July 30, 2009

Large captive portal project

Earlier last month, a buddy referred me to a project he was handling. The site was way too far for him to travel to conveniently, and he was stuck with some other projects. So I decided to take a look.

The site was an apartment complex with six buildings and offers wireless Internet access to its occupants. They were having trouble with the existing system, so I accepted the project, and drove out 100 miles to look at it.

The old system: the apartment complex has six 4 Mbps ADSL lines. Every two buildings share two load balanced ADSL links. This sounds painfully slow and backwards, but 4 Mbps is the fastest we could get around here. (In fact, they had 2 Mbps ADSL until recently.)

They were using Edimax load balancers and Planet authentication gateways as the captive portal. The ADSL modems were also configured incorrectly as routers, giving three levels of NAT when it could be just two. Since there are six buildings with three sets of load balanced Internet links, it also means there are three sets of load balancers and gateways, and six modems. The real problem was that the Edimax and Planet often hang and required manual rebooting. Plus, the Edimax also oftens hangs in such a way that a cold reboot is necessary, erasing all configuration and requires manual reconfiguration. The Planet's captive portal also stops functioning randomly and would either allow the users to access the Internet without any authentication, or block Internet access completely. The biggest problem though, was that Internet access was so slow so even when the system was functioning, they were getting less and less users since the users were so sick of the slowness. And the reason they have three sets is not because they want to give more bandwidth to the users, but because originally when they had just one set, it would crash even faster.

The new system: replaced Edimax with Peplink. Replaced Planet with ALIX running m0n0wall. I recommended Peplink load balancers with 3 WAN connections, so now we can have just two sets of hardware, with three buildings sharing three load balanced ADSL links. I could have gone for a high-end Peplink with 7 WAN and combined everything into one set of hardware, but the initial investment would be much more expensive, and it's always nice to have a backup.

So I borrowed a Peplink 300 and a Peplink 380 (same as 300, plus VPN and in a rack form factor) from my friendly local Peplink dealer and deployed them. I reconfigured the ADSL modems as bridges, and set the Peplink into PPPoE mode. Unfortunately, the Peplink doesn't seem to have detailed QoS, so I configured m0n0wall to do the QoS by using the built-in Magic shaper wizard. m0n0wall was also configured as a captive portal with local users. We decided to user local users for now since the old system was based on users. We will implement a ticket selling system (called vouchers in m0n0wall) later if everything works out.

Oh, the ALIX boards I used were also the older ones I got from last year. They only have 128 MB of RAM, but seem to have no trouble handing a large number of captive portal user logins and traffic shaping.

According to the manager of the apartment complex, when the old system first went live a year ago, they could have up to 500 simultaneous users in the evenings. But because they've been having so much trouble with the system, the number had dwindled down to about 30.

We'll see how things work out.

(Doh! I forgot to take a photo after the Peplink and ALIX were installed. Will update again.)

No comments: