There are some benefits to bridging apposed to routing. So learn when
routing or bridging is best for you.
Generally you do not want to accept OSPF from a client, as it compromises
the integrity of OSPF. (passing bad OSPF data). So routes then get added at
the AP/cell router. The problem with this then is that redundancy and
roaming may no longer be supported by the client CPE. It may then require a
manual routing entry, to allow the CPE to connect from another sector. And
if the routing config is done at the cell site router, roaming between cell
sites may also be a change requiring static reconfiguration. Sure this can
be solved with PPPOE, but there can be other trade off with that. Several
questions arise. How important is mobility and roaming? many nelieve its the
prime asset of a wireless provider, ultimately it the one think that can't
be re-created by a wired network. Should it be left out of the design?
Second is it advantageous to route between sectors of a cell site? I can see
the advantage for high subscriber cell sites, and fixed location clients.
But then again, this makes it harder to preconfigure customer radios, when
the customer sits right between two possible sectors, and static entries are
used. For reducing latency, one of the best things that can be done is to
run an all bridged layer2 Switched network. Its the reason, fiber MAN are
often done that way. Bridging can often add an extreme EASE advantage. For
example, we've taken the road and Routed at EVERY point on our network and
optimized amount of bandwdith that can be pushed across our network by
reducing waste traffic. However, I've seen companies accomplish with 1
technician what it takes us to do with 3 techncians, because we added many
layers of complexity to our network. This should not be taken lightly. I
recommend adding the complexity and routing, as long as you ahve the skill
set and budget to deal with it. Eventually, you'll benefit more beccause you
did it that way. But there are other factors to consider on wether that
advice is good for you. Complexity has a way of replicating time consuming
tasks. For example, a complex network needs better documentation. A complex
network, could be more open to getting broke by a novice techncian
attempting to work on the network. A complex network could mean a small
company executive may need to be held hostage by a high paid engineer in
order to continue maintaining his network. A complex network may require
more training of technicians which not only takes up time of the person
being tought but the person doing the teaching. Details are forgot, so every
complex detail that is added, increases possibilties of errors
exponentially.
What someone needs to do most is focus on building a cost effective network,
that theycan be profitable operating. Once they are profitable, they can get
more complex at that time, and decide to take on the staff.
So my advice is run your business from the financial, business process,
profitabilty point of view, NOT from a technican point of view. Once you are
profitable, you can fix just about any network design problem with smart
technicians. You can't fix a company that ran out of money. A company with a
small growth rate may take years before they require the benefits of routing
their network. You might find that the negatives that come along with
routing and complexity cost you more customers at the end of the day than
haveing a stupid network. One of the mistakes we made is we spent a lot of
time protecting against the things that coupld happen, rather than the
things that did happen. We conserved a heck of a lot of bandwdith, but did
that really help us? We never used more than 10% of our bandwdith to date,
after 4 years. (ps. maybe thats because we did such a good job with routing
:-) .
What I can tell you is that the number one cause that contributed to
dis-satisfaction of our customers, were short duration global outages on our
network. Usually it was because OSPF crashed or did not restart properly,
leaving a large number of custoemrs down. It was more timely to fix, because
a senior engineer was needed to troubleshoot it. So a senior engineer ALWAYs
had to be on the payroll on stand-by. It was rare that these outages ever
lastest more than 10 minutes, but the impact effected EVERY customer on the
network behind that router in most cases. This was not a big problem, and as
a company we have not lost many clients, but it has dampered our ability to
keep the very high end customers that just don't settle for outages no
matter how short they occur. When global outages happen they do the most
damage to your company. The reason is that EVERYONE calls in to support, and
their is not enough time to respond to everyone. As a result it exposes a
weakness that your company is small in staff apposed to the telecom giants
that have call centers large enough to handle the size of the global outage.
I often ask myself, would I be better off had I made my network simple, its
likely we'd still have more of the larger profile customers. The reality is
when a customer's bandwdith starts to be used, they are not smart enough to
understand why it is being used, they just feel the performance. So usually
a slow performing client, turns into a speed upgrade. Once they like you
and have you, they don't think twice to upgrade to faster performance.
