bistelecom
join:2007-03-06
Antlers, OK
edit:
March 6th, @11:37AM
| WISP Authentication - PPPoE Maybe?
Hello all,
I have small WISP operation that is growing quickly. As of right now all of our customers are assigned static private IP addresses and the entire network is bridged. As our network grows I feel this is going to become a nightmare to manage.
I am looking to moving to this model but I would appreciate your input if this is a good plan or if anyone knows anything better/easier.
Plan #1 - Have a PPPoE Server at our NOC along with a RADIUS server. Mostly routed network using EoIP.
Customer Router WaveRider CPE WaveRider CCU (Base) Router A (at tower) Router B (at NOC) PPPoE Router to Internet
Plan #2 - Have a PPPoE Server at each tower site, with RADIUS at our NOC.
Customer Router WaveRider CPE WaveRider CCU (Base) PPPoE Router A (at tower) NOC Router
I'm interested in using a PPPoE Server with a RADIUS server so we can do bandwidth throttling easier and make everything more simple to manage.
Any other ideas will be greatly appreciated!
Thanks!
**Also, after posting I had another concern. How well will VoIP work over PPPoE and how can we implement QoS? We are in the process of becoming a CLEC and I'd like our network to reliably support VoIP when we get CLEC status.** |
|
IntraLink
Premium,MVM
join:2002-08-14
Utah Valley
| Once you encapsulate VoIP in PPPoE then QoS is unavailable to any device in the middle; which is where most of the bottlenecks in bandwidth are.
So you gain something and lose something more important.
VLAN priorities CAN be mapped to Diffserve and related VoIP priorities however. |
|
Inssomniak
join:2005-04-06
Cayuga, ON
| Ive designed my network from the get-go loosely based on your #2 above, VOIP is not a real concern for me. Its BTW only designed, not implemented! So I cant comment on it yet, but I have good feelings about it. Vlans will be in place as well. It will be the network design that I implement when the time comes (and it cant come soon enough!) |
|
harvSki
Premium
join:2004-03-09
Suffolk, UK
| reply to bistelecom
As we built our small WISP we went through bridged, 1 and 2 and have found that that a fully routed network with PPPoE access concentrators at the wiPOP is the best solution.
EoIP can be a complete pain to set up and decreases throughput on the network, if you are going to use RADIUS then you might as well exploit that and have remote (away from your NOC) PPPoE authentication.
hth |
|
ponline
join:2004-03-04
presheva
| I started with fully bridged network and authenticate by mac addresses.
It was such a pain, and the bridged network started to be sluggish when i reached 50 clients.
I decided to implement radius server and pppoe server on the NOC and the same bridged network, that is your #1 option. That was a little but not very significant improvement on my network, when i reached 100 clients it was again real pain.
The best thing is to go routed, pppoe server on every AP and a centralised radius server on NOC (option #2) and that is what i did.
Since then, i never look back, i only add new APs to new location, backhaul them to the NOC,mikrotik is very handy at providing pppoe server. I have now 4x bigger network and never had an issue with network efficency or broadcast problems. |
|
VariableARK
join:2003-03-17
USA | reply to bistelecom
Another option would be to go fully routed and still use radius but instead of using pppoe use dhcp/mac authentication on a per-tower basis. I am still debating which route (pppoe or dhcp) to go. |
|
ponline
join:2004-03-04
presheva
| said by VariableARK  :Another option would be to go fully routed and still use radius but instead of using pppoe use dhcp/mac authentication on a per-tower basis. I am still debating which route (pppoe or dhcp) to go. In this case you have to use some good encryption (WPA2)if you don't want some lammers sniffing and spoofing mac adresses to have free internet. |
|
bistelecom
join:2007-03-06
Antlers, OK
| reply to bistelecom
It isn't extremely easy for someone to grab some free Internet as we are using WaveRider 900MHz equipment (about to move to Motorola Canopy 900MHz)... while it still isn't impossible by any means, at least someone can't go to walmart and buy equipment capable of associating with our network  .
I'm leaning more towards the route of placing PPPoE concentrators at the tower level and having a centrally located RADIUS server.
