Re: [WISPA] Private vs Public addresses for end-users
I haven't had any issues with 1-1 and I've been doing it for over 8 years. Primary firewall is a Checkpoint so that may be part of the reason I haven't had issues. Running most of my broadband customers through Mikrotik though - only had that for about 3 years, but still haven't had any problems. I'm sure someday, somewhere I will. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rabbtux rabbtux Sent: Wednesday, January 30, 2008 1:33 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users Have you had any vpn problems or such for 1-1 NAT customers? I will be getting a handful of routable ips soon and this is how I was planning to manage the few business customers. Does it work well? On Jan 28, 2008 1:12 PM, Jason Hensley <[EMAIL PROTECTED]> wrote: > Even if you buy your own from ARIN, if you're that big, then the costs > are nothing - I agree. > > I personally do private addressing on all my broadband clients. That > allows me to NAT how I see fit. I someone needs a public IP I do a > static 1-1 NAT for them. So far I've had no issues. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Tom DeReggi > Sent: Monday, January 28, 2008 2:47 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > whether to give private or public address has nothing to do with cost. > > The cost per IP, is next to nothing, for an upstream with large block.. > > Tom DeReggi > RapidDSL & Wireless, Inc > IntAirNet- Fixed Wireless Broadband > > > - Original Message ----- > From: "Ugo Bellavance" <[EMAIL PROTECTED]> > To: > Sent: Monday, January 28, 2008 2:01 PM > Subject: [WISPA] Private vs Public addresses for end-users > > > > Hi, > > > > I was wondering what were the considerations of giving out private > > addressing to end users. Are public addresses worth the costs? > > > > The project is to provide internet access to a maximum of 300 > > clients in 5 or 6 nearby buildings using SkyPilot equipment. > > > > Regards, > > > > UGo > > > > > > > > > -- > -- > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > -- > -- > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- > -- > > WISPA Wants You! Join today! > http://signup.wispa.org/ > -- > -- > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- > -- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -- > -- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Have you had any vpn problems or such for 1-1 NAT customers? I will be getting a handful of routable ips soon and this is how I was planning to manage the few business customers. Does it work well? On Jan 28, 2008 1:12 PM, Jason Hensley <[EMAIL PROTECTED]> wrote: > Even if you buy your own from ARIN, if you're that big, then the costs are > nothing - I agree. > > I personally do private addressing on all my broadband clients. That allows > me to NAT how I see fit. I someone needs a public IP I do a static 1-1 NAT > for them. So far I've had no issues. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Tom DeReggi > Sent: Monday, January 28, 2008 2:47 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > whether to give private or public address has nothing to do with cost. > > The cost per IP, is next to nothing, for an upstream with large block.. > > Tom DeReggi > RapidDSL & Wireless, Inc > IntAirNet- Fixed Wireless Broadband > > > - Original Message - > From: "Ugo Bellavance" <[EMAIL PROTECTED]> > To: > Sent: Monday, January 28, 2008 2:01 PM > Subject: [WISPA] Private vs Public addresses for end-users > > > > Hi, > > > > I was wondering what were the considerations of giving out private > > addressing to end users. Are public addresses worth the costs? > > > > The project is to provide internet access to a maximum of 300 clients > > in 5 or 6 nearby buildings using SkyPilot equipment. > > > > Regards, > > > > UGo > > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Unless you have a H.323 compliant firewall, 1 to 1 NAT will generally break H.323 (Netmeeting) Also, some VPN clients default config doesn't work properly through NAT. John Ugo Bellavance wrote: > Jason Hensley wrote: > >> Even if you buy your own from ARIN, if you're that big, then the costs are >> nothing - I agree. >> >> I personally do private addressing on all my broadband clients. That allows >> me to NAT how I see fit. I someone needs a public IP I do a static 1-1 NAT >> for them. So far I've had no issues. >> > > Ok, makes sense. In what cases, for example, would they need a public > IP and I guess that means that you have to make a reservation in your DHCP? > > Thanks, > > Ugo > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Tue, 29 Jan 2008, Andrew Niemantsverdriet wrote: >So what happens when the customer plugs the radio into the switch >and is broadcasting his local DHCP info to everybody? That would >really mess up the network. Depends on the network. On any network that I set up (at least where it is my preferred design), "what happens" is that customer is not able to access the internet and everyone else is. If you are insinuating that such a scenario would cause issues on your network, then you need to fix that or let me help you fix it, because a rogue DHCP server is the LEAST of your worries here. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
>>> Any radio worth its salt that does true bridging would also have a >>> bridging table that is accessible via SNMP or HTML screen scraping. One >>> of our in-house programs polls all the AP's (we're a Canopy outfit, but >>> same principles apply to most Ethernet-based gear) and saves the MAC >>> addresses to a database, where I match the MACs to the subscriber's >>> radio and back to their account. >>> >> So what happens when the customer plugs the radio into the switch and >> is broadcasting his local DHCP info to everybody? That would really >> mess up the network. >> > Nothing, you can block that at most bridge CPEs (alvarion for sure). > And can also block them at the tower side (only let the DHCP requests go > to your equipment not back to the customers on the tower). Which is what we do with Canopy. The SM can block various things such as SMB, DHCP (server and/or client), and multicast. The DHCP through the bridging radio problem is there whether or not you use public vs. private addresses assigned statically or dynamically. -- Bryan WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Tue, 2008-01-29 at 14:19 -0700, Andrew Niemantsverdriet wrote: > On Jan 29, 2008 11:52 AM, Bryan Scott <[EMAIL PROTECTED]> wrote: > > Tom DeReggi wrote: > > > Yes but there are some security concerns with DHCP when sharing wireless > > > sectors. To prevent requires tracking MAC addressess, which is one more > > > headache to track. Sure if you are doing true 802.11 CPE, no problem, the > > > link uses the MAC of the CPE that you already know, but when supporting > > > true > > > bridging, it means discovering teh MAC of the customer provided Home > > > Router. > > > > Any radio worth its salt that does true bridging would also have a > > bridging table that is accessible via SNMP or HTML screen scraping. One > > of our in-house programs polls all the AP's (we're a Canopy outfit, but > > same principles apply to most Ethernet-based gear) and saves the MAC > > addresses to a database, where I match the MACs to the subscriber's > > radio and back to their account. > > > > It's usefulness is most apparent when a customer wonders why their > > connection is lousy and we can see that they've either got 1) their > > radio plugged into a switch instead of a router and we can see all their > > computers, or 2) their computer is doing one of those > > change-my-mac-every-10-seconds network attack things. > > > > Our central DHCP server logs which router the requests come from as > > well, helping us to narrow down which section of the network to search > > in the case that the MAC doesn't show up in any of the radios. > > So what happens when the customer plugs the radio into the switch and > is broadcasting his local DHCP info to everybody? That would really > mess up the network. > Nothing, you can block that at most bridge CPEs (alvarion for sure). And can also block them at the tower side (only let the DHCP requests go to your equipment not back to the customers on the tower). Ryan WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Jan 29, 2008 11:52 AM, Bryan Scott <[EMAIL PROTECTED]> wrote: > Tom DeReggi wrote: > > Yes but there are some security concerns with DHCP when sharing wireless > > sectors. To prevent requires tracking MAC addressess, which is one more > > headache to track. Sure if you are doing true 802.11 CPE, no problem, the > > link uses the MAC of the CPE that you already know, but when supporting true > > bridging, it means discovering teh MAC of the customer provided Home Router. > > Any radio worth its salt that does true bridging would also have a > bridging table that is accessible via SNMP or HTML screen scraping. One > of our in-house programs polls all the AP's (we're a Canopy outfit, but > same principles apply to most Ethernet-based gear) and saves the MAC > addresses to a database, where I match the MACs to the subscriber's > radio and back to their account. > > It's usefulness is most apparent when a customer wonders why their > connection is lousy and we can see that they've either got 1) their > radio plugged into a switch instead of a router and we can see all their > computers, or 2) their computer is doing one of those > change-my-mac-every-10-seconds network attack things. > > Our central DHCP server logs which router the requests come from as > well, helping us to narrow down which section of the network to search > in the case that the MAC doesn't show up in any of the radios. So what happens when the customer plugs the radio into the switch and is broadcasting his local DHCP info to everybody? That would really mess up the network. