provinciawifi ieee networks 2012

October 16th, 2012 - Rome - Networks 2012 - 15th International Telecommunications Network Strategy and Planning SymposiumProvinciaWiFi: a 1000

hotspot free, public, opensource Wi-Fi network

ProvinciaWiFi: a 1000 hotspot free, public, open

source Wi-Fi network

The history, choices and technology of a success case

Maurizio Goretti(°) ([email protected])Davide Guerri(°) ([email protected])

Francesco Loriga(#) ([email protected])

(°) CASPUR - Rome, Italy(#) Province of Rome - Rome, Italy

The history, choices and technology of a success case




mailto:[email protected]






October 16th, 2012 - Rome - Networks 2012 - 15th International Telecommunications Network Strategy and Planning Symposium

The ProvinciaWiFi projectProvinciaWiFi started in the summer of 2008 with two main goals

reduce digital divide by fostering and facilitating the use of ICTs

provide hundreds of broadband access points in the provincial territory of Rome using the WiFi technology


Some challenges we faceditalian legal framework ruling public communication networks

strong requirements about users identification and data-retention (VS privacy rights)

digital divided areas w/o broadband infrastructures

management and monitoring of hundreds of access points spread across a large territory


Some design choicesself-registration for end-users to the Wi-Fi service by a simple (free) mobile phone number verification

indirect identification: in Italy mobile operators have to acquire an ID card copy of their customers

centralized systems for users and access points management

allows the integration of existing and currently operative connectivity lines through VPNs


Some design choicescompletely open philosophy

no vendor lock-in using open source software

experiences sharing and results dissemination

we aimed to sustainable and replicable solutions

the technical solutions had to be consistent and had to be scalable... not Just a Bunch Of (open-source) Tools

therefore a new solution based on low-cost hardware and personalized software was developed


The OpenWISP projectThe Provinciawifi technical infrastructure is based on OpenWISP

today used by 15 Public Administration networks (and by some private sector companies)

OpenWISP is an open-source software suite that can be used to implement many different Wi-Fi architectures

it provides simple interfaces to many tools typically used by a Wireless ISP


The OpenWISP projectThe OpenWISP suite includes four independent applications and a middleware:

user base management - OpenWISP User Management System (OWUMS)

access point management and access point firmware - OpenWISP Manager (OWM) and OpenWISP Firmware (OWF)

access point monitoring - OpenWISP Geographic Monitoring (OWGM)

captive portal - OpenWISP Captive Portals Manager (OWCPM)

The middleware allows the integration of the OW* tools and the integration of third party applications



Open WISP User Management System

Open WISP User Management System


Open WISP User Management SystemFast and easy sign-up to the Wi-Fi service

Account management and password recovery, accesses and traffic stats history browsing

Web UI with a mobile version

Easy yet powerful users base management tool



Open WISP manager & firmware




OpenWISP Manager

centralized management of several hundred access points

template-based access point modeling

encapsulation of multiple VLANs in a single L2 VPN

OpenWISP Firmware

based on the openWRT linux distribution

supports any device supported by openWRT

permits the simple installation of devices with an easy-to-use web based UI


The OpenWISP Firmware works behind a firewall, even if NAT is used

1. At boot time every OWF access point creates a setup VPN (openVPN) with the OWM server

2. OWF access point requests and downloads its configuration inside this setup VPN

3. The new configuration is deployed. For instance another VPN is created for WiFi users traffic encapsulation

4. The setup VPN remains up, so it is possible the monitoring and the management of the access point (even if it’s behind a firewall).

5. Periodically the access point asks the OWM server if its configuration is changed and, if so, restarts form the point number 2.



Building ProvinciawifiBuilding Provinciawifi


Building Provinciawifithe NOC was hosted and managed by CASPUR, which also provided the Internet connectivity

the first set of hotspots was installed on the premises of the Province of Rome, choosing locations on the basis of their “public” vocation

access points have been connected to the LANs of the Province of Rome and, through VPNs, to the NOC

A full deployment plan was started after a few months of experimental service


Some network numbersmore than 1,000 hotspots installed

registered users are over 240,000

about 2,500 new user registrations per week

5,500 unique logins per day (on workdays)

NOC peak (Internet) traffic is 45+45Mbps (rush hours)



Further activity and work in progress

Further activity and work in progress


Free ItaliaWiFi

At the end of 2010 the Province of Rome, the Autonomous Region of Sardinia and the City of Venice started the “Free ItaliaWiFi” project whose objectives are:

spread the use of free public Wi-Fi, foster the development of new networks by Public Administrations

facilitate citizens who use the public Wi-Fi networks by creating a unique federalized authentication system

to promote some fundamental principles for public Wi-Fi networks:

free open access for all citizens, network neutrality, open standards, ...


Free ItaliaWiFias of october 2012, 34 Public Administrations have joined the “Free ItaliaWiFi” project

20 networks are fully integrated (14 are about to be interconnected)

nearly 1,800 hotspots

about 350,000 users

the IX-WiFi (Inter-eXchange Wi-Fi) was built in order to enable the mutual recognition of user credentials across different domains

this is a proxy-RADIUS infrastructure with secure, dedicated virtual or physical links between each federated entity and a central “dispatch” point


EduRoaman experiment with the GARR Consortium started at the end of 2011

evaluate and deploy the EduRoam service on OpenWISP access points along with ProvinciaWiFi

EduRoam (EDUcation ROAMing) is a secure, world- wide roaming access service

developed for the international research and education community

uses the state-of-the-art technology for network security

the experimentation has been successful

a set of hotspots now broadcast EduRoam eSSID and a deployment plan is being prepared


EduRoam - tech

In this setup two VLANs are incapsulated into a single layer 2 VPN tunnel

one for authenticated traffic, the other one for RADIUS traffic

the authentication server that is hosted by the GARR consortium uses the EduRoam proxy server hierarchy for end-user credential verification



ENDEND







http://openwisp.org--

[email protected]

http://openwisp.org--

[email protected]











provinciawifi ieee networks 2012

Technology