Problems on WDS 'mesh' - static vs Dynamic WDS

GWISA · Sat Aug 12, 2006 11:26 am

Hi all,

I've stated my problem here before when I suspected it was RB112's causing it. I have now replaced these with RB532's and the problem persists.

My topology is something like this:

My problem I am experiencing is in a single wlan interface per node 'mesh' configuration (AP & backbone on same interface) is that on some nodes clients cannot reach the main Hotspot authentication router, although they do get served their DHCP IP address (most of the time - not always).

This occurs only when I have Static WDS links defined. If nodes are left as Dynamic WDS, then everything works fine, except that latecy goes through the roof as WDS links connect & disconnect to nodes of marginal signal strength.

Has anybody got any light they can shed on my problem?

I have contacted support in the hope of obtaining some insight.

wildbill442 · Sat Aug 12, 2006 6:51 pm

silly question..

You did add the static WDS interfaces to the bridge right? Although if you didn't you would never get a DHCP lease...

must be a bug? RSTP is still a test package maybe theres some hang ups there?

GWISA · Sat Aug 12, 2006 7:54 pm

you're right.... it is a silly question

In my diagram I do state "Static WDS & mesh Wlan bridged"

yup yup

The RSTP portion works OK - if you ping through the network, you do get the first few packets duplicated (packet gain) but overall it is OK.

I've been fighting with this config for quite a while now, and am ready to ditch it in favour of a split client/backbone type config, or trying Nortel's mesh network products.

Tue Aug 15, 2006 11:06 am

please upgrade your routers to v2.9.28 and set the wds-default-bridge for wireless interface. Then remove the statically added wds bridge ports; and reenable the wireless interface (it will create dynamic wds bridge ports).

GWISA · Tue Aug 15, 2006 11:24 am

Thanks - I have already done that and am going to test the upgrade effects today.

Note that Dynamic WDS does not produce satisfactory performance on WDS-mesh config, and I have re-instated the Static WDS interfaces with the new dynamic brige-ports.

Will give feedback...

GWISA · Tue Aug 15, 2006 6:36 pm

sad news - upgrade did not sort my problem out... I now have great WDS links, but still intermittent acess to the Hotspot router...

Dynamic WDS is the only way to make all routers forward to the Hotspot authentication router, but at a great sacrifice to the mesh quality...

Wed Aug 16, 2006 11:46 am

sad news - upgrade did not sort my problem out... I now have great WDS links, but still intermittent acess to the Hotspot router...

Dynamic WDS is the only way to make all routers forward to the Hotspot authentication router, but at a great sacrifice to the mesh quality...

note, that you can also control the dynamic WDS using connect-list and you will get very close to that if you were using static-wds.
But still I think that there should be a solution for your problem. Please email the support output files from the router which is not passing data to the hotspot server.

GWISA · Wed Aug 16, 2006 12:45 pm

I have already mailed you the supout files, but I will send them again...

If I stick to Dynamic WDS and using connect-list, I already have the WPA2 option in the list (as in the wiki) - would I then put the MAC-addresses of the other routers I want to connect to before or after this rule?

I don't want to use the min-signal setting, as some reflections are close to my wanted signals and I don't want these to connect.

Wed Aug 16, 2006 12:54 pm

I think this is discussed in some other toppic about that connect-list...
What you can do, if you know all the mac address fo your MESH network, then on each router you can configure the connect list to connect only to those MAC address that you want and the last rule should be connect=no
Note, that you should specify for each MAC address entry the security profile.

GWISA · Wed Aug 16, 2006 1:57 pm

aha!

Thanks for that... we did discuss this in another thread, but only the min-signal part of connect list...

I'll try the workaround & give feedback...

GWISA · Wed Sep 27, 2006 1:13 am

A little feedback on the connect-list workaround on dynamic WDS mesh:

Versions prior to 2.9.30 would not work, as the minimum-signal setting for connect-list was -95 prior to that. 2.9.30 fixed this to be -120.

Problem was that the wireless cards were actually more sensitive than the OS, so let signals lower than -95 through the connect-list filter...