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Tom DeReggi wrote: > Yes but there are some security concerns with DHCP when sharing wireless > sectors. To prevent requires tracking MAC addressess, which is one more > headache to track. Sure if you are doing true 802.11 CPE, no problem, the > link uses the MAC of the CPE that you already know, but when supporting true > bridging, it means discovering teh MAC of the customer provided Home Router. Any radio worth its salt that does true bridging would also have a bridging table that is accessible via SNMP or HTML screen scraping. One of our in-house programs polls all the AP's (we're a Canopy outfit, but same principles apply to most Ethernet-based gear) and saves the MAC addresses to a database, where I match the MACs to the subscriber's radio and back to their account. It's usefulness is most apparent when a customer wonders why their connection is lousy and we can see that they've either got 1) their radio plugged into a switch instead of a router and we can see all their computers, or 2) their computer is doing one of those change-my-mac-every-10-seconds network attack things. Our central DHCP server logs which router the requests come from as well, helping us to narrow down which section of the network to search in the case that the MAC doesn't show up in any of the radios. -- Bryan WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
In your case I could see where that's an issue. We used to manage IP's on a spreadsheet, but now we do it with a web based system. Each installer has a "temp" IP they can assign at the customer location, get online, grab an open IP, and assign it - no big deal for us. Hey, not saying you're wrong at all - just expressing my side as well :-) hehe - I think the guy that asked about this is definately getting his money's worth! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Langseth Sent: Monday, January 28, 2008 7:10 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users My thoughts got ahead of my fingers,, it was supposed to say bigger and more profitable. I am looking at it from my standpoint, we have 2000+ customers, 48 POPs and yes, all static IP addresses (a mix of internet routable and rfc1918). We have 2 full time installers and 2-3 CSRs on during business hours. Now, in order to assign an IP address the tech has to call in and get one from the CSRs, that can take awhile especially when we are busy. Assigning and managing IPs is done with a BFS (Big %&#ing Spreadsheet), I am guessing you currently use the same method. Now we could assign the IP address on the work order, but then you have to make sure it gets used, or marked as free if it is a no-go, this is more difficult with more people. Also since we have multiple CSRs we have to have the BFS shared, that causes numerous time delays when saving, making changes and dealing with conflicts. Luckily I hardly ever have to deal with the BFS, or IP assignment. But I do believe it can be better Rather than looking at how well it works now, take a look at how it will work in the future. If you are ok with what you see, continue how you want. I am only expressing my opinion and will not feel bad if you do not agree with it. ;) Ryan On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: > Not sure where the 10+ minutes per install addition for a static IP > comes into play. Takes 30 seconds or so to program that in. Yeah, > not quite as convenient as DHCP, and you run the risk of duplicate > IP's if you get sloppy, but otherwise I see a huge advantage with > static. > > Renumbering, like you mentioned, is also MUCH easier if you have > internal privates. I NAT at the headend - not at each tower / POP. > Makes management very easy for me. > > For me, static works, dhcp doesn't. Of course, everyone is different. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > Behalf Of Ryan Langseth > Sent: Monday, January 28, 2008 5:12 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router will be doing nat also. Certain system do not handle that very > nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly dislike not doing DHCP unless the customer is paying for that > static. > Static IP addressing is a PITA if you have to renumber, obivously > with privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you go > that route to do it at your Head End, not at your edge routers. That > way you can implement one of the common IDS/IPS systems to find > problem customers (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install techs > and CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> -- >> -- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -- >> -- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ &g
Re: [WISPA] Private vs Public addresses for end-users
Yes but there are some security concerns with DHCP when sharing wireless sectors. To prevent requires tracking MAC addressess, which is one more headache to track. Sure if you are doing true 802.11 CPE, no problem, the link uses the MAC of the CPE that you already know, but when supporting true bridging, it means discovering teh MAC of the customer provided Home Router. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 9:15 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > > Ryan, > > Have you considered using DHCP to manage manually assigned IP addresses? > It offers the best of both worlds. The IPs are statically mapped to > customers, yet the allocations are managed on the server side, eliminating > the concern about ongoing maintenance (lost client settings). > Additionally, duplicate IP allocation is prevented. > > ted > > On Mon, 28 Jan 2008, Ryan Langseth wrote: > >> My thoughts got ahead of my fingers,, it was supposed to say bigger >> and more profitable. >> >> I am looking at it from my standpoint, we have 2000+ customers, 48 >> POPs and yes, all static IP addresses (a mix of internet routable and >> rfc1918). We have 2 full time installers and 2-3 CSRs on during >> business hours. Now, in order to assign an IP address the tech has >> to call in and get one from the CSRs, that can take awhile especially >> when we are busy. Assigning and managing IPs is done with a BFS (Big >> %&#ing Spreadsheet), I am guessing you currently use the same method. >> Now we could assign the IP address on the work order, but then you >> have to make sure it gets used, or marked as free if it is a no-go, >> this is more difficult with more people. Also since we have multiple >> CSRs we have to have the BFS shared, that causes numerous time delays >> when saving, making changes and dealing with conflicts. >> >> Luckily I hardly ever have to deal with the BFS, or IP assignment. >> But I do believe it can be better >> >> Rather than looking at how well it works now, take a look at how it >> will work in the future. If you are ok with what you see, continue >> how you want. I am only expressing my opinion and will not feel bad >> if you do not agree with it. ;) >> >> Ryan >> >> On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: >> >>> Not sure where the 10+ minutes per install addition for a static IP >>> comes >>> into play. Takes 30 seconds or so to program that in. Yeah, not >>> quite as >>> convenient as DHCP, and you run the risk of duplicate IP's if you get >>> sloppy, but otherwise I see a huge advantage with static. >>> >>> Renumbering, like you mentioned, is also MUCH easier if you have >>> internal >>> privates. I NAT at the headend - not at each tower / POP. Makes >>> management >>> very easy for me. >>> >>> For me, static works, dhcp doesn't. Of course, everyone is different. >>> >>> >>> >>> -Original Message- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>> On >>> Behalf Of Ryan Langseth >>> Sent: Monday, January 28, 2008 5:12 PM >>> To: WISPA General List >>> Subject: Re: [WISPA] Private vs Public addresses for end-users >>> >>> There are things like looking at the customer base. >>> >>> 1) are they likely to need incoming connections ( This is mainly for >>> businesses ) >>> 2) are they likely to get a worm and have it start spamming ( I hate >>> trying >>> to track down a spammy machine behind NAT ... its not hard just >>> annoying) >>> 3) are they going to have problems with double NAT, the customers >>> router >>> will be doing nat also. Certain system do not handle that very nicely >>> >>> Frankly I hate using Private IPs for customers at all, I also >>> strongly >>> dislike not doing DHCP unless the customer is paying for that static. >>> Static IP addressing is a PITA if you have to renumber, obivously >>> with >>> privates that problem is largely gone. >>> >>> Depending on where you are doing your NAT, I would suggest if you >>> go that >>> route to do it at your Head End, not at your edge routers. That way >>> you can >>> implement one of the common IDS/IPS systems to find pr
Re: [WISPA] Private vs Public addresses for end-users
