date:20161023

Re: [WISPA] Network/infrastructure design for WISP's

2016-10-23 Thread Bryce Duchcherer

We do DHCP with Radius authentication, then our billing system sets the lease 
to static via API, so the customer always gets the same IP (For tracking 
purposes).
The odd business customer requests that they set a static IP on their device 
rather than DHCP.

I like the idea of a firewall rule that only allows assigned IP’s.

Bryce Duchcherer
NETAGO

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf 
Of Tim
Sent: Sunday, October 23, 2016 14:16
To: 'Ian Fraser' ; 'WISPA General List' 

Subject: Re: [WISPA] Network/infrastructure design for WISP's

We deployed for the last 10 years using fixed IP schemas per tower
Allocating IP addresses from a fixed pool (not dhcp)
Firewall rules locking out unassigned IP addresses
Plus we do 99% managed routers

However we are reevaluating PPOE with redundant radius servers that have 
geographic separation.  With an addition of Mac address authentication

From: Ian Fraser [mailto:ian_fra...@gozoom.ca]
Sent: Saturday, October 22, 2016 5:32 PM
To: Tim 
>; 
WISPA General List >
Subject: Re: [WISPA] Network/infrastructure design for WISP's

OK.  What's your alternative?

Ian


 Original message 
From: Tim 
>
Date:10-21-2016 10:21 PM (GMT-05:00)
To: WISPA General List >
Cc:
Subject: Re: [WISPA] Network/infrastructure design for WISP's
Not a fan of ppoe.

Sent from my Verizon Wireless 4G LTE DROID


Tim Way > wrote:

2k12r2 ha DHCP service, Linux clustering or simple dual scopes!

On Oct 21, 2016 6:16 PM, "Adair Winter" 
> wrote:
What happens when DHCP quits and you can't manage anything?
Powercode assigns the next available management IP for whatever tower/range and 
we statically assign to the CPE

On Fri, Oct 21, 2016 at 6:13 PM, Ian Fraser 
> wrote:
Not sure how static would be safer than DHCP for CPE mgmt?

Ian


 Original message 
From: Fred Goldstein >
Date:10-21-2016 6:31 PM (GMT-05:00)
To: wireless@wispa.org
Cc:
Subject: Re: [WISPA] Network/infrastructure design for WISP's

On 10/21/2016 5:55 PM, Ian Fraser wrote:
>
>
> PPPOE for Res traffic. VLAN's for Biz. Public IP's are statically
> assigned.  DHCP for CPE's MgMt IP assignment.  PPPOE session and CPE's
> connection to the AP authenticated by Radius. Radius Accounting  is
> used for traffic billing and session info.
>

Wouldn't it be safer to use static IPs for CPE management? I'd do that,
private IPs of course on a management VLAN not visible to customers.

> Per site: 2 VLANs for MgMt (1 for Tower/AP/UPS etc and 1 for CPEs) and
> 1 VLAN per AP for PPPOE or a dedicated VLAN per Biz. AP's are bridged
> for CPE's PPPOE to NAS.  uPnP enabled CPEs. Cust Routers are not
> allowed to initiate PPPOE.  PPPOE NAS's are mostly colocated tower
> sites so that backhauls can see QOS markers on traffic and not just a
> Tunnel.
>
> BGP Advertises IP range per Fibre POP and feeds 0.0.0.0/0 
> into OSPF
> for redistributing routes inside the AS.  Infrastructure MgMt is on
> RFC1918 and customers are Public IPs.  Firewall rules on
> NAS/Router/CPE prevent Customer IP's from reaching MgMt IP's.
>
Nice if you have enough public IPs for customers. I'm not sure BGP and
PPPOE are necessarily the easiest protocols for this purpose, but
definitely do use the VLANs and keep the routing out of the radios.

> Mikrotik for all routing.  Netonix for most switching. Mikrotik for
> most PtMP (probably uncommon) but LTE is Telrad in areas where it is
> deployed, which skews the above architecture a bit :(  LTE is not for
> newbies though mind you maybe Mikrotik isn't either lol...  but in
> 13 years I've never been floored by a virus "infecting" my gear ;-)
>
You can't do 5 GHz with MikroTik in the US; they don't have valid FCC
approval any more. Not that they admit it, but the US isn't a big market
for them. The wireless design itself has to be based on the local
terrain, clutter (trees, etc.), subscriber density, and other conditions.

You do want a nice SNMP monitoring system that allows you to pull
whatever parameters you want out of the MIB, not one that charges per
line item (like PRTG) or that only pulls a few selected details. I do
enjoy the detail I can get out of InterMapper, for instance. Where are
you (or your planned network) located, Jordan?

> Cheers,
>
> Ian
>
>
>> On 10/21/2016 3:07 PM, Jordan de Geus wrote:
>>> Hey guys,
>>>
>>> I'm very new to the WISP industry and I've been curious to know how
>>> people are designing their WISP networks.
>>>
>>> Are you

Re: [WISPA] Network/infrastructure design for WISP's

2016-10-23 Thread Faisal Imtiaz

So, there is some merit to the design of an ISP network using L2TP Tunnels and 
PPPoE. It has some nice appeal in ability to hide underlying infrastructure, 
have a common way of managing customers etc. 

