Hi

We normally run hotspot services, but due to the lack of broadband in our local county, we have started rolling out WiFi based access to areas that are not serviced by ADSL. We are using a simple back-haul , and then using a CPE device to connect the end users. User management is still handled by HotSpot service and Radius backend which is not ideal.

I think we need to be more advanced than this though and wondered if anyone could advise on how a backhaul with CPE equipment should be handled. Such things as :

Do we have a central DHCP server, DNS server etc, and assign clients direct from the master DHCP?
How do we authenticate users if we do not use the HotSpot service?

Can anyone recommend any good books on the subject of setting up a routed network?

Many thanks

Ok, reading up on it, it seems I can just run a PPPoE server on the core router and use Mikrotik as the CPE. Now I know where to spend my time on the MikroTik forums.

I'm looking at a question a bit like this but I'm looking at Vlans rather than pppoe as it seems to be the new flavour of the month.

From what I can tell about Linux and vlans I'll end up with a few advantages and a simpler system to manage.

I'm looking at a combination of routers at the edge with wireless and fibre back haul links and also have to think about IPv6 issues because we're not going to have v4 space to play with.

So I'm quite interested to hear your arguments for again against and reasons for your choices and what you're planning on using.

We have stacks of DSL and cable, but it's expensive to use and the telcos are really limited the data that can be pushed over the network so I'm looking at the viability to roll something simpler using MikroTik switches.

It would be very cool to light our suburb up with 1gb network.

VLANs and PPPoE are unrelated. PPPoE allows you to use PPP to establish a virtual link between two network nodes, and to then pass traffic through that tunnel - over Ethernet as opposed to other media. One big point here is that it allows for (some) severity features, and authentication of users.

VLANs are just logically abstract networks that allow you to use the same physical infrastructure for several overlaid logical networks. They are very much not a flavor of the month - they are and have been an absolute staple when segmenting networks into domains.

I'm looking at a question a bit like this but I'm looking at Vlans rather than pppoe as it seems to be the new flavour of the month.

From what I can tell about Linux and vlans I'll end up with a few advantages and a simpler system to manage.

PPPoE offers user authentication and some data privacy (?) via tunneled L2 paths. VLANs (unless done per-user) do not. Per-user VLANs also involve quite a bit more administrative overhead than administrating PPPoE accounts. That said, PPPoE has overhead and additional administrative burdens (provisioning of accounts, end-user configuration) which may not be acceptable in certain broadband deployments. You have the weigh the pros & cons, and choose what's best for your network.

If you wanted to utilize VLANs while still segmenting users at a layer 2 level then you should investigate something like Cisco Private VLANs.

Regarding IPv4 and IPv6, with MikroTik equipment it is current possible to provide IPv4 and IPv6 end-user addresses with minimal or zero configuration (default DHCP / IPv6 SLAAC on end-user workstation). The same cannot be said for PPPoE (v4) as it requires explicit configuration in most OS' and routers before it'll operate. MikroTik can provide IPv4 addresses via PPPoE, but not IPv6. The 'remote-ipv6-prefix' (/ppp secret) or 'Framed-IPv6-Prefix' (RADIUS) attribute in the current 5.0 betas provides the ability to insert a static route for said prefix into the routing table on authentication of a PPPoE user. These addresses must be utilized for hosts behind the unit establishing the PPPoE connection. It does not provide a single unicast v6 address to the connecting device.

We have stacks of DSL and cable, but it's expensive to use and the telcos are really limited the data that can be pushed over the network so I'm looking at the viability to roll something simpler using MikroTik switches.

How so? By utilizing direct ethernet connections to customers in the suburb?

How so? By utilizing direct ethernet connections to customers in the suburb?

Yes. If I can figure out all the bits then that's exactly what I'd like to do.

I'm well aware it sounds like a bonkers idea. But the cost of this MikroTik gear here in .nz suggests to me that it just makes sense.

If I can hook up 500 homes on the end of RB 250G switches back to a set of RB 750G switches then I can concentrate that down to a point where it's viable to buy a dark fibre back to the peering exchange and pick up transit from there.

At present the telco hand over in my area is limiting data to 30gb/m averaged over ISP user base and the max dsl speed is 50mbit for over $75USD/m, in addition to a $30USD PSTN service.

MikroTik was recommended to me, so I've bought one to have a play with but being a web dev, programmer and PABX tech, I realize I'm really a bit out of my depth.

But hell, if you never have a dream, you never have a dream come true - right?

D

Regarding IPv4 and IPv6, with MikroTik equipment it is current possible to provide IPv4 and IPv6 end-user addresses with minimal or zero configuration (default DHCP / IPv6 SLAAC on end-user workstation). The same cannot be said for PPPoE (v4) as it requires explicit configuration in most OS' and routers before it'll operate. MikroTik can provide IPv4 addresses via PPPoE, but not IPv6. The 'remote-ipv6-prefix' (/ppp secret) or 'Framed-IPv6-Prefix' (RADIUS) attribute in the current 5.0 betas provides the ability to insert a static route for said prefix into the routing table on authentication of a PPPoE user. These addresses must be utilized for hosts behind the unit establishing the PPPoE connection. It does not provide a single unicast v6 address to the connecting device.

Yip, I'm aware that v6 and ppp aren't yet playing nice everywhere. I've been following the .nz v6 list and realised that a while back.

I'm in the process of getting our hosting software (DTC) to make some sense of the v6 space.

What I'd like to do is just forget the auth processes and just count traffic on ports on the 250G's, which is why I was thinking about vlan. Vlans will just turn up in linux as an interface which I can grab traffic counts off easy enough. Sure it might not scale very well, but I'm only looking at 500 end points.

Thanks fewi.

I don't want user auth. I want my users to just plug a cheap switch in to the port I give them and be able to send/rec packets.

I'm thinking in terms of like a power meter in your home. Your microwave doesn't auth with the power plug, it just goes.

However as you've seen from my initial posts I'm just focusing on doing some simple stuff with my router till I get my head round how it works.

D

Should I combine the PPPOE and VLANS , keeping all my backhaul devices on one VLAN, and assigning clients direct from a DHCP in the Colo on a separate range? Can the PPPoE client CPE device(mikrotik) ove get a dhcp from the main server some few hops away ?

Any good reference points regarding network design?

Thank you

Any good reference points regarding network design?

Network Concept

Here's my concept. I'm not planing ppp at all because that would require a router at the customer end and I don't get the value in that if I can just do what I want to with vlans.

Personally I've only just got a RB 750G and I'm just learning to use it, so I'm setting it up as a basic SOHO router first just to learn each unit that I need to know about (QoS, VLAN, DHCP, etc) but the picture above shows the dream.

D