Need some advice from Network Gurus

[3 of 7]

What could go wrong?

Daily support calls from 200 customers asking why they can't upload 2 pics at once on facebook.
150 of them want voip
The kid in 11-B is hacking the router
The RCMP internet crime squad wants to know why kiddie porn sites are being visited from your ip
Bills C-46 and C-47 pass requiring you to keep surfing records of all your users
The guy in 14-D has installed a wireless access point and is giving a bunch of people "free" internet
Some vandal keeps smashing the routers.

It would likely be a full time job for someone just keeping 46 consumer grade routers running, let alone fielding all the calls and doing the paperwork.

 

[Prof. Dr. Silver]

1. That's why I have a wife.... valid point, even though I run my wireless router now for three years straight with resetting it only two or three times. Maybe I should just not give them my phone number? LOL
2. VOIP ey? Haven't even thought about that one.
3. That is what baseball bats are for....
4. Good one too... is there monitoring software for that too?
5. How in the world do you do that?
6. See # 3
7. The routers should be hidden. But where can one find professional grade anti-vandalism routers?

I'm slowly getting the point here..... A difficult task I took on? Also... I just called Cogeco Data solutions and before I could finish my sentence the guy said no. "We don't do those connections". He did recommend the GigE connection which would be available for $ 2000 per month! :shok:

Would that GigE be overkill? Gotta call around a bit more...

 

[3 of 7]

Have you checked your neighbourhood for unprotected wireless signals? I recently walked a friend through setting up security on his wireless router in his apartment and there were like 10 dhcps in the table when we started. I can see three from my house. This could eat into your profits as well.

 

[Arinoth]

I was thinking some more, and from what we talked about you could have access points (or multiple ones/potentially overlapping each other since they'll probably penetrate up and down more then one floor) all connected to a commercial grade router which should allow you to do a lot of the monitoring and other sort of set ups. You'd be able to set up account names per apartment unit and lock in the MAC address of each of their computers to help keep up the security of it as well as monitor who is abusing their traffic and who isn't. It would also allow you to limit the amount of connections per unit as per they need you to lock in their MAC address of each computer/console to increase your network security as well

 

[Perineum]

I would say an OC3 would be the minimum you'd need to have "decent" rogers-like bandwidth, depending on the type of users you had.

I would not use wireless at all. I would not want to field calls from "x" amount of people as to why the wireless isn't working, etc. Also, once someone breaks the WEP or WPA key they can just watch the traffic and get free internet from using other people's MAC address.

Also, when you decide you need to kick someone off it is going to be really easy for them to screw with the wireless, (Think deals extreme type toys here) whereas if it's wired you can unplug them from the patch panel....

Overall it shouldn't cost much more for cat5 on each floor... one strand to each floor should do it and then a strand to each apt.

I would look into a way of multiplexing the signal into the cable/phone lines of the apt building as well.... free wiring, with cable being preferred. I'm not sure what the legality of that would be.... cables are likely owned by rogers/telus?

Just some ideas, anyway...

 

[JD]

I agree with the wired over wireless idea.

If you run CAT5e to each floor, stick a 16 port router in the ceiling (if it's a drop-down kind otherwise you'd need a security cage of sorts to wall mount it). Then just run wires from the switch to the apartments that want to pay into it. I wouldn't bother running the wires until people pay though. Then from there, either let them do whatever they want, or put in you're own wireless router that's configured to your liking and password protected so they can't disable wireless encryption and what not.

If you let them do whatever, you could easily walk the halls with a laptop and see if anybody has an open network, then kindly show them how to enable proper security.

Another option would be to have both choices and let them "rent" a router from you like they would from Rogers.

And if you're planning on getting fiber in, you definitely need an enterprise grade router and you'd probably need to take a course on how to configure it properly. Consumer ones definitely won't be able to handle all the traffic or fully utilize the speed of the connection.

I understand your idea though but I think it's simply too difficult to bother doing. Also something to consider, people can't just cancel Rogers on the spot, I'm sure most are tied into a contract and I doubt they'd want to pay the $100 or whatever cancellation fee in hopes that your service is better.