Eric, Great idea Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Eric Rogers" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 8:32 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > If the default for most routers is DHCP, then give it a private block > and then D-NAT all port 80 traffic to one of your servers and give them > a spash-page that says..."Your router lost its' configuration. Here are > instructions of how to reset it." > > Don't forget, the default for most routers' wireless is wide-open. If > you lock them out by default...it is in both of your interests to get it > set back up and secure. I'll spend the extra 15-20 minutes to walk them > through a configuration so their neighbor has to pay for a connection. > > Eric > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Tom DeReggi > Sent: Monday, January 28, 2008 6:31 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > The biggest cost in using Static IP is after support. Thinks liek > Linksys > routers are notorious for loosing their configurations. > When teh configuration is lost, your on the phone for an hour walking > your > customer through how to enter the IP back in. > MOst commodity routers default to DHCP, so if it loses its config, > rebooting > will still get it a working IP with out a phone call for > reconfiguration. > However, we only use Public Static IPs. We typically charge more for our > > service and justify the higher charge because of added benefits such as > Static IP benefits. We are willing to spend the time. > > Tom DeReggi > RapidDSL & Wireless, Inc > IntAirNet- Fixed Wireless Broadband > > > - Original Message - > From: "Ryan Langseth" <[EMAIL PROTECTED]> > To: "WISPA General List" > Sent: Monday, January 28, 2008 6:11 PM > Subject: Re: [WISPA] Private vs Public addresses for end-users > > >> There are things like looking at the customer base. >> >> 1) are they likely to need incoming connections ( This is mainly for >> businesses ) >> 2) are they likely to get a worm and have it start spamming ( I hate >> trying to track down a spammy machine behind NAT ... its not hard just >> annoying) >> 3) are they going to have problems with double NAT, the customers >> router will be doing nat also. Certain system do not handle that very >> nicely >> >> Frankly I hate using Private IPs for customers at all, I also >> strongly dislike not doing DHCP unless the customer is paying for that >> static. >> Static IP addressing is a PITA if you have to renumber, obivously >> with privates that problem is largely gone. >> >> Depending on where you are doing your NAT, I would suggest if you go >> that route to do it at your Head End, not at your edge routers. That >> way you can implement one of the common IDS/IPS systems to find >> problem customers (virus, etc) . >> >> Not doing DHCP, if you plan on being profitable, imo, is also a major >> mistake. You will end up consuming 10+ minutes of your install techs >> and CSRs time per install. >> >> >> Ryan >> >> On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: >> >>> Tom DeReggi wrote: >>>> whether to give private or public address has nothing to do with >>>> cost. >>>> >>> >>> Oh, what are the thing to consider exactly? >>> >>> Regards, >>> >>> Ugo Bellavance >>> >>> >>> >>> > > >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> > > >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> > > >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > > >> >> WISPA Wireless Lis
Re: [WISPA] Private vs Public addresses for end-users
If you have access to the DHCP server then it should be pretty trivial to migrate. Your current lease file will show all of the IPs and their associated MAC addresses. All you need to do is build a static lease file from this information. I am finally migrating from a static IP to DHCP with static IP assignment. With newer equipment I have the radio act as a router and assign the IP to the radio since I know the radio MAC at provisioning time for the customer. For my older equipment (mostly CB3s) I have used some custom scripting on my mikrotik APs to get this to work. I assign temporary DHCPs out of a separate ip pool with a 30s lease, I then use a captive portal on that pool of IPs. They are redirected to a web page which displays a message stating that their equipment has changed and please wait 30 seconds for us to update our records. While they are staring at the page. I have a script that logs into the MT AP, check the last-ip field on the /interface wireless registration stats page and matches that mac-address with the radio mac-address in my provisioning system. Then set the /ip dhcp-server lease record for the correct IP address. The webpage has a 30 second redirect to their original destination and all is good. After 3 years of service, I finally decided that I was tired of the customer calling in after every router reset or router upgrade. It is also nice to be able to tell the customer to just hit the reset button on the router after their 12 year old has hosed the router trying to get their xbox 360 set up. Sam Tetherow Sandhills Wireless Ryan Langseth wrote: > Yea, actually I have looked that and would love to have that. This is > a network I inherited, it was this way when I got it. If it was mine > from the beginning DHCP would have been used (along with RADIUS and > etc). > > Ryan > On Jan 28, 2008, at 8:15 PM, [EMAIL PROTECTED] wrote: > > >> Ryan, >> >> Have you considered using DHCP to manage manually assigned IP >> addresses? >> It offers the best of both worlds. The IPs are statically mapped to >> customers, yet the allocations are managed on the server side, >> eliminating >> the concern about ongoing maintenance (lost client settings). >> Additionally, duplicate IP allocation is prevented. >> >> ted >> >> On Mon, 28 Jan 2008, Ryan Langseth wrote: >> >> >>> My thoughts got ahead of my fingers,, it was supposed to say bigger >>> and more profitable. >>> >>> I am looking at it from my standpoint, we have 2000+ customers, 48 >>> POPs and yes, all static IP addresses (a mix of internet routable and >>> rfc1918). We have 2 full time installers and 2-3 CSRs on during >>> business hours. Now, in order to assign an IP address the tech has >>> to call in and get one from the CSRs, that can take awhile >>> especially >>> when we are busy. Assigning and managing IPs is done with a BFS (Big >>> %&#ing Spreadsheet), I am guessing you currently use the same method. >>> Now we could assign the IP address on the work order, but then you >>> have to make sure it gets used, or marked as free if it is a no-go, >>> this is more difficult with more people. Also since we have >>> multiple >>> CSRs we have to have the BFS shared, that causes numerous time >>> delays >>> when saving, making changes and dealing with conflicts. >>> >>> Luckily I hardly ever have to deal with the BFS, or IP assignment. >>> But I do believe it can be better >>> >>> Rather than looking at how well it works now, take a look at how it >>> will work in the future. If you are ok with what you see, continue >>> how you want. I am only expressing my opinion and will not feel bad >>> if you do not agree with it. ;) >>> >>> Ryan >>> >>> On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: >>> >>> >>>> Not sure where the 10+ minutes per install addition for a static IP >>>> comes >>>> into play. Takes 30 seconds or so to program that in. Yeah, not >>>> quite as >>>> convenient as DHCP, and you run the risk of duplicate IP's if you >>>> get >>>> sloppy, but otherwise I see a huge advantage with static. >>>> >>>> Renumbering, like you mentioned, is also MUCH easier if you have >>>> internal >>>> privates. I NAT at the headend - not at each tower / POP. Makes >>>> management >>>> very easy for me. >>>> >>>> For me, static works, dhcp doesn't. Of course, every
Re: [WISPA] Private vs Public addresses for end-users
Jaker, route-map should work, but have you considered wccp (web cache coordination protocol)? ip wccp version _ ip wccp web-cache interface _out interface_ ip wccp web-cache redirect out ted On Mon, 28 Jan 2008, Jake VanDewater wrote: Eric, I'm interested in how you pulled off the D-NAT. Did you use a pix to do this? I have been researching ways to do this with a 2800 Cisco router. From what I can find I will need to do some aliasing. Can you provide me some more insight on how you were able to accomplish? -Jaker Date: Mon, 28 Jan 2008 20:32:26 -0500 From: [EMAIL PROTECTED] To: wireless@wispa.org Subject: Re: [WISPA] Private vs Public addresses for end-users If the default for most routers is DHCP, then give it a private block and then D-NAT all port 80 traffic to one of your servers and give them a spash-page that says..."Your router lost its' configuration. Here are instructions of how to reset it." Don't forget, the default for most routers' wireless is wide-open. If you lock them out by default...it is in both of your interests to get it set back up and secure. I'll spend the extra 15-20 minutes to walk them through a configuration so their neighbor has to pay for a connection. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom DeReggi Sent: Monday, January 28, 2008 6:31 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users The biggest cost in using Static IP is after support. Thinks liek Linksys routers are notorious for loosing their configurations. When teh configuration is lost, your on the phone for an hour walking your customer through how to enter the IP back in. MOst commodity routers default to DHCP, so if it loses its config, rebooting will still get it a working IP with out a phone call for reconfiguration. However, we only use Public Static IPs. We typically charge more for our service and justify the higher charge because of added benefits such as Static IP benefits. We are willing to spend the time. