Community discussions

MikroTik App
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

My frustration with WISP

Mon Jul 04, 2022 9:08 am

Hi all, I live in where there's little to no cable internet in my city, therefore majority uses wireless ISPs. I recently change my WISP to a one of the best in my coverage area, and I'm gonna give the name in case they reply in this thread (Extend Broadband) website: https://www.extendbroadband.com/urunler-gamepack.php

I use the gamer pack package because it has P2P connection and guaranteed speed.

My frustration is that, package has a free public static IP (not CGNAT'ted... IP belongs to me) and I ask them to give that IP on my Mikrotik router's WAN interface (not the private DHCP assigned IP) and DMZ it, so there will be no double NAT and I can do my stuff on my end. But they said they don't work in that way and simply enabled uPnP on their Mikrotik antenna/router but it didn't work.

My question is, is there anything you think of legitimate reason behind their act? It should be a simple configuration change on their antenna/router... I'm gonna insist they do it but created this thread to gather information.

Thanks!
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: My frustration with WISP

Mon Jul 04, 2022 10:34 am

package has a free public static IP (not CGNAT'ted... IP belongs to me)
Didn't see that in the packet description. It looks like they use a static IP address but do CGNAT to many customers on that one IP address.
Your outgoing IP address to the internet then will always be the same, but with CGNAT it is not exclusive for you.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 11:01 am

package has a free public static IP (not CGNAT'ted... IP belongs to me)
Didn't see that in the packet description. It looks like they use a static IP address but do CGNAT to many customers on that one IP address.
Your outgoing IP address to the internet then will always be the same, but with CGNAT it is not exclusive for you.
No its included, I verified it on phone plus did a ping test, I can ping it <1ms. My package is a premium one, just under business packages, free static IP is included even in standard packages.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: My frustration with WISP

Mon Jul 04, 2022 11:59 am

did a ping test, I can ping it <1ms
<1ms. Looks like just a local ping. Try "tracert" trace-route.

If you ping from the Internet, what device is responding to the ping ?
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 1:41 pm

did a ping test, I can ping it <1ms
<1ms. Looks like just a local ping. Try "tracert" trace-route.

If you ping from the Internet, what device is responding to the ping ?
Yes its "local" as I stated its assigned in the antenna/router's interface, rather I want it in my router's WAN interface.

I did trace its route but I will do it again and post it here when I get back home from work.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:23 pm

My question is, is there anything you think of legitimate reason behind their act? It should be a simple configuration change on their antenna/router... I'm gonna insist they do it but created this thread to gather information.
As WISP, I can reply to you:
We don't want people to bother us with custom configurations: everything must be configured the same in order to give a homogeneous service
that does not involve remembering that the one has the configuration like this, the one has the configuration like that, and so on.

And then it also depends on the fact that if their "technician" doesn't know how to do it, he doesn't do it...
If they learned by copying-and-pasting youtube to open the WISP, it's obvious...
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:27 pm

Thanks for replying from the WISP point-of-view. So basically they might be incompetent or too lazy to do it? I suspect the latter. Yet, please tell me whether I'm asking too much from them. I mean I just want to use my public IP on my router (for remote conns, open NAT for gaming, hosting small server etc.)... Isn't that a basic need that they should fulfill?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:30 pm

I don't know your WISP, but we EXCLUSIVELY provide NOT shared Public IPs to our customers.
If the user asks what you also asked to put the IP on their router, we let this happen, NO PROBLEM ;) (and why not?)
but we do not provide further assistance on the internal network.
We make sure the radio link goes, but the customer takes care of the rest and can't call for help.
We provide only the right WAN parameters, and the other parameters are customer business...
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:33 pm

That's what I'm looking for... I handle my internal network, I don't ever give anyone access to it.

