Reply
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Public IPs to customer

Hello!

I had some questions on how everyone is doing Public IP's to their customers. We have just obtained our AS number from ARIN and will begin doing BGP. I figured this is the perfect time to start handing out public's to every customer dynamically instead of NATing all though 1 IP address.

My intention is to create some sort of pool for public IP addresses to hand out. I want these addresses to be dynamic so I can still sell a static IP. They wont really be able to use their public IP for anything such as cameras etc etc because their radio will be routing and I wont port forward their radio for them. They could purchase a "static" IP and I will bridge their radio and they can handle their own port forwarding in their router. I also still want to keep the radios routing (unless purchasing a static) that way I don't have twice as many devices doing broadcast traffic in my network.

What is the most efficient way to do this? I have about 80 customers right now with a static IP address and about 600-650 customers who all NAT to 1 IP address. I have obtained 1024 IP addresses from ARIN and will be converting our static customers to them as well as starting to move away from NATing private IP's all together.

Any suggestions on how you would do this in your network?
SuperUser
Posts: 7,480
Registered: ‎12-08-2008
Posts: 7480
Kudos: 5496
Solutions: 297
Contributions: 1
Registered: 12-08-2008

Re: Public IPs to customer

There's one reason to do this with all your customers you may not have thought of - MPAA abuse notices (illegal downloading of movies). We run a DSL ISP network with many thousands of resi customers, and have used PPP/Radius to hand out static addresses from the get-go just so when we get an abuse notice (which usually only has the IP address of the offender) we can tell who it was. It just makes life easier to do it this way. The customers don't even know it, since we NAT right in their modem (just like you're talking about doing).
For "true" static addresses, we actually route them a /30 or /29 through the modem (which you can do in the radio too) and charge them for it.
You may not want to use PPP/Radius for authentication either, depending on your network topology - we've never been happy using Radius with the radios (works dandy with fixed DSL since we actually connect to the customers with ATM pvcs ...) We just set up an IP or net for them and use OSPF to distribute the routes through the wireless network.
Jim
" How can anyone trust Scientists? If new evidence comes along, they change their minds! " Politician's joke (sort of...)

A thousand curses on the marketing moron who started the industry using the term "router" for firewalls - may he be plagued by political pollster robocalls at every meal throughout all eternity!
Ancient Member
Posts: 30,000
Registered: ‎03-17-2008
Posts: 30000
Kudos: 5884
Solutions: 128
Registered: 03-17-2008

Re: Public IPs to customer

That would be hard to monitize a static IP for users if they want to pay extra.
WHT = Short Form Acronym for "You couldn't handle me even if I came with instructions!"
Well engineered projects are indistinguishable from crazy ideas.

Speed, distance, reliability, cost...Pick three.
...World's First Ubiquiti AirMax WISP....
Regular Member
Posts: 360
Registered: ‎08-07-2010
Posts: 360
Kudos: 35
Registered: 08-07-2010

Re: Public IPs to customer

We offer public IPs to all of our customers.
We use PPP to do this via a central RADIUS server and back-end management system.
It works great and you shouldn't charge extra for public IPs if you have them.
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

We offer public IPs to all of our customers.
We use PPP to do this via a central RADIUS server and back-end management system.

It works great and you shouldn't charge extra for public IPs if you have them.


Why wouldn't I charge extra for a static address? All carriers in the area do, even the big carriers. CenturyLink, AT&T, TimeWarner, etc etc. Our current model we charge $5/mo per static IP address. I am only referring to charging for a "Static" address rather than a dynamic Public IP address. After all, I have to pay $1200/year for the addresses. Why not charge?
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

There's one reason to do this with all your customers you may not have thought of - MPAA abuse notices (illegal downloading of movies). We run a DSL ISP network with many thousands of resi customers, and have used PPP/Radius to hand out static addresses from the get-go just so when we get an abuse notice (which usually only has the IP address of the offender) we can tell who it was. It just makes life easier to do it this way. The customers don't even know it, since we NAT right in their modem (just like you're talking about doing).
For "true" static addresses, we actually route them a /30 or /29 through the modem (which you can do in the radio too) and charge them for it.
You may not want to use PPP/Radius for authentication either, depending on your network topology - we've never been happy using Radius with the radios (works dandy with fixed DSL since we actually connect to the customers with ATM pvcs ...) We just set up an IP or net for them and use OSPF to distribute the routes through the wireless network.
Jim


That is a thing that I have always thought about. We really have no way of determining who downloaded what when we did get notices in the past. Thankfully, 2 of 3 people that we received notices about had static addresses so we were able to determine who they were. Unfortunately, I didn't design the network from scratch. Knowing what I know now, it would have saved a lot of headache. When I started, we had 300+ devices all using a 192.168.1.1/16 in a complete bridged network with way too much broadcast traffic. We also started with a "mesh" Strix network. We have came a LONG way from that. Right now, we are trying to determine the best process for numbering out of our IP addresses provided by our upstream provider and numbering into our own provided by ARIN. I am trying to do everything in the best order and the best process possible. I have also been told I should do 1:1 NATing to accomplish this.

