Burning Bridges - Routing Your

Bridged WISP Network With

MikroTik

855-WISP-PRO

Introduce Yourself
Name
Company & position there

855-WISP-PRO

About Me

Steve Discher

Live in College Station, Texas

1987 graduate of Texas A&M University, in IT for

more than 20 years
Former WISP owner from 2004 to 2010
Online distribution company, ISP Supplies
Conduct MikroTik and Ubiquiti training
[Link]
855-WISP-PRO

About ISP Supplies

Entering our third year of business.

Also sell custom built products including

silkscreened indoor and outdoor enclosures, RF
shielding and antennas

We sell MikroTik, Ubiquiti, Cambium and all of

the accessories.

855-WISP-PRO

Master MikroTik
Stocking Distributor
Current 7th largest in
sales in the USA
(started at number 20!)

855-WISP-PRO

Largest Problem Facing

Growing WISPs
Number one consulting question I
am asked is how do I convert my
bridged wireless network to a
routed one?

855-WISP-PRO

One Size Fits All

Approach
There is none.
Today, establish an attack plan using general
processes.

You will need to adapt to your particular

scenario.

855-WISP-PRO

Todays Presentation
1. Why is excessive bridging a problem?
2. Routing - the solution to excessively bridged
networks.
3. Network redesign, topology, IP planning and
routing.
4. Protocols to be used.
5. Rollout plan.
6. Equipment selection.
855-WISP-PRO

The Problem
Why are bridged wireless
networks difficult to scale?

855-WISP-PRO

Network Organic Growth and Evolution

855-WISP-PRO

Network Organic Growth and Evolution

855-WISP-PRO

Network Organic Growth and Evolution

855-WISP-PRO

Network Organic Growth and Evolution

855-WISP-PRO

Network Organic Growth and Evolution

855-WISP-PRO

Large Broadcast Domain

Somewhere around 300 customers on the average

broadcast traffic reaches an unmanageable level

855-WISP-PRO

Broadcasts

Broadcasts are a necessary part of an Ethernet

network

Switches use a process called flood and

learn and then switch packets based on
lookup tables, those entries in the lookup
tables age out, then they flood again

As network grows, lookup tables get too large,

constantly flushed, once again broadcasts are
flooded
855-WISP-PRO

A single broadcast from

single customer

Broadcast Traffic in a Bridged Network

855-WISP-PRO

Broadcast Traffic in a Bridged Network

855-WISP-PRO

Broadcast Traffic in a Bridged Network

855-WISP-PRO

Broadcast Traffic in a Bridged Network

855-WISP-PRO

Broadcast Traffic in a Bridged Network

855-WISP-PRO

Broadcast Traffic in a Bridged Network

One broadcast from one customer utilizes

every wireless device in our infrastructure!

Broadcast traffic is retransmitted by APs and

back-hauls thereby wasting valuable network
resources

855-WISP-PRO

The Solution

Routing, adding routers into the network

More efficiently utilize resources by allowing you to

transmit only necessary traffic across links it needs
to cross

Utilize traffic shaping and customer rate controls

Why? Routers block broadcast traffic, reduce the

size of the collision domain

Offload workload like NAT to less utilized devices

closer to the network edge
855-WISP-PRO

The Solution

Adding routers can increase security by the

addition of firewalls

Prevent Layer 2 switch loops

Prevent rogue DHCP servers from infiltrating

the entire network

Increase the scalability of the network

Prevent customer viruses from taking your

network down

855-WISP-PRO

The Solution
Simplify troubleshooting
Allow the creation of redundancy and
failover

855-WISP-PRO

The Solution
Resistance is futile!

855-WISP-PRO

With so many
benefits from
routing over bridging
why do we resist?

Routing vs Bridging
Bridging is faster, easier to learn especially
at first.

Using routers requires me to learn routing.

Using routers requires me to learn
subnetting.

Administration will be more difficult.

855-WISP-PRO

Network Redesign
Redesigning a bridged network as a routed
network requires:

A network diagram.
An IP plan.
Proper equipment.
Coordinated rollout.
855-WISP-PRO

Large collision domain

Flat Bridged Network

855-WISP-PRO

Many small collision domains

Add Routers in Place of Switches

855-WISP-PRO

Client Broadcasts and Traffic to Internet

855-WISP-PRO

Typical Tower Detail - Bridged

855-WISP-PRO

Bridged

Bridged

Bridged

Bridged

Bridged

Typical Tower Detail - Routed

855-WISP-PRO

Bridged

Bridged

Bridged

s
l es
ire
W r3
e
Lay

Bridged

Bridged

Typical Tower Detail - Routed

855-WISP-PRO

Bridged

IP Planning
Why? Public IP addresses are no longer a
limitless resource

Requires knowledge of subnetting

Organized method of documentation - IP
Plan, spreadsheet, etc.