Does anyone use Mikrotik as a PPPoE Concentrator? I was wondering if I buy one of their router boards about how many sessions it could support. |
|
ponline
join:2004-03-04
presheva
| said by bistelecom :Does anyone use Mikrotik as a PPPoE Concentrator? I was wondering if I buy one of their router boards about how many sessions it could support. Im using mikrotik on every AP, i use WRAP bords and they do just fine with pppoe access concentrator, plust doing AP on one mpci port and backhaul on the other mpci port, routing and some basic firewall rules.
I see 24-45% of cpu load on the peak hours, where the maximum of 30 pppoe session can be active simultaniously, we dont cross the 30 clients asociated to the same AP. |
|
Inssomniak
join:2005-04-06
Cayuga, ON | I went with a SFF PC 667mhz that will run pfSense, I cant comment on microtik I have not used it, and it looks that pfSense will do everything I need and more. |
|
Keithb
join:2003-09-16
El Campo, TX
| reply to ponline
said by ponline :I see 24-45% of cpu load on the peak hours, where the maximum of 30 pppoe session can be active simultaniously, we dont cross the 30 clients asociated to the same AP. So the Mikrotik AP's can only handle 30 simultaneous PPPOE connections? I thought it was 200, I suppose it's licensed for that many?
Or are you referring to 30 clients per AP max in general? Just curious as we run PPPOE bridged through Deliberant AP's down to a Mikrotik router/server as our PPPOE concentrator. We have up to 25 on one AP as our max on an AP.
I would still like to know how many others have put on a single RB532 with SR2 card running PPPOE with 512 and 384 packages? |
|
Inssomniak
join:2005-04-06
Cayuga, ON
| said by Keithb :said by ponline :I see 24-45% of cpu load on the peak hours, where the maximum of 30 pppoe session can be active simultaniously, we dont cross the 30 clients asociated to the same AP. So the Mikrotik AP's can only handle 30 simultaneous PPPOE connections? I thought it was 200, I suppose it's licensed for that many? Or are you referring to 30 clients per AP max in general? Just curious as we run PPPOE bridged through Deliberant AP's down to a Mikrotik router/server as our PPPOE concentrator. We have up to 25 on one AP as our max on an AP. I would still like to know how many others have put on a single RB532 with SR2 card running PPPOE with 512 and 384 packages? I think he is referring to 30 clients per AP, the PPPoE concentrator can handle as much as you have horsepower. The general rule of thumb is, you need 2 mhz of CPU power for each client doing PPPoE, (at least for x86 type architecture) 30 clients = 60mhz needed just for PPPoE, I have no idea how fast a mikrotik board is. |
|
peavys
join:2004-03-15
Manor, TX
| reply to Keithb
How many clients...
Using a Mikrotik and a prism card (802.11b) I have, to my own shock, been able to do 70 clients in a pinch. The bandwidth is stretched thin, but it degrades gracefully. I just do dhcp, no pppoe.
Using Mikrotik and SR2s or emp-8602s (senao) it always falls apart badly in the 10 - 20 client range, and it is not a traffic problem. I did not try it using nstream, as it was an existing tower with non-nstreme capable clients.
If anyone has experience doing >40 clients on mikrotik atheros cards, 802.11g or 11a, I'd love to hear your success story. |
|
ponline
join:2004-03-04
presheva
edit:
March 9th, @06:09AM
| reply to Keithb
Or are you referring to 30 clients per AP max in general?
Yess, i was referring to 30 clients per AP. We don't cross that number of costumers per AP so we can keep the good performance. As far as pppoe is concerned there is software licence limitation on 200 pppoe tunels if you have Level4 licence, i think that is more than a RB or WRAP can handle, but based on the percentage I gave you for 30 clients you can guess how many more clients the WRAP board CPU can handle. (it has 233mhz x86 procesor and 128 ram). |
|
Keithb
join:2003-09-16
El Campo, TX | What do you think the RB532-A can handle then with 200-400mhz processor and 64mb RAM? |
|
Keithb
join:2003-09-16
El Campo, TX
| I built a router/server with a P4 3.0 ghz with 1gb ram. This handles routing, PPPOE, NAT, firewall, etc. We currently have 44 active PPPOE sessions on this server and the total memory is 884.5, and free is 850.3. That's averaging less than 1mb / user including all of the other resources being used. |
|