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ryan Langseth" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 6:11 PM Subject: Re: [WISPA] Private vs Public addresses for end-users There are things like looking at the customer base. 1) are they likely to need incoming connections ( This is mainly for businesses ) 2) are they likely to get a worm and have it start spamming ( I hate trying to track down a spammy machine behind NAT ... its not hard just annoying) 3) are they going to have problems with double NAT, the customers router will be doing nat also. Certain system do not handle that very nicely Frankly I hate using Private IPs for customers at all, I also strongly dislike not doing DHCP unless the customer is paying for that static. Static IP addressing is a PITA if you have to renumber, obivously with privates that problem is largely gone. Depending on where you are doing your NAT, I would suggest if you go that route to do it at your Head End, not at your edge routers. That way you can implement one of the common IDS/IPS systems to find problem customers (virus, etc) . Not doing DHCP, if you plan on being profitable, imo, is also a major mistake. You will end up consuming 10+ minutes of your install techs and CSRs time per install. Ryan On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: Tom DeReggi wrote: whether to give private or public address has nothing to do with cost. Oh, what are the thing to consider exactly? Regards, Ugo Bellavance WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Mon, 28 Jan 2008, [EMAIL PROTECTED] wrote: >Does it make sense to publish/open source these scripts? Not for me. I do this (consulting) for a living. It is one of the tools I have in my "toolbox" that I pull out from time to time. FWIW, I do include a script that can do this for Mikrotik on the material that we provide in my Security focused network design class. My website below will show you a list of where and when the next class is available. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Eric, I'm interested in how you pulled off the D-NAT. Did you use a pix to do this? I have been researching ways to do this with a 2800 Cisco router. From what I can find I will need to do some aliasing. Can you provide me some more insight on how you were able to accomplish? -Jaker > Date: Mon, 28 Jan 2008 20:32:26 -0500 > From: [EMAIL PROTECTED] > To: wireless@wispa.org > Subject: Re: [WISPA] Private vs Public addresses for end-users > > If the default for most routers is DHCP, then give it a private block > and then D-NAT all port 80 traffic to one of your servers and give them > a spash-page that says..."Your router lost its' configuration. Here are > instructions of how to reset it." > > Don't forget, the default for most routers' wireless is wide-open. If > you lock them out by default...it is in both of your interests to get it > set back up and secure. I'll spend the extra 15-20 minutes to walk them > through a configuration so their neighbor has to pay for a connection. > > Eric > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Tom DeReggi > Sent: Monday, January 28, 2008 6:31 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > The biggest cost in using Static IP is after support. Thinks liek > Linksys > routers are notorious for loosing their configurations. > When teh configuration is lost, your on the phone for an hour walking > your > customer through how to enter the IP back in. > MOst commodity routers default to DHCP, so if it loses its config, > rebooting > will still get it a working IP with out a phone call for > reconfiguration. > However, we only use Public Static IPs. We typically charge more for our > > service and justify the higher charge because of added benefits such as > Static IP benefits. We are willing to spend the time. > > Tom DeReggi > RapidDSL & Wireless, Inc > IntAirNet- Fixed Wireless Broadband > > > - Original Message ----- > From: "Ryan Langseth" <[EMAIL PROTECTED]> > To: "WISPA General List" > Sent: Monday, January 28, 2008 6:11 PM > Subject: Re: [WISPA] Private vs Public addresses for end-users > > > > There are things like looking at the customer base. > > > > 1) are they likely to need incoming connections ( This is mainly for > > businesses ) > > 2) are they likely to get a worm and have it start spamming ( I hate > > trying to track down a spammy machine behind NAT ... its not hard just > > annoying) > > 3) are they going to have problems with double NAT, the customers > > router will be doing nat also. Certain system do not handle that very > > nicely > > > > Frankly I hate using Private IPs for customers at all, I also > > strongly dislike not doing DHCP unless the customer is paying for that > > static. > > Static IP addressing is a PITA if you have to renumber, obivously > > with privates that problem is largely gone. > > > > Depending on where you are doing your NAT, I would suggest if you go > > that route to do it at your Head End, not at your edge routers. That > > way you can implement one of the common IDS/IPS systems to find > > problem customers (virus, etc) . > > > > Not doing DHCP, if you plan on being profitable, imo, is also a major > > mistake. You will end up consuming 10+ minutes of your install techs > > and CSRs time per install. > > > > > > Ryan > > > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > > > >> Tom DeReggi wrote: > >>> whether to give private or public address has nothing to do with > >>> cost. > >>> > >> > >> Oh, what are the thing to consider exactly? > >> > >> Regards, > >> > >> Ugo Bellavance > >> > >> > >> > >> > > > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/
Re: [WISPA] Private vs Public addresses for end-users
We are looking into doing DHCP Option 82 for our NMS DHCP subnet for our CPE devices. If I am understanding this correctly, through this option I will be able to designate the IP address(es) that are going to be allocated behind that CPE device. This way I will only have to track MAC address of customer through my inventory and billing system. Through DHCP server, we will be able to determine which IP address is linked to specific CPE devices. Am I dreaming here? > From: [EMAIL PROTECTED] > To: wireless@wispa.org > Date: Mon, 28 Jan 2008 20:22:16 -0600 > Subject: Re: [WISPA] Private vs Public addresses for end-users > > Yea, actually I have looked that and would love to have that. This is > a network I inherited, it was this way when I got it. If it was mine > from the beginning DHCP would have been used (along with RADIUS and > etc). > > Ryan > On Jan 28, 2008, at 8:15 PM, [EMAIL PROTECTED] wrote: > > > > > Ryan, > > > > Have you considered using DHCP to manage manually assigned IP > > addresses? > > It offers the best of both worlds. The IPs are statically mapped to > > customers, yet the allocations are managed on the server side, > > eliminating > > the concern about ongoing maintenance (lost client settings). > > Additionally, duplicate IP allocation is prevented. > > > > ted > > > > On Mon, 28 Jan 2008, Ryan Langseth wrote: > > > >> My thoughts got ahead of my fingers,, it was supposed to say bigger > >> and more profitable. > >> > >> I am looking at it from my standpoint, we have 2000+ customers, 48 > >> POPs and yes, all static IP addresses (a mix of internet routable and > >> rfc1918). We have 2 full time installers and 2-3 CSRs on during > >> business hours. Now, in order to assign an IP address the tech has > >> to call in and get one from the CSRs, that can take awhile > >> especially > >> when we are busy. Assigning and managing IPs is done with a BFS (Big > >> %&#ing Spreadsheet), I am guessing you currently use the same method. > >> Now we could assign the IP address on the work order, but then you > >> have to make sure it gets used, or marked as free if it is a no-go, > >> this is more difficult with more people. Also since we have > >> multiple > >> CSRs we have to have the BFS shared, that causes numerous time > >> delays > >> when saving, making changes and dealing with conflicts. > >> > >> Luckily I hardly ever have to deal with the BFS, or IP assignment. > >> But I do believe it can be better > >> > >> Rather than looking at how well it works now, take a look at how it > >> will work in the future. If you are ok with what you see, continue > >> how you want. I am only expressing my opinion and will not feel bad > >> if you do not agree with it. ;) > >> > >> Ryan > >> > >> On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: > >> > >>> Not sure where the 10+ minutes per install addition for a static IP > >>> comes > >>> into play. Takes 30 seconds or so to program that in. Yeah, not > >>> quite as > >>> convenient as DHCP, and you run the risk of duplicate IP's if you > >>> get > >>> sloppy, but otherwise I see a huge advantage with static. > >>> > >>> Renumbering, like you mentioned, is also MUCH easier if you have > >>> internal > >>> privates. I NAT at the headend - not at each tower / POP. Makes > >>> management > >>> very easy for me. > >>> > >>> For me, static works, dhcp doesn't. Of course, everyone is > >>> different. > >>> > >>> > >>> > >>> -Original Message- > >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >>> On > >>> Behalf Of Ryan Langseth > >>> Sent: Monday, January 28, 2008 5:12 PM > >>> To: WISPA General List > >>> Subject: Re: [WISPA] Private vs Public addresses for end-users > >>> > >>> There are things like looking at the customer base. > >>> > >>> 1) are they likely to need incoming connections ( This is mainly > >>> for > >>> businesses ) > >>> 2) are they likely to get a worm and have it start spamming ( I hate > >>> trying > >>> to track down a spammy machine behind NAT ... its not hard just > >>> annoying) > >>> 3) are they going to h
Re: [WISPA] Private vs Public addresses for end-users
