hal
DESCRIPTION
4mtTRANSCRIPT
Large-Scale Multi-purpose wireless networks
MUM Poland 2008 Stefano Zanoli
Agenda
• Company presentation• Wireless Networks: vision and mission• Wireless Networks: architecture
Who we are• Small and dynamic company
• Software Development
• System Integration
• WISP
Where we are
Borgosesia – Valsesia
Wireless networks: our vision
IEEE 802.11
Hotspots
Environment Monitoring
VHF
Security
COAX / Fiber
€€€
€€€Wireless Infrastructure
HotspotsEnvironment Monitoring
SecurityHotspots
• Unique wireless infrastructure supporting multiple services and applications
Wireless networks: our vision
Like a motorway…..
Pervasive IP infrastructure supporting multiple services and applications
IN
TE
RN
ET
VIDEOSURVEILLANCE
TELE MONITOIRNG
TELEMEDICINE
VOICE
AND
VIDEO
Wireless networks: our vision
WirelessNet
IntranetDocument sharing Application sharing
Broadband Internet Access
Services for touristsHotspot, e-guide
Environemt MnitoringCivil protection
TelemedicineE-health
Wireless network: our mission
• Building robust and affordable wireless infrastructures
• Providing Internet and Value Added Services to citizens and public administration
HOW ?
Economic issues
Organizational issues
Technical issues
Architecture
Clients
Client Devices
Client device Service
PDA, Laptop Hotspot
CPE FBWA
Camera + CPE Video Surveillance
Sensor + CPE Environment Monitoring
Client Devices - CPEs
• Routerboard 133, 133c
• New Routerboard 411
• RouterOS level 3 is enough
• Wireless interface as STATION
Access Network
Access Network - Intro
• Infrastructure wireless access network– Short point-to-point or point-to-multipoint links– Redundant links (mesh)
• Wireless cells for client connections
Access Network - Requirements
• How to deal with multiple services?– Every service must have its own
“lane”– Traffic of different services must be
kept separated– Every service requires a different
QoS• Guaranteed throughput• Latency and jitter
Access Network - Architecture
• VLANs, WDS, VAP and BRIDGES– Define one VLAN for each service– Use WDS to propagate VLANS on
the access network– Use VAP with multiple SSID to
provide access to different client devices
– Use BRIDGE to join VAP with respective VLAN
Access network - Example
Access Network - Equipment
• Routerboard 532, 333 or 600
• Daughterboard 502 or 604
• RouterOS level 4 for APs
• RouterOS level 4 or greater for NAS
• Wireless interfaces as AP BRIDGE
Wireless Backbone
Wireless Backbone
• Must provide performing connection between access networks and Internet or server farm
• Long distances and high throughput– NStreme2 with high directional antennas dual-
polarity antennas– Channel Bonding– Use 5 GHz band– Optimize your RB resources
(E.g. disable CONNTRACK)
Wireless Backbone
• It’s the core of your infrastructure, consider redundancy!– Redundant links (mesh) with dynamic routing
protocol (E.g. OSPF)– Redundant devices with VRRP– Battery backup
Internet Access
Internet Access
• If you have your own AS number and public subnet– Subscribe peering agreements– Configure your BGP router(s)
• If you a carrier/ISP provides you Internet connection– Simply connect you gateway to your provider
equipment– Configure NAT / MASQUERADE
Internet Access
• In both cases you need to keep control on traffic flows to/from Internet
• Usually the bottleneck is here!
• TRAFFIC SHAPING– Keep P2P traffic under control– Prioritizing interactive traffic (E.g. VoIP)– Differentiating Download and Upload
Internet Access
• Traffic classification– Firewall mangle rules: mark connections and
mark packet
Internet Access
• Queue Tree (HTB)
Interne Access - Equipment
• Firewall mangle, NAT and Queues are CPU-intensive task. Monitor your CPU!
• Routerboard 1000
• I386 mainboards (mini-itx) or server
• RouterOS level 4
Server Farm - RADIUS
• RADIUS– Authentication, Authorization and Accounting– FreeRADIUS, – SQL module
• Backend DB– Stores user credentials, profiles and accounting
info – MySQL
Server Farm – custom app.• WIC Manager
– Costumers management and billing– Admin and user access
Server Farm – custom app.
• Hotspot Manager– Prepaid coupon for Internet access (nomadic users)– SMS Authentication– Credit Card Payment
Server Farm - Monitoring
• Distribuited monitoring– Master server in server farm– Slave server on access network
• Mikrotik Dude and Zabbix on linux Server
Server Farm - other
• SMTP and POP3 servers
• DNS servers
• Video servers
• Streaming server
Remote Access
Remote Access
• Allow manteinance staff to access network remotely
• OpenVPN, IPSec
Conclusions
• It is technically possible to build large geographical multi-purpose wireless networks
• It’s not straightforward, you need strong competences L1-L7
• RouterOS has all features you need and makes network management and maintenance simpler