I reconfigured the network with unbridged Virtual AP's with unique SSID for each V-AP, and a hidden SSID bridged dynamic WDS backbone mesh on the same interface using connect-list rules.
Enabled PPPoE server on V-AP, with my original Hotspot server node acting as gateway and NAT to main network. Throughput is quite good using bandwidth test and all running B/G-mode - from around 10Mbps + to close nodes and 2-3Mbps to the furthest nodes.

All is fine and running nice and stable now with PPPoE on each node rather than a centralised hotspot on a completely bridged mesh network.

I intend enabling hotspot on each node too, and running User Manager as RADIUS for subscribers and casual Hotspot users...

It's quite a big project, so I'll post feedback if I learn any new tricks along the way...

Thanks for the help!

samsoft08 · Thu Sep 28, 2006 5:09 am

GWISA , I'm thinking of a project as yours , but I have only theoritical information about WDS , and I'm not using MT as a wireless AP couse i have to use 50m RF cable , i'm using a stand alone AP..
well , how can i get more information about WDS ? I have some questions like why do we need to connect (as your diagram ) node6 to node4 ? isn't enough to connect node6 to node1 ? is this to only make roaming ?
and is the mac-list in the wds AP's contains only the other wds ap's we want to connect to ? wht about the users mac addresses , is thier another list for them ? or we wont put thier mac's in any list ( i mean mac filtering ) .. I know this is a WDS-beginner questions but if you can answer them or anybody else it will help me very much .. tahnks..

GWISA · Thu Sep 28, 2006 12:14 pm

Hi samsoft08,

Seeing as I too struggled to get info together on this scenario, I don't mind sharing what I have learned.

Answers to your q's:

like why do we need to connect (as your diagram ) node6 to node4 ? isn't enough to connect node6 to node1 ? is this to only make roaming ?

This is purely for redundancy. It is not a requirement, purely a backup path.

and is the mac-list in the wds AP's contains only the other wds ap's we want to connect to ? wht about the users mac addresses , is thier another list for them ? or we wont put thier mac's in any list ( i mean mac filtering )

Well, as in the wiki example on this site, the authentication methods are used for WDS connections specifically. Anyone else (a client) does not create a WDS connection. The connect-list rules refer to the security profile assigned to that interface, and applicable to WDS only. Also, connect-list refers to AP's that each node will connect to and not what will connect to it. This is controlled with access-rule list and default-authenticate.

In my final configuration, I created Virtual AP's with unique SSID's for the clients to connect, and the backbone controlled by connect-list rules.
Reason for this was although using same SSID's worked (and therefore allowing 'roaming'), CPE devices don't necessarily connect to the new AP with better signal when a different MAC is presented.
So what happened was they would connect to a strong signal, maybe roam and not refresh/repair the network connection, and the CPE would hang on for dear life to the original AP it connected to...
Using unique SSID's stops transparent roaming (only the first pass for eg laptops) and ensures the client always connects to the strongest signal.
Using PPPoE on each node will also stop roaming, as the connection will drop as they move to a new AP, but this is not really an issue for my clients. They hardly ever work on their laptops while walking around!

Hope that helps...

samsoft08 · Thu Sep 28, 2006 12:27 pm

thanks alot it was very helpful ..

only one thing more , is there any master/slave node in the mesh ? i heared that you have to make the first node (which connected to the router by wire) as a master and the other as slaves ..

GWISA · Thu Sep 28, 2006 1:47 pm

Yes - if you construct a mesh with more than one path to the gateway & RSTP enabled, then the router which connects to the 'main' network/Internet needs a lower priority setting on the bridge than the rest.

samsoft08 · Sun Oct 01, 2006 11:44 pm

you all here talking about using MT as the main AP which i cant becouse the distance between the MT and the main antenna is about 50m which i dont believe it will keep the signal strength as it is , or there is somthing i dont know about that , tell me my friend , as you are a WISP is it better to use MT as the main AP ? or using a stand-alone AP instead ? and if we use MT what about the compatiblity with other nodes which wont be MT ?

GWISA · Mon Oct 02, 2006 1:15 am

hmmm... I think I understand what you mean...

Why would 50m be a problem? MT is not an AP, but an OS. Choose your wireless device to suit your needs, as long as it is compatible with the OS. And if you use Routerboards, you can mount the the whole shebang wherever you were going to mount your AP anyway, so there should be no restrictions in your case.

