Wireless Infrastructure - MUM - MikroTik

blueberrystoreSecurity

Dec 9, 2013 (3 years and 8 months ago)

153 views

Large
-
Scale Multi
-
purpose
wireless networks

MUM Poland 2008

Stefano Zanoli

Agenda


Company presentation


Wireless Networks: vision and mission


Wireless Networks: architecture


Who we are


Small and dynamic company


Software Development


System Integration


WISP

Where we are

Borgosesia


Valsesia

Wireless networks: our vision

IEEE 802.11

Hotspots

Environment
Monitoring

VHF

Security

COAX / Fiber



€€

€€€

Wireless Infrastructure

Hotspots

Environment
Monitoring

Security

Hotspots


Unique wireless infrastructure supporting
multiple services and applications

Wireless networks: our vision


Like a motorway…..




Pervasive IP
infrastructure supporting
multiple services and
applications






T
E
L
E
M
O
N
I
T
O
I
R
N
G

Wireless networks: our vision


Wireless

Net

Intranet

Document sharing

Application sharing

Broadband
Internet Access

Services for tourists

Hotspot, e
-
guide

Environemt

Mnitoring

Civil protection

Telemedicine

E
-
health



Wireless network: our mission


Building robust and affordable wireless
infrastructures


Providing Internet and Value Added Services
to citizens and public administration

HOW ?

Economic issues

Organizational issues

Technical issues

Architecture

Clients

Client Devices

Client device

Service

PDA, Laptop

Hotspot

CPE

FBWA

Camera + CPE

Video Surveillance

Sensor + CPE

Environment Monitoring

Client Devices
-

CPEs


Routerboard 133, 133c


New Routerboard 411


RouterOS level 3 is enough


Wireless interface as STATION

Access Network

Access Network
-

Intro


Infrastructure wireless access network


Short point
-
to
-
point or point
-
to
-
multipoint links


Redundant links (mesh)


Wireless cells for client connections

Access Network
-

Requirements


How to deal with multiple
services?


Every service must have its own
“lane”


Traffic of different services must be
kept separated


Every service requires a different
QoS


Guaranteed throughput


Latency and jitter

Access Network
-

Architecture


VLANs, WDS, VAP and
BRIDGES


Define one VLAN for each service


Use WDS to propagate VLANS on
the access network


Use VAP with multiple SSID to
provide access to different client
devices


Use BRIDGE to join VAP with
respective VLAN


Access network
-

Example

Access Network
-

Equipment


Routerboard 532, 333 or 600


Daughterboard 502 or 604


RouterOS level 4 for APs


RouterOS level 4 or greater for NAS


Wireless interfaces as AP BRIDGE

Wireless Backbone

Wireless Backbone


Must provide performing connection
between access networks and Internet or
server farm


Long distances and high throughput


NStreme2 with high directional antennas dual
-
polarity antennas


Channel Bonding


Use 5 GHz band


Optimize your RB resources


(E.g. disable CONNTRACK)

Wireless Backbone


It’s the core of your infrastructure, consider
redundancy!


Redundant links (mesh) with dynamic routing
protocol (E.g. OSPF)


Redundant devices with VRRP


Battery backup

Internet Access

Internet Access


If you have your own AS number and
public subnet


Subscribe peering agreements


Configure your BGP router(s)


If you a carrier/ISP provides you Internet
connection


Simply connect you gateway to your provider
equipment


Configure NAT / MASQUERADE


Internet Access


In both cases you need to keep control on
traffic flows to/from Internet


Usually the bottleneck is here!


TRAFFIC SHAPING


Keep P2P traffic under control


Prioritizing interactive traffic (E.g. VoIP)


Differentiating Download and Upload

Internet Access


Traffic classification


Firewall mangle rules: mark connections and
mark packet

Internet Access


Queue Tree (HTB)

Interne Access
-

Equipment


Firewall mangle, NAT and Queues are
CPU
-
intensive task. Monitor your CPU!


Routerboard 1000


I386 mainboards (mini
-
itx) or server


RouterOS level 4

Server Farm
-

RADIUS


RADIUS


Authentication, Authorization and Accounting


FreeRADIUS,


SQL module


Backend DB


Stores user credentials, profiles and accounting
info


MySQL

Server Farm


custom app.


WIC Manager


Costumers management and billing


Admin and user access

Server Farm


custom app.


Hotspot Manager


Prepaid coupon for Internet access (nomadic users)


SMS Authentication



Credit Card Payment

Server Farm
-

Monitoring


Distribuited monitoring


Master server in server farm


Slave server on access network


Mikrotik Dude and Zabbix on linux Server

Server Farm
-

other


SMTP and POP3 servers


DNS servers


Video servers


Streaming server


Remote Access

Remote Access


Allow manteinance staff to access network
remotely


OpenVPN, IPSec


Conclusions


It is technically possible to build large
geographical multi
-
purpose wireless
networks


It’s not straightforward, you need strong
competences L1
-
L7


RouterOS has all features you need and
makes network management and
maintenance simpler

THANK YOU!!


Stefano Zanoli

HAL Service s.r.l

stefano.zanoli@halservice.it