Dear Specialists! 
I would like to switch myself to a more professional mode , so I need some help. My global question will be that how can I change/upgrade/modify my network configuration settings in order to be able to serve “unlimited” base stations and users.
My network is begining directly from local exchange centre. All of my P2P and P2MP links are microwave, pc based routers, atheros cards and mt. I manage all of the network with no any dedicated access coming from other ISPs. Fortunately, I don’t have any problem with these micro links.
I use 5 ghz-turbo everywhere, but I have 1 basestation with 2.4-g-turbo. In addition, I use 5 ghz-turbo for P2P and P2MP.
I have some UTP users in block flats, where I use P2P from basestions to the roof, and UTP & PPPoE to the users. I use separate interface for all users with 4 UTPs on 1 PCI card. Does anybody have some idea how can I ignore using routers at users, if they like to use more then 1 PCs? I want to protect my network with all of my best, so DHCP would not be a good solution, because they might use a switch and will be able to use my net for free. Furtehmore, I don’t like to use any other equipment at the users’ flat and also don’t want to store users’ MAC, therefore DHCP by MAC is not good for me.
At the micro users’ home I use PC & mt based routers only and manage all of the routers. Users can’t configure them. These users get DHCP address (192.168.1.0/24), so they don’t use any other router.
I use rate limit at the client side micro card, but don’t use it at base stations, just P2P links.
Base stations and users use private addresses. Bases’ use 192.168.0.0/16, and users’ routers have 10.0.0.0/8 (or pppoe the same…)
I have one /24 public address space. I only make src-NAT in the base station. If a user wants to have a public address then I “send” it with “route”.
I use route only, but not dst-nat.
I do with i-BGP all of my net, but don’t have own AS number. (Is anybody vote to ospf or rip?)
I don’t have problem with configuring the client side routers, because I use copy-paste, and change password and name of the router. It does not take too much time.
My question is that how can I reduce the config time of the bases’? I can copy-paste too, but I must change lots of things. For example, if I take a new base to the net, I need to add a new line to BGP in every old router…
I authenticate the (micro) users with mac in access list and send an ip to client router (managed by me) which is not equal with the users’ pc’s addresses as I mentioned before.
I also use netwatch 05:00 for client → e-mail, and 01:00 for bases → email → sms to me.
I have a backup link based on fiber, but it is not to wide, so our micro is the main link. For backup I create a PPTP tunnel to our border gateway.
Average user’s ping time is around 1-2 ms to my border gatway as I think it is pretty good.
I use input and forward firewall at all of the bases. At input filter, I allow to pass through the regular services (ssh, ping, bgp, etc) and own ip addresses. Packets, port scan, DoS attack and virus settings are from mt demo router default settings. At forward filter, connected user’s address and P2P link’s interface can pass. Packets and virus settings are from demo.mt too.
I mangle the packages sepatately up (=down/4), down, p2p-up (=up), and p2p-down(=down/2), and then use simple queue. It’s 4 lines in queue and same in mangle at every user, but I have seen some newer version of mt where I might do it with 1 line in queue and without mangle. Is that true?
So the main question is that what must I do to increase the quality of the service, and decrease time spending with system config?
network topology:
user’s PCs (192.168.1.0/24 with DHCP or PPPoE) — utp — user’s client micro router (10.0.0.x/30) — micro — (10.0.0.y/30) basestation (192.168.x.x/z) — other basestations
Thanks
gyoztes