The only problem with doing a RADIUS server is setting up that many usernames and passwords and logging into EVERY radio and typing it in. But, then again, I may have to be logging into every device anyway...
SuperUser
Posts: 4,480
Registered: ‎12-03-2009
Posts: 4480
Kudos: 1627
Solutions: 108
Registered: 12-03-2009

Re: Public IPs to customer

I use DHCP at my head end to issue public IP's to the WAN port on my UBNT radios at the client's house.
After the lease has been snagged, I set it as static in Mikrotik. If I ever need to change IP ranges, I just change it at the head end. Once the DHCP renews, then we are all good.
As a "record keeping" method, I export the Mikrotik config nightly that has the IP and statics in it.
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

I use DHCP at my head end to issue public IP's to the WAN port on my UBNT radios at the client's house.

After the lease has been snagged, I set it as static in Mikrotik. If I ever need to change IP ranges, I just change it at the head end. Once the DHCP renews, then we are all good.

As a "record keeping" method, I export the Mikrotik config nightly that has the IP and statics in it.


We use MikroTik as well.

Do you do routing in your customers CPE's? If you do that, do you handle your customers port forwarding for them as well?
Regular Member
Posts: 360
Registered: ‎08-07-2010
Posts: 360
Kudos: 35
Registered: 08-07-2010

Re: Public IPs to customer

Why wouldn't I charge extra for a static address? All carriers in the area do, even the big carriers. CenturyLink, AT&T, TimeWarner, etc etc. Our current model we charge $5/mo per static IP address. I am only referring to charging for a "Static" address rather than a dynamic Public IP address. After all, I have to pay $1200/year for the addresses. Why not charge?


Fair enough.

I got charged a 2,000 set up fee and get charged 325 every quarter for IPs. This gets me a /22.

It's rare to be charged for a public IP here. It's not rare to be charged extra for static addresses on residential connections if indeed they are available to you as that moment you talk about a static IP some carriers think "only businesses need these. You need to be on a business connection".

It's money for old rope! Icon Wink
Established Member
Posts: 2,296
Registered: ‎07-30-2009
Posts: 2296
Kudos: 259
Solutions: 1
Registered: 07-30-2009

Re: Public IPs to customer

Fair enough.

I got charged a 2,000 set up fee and get charged 325 every quarter for IPs. This gets me a /22.

It's rare to be charged for a public IP here. It's not rare to be charged extra for static addresses on residential connections if indeed they are available to you as that moment you talk about a static IP some carriers think "only businesses need these. You need to be on a business connection".

It's money for old rope! Icon Wink


we dhcp public's to the customer router, all our radios are bridged. If the customer requires a static I charge them 4.95 and just reserve it on my DHCP server.
Dallas Gray
CCNP, CCNA, CCDA, CWTS, UACA, NET+, A+, CXFF
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

we dhcp public's to the customer router, all our radios are bridged. If the customer requires a static I charge them 4.95 and just reserve it on my DHCP server.


If you dont mind me asking, how many customers do you have?

Are you bridged or a routed network? If routed, how many devices per routed segment?

My only concern with doing this is increasing our devices per routed segment by 2x, thus creating more broadcast traffic.
SuperUser
Posts: 4,480
Registered: ‎12-03-2009
Posts: 4480
Kudos: 1627
Solutions: 108
Registered: 12-03-2009

Re: Public IPs to customer

We use MikroTik as well.

Do you do routing in your customers CPE's? If you do that, do you handle your customers port forwarding for them as well?


I do NAT at the UBNT CPE. I have DMZ already set to 192.168.11.2. If they need ports forwarded in, then I tell them to set the router/computer to that IP.

My NAT IP range is 192.168.11.10-254 with a Gateway of 192.168.11.1
Established Member
Posts: 1,073
Registered: ‎09-17-2010
Posts: 1073
Kudos: 181
Solutions: 4
Registered: 09-17-2010

Re: Public IPs to customer

We have our DHCP do non-routable IPs by default (192.168.x.x range) and for those that want statics or have a business, we use a VLAN to send them to another universe where everyone gets true, real IP address.

All of our non-routable IPs have a log server that records which IP connects to where, but only that, we don't have the time nor want to be big brother in that capacity. Since all of our users use usernames, it's easy to figure which IP was connecting to where and from what customer should/if we get one of those notices.