Organized methodology in deployment

855-WISP-PRO

IP Planning
Example:
We have one /24 of public addresses
Will use private addresses wherever

possible and publics for customers as

required

855-WISP-PRO

IP Planning
Estimate the maximum planned number of
towers with current public IP allocation,
current + growth

Subnet your /24 into enough /30 subnets to

accommodate current + growth

Our example network has 6 towers, so we

need six /30s

855-WISP-PRO

[Link]/30

0
.0/3

.8
.13

0
/3

.76

66

66.7

6.13

.12/
30

[Link]/30

30
.4/

. 13

.76

66

6.13
66.7

Example [Link]/24 Block

855-WISP-PRO

One /30 per customer is

another option, more wasteful

192

.16

8.1

.0/2

[Link]/24

Add a /28 or smaller to each

AP for public/static
customers, /28 = 14 hosts

192

/30

6
6.7

.8
.13

66.

76.

.3
168

13.

4
.0/2

16/
30

Typical Tower Detail - Routed

855-WISP-PRO

Protocols
Run dynamic Routing - OSPF on all tower
routers and head end router

BGP is an option but it is a bit of overkill

for this job, OSPF is fast and easy

Simplifies administration, adding a customer

requires no route additions, only adding
their address/subnet to the tower
855-WISP-PRO

Protocols

Use PPPoE on each tower router, one PPPoE

server per AP/Interface pair

Allows the use of radius for PPPoE client

authentication for integration in billing packages

Auto assignment of rate limit at the tower router

Auto assignment of static IP address
Ability to disconnect non-paying customers or
redirect them to the billing site
855-WISP-PRO

Protocols

If PPPoE is not an option, DHCP with

authentication based on MAC address is the second
choice

Allows more secure DHCP environment

May be more compatible with some billing packages

Allows the same automatic provisioning of rate

limits as PPPoE
Avoid unauthenticated DHCP and static addressing
for clients
855-WISP-PRO

Traffic Shaping and Rate

Limiting
With routed networks, we now control the
traffic

Rate limit customers at the tower, as close

to the edge as possible, most efficient way

Rate limits can be dynamically created using

PPPoE or authenticated DHCP
855-WISP-PRO

Traffic Shaping and Rate

Limiting
Rate queues can be added to each router in
the system to allocate bandwidth to high
priority traffic which we will identify and
mark using mangle rules

VOIP and video can have TOS bit set,

carried throughout the networkand
prioritized
855-WISP-PRO

Plan Rollout
Goal - deploy the new configuration while
avoiding or reducing downtime

Process - work from the edge of the

network inward

855-WISP-PRO

Start Here

Add Routers in Place of Switches

855-WISP-PRO

1. Add the new tower router to the

existing switch.

.16
8.1

.0/2

[Link]/24

192

2. Temporarily use address A from

[Link]/30 subnet on head end
router and address Z on tower
router. Address A will move to next
hop upstream from this tower later.

192

66.

76.

0
8/3
13.

.1

3. 0
68.

3. Move APs one at a time from

switch to router, may require clients
to power cycle to get a new IP.

/24

[Link] all clients have been rolled

over, repeat for next tower upstream
and move address A from head end
to next upstream.
See next slide...

Rollout Plan
855-WISP-PRO

66.7

6.13

.20/
30

First Tower Deployment

855-WISP-PRO

[Link]/30

[Link]/30

Second Tower Deployment

855-WISP-PRO

[Link]/30

[Link]/30

Third Tower Deployment...

855-WISP-PRO

Plan Rollout

Process can be tedious, require some

coordination with crews at head end and tower

OSPF will take care of routing as APs are rolled

over from switch to router

DHCP or PPPoE will take care of customer

addresses and rate limits

Once entire network is rolled over, QOS can

be added later
855-WISP-PRO

Equipment Selection
Specific equipment selected depends on
work load, number of physical port
required and budget

Examples
855-WISP-PRO

Head End Router

Good

$445

Good

Better

$395

$495

Thousands of Customers

855-WISP-PRO

Head End Router

Best

$955

Many Thousands of Customers

855-WISP-PRO

Tower Router
Good

Better

$159

$199

Less than 120 Customers

855-WISP-PRO

Best

$240

Small Tower Router

Good

Better

$99

$130

20 or Less Customers

855-WISP-PRO

Summary

Routed networks are infinitely scalable, bridged

networks die at about 300 customers

Routing your network requires a plan, IP plan,

network layout and coordinated rollout

Routed networks will require knowledge of OSPF,

DHCP, Radius, PPPoE and possibly BGP later

Once network is routed, roll out traffic shaping/

QOS

Product recommendations
855-WISP-PRO

Products in
Presentation
MikroTik routers
IP Plan ([Link]
Cobian Backup, free auto FTP client to
backup your routers

Integrated radius based billing solution,

Platypus, DMA Softlab, Freeside, others?

855-WISP-PRO

Get Trained
MikroTik / Ubiquiti training monthly:
MikroTik MTCINE Dallas, Feb 5-8
MikroTik MTCNA, College Station, Feb
11-13

Ubiquiti airMAX Training, Houston, March

5-7

855-WISP-PRO

Questions?

855-WISP-PRO

Thank You

855-WISP-PRO

855-WISP-PRO

855-WISP-PRO

855-WISP-PRO