Thanks for the reply again, I will continue asking them to give me what I want, referring this thread.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:34 pm

Some ports are opened outside exclusivly after written request, for example, but not all: 20,21,22,23,80,443, RDP, PPTP, SQL,
and other that not remember at memory, but nothing that block games, steam, uplay, and all other services... ;)

But is impossible to ask to open standard winbox port, dns, ntp and other that now I not remember, but are all for protecting network.
Is oblvious I mena that ports are closed not on outgoing connection but only from new connection from outside the customer network.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:35 pm

I see... what if they ask for DMZ'ing the public IP?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 3:39 pm

(
And is also impossible use VoIP outside authorized IPs, because the VoIP service have the absolute higher priority, and some P2P try to use 5060 and 5061 ports....
Free of any charge, if some VoIP server is not on whitelist, just call... ;)
)

I think that the right way is not the DMZ, I hate the DMZ.......
Simply use Internal ISP IPs 100.64.0.0/10 to route the Public IP directly to your router...
Is so easy...
if their technician can do it ...
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: My frustration with WISP

Mon Jul 04, 2022 4:34 pm

It could be that not all routers are flexible enough, so delivering single public IP address to them could mean wasting other three (for /30 subnet, which is standard and compatible with everything, but who can afford that nowadays). There are other ways like routing the address to private one (as mentioned by @rextended) or using point to point /32, but if customer has some simple home router, it may not be able to use that. Or there's PPPoE, but it's yet another things that ISP may not want to introduce into their network. So maybe NAT won as one common solution that works for everyone (if they don't really need the address on their router, that's the downside).
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 4:46 pm

It could be that not all routers are flexible enough, so delivering single public IP address to them could mean wasting other three (for /30 subnet, which is standard and compatible with everything, but who can afford that nowadays). There are other ways like routing the address to private one (as mentioned by @rextended) or using point to point /32, but if customer has some simple home router, it may not be able to use that. Or there's PPPoE, but it's yet another things that ISP may not want to introduce into their network. So maybe NAT won as one common solution that works for everyone (if they don't really need the address on their router, that's the downside).
Antenna which they installed is a mikrotik router and I have mikrotik hap AC2. I dont want double nat, I want a single router in the network and thats my router.

edit: I think antenna get its public static IP from PPPoE.. then let me have PPPoE as a client in my router, isnt it that simple?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: My frustration with WISP

Mon Jul 04, 2022 4:56 pm

Just wandered what my ISP is doing.

I don't have a fixed public IP, it changes every 16 hours. Port 443 and 80 is not forwarded incoming (unless specific request and accepting the risk, in writing). They don't allow us to run a public web server.on those ports.

They deliver a solution for multiple client devices, but allow you to set a DMZ Host, and allow to set the LAN subnet range, and allow some extra port forwarding to be set.

So the NAT is always there, but you can set it up so that the outside can reach any internal device.

That one and only internal device is a MT router in my case, handling all LAN devices and opening VPN servers to the outside where needed.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 8:38 pm

http://imageupper.com/s12/1/1/G1656956126138986_1.png
http://imageupper.com/s12/1/1/G1656956126138986_2.png

192.168.5.1 is the MT antenna's network acting like a router. (192.168.1.1 is my router). ping to 9.9.9.9.
and the other picture is pinging my public static IP from outside.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Mon Jul 04, 2022 10:43 pm

Both png:
You don't have permission to access /s12/1/1/G1656956126138986_x.png on this server.
 
millenium7
Long time Member
Long time Member
Posts: 538
Joined: Wed Mar 16, 2016 6:12 am

Re: My frustration with WISP

Tue Jul 05, 2022 4:44 am

Have only skimmed through the thread but i'll try and lay out a simple explanation from an ISP perspective

Firstly it doesn't matter that its a WISP. This is not a reason for you to not have a public IP address, however there's a lot more behind-the-scenes going on that can be a very viable explanation for why they won't give you one. So let me attempt to explain