But ... But .. But... when it comes to Wireless there is a Big Kibosh !.. 
(to the best of my knowledge, the Radios we all use are not able to respect 
traffic priority / dscp tags for any and all traffic flowing inside the PPPoE 
encapsulation). 

Thus in today's networks this is starting to be a No Go 
(even the DSL world which embraced the PPPoE, is not using this in their next 
gen upgrades... they are using MAC address & TR609 based provisioning ) 

My 2 cents... 

Regards. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Tim" 
> To: "Ian Fraser" , "WISPA General List"
> 
> Sent: Sunday, October 23, 2016 4:16:18 PM
> Subject: Re: [WISPA] Network/infrastructure design for WISP's

> We deployed for the last 10 years using fixed IP schemas per tower

> Allocating IP addresses from a fixed pool (not dhcp)

> Firewall rules locking out unassigned IP addresses

> Plus we do 99% managed routers

> However we are reevaluating PPOE with redundant radius servers that have
> geographic separation. With an addition of Mac address authentication

> From: Ian Fraser [mailto:ian_fra...@gozoom.ca]
> Sent: Saturday, October 22, 2016 5:32 PM
> To: Tim ; WISPA General List
> 
> Subject: Re: [WISPA] Network/infrastructure design for WISP's

> OK. What's your alternative?

> Ian

>  Original message 
> From: Tim < t...@cherrycapitalconnection.com >
> Date:10-21-2016 10:21 PM (GMT-05:00)
> To: WISPA General List < wireless@wispa.org >
> Cc:
> Subject: Re: [WISPA] Network/infrastructure design for WISP's

> Not a fan of ppoe.

> Sent from my Verizon Wireless 4G LTE DROID

> Tim Way < t...@way.vg > wrote:

> 2k12r2 ha DHCP service, Linux clustering or simple dual scopes!

> On Oct 21, 2016 6:16 PM, "Adair Winter" < ada...@amarillowireless.net > wrote:
>> What happens when DHCP quits and you can't manage anything?

>> Powercode assigns the next available management IP for whatever tower/range 
>> and
>> we statically assign to the CPE

>> On Fri, Oct 21, 2016 at 6:13 PM, Ian Fraser < ian_fra...@gozoom.ca > wrote:
>>> Not sure how static would be safer than DHCP for CPE mgmt?

>>> Ian

>>>  Original message 
>>> From: Fred Goldstein < f...@interisle.net >
>>> Date:10-21-2016 6:31 PM (GMT-05:00)
>>> To: wireless@wispa.org
>>> Cc:
>>> Subject: Re: [WISPA] Network/infrastructure design for WISP's

>>> On 10/21/2016 5:55 PM, Ian Fraser wrote:


>>> > PPPOE for Res traffic. VLAN's for Biz. Public IP's are statically
>>> > assigned. DHCP for CPE's MgMt IP assignment. PPPOE session and CPE's
>>> > connection to the AP authenticated by Radius. Radius Accounting is
>>> > used for traffic billing and session info.


>>> Wouldn't it be safer to use static IPs for CPE management? I'd do that,
>>> private IPs of course on a management VLAN not visible to customers.

>>> > Per site: 2 VLANs for MgMt (1 for Tower/AP/UPS etc and 1 for CPEs) and
>>> > 1 VLAN per AP for PPPOE or a dedicated VLAN per Biz. AP's are bridged
>>> > for CPE's PPPOE to NAS. uPnP enabled CPEs. Cust Routers are not
>>> > allowed to initiate PPPOE. PPPOE NAS's are mostly colocated tower
>>> > sites so that backhauls can see QOS markers on traffic and not just a
>>> > Tunnel.

>>> > BGP Advertises IP range per Fibre POP and feeds 0.0.0.0/0 into OSPF
>>> > for redistributing routes inside the AS. Infrastructure MgMt is on
>>> > RFC1918 and customers are Public IPs. Firewall rules on
>>> > NAS/Router/CPE prevent Customer IP's from reaching MgMt IP's.

>>> Nice if you have enough public IPs for customers. I'm not sure BGP and
>>> PPPOE are necessarily the easiest protocols for this purpose, but
>>> definitely do use the VLANs and keep the routing out of the radios.

>>> > Mikrotik for all routing. Netonix for most switching. Mikrotik for
>>> > most PtMP (probably uncommon) but LTE is Telrad in areas where it is
>>> > deployed, which skews the above architecture a bit :( LTE is not for
>>> > newbies though mind you maybe Mikrotik isn't either lol... but in
>>> > 13 years I've never been floored by a virus "infecting" my gear ;-)

>>> You can't do 5 GHz with MikroTik in the US; they don't have valid FCC
>>> approval any more. Not that they admit it, but the US isn't a big market
>>> for them. The wireless design itself has to be based on the local
>>> terrain, clutter (trees, etc.), subscriber density, and other conditions.

