Maybe it’s a trivial question, but not for me :?
How do you design your wireless network in order to provide good internet connectivity?
I mean: imagine that you have to cover large rural areas (that is: 1 AP for every area and no more than 20-60 SM for each).
Do you connect all APs on layer 2 by using backhauls, configure all SM with a unique edge router as default gateway and that’s it?
Or maybe you prefere to separate the network segment by mean of layer 3 routers in between? Is it a correct approach to reduce broadcast and permit a more robust scalability of the network?
Does it depend on the number of AP involved? If so, could you give me some reference numbers?
Also, are you generally using NAT+DHCP on customer side or you prefere to use PPPoE without natting? In this case you sell a PPPoE router to the customer or let them can choose any other way (e.g. software PPPoE client)?
Thank you
Massimo
I can offer you this, we use one router at the central location and all sites run back to it.
The less you require of your customer, the better off you and who ever does your support will be. If your wanting to run pppoe, I would put all that information in the SM and do NAT with DHCP to the customers equipment.
As for your deployment, more details are needed, like distances and such.
How large of an area are you trying to cover and can you hit all your potential customers with 1 AP at an outside location of the service area? I think 60 degrees is all you have to work with. Unless your planning on doing some sort of omni setup with your canopy?
Hope this helps some.
The larger you get the more and more likely you will want to be routing and VLANing your locations. Many people have found out the hard way (ourselves included) just how bad a large broadcast (layer 2) network can be. One user can cause a broadcast storm that can take down your entire network. If you break up your network into smaller segments, you can dramatically mitigate the effects of this.
I guess the bottom line is if you plan on expanding and covering a large area with a lot of users, you’d be much better off getting the infrastructure set up properly while you are small, because the larger it is the more complex the switchover will become and the more downtime you will likely have during the upgrade.
To give you an idea - we’re a pretty small WISP, servicing around 250 customers. We started noticing problems with the flat network design around 150-180 users. One user was infected with a worm and the flood of traffic effected the whole network. Once we were able to shut the user off (turned off the ethernet port), in a matter of minutes the network returned to normal operation. We have about 7 Canopy APs in our network and 3 generic 2.4GHz APs we are slowly switching to Canopy.
As already mentioned, do yourself a favor and keep your customers out of your wireless broadcast domain by employing NAT in the radios or in a router for each client. We run about 300 or so currently, and have employed NAT from the beginning (part of what drew us to Moto’s Canopy), and we are running smoothly. (Except, of course for the single AP with an omni that is up to 101 clients. We’re upgrading to 4 90deg sectors this weekend to handle the load. :shock: )
We have not (yet) employed VLANs, and don’t see an immediate call for them, but I’m sure that depends on the way you deploy. We run in three (okay five after we hit 250 clients!) private class C networks: One for infrastructure radios (backhauls and APs), one for management on the client radios, and one for the client traffic. Works great for us.
Thank you for your suggestions.
We have now about 80 customers on a flat network spread over 4 AP.
Since we are growing up (started as WISP just 6 month ago), I am thinking about the best way to set up properly the infrastructure.
I can imagine to achieve say 10 AP and 300 SM as a target for my local area.
Do you think that assigning a public IP directly to every SM and enabling NAT+DHCP on the Canopy could be a good starting point?
Will be Voip working this way? (behind NAT on customer side)
Could I simply use a private class for SM management without using VLANs?
Do you think that public ip for every customer has more advantages than having a unique NAT masquerading on the central router? (in this way I don’t waste IP but will have NAT issues)
Ciao
Massimo
A public IP for every customer would get expensive after a while although it is how the major DSL companies do business. They set up a pppoe (or oA but whatever…) connection and then the modem draws a public IP from a DHCP pool. This is easier for management of users and it makes it easier for you track any problems with customers. I suspect it will make CALEA compliance much easier too.
