mgcarley
Founder, Hayai Broadband
I spent a large part of last-night and most of this morning pondering over various aspects of the network. As always, I'm trying to find flaws and make recalculations as often as possible so that we don't get caught out.
Because of India's Geography, we are dividing each "circle" as defined by the TRAI in to separate class-A networks. We still don't count traffic between any Hayai customers, but for reasons of topology, it matters.
While we could theoretically just run 1 big Class-A network over the entirety of India and subnetting as necessary, that would essentially limit us to about 16.7 million customers and then we have problems like the ones MTNL/BSNL/Airtel etc do whereby users on a particular IP range can't access a given website.
Now, basically each router is given an internal IP of 10.x.x.x (these private IPs matter only for management of the router by us), and that IP address is determined by your account number through a fairly simple algorithm I decided upon last night.
Customer IDs are made up of the circles 3-digit code then basically numerical order (skipping factors of 255 and 256) so customer ID BOM123456 is not the same as DEL123456, but they would have the same internal IP address on their respective networks, in this case 10.1.226.64 (knowing the IP address of the router is pretty useless for reasons I'll go in to later).
What was giving me problems was how we had planned to implement the Roaming-WiFi (going to a friend's house and using your credentials to log in to Hayai via WiFi). Previously, it was to be such that WiFi users would sign in for a WiFi session via PPPoE or a website, but then I thought: what about users who want to use it at home?
Normally this wouldn't be a problem, but then essentially we would have to allow multiple PPPoE sessions per login ID, but this would not be ideal for us.
Likewise, disallowing multiple PPPoE sessions per login ID would not be good for users who would go and use the service, because then they would have to ensure that the router was switched off at home (because the router would be logged in to PPPoE).
We couldn't use a dialer because those with multiple internet-ready devices (such as Xbox Live, PS3 or even more than 1 computer) would be out-of-luck unless you were to use Internet Connection Sharing or a separate broadband router. But these scenarios I think are less than ideal.
In addition, we couldn't just leave the WiFi open for anyone to see because that's a security risk as well as a huge legal problem (we're supposed to know everyone that uses WiFi), but more importantly, EVEN IF one logged in to WiFi at home, they would still have to log in separately to the other network. Which brings us back to the multiple PPPoE sessions problem.
So after much pacing around the room, I decided on the following solution to the conundrum:
[*]PPPoE will be taken care of by the router. Although it has a management address of 10.x.x.x, that address is not accessible by other customers - it will be assigned either a dynamic or static IP address depending on the plan.
[*]The device has a firewall and full NAT, so your local LAN IP's will be something like 192.168.1.x.
[*]WiFi will be protected by a WPA2-PSK key assigned by Hayai, and will simply be a part of the LAN, so WiFi is now in the control of the customer and you can simply connect any device via Ethernet or WiFi and assuming your computer is set up to get an address via DHCP, the internet will "just work".
[*]Roaming WiFi will be a separate service, and made available in public places. Hayai customers can purchase any number of hours per month on top of their existing plan, so for example, a customer with 5mbit/s unlimited for 2757 inc taxes could purchase 15 non-consecutive hours of WiFi for Rs 217 including taxes, or 90 hours for about Rs1000. **I am still trying to figure out if we could offer a certain number of hours per month to be included in the package.
[/list]
For the PPPoE WiFi, you can use any dialer in any operating system to connect: no special dialers are required. Just choose your 802.11b/g/n card as the connecting device and you're away.
PPPoE authentication is customerid@auth.hayai.co.in (eg BOM123456@auth.hayai.co.in)
WiFi authentication is customerid@wifi.hayai.co.in (eg BOM123456@wifi.hayai.co.in)
The SSID of the router will be Hayai-CUSTID, for example Hayai-BOM123456.
I thought this might pose a privacy concern, but then I decided that due diligence should be practiced on our part, so when you phone us, there is a keyword (which you decide) and 2 or more security questions (which you decide) that will be asked to validate you in addition to your Customer ID.
Also,as previously mentioned, the 128-bit 26-character WPA2-PSK is generated by us, as is the password for your account (10+ characters; lower, upper, numerals and punctuation).
To the internet, you will look like x.x.x.x.CITY.HAYAI.IN (so if you're in Mumbai, you'd be 210-210-210-210.bom.hayai.in, or if you're in Delhi you might be 211-211-211-211.del.hayai.in). This IP address (as mentioned) would be assigned to our CPE, not directly to your PC.
When we introduce IPTV and VOIP services, the CPE will get IP addresses as appropriate on those WAN interfaces but I think they're largely irrelevent anyway, since we just login to the router and update the configuration without you doing anything.
The router get's 1 IP address for each WAN type you subscribe to (it supports up to 8 separate WANs). For most at the moment, this would be just the 1 address.
