as we are proceeding building our network, some questions are arising, which I don’t know simple answer to. I prepared some visual slide for you to help you orientiate in our current situation …
When we started with internet providing, we started reselling some ADSL connectivity in smaller regions. So because of that historical reason, when we got our very lucrative AP place, we started to interconnect the nodes and because of that we went with natted nodes. But I am not sure it is correct design and have some questions in that regard:
Our nodes are connected to main router on 5GHz. Local natted networks for clients are on 2.4GHz. So - from the main router point-of-view, we can’t see the end users, only the nodes.
Can we say, that such design is bad … or sufficient and used? I am not sure if it would be better to see users directly on main router, would it have any advantage? From the shaping point-of-view, we would shape user on his nearest node, as why to flood radios with unnecessary transfer? Of course that would be possible with routed network too …
My other questions follow:
Is it a good overal network design to build natted instead of routed network?
what if two clients from two neighbour network would like to communicate? Separate IPs? Tunnels?
How can I ping from J/10.0.0.60 to N/10.0.5.2? (We want to use winbox from our PC shop (10.0.0.60 IP)
need I define a static route? How?
isn’t there a chance that reply will be lost, as N network contains 10.0.0.x subnetwork too?
How to forward (route) Public IP we got from ISP2 to e.g. N/10.0.5.2 network interface?
two neighbour interfaces can’t have compatible IPs, right? How to achieve that M network IP would be on 10.0.5.x network too?
OK, I would appreciate getting at least some questions/concerns answered/brainstormed …
I know that some stuff can be found in docs, I read them, believe me, but if I would understood, I would not loose my time preparing the slide and asking questions
Dont run NAT unless you have to (it WILL bite you in the arse one day) except for at the final CPE / Customer delivery point.
Ideally, get enough public IP’s from your upstream providers to cover every simultaneous connected client.
Join ARIN / RIPE / APNIC (circle applicable) and get your own IP blocks EARLIER rather than later.
In your particular scenario I would just make each wireless ‘segment’ a separate, dumb Layer2 link. Simply route or NAT (if you must because you dont have enough public IP’s) at the core and maybe at the CPE if there are multiple users behind the CPE. Your design is over-complicated and will not scale and rapidly lose manageability.
One day you will probably have permanent or semi-permanent wireless clients and your need for PPPoE will become apparent. PPPoE is a layer 2 ethernet protocol and will not talk back to a central A/C over NAT’d or routed links. Hence my suggestion to start out with a Layer2 design.
Well, our design looks overcomplicated, but we are here in mountain areas, so we need to do e.g. 2 - 3 hops, to get those areas connected.
One day, we would like to do PPPoE/Hotspot, but I currently don’t know, how to overcome nat or routing. In the case of one hop (K, N networks), I could theoretically put our RB interfaces into bridge, but I can’t (local AP on 2.4, 5GHz client to central J router).
But mostly I feel that it is because of my lack of knowledge of how to do it another way. And I am not sure I am comfort with each node having public address?
if its a bridge it would not need a public address, routers do.
I’d go with routing, the amount of broadcast traffic you will see on a Layer2 network when you start increasing subscribers will dramatically effect performance. Not to mention the amount of ARP traffic that is generated.
Routing is the best way to go, I’m currently undergoing the task of subnetting my network due to complications stated above with a “flat” layer2 network.
Thanks… I think I will go routing too. So basically - do you use NAT at the end-point nodes (where clients are connected), or you simply route it all (if possible, I don’t understand routing properly yet , so that all your clients are distinguishable on the main router?
