ARS Technia has a very informative article on unifi pro gear in a home environment. Very good, but long read.
Disclaimers. I have been in the ISP world since 1991. I cut my teeth on BBS systems and moved onto dial-up. I am also an independent Cambium certified consultant. Read about the consultant program here... I also have clients who run a wide variety of UBNT products, and the last ISP we sold was 90 percent UBNT. We run some UBNT routers in MidWest-IX as well. My father was an attorney for over 40 years. I grew up around attorneys, have regular conversations with friends who are attorneys, and was learning about the law from the time I was 10. Having said that, I am not an attorney. Nothing in here should be construed as an official legal opinion.
So let’s get some background on what has transpired with Cambium and their elevate software. Cambium came up with a way to load their software onto select UBNT wireless units and, after a reboot, had the cambium EPMP software active on them.
Why did this work?
UBNT Airmax radios use U-Boot loader. If you want to read all about it you can read the references at the bottom of this article under References. The thing to know is it is released under the GNU General Public License.
UBNT and Cambium EPMP both use “commodity” wifi chipsets. This keeps the cost down and the software becomes the majority of the “special sauce” that makes them different. This is in contrast to the UBNT Airfiber and Cambium 450 lines. These use custom made chipsets. This is is one reason those lines are more expensive.
By using an open source bootloader and commodity hardware Cambium was able to figure out how to load their own software onto the UBNT devices. UBNT countered with modifying the bootloader to accept only signed software images. The only images that were recognized were ones signed by UBNT. If you are interested in learning more about signed software go here: https://www.quora.com/What-does-signed-firmware-means
Cambium came up with instructions on how to downgrade and by-pass the ability to only load signed firmware onto the device. The method I am aware of is downgrading the installed UBNT firmware to a certain version.
All in all the Elevate process turned the UBNT hardware into a device running Cambium’s software.
The gray areas aka this is why we have attorneys
There are several arguable points in this lawsuit. If you want to read articles on the Lawsuit
Debate #1 – The Hardware
The term Software Defined Radio (SDR) has been around for quite some time now. Basically, this is a radio with very little RF elements to it. Ham radio has been using SDRs for quite some time now. The idea is the manufacturer uses off the shelf components to build a single radio which can do various functions depending on what software is loaded. It also allows features in the chipset to be activated and licensed should the programmer want to support them. It’s interesting to note Wireless is not the only place this is happening. Software Defined Networking (SDN) is a growing thing, as well as a plethora of devices. A PC could be considered a software-defined device. More on that later.
So an argument could be made the UBNT devices are a software defined radio. they did not use custom chips. They most certainly have a proprietary board layout, but that is not a criterion in an SDR. So if a customer buys a piece of hardware, should they be able to load whatever software they want on it?
An argument saying yes they should can be pulled from many areas. This Verge Article (more in the reference at the bottom) says the Government ended the debate in 2015 giving consumers the ability to Jailbreak their phones and devices without legal penalties. Before that is was briefly illegal to “Jailbreak” your phone. This was mainly lead by Apple. The government said it was fair use to Jailbreak, but not carrier unlock your phone without permission.
Apple also went through this briefly when they switched to Intel processor chips. People were figuring out ways to load Apple OSX onto Dells, HP, and other “PCs”. The debate was whether this was legal or not. The following article sums up why these “hackintosh” computers were shut down. By clicking on the “Agree” of the End User License Agreement (EULA) before installing OSX you agree to a great number of things. The short of it was the user license of OSX says you can not install this on non-apple hardware. However, it says nothing about installing non-Apple Operating systems on the hardware. Apple knows it is commodity hardware. If you want to buy a 2000 mac and put windows 10 on it, go ahead. They even help you with an option called Bootcamp.
Our last example is the Linksys WRT54G and DD-WRT and its variants. A quick history of the DD-WRT Controversy doesn’t revolve much around the loading of the software onto Linksys hardware, it involves the use of the GPL license by DD-WRT. There were some FCC concerns, but we will talk about those later.
So the questions to be argued for this point:
Q1.Is the UBNT device a software-defined Radio?
2. Does the user have the legal ability to load whatever software they want to on hardware they own?
Debate #2 – Was the UBNT firmware “hacked” as they allege?
There are lots of unknowns here. Attorneys try to prove intent in arguments like this.
Did Cambium somehow reverse engineer the UBNT software, thus violating copyright laws? At what point is the line crossed? Since UBNT used a bootloader free to everyone, was the simple act of loading new software onto the units a hack? From what I know, and I am not a programmer, is Cambium used the bootloader to overwrite the UBNT software and install their own. How is this any different than installing Linux on a Dell PC? Computers have a bootloader called a BIOS. On a Wireless radio, where does the bootloader stop and the software start? To me, these are clearly defined. Bootloader and Image file.