I'm not saying is wrong. I plan on keeping a sophisticated routed network.
I'm jsut saying, do it at the right time for you. When you install today,
keep it simple, but buy gear that will allow you to transition to a more
complicated design when you are at the stage to handle it, the stage when
you need it..
PS. Some one said "IP authentication". What's that?
Tom DeReggi
RapidDSL & Wireless, Inc
IntAirNet- Fixed Wireless Broadband
----- Original Message -----
From: "Marlon K. Schafer (509) 982-2181" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Tuesday, December 06, 2005 7:55 PM
Subject: Re: [WISPA] How to
Authenticate/Protect(WasEthernetbasedauthentication)
Yeah, until some lunkhead plugs his dsl router in backward. As they do
all the time around here....
No thanks, no more DHCP troubles for me. Been there done that. Twice.
Never again.
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Lonnie Nunweiler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org>
Sent: Tuesday, December 06, 2005 2:27 PM
Subject: Re: [WISPA] How to Authenticate/Protect
(WasEthernetbasedauthentication)
The same way you do it if you didn't run DHCP. Use PPPoE, HotSpot,
static DHCP based on MAC, ACL for association at the AP, any number of
ways.
DHCP has little to do with authentication, although it can be a part
of the process. What DHCP does is automate the user TCP settings so
that if you renumber your system in order to move to routing it is
painless to assign new numbers. If you have to change DNS servers
then that is also easy. Just change the DHCP config and within an
hour everybody is using the new DNS.
Don't run a network without it. It is priceless.
Lonnie
On 12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote:
Lonnie,
So Lonnie, if I run DHCP, on my customers IP's, how do I authenticate
the users. I'm a real rookie at this.
Ron Wallace
---- Original message ----
>Date: Tue, 6 Dec 2005 11:52:08 -0800
>From: Lonnie Nunweiler <[EMAIL PROTECTED]>
>Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
basedauthentication)
>To: WISPA General List <wireless@wispa.org>
>
>If you take Marlon's advice and do not run DHCP then you get to have
>that personal contact with each and every subscriber if you ever have
>to change network settings. With DHCP running it is real simple and
>quick to edit the DHCP config and wait for the DHCP client renewal .
>
>My advice is completely the opposite. Use DHCP for all of your
>customers. You will be happy you did and will mutter things when you
>encounter someone who is not on DHCP.
>
>The personal contact is nice but what if you have several hundred
>customers? That is just a little too nice for my tastes.
>
>Lonnie
>
>On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]>
wrote:
>> Don't run DHCP! And use mac filtering at the ap's. (I use the
smartbridges
>> ap's. they'll do radius and authenticate wireless subs just like my
dialup
>> ones.)
>>
>> Marlon
>> (509) 982-2181 Equipment sales
>> (408) 907-6910 (Vonage) Consulting services
>> 42846865 (icq) And I run my own
wisp!
>> 64.146.146.12 (net meeting)
>> www.odessaoffice.com/wireless
>> www.odessaoffice.com/marlon/cam
>>
>>
>>
>> ----- Original Message -----
>> From: "Jason" <[EMAIL PROTECTED]>
>> To: "WISPA General List" <wireless@wispa.org>
>> Sent: Monday, December 05, 2005 9:39 PM
>> Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
>> basedauthentication)
>>
>>
>> > Marlon,
>> >
>> > I appreciate the advice. Mostly I am interested in bullet proof
>> > authentication of my clients. Any suggestions?
>> >
>> > Jason
>> >
>> > Marlon K. Schafer (509) 982-2181 wrote:
>> >
>> >> Hiya Jason,
>> >>
>> >> You are mixing your networks.... You won't normally run a
homebrew
>> >> product to provide a top notch service.
>> >>
>> >> If security is of THAT great an importance to you, you should NOT
run
>> >> wifi anything. Put in something much more off the wall. It's a
lot
>> >> harder to snoop if you don't use one of the world's most common
>> >> protocols.
>> >>
>> >> For these business guys I'd run Trango or something like that.
Good
>> >> stuff but not nearly as much of it in use and no free tools on the
>> >> internet for intercepting and cracking the data stream.
>> >>
>> >> What we do is remind our customers that this is the internet.
