Some help needed with planning this project…



  • Hey all, after a little help.

    I have a small WiSP that i am about to expand.  Currently all my client antennas are just connecting to SSID and using Captive Portal to authenticate. But from what i read PPPoE woud be better.  What i am planning to do is where i need your knowledge.  I was planning to have either a embedded pfSense box at each tower, or a Mikrotik routerboard at each tower, to handle all connections from the tower itself rather than everything being done from the main pfSense box in my office. I think this should save bandwidth and also save the load on the main box.  So here is what i am not sure how to do or even if i can do this with pfSense, or if i really do need to use Mikrotik..  I rely on my squid cache alot as bandwidth down here in Brasil is very expensive. So, can i cache at each tower and also cache at the main office where the WAN connection is?

    Can Mikrotik eve do caching? (have never used Mikrotik before).  Ultimately i would like a setup where most of the work is done at each tower, as close to the client as possible.. then the maid servers are in my office.. RADIUS server.. main pfSense box.. i guess the main pfsense box will run the PPPoE server with authentication being cone by the RADIUS? and each tower pfsense box be the PPPoE client?  this is the area i am not sure how to setup or go about.. Maybe some of you guys can shed some light on what i am wanting to do from your own experience?



  • Wow.. so many views and no ideas?



  • @luke240778:

    But from what i read PPPoE woud be better.

    How would PPPoE be better? You want wireless clients to configure PPPoE over a WiFi link? I suspect some of you clients wouldn't think that was better than "standard" WiFi.

    @luke240778:

    What i am planning to do is where i need your knowledge.  I was planning to have either a embedded pfSense box at each tower, or a Mikrotik routerboard at each tower, to handle all connections from the tower itself rather than everything being done from the main pfSense box in my office. I think this should save bandwidth and also save the load on the main box.

    Your main box is likely to struggle with the projected load? How much bandwidth do you think you will save and how will it save that bandwidth? It is not clear from this description how a change will significantly reduce the number of bits being moved around.

    @luke240778:

    So here is what i am not sure how to do or even if i can do this with pfSense, or if i really do need to use Mikrotik..  I rely on my squid cache alot as bandwidth down here in Brasil is very expensive. So, can i cache at each tower and also cache at the main office where the WAN connection is?

    I don't see why not (but I have no experience in squid configuration and administration) but also don't see what it gains you. Are your links to the main office congested?

    @luke240778:

    Ultimately i would like a setup where most of the work is done at each tower, as close to the client as possible.. then the maid servers are in my office.. RADIUS server.. main pfSense box.. i guess the main pfsense box will run the PPPoE server with authentication being cone by the RADIUS? and each tower pfsense box be the PPPoE client?

    What does that gain you? Guess I don't know enough about your configuration and what you are trying to solve.
    Disk (unless solid state) at each tower adds to power requirement and rotating disks are generally much less reliable than electronic components. It might be much easier to replace a hard drive at your main office than at a tower.

    @luke240778:

    Wow.. so many views and no ideas?

    On the information you have presented I suspect you have some vague ideas in search of a problem.


  • Netgate Administrator

    Running a separate instance of Squid at each tower seems like a bad idea to me for a number of reasons. The hardware required to do this will be relatively high powered (both energy and processing) and will require traditional spinning disks. This is going to be expensive to buy and run and be much less reliable than having solid state wireless access points.
    Unless you are going to setup some complex system to synchronise the caches of all your Squid instances you will actually be using more internet bandwidth than one central Squid cache.

    What is it about your current setup that makes you want to change to something so different?

    Steve



  • There are many ways to design a WISP network, but there are "best practices" that should be considered. As suggested in the past, you should read the material at Mikrotik and Ubiquiti sites, which are both specializing in the small-medium WISP niche.

    Wrt your specific questions, it's not a bad idea to authenticate users from a device on your tower, instead of back-hauling all client traffic back to your central office. However it's not a good idea to put a proxy cache in every tower.

    If you plan to expand your WISP significantly, I would suggest that you hire a consultant to do the design.


  • Rebel Alliance

    agree with mr. dhatz

    you should read the material at Mikrotik and Ubiquiti sites, which are both specializing in the small-medium WISP niche.

    it's not a bad idea to authenticate users from a device on your tower, instead of back-hauling all client traffic back to your central office.

    However it's not a good idea to put a proxy cache in every tower.

    This is the best thing you can do:

    If you plan to expand your WISP significantly, I would suggest that you hire a consultant to do the design.



  • Just want to say something to the Squid Proxy point:

    It would be able to install a squid proxy on each tower and another one at the main office. Then you have to enter the proxy at the main office as the upstream proxy for the tower proxies.

    But I think this would only make sense if the bandwidth between the towers and the main office are to small.


Log in to reply