Does it make sense to publish/open source these scripts? ted On Mon, 28 Jan 2008, Butch Evans wrote: > On Mon, 28 Jan 2008, Ryan Langseth wrote: > >> Yea, actually I have looked that and would love to have that. >> This is a network I inherited, it was this way when I got it. If >> it was mine from the beginning DHCP would have been used (along >> with RADIUS and etc). > > Do you have remote access to the clients? If so, it is not hard to > move them over. It is certainly time consuming. Depending on what > gear, you can count on 1-3 minutes per client. With some clients, > it can be scripted, but not sure it would be worth the time to > develop the script to do it. Hit me offlist and we can discuss > options if you are interested in moving this way. > > -- > Butch Evans > Network Engineering and Security Consulting > 573-276-2879 > http://www.butchevans.com/ > My calendar: http://tinyurl.com/y24ad6 > Training Partners: http://tinyurl.com/smfkf > Mikrotik Certified Consultant > http://www.mikrotik.com/consultants.html > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Mon, 28 Jan 2008, Ryan Langseth wrote: >Yea, actually I have looked that and would love to have that. >This is a network I inherited, it was this way when I got it. If >it was mine from the beginning DHCP would have been used (along >with RADIUS and etc). Do you have remote access to the clients? If so, it is not hard to move them over. It is certainly time consuming. Depending on what gear, you can count on 1-3 minutes per client. With some clients, it can be scripted, but not sure it would be worth the time to develop the script to do it. Hit me offlist and we can discuss options if you are interested in moving this way. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Not that it isn't a good idea, but I don't think there is a legal requirement to back data on DHCP leases. You do need to have a way to monitor traffic from the time they call though. Sam Tetherow Sandhills Wireless D. Ryan Spott wrote: > Don't forget to track who has what dynamic IP address, and when they > had it. > > You will need this information with the law enforcement agencies come > a knocking for some kiddie porn peddler using your network. > > ryan > > > On Jan 28, 2008, at 3:16 PM, Jason Hensley wrote: > > >> Not sure where the 10+ minutes per install addition for a static IP >> comes >> into play. Takes 30 seconds or so to program that in. Yeah, not >> quite as >> convenient as DHCP, and you run the risk of duplicate IP's if you get >> sloppy, but otherwise I see a huge advantage with static. >> >> Renumbering, like you mentioned, is also MUCH easier if you have >> internal >> privates. I NAT at the headend - not at each tower / POP. Makes >> management >> very easy for me. >> >> For me, static works, dhcp doesn't. Of course, everyone is different. >> >> >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> On >> Behalf Of Ryan Langseth >> Sent: Monday, January 28, 2008 5:12 PM >> To: WISPA General List >> Subject: Re: [WISPA] Private vs Public addresses for end-users >> >> There are things like looking at the customer base. >> >> 1) are they likely to need incoming connections ( This is mainly for >> businesses ) >> 2) are they likely to get a worm and have it start spamming ( I hate >> trying >> to track down a spammy machine behind NAT ... its not hard just >> annoying) >> 3) are they going to have problems with double NAT, the customers >> router >> will be doing nat also. Certain system do not handle that very nicely >> >> Frankly I hate using Private IPs for customers at all, I also >> strongly >> dislike not doing DHCP unless the customer is paying for that static. >> Static IP addressing is a PITA if you have to renumber, obivously >> with >> privates that problem is largely gone. >> >> Depending on where you are doing your NAT, I would suggest if you >> go that >> route to do it at your Head End, not at your edge routers. That way >> you can >> implement one of the common IDS/IPS systems to find problem customers >> (virus, etc) . >> >> Not doing DHCP, if you plan on being profitable, imo, is also a major >> mistake. You will end up consuming 10+ minutes of your install >> techs and >> CSRs time per install. >> >> >> Ryan >> >> On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: >> >> >>> Tom DeReggi wrote: >>> >>>> whether to give private or public address has nothing to do with >>>> cost. >>>> >>>> >>> Oh, what are the thing to consider exactly? >>> >>> Regards, >>> >>> Ugo Bellavance >>> >>> >>> >>> -- >>> -- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -- >>> -- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Yea, actually I have looked that and would love to have that. This is a network I inherited, it was this way when I got it. If it was mine from the beginning DHCP would have been used (along with RADIUS and etc). Ryan On Jan 28, 2008, at 8:15 PM, [EMAIL PROTECTED] wrote: > > Ryan, > > Have you considered using DHCP to manage manually assigned IP > addresses? > It offers the best of both worlds. The IPs are statically mapped to > customers, yet the allocations are managed on the server side, > eliminating > the concern about ongoing maintenance (lost client settings). > Additionally, duplicate IP allocation is prevented. > > ted > > On Mon, 28 Jan 2008, Ryan Langseth wrote: > >> My thoughts got ahead of my fingers,, it was supposed to say bigger >> and more profitable. >> >> I am looking at it from my standpoint, we have 2000+ customers, 48 >> POPs and yes, all static IP addresses (a mix of internet routable and >> rfc1918). We have 2 full time installers and 2-3 CSRs on during >> business hours. Now, in order to assign an IP address the tech has >> to call in and get one from the CSRs, that can take awhile >> especially >> when we are busy. Assigning and managing IPs is done with a BFS (Big >> %&#ing Spreadsheet), I am guessing you currently use the same method. >> Now we could assign the IP address on the work order, but then you >> have to make sure it gets used, or marked as free if it is a no-go, >> this is more difficult with more people. Also since we have >> multiple >> CSRs we have to have the BFS shared, that causes numerous time >> delays >> when saving, making changes and dealing with conflicts. >> >> Luckily I hardly ever have to deal with the BFS, or IP assignment. >> But I do believe it can be better >> >> Rather than looking at how well it works now, take a look at how it >> will work in the future. If you are ok with what you see, continue >> how you want. I am only expressing my opinion and will not feel bad >> if you do not agree with it. ;) >> >> Ryan >> >> On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: >> >>> Not sure where the 10+ minutes per install addition for a static IP >>> comes >>> into play. Takes 30 seconds or so to program that in. Yeah, not >>> quite as >>> convenient as DHCP, and you run the risk of duplicate IP's if you >>> get >>> sloppy, but otherwise I see a huge advantage with static. >>> >>> Renumbering, like you mentioned, is also MUCH easier if you have >>> internal >>> privates. I NAT at the headend - not at each tower / POP. Makes >>> management >>> very easy for me. >>> >>> For me, static works, dhcp doesn't. Of course, everyone is >>> different. >>> >>> >>> >>> -Original Message- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>> On >>> Behalf Of Ryan Langseth >>> Sent: Monday, January 28, 2008 5:12 PM >>> To: WISPA General List >>> Subject: Re: [WISPA] Private vs Public addresses for end-users >>> >>> There are things like looking at the customer base. >>> >>> 1) are they likely to need incoming connections ( This is mainly >>> for >>> businesses ) >>> 2) are they likely to get a worm and have it start spamming ( I hate >>> trying >>> to track down a spammy machine behind NAT ... its not hard just >>> annoying) >>> 3) are they going to have problems with double NAT, the customers >>> router >>> will be doing nat also. Certain system do not handle that very >>> nicely >>> >>> Frankly I hate using Private IPs for customers at all, I also >>> strongly >>> dislike not doing DHCP unless the customer is paying for that >>> static. >>> Static IP addressing is a PITA if you have to renumber, obivously >>> with >>> privates that problem is largely gone. >>> >>> Depending on where you are doing your NAT, I would suggest if you >>> go that >>> route to do it at your Head End, not at your edge routers. That way >>> you can >>> implement one of the common IDS/IPS systems to find problem >>> customers >>> (virus, etc) . >>> >>> Not doing DHCP, if you plan on being profitable, imo, is also a >>> major >>> mistake. You will end up consuming 10+ minutes of your install >>
Re: [WISPA] Private vs Public addresses for end-users
Ryan, Have you considered using DHCP to manage manually assigned IP addresses? It offers the best of both worlds. The IPs are statically mapped to customers, yet the allocations are managed on the server side, eliminating the concern about ongoing maintenance (lost client settings). Additionally, duplicate IP allocation is prevented. ted On Mon, 28 Jan 2008, Ryan Langseth wrote: > My thoughts got ahead of my fingers,, it was supposed to say bigger > and more profitable. > > I am looking at it from my standpoint, we have 2000+ customers, 48 > POPs and yes, all static IP addresses (a mix of internet routable and > rfc1918). We have 2 full time installers and 2-3 CSRs on during > business hours. Now, in order to assign an IP address the tech has > to call in and get one from the CSRs, that can take awhile especially > when we are busy. Assigning and managing IPs is done with a BFS (Big > %&#ing Spreadsheet), I am guessing you currently use the same method. > Now we could assign the IP address on the work order, but then you > have to make sure it gets used, or marked as free if it is a no-go, > this is more difficult with more people. Also since we have multiple > CSRs we have to have the BFS shared, that causes numerous time delays > when saving, making changes and dealing with conflicts. > > Luckily I hardly ever have to deal with the BFS, or IP assignment. > But I do believe it can be better > > Rather than looking at how well it works now, take a look at how it > will work in the future. If you are ok with what you see, continue > how you want. I am only expressing my opinion and will not feel bad > if you do not agree with it. ;) > > Ryan > > On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: > >> Not sure where the 10+ minutes per