>>> You do want a nice SNMP monitoring system that allows you to pull
>>> whatever parameters you want out of the MIB, not one that charges per

Re: [WISPA] Network/infrastructure design for WISP's

2016-10-23 Thread Tim

We deployed for the last 10 years using fixed IP schemas per tower

Allocating IP addresses from a fixed pool (not dhcp)

Firewall rules locking out unassigned IP addresses

Plus we do 99% managed routers



However we are reevaluating PPOE with redundant radius servers that have 
geographic separation.  With an addition of Mac address authentication



From: Ian Fraser [mailto:ian_fra...@gozoom.ca]
Sent: Saturday, October 22, 2016 5:32 PM
To: Tim ; WISPA General List 

Subject: Re: [WISPA] Network/infrastructure design for WISP's



OK.  What's your alternative?



Ian



 Original message 
From: Tim  >
Date:10-21-2016 10:21 PM (GMT-05:00)
To: WISPA General List  >
Cc:
Subject: Re: [WISPA] Network/infrastructure design for WISP's

Not a fan of ppoe.



Sent from my Verizon Wireless 4G LTE DROID



Tim Way  > wrote:

2k12r2 ha DHCP service, Linux clustering or simple dual scopes!



On Oct 21, 2016 6:16 PM, "Adair Winter"  > wrote:

What happens when DHCP quits and you can't manage anything?

Powercode assigns the next available management IP for whatever tower/range and 
we statically assign to the CPE



On Fri, Oct 21, 2016 at 6:13 PM, Ian Fraser  > wrote:

Not sure how static would be safer than DHCP for CPE mgmt?



Ian



 Original message 
From: Fred Goldstein  >
Date:10-21-2016 6:31 PM (GMT-05:00)
To: wireless@wispa.org 
Cc:
Subject: Re: [WISPA] Network/infrastructure design for WISP's

On 10/21/2016 5:55 PM, Ian Fraser wrote:
>
>
> PPPOE for Res traffic. VLAN's for Biz. Public IP's are statically
> assigned.  DHCP for CPE's MgMt IP assignment.  PPPOE session and CPE's
> connection to the AP authenticated by Radius. Radius Accounting  is
> used for traffic billing and session info.
>

Wouldn't it be safer to use static IPs for CPE management? I'd do that,
private IPs of course on a management VLAN not visible to customers.

> Per site: 2 VLANs for MgMt (1 for Tower/AP/UPS etc and 1 for CPEs) and
> 1 VLAN per AP for PPPOE or a dedicated VLAN per Biz. AP's are bridged
> for CPE's PPPOE to NAS.  uPnP enabled CPEs. Cust Routers are not
> allowed to initiate PPPOE.  PPPOE NAS's are mostly colocated tower
> sites so that backhauls can see QOS markers on traffic and not just a
> Tunnel.
>
> BGP Advertises IP range per Fibre POP and feeds 0.0.0.0/0   
> into OSPF
> for redistributing routes inside the AS.  Infrastructure MgMt is on
> RFC1918 and customers are Public IPs.  Firewall rules on
> NAS/Router/CPE prevent Customer IP's from reaching MgMt IP's.
>
Nice if you have enough public IPs for customers. I'm not sure BGP and
PPPOE are necessarily the easiest protocols for this purpose, but
definitely do use the VLANs and keep the routing out of the radios.

> Mikrotik for all routing.  Netonix for most switching. Mikrotik for
> most PtMP (probably uncommon) but LTE is Telrad in areas where it is
> deployed, which skews the above architecture a bit :(  LTE is not for
> newbies though mind you maybe Mikrotik isn't either lol...  but in
> 13 years I've never been floored by a virus "infecting" my gear ;-)
>
You can't do 5 GHz with MikroTik in the US; they don't have valid FCC
approval any more. Not that they admit it, but the US isn't a big market
for them. The wireless design itself has to be based on the local
terrain, clutter (trees, etc.), subscriber density, and other conditions.

You do want a nice SNMP monitoring system that allows you to pull
whatever parameters you want out of the MIB, not one that charges per
line item (like PRTG) or that only pulls a few selected details. I do
enjoy the detail I can get out of InterMapper, for instance. Where are
you (or your planned network) located, Jordan?

> Cheers,
>
> Ian
>
>
>> On 10/21/2016 3:07 PM, Jordan de Geus wrote:
>>> Hey guys,
>>>
>>> I'm very new to the WISP industry and I've been curious to know how
>>> people are designing their WISP networks.
>>>
>>> Are you creating VLAN's for each connection point? So your backhauls
>>> are all in one VLAN, while all AP to client connections are in
>>> another VLAN?
>>>
>>> I had been thinking about how the above VLAN based design would be,
>>> in terms of security, and I realized that if all CPE's were in one
>>> VLAN together, wouldn't they be able to cross communicate? So an AP
>>> with 30 clients operating in VLANX, would essentially be able to
>>> communicate to each other, bring security as a major issue. I was
>>> thinking that you'd be able to do VLAN's for each customer, but
>>> doing a PTMP setup for residential purposes, I feel like the system
>>>

Re: [WISPA] Network/infrastructure design for WISP's

Re: [WISPA] Network/infrastructure design for WISP's

Re: [WISPA] Network/infrastructure design for WISP's

3 matches

Site Navigation

Mail list logo

Footer information