Also look into the reliability on these fiber lines (or whatever connection you want). If they can't guarantee like 99.99% (or more 9s), then it might be problematic. When people pay for a service, they expect 100% uptime basically and if it should go down, they want to be able to phone somebody right away and find out why and how long until it's back.

If you still want to seriously do this, I'd really consider adding in a cost for yourself since it'll end up being a near fulltime job when it's all done IMO.

Side note: I wouldn't trust the DIR-655 for your application. It's flaky enough as is for me in my home. D-Link has really been dropping the ball with the firmware. The last thing you want is a router going down when you're not there.

 

[Perineum]

I agree with the wired over wireless idea.

If you run CAT5e to each floor, stick a 16 port router in the ceiling (if it's a drop-down kind otherwise you'd need a security cage of sorts to wall mount it). Then just run wires from the switch to the apartments that want to pay into it.

This is what I meant but wasn't clear on :haha:

 

[The Guy]

Don't forget switches!

If you do go for this your going to need some legal protection (ie: a ToS they must sign), and if you can I would suggest making multiple options (ie: plans: DSL, SuperDSL, MegaDSL, ExtremeDSL).

 

[fefox]

way too much stuff to go into on this forum, I wrote a business plan for doing a whole building, it didn't use wireless but I might be able to locate it if you want.

your startup costs will be considerable, pulling in the fiber I think I spent about 5k just to get the conduit into the building and fiber loop was only about 50 yards from the building. getting the cable pulled in via the phone company and connected to a ISP I think was another 15k.... ongoing monthly costs were about 2500-3000 for the link if I recall, and then all the switches and cable...

BTW I have loads of fiber patch cables in all kinds of lengths some 300' and a bunch of Cisco Fiber switches still in storage that you could have mega cheap.:biggrin:

find out some current prices for a fiber pull into your building.
then how much a ISP will charge you a month for the link that and the cost of at least one employee to run this thing as those will be your largest ongoing costs..

one thing to remember as well, your in a residential building so you need permits and qualified people to install this stuff so that wont be cheap. even Ethernet requires a electrician to be legal, altho I think they just need a (class M lic) ?? the cable you use will also have to be plenum rated (the kind that doesn't make poisonous smoke) my biggest pain was the conduit to the buildings mechanical room, I had to have 4" holes cored through the concrete for half the length of the building in the lower parking garage and then up into the mechanical room.... that took a week and allot of $$$ and red tape. and before that they have to X-RAY the floors and supports before they drill to see the location of the steel cable in the cement.

find out some prices and and if your still think its a go we can get on the phone if you like, way to much to type :biggrin:

 

[DaleF]