They are
>> >> hanging out there for thousands upon thousands of people who's
only
>> >> purpose in life is breaking into their machines and seeing what
they can
>> >> learn. If they have data that's that sensitive then they need a
high end
>> >> internal firewall and they need to VPN all internet traffic.
>> >>
>> >> That help?
>> >> Marlon
>> >> (509) 982-2181 Equipment sales
>> >> (408) 907-6910 (Vonage) Consulting services
>> >> 42846865 (icq) And I run my
own wisp!
>> >> 64.146.146.12 (net meeting)
>> >> www.odessaoffice.com/wireless
>> >> www.odessaoffice.com/marlon/cam
>> >>
>> >>
>> >>
>> >> ----- Original Message ----- From: "Jason"
<[EMAIL PROTECTED]>
>> >> To: "WISPA General List" <wireless@wispa.org>
>> >> Sent: Friday, December 02, 2005 3:20 PM
>> >> Subject: [WISPA] How to Authenticate/Protect (Was Ethernet
>> >> basedauthentication)
>> >>
>> >>
>> >>> List,
>> >>>
>> >>> I am on the precipice, ready to take the plunge and become a
WISP
>> >>> (After 1 year of zoning, permits, 16 hr days, etc), but one
thing still
>> >>> bothers me. I haven't decided how to authenticate clients to my
network
>> >>> and REALLY protect their data. The CPE's I will use,
rootenna/Senao2611
>> >>> combos, do only WEP, which only obfuscates data nowadays. MAC
addresses
>> >>> can be cloned. Proxy login via a browser is obnoxious for the
end user.
>> >>> Ditto PPPoE & VPN logins. There is just no elegant, KISS
solution. I
>> >>> was looking at PPPoE or PPTP (poptop/linux) with Radius as my
system,
>> >>> since this would accomplish it, but seems like so much trouble
and
>> >>> overhead. PPTP is not Mac friendly, PPPoE requires clients
(gasp) or a
>> >>> router (gack!) and the PPPoE server shipping with Linux is
meant "for
>> >>> testing purposes only - man". I want an Always On (apparently)
system
>> >>> for my clients that just works.
>> >>>
>> >>> How do you other (small) WISPs do this?
>> >>>
>> >>> Tangent: How do you Senao 2611 users keep Netbios & windows
network
>> >>> neighborhood data off the wireless network. I was told to add a
SOHO
>> >>> router to the mix, but don't want to invest in more equipment to
>> >>> maintain.
>> >>>
>> >>> Jason Wallace
>> >>> --
>> >>> WISPA Wireless List: wireless@wispa.org
>> >>>
>> >>> Subscribe/Unsubscribe:
>> >>> http://lists.wispa.org/mailman/listinfo/wireless
>> >>>
>> >>> Archives: http://lists.wispa.org/pipermail/wireless/
>> >>>
>> >>
>> > --
>> > WISPA Wireless List: wireless@wispa.org
>> >
>> > Subscribe/Unsubscribe:
>> > http://lists.wispa.org/mailman/listinfo/wireless
>> >
>> > Archives: http://lists.wispa.org/pipermail/wireless/
>> >
>>
>> --
>> WISPA Wireless List: wireless@wispa.org
>>
>> Subscribe/Unsubscribe:
>> http://lists.wispa.org/mailman/listinfo/wireless
>>
>> Archives: http://lists.wispa.org/pipermail/wireless/
>>
>
>
>--
>Lonnie Nunweiler
>Valemount Networks Corporation
>http://www.star-os.com/
>--
>WISPA Wireless List: wireless@wispa.org
>
>Subscribe/Unsubscribe:
>http://lists.wispa.org/mailman/listinfo/wireless
>
>Archives: http://lists.wispa.org/pipermail/wireless/
Ron Wallace
Hahnron, Inc.
220 S. Jackson St.
Addison, MI 49220
Phone: (517) 547-8410
Mobile: (517) 605-4542
e-mail: [EMAIL PROTECTED]
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
Lonnie Nunweiler
Valemount Networks Corporation
http://www.star-os.com/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.13.12/192 - Release Date: 12/5/2005
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/