First and foremost, a WISP has significantly higher cost and network complexity to deliver a service to a customer. Fixed services are relatively simple, they share capacity on a switch or a DSLAM and often they are chassis units with multiple cards with high density. Multiple resellers/ISPs have access to this equipment, but they often don't maintain or configure any of it. From their perspective they simply have a customer connection arrive at the data center via a VLAN/VXLAN/VPLS and they handle it all at a few central locations.
Whereas fixed wireless needs a dish at every single customers location, they need power, pole position and site access to the multi point radio and it can severely limit density. Not to mention its using shared radio waves, there isn't' a dedicated link for every customer. Public IP addresses aren't always cheap, and its yet again another ongoing expense.
However the bigger issue is that all of this equipment needs configuration and is entirely setup and managed by the WISP, for instance there might be failover links that add complexity to the network (since wireless is inherently a service without any guarantees on bandwidth or connection quality). This has a lot more administrative overhead

Depending on how they have configured their network, it may be that routing needs to be setup such as to effectively extend their reach from a data center all the way through a network to eventually get to a tower and at your premises. If this is the case, then all that routing needs to be configured and maintained, and adding a single additional public IP address just for you, means a fair bit more config on their side
It's not so much the initial work involved, but the management and maintenance. The absolute worst thing at scale is when you have individually configured devices that don't conform to any standard and you are constantly doing custom config to make things work
To you it may seem like a switch has been flicked, but on the back end it may be like stringing a cable across the front of an otherwise nice neat equipment rack. This doesn't matter if the situation is a single switch on a desk, you're just going to plug things in. But at scale you may be stringing a thousand cables, and you end up with a complete fkn mess that is a nightmare to troubleshoot, fix or expand

If they say no you can't have a public IP, then too bad you can't. And it's probably for a good reason
You may be asking them to do a hell of a lot more work than you realize, and I don't blame them for just outright refusing if it creates a mess

Doesn't mean its the end of the world. You can either get angry because the ISP won't spend resources on catering to you, and spend lots of time on a forum. Or you can spend a few of your own resources and take matters into your own hands. Set up a VPN connection and policy based routing (if you don't want all traffic always going across the VPN), that way you can have your own public IP address at the VPN's data center, piped directly to your router
Even better, take this is a learning experience and find a server hosting company, something very cheap that lets you deploy your own image. Spin up a MikroTik CHR image, then setup an EoIP tunnel (benefit of this is you will be able to use a full 1500 byte MTU) and again setup your own routing
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: My frustration with WISP

Tue Jul 05, 2022 8:16 am

Set up a VPN connection and policy based routing (if you don't want all traffic always going across the VPN), that way you can have your own public IP address at the VPN's data center, piped directly to your router
OP in his original post expressed frustration over double NAT. I don't know if the frustration is more or less philosophical or he actually encountered any problems because of that (e.g. increased delay as he's into gaming according to the gist of hist post or poorly/wrongly done double NAT). But if it's either the philosophical or added delay problem, then having VPN won't help much (in case of added delay it would probably even get worse). But then, he being customer of WISP, the delay introduced because of wireless hops likely largely exceeds whatever delay caused by a half-decent NAT device. So I don't think the problem is actually a real one.
But then it's not my use case and my opinion on it doesn't count with OP ...
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 8:59 am

Both png:
You don't have permission to access /s12/1/1/G1656956126138986_x.png on this server.
Yesterday it was working.. now it gives error page. Sorry, I will upload on another site today.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 9:07 am

@millenium7: thanks for the reply. I can reason with your points just fine, I will ask them if that's the case for them not doing what I want whether it is impossible for them..

note: btw, it was a double nat issue not public ip, I have one but I'm behind their antenna/router unfortunately.
 
millenium7
Long time Member
Long time Member
Posts: 538
Joined: Wed Mar 16, 2016 6:12 am