The majority of people though just NAT their customers and then give them public IP’s on request. We run it this way, and have no issues with any major USA VoIP providers. Any VoIP provider that has issues with NAT is crap in my book anyway, because the VoIP adapter should be able to deal with NAT on its own… Even voip adapters operating through double NAT work fine.
amd phreak wrote: They set up a pppoe (or oA but whatever..) connection and then the modem draws a public IP from a DHCP pool. This is easier for management of users and it makes it easier for you track any problems with customers.
amd, I would prefere not using PPPoE right now because this way I can avoid any software on customer side. You can image that PPPoE client is something that could be complicated to setup for some customers.
I think could be the best choice when Motorola will add PPPoE client on SM.
Anyway, I will consider using PPPoE in the future also for bandwidth control, billing, and so on.
amd phreak wrote: The majority of people though just NAT their customers and then give them public IP's on request. We run it this way, and have no issues with any major USA VoIP providers. Any VoIP provider that has issues with NAT is crap in my book anyway, because the VoIP adapter should be able to deal with NAT on its own...... Even voip adapters operating through double NAT work fine.
You are right. A good compromise could be having customers requesting for public IP and all the others natted over a unique IP.
Two questions:
1) Can I mix public IP and private IP on same layer 2 segment? Would be better to setup 2 VLAN (public and private class)?
2) The natted customers will be double-natted (on my router and on the SM). This is knwown to be a problem for many applications. How do you solve this issue?
Thanks
Massimo
#1 – no problem at all. We have private class C networks for radio management, and private class C networks for client traffic, which then gets 1:1 NATted to routable IPs.
#2 is exactly how we run our network, and except for the NAT in the radios not handling VPNs, we seem to have no issue at all. In the case of VPN use, we still set up a router at the client site and they are still double NATted with no complaints.
We have over 300 radios in the field, and all clients are separated by NAT from our radio cloud. Keeps problems at the client site from becoming problems for our service.
Bottom line: Much less exposure to the big, bad Internet for the clients (selling point over Cable/DSL), with no apparent downside from a functional standpoint.
Just looked above and realized that I’m essentially repeating myself. Sorry!
Yep, exactly what CVS said.
VPN is really the only issue with NAT on the radio. Put on a public IP on the custmoers router and bridge the radio and you are golden.
PPPoE can be done on customers routers too.
As a thought, you could also do PPPoE on your network…
Run it like the T-1 providers do… Sell/rent the customer a router that can do pppoe authentication on it (similar to the T-1 provider selling/renting/owning the T-1 termination equipment in your building. If it breaks, its on their dime). Most consumer grade routers do, and any business class router for sure will handle PPPoE authentication. Program the user/password into the router and it’ll take it from there.
I have a Cisco 678 ADSL CPE at home, and on the Qwest ADSL network I can either run PPPoA or PPPoE on my network. The 678 CPE when put into bridge mode (just like our Canopy radios) then passes everything inside. My Netgear FVS318 firewall/router can be configured with my PPP user/password to do the PPPoE authentication. This eliminates the double nat that is found when running the CPE in PPPoA mode (think of it as the Canopy radio running with NAT on it).
I have never done PPPoE on our network, but the concept is identical to doing it over ADSL circuits… the difference is the transport has changed (ADSL vs Canopy Wireless). I don’t forsee any issues, but someone may have more experience on this subject and please feel free to comment/correct me.
There are a lot of parallels that can be drawn between our (and I say our as in everyone here) networks and ADSL providers (or cable for that matter) as you can see. What we do is not “black magic” networking. It’s very common. The differences are that we are usually a lot smaller than the telcos/cable providers and we deliver service via RF over the air instead of RF down a coaxial cable or modulating signals through a pair of wires.
FWIW PPPoE support is supposed to be coming on V9
Actually, my issues with double NAT are mainly related to P2P (but this, in a way, could become an advantage for me), VPN, gaming online and Voip.
Thanks again cvs, amd and jerry for the suggestions.
Jerry Richardson wrote: FWIW PPPoE support is supposed to be coming on V9
Sweet!
Its probably worth it to mention from what I have been told by those that use PPPoE, is that you loose some control over the network in that you cannot properly QoS the traffic should you want to. This is due to the encapsulation of the frames in the PPP format. QoS is unable to inspect the frame, thus properly control the network.