I'm going to SFU currently, and we have a small ISP who provides residence with internet through a similar setup. Plus, I've looked at starting up an ISP (and done quite a bit of research/business plan) and know one person who runs an ISP. He suggested not doing it and mentioned that it is likely to be way more work than you think.
As has been mentioned, you will need to have someone available to do support, and, at least in Western Canada, we're used to having technical support available 24 hours a day. This was an issue with my ISP, because the internet would often go out after hours or on the weekend. Worst case, it went out on Thursday evening of a long weekend, and was out until Monday. So, support, as has been mentioned in this thread, costs. Either will cost you because you have to do it instead of something else or costs you because you have to hire someone else out to do it.
Next point is contention, which is a fancy way of saying how many people you can stuff down your pipe to the internet. My ISP is currently offering us (at least, that's the claim) of 10Mb/s downstream service. Now, they have roughly 1800 customers and 200Mb/s of bandwidth. So that's 1800*10/200=90. Which means that 90 people are fighting over the same bandwidth.
Which is way too high, and it shows anytime it gets busy, like latency jumping up to pings in the range of full seconds, huge packet loss, and speeds that make dialup look speedy. I would suggest something more like a 25-35:1 contention ratio. For the demographic up here, 25:1 would be better, you could probably get away with 35:1 or maybe even higher (but not too much higher, don't want to slow donw too much at peak). So, 35:1 for 175 people at 10Mb/s (seems like a standard speed) is 1.75Gb/s, which needs approxiamately 50Mb/s. A 39:1 contention ratio would be perfect for a T3/DS3/ or OC-1 connection at ~45Mb/s or ~50Mb/s. Should be enough, but it may not be depending on your user's usage patterns. You could consider getting a burstable connection, and setting your traffic shaper/router to burst if things are saturated for too long. Alternatively, get a metered connection and enforce transfer limits and charge people when they go over accordingly.
Also, as another point in the support vein, with that many people, you're going to need to do something better than tell people they owe you money. Billing will be important, and keep in mind the other costs that happen when running a business. Things like business licenses, GST registration and tracking, and other fun things like that.
Next point, and a technical one this time. Wireless is fine, if you do it well. Consumer routers, especially one per floor with more than a few people on them will not work. Most routers choke on more than five people at once. I would suggest not gong with consumer routers and get some proper commercial ones. Unfortunately, they won't be cheap. Also, WDS, unless run on a seperate frequency from the APs (dual band, say 2.4/5GHz or maybe proprietary 900MHz for the backhaul and 5GHz to farm out to your clients, or maybe even licensed spectrum, but that's probably too expensive. Also, 900MHz goes through walls and floors better) is not a good idea. Wire your APs to your core switch if you go that way.
I'd suggest wired ethernet for your client connections, if it isn't that hard to wire into the building. Remember, that (as someone else pointed out) does need to be up to code as well, which may mean an inspection. Wired allows greater bandwidth, and if you run Cat6, a few years down the road when you decide to offer 1Gb/s service, it's easier to upgrade to. Stick a switch in a convenient area, but keep in mind that you can only push normal ethernet cable to 100m (total) in length. You don't want to have your in wall length longer than about 95m (can't remember the official number, but you want to leave room for patches on each end to connect equipment).
Make sure you're using good managed switches for this, in case you need to whack someone's port for a virus flooding your network with traffic or something. Also, allows you to wire up every suite with ethernet, and enable the ports as people pay. If you want, you can also enforce your speed limits on the switches (assuming they're smart enough, not all are), but that could be better done on a router at your headend.
As was mentioned, you will have to police people just plugging a WAP into your network and then sharing it for free with the rest of the floor, as well as deal with possible interference from wireless devices if you go the wireless route.
Also, again, this has been mentioned, but you will have to make sure your users aren't doing things on your network that are illegal. Without breaking privacy laws yourself doing it. Is BT illegal? Of course not. But what happens when you get a complaint against a user (currently, privacy laws say that you shouldn't give the information out, but that doesn't stop whoever from trying to sue you)? What happens if all you've seen is encrypted communication? It's sort of hard to tell if that's a possibly copyright infringing movie or the lastest build of Fedora. Is it even up to you to police copyright? They may legitimately have accidentally dropped a DVD into the mess of cables behind the TV and had it get scratched up badly and are now downloading it to burn a new copy. So you may need legal council as well.
Also, are you thinking of offering value add services that other large ISPs provide? Things like email and webspace. You could run these on your own server, or farm them out. Hosting them with someone else is cheap, but then you also have to worry about their security and not just yours. Same thing goes with DNS. Are you going to run your own or just farm it out? Are you going to transparently proxy webpages to cut down on your outgoing bandwidth? It can really help (to the tune of roughly 6% for Shaw in my hometown), but it introduces new issues in administration.
And the router. Probably best to get something meant to do this rather than build your own, as big a fan of PFsense as I am, I'm not sure how well it scales. If you know PF really well, you could set up your own as well. A good Cisco/Juniper isn't cheap, and then you need to know how to use it or pay someone to come and use it for you.
And then you need to decide if you're going to block anything. Do you want the security issues from your customers by letting them run servers? Do you block incoming traffic to port 25/80/whatever? Are you even going to give your customers publically routable IP adresses or NAT your network off from the rest of the internet and deal with customers when they want to game/chat/whatever on the internet that requires a port mapping?
And once everything is up and running, how are you going to deal with things like abuse and billing? At some level, you will need to monitor your network to see how much bandwidth a user is using (depending on how you charge, you may charge $10/10GB and then $x per additional GB past that). And then what if someone is spoofing your router using ARP poisoning and intercepting people's personal data? You need to monitor a few other things as well to keep that (network abuse) from happening. However, people don't tend to like you watching what they're doing on their connection. I know I'm not a huge fan of my ISP(s) monitorring what I'm doing.
I can't think of anything more right now, but I'm sure I will at some point. Will add more then.