Re: My frustration with WISP

Tue Jul 05, 2022 10:07 am

double NAT is not inherently a problem on its own, it depends on the protocols. Vast majority of services these days will handle it, its only when you need a direct connection to someone that it can be a problem (and in some cases VoIP/PBX etc)
If you absolutely must have an open connection, VPN does solve that problem because you will get the public IP address that is assigned to you by the VPN provider (assuming they give you one) and all connection traffic arrives at their DC location and tunnels to your router. For all intents and purposes your actual internet connection is invisible to the traffic. It will not double NAT
The 2 issues with any normal VPN providers
1) Potentially increased latency, however if your ISP's routing is shit it can actually be better in some cases (i.e. they have direct peering with the internet providers that the VPN uses, but terrible transit to other internet providers)
2) MTU size issues. Since you are encapsulating traffic inside a VPN tunnel, the traffic can only fit in smaller than the maximum MTU normally allowed over the internet (1500 bytes). This often doesn't cause an issue, but it can sometimes when companies are trying to detect VPN usage and block you from their services

So your other option is setting up your own VPN link by paying for a hosted server, spinning up MikroTik CHR and using EoIP
Point #1 above is flexible because you can look for hosting providers and ping/traceroute to their main service points to try find one that has a good link with your ISP
Point #2 is entirely mute because EoIP is different. Because it works with ethernet frames instead of IP packets, it can silently fragment and reassemble on the other side. Allowing what is perceived as a full 1500 byte MTU, even though in reality it is fragmented into smaller pieces and transmitted twice. It is completely invisible to all traffic filtering and detection mechanisms. So you run L2TP/PPTP/SSTP/Whatever to establish an initial connection, then run EoIP again inside that tunnel. You're double encapsulating but i've had great success doing this, in general you lose about 15-20% of your bandwidth
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 10:26 am

If you absolutely must have an open connection, VPN does solve that problem because you will get the public IP address that is assigned to you by the VPN provider (assuming they give you one) and all connection traffic arrives at their DC location and tunnels to your router. For all intents and purposes your actual internet connection is invisible to the traffic. It will not double NAT
This is a relatively good alternative but then I have to pay for it (extra), plus as you said it will introduce latency and speed loss maybe. I honestly think removing double NAT on WISP side is less work than this...
 
millenium7
Long time Member
Long time Member
Posts: 538
Joined: Wed Mar 16, 2016 6:12 am

Re: My frustration with WISP

Tue Jul 05, 2022 11:30 am

Yes it will cost you slightly
On the other hand you are asking the ISP to use one of their public IP addresses (which costs money) solely for you, and potentially set up additional routing just for you, for free

And since they've already told you no, now you're complaining here on this public forum
Apples to apples here. At the very least they should be charging you for a public IP address, and it'd be about equiv to a low end server instance anyway

Now the WISP I work with its not a big deal I could just assign you one (would absolutely charge for it though) because of the way i've designed and built the network, but i've seen environments where its just not that simple. Customer routing is done solely via CG-NAT and public IP's are not routed internally
And if its a case of your ISP being a reseller of another WISP's network, they might not want to provide any public IP's at all, or might be forced to purchase a block of them at a time. If you are the only person asking for it, and they get charged $50/month for the block, well ur never getting ur public IP

I understand your frustration, but i'm trying to paint you a realistic picture of both sides. And the reality is you nor I know their network setup, and it may not be anywhere near as simple as you believe
However you do have the ability to do something about it, which is as I posted above
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 1:36 pm

Yes it will cost you slightly
On the other hand you are asking the ISP to use one of their public IP addresses (which costs money) solely for you, and potentially set up additional routing just for you, for free
As I stated above, they give public static IP for free even on their standard packages. Problem is, my public IP is assigned on the router/antennas interface, not on my router. I opened this thread to gather information from other WISP operators to get knowledge on why they are refusing to do it because they didn't tell me why, plus I may get them on this thread later on.

Now I see some obvious points that changing antennas mode to bridge presents other challenges on the back of the network, maybe its not the case for them and even maybe I would pay a small fee to have what I want.. Surely it would be much cheaper than the alternative solution and much healthier too.

