Community discussions

MUM Europe 2020
 
User avatar
bjohns
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

[RFC] Network Build for Student Accommodation Network

Fri Jan 12, 2007 2:47 pm

Hello,

I'm in the process of creating a config (MT RouterOS 2.9.38) for a Hotspot+PPPoE network to suit a 3 campus, 950 Room on-campus student accommodation network. I would like to hear other peoples opinions on what I have so far, to make sure no issues spring up during install and production.

Particulars that I am unsure about is how should I estimate the resource usage of hotspot and pppoe connection? Is there any rule such as xMHz CPU and xMb memory per connection? For example should I be looking at two 1GHz/768Mb servers instead of one?

Reference + Topology

Thanks.
 
User avatar
bjohns
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Sat Jan 13, 2007 3:06 pm

Been testing things and I've come across something odd.

All 6 VLANs are on ether2 (on the test box, single interface). I have these combined into pairs using three bridges.

When I connect straight to ether2 to run some test on a default setup I have on that interface, the router assumes all traffic is on the first VLAN (101) even tho none of it is tagged traffic. ARP shows duplicate entries on ether2 and the bridge interface, DHCP has duplicate leases.

I have all forwarding disabled in the bridge filter.

Should I be blocking non-vlan frames as well?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sat Jan 13, 2007 4:41 pm

So on each of these three bridges (one per campus?) you are bridging together one "VLAN for PPPoE" and one "VLAN for hotspot"? If so, I would recommend against this design because then you'll end up running a PPPoE server and a hotspot on a common interface (the bridge interface), which is something I'd avoid, even with a deny-all bridge filter in place. I would not bridge PPPoE+hotspot together into one bridge but rather leave the VLANs seperated at the MikroTik router and run individual PPPoE servers and individual hotspot servers on each VLAN interface, or alternatively bridge all three PPPoE segments (from the three campus regions) together into one bridge and run one PPPoE service on that bridge (which would then serve the entire unversity) and the three hotspot segments into another bridge and run one hotspot on that bridge. But this would give you two bridges with three VLANs each, and you wrote that you have three bridges with two VLANs each, so I believe your configuration is more like what I described first?

--Tom
 
User avatar
bjohns
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Sun Jan 14, 2007 12:53 pm

I was hoping to run both the PPPoE and Hotspot on the one interface with the appropriate security in place. Pairing up VLANs into bridges would allow me to run three sets of services instead of six, one service type per each location.

What I will do is include a dedicated PPPoE concentrator that will sit beside the current router.

However this doesn't address my issue above :/
 
nhalachev
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Fri May 28, 2004 4:41 pm
Location: Bulgaria

Sun Jan 14, 2007 1:07 pm

bjohns, about your environment..

" * 100Mbit to each room, 1Gbit between campuses
* Each campus has approximately 300 units - a total of 950 units"

950 rooms with one MT ?! And loaded with pppoe, hotspot, firewal and queues etc. ? No go.

I will go with 3 MT systems, each with one vlan per campus. Then run pppoe and hotspot on this shared vlan with shared ip pool.

About the issue - may be untaged frames are going into router via ether2 interface, not via valn subinterfaces ?
 
User avatar
bjohns
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Sun Jan 14, 2007 2:45 pm

I will go with 3 MT systems, each with one vlan per campus. Then run pppoe and hotspot on this shared vlan with shared ip pool.
I was considering something like this. I might actually do so now.
About the issue - may be untaged frames are going into router via ether2 interface, not via valn subinterfaces ?
Yes, I have untagged frames on ether2. I would like to know why they're being picked up on vlan101 - shouldn't the vlan interfaces ignore all untagged?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sun Jan 14, 2007 3:11 pm

Yes, I have untagged frames on ether2. I would like to know why they're being picked up on vlan101 - shouldn't the vlan interfaces ignore all untagged?
Yes, they should not appear on the VLAN interface. Maybe you should have MT support look into this, could be a bug...

--Tom
 
User avatar
bjohns
Member Candidate
Member Candidate
Topic Author
Posts: 272
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Mon Jan 15, 2007 2:40 am

Yes, they should not appear on the VLAN interface. Maybe you should have MT support look into this, could be a bug...

--Tom
Okay, I'll test a bit further (using bridge/no bridge etc) and send off the supout.

Current Topology

Who is online

Users browsing this forum: alber, codesnake and 90 guests