aip09
join:2012-01-13
Richland, MO | reply to aip09
Re: New Wireless ISP? ok sounds good. So how would I hook all this together? AP, Router, Server? Would everythng hook to the router? or configure differently? |
|
| reply to TomS_
I'm with TomS. We are all pppoe shop with the CPE doing the pppoe session. It's worked wonderfully. If there are disconnects there is always an underlying link problem. For biz customers we still do pppoe with an RFC1918 IP but will route a public /30 to them thru the CPE so they have a static IP to their router.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
| reply to aip09
said by aip09:ok sounds good. So how would I hook all this together? AP, Router, Server? Would everythng hook to the router? or configure differently?
I didn't read the whole thread but a simple crash course in IP networking will help wonders
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca |
|
aip09
join:2012-01-13
Richland, MO | I understand ip routing. Just not sure if I need anything more than what I listed. If you use just the router is traffice going to the server then out to the internet back through the router? Looking for proper placement. |
|
| reply to aip09
Alright here is what you need to do what are you plans for your back bone like cable connection? dsl connection? fiber connection? from a other wisp connection? after you tell us that we can help you little bit better. |
|
aip09
join:2012-01-13
Richland, MO | reply to aip09
It will be DSL. |
|
| reply to aip09
How many dsl connections? or whats your plans with ur packages? |
|
jcremin
join:2009-12-22
Siren, WI
kudos:2 | reply to aip09
said by aip09:If you use just the router is traffic going to the server then out to the internet back through the router? Looking for proper placement. I still think you are over-complicating it. Let me walk you through, step by step, the setup from end user to internet on my network.
But first, let's make sure that you understand when I use the term "server" I am simply referring to a piece of software responding to incoming requests, not necessarily an actual computer.
Let's start at the customer's house. The customer has a computer or wireless router, whatever they choose to use. They plug that device into the ethernet cable that goes to an outdoor antenna (CPE), usually mounted on the roof of their house. The CPE acts like a router. The Wireless side is the "WAN" and the ethernet side is the "LAN" and has an IP address of 192.168.100.1. It acts like a DHCP server, handing out 192.168.100.xxx addresses to whatever they choose to plug into it.
The Wireless (WAN) side connects to an access point (AP) on a tower to create the "physical" link to my network. At this point, the wireless side still hasn't been assigned any sort of IP address. That's where PPPoE comes in (you could also use DHCP or statically assigned addresses as this point, but neither offer the flexibility of PPPoE). The CPE is configured to initiate a PPPoE session using a username and password I have assigned to the customer. It sends a PPPoE authentication request, and my PPPoE "server" responds, either finishing the creation of a PPPoE tunnel and assigning an IP address, or by denying the request. If the tunnel is assigned an IP address, the customer now has an IP route through my network (but I'll get into that in a bit more detail later on).
So now we should get into how the request actually gets to the PPPoE server. The AP on the tower that the CPE connects to has to be able to get to the internet somehow. For me, I have about a dozen towers on a bridged network where the whole tower network and all of the devices have addresses that are part of the same IP range. You can think of a bridged network as simply a bunch of switches in a really big building, except in this case, we replace some of the wires with wireless links, and many of the switches are many miles apart from each other. Some people run a "routed" network and swear it is the only right way, but that's an entirely different debate and adds a bit of complexity to what I'm trying to describe.
Anyway, the APs on the tower are all plugged into a switch at the bottom of the tower. There is then another wire plugged into the switch that goes to the "backhaul" radio, which is typically a 5ghz wireless link to the upstream tower. This contineus from tower to tower until it gets to the "main" tower. At the base of the main tower, all of the AP's and backhaul links are plugged into another switch. That switch also pluggs into a router, in my case a Mikrotik RB450G. The switch which feeds my whole network plugs into port 1 on the 450G. Ports 2 and 3 go to two separate feeds from my ISP, and the routerboard routes the traffic from my network through the approprate port (one is just a backup in case the primary goes offline).
Back to the PPPoE request from the CPE. As I previously mentioned, the 450G can also act as a PPPoE server. The PPPoE server needs a list of usernames, passwords, and other variables such as the speed of the account and what IP address the customer should be assigned. In Mikrotik, you have 2 options, add customers right to the built-in list of users, or use a radius serer. A radius server is simply another piece of sotware that is basically a database of usernames, passwords, and the other info about the account. You can point the Mikrotik router to an external raius server, but Mikrotik routers also have an option peice of software that can be enabled which is called "User Manager" also known as Userman. Userman is simply a radius server.
So the 450G receives the PPPoE authentication request from the CPE, looks up the username and password in Userman, and if they exist, it uses the rest of the information in their Userman profile to finish setting up the PPPoE tunnel. It creates a queue with the appropriate upload and download speed so the customer can only get the bandwidth they are paying for, and it either assigns their tunnel a static IP (if I have spefied one) or assigns them a random IP address out of a pool of addresses you create as part of the configuration.
The IP address can be either a public IP address, which is reachable from the rest of the internet, or a private IP behind a NAT. I assign all of my customers private IP addresses out of the random pool unless they actually need a public. One more thing to note, the IP address is technically assigned to the "tunnel" not any actual interface. So the wireless interface on the CPE technically doesn't have any IP address assigned directly to it. Because all of the trafic flows through this virtual tunnel, the clients CPE thinks that the next hop is the actual PPPoE server, and is unaware of any of the other networking equipment between the CPE and the 450G.
One last thing I want to mention (because I'm getting tired of typing) is that one thing I had to do on my network was reduce the MTU slightly to prevent issues reaching some web sites. This is done on the CPE simply by specifing a manual value, rather than the default MTU of 1500. The default PPPoE MTU is typically 1492, but I still had some issues with certain sites, so I have found that just specifing 1400 on my network has worked well.
I hope that helps you grasp how my network is seutp. Obviously if you have thousands of customers, you will need a more powerful router, possibly multiple PPPoE servers, and may choose to run a dedicated external radus server, but starting out, it is best to keep things as simple as possible. The more unnecessary complexity you add, the more chances you will have for downtime, and customers aren't too happy when their internet goes down.
Joe |
|
aip09
join:2012-01-13
Richland, MO | reply to aip09
Jcremin,
Thanks for the info. That is a big help to me. It has been ten years since I have messed with this stuff. But I do appreciate the patients as I'm starting to get this all pulled back forward from the memory banks.LOL sounds like a a well put together system. Are your switches managed? |
|
jcremin
join:2009-12-22
Siren, WI
kudos:2 | said by aip09:Are your switches managed? The "switch" I have at my main tower is Mikrotik RB493 (9 ethernet ports). So yes, that one is managed.
The rest of them, no. Just cheap 5 to 8 port switches. I plan on replacing them over the next year or two with something managed. Either a Mikrotik or UBNT POE switch so I can clean up the boxes at the bottom of the tower. The POE's can take up a lot of space. The cheap $20 switches have worked well so far, though, so I'm going to give MT and UBNT some time to make sure their products are solid before jumping in with them. |
|
|
|