install addition for a static IP >> comes >> into play. Takes 30 seconds or so to program that in. Yeah, not >> quite as >> convenient as DHCP, and you run the risk of duplicate IP's if you get >> sloppy, but otherwise I see a huge advantage with static. >> >> Renumbering, like you mentioned, is also MUCH easier if you have >> internal >> privates. I NAT at the headend - not at each tower / POP. Makes >> management >> very easy for me. >> >> For me, static works, dhcp doesn't. Of course, everyone is different. >> >> >> >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> On >> Behalf Of Ryan Langseth >> Sent: Monday, January 28, 2008 5:12 PM >> To: WISPA General List >> Subject: Re: [WISPA] Private vs Public addresses for end-users >> >> There are things like looking at the customer base. >> >> 1) are they likely to need incoming connections ( This is mainly for >> businesses ) >> 2) are they likely to get a worm and have it start spamming ( I hate >> trying >> to track down a spammy machine behind NAT ... its not hard just >> annoying) >> 3) are they going to have problems with double NAT, the customers >> router >> will be doing nat also. Certain system do not handle that very nicely >> >> Frankly I hate using Private IPs for customers at all, I also >> strongly >> dislike not doing DHCP unless the customer is paying for that static. >> Static IP addressing is a PITA if you have to renumber, obivously >> with >> privates that problem is largely gone. >> >> Depending on where you are doing your NAT, I would suggest if you >> go that >> route to do it at your Head End, not at your edge routers. That way >> you can >> implement one of the common IDS/IPS systems to find problem customers >> (virus, etc) . >> >> Not doing DHCP, if you plan on being profitable, imo, is also a major >> mistake. You will end up consuming 10+ minutes of your install >> techs and >> CSRs time per install. >> >> >> Ryan >> >> On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: >> >>> Tom DeReggi wrote: >>>> whether to give private or public address has nothing to do with >>>> cost. >>>> >>> >>> Oh, what are the thing to consider exactly? >>> >>> Regards, >>> >>> Ugo Bellavance >>> >>> >>> >>> -- >>> -- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -- &g
Re: [WISPA] Private vs Public addresses for end-users
You can always use reservations to give a user the same IP each time even though they are getting it via DHCP. If you ever have to re-number your whole network without DHCP you may become a convert. - Original Message - From: "Jonathan Schmidt" <[EMAIL PROTECTED]> To: "'WISPA General List'" Sent: Monday, January 28, 2008 7:01 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > Most customers will be happy with Dynamic DHCP whereby a domain name will > always fine their server. > > If you explain that, especially if you describe the elaborate resolutions > that are available to them via Dynamic DHCP including blocks and multiple > servers, won't they be satisfied? > > . . . J o n a t h a n > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Eric Rogers > Sent: Monday, January 28, 2008 7:32 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > If the default for most routers is DHCP, then give it a private block and > then D-NAT all port 80 traffic to one of your servers and give them a > spash-page that says..."Your router lost its' configuration. Here are > instructions of how to reset it." > > Don't forget, the default for most routers' wireless is wide-open. If you > lock them out by default...it is in both of your interests to get it set > back up and secure. I'll spend the extra 15-20 minutes to walk them > through > a configuration so their neighbor has to pay for a connection. > > Eric > > > -Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Tom DeReggi > Sent: Monday, January 28, 2008 6:31 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > The biggest cost in using Static IP is after support. Thinks liek Linksys > routers are notorious for loosing their configurations. > When teh configuration is lost, your on the phone for an hour walking your > customer through how to enter the IP back in. > MOst commodity routers default to DHCP, so if it loses its config, > rebooting > will still get it a working IP with out a phone call for reconfiguration. > However, we only use Public Static IPs. We typically charge more for our > > service and justify the higher charge because of added benefits such as > Static IP benefits. We are willing to spend the time. > > Tom DeReggi > RapidDSL & Wireless, Inc > IntAirNet- Fixed Wireless Broadband > > > - Original Message - > From: "Ryan Langseth" <[EMAIL PROTECTED]> > To: "WISPA General List" > Sent: Monday, January 28, 2008 6:11 PM > Subject: Re: [WISPA] Private vs Public addresses for end-users > > >> There are things like looking at the customer base. >> >> 1) are they likely to need incoming connections ( This is mainly for >> businesses ) >> 2) are they likely to get a worm and have it start spamming ( I hate >> trying to track down a spammy machine behind NAT ... its not hard just >> annoying) >> 3) are they going to have problems with double NAT, the customers >> router will be doing nat also. Certain system do not handle that very >> nicely >> >> Frankly I hate using Private IPs for customers at all, I also >> strongly dislike not doing DHCP unless the customer is paying for that >> static. >> Static IP addressing is a PITA if you have to renumber, obivously >> with privates that problem is largely gone. >> >> Depending on where you are doing your NAT, I would suggest if you go >> that route to do it at your Head End, not at your edge routers. That >> way you can implement one of the common IDS/IPS systems to find >> problem customers (virus, etc) . >> >> Not doing DHCP, if you plan on being profitable, imo, is also a major >> mistake. You will end up consuming 10+ minutes of your install techs >> and CSRs time per install. >> >> >> Ryan >> >> On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: >> >>> Tom DeReggi wrote: >>>> whether to give private or public address has nothing to do with >>>> cost. >>>> >>> >>> Oh, what are the thing to consider exactly? >>> >>> Regards, >>> >>> Ugo Bellavance >>> >>> >>> >>> > > >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> > --
Re: [WISPA] Private vs Public addresses for end-users
Most customers will be happy with Dynamic DHCP whereby a domain name will always fine their server. If you explain that, especially if you describe the elaborate resolutions that are available to them via Dynamic DHCP including blocks and multiple servers, won't they be satisfied? . . . J o n a t h a n -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Rogers Sent: Monday, January 28, 2008 7:32 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users If the default for most routers is DHCP, then give it a private block and then D-NAT all port 80 traffic to one of your servers and give them a spash-page that says..."Your router lost its' configuration. Here are instructions of how to reset it." Don't forget, the default for most routers' wireless is wide-open. If you lock them out by default...it is in both of your interests to get it set back up and secure. I'll spend the extra 15-20 minutes to walk them through a configuration so their neighbor has to pay for a connection. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom DeReggi Sent: Monday, January 28, 2008 6:31 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users The biggest cost in using Static IP is after support. Thinks liek Linksys routers are notorious for loosing their configurations. When teh configuration is lost, your on the phone for an hour walking your customer through how to enter the IP back in. MOst commodity routers default to DHCP, so if it loses its config, rebooting will still get it a working IP with out a phone call for reconfiguration. However, we only use Public Static IPs. We typically charge more for our service and justify the higher charge because of added benefits such as Static IP benefits. We are willing to spend the time. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ryan Langseth" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 6:11 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router will be doing nat also. Certain system do not handle that very > nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly dislike not doing DHCP unless the customer is paying for that > static. > Static IP addressing is a PITA if you have to renumber, obivously > with privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you go > that route to do it at your Head End, not at your edge routers. That > way you can implement one of the common IDS/IPS systems to find > problem customers (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install techs > and CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ --
Re: [WISPA] Private vs Public addresses for end-users
I use PPPoE to hand out public IP addresses for Internet traffic. I then statically assign private IPs for internal management. IPs are basically free. -- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: "Ugo Bellavance" <[EMAIL PROTECTED]> To: Sent: Monday, January 28, 2008 1:01 PM Subject: [WISPA] Private vs Public addresses for end-users > Hi, > > I was wondering what were the considerations of giving out private > addressing to end users. Are public addresses worth the costs? > > The project is to provide internet access to a maximum of 300 clients > in 5 or 6 nearby buildings using SkyPilot equipment. > > Regards, > > UGo > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
