We looked at private VLAN's initially and it would definitely be a more elegant solution. At the time we did our testing it didn't look like our wireless gear was going to play nice with the private VLAN's. I wonder if I should re-visit that though.
Joe On Wed, Sep 14, 2016 at 12:18 PM, Hugo Slabbert <h...@slabnet.com> wrote: > > On Tue 2016-Sep-13 13:25:09 -0600, Joe Nelson <josephnel...@gmail.com> > wrote: > >> Hello, everyone. I'm looking for some advice/help/suggestions. >> >> I work for a fixed wireless ISP. We deliver a last mile connection to >> our customers via a modified 802.11N or 802.11AC device (Ubiquiti). >> We're working on an entirely new network topology that relies on >> having a single VLAN per customer. Each VLAN will have a /29 of >> private IPv4 or /30 public IPv4 and a /64 of IPv6 space. Without this >> VLAN setup, all customers on a wireless access point would be in one >> broadcast domain which is not acceptable to us. In addition, the >> individual VLAN's provide other benefits that are specific to a >> wireless network. > > > This may have floated already, but what about private VLANs? Restrict > direct inter-user access at L2, but still permit you to slice the VLANs > based on capacity (i.e. more than a single VLAN per AP if that would be too > large a broadcast domain, but less than 1 VLAN per customer) rather than > requiring a single VLAN per customer. > > That may create its own set of challenges, though? > > >> The problem I'm having is finding a DHCP server to hand out addresses >> to so many VLAN's - and to configure it on the fly. My idea is to >> have DHCP relay enabled on the router at each site and a pair of DHCP >> servers at the head end listening on anycast IP's. The relay would >> set option 82 with the appropriate router and VLAN information that >> the DHCP server can use to classify the customer with. Each time a >> customer is provisioned, a new network/pool would need to be created >> for their VLAN. I would need to be able to load a new network/pool >> into the server without manually editing config files or reloading the >> server. I'm not at all interested in tracking individual hosts since >> these are end customer devices and can change without our knowledge, I >> just need to configure the subnet per VLAN. >> >> I've been watching Kea for some time now and I believe that this will >> be able to be done in the 1.2 version that's scheduled for (hopefully) >> later this year. Specifically, ticket 4285 >> (http://kea.isc.org/ticket/4285) seems to reference an API for >> subnets. Am I correct in understanding what this new API will do? >> Also, how well will this scale? We currently have approximately 9000 >> customers and provision about 20-25 new customers per day. I don't >> doubt that the server could handle the number of leases, but I don't >> know if having everything split into so many subnets would affect >> performance. >> >> Thank you, >> >> Joe Nelson >> Senior Network Engineer >> Utah Broadband > > > -- > Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com > pgp key: B178313E | also on Signal _______________________________________________ Kea-users mailing list Kea-users@lists.isc.org https://lists.isc.org/mailman/listinfo/kea-users