My wisp network design is strange?
Posted: Sun Jan 20, 2019 4:31 am
Hello, I'm looking for feedback on my network design because I want it to be as good as I can make it, but think I may be making it strange. I see no other way of achieving what I want, but you may?!
Core mt router -> ptp link -> ptp link -> ptp link -> ptp link -> AP - - - - > subscribers. At each ptp link i'm also chucking up a single AP, because why not.
Core router - One vlan per customer, these vlans all sit on the same eth interface (LAN/trunk), a "customer bridge" has every customer vlan added to it, a /25 public subnet and dhcp server is added to the bridge itself, no addressing is applied to the customer vlans directly.
L2 - all switches between the core router and AP have all vlans added and all ports are trunks.
CPE radio - every CPE radio is in bridge mode and utilises the "data vlan" feature to strip the customer's unique vlan tag then pass the untagged traffic on.
CPE router - customer can plug WAN cable into PC to receive public ip directly, or plug into a CPE router.
The reason I ended up here is because; I want to control bandwidth all in one router. I want to use vlans for isolating customer traffic, keeping it L2. QoS will work as traffic across ptp links is L2. I wanted public IP to sit on customers WAN port so they can port forward etc. I wanted upnp to work for gamers. I didn't want to use PPPoE as that would be too easy, also, I have some Ignitenet radios that failover from 60Ghz to 5.8Ghz and I didn't want PPPoE to break each time it rained.
I have benched this network and it does work as expected, although I have only tried using private addressing. If customers plug their WAN cable into a switch they could get all the subnet's IPs - however, the radio has a function to limit mac addresses on eth port which fixes this problem. I was going to try using "horizon" to isolate customer vlans at core router but they cannot ping anyway it seems - I figured they would not be isolated as they share a subnet, even though they are on different vlans, but my bench test shows they are isolated. Finally, for some reason customer WAN ip cannot ping core router gateway unless I uncheck "broadcast storm" in the bridge port settings per customer vlan .... : / ?
Please pick my design apart and tell how to make it better
Thank you in advance!
Jimmy
Core mt router -> ptp link -> ptp link -> ptp link -> ptp link -> AP - - - - > subscribers. At each ptp link i'm also chucking up a single AP, because why not.
Core router - One vlan per customer, these vlans all sit on the same eth interface (LAN/trunk), a "customer bridge" has every customer vlan added to it, a /25 public subnet and dhcp server is added to the bridge itself, no addressing is applied to the customer vlans directly.
L2 - all switches between the core router and AP have all vlans added and all ports are trunks.
CPE radio - every CPE radio is in bridge mode and utilises the "data vlan" feature to strip the customer's unique vlan tag then pass the untagged traffic on.
CPE router - customer can plug WAN cable into PC to receive public ip directly, or plug into a CPE router.
The reason I ended up here is because; I want to control bandwidth all in one router. I want to use vlans for isolating customer traffic, keeping it L2. QoS will work as traffic across ptp links is L2. I wanted public IP to sit on customers WAN port so they can port forward etc. I wanted upnp to work for gamers. I didn't want to use PPPoE as that would be too easy, also, I have some Ignitenet radios that failover from 60Ghz to 5.8Ghz and I didn't want PPPoE to break each time it rained.
I have benched this network and it does work as expected, although I have only tried using private addressing. If customers plug their WAN cable into a switch they could get all the subnet's IPs - however, the radio has a function to limit mac addresses on eth port which fixes this problem. I was going to try using "horizon" to isolate customer vlans at core router but they cannot ping anyway it seems - I figured they would not be isolated as they share a subnet, even though they are on different vlans, but my bench test shows they are isolated. Finally, for some reason customer WAN ip cannot ping core router gateway unless I uncheck "broadcast storm" in the bridge port settings per customer vlan .... : / ?
Please pick my design apart and tell how to make it better
Thank you in advance!
Jimmy