Public IPs on Canopy

Does anyone run their APs, BHs, and other core Canopy equipment using public IPs? If so let us know your experiences.

In the past it NEVER worked well, we switched to private 10.50.X.X based addresses from our main Cisco Router.

We recomend not using public IP’s for a Private network. If you use DHCP, then you can send out public ones to the subscriber.

We used to assign public IP address in our AP and SM when we first started Canopy network. The main problem we faced were

1. the web interface unaccessible most of the time
2. cannot access the device via telnet either sometime
3. AP and SM completely unreachable occasionally, though it was passing the traffic.

So we too switched to 172.16.x.x ips.

We still have few BH running on public IP (because we have to) and faced the same problem, until I completely blackholed its traffic coming from the Internet.

Avoid as much possible using public address.

We found that the Web Interfaces would get hammered and the radio throughput was compromised, not to mention the inaccessibility of the radio via the web interface.

We noticed a major improvement with private 10.0.x.x IPs for the radios, but then this was back when we were running 4.2.x.

Does anyone know THE WHY of this behaviour?!

Sure. Random portscanning attacks hitting the web interface of a machine that’s not supposed to be feeding webpages to the whole world. There is only a finite amount of processor available, and efficient web serving is not the top priority of the OS on the canopy radio. You can see the effect for yourself if you’d like… If you refresh too rapidly under normal (non-public IP) circumstances, the process serving the pages will lock up.

So, cvs, you´re telling me that there´s no problem with canopy´s SMs regarding the use of Public IP address ** EXCEPT ** security!??

So, if I do have a statefull firewall at my site that only permits access from a customer (behind an SM natted with public Ip address) to the outside world, and only let the replies from Internet servers my network would stay reliable?

This is basic security administration. Reading through some topics, I thought it was a bug in Canopy system…never thoght it was a security issue. I´m studying a purchase of a canopy platform and was almost declining.

Thanks for your answar.