I don't think you can achieve what I did with mixed AP's. The routing and RSTP functionality is essential, but maybe not in your case. It could be applied to AP's connected by LAN, but you'd have no control over the wireless connections. Might be easier to help if you stated your intended onjective clearer...

samsoft08 · Mon Oct 02, 2006 4:10 am

ok my friend , let's say that i installed a compatable wirless card in MT PC , now it will be the main AP right ? ok , what if i want to build WDS ? i dont want to use router boards as nodes , can I put a stand alone AP's as nodes of the WDS mesh ?

GWISA · Mon Oct 02, 2006 11:50 am

You can, but you won't have any control over them at all.

samsoft08 · Mon Oct 02, 2006 8:55 pm

if I use Routerboard as node , does it mean that i have to operate it as a router ? or just an AP ?
well , i dont want more complicated network couse I think it would be harder to manage ..

GWISA · Mon Oct 02, 2006 11:34 pm

I think its a mistake taking a shortcut thinking it will make it easier to manage...

Mikrotik is not difficult to manage, and only needs to be set up correctly, backed up and monitored.

The tools it gives you in return will save a lot of headaches later if you plan to have any real traffic on you network...

but, at the end of the day it is your choice...

samsoft08 · Thu Oct 12, 2006 3:46 am

AGAIN ...GWISA my friend ...
I was trying to get an answer to my last question to you , IF i wil use RB's as nodes should they act as real routers ? i mean Natting for example ? can i put all my users connected to all my nodes on the same IP range 192.168.1.xx ?? without natting them and make different range on the same node ?

GWISA · Thu Oct 12, 2006 9:34 am

yes, you can. MT is infinitely configurable.

hecklertm · Sat Apr 21, 2007 7:53 pm

GWISA - I am trying to implement a 3 AP setup similar to what you were doing above. One router is the main gateway and it needs to run the hotspot service. The other 2 routers need to connect ot each other and the gateway router and all APs need to let wireless users access through the hotspot service. Would you mind posting an example of what commandds your would issue on the three routers for this config? When I try to configure the main gateway/hotspot AP, I initially setup the router to be a normal hotspot AP. Once I add the bridge and put wlan1 in the bridge and set wlan1 to wds-mode=dynamic and wds-default-bridge=bridge1, then users are immediately disconnected and cannot gain access from the AP anymore. I stopped after that, and figured I should ask for advice. Thanks for any help. I have posted the main query in thread 15311.

GWISA · Sat Apr 21, 2007 9:18 pm

I had inconsistent behaviour trying to run a single hotpot server on the bridge, so that's why I changed it to a distributed server setup using RADIUS/User manager authentication. Each node runs its own hotspot/PPPoE server on a virtual AP that is not bridged.

Although, with only a few routers it all seemed ok - so yours might work as you want it to. Remember that clients authenticated on a hotspot server running on a bridged setup will probably be able to network between nodes unless you firewall them...

A couple of tips for your setup:

- Hotspot server should run on the bridge of the main router.
- Only the gateway router should have the masquerade rule enabled
- node routers IP's or MACs should be entered into the 'IP Bindings' list with type set as 'bypassed' otherwise they will be blocked by the hotspot firewall.

If you are still interested in my PPPoE setup, I can post a configuration example here. All nodes are programmed exactly the same except for IP's and connect rules.

hecklertm · Sun Apr 22, 2007 12:57 am

I have gotten it to work with the gateway router "AP1" running hotspot on wds interface and the 2 other routers "AP2" and "AP3" as remote APs using dynamic wds

The wds config is set as follows:

/interface wireless set wlan1 ssid=WIFI frequency=2462 compression=yes band=2.4ghz-b/g mode=ap-bridge country="united states" periodic-calibration=enabled periodic-calibration-interval=720 disabled=no
/interface wireless print
/interface wireless set 0 proprietary-extensions=post-2.9.25
/interface bridge add name=wds1 protocol-mode=rstp disabled=no
/interface bridge port add interface=wlan1 bridge=wds1 disabled=no
/interface wireless print
/interface wireless set 0 wds-default-bridge=wds1
/interface wireless set 0 wds-mode=dynamic

