Community discussions

MUM Europe 2020
 
hytanium
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Thu Jan 18, 2007 9:10 pm

Should I use Bridging or Route / NAT for this set-up

Sun Mar 11, 2007 12:43 am

For all you seasoned vetrans in the Mikrotik world... I have been doing alot of testing over the past 3 months and have decided to move forward with my WISP plans.

I will be backhauling 5.8 from a 240ft tower to my first site. I will be running 3 SR9 Ap's (RB532) with 9db 120deg sectors.

Some of my clients will want Public IP's. I am wondering if I should use WDS/bridge or manually Route/NAT for my entire network? I am planning on Backhauling to multiple sites (6) from the Main tower. From the 6 sites I may create micro Pops (relay) to provide access to tough spots.

I will be using FREE RADIUS and possibly PPPoe for authenication

Words of wisdom are very much appreciated!
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Sun Mar 11, 2007 6:25 pm

I would recommend a routed network to start with from the beginning. I would also recommend staying away from PPPoE and going with VLAN's to seperate out layer 2 traffic. PPPoE will limit your ability to shape traffic in the future.
 
hytanium
Member Candidate
Member Candidate
Topic Author
Posts: 200
Joined: Thu Jan 18, 2007 9:10 pm

Mon Mar 12, 2007 6:12 am

Can you post an example configuration?
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Tue Mar 13, 2007 2:17 am

I'm sorry, but I can't post example configs. What I can do is clarify some things. We bridge our wireless users to our towers though each user is on a seperate VLAN, so our tower router has a slew of VLAN's. IP addresses for customers are originated on the tower router. Tower routers are connected via backhauls and all those connections are routed only (no bridging between towers). This allows us to have redundant backhaul links with auto-failover (OSPF takes care of it) and when we provision a static IP address for a customer, it's automatically distributed by OSPF throughout our network.

Hope that helps.
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Thu Mar 22, 2007 9:09 am

What's the advantage of putting each customer on a separate VLAN?
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Thu Mar 22, 2007 5:50 pm

First, you seperate layer 2 traffic between the customers. They must go through your router to see each other. This avoids a whole host of problems like broadcast storms, two customers seeing internal traffic from each other, etc. Second, you can subnet and assign IP addresses more easily. Whether you are giving out private addresses or public ones, you can assign and reassign each independently. If a group or all your customers are on the same layer 2 network, you will have a hard time changing IP's. You don't want to be calling one customer to have them reconfigure their firewall/router and/or DNS setup just because another customer of yours needs a change. Very poor form. Third, you can more easily keep customer traffic separate from management traffic. Fourth, you can later provide transport services for other ISP's on your wireless network. This is useful for the ISP's who think that renting copper from the phone company is a good deal -- let them rent microwave links from you.

Also let me make clear that when I refer to customers on VLAN's, I'm talking about customer to the closet tower where multiple customers are sharing the same sectors or ring (if the sectors all share the same physical interface). From the tower, our customers are all routed.

Just my two cents here. Search around this forum and others to see who has had to make the switch later or not. Whatever you do, make a consistent design. One of my partners is constantly reminding me to engineer myself out of the system and it's good advice. It helps me resist the temptation to create one-off solutions or configurations which are hard to support later.
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Thu Mar 22, 2007 10:00 pm

One of my partners is constantly reminding me to engineer myself out of the system and it's good advice.
I love to try to make people understand that point. That's excellent advise for everyone!
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Mar 23, 2007 5:15 am

First, you seperate layer 2 traffic between the customers. They must go through your router to see each other. This avoids a whole host of problems like broadcast storms, two customers seeing internal traffic from each other, etc. Second, you can subnet and assign IP addresses more easily. Whether you are giving out private addresses or public ones, you can assign and reassign each independently. If a group or all your customers are on the same layer 2 network, you will have a hard time changing IP's. You don't want to be calling one customer to have them reconfigure their firewall/router and/or DNS setup just because another customer of yours needs a change. Very poor form. Third, you can more easily keep customer traffic separate from management traffic. Fourth, you can later provide transport services for other ISP's on your wireless network. This is useful for the ISP's who think that renting copper from the phone company is a good deal -- let them rent microwave links from you.

Also let me make clear that when I refer to customers on VLAN's, I'm talking about customer to the closet tower where multiple customers are sharing the same sectors or ring (if the sectors all share the same physical interface). From the tower, our customers are all routed.

Just my two cents here. Search around this forum and others to see who has had to make the switch later or not. Whatever you do, make a consistent design. One of my partners is constantly reminding me to engineer myself out of the system and it's good advice. It helps me resist the temptation to create one-off solutions or configurations which are hard to support later.
Thanks. I'm running a lot of Trango and I have SU to SU communication disabled so customer can't talk to each other by default. The only way they can communicat is if I but them on different VLANs so it routed. I guess it depends on the equipment. Most of our customers don't require public IPs so they can all reside in the same subnet without issue. If I need a Pubilc IP, can setup a VLAN for that particular customer. We manage the CPE router so customers don't need to worry about anything.

We are just rolling out some Mikrotik Hotspots so I'm trying to determine the best way to handle these customers. They won't have CPEs but you can disable forwarding between wireless clients so the Hotspot should work similiar to a Trango AP.
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Mar 23, 2007 5:16 am

First, you seperate layer 2 traffic between the customers. They must go through your router to see each other. This avoids a whole host of problems like broadcast storms, two customers seeing internal traffic from each other, etc. Second, you can subnet and assign IP addresses more easily. Whether you are giving out private addresses or public ones, you can assign and reassign each independently. If a group or all your customers are on the same layer 2 network, you will have a hard time changing IP's. You don't want to be calling one customer to have them reconfigure their firewall/router and/or DNS setup just because another customer of yours needs a change. Very poor form. Third, you can more easily keep customer traffic separate from management traffic. Fourth, you can later provide transport services for other ISP's on your wireless network. This is useful for the ISP's who think that renting copper from the phone company is a good deal -- let them rent microwave links from you.

Also let me make clear that when I refer to customers on VLAN's, I'm talking about customer to the closet tower where multiple customers are sharing the same sectors or ring (if the sectors all share the same physical interface). From the tower, our customers are all routed.

Just my two cents here. Search around this forum and others to see who has had to make the switch later or not. Whatever you do, make a consistent design. One of my partners is constantly reminding me to engineer myself out of the system and it's good advice. It helps me resist the temptation to create one-off solutions or configurations which are hard to support later.
Thanks. I'm running a lot of Trango and I have SU to SU communication disabled so customer can't talk to each other by default. The only way they can communicat is if I but them on different VLANs so it routed. I guess it depends on the equipment. Most of our customers don't require public IPs so they can all reside in the same subnet without issue. If I need a Pubilc IP, can setup a VLAN for that particular customer. We manage the CPE router so customers don't need to worry about anything.

We are just rolling out some Mikrotik Hotspots so I'm trying to determine the best way to handle these customers. They won't have CPEs but you can disable forwarding between wireless clients so the Hotspot should work similiar to a Trango AP.
 
firebat
Member
Member
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Fri Mar 23, 2007 5:16 am

double post

Who is online

Users browsing this forum: killersnips, syzarday3, zer0tech and 20 guests