As of this year, we've only received 2 of those notices about copyright infringement, blah blah, but they quickly found their way into my trash can. When someone comes from a court/judge about the issue, then we'll break out the log files for them.

Otherwise, as it was said, paying for all the IPs is very expensive and there is no need to give every customer a static IP for that reason. If the customer is technical enough to know what it is or how they can use it, we'll be glad to give them one.

This saves on paying a lot of money for a bunch of unnecessary real IP address.
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

I don't really want to bridge all of my devices and pass though the IP to their routers or PC's and I want to be able to put a router at every tower of mine eventually. I want the easiest way of doing this. What do you think of 1:1 NATing?
Established Member
Posts: 2,296
Registered: ‎07-30-2009
Posts: 2296
Kudos: 259
Solutions: 1
Registered: 07-30-2009

Re: Public IPs to customer

If you dont mind me asking, how many customers do you have?

Are you bridged or a routed network? If routed, how many devices per routed segment?

My only concern with doing this is increasing our devices per routed segment by 2x, thus creating more broadcast traffic.


Completely Routed network (OSPF) Aprox 30 tower sites. Only about 1200 residential subs, we do a lot of DIA/MPLS services.

I assign every one of my AP's a /26 giving it 61 total allowed subs.
Dallas Gray
CCNP, CCNA, CCDA, CWTS, UACA, NET+, A+, CXFF
Highlighted
Established Member
Posts: 2,296
Registered: ‎07-30-2009
Posts: 2296
Kudos: 259
Solutions: 1
Registered: 07-30-2009

Re: Public IPs to customer

I don't really want to bridge all of my devices and pass though the IP to their routers or PC's and I want to be able to put a router at every tower of mine eventually. I want the easiest way of doing this. What do you think of 1:1 NATing?


I bridge all my radios, and I do have a router (Cisco 7206) at every one of my sites. You will find the people on this forum with the most problems are those who try to do too much with these radios, such as use them as routers and then they get on here and complain all day long about problems.
Dallas Gray
CCNP, CCNA, CCDA, CWTS, UACA, NET+, A+, CXFF
Member
Posts: 110
Registered: ‎10-18-2009
Posts: 110
Kudos: 7
Registered: 10-18-2009

Re: Public IPs to customer

I bridge all my radios, and I do have a router (Cisco 7206) at every one of my sites. You will find the people on this forum with the most problems are those who try to do too much with these radios, such as use them as routers and then they get on here and complain all day long about problems.


Can you be more specific on what you mean by this?

Right now my network has some routing. We have about 700 devices and star out from my main tower. I only have one router with 13 ports at this spot. Port 1 is fiber, port 2 has 200 customers, port 3 has 150 customers, port 4 has 100 customers, port 6 has 75 customers, port 7 has 150 customers this are rough numbers not including tower radios.

We were running zero routing about a year ago. We noticed the broadcast issues and have since implemented as much routing as possible at this time. The network, right now, runs over all very well. Typical pings from any tower to the gateway are under 10ms max, most of the time averaging 4-5ms. All depends on how many hops they are away.

The only issue I see with bridging them is that then they don't have the radio routing and that adds all of their devices before a router to my network. I just see likely broadcast issues if we do this without implementing more routers to more towers.
Regular Member
Posts: 360
Registered: ‎08-07-2010
Posts: 360
Kudos: 35
Registered: 08-07-2010

Re: Public IPs to customer

I have a router per tower that each run OSPF, MPLS and VPLS tunnels back to the core router. I land a /24 public subnet on the core router and bridge PPP customers onto the VPLS tunnel to use their public IP.
Therefore I don't have to subnet the IPs for each tower thus no wastage!!
Regular Member
Posts: 302
Registered: ‎05-10-2011
Posts: 302
Kudos: 41
Registered: 05-10-2011

Re: Public IPs to customer

With Arin you can get a /21 which is 2000+ IP's for 1,250.00 a year. That's like a nickle each per month... Please correct me if I'm wrong.

All that being said we give every customer a Static via DHCP and MAC Auth. If they need more than 1 that is where we charge.

This makes me sleep good at night. Every customer always has the same public address and only that public address. If the FBI wants access to my network for child porn or any other illegal activity I am covered. I can provide that information very easily.

This may be paranoid but just seems easy and for a nickle who cares.
Regular Member
Posts: 360
Registered: ‎08-07-2010
Posts: 360
Kudos: 35
Registered: 08-07-2010

Re: Public IPs to customer

This may be paranoid but just seems easy and for a nickle who cares.


My thoughts as well.
Reply