Through my tests (by removing antennas to make the client select one AP over another) I find that you can connect to any AP and get to the hotspot and get out to the Internet as expected. If you connect to the gateway router "AP1", you get the best connection and lowest latency to the Internet. If you connect to one of the other routers "AP2" or "AP3", you get a good connection to the Internet with slightly higher latency (but acceptable). If I force "AP2" or "AP3" to have to talk between one another to get traffic to AP1 (for example, testing as if there is a range problem between "AP3" and "AP1" therefore making "AP2" relay information from "AP3" to "AP1"), when a client connects through AP3, the latency seems very high. Does dynamic wds not work well under these conditions? Do I need to make sure that a remote router is always one hop from the main gateway router and not rely on interim wds hops? If I set static wds between all three routers would that work better?

Any suggestions on making this work cleaner would be greatly appreciated.

GWISA · Sun Apr 22, 2007 1:18 am

I only saw dynamic WDS becoming a problem when there were more than about 6 nodes that could all see each other. With only 3, it should be fine, but static WDS does perform better.

You should not have to be concerned about how many hops to the gateway - there is a problem somewhere if your latency increases notably.

I also ended up using STP with the greater number of nodes... RSTP didn't seem to be stable enough.

hecklertm · Sun Apr 22, 2007 1:36 am

Possibly my method of testing was the latency problem. Placing AP2 close to AP1 and removing AP1's antenna so that AP3 could only see AP2 and would have to rely on AP2 to pass traffic. Maybe the latency was being introduced by AP1 not having an antenna even in short range communication to AP2. The config is very simple. I sure would have been nice is MT would put a "generic" mesh expample in the maunal for first time wds users. I have been using MTOS for almost 2 years, but I did not have several hours to reseach the forums and wiat for answers. The wiki examples are not very descript or helpful in a generic way either... Thanks again for your input.

hecklertm · Mon Apr 23, 2007 4:13 am

GWISA - The install is working rather well now that it is in place at the apartments. Quick question - Do you think I could use a cheaper rb for the other nodes in the mesh? Like an rb133? or even cheaper?

Also why do you think if you have more than 6 nodes, it stops working with the single hotspot? Don't you think those two things should be unrelated? Did MT ever tell you why you were having that problem?

GWISA · Mon Apr 23, 2007 12:32 pm

We've experienced problems on sites that need to service clients using anything less than RB532's, so have adopted a standard on this.

I did have problems in the beginning on this mesh using RB112's, where they would just stop responding for some reason, which I think is probably CPU related. If your client count is low, then *maybe* they'll work, but I wouldn't bank on it. Even with no or very little traffic on the mesh, they would periodically freeze.

As far as MT responding with a possible cause for more nodes causing instability or erratic operation - I never got to the bottom of that one... maybe it's been fixed in v3, as I see they have a 'mesh' mode for the wireless operation now...

WirelessRudy · Tue Apr 24, 2007 11:40 am

Reading this tread with interest, things to learn here. And yes, a basic mesh wireless network setup example would certainly help a lot of readers. As a starter I´m also struggling on how to set up a WDS mesh network with 4 nodes all together. Not running Hotspot thoug, just fixed permanent clients.
I also find the Wiki info a bit slim in iots information to say the least.

GWISA,
You talk about a new wireless ¨mesh¨ mode in the new v3. Where do you find this. I can´t find it?

GWISA · Tue Apr 24, 2007 12:48 pm

GWISA,
You talk about a new wireless ¨mesh¨ mode in the new v3. Where do you find this. I can´t find it?

its in WDS mode - 'dynamic mesh' or 'static mesh'

janisk · Tue Apr 24, 2007 2:54 pm

IMO dynamic must be used only in development stage of mesh, so you can see what towers can see and choose stable connections.

also if topography allows you can always use dynamic, but for more stable mesh static must be preferred choice

edit:

i am open for suggestions

GWISA · Tue Apr 24, 2007 3:05 pm

absolutely - unless a small number of nodes are in the area.

