IETF Meeting Network Information

External Connectivity

The IETF uses the following network prefixes:

• 2001:67c:370::/48
• 2001:67c:1230::/46
• 31.133.128.0/18
• 31.130.224.0/20

The IETF NOC supplies connectivity for the conference space and the venue hotel.

Notice for IETF 125

The IETF agreed prior to booking to issue random network access credentials (RADIUS accounts) to onsite participants. Just prior to the meeting, we were told that Chinese law now requires that credentials be linked to individuals and that the IETF must also provide RADIUS accounting logs, including account name, IP address, the last 24 bits of the device MAC address, RADIUS accounting message types (start session, stop session, and interim-update), and timestamps.

After the meeting, the IETF must provide the network operators (China Mobile and China Unicom) with a list mapping participant names to the usernames of the credentials issued to them. The operators are required to retain this information for six months and then destroy it.

Each registrant may be issued up to two sets of RADIUS credentials.

If credentials are lost, replacements may be issued only after the original credentials have been deactivated.

The IETF is required to investigate situations where a single set of credentials is simultaneously used by more than five MAC addresses to ensure the credentials have not been shared or compromised.

Chinese participants are required to follow local laws that require real identity registration before using the network.

Due to regulatory requirements, we are unable to use our donated Cisco Wireless hardware. For 125, we are using wireless hardware donated by Huawei and have members from China Mobile as part of our NOC team.

WiFi (802.11 a/g/n/ac/ax/), on the SSID ietf-125, is provided throughout the Meetings Room on 5GHz, with IPv4 and IPv6.

The network is encrypted and provides layer 2 security via WPA2 Enterprise with 802.1X (PEAP or TTLS) authentication and AES encryption. Use your registration number for the username and password; each user gets unique session encryption keys. The certificate for services.meeting.ietf.org is signed by Lets Encrypt, with the following fingerprint.

SHA1 | CC 69 FF 45 E5 03 D1 38 FB 7B 34 CC 4E 21 A7 42 B9 A0 F3 7D
SHA256 | 26 FC 47 7C 62 71 E0 97 13 CD 51 25 A0 C9 EF 9B 74 39 1A F5 4F 4D 8B 19 AF E9 EE B8 8B EC 87 B6 |

Users should choose the 'ietf-125' SSID:

User: Registration Code Pass: Registration Code

A Note For Android Users

Here are the relevant settings for connecting Android devices.

• Network name: ietf-125
• Security: WPA/WPA2-Enterprise
• EAP Method: TTLS
• Phase 2 authentication: MSCHAPv2
• CA Certificate: Do not verify or Trust on first use
• Identity: your confirmation number
• Password: your confirmation number

We have found that on some devices, entering your confirmation number in the Anonymous identity field can resolve connection issues.

Meeting Room Wireless

WiFi (802.11 a/g/n/ac/ax) depending on the SSID is provided throughout the Meetings Room on 5GHz bands, with IPv4 and IPv6.

The IETF meeting WiFi is WPA2 Enterprise with 802.1X (PEAP or TTLS) authentication and AES encryption.

For IETF 125, the available SSIDs are:

ietf-125 and ietf-hotel-125

Onsite participants should use their IETF 125 registration number found on their meeting name badges for Username and Password.

Please visit the IETF Registration desk or the IETF Network Help Desk located in the meeting registration area for assistance.

The WiFi network implements two BCP38-like filters:

• Packets from manually configured IPv4 addresses that are not assigned by DHCP are dropped. DHCP packets are snooped by our wireless LAN controllers to perform this filtering.
• Packets from IPv4 and IPv6 addresses that cannot be resolved via ARP/ND are filtered out. Proxy ARP/ND is performed by our wireless LAN controllers for this filtering.

Shared Workspace Wired

When using the Ethernet connections in the Shared Workspace, IPv4 addresses are provided by DHCP. Please use Stateless Auto-configuration for IPv6 (SLAAC). A DHCPv6 server or RDNSS will provide network information.

Help Desk

If you are onsite and need direct network assistance (i.e., you have no network), please go to the Help Desk. NOC support is provided next to the IETF Registration Desk and will be staffed during hours onsite IETF registration is open.

To communicate with the NOC staff, send an email to support@ietf.org with as much detail regarding your issue and configuration as possible.

Please provide the following information:

• MAC Address
• Current Location
• Device type and operating system
• Description of the issue

This information will expedite ticket processing.

Services

The following network services are provided on the IETF meeting network:

Geolocation

The IETF NOC publishes a geolocation feed for the IETF meeting network.

Geolocation service for event networks is often incorrect. Suggestions and assistance are welcomed.

Experiments

Experiments on the IETF network need to be approved by the IETF Chair. For IETF 125, no network experiments were requested.

Thanks

The IETF network is made possible by our dedicated volunteer team, some of whom have the support of their employers. If you see any of these amazing volunteers in the halls, please be sure to thank them for their hard work and commitment!

Volunteers:

• Clemens Schrimpe
• Cong Xiao (China Mobile)
• Hongxian Zhang (China Mobile)
• Wanqing Wang (Huawei)
• Yongdong(Michael) Zhou 周永东 (Huawei)

Staff:

• Con Reilly
• Daniel Branik
• Joe Clarke
• Nick Kukich
• Sean Croghan