On Mon, 28 Jan 2008, D. Ryan Spott wrote: >Don't forget to track who has what dynamic IP address, and when >they had it. While this is a good idea... >You will need this information with the law enforcement agencies >come a knocking for some kiddie porn peddler using your network. This is not true. CALEA does not require you to maintain historical information such as this. If you have it, and it is subpoenaed, you have to provide it, but you are not required to keep it. -- Butch Evans Network Engineering and Security Consulting 573-276-2879 http://www.butchevans.com/ My calendar: http://tinyurl.com/y24ad6 Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant http://www.mikrotik.com/consultants.html WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
If the default for most routers is DHCP, then give it a private block and then D-NAT all port 80 traffic to one of your servers and give them a spash-page that says..."Your router lost its' configuration. Here are instructions of how to reset it." Don't forget, the default for most routers' wireless is wide-open. If you lock them out by default...it is in both of your interests to get it set back up and secure. I'll spend the extra 15-20 minutes to walk them through a configuration so their neighbor has to pay for a connection. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom DeReggi Sent: Monday, January 28, 2008 6:31 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users The biggest cost in using Static IP is after support. Thinks liek Linksys routers are notorious for loosing their configurations. When teh configuration is lost, your on the phone for an hour walking your customer through how to enter the IP back in. MOst commodity routers default to DHCP, so if it loses its config, rebooting will still get it a working IP with out a phone call for reconfiguration. However, we only use Public Static IPs. We typically charge more for our service and justify the higher charge because of added benefits such as Static IP benefits. We are willing to spend the time. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ryan Langseth" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 6:11 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router will be doing nat also. Certain system do not handle that very > nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly dislike not doing DHCP unless the customer is paying for that > static. > Static IP addressing is a PITA if you have to renumber, obivously > with privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you go > that route to do it at your Head End, not at your edge routers. That > way you can implement one of the common IDS/IPS systems to find > problem customers (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install techs > and CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
My thoughts got ahead of my fingers,, it was supposed to say bigger and more profitable. I am looking at it from my standpoint, we have 2000+ customers, 48 POPs and yes, all static IP addresses (a mix of internet routable and rfc1918). We have 2 full time installers and 2-3 CSRs on during business hours. Now, in order to assign an IP address the tech has to call in and get one from the CSRs, that can take awhile especially when we are busy. Assigning and managing IPs is done with a BFS (Big %&#ing Spreadsheet), I am guessing you currently use the same method. Now we could assign the IP address on the work order, but then you have to make sure it gets used, or marked as free if it is a no-go, this is more difficult with more people. Also since we have multiple CSRs we have to have the BFS shared, that causes numerous time delays when saving, making changes and dealing with conflicts. Luckily I hardly ever have to deal with the BFS, or IP assignment. But I do believe it can be better Rather than looking at how well it works now, take a look at how it will work in the future. If you are ok with what you see, continue how you want. I am only expressing my opinion and will not feel bad if you do not agree with it. ;) Ryan On Jan 28, 2008, at 5:16 PM, Jason Hensley wrote: > Not sure where the 10+ minutes per install addition for a static IP > comes > into play. Takes 30 seconds or so to program that in. Yeah, not > quite as > convenient as DHCP, and you run the risk of duplicate IP's if you get > sloppy, but otherwise I see a huge advantage with static. > > Renumbering, like you mentioned, is also MUCH easier if you have > internal > privates. I NAT at the headend - not at each tower / POP. Makes > management > very easy for me. > > For me, static works, dhcp doesn't. Of course, everyone is different. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > Behalf Of Ryan Langseth > Sent: Monday, January 28, 2008 5:12 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying > to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router > will be doing nat also. Certain system do not handle that very nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly > dislike not doing DHCP unless the customer is paying for that static. > Static IP addressing is a PITA if you have to renumber, obivously > with > privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you > go that > route to do it at your Head End, not at your edge routers. That way > you can > implement one of the common IDS/IPS systems to find problem customers > (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install > techs and > CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> -- >> -- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -- >> -- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today!
Re: [WISPA] Private vs Public addresses for end-users
Don't forget to track who has what dynamic IP address, and when they had it. You will need this information with the law enforcement agencies come a knocking for some kiddie porn peddler using your network. ryan On Jan 28, 2008, at 3:16 PM, Jason Hensley wrote: > Not sure where the 10+ minutes per install addition for a static IP > comes > into play. Takes 30 seconds or so to program that in. Yeah, not > quite as > convenient as DHCP, and you run the risk of duplicate IP's if you get > sloppy, but otherwise I see a huge advantage with static. > > Renumbering, like you mentioned, is also MUCH easier if you have > internal > privates. I NAT at the headend - not at each tower / POP. Makes > management > very easy for me. > > For me, static works, dhcp doesn't. Of course, everyone is different. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > Behalf Of Ryan Langseth > Sent: Monday, January 28, 2008 5:12 PM > To: WISPA General List > Subject: Re: [WISPA] Private vs Public addresses for end-users > > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying > to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router > will be doing nat also. Certain system do not handle that very nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly > dislike not doing DHCP unless the customer is paying for that static. > Static IP addressing is a PITA if you have to renumber, obivously > with > privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you > go that > route to do it at your Head End, not at your edge routers. That way > you can > implement one of the common IDS/IPS systems to find problem customers > (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install > techs and > CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> -- >> -- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -- >> -- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
The biggest cost in using Static IP is after support. Thinks liek Linksys routers are notorious for loosing their configurations. When teh configuration is lost, your on the phone for an hour walking your customer through how to enter the IP back in. MOst commodity routers default to DHCP, so if it loses its config, rebooting will still get it a working IP with out a phone call for reconfiguration. However, we only use Public Static IPs. We typically charge more for our service and justify the higher charge because of added benefits such as Static IP benefits. We are willing to spend the time. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ryan Langseth" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Monday, January 28, 2008 6:11 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > There are things like looking at the customer base. > > 1) are they likely to need incoming connections ( This is mainly for > businesses ) > 2) are they likely to get a worm and have it start spamming ( I hate > trying to track down a spammy machine behind NAT ... its not hard just > annoying) > 3) are they going to have problems with double NAT, the customers > router will be doing nat also. Certain system do not handle that very > nicely > > Frankly I hate using Private IPs for customers at all, I also > strongly dislike not doing DHCP unless the customer is paying for that > static. > Static IP addressing is a PITA if you have to renumber, obivously > with privates that problem is largely gone. > > Depending on where you are doing your NAT, I would suggest if you go > that route to do it at your Head End, not at your edge routers. That > way you can implement one of the common IDS/IPS systems to find > problem customers (virus, etc) . > > Not doing DHCP, if you plan on being profitable, imo, is also a major > mistake. You will end up consuming 10+ minutes of your install techs > and CSRs time per install. > > > Ryan > > On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > >> Tom DeReggi wrote: >>> whether to give private or public address has nothing to do with >>> cost. >>> >> >> Oh, what are the thing to consider exactly? >> >> Regards, >> >> Ugo Bellavance >> >> >> >> >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