The problem with dynamic is weak signals connecting & disconnecting. As you say, in the development stage, each node should be setup in turn, with dynamic WDS enabled. Once the best paths/strongest signals have been determined, then static WDS must be enabled on those paths, and connect-list rules defined for these links. Always end your connect-list rules with connect=no for all others

hecklertm · Tue Apr 24, 2007 4:08 pm

Why would you care if the dynamic links with other APs are being established or not. Do the routers not assign a higher preference to stronger links? Lot's of link negotiating would cause a little CPU overhead, but not really slow down connections (use a rb532). If you have 2 or more equally strong signals in a dynamic bridge, are you concerned that a form of "route flapping" is occurring with RSTP/STP?

Shouldn't your goal be to build your network with redundancy so that the mesh can self heal?

I am suprised that there is not a link table to assign preferences to wds links that "may" be connecting dynamically so that if they happen to connect the router knows your instructions. Kind if a static and dynamic mode that lets you stop certain troublesome dynamic links from constantly swapping link preference.

GWISA · Tue Apr 24, 2007 7:08 pm

If you have 2 or more equally strong signals in a dynamic bridge, are you concerned that a form of "route flapping" is occurring with RSTP/STP?

When you say "equally strong" do you also mean "equally weak"? A weak signal is a problem - mesh or no mesh, and in a mesh a weak signal on a WDS link causes havoc with STP/RSTP.

Shouldn't your goal be to build your network with redundancy so that the mesh can self heal?

Yes of course - that's why STP/RSTP is employed.

I am suprised that there is not a link table

er...well... that's what the connect-list is for

Static WDS is still required when distant (read: weak signal) nodes can see each other, or at the very least, a connect=no option setting in both nodes' connect list to avoid those nodes connecting dynamically.

Having multiple paths available from a node is exactly what a mesh suggests, and there are many ways to skin a cat... I just found static WDS much easier to manage...

hecklertm · Wed Apr 25, 2007 6:20 am

Static WDS is still required when distant (read: weak signal) nodes can see each other, or at the very least, a connect=no option setting in both nodes' connect list to avoid those nodes connecting dynamically.

Are you saying that if the router is in dynamic wds mode that you could create a connect-list to stop certain nodes from connecting? Either way, could you show me what commands you would issue to create a connect-list to match the following example?

Example: Routers named A B C D.
A has a strong connection to both B and C. A has a fairly weak direct connection to D, but D has strong connecitons to B and C. Therefore, only if B and C were down would you want A and D to directly connect to each other. How would you configure the connect-list in A to stop D from randomly making direct connections until such time B and C could no longer be used as intermediate hops?

If the connect-list can be configured this way, then what I was saying before can be done using connect-lists, but I am not very familiar with connect-list use, and therefore I did not think it could adapt the logic. I would really appreciate if you could show me a config example so I will fully understand the implementation. Maybe I could adopt that approach when I create bigger meshes with some weak links in the future. Thanks.

GWISA · Wed Apr 25, 2007 9:12 am

In your above example, having A & D as available paths in your mesh is a fundamental design flaw. This will not work, unless A & D's WDS connection is 100% stable - or as close as possible without the WDS link frequently disconecting.

If the links are so weak that the WDS keeps connecting & disconnecting, you don't want this link available as a path for your mesh, so you would not consider this.

Taking MY scenarion into account, and assuming A cannot connect reliably to D, then in router A, you would set a connect list rule <routerBMAC> connect=no, and on router B, you would set a connect list rule <routerAMAC> connect=no.

If there is no alternate path for A to D when B & C go down, then aybe you need to re-look at your layout.

If you have no alternative, then maybe you could use a netwatch rule disable the connect-list rules when all links have failed and you HAVE to try and use the bad link.

janisk · Wed Apr 25, 2007 1:55 pm

i would like to add that you will suffer greatly if you will rely on flaky links, as in one moment you will be left only with those flaky link and that will be disastrous to you as a lot of complains will pour in that link is unstable and lots of lost broken downloads etc.

hecklertm · Wed Apr 25, 2007 3:56 pm

Then once again, my point was to discuss why dynamic wds is such a bad idea for permanent links. If the links are strong, then why did you say the dynamic links do not produce satidfactory performance in a post above?

GWISA · Wed Apr 25, 2007 5:06 pm

oh boy - feeling like a hamster on a wheel here...

hecklertm - while I gladly share my knowledge and experiences, i really feel like I'm repeating myself here.