Lot of maybes but I will keep this posted.


edit:
And if its a case of your ISP being a reseller of another WISP's network,
I changed my previous WISP due to that :) .. this WISP has its own.. but just my luck.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 2:07 pm

Honestly, that sounds like a lot of bullshit to me.
Luckily, for me, competing WISPs do it that way...
On the other hand, I am not so foolish as to rent public IPs, but I bought them, and they are still left over to me.
For me they are not a cost, but an investment, because the service I can give to customers
in the worst case reaches 50ms towards 1.1.1.1, 60ms towards 8.8.8.8, and usually reaches 23ms, but everytime is less ~10ms.
I am not even going to retort all the points you have exposed, because I am directly an AS, registered on 3 different Italian backbones, with redundant rings,
and I have full control of the internal network, it is very simple, and it takes a moment to assign a Fixed IP to a customer,
without the need for the bullshit that you write to put other cables around, just put the internal IP in the user on user-manager and make a single route in the router...
Easy...
No one single NATted user on all my network!!!... (except, obviously, internal user LAN)
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 6:37 pm

Both png:
You don't have permission to access /s12/1/1/G1656956126138986_x.png on this server.
Image
Image

1) Pinging my public static IP from outside.
2) 192.168.5.1 is the MT antenna's network acting like a router. (192.168.1.1 is my MT router winbox). pinging to 9.9.9.9.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 7:31 pm

(for future do not use external image hosting, you can add attachment to a post)

NAT4EVER?

192.168.1.x -> 192.168.5.x -> 172.16.x.x -> 10.x.x.x -> Public IP

Missing only 100.64.x.x for Poker... all 4 "private" pool addresses...
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 7:57 pm

Missing only 100.64.x.x for Poker... all 4 "private" pool addresses...
:) lol I'm aware of that. so does this configuration look hopeless in your point of view? I mean antenna has the public IP, what would my tracert look like if they put in the bridge mode? will I see the public IP's gateway or would it require network change on their end?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Tue Jul 05, 2022 8:32 pm

I can not be sure, but is like your WISP already have NATted traffic for itself...
But is hard to understand why your wisp use two different internal network, for internal network....
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Wed Jul 06, 2022 4:44 pm

Still looking for workarounds to eliminate the "double NAT"... I will ask a silly question, based on below example picture.
image.png
Consider this the CPE. Does "NAT" there means src-nat masquerading?
If I request them to disable it, it will break my connection to internet right?
Is there any other possible way in there to keep connection and disable NAT?

Because I somewhat confused about this, reading those 2 links:

1) https://mum.mikrotik.com/presentations/ ... leeman.pdf Page: 51
2) https://community.ui.com/questions/Feat ... 747c000711 Some user is requesting for disabling NAT option to eliminate double NAT.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Wed Jul 06, 2022 7:04 pm

I do not know that window... if is coming from quickset, they can damage the config at the poit you must reset the configuration,
because is more easy to find what is damaged...

You can not remove double NATting simply removing a checkbox, more config is required on (W)ISP side...
 
mada3k
Long time Member
Long time Member
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: My frustration with WISP

Fri Jul 08, 2022 1:05 pm

You already seems to be behind three layers of NAT, so getting a public IP adress on your own equipment looks very unlikley.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: My frustration with WISP

Fri Jul 08, 2022 1:43 pm

1) https://mum.mikrotik.com/presentations/ ... leeman.pdf Page: 51
2) https://community.ui.com/questions/Feat ... 747c000711 Some user is requesting for disabling NAT option to eliminate double NAT.
First link is about use case where ISP delivers internet via PPPoE ... and PPPoE can be terminated either on CPE or customer's own router. This works because PPPoE is entirely different protocol (a point-to-point tunnel) and IP address, associated with local tunnel endpoint can move according to tunnel termination point. So when CPE is configured as bridge, it mostly means that CPE itself doesn'tt start PPPoE session/tunnel, instead simply passes PPPoE packets between its WAN interface and its LAN interface. According to your vague description this case doesn't seem to apply to your setup. And, if you're concerned about latencies, PPPoE adds some latency just the same as any other tunneling would do (IPsec, Wireguard, ...).