First one must define public address. Meaning public IPs used belonging to the upstream ISP or the WISP owning their own block of public IPs. Owning your own block, you must ask... Is it worth the technical admin headache to manage them, and is the expertise there to do it. And is the benefit there, if the expertise was. The primary benefit for a small ISP is just to be portable between upstrewam providers, any time you want to be. Usually the answer is its not worth owning your own, unless you have scaled large enough to justify a /19 or higher. However, using an upstream's public IPs, costs nothing in most cases. And they do the painful management of it. Using private IPs, is also making it portable between providers, because its very quick and easy to create a new NAT rule to map the private addresses to any new Upstream's shared public IP. So the real question come up as... Is it a benefit to your subscribers to use public IPs, different than every other subscriber. Some VPN protocols require static IPs. Some corporate firewalling requires static IPs. Some VOIP services require public static IPs. Web servers and Mail servers require static IP. Access the subscriber from a remore PC for remote desoktop requires public static IP. Sharing IPs, will mean that if one customer gets blacklisted for sending SPAM, so will all your other subscribers. It is definately possible to offer services using private IPs to the end users, many residential ISPs have chosen to do so. But doing so, does restrict the services that your subscribers will be able to do. But that may be a benefit. If you are selling $9.99 broadband, you won't want them to ahve the ability to host mail and web servers. IF you are competing against commodity monopolies, you may want the added features to distinguish your self. Step 1 is defining what services that you'd like your subscribers to be able to do. And then you make an IP allocation method that enables that. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ugo Bellavance" <[EMAIL PROTECTED]> To: Sent: Monday, January 28, 2008 4:37 PM Subject: Re: [WISPA] Private vs Public addresses for end-users > Tom DeReggi wrote: >> whether to give private or public address has nothing to do with cost. >> > > Oh, what are the thing to consider exactly? > > Regards, > > Ugo Bellavance > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Not sure where the 10+ minutes per install addition for a static IP comes into play. Takes 30 seconds or so to program that in. Yeah, not quite as convenient as DHCP, and you run the risk of duplicate IP's if you get sloppy, but otherwise I see a huge advantage with static. Renumbering, like you mentioned, is also MUCH easier if you have internal privates. I NAT at the headend - not at each tower / POP. Makes management very easy for me. For me, static works, dhcp doesn't. Of course, everyone is different. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Langseth Sent: Monday, January 28, 2008 5:12 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users There are things like looking at the customer base. 1) are they likely to need incoming connections ( This is mainly for businesses ) 2) are they likely to get a worm and have it start spamming ( I hate trying to track down a spammy machine behind NAT ... its not hard just annoying) 3) are they going to have problems with double NAT, the customers router will be doing nat also. Certain system do not handle that very nicely Frankly I hate using Private IPs for customers at all, I also strongly dislike not doing DHCP unless the customer is paying for that static. Static IP addressing is a PITA if you have to renumber, obivously with privates that problem is largely gone. Depending on where you are doing your NAT, I would suggest if you go that route to do it at your Head End, not at your edge routers. That way you can implement one of the common IDS/IPS systems to find problem customers (virus, etc) . Not doing DHCP, if you plan on being profitable, imo, is also a major mistake. You will end up consuming 10+ minutes of your install techs and CSRs time per install. Ryan On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > Tom DeReggi wrote: >> whether to give private or public address has nothing to do with >> cost. >> > > Oh, what are the thing to consider exactly? > > Regards, > > Ugo Bellavance > > > > -- > -- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -- > -- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
There are things like looking at the customer base. 1) are they likely to need incoming connections ( This is mainly for businesses ) 2) are they likely to get a worm and have it start spamming ( I hate trying to track down a spammy machine behind NAT ... its not hard just annoying) 3) are they going to have problems with double NAT, the customers router will be doing nat also. Certain system do not handle that very nicely Frankly I hate using Private IPs for customers at all, I also strongly dislike not doing DHCP unless the customer is paying for that static. Static IP addressing is a PITA if you have to renumber, obivously with privates that problem is largely gone. Depending on where you are doing your NAT, I would suggest if you go that route to do it at your Head End, not at your edge routers. That way you can implement one of the common IDS/IPS systems to find problem customers (virus, etc) . Not doing DHCP, if you plan on being profitable, imo, is also a major mistake. You will end up consuming 10+ minutes of your install techs and CSRs time per install. Ryan On Jan 28, 2008, at 3:37 PM, Ugo Bellavance wrote: > Tom DeReggi wrote: >> whether to give private or public address has nothing to do with >> cost. >> > > Oh, what are the thing to consider exactly? > > Regards, > > Ugo Bellavance > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Honestly I don't do DHCP at all. Keeps things honest from my perspective and makes it easier to see who's causing issues - at least from my standpoint. Clients primarily need a Public IP for VPNs. A couple of clients run their own mail server and I've got one that runs their own web server, but those are monitored VERY closely! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ugo Bellavance Sent: Monday, January 28, 2008 3:29 PM To: wireless@wispa.org Subject: Re: [WISPA] Private vs Public addresses for end-users Jason Hensley wrote: > Even if you buy your own from ARIN, if you're that big, then the costs > are nothing - I agree. > > I personally do private addressing on all my broadband clients. That > allows me to NAT how I see fit. I someone needs a public IP I do a > static 1-1 NAT for them. So far I've had no issues. Ok, makes sense. In what cases, for example, would they need a public IP and I guess that means that you have to make a reservation in your DHCP? Thanks, Ugo WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Jason Hensley wrote: > Even if you buy your own from ARIN, if you're that big, then the costs are > nothing - I agree. > > I personally do private addressing on all my broadband clients. That allows > me to NAT how I see fit. I someone needs a public IP I do a static 1-1 NAT > for them. So far I've had no issues. Ok, makes sense. In what cases, for example, would they need a public IP and I guess that means that you have to make a reservation in your DHCP? Thanks, Ugo WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Tom DeReggi wrote: > whether to give private or public address has nothing to do with cost. > Oh, what are the thing to consider exactly? Regards, Ugo Bellavance WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
Even if you buy your own from ARIN, if you're that big, then the costs are nothing - I agree. I personally do private addressing on all my broadband clients. That allows me to NAT how I see fit. I someone needs a public IP I do a static 1-1 NAT for them. So far I've had no issues. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom DeReggi Sent: Monday, January 28, 2008 2:47 PM To: WISPA General List Subject: Re: [WISPA] Private vs Public addresses for end-users whether to give private or public address has nothing to do with cost. The cost per IP, is next to nothing, for an upstream with large block.. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ugo Bellavance" <[EMAIL PROTECTED]> To: Sent: Monday, January 28, 2008 2:01 PM Subject: [WISPA] Private vs Public addresses for end-users > Hi, > > I was wondering what were the considerations of giving out private > addressing to end users. Are public addresses worth the costs? > > The project is to provide internet access to a maximum of 300 clients > in 5 or 6 nearby buildings using SkyPilot equipment. > > Regards, > > UGo > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Private vs Public addresses for end-users
whether to give private or public address has nothing to do with cost. The cost per IP, is next to nothing, for an upstream with large block.. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Ugo Bellavance" <[EMAIL PROTECTED]> To: Sent: Monday, January 28, 2008 2:01 PM Subject: [WISPA] Private vs Public addresses for end-users > Hi, > > I was wondering what were the considerations of giving out private > addressing to end users. Are public addresses worth the costs? > > The project is to provide internet access to a maximum of 300 clients > in 5 or 6 nearby buildings using SkyPilot equipment. > > Regards, > > UGo > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Private vs Public addresses for end-users
Hi, I was wondering what were the considerations of giving out private addressing to end users. Are public addresses worth the costs? The project is to provide internet access to a maximum of 300 clients in 5 or 6 nearby buildings using SkyPilot equipment. Regards, UGo WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/