ISP Style Setup - Distributing public IPs to tenants with speed limits

roesljas
Getting noticed

ISP Style Setup - Distributing public IPs to tenants with speed limits

Hi,

 

I'm just curious to know if Meraki switches or security appliances would be a good choice for a small ISP style setup?

 

In this scenario you take in a large pipe from a wholesaler with a stack of public IP addresses and separately distribute them to each tenant in your property. Each tenant gets a public IP address that is delivered to it via DHCP in an isolated VLAN.

 

Furthermore you would need to do customised speeds per client, e.g. 20/20 , 50/50 , 100/100 etc. I note that the MS L3 switches could probably do this apart from the bandwidth management. And the MX's would do the bandwidth but probably not deal with the public IPs in and out so well.

 

We work with a small ISP who provides this exact setup but they use Juniper switches and MicroTrik routers connected via radio links etc.

 

Thanks

 

Jason

6 REPLIES 6
PhilipDAth
Kind of a big deal
Kind of a big deal

It wouldn't be my first choice ...

 

But you should be able to do this using the NO-NAT option in the MX in the 15.x code.  Then create a VLAN per port, and assign a group policy to that VLAN.

 

Another option is to have a single VLAN, and use NO-NAT mode again, but put the entire public IPv4 subnet in that one VLAN.

Then make the clients use their own CPE.  These CPE will show up individually as clients.  Assign a group policy to each one with the appropriate traffic shapping.

I would probably make the default policy be something horrible like 64Kb/s, so a client can get plugged in, and then you assign the policy after that.

Nash
Kind of a big deal

Generally speaking, when I hear people talking about small ISPs, I hear Mikrotik, FiberStore whitebox switches, and Juniper. Mikrotik especially in the wireless ISP market.

 

I really think you should explore the standard technology stack in use by your competitors, rather than going for Meraki. There's a reason they've got a pretty standard stack. It's because it works, and it works real well.

 

If you want to act like a small ISP, I'd recommend getting in touch with one of the consulting firms that specialize in that space. They'll be experts in the appropriate technology and able to help you create a solid design.

jdsilva
Kind of a big deal

I did something similar to this with a customer. I used one VLAN per suite, and gave each suite a /29 private subnet behind an MX. If the tenant required a public IP for inbound traffic then we'll create a DHCP reservation for the tenant router, and map a 1:1 NAT from a public IP to the reservation IP. 

 

 

Hi jdsilva

 

Thanks for the reply.

 

How many IPs did you pass through? Were the /29 subnets on the inside private or public IPs?

 

Thanks

 

Jason

jdsilva
Kind of a big deal

The inside VLANs were private. We allocated a /28 I think for outside translations working under the premise that not every tenant would request one, which is the case. I don't think a single one has yet to the best of my knowledge. 

roesljas
Getting noticed

Hi thanks, this is just for my interest. I'm not about to start an ISP.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.