Page MenuHomePhabricator

Temporarily lift IP cap on 2018-03-24
Closed, ResolvedPublic

Description

Please lift the account creation IP cap for our event, Women on Wikipedia edit-a-thon
Date: Wednesday, March 24, 2018
Time: 11:00 am-4:00 pm EST

IP range: 129.21.0.0/16

Last year we had about 50 attendees, hoping for more this year.
Wiki requested: Wikipedia
Link to event page: Wikipedia:Meetup/Rochester,_NY/RIT/Women_on_Wikipedia_2018

Event Timeline

I will provide patch for this.

Change 420807 had a related patch set uploaded (by Zoranzoki21; owner: Zoranzoki21):
[operations/mediawiki-config@master] Add new throttle rule and add task for one in comment

https://gerrit.wikimedia.org/r/420807

This will be deployed between 00:00-01:00 UTC+1

Is a patch actually needed?

If it's a /16, that's like 65K IPs...

Does Rochester Institute of Technology run NAT? Or does every device get a different IP? Or are a lot of people using the same computers?

Guest WiFi users are nat'ed behind multiple IPs.

Computers owned by RIT, and patron owned computers that get on the WiFi with RIT accounts, do get their own addresses but the IP addresses used by those computers will be in 2-3 different wired subnets for the library, or several huge supernets that run the campus WiFi.

We do plan on multiple people using the same few RIT owned laptops/desktops throughout the day, so we want the restriction lifted for those and the guest wifi, but getting all of those would be a list of 10-15 non-consecutive subnets.

If you need more specific address ranges we can work with the central networking team to get that list ASAP.

Aklapper renamed this task from Temporarily lift IP cap to Temporarily lift IP cap on 2018-03-24.Mar 21 2018, 6:52 AM

So, rough maths here... 65000 IPs x 50 higher rate limit x 750 wikis... = potentially 2,437,500,000 accounts per 24 hours ...

Granted, I'm making a (rather) exaggerated point here...

If we can get some more limited ranges with ease, that'd be appreciated. If not, I'd suggest we don't need 50 on each of those IPs - That's certainly much larger than the scope of the event your're expecting

Also, if necessary, you can create an account on another wiki, and then just login to the enwiki with the same details if you happen to reach some of the limits

Also, if necessary, you can create an account on another wiki, and then just login to the enwiki with the same details if you happen to reach some of the limits

Theoretically. Each account is created at loginwiki and I believe that limits is counted for loginwiki as well. So creating at another SUL wiki doesn't work anymore (reported by cswiki users, explanation is mine). Cheers, Martin

Unfortunately the way RIT’s wireless is set up means that 21 different subnets are possible for our registered wifi users to be coming from.

We are going to restructure our process for users without accounts to use desktops instead of using our laptops, so the ranges below will cover our NAT'd wifi and our desktop computers in the library.

Guest wifi is NAT’d from this subnet
129.21.255.128 255.255.255.192

Additionally our desktop computers in the library are in these subnets
129.21.176.0 255.255.255.0
129.21.179.0 255.255.255.0
129.21.180.0 255.255.255.0

Does this solution seem reasonable? Thanks for your help with this!!

Yeah, that seems a lot more reasonable to me :)

So, that means:

129.21.255.128/26
129.21.176.0/24
129.21.179.0/24
129.21.180.0/24

And then keep the 50 per range?

Yeah, that seems a lot more reasonable to me :)

So, that means:

129.21.255.128/26
129.21.176.0/24
129.21.179.0/24
129.21.180.0/24

And then keep the 50 per range?

@Reedy Thank you Reedy.. I put value 100 to they no have problems.

You realise that’s multiple hundreds?

You realise that’s multiple hundreds?

Yes, I am. They need more? OK. I will put bigger value per each range.

No. I’m saying with multiple ranges... with multiple ips they don’t need more

You realise that’s multiple hundreds?

If you can tell your computer which range it should use (and also I beleive it's per IP, not per range, so theoretically 3*/24=256 IPs*3=768; 768+/26=768+64=832 IPs => 832*50=41600 accounts per 24 hours). A few of thousands even in your "lower" 50 value. BTW did we ever have abuser using throttle exception? Cheers, Martin

No. I’m saying with multiple ranges... with multiple ips they don’t need more

I will put value 50 per each range. Is it ok?

Change 420807 merged by jenkins-bot:
[operations/mediawiki-config@master] Add new throttle rule and add task for one in comment

https://gerrit.wikimedia.org/r/420807