what the subject says, we’re looking to set up PPPoE for our users, we currently have a block of public IPs that are in use now. We are transitioning this from an amenity to a paid service for an apartment complex. Currently the network is open to all, I plan to set up a new vlan with the PPPoE and move one building at a time over to the new system. I have several questions that I’m in need of a reasonably quick answer for the property manager and owner.
I know RouterOS can do PPPoE and I’ve read some reports of users getting 1000+ users on a single box, if we expand this system to the other properties then we are looking at maybe 300 users at the most.
-
how hard is it to do per user bandwidth control?
the tentative plan right now is to offer 256k/128k to the users included in their rent and offer paid upgrades of say 1.5mb/256k , 3mb/384k , 6mb/512k , and maybe 10mb/1mb. currently I have the switch ports capped at 1mb/512k, serving 132 units on a 6mb connection and its holding up decently well but rather congested during peak times. we currently have a class c of addresses from the ISP, they manage the router I just get an ethernet interface. then I have a pfsense box running a filtered bridge for the residents access and a nat for some office systems.
-
what type of user manager does RouterOS have built in and how many users can it manage without being a problem?
I currently have no need for any advanced management or billing software as the charge is going to be added to the tenant’s rent which is done in its own system. Management will be handing me a weekly or monthly change list and I will update accounts accordingly, there is no budget for a proper billing and management system at this time.
I know RouterOS can handle the tasks of the pfsense box but at this time I prefer just to leave that box in place as it has been extremely stable, also myself and another tech are quite familiar with the box inside and out. I’m only wanting to do PPPoE and per user bandwidth limiting on the RouterOS box.
I am going to be getting a netequalizer box soon as well as 20mb metro ethernet to the internet.
I suppose the most important thing is getting PPPoE with rate limiting capabilities working while handing public ip addresses to the users.
to be sure all bases are covered, I will attempt to tell the current network layout and how I want to implement the PPPoE.
ISP router → pfsense box, filtered bridge → Allied Telesys Rapier 24i → fiber to apartment buildings → 3x Rapier 24i → users
right now there are 2 VLANs on the network: public access for tenants and a private network for management and surveillance. I want to add another VLAN which has the PPPoE interface on it so I can cut over individual switches or buildings to the new way of doing things to ease the support calls while we move everyone over.
Thanks in advance for any help, I have searched out a few things already but need to get some info in one place where I can present to the manager.
This is a straight forward project. I would not bother with VLAN’s. Use hotspot for guests and PPPoE for other users together. I would use MikroTik to load balance and do per user queue control.
We do these setups all the time.
alright, my questions now:
which hardware should I run this on? I was thinking go ahead and get the rb1000, or is that just overkill for the situation?
also how many users can I reliably manage with the built in user manager?
the reason I mentioned vlans is I want to be able to move a small group of users at a time over to pppoe since I’m going to have to deal with end users equipment doing the connection, its a residential setting with ethernet jacks in the unit, customer provides their own router or in some cases connects their PC directly to the network.
would it be a problem to have a captive portal with configuration information on the same vlan with the pppoe server? that would help out a lot.
Hi,
I would use a PC to run this on. RB1000 is now end of life. A PC will give you cheap disk storage, ram and CPU processing power. You may want to run a DUDE agent to monitor internal hardware in the complex and the storage space would be very handy.
Nothing wrong with the VLAN idea really. It is just that you can operate PPPoE and hotspot DHCP on the same interface and the VLAN’s would make things simpler during migration and support.
I have systems that are running +150 active users on routerboard hardware RB600A and to be honest it struggles at 90% CPU when handling all of these hotspot queues. The RB1000 would beat that hands down. I swapped the RB600A for a fast PC with 2GB of RAM and this handles the load easily with +200 users. I have VLANs too on this config.
How are you connecting to the Internet ? Do you have a single connection or multiple ? Are you load balancing ? What is the capacity of the Link ?
alright, what I’ll probably do is pick up a server class machine and throw a solid state drive in it…
Connection to the internet is a single connection, 6mb currently, 20mb upgrade ordered, could go up to 50 or 100mb in the future if this service grows.
any vlans would be assigned to physical ports on the switches so I would not have to worry with mikrotik tagging packets.
all I’m really wanting mikrotik to do is act as a pppoe concentrator with bandwidth control per connection as well as possibly a captive portal to instruct users what to do if they do not make a pppoe connection.
I have a machine out there I’m currently not using: its a dell poweredge sc1435, 2x dual core amd opteron, forget the model/clock speed, 2GB RAM, 2x 80GB hard drives in RAID1, 2x gigabit nics. I used to have pfsense running on it for a short while until I discovered that freeBSD did not play well with some of the hardware in that machine, never did nail that down it just would not stay running. it runs windows and other flavors of *nix just fine. Just want to make sure there are no known hardware issues.
I think that the server is fine but I have not tested this model myself. I would check the RAID controller on the bench.
These are good products and would be worth checking out.
http://www.irishwireless.eu/shop/item.aspx?itemid=227
or
https://wirelessconnect.eu/store/product/ogma_connect_oc2000u
You could also use the RB1000 and add a large flash ram card to give you the extra storage. BTW you only need this if you wish to run something like Dude on the system (very handy to monitor the switches health etc)
Do I understand you correctly ?
" The switches tag and untag packets on the customers side (VLAN Unaware Devices) and present these untouched to the MikroTik (VLAN Aware Device) so you can then offer various services depending on the VLAN the traffic comes in on. This would mean that that you would have to physicially move customers to the correct VLAN to ensure they get the correct service ? "
Or are you hoping to simply isolate the customers to their own port and the port that has the MikroTik plugged in ? 802.1q or port isolation ?
Anyway, it is perfectly possible to run the PPPoE server and the Hotspot on the same VLAN or on a single physical interface. So when a user connects that get a captive portal which instructs them how to configure their PPPoE settings (via walled garden) You could remove the hotspot login boxes if you wish and just have a simple welcome capture portal with pppoe config info. You could also offer trial access to keep them surfing while they get sorted out for a limited period (built into the hotspot)
I would however keep the ports Vlan seperated to ensure that some use does not simply run another DHCP server on the network and offer their own services 
[Protection against this is pretty good in the Hotspot and MikroTik DHCP server authorative server will help too] Best best though is port isolation if your switches can handle this.
This leaves very little admin work for you as your users can effectively look after themselves and do not need admin staff to do anything when they want to avail of a PPPoE connection other than setup the user account details. This can be done with the Usermanager and there is even a self signup page where the customers can also pay for the service via PayPal for their PPPoE account.
I would assign the port on the core switch that mikrotik is connected to as well as the end user ports, they would be tagged only on the fiber links to the buildings.
All switches are allied telesis rapier 24i they are layer 3 10/100 with 2 fiber interfaces.
Thanks for all the help I will be back closer to time to get this going, I still have to see if management is going to go for it.
No Problem, contact me directly shane at interpoint dot ie if you need any more help.
PPPoE Server and Usermanager can run in the same MK? or I must put in separated PCs? 
There is no problem running pppoe and usermanager packages on the same router.
Can I use, usermanager + radius (mk radius server) + pppoe server, in the same MK box???