Networking 102

I was thinking of using a different non routable subnet address for each of our three cluster managment modules. Then I could assign the SM’s on each cluster by that subnet. Is this a resonable approach? Is there a better addressing scheme?

How are you guys addressing your equipment.

:?: :?:

We’ve decided to create our entire network as a private network, since we are using another ISP’s pipe. So, behind our router and switch, we would create a private network within that ISP’s assigned static IP. We have given this a lot of thought, and have come to conclusion that this is the best way to go, rather than using public, static IPs for every Canopy radio out there.

Assigning a different subnet should be the way you should go. If you make each cluster a subnet of the CMM, that would also make sense and would keep your network neat and organized, in my opinion.

After doing this a few months now, we have come to believe that addressing in Canopy is the most important aspect in designing a secure, reliable, and efficient network. Unfortunately, it is also the least understood and the hardest to find references for within the Canopy community (ever try to find an actual example of a fully-addressed and visual representation of a Canopy network in the Canopy manual? Hint: there ISN’T one)

Understaning addressing in Canopy is 80% of the battle, in our opinion.

Thanks for the reply, I have been trying to find an example of addressing as well with no luck. We too are using another ISP for our internet connnetion. I thought this would make life easier if I could subnet each cluster. I would like to see an example of someones address scheme if possible.

:lol: :lol:

We should have our network map together in a week or so. I could send you a powerpoint drawing of how ours is laid out, if you’d like…

That would be great :lol:

Bortnem1 wrote:
We should have our network map together in a week or so. I could send you a powerpoint drawing of how ours is laid out, if you'd like....

I would also be interested in seeing and example. It get confusing to say the least on how to set all this up. Also what about the Customer side if they need to have an IP that seen from the Internet? such as in game serving or home servers? Would we need to supply routable IPS to each client?

Bortnem1 add me to the list too please, be quite interested in how your’s is laid out.

Bortnem1 wrote:
We should have our network map together in a week or so. I could send you a powerpoint drawing of how ours is laid out, if you'd like....

Bortnem1> i'd like to see your network layout as well. i think you and i have designed our networks rather similarly, we are also on private IP space here, but i don't think i was as organized with subnetting on each CMM. let me know if you can send that here as well.

Thanks a lot.
- Steve

Did you get a map done?
If so, could you send one to me also…


This topic cannot be stressed enough. It is better to go in with a design that meets current AND future needs. This part of your planning should be intense and not hurried. A lot of times people rush to get their network up only to find out that as they grow they have a huge layer 2 network. Broadcast storms and viruses will bring your network down fast. You should look at deploying multiple subnets with routers built in to segment your network into manageable chunks.

I highly recommend using “management” subnets for your infrastructure meaning routers, switches, firewalls, servers, AP’s, BH’s, SM’s, etc. These subnets should be developed in a way that customers can NOT ping, telnet, or SSH into your devices. I would recommend utilizing 10net addressing for your network (


I’m looking for a cost efficient way to get Canopy opperational.
Then to build it as I go.

I expected to put BAM on a new server that I previously built running Windows 2003 Standard. I aready have DNS services running on that server with a few other missilany.

Now I found that BAM requires Linux Enterprise 3.0
SO, I built another server which is now awaiting the install of linux 3.0

With Windows, I can using ISA, bridge two NICs, one private, and one public. Then route.

I would expect to beable to setup this linux box to run DHCP and have it route from the private to the public… Plus run my BAM and Radius which would give me the ability to see and work with BAM from my normal network which will not be part of the private net running the APs and SMs.

I’m looking for realistic cost effective answers.

Non-routable IP’s are free and so is a good network plan. Cant get any cheaper than that.

I have never heard anyone say no to the suggestion of sitting down and developing your IP plan before you layout your network. I am speaking from experience, and also from fixing other peoples problems, you do not want to build as you go when developing your network addressing scheme.

The original question was regarding ip addressing.

