Community discussions

MikroTik App
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

The basic network architecture - nat or routing?

Fri Mar 17, 2006 8:05 pm

Hi,

as we are proceeding building our network, some questions are arising, which I don't know simple answer to. I prepared some visual slide for you to help you orientiate in our current situation ....

When we started with internet providing, we started reselling some ADSL connectivity in smaller regions. So because of that historical reason, when we got our very lucrative AP place, we started to interconnect the nodes and because of that we went with natted nodes. But I am not sure it is correct design and have some questions in that regard:

Here's my slide:

http://www.xidys.com/xidysnet-en.jpg

Our nodes are connected to main router on 5GHz. Local natted networks for clients are on 2.4GHz. So - from the main router point-of-view, we can't see the end users, only the nodes.

Can we say, that such design is bad ... or sufficient and used? I am not sure if it would be better to see users directly on main router, would it have any advantage? From the shaping point-of-view, we would shape user on his nearest node, as why to flood radios with unnecessary transfer? Of course that would be possible with routed network too ....

My other questions follow:

1) Is it a good overal network design to build natted instead of routed network?
- what if two clients from two neighbour network would like to communicate? Separate IPs? Tunnels?

2) How can I ping from J/10.0.0.60 to N/10.0.5.2? (We want to use winbox from our PC shop (10.0.0.60 IP)
- need I define a static route? How?
- isn’t there a chance that reply will be lost, as N network contains 10.0.0.x subnetwork too?

3) How to forward (route) Public IP we got from ISP2 to e.g. N/10.0.5.2 network interface?

4) two neighbour interfaces can’t have compatible IPs, right? How to achieve that M network IP would be on 10.0.5.x network too?

OK, I would appreciate getting at least some questions/concerns answered/brainstormed ....

I know that some stuff can be found in docs, I read them, believe me, but if I would understood, I would not loose my time preparing the slide and asking questions :-)

Thanks a lot,
Cheers,
-pekr-
 
airnet
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Thu Feb 09, 2006 12:46 pm

Sun Mar 19, 2006 5:39 am

Basic rule of thumb:

Dont run NAT unless you have to (it WILL bite you in the arse one day) except for at the final CPE / Customer delivery point.

Ideally, get enough public IP's from your upstream providers to cover every simultaneous connected client.

Join ARIN / RIPE / APNIC (circle applicable) and get your own IP blocks EARLIER rather than later.

In your particular scenario I would just make each wireless 'segment' a separate, dumb Layer2 link. Simply route or NAT (if you must because you dont have enough public IP's) at the core and maybe at the CPE if there are multiple users behind the CPE. Your design is over-complicated and will not scale and rapidly lose manageability.
One day you will probably have permanent or semi-permanent wireless clients and your need for PPPoE will become apparent. PPPoE is a layer 2 ethernet protocol and will not talk back to a central A/C over NAT'd or routed links. Hence my suggestion to start out with a Layer2 design.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Sun Mar 19, 2006 12:54 pm

Well, our design looks overcomplicated, but we are here in mountain areas, so we need to do e.g. 2 - 3 hops, to get those areas connected.

One day, we would like to do PPPoE/Hotspot, but I currently don't know, how to overcome nat or routing. In the case of one hop (K, N networks), I could theoretically put our RB interfaces into bridge, but I can't (local AP on 2.4, 5GHz client to central J router).

But mostly I feel that it is because of my lack of knowledge of how to do it another way. And I am not sure I am comfort with each node having public address?

-pekr-
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Sun Mar 19, 2006 1:50 pm

if its a bridge it would not need a public address, routers do.

I'd go with routing, the amount of broadcast traffic you will see on a Layer2 network when you start increasing subscribers will dramatically effect performance. Not to mention the amount of ARP traffic that is generated.

Routing is the best way to go, I'm currently undergoing the task of subnetting my network due to complications stated above with a "flat" layer2 network.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Sun Mar 19, 2006 3:23 pm

Thanks.... I think I will go routing too. So basically - do you use NAT at the end-point nodes (where clients are connected), or you simply route it all (if possible, I don't understand routing properly yet :-), so that all your clients are distinguishable on the main router?

thanks,
Petr

Who is online

Users browsing this forum: aredan, Baidu [Spider], eworm, htdbnbj and 78 guests