Large-Scale Multi-purpose
wireless networks
MUM Poland 2008
Stefano Zanoli
Agenda
• Company presentation
• Wireless Networks: vision and mission
• Wireless Networks: architecture
Who we are
•
•
•
•
Small and dynamic company
Software Development
System Integration
WISP
Where we are
Borgosesia – Valsesia
Wireless networks: our vision
• Unique wireless infrastructure supporting
multiple services and applications
Security
Hotspots
COAX / Fiber
€€€
IEEE 802.11
€
Hotspots
Hotspots
Environment
Environment
Monitoring
Monitoring
€€
VHF
Wireless Infrastructure
Security
Wireless networks: our vision
Like a motorway…..
Pervasive IP
infrastructure supporting
multiple services and
applications
T
E
L
E
M
O
N
I
T
O
I
R
N
G
Wireless networks: our vision
Environemt
Mnitoring
Civil protection
Telemedicine
E-health
Broadband
Internet Access
Wireless
Net
Services for tourists
Hotspot, e-guide
Intranet
Document sharing
Application sharing
Wireless network: our mission
• Building robust and affordable wireless
infrastructures
• Providing Internet and Value Added Services
to citizens and public administration
HOW ?
Economic issues
Organizational issues
Technical issues
Architecture
Clients
Client Devices
Client device
Service
PDA, Laptop
Hotspot
CPE
FBWA
Camera + CPE
Video Surveillance
Sensor + CPE
Environment Monitoring
Client Devices - CPEs
•
•
•
•
Routerboard 133, 133c
New Routerboard 411
RouterOS level 3 is enough
Wireless interface as STATION
Access Network
Access Network - Intro
• Infrastructure wireless access network
– Short point-to-point or point-to-multipoint links
– Redundant links (mesh)
• Wireless cells for client connections
Access Network - Requirements
• How to deal with multiple
services?
– Every service must have its own
“lane”
– Traffic of different services must be
kept separated
– Every service requires a different
QoS
• Guaranteed throughput
• Latency and jitter
Access Network - Architecture
• VLANs, WDS, VAP and BRIDGES
– Define one VLAN for each service
– Use WDS to propagate VLANS on
the access network
– Use VAP with multiple SSID to
provide access to different client
devices
– Use BRIDGE to join VAP with
respective VLAN
Access network - Example
Access Network - Equipment
•
•
•
•
•
Routerboard 532, 333 or 600
Daughterboard 502 or 604
RouterOS level 4 for APs
RouterOS level 4 or greater for NAS
Wireless interfaces as AP BRIDGE
Wireless Backbone
Wireless Backbone
• Must provide performing connection
between access networks and Internet or
server farm
• Long distances and high throughput
– NStreme2 with high directional antennas dualpolarity antennas
– Channel Bonding
– Use 5 GHz band
– Optimize your RB resources
(E.g. disable CONNTRACK)
Wireless Backbone
• It’s the core of your infrastructure, consider
redundancy!
– Redundant links (mesh) with dynamic routing
protocol (E.g. OSPF)
– Redundant devices with VRRP
– Battery backup
Internet Access
Internet Access
• If you have your own AS number and
public subnet
– Subscribe peering agreements
– Configure your BGP router(s)
• If you a carrier/ISP provides you Internet
connection
– Simply connect you gateway to your provider
equipment
– Configure NAT / MASQUERADE
Internet Access
• In both cases you need to keep control on
traffic flows to/from Internet
• Usually the bottleneck is here!
• TRAFFIC SHAPING
– Keep P2P traffic under control
– Prioritizing interactive traffic (E.g. VoIP)
– Differentiating Download and Upload
Internet Access
• Traffic classification
– Firewall mangle rules: mark connections and
mark packet
Internet Access
• Queue Tree (HTB)
Interne Access - Equipment
• Firewall mangle, NAT and Queues are
CPU-intensive task. Monitor your CPU!
• Routerboard 1000
• I386 mainboards (mini-itx) or server
• RouterOS level 4
Server Farm - RADIUS
• RADIUS
– Authentication, Authorization and Accounting
– FreeRADIUS,
– SQL module
• Backend DB
– Stores user credentials, profiles and accounting
info
– MySQL
Server Farm – custom app.
• WIC Manager
– Costumers management and billing
– Admin and user access
Server Farm – custom app.
• Hotspot Manager
– Prepaid coupon for Internet access (nomadic users)
– SMS Authentication
– Credit Card Payment
Server Farm - Monitoring
• Distribuited monitoring
– Master server in server farm
– Slave server on access network
• Mikrotik Dude and Zabbix on linux Server
Server Farm - other
•
•
•
•
SMTP and POP3 servers
DNS servers
Video servers
Streaming server
Remote Access
Remote Access
• Allow manteinance staff to access network
remotely
• OpenVPN, IPSec
Conclusions
• It is technically possible to build large
geographical multi-purpose wireless
networks
• It’s not straightforward, you need strong
competences L1-L7
• RouterOS has all features you need and
makes network management and
maintenance simpler
THANK YOU!!
Stefano Zanoli
HAL Service s.r.l
stefano.zanoli@halservice.it