I agree with your Linux approach. Put Zebra or some other free routing software on the box and you can for a small price get up and routing. But again…make sure you have a good IP plan. Do NOT build as you go. Build according to your plan.

Bear in mind that Non-routable IP’s are Private

In which case I will be addressing the AP’s and MMC-Micro on the being the default net that they ship with.

I’m not contemplating a public scheme for the radios.

I’m talking about build as you go, by saying…

The addition/replacement of other hardware such as Firewall, Router… What brands, models are being used?

It’s like Cisco v Adtran… They both make great stuff.

You might compare the Build as you go statement to another statement that basicly means the same thing Up-Grade

It is nice to know that you recommend Routers, Switches, Firewalls, etc…

But that is vague.

Exactly, non-routable IP’s are private. That is how we suggest addressing your network. You dont want internal management devices deployed with valid Internet routable IP’s. If customers want a routable public IP then give it to them…but dont put your AP’s, SM’s, BH’s, CMM Micro’s, mail servers, etc, etc, on public routed IP’s. These “management” devices should all be on a private block. I like using and subnetting it down into smaller networks using classless masks. For example, you can have all BH’s on 10.0.100.x, or all your AP’s on 10.0.101. Or even subnet them into smaller networks. Make a IP plan to fit future growth needs and grow according to your plan.

Just because its non-routable doesnt mean you cant route it on your private network…you just cant route it on the Internet. And you dont want some curious person hitting your SM’s because they did a ping sweep and found a bunch of cool Canopy radios that responded.

Only your IT staff should be able to see your infrastructure whenever possible.

Curiously enough, shortly after my last post. FedEx droped my RedHat WS.

Going through the RPM’s durring install. The Quagga package is Zebra.

We have a setup almost identical to what it sounds like you use Botnem1. I have been working on a map of our network (although very slowly). I would like to see a copy of yours if you would forward it along please. Maybe I can find ways to improve our network and or make suggestions back for you.

I am just looking into the setup of a new network and I could do with a map.
Botnem1 could you please send it to me as well.
Any help is appreciated.

My solution to date

Built a server using an entry level Intel server board w/dual integrated 10/100 and gigibyte ethernet, 2.8 Hyper socet T 1MB cache, 1gb ecc DDR2 ram, with a small 4 drive raid. Installed RedHat Enterprise 3.0, then ran live update to correct RedHat blunders on the main install disks. This corrected the default MySql, and Radius installs which are no good off of the supplied media. RedHat needs to get there **** togeather.

Get your self a book called RedHat Fedora Linux 2 Bible. Pages 529, 646, 850, Chapters 21 and 24.

Setup iptables and nat. Pay close attention to the Router section from the book.
Your server will need one public and one private address, one assigned to each nic. I used as suggested by cannopy support a net on the private side. I assigned (server/router),,3,4,5 etc to the CMM and AP’s DHCP and iptables handle the ballance of the class a private net.

Attach a small hub to the private nic, which runs to the CMM, which runs to your AP’s

Make sure that your MySql is running.
Install BAM according to the instructions in the proper sequence.
Apply your key’s per instructions.

Setup a SM to use NAT, set your DHCP client and Server to enable. I assigned DNS server addresses because my DNS server do not reside on the Linux box (They reside on the public side of the linux box), and then the color code of the AP you want to test, leave the rest alone. Don’t forget to Enter the mac address of the SM into BAM.

Leave the rest alone, if you enable the RF public interface, the client will be able to see your 10.0.0.* private network, disabled it will not. The SM will NAT and assign a private net of a (starting with the SM) to the client side network.

I should add, that with this configuration I am able to totally isolate the cannopy setup from my public network that operates the ballance of the services I offer. This includes DNS, Web, Web Hosting, Email (Linux SurgeMail and MS Exchange), and not to forget Dial-up services.

Hi Bortnem1,

could you send it to me?
Thanks for your help.