WISP networks are getting more and more advanced these days. In other words, the requirements for the wireless network are higher than ever before. The WISP network of the Dutch wireless service provider WiMood is developed to meet these requirements. WiMood network is based on the LigoMesh products from LigoWave.
The network
The WiMood mesh network is located in The Netherlands and is used for ‘fixed’ customers with a subscription as well as mobile users using hotspot service, both combined on the same WiFi network. The network provides these services in a suburban area of six square kilometers.
Picture 1. Map of WiMood mesh network
Why LigoMesh?
LigoMesh was selected by WiMood based on a technical study that lasted for a couple of months. After a requirements study and several tests, LigoMesh was chosen over all other mesh and non-mesh solutions. The main advantages were advanced functionality, stability, pricing and last but not least: the RCMS functionality. With the Remote Configuration Management Server, WiMood is able to manage the whole network in one place including device configurations, firmwares and statistics.
The requirements
The main non-technical requirements of the wireless network are quite similar to all networks: stability, ease of use, and security. To achieve these things, there are some essential technical requirements for the network such as traffic shaping (different upload/download rates related to subscription plan), Layer 2 client isolation, traffic registration for statistics and fair use policy regulation, all of which are addressed by the LigoMesh platform.
Technical implementation
Network layout
All network elements are shown in the scheme below. Between the location with the internet connection (bottom right corner of the picture) and the location of the servers (top right corner of the picture) there is a LigoWave LigoPTP connection running in the 5 GHz frequency. Two VLAN’s are bridged over this link: one for the local network (office PCs, load balancer, servers) and another one for the Mesh network.
In the Mesh network there are two Mesh gateways: S1006AP1 and S1001AP1. Both devices are connected over the LigoPTP link.
Picture 2. Scheme of WiMood mesh network
Authentication
Authentication was an essential requirement on the WiMood WiFi network, because only paying customers should be able to access the network. In the WiMood network all non-authenticated wireless clients need to be redirected to a portal page to login or to get information about the internet services offered. In addition, a client who is authenticated and connects to another node should be re-authenticated without a need to re-enter the username and password on the portal.
Picture 3. UAM login page of WiMood mesh network
Standard UAM and MAC authentication functionality of LigoMesh was used to implement this requirement. The whole portal and management system for the UAM portal and Radius database is developed by WiMood to get these two ways of authentication in one system. When a client logs in to the system for the first time, the LigoMesh node redirects the client to the UAM portal and after login, the LigoMesh node uses this account information to do an AAA (Radius) authentication with the Radius server.
After successful login, the client is redirected back to the portal and the customer MAC address is registered in the Radius database. The next time the client connects to a LigoMesh node, the node will do MAC authentication using AAA. When the MAC authentication is passed, the client will be online right away.
Picture 4. Authentication scheme of WiMood mesh network
Security
Security is always an important part when developing a wireless network for WISP services. Besides user authentication, other important concerns are user isolation and secured interlinks between the nodes. In the WiMood network, every service set is secured with MAC/UAM authentication. The other wireless parts of the network, e.g. the mesh sets, are secured with WPA2-PSK encryption with AES cipher. It is very important to secure these interlinks, because there is no authentication on it and after association a rogue client would be able to access the whole network.
Another important part of security on a wireless network is user isolation. LigoMesh offers Layer 2 isolation on the service sets. When this is enabled, users can not communicate with each other on one service set. In addition to this, it is also necessary to block traffic between the different service sets on the same and other nodes. To achieve this ebtables can be used to block, for example, all ARP traffic other than to the gateway.
Mesh
A strong part of LigoMesh equipment is the Layer 2 mesh functionality. Before WiMood switched to LigoMesh, all interlinks were configured manually. This caused a lot of problems for WiMood because when one of the nodes went down, all others had to be reconfigured in order to renew the operation. Now with the LigoMesh based network, the network is healed automatically, without any reconfiguration or other human interaction.
The use of LigoMesh also saves a lot of time that is usually used for the configuration of the network. With LigoWave mesh equipment you only need to configure the mesh networking part by typing in the “SSID” and a few other things and then the mesh node takes care of the topology itself. The WiMood network uses 2,4 and 5 Ghz interlinks on the same LigoMesh network.
Picture 5. LigoScout screenshot - a topology monitoring tool
Management
The Remote Configuration Management Server (RCMS) is the main part of the management of the WiMood network. This server is used for managing the configuration and also for monitoring statistics of all nodes. RCMS is also able to send automatic mails when a node goes down and when it comes up again. Besides these functions, RCMS is also used as a place where warnings and errors are stored for reporting failures and debugging.
For every node the uptime, processor load and total memory is graphed by the RCMS. Also every interface is monitored for signal quality, signal strength, number of wireless clients, traffic and tx/rx errors.
Picture 6. A screenshot from RCMS (monitoring of equipment performance)