The second link is (in theory) usable in your case as it seems that your WISP uses all-IP network. However, if you disable NAT on your router, WISP will have to configure routing for IP address space of your LAN all the way between your CPE and their NAT router. Additional potential problem is if your LAN address space overlaps with another subnet address space (either of another customer like you or even WISP's own subnet) which makes it impossible for routing to decide which LAN should be target of packet with dst-adddress set to one of "problematic" addresses.
My impression is that the user asking for ability to disable NAT has also the upstream NAT device under his control (as well as the routing between), so disabling NAT in this case is a very feasible option indeed.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Fri Jul 08, 2022 8:58 pm

1) https://mum.mikrotik.com/presentations/ ... leeman.pdf Page: 51
2) https://community.ui.com/questions/Feat ... 747c000711 Some user is requesting for disabling NAT option to eliminate double NAT.
First link is about use case where ISP delivers internet via PPPoE ... and PPPoE can be terminated either on CPE or customer's own router. This works because PPPoE is entirely different protocol (a point-to-point tunnel) and IP address, associated with local tunnel endpoint can move according to tunnel termination point. So when CPE is configured as bridge, it mostly means that CPE itself doesn'tt start PPPoE session/tunnel, instead simply passes PPPoE packets between its WAN interface and its LAN interface. According to your vague description this case doesn't seem to apply to your setup. And, if you're concerned about latencies, PPPoE adds some latency just the same as any other tunneling would do (IPsec, Wireguard, ...).

The second link is (in theory) usable in your case as it seems that your WISP uses all-IP network. However, if you disable NAT on your router, WISP will have to configure routing for IP address space of your LAN all the way between your CPE and their NAT router. Additional potential problem is if your LAN address space overlaps with another subnet address space (either of another customer like you or even WISP's own subnet) which makes it impossible for routing to decide which LAN should be target of packet with dst-adddress set to one of "problematic" addresses.
My impression is that the user asking for ability to disable NAT has also the upstream NAT device under his control (as well as the routing between), so disabling NAT in this case is a very feasible option indeed.
I understood the second approach. But in the first approach, can't I handle the PPPoE with my mikrotik router if they put CPE in bridge mode? Why doesn't it apply to my case?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: My frustration with WISP

Fri Jul 08, 2022 10:52 pm

Sorry,
but for each case, a "little" effort from (W)ISP is required.... :(
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: My frustration with WISP

Fri Jul 08, 2022 11:26 pm

I understood the second approach. But in the first approach, can't I handle the PPPoE with my mikrotik router if they put CPE in bridge mode? Why doesn't it apply to my case?
Perhaps I missed it, but I don't recall you mentioning PPPoE as being part of your internet access setup? Quite a few (W)ISPs run their networks without using PPPoE so the recipe is far from being universal.
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Wed Jul 13, 2022 9:04 am

Well I can close this discussion. By the information I gathered, this can only be done on the "business packages" where you pay more and have symmetrical speeds. Apart from that, since I have a premium package, I'm happy with my connection as it is point-to-point; has stable latency and speed.

Thanks for all the answers.

note: for PPPoE, I just speculated that they use it, they never told me though.

edit: still whether they can pass me the public IP from CPE w/ or w/o PPPoE is up to debate and they dont give me further info about their config. Thats why I said I speculated... most likely now they dont want to mess with their config because a normal customer wanted so. but for "business" customers, things change.

edit2: I checked a few WISPs tracert (friends and my previous WISP included), they all seem to have same kind of structure; few internal private network IPs appear in trace route.
 
millenium7
Long time Member
Long time Member
Posts: 538
Joined: Wed Mar 16, 2016 6:12 am

Re: My frustration with WISP

Wed Jul 13, 2022 1:45 pm

Seeing multiple private IP's means nothing whatsoever, it does not imply there's multiple layers of NAT going on
If customers do a traceroute in our network they too will see multiple private IP's, yet the ones that have been assigned a public will not have any NAT occuring except what is set on their router to share to their private network(s)

