This week’s blog comes to us from our very own Paul-Emile Bellaloum, Global Project Delivery Manager.
I’ve been playing tennis for many years now and as I am club president in my home town, I am invited every year to the first day of the famous Roland Garros French Tournament (otherwise known as the French Open). They call it “Presidents Day”. It’s a great place to meet with other people who are devoting their time off to their sporting passion. However, since most of us still have “real” jobs, access to fast, secure and free internet connectivity during the tournament is essential, as we are using the available network from the facility. And not only for business, but in fact for all visitors. Nowadays, this internet connectivity is mandatory. When it comes to bringing Wi-Fi to a large-scale audience, the biggest challenges faced by authorities is the ability to handle peak loads while securing the access to the Internet.
I can tell you that I have seen progress in the way the Roland Garros organizers, the Fédération Française de Tennis (FFT), have handled the Wi-Fi connectivity challenges. These same issues also apply to any stadium/venue organizing sports, music or entertainment events that need to bring Wi-Fi services to the whole audience (sometimes more than 80,000 people). This needs to be easy, always available and fast.
Handling peak loads while securing access is main challenge for large audience events
There can be more than 30,000 users connecting to the network any given day during Roland Garros French Tournament. For offering good customer experience, the network needs to be able to manage those peak loads throughout the day and maintain impeccable data speed.
The Internet service provided to mobile and Wi-Fi clients during such events often has difficulties to handle mass volume of users connecting only for a few minutes or for a few hours. Moreover, organizers have no control of Wi-Fi network access, as user authentication is missing, and they cannot identify devices connecting to the network. They suffer not only from high DNS requests volumes (number of simultaneous requests during peak traffic), but also from the lack of caching or protocol-specific functions. Inability to cache huge numbers of DNS requests often causes Wi-Fi access to become very slow. Lastly, organizers of such brief events are most of the time unable to identify malicious users, who are taking the opportunity of large-scale audience and traffic to try to either steal data or simply break the service. The organizers need to find a way to better identify and isolate infected clients and protect legitimate clients while still ensuring full-speed Internet reachability during peak loads.
DHCP Lease Management capability with enhanced DNS security is the solution
The only way to handle such a challenge is to implement a unified DDI solution, especially capable of providing DHCP leases to the large number of consumers connecting and disconnecting over a very short span of time. At many venues, when the gates open you may have 10,000 people connecting in the first 20 minutes. Performance of DHCP lease management is key in such an environment, providing better connectivity for users and improving traffic response. Also, by using a captive portal to identify connecting users and their devices (type, vendor, OS), organizers are able to better control Wi-Fi access by enabling enforcement of device-specific policies.
Lastly, securing DHCP access with an additional DNS security solution to protect from DDoS attacks and DNS tunneling, for instance, must be a fundamental part of the global solution. When we are surfing on the Internet during such events like concerts, we obviously do not want to have our personal data being stolen. Therefore, public and private DNS need to be protected from both external and internal threats.
Protection, continuity of service and enhanced user experience
The IT departments of venues such as Roland Garros and Stade de France are amongst many who have already been convinced of the importance to analyze traffic and adapt protection mechanisms to mitigate the risk of false positives, while ensuring DNS service integrity and continuity to legitimate clients.
By auditing traffic, deploying solutions capable of absorbing large volumes of traffic and implementing threat detection solutions, they were able to cope with huge DNS loads (absorbing peak loads with high capacity cache service) to reinforce the availability of DNS service and secure mobile clients with relevant protection. Adaptive countermeasures like rescue and quarantine modes have also helped give visitors a smooth, pleasurable internet experience.
Spectators can then enjoy tennis and instantly share pictures and sentiments on social networks thanks to the powerful, secure and high-speed Wi-Fi access provided. And for me, I can live my passion while still being securely connected in case of any urgent customer matter.
Download the FFT use case for more informationRolland Garros Case Study