5). Given the high ratio at your library, I can see why your uplink might saturate first. But since my buildings have a lower ratio, that may not play out the same way for me.

[harddrive]

Russellhtn is correct. When you are looking at download (receiving a webcast) then it is coming from the Internet first come first serve. Again, on the Internet there is no QOS honored. The only way you can control uplink is from your source building, but at the receiving building, all bets are off. You will be at the mercy of the Internet. That is why you turn off WIFI, so that you don't have users downloading their updated apps, or streaming a movie or anything like that.

In new buildings, there is a network drop at the podium. In older buildings, 85% of my buildings are old, so there is no network drops at the podium. So WIFI is the easiest, but I decided a while back to hard wire the clerks' offices and the bishops office just because I don't care for WIFI. It is good, but it can be too flaky and for streaming stake conference, I wanted to have a clean reliable connection.

If you want reliable webcasting, then time will need to be invested to bring old buildings up to snuff. I think we all have had to do that. I know that I have.

Terry

[russellhltn]

I think the newest building in my stake was built in the 70s. When the Internet was installed, my local FM group put in a jack for the podium (and the clerk's office) in each case. It may take a budget cycle (and right now would be a good idea for planning 2017), but I think you can get FM to install a jack.

[lajackson]

Our FM Group was willing to hardwire the pulpit and each clerk's office with barely a mention that it would be a nice thing to have.