As I keep saying over and over again, dynamic links are fine, as long as the signal is consistently connectable. If you don't believe us, please go ahead and prove us wrong - I always accept better ideas than my own...

/me out

hecklertm · Wed Apr 25, 2007 8:21 pm

Sorry to nag you about it

You and Janisk seem to prefer static, but there seems to be no logical reason if all link signals are strong. Janisk makes it sounds like dynamic is problematic, but there is no sound basis for the opinion that has been demonstrated.

Thanks for the help anyway.

GWISA · Thu Apr 26, 2007 8:43 am

Sorry to nag you about it

You and Janisk seem to prefer static, but there seems to be no logical reason if all link signals are strong. Janisk makes it sounds like dynamic is problematic, but there is no sound basis for the opinion that has been demonstrated.

Thanks for the help anyway.

Although I do accept better ideas, I also like to have the last word...

You are right - no reason not to use dynamic if all links are strong...

janisk · Thu Apr 26, 2007 3:13 pm

Sorry to nag you about it

You and Janisk seem to prefer static, but there seems to be no logical reason if all link signals are strong. Janisk makes it sounds like dynamic is problematic, but there is no sound basis for the opinion that has been demonstrated.

Thanks for the help anyway.

Dynamic is problematic ONLY if there are towers with weak signal, so, there happens a lot of connects and disconnects and link is not reliable.

if you have towers located in a way that all towers to each other then there is no problem using dynamic, but when you add new towers some links might become unstable and that is bad.

so you can choose to do all the work needed while expanding your network or do all that work when you face the problem of unstable links.
and we are suggesting to you to add

rarbolay · Wed Jan 09, 2008 10:17 pm

Understanding static WDS then. you select wds-static mesh and then add the mac address of the desired wds neighbors to the connect list with a yes statement and end the list with a no statement. And this does not affect the clients. Clients can still connect, using a single ssid, to any of the IP, correct?

Gum6y1 · Tue Mar 31, 2009 7:15 am

Sorry to pull up an old thread but this is a very interesting discussion on WDS and mesh networks.

As the last poster said to be broardcasting a single SSID is WDS the only option? And if WDS is deployed is the static mac address system the best solution available with Mikrotik today.

Would love to here some current feedback on ppl's solutions out there.

Thanks

cobaia · Fri Aug 21, 2009 6:44 am

Hi I now that this tread is quite old, but here is a difficult question

It is possible with your scenario use MULTIPLE GATEWAYS??????

thx

cdiggity · Sat Aug 22, 2009 1:25 am

1. As the last poster said to be broardcasting a single SSID is WDS the only option?
2. And if WDS is deployed is the static mac address system the best solution available with Mikrotik today.

1. no. you can use "WDS IGNORE SSID" checkbox for wds modes static and dynamic with no encryption or WEP encryption.
SSID must match for WDS mode dynamic with WPA. WDS mode static with WPA doesn't work well even if SSID matches.

WDS IGNORE SSID does not work with WDS mode static mesh and WDS mode dynamic mesh. SSID must match for these modes. Also WPA works with these modes.

2. If you use WDS you are using it so that both backhaul APs and clients can connect to the same radio. With static WDS modes you willl add a WDS interface and enter the MAC address of the remote AP. With dynamic WDS modes you don't have to, but probably will, enter the MAC address of the remote AP under the connect list as per the beginning of this thread.

edit: Since you are likely going to enter the MAC address of the backhaul APs in your WDS, be aware that if you assign the WDS to a Virtual AP interface the MAC address of that virtual interface is not the same as the MAC address of the card.

It is possible with your scenario use MULTIPLE GATEWAYS??????

no. L3 routing is required.

Problems on WDS 'mesh' - static vs Dynamic WDS

Problems on WDS 'mesh' - static vs Dynamic WDS

Re: Problems on WDS 'mesh' - static vs Dynamic WDS

Re: Problems on WDS 'mesh' - static vs Dynamic WDS

Re: Problems on WDS 'mesh' - static vs Dynamic WDS

Re: Problems on WDS 'mesh' - static vs Dynamic WDS

Who is online