And I think that's it so far. If anyone has any concerns, spots anything wrong or questions, as always be sure to let me know.
Because of India's Geography, we are dividing each "circle" as defined by the TRAI in to separate class-A networks. We still don't count traffic between any Hayai customers, but for reasons of topology, it matters.
While we could theoretically just run 1 big Class-A network over the entirety of India and subnetting as necessary, that would essentially limit us to about 16.7 million customers and then we have problems like the ones MTNL/BSNL/Airtel etc do whereby users on a particular IP range can't access a given website.
Now, basically each router is given an internal IP of 10.x.x.x (these private IPs matter only for management of the router by us), and that IP address is determined by your account number through a fairly simple algorithm I decided upon last night.
Customer IDs are made up of the circles 3-digit code then basically numerical order (skipping factors of 255 and 256) so customer ID BOM123456 is not the same as DEL123456, but they would have the same internal IP address on their respective networks, in this case 10.1.226.64 (knowing the IP address of the router is pretty useless for reasons I'll go in to later).
What was giving me problems was how we had planned to implement the Roaming-WiFi (going to a friend's house and using your credentials to log in to Hayai via WiFi). Previously, it was to be such that WiFi users would sign in for a WiFi session via PPPoE or a website, but then I thought: what about users who want to use it at home?
Normally this wouldn't be a problem, but then essentially we would have to allow multiple PPPoE sessions per login ID, but this would not be ideal for us.
Likewise, disallowing multiple PPPoE sessions per login ID would not be good for users who would go and use the service, because then they would have to ensure that the router was switched off at home (because the router would be logged in to PPPoE).
We couldn't use a dialer because those with multiple internet-ready devices (such as Xbox Live, PS3 or even more than 1 computer) would be out-of-luck unless you were to use Internet Connection Sharing or a separate broadband router. But these scenarios I think are less than ideal.
In addition, we couldn't just leave the WiFi open for anyone to see because that's a security risk as well as a huge legal problem (we're supposed to know everyone that uses WiFi), but more importantly, EVEN IF one logged in to WiFi at home, they would still have to log in separately to the other network. Which brings us back to the multiple PPPoE sessions problem.
So after much pacing around the room, I decided on the following solution to the conundrum:
[*]PPPoE will be taken care of by the router. Although it has a management address of 10.x.x.x, that address is not accessible by other customers - it will be assigned either a dynamic or static IP address depending on the plan.
[*]The device has a firewall and full NAT, so your local LAN IP's will be something like 192.168.1.x.
[*]WiFi will be protected by a WPA2-PSK key assigned by Hayai, and will simply be a part of the LAN, so WiFi is now in the control of the customer and you can simply connect any device via Ethernet or WiFi and assuming your computer is set up to get an address via DHCP, the internet will "just work".
[*]Roaming WiFi will be a separate service, and made available in public places. Hayai customers can purchase any number of hours per month on top of their existing plan, so for example, a customer with 5mbit/s unlimited for 2757 inc taxes could purchase 15 non-consecutive hours of WiFi for Rs 217 including taxes, or 90 hours for about Rs1000. **I am still trying to figure out if we could offer a certain number of hours per month to be included in the package.
[/list]
For the PPPoE WiFi, you can use any dialer in any operating system to connect: no special dialers are required. Just choose your 802.11b/g/n card as the connecting device and you're away.
PPPoE authentication is customerid@auth.hayai.co.in (eg BOM123456@auth.hayai.co.in)
WiFi authentication is customerid@wifi.hayai.co.in (eg BOM123456@wifi.hayai.co.in)
The SSID of the router will be Hayai-CUSTID, for example Hayai-BOM123456.
I thought this might pose a privacy concern, but then I decided that due diligence should be practiced on our part, so when you phone us, there is a keyword (which you decide) and 2 or more security questions (which you decide) that will be asked to validate you in addition to your Customer ID.
Also,as previously mentioned, the 128-bit 26-character WPA2-PSK is generated by us, as is the password for your account (10+ characters; lower, upper, numerals and punctuation).
To the internet, you will look like x.x.x.x.CITY.HAYAI.IN (so if you're in Mumbai, you'd be 210-210-210-210.bom.hayai.in, or if you're in Delhi you might be 211-211-211-211.del.hayai.in). This IP address (as mentioned) would be assigned to our CPE, not directly to your PC.
When we introduce IPTV and VOIP services, the CPE will get IP addresses as appropriate on those WAN interfaces but I think they're largely irrelevent anyway, since we just login to the router and update the configuration without you doing anything.
The router get's 1 IP address for each WAN type you subscribe to (it supports up to 8 separate WANs). For most at the moment, this would be just the 1 address.
And I think that's it so far. If anyone has any concerns, spots anything wrong or questions, as always be sure to let me know.