But forgetting the technical aspect for a moment, it seems you are completely missing the larger point here. You're ignoring the fact that their network is almost certainly privately built from the ground up, it's not public/subsidized/shared infrastructure. They can run it how they want and as someone who has been on both sides of the fence, I completely agree with them. They are not entitled to give you anything or change the way they build and manage the network. Especially given that you've already said they can do it (business package), but you don't want to pay a thing for it
You have the option to do this yourself (I posted how further up) but you also don't even want to go down that track

Now I don't know your situation nor theirs, but i'm guessing you aren't slinging $500/month their way to be able to start demanding they rejig their config just for you. There's a lot more going on behind the scenes than you may realize, so just accept they have a certain setup and thats that. If you need something above and beyond that, pay for it, or take matters into your own hands as you have the potential to do so
I may seem like i'm being harsh or even a bit of a prick in your eyes. I quite frankly don't care because i've been on both sides of the fence and feel i'm qualified enough to weigh in to this situation. I'm trying to paint a more neutral reality from both sides of the fence. A big reality is that your WISP - which is almost certainly a private company - has gone out of their way to build that network. You could go and switch providers, or you may find there is no other provider that can give you the same level of speed and service. And therein lies your answer
It's costly in many ways to plan out, gain site access with appropriate agreements/contracts and build that infrastructure to provide you that service. which is why you have to go with a WISP in the first place. If networks were cheap, easy and maintenance free then you'd have fiber at your and every other premises around you and a load of different ISP's to choose from
The reality is a private enterprise has gone out and built that infrastructure because every other company has failed to do so. As such you are in no position to demand anything from them other than voting with your wallet. They will in turn reciprocate, but if it ends up being so costly in time or resources to them, then they wouldn't be there in the first place and would just shut up shop, presumably leaving you with ADSL2

As someone involved in the WISP space (and someone who does actually do a hell of a lot above and beyond whats written on paper), I know that if I were to cater my network config around every customer individually and do it for peanuts, i'd have such a monumental mess on my hands to maintain that i'd never be able to grow the network out and give far better services than were available otherwise. That doesn't help anybody
To those who can make it viable, i'm more than happy to work with them. We've had customers pay $30,000+ to provide private 1:1 contention ratio's and all the bells and whistles. I'm not devoting the same level of service to a $39/month residential service
 
User avatar
Xtreme512
Member Candidate
Member Candidate
Topic Author
Posts: 119
Joined: Sun Jun 08, 2014 2:43 pm
Location: Nicosia, CY
Contact:

Re: My frustration with WISP

Wed Jul 13, 2022 2:50 pm

Seeing multiple private IP's means nothing whatsoever, it does not imply there's multiple layers of NAT going on
Hey, I'm aware of that, didn't want to imply anything there but just stating that my current WISP *at least* uses very few routes than others, that's all.

I see the situation in your point of view, you are right in all aspects and keeping 1:1 contention ratio is very good customer satisfaction and company mission. Sadly, in here WISPs don't care about that and on top of that they overload stations with crooked setups etc. That's also why we (gamers, students, or somebody who wants a stable connection) have to buy premium package.

I'm very limited regarding WISPs here. This was the best option for me. ADSL2 doesn't work well either, we have VDSL but not every street is deployed with fiber line (my luck). I used ADSL years ago and ADSL/VDSL gives public IP to you via PPPoE whether dynamic or static IP.

Now regarding getting public IP to me, I don't run any business to purchase the so called business package... Though, they can't even sell me that package *legally* in the first place as I cannot state any business credentials on my behalf, plus it is very pricey for a normal customer (1 month price there equals almost 1 year in standard package). So basically they are limiting people who wants public IP on their end. But yes as you said, I have to accept the situation for now.

Who is online

Users browsing this forum: No registered users and 29 guests