If you boot up the UBNT unit out of the box without agreeing to the EULA have you violated the EULA? Can you be penalized for loading software onto a device you never had the opportunity to see and agree to anything? Did the simple act of taking it out of a box and booting it up via TFTP cause you to agree to something?
In a Brothers Wisp video on this topic, Justin Miller mentions some arguments on why this can be allowed.
Debate 3 – Did Cambium violate FCC rules?
If we believe the user has the ability to load software onto units they own it is the user, as well who developed the software to go on the device, to follow all laws then it is not up to UBNT to police this. This is the job of the FCC, provided it is agreed that once the user buys the hardware it is theirs. For this specific case, UBNT claims Cambium is violated allowed power limits by loading their software onto the UBNT device. Also, is the new device an FCC certified system? Most likely not unless it is resubmitted to the FCC for testing, and any labels removed and new ones added. However, this is not up to UBNT to enforce this. This is the job of the FCC.
Is UBNT being a steward of the community to bring this to the attention of the FCC, thus saving UBNT from possible issues with the FCC? Maybe, but why not bring suit against any of these others?
It’s interesting to note this page on HamNet
I am not a telecom attorney and I do not know the ins and outs. From what little I know of being in the industry you have to have an FCC certified system with proper identification stickers. I remember when UBNT had to send out stickers for units several years ago for DFS certification. You were supposed to put them on all your upgraded radios to be compliant. By changing the software did Cambium no longer make it a certified system? Or, because they use the same chipset is it still legal in the eyes of the FCC?
Debate 4 – Collusion and the end user
This is the biggest bombshell out of this whole ordeal and actually makes my blood boil. UBNT is suing Cambium of course. They are also suing a distributor and an end-user ISP. Cambium I can understand. UBNT is trying to protect their intellectual property and believe it was violated. They have every right to do so.
The distributor I can understand the argument. The distributor allegedly participated in distributing the “hacked” software. Not saying it’s right or wrong, but I can see why there would be the argument.
The most disturbing part of this an end-user ISP is named in the lawsuit. UBNT is suing a customer who was using the UBNT product and then decided to switch to a competitors product. In the case of elevate, the end-user ISP loaded the software onto their existing hardware. If we go along with the idea of you own the hardware, UBNT is suing a customer who bought their hardware and loaded the elevate software on it. This would be like Dell suing a school corporation for loading Linux onto new PCs they bought.
Many of the arguments you read are about you don’t own the software. If you buy the hardware, and it has a GPL licensed bootloader and load your own software onto the device, what laws have you violated?
Imagine this scenario. A user opens up a UBNT radio they bought. They see it uses an Atheros chipset, like many other radios. They write some code to talk to the hardware, all without ever looking at the software that came on the radio, boot up the unit via TFTP and load their own compiled image onto the hardware. All the while they never have seen the UBNT software. Did they violate any laws or user agreements?
This case and some others will help define who owns the hardware. We know the company, in this case, UBNT, owns the software. You have no legal standing to de-compile their intellectual property. That is cut and dry. What isn’t, is if they are using the same hardware everyone else, the same bootloader, is that considered proprietary? If not, and you overwrite their software were you allowed to because you own the hardware. Is the GPL bootloader considered proprietary? If we apply the analogy the bootloader is the same as the BIOS in the PC, no it is not proprietary. The BIOS debate has already been solved in court. Many of the PC debates have been loading a company’s software onto other hardware, such as Apple Hackintosh Computers and not the other way around, such as this case. As we talked in point 1, in the PC world, Apple even gives you the tools to install other Operating systems.
If UBNT sticks code in that says the bootloader only recognizes signed images is that “hacking” to put your own software on? Is this any different than Jailbreaking an Iphone?
So what does this all mean?
Going forward I believe we will see EULA and licensing agreements change. The hardware from a manufacturer will still be the property of the manufacturer, much like John Deere software.
The definition of what you own and have access to will change.
Proprietary bootloaders will take the place of Open Source bootloaders.
There will be a rise in manufacturers who make white box radios. Will there be a long-term solution? Only time will tell. We are seeing this trend in software-defined networking.
We will see more NDAs to end users about products. I believe we will see fewer case studies on newer products. End users will definitely be more tight-lipped about what they are doing.
So it will be interesting to see how this all plays out. Will there be enough precedent in the hardware world to squash some of this? Or does UBNT have a case? Obviously, UBNT has a responsibility to their shareholders to vigorously defend their Intellectual property. This case will help define where the commodity/open source items stop and where the intellectual property starts.
Where does this leave distributors? Do they want to continue carrying the Elevate product? Do they want to cut relationships with a manufacturer who has sued one of their own? The same goes for the end-user community. Do WISPs want to do business with a company that could potentially sue them for using and talking about a competitor’s product? Do the end users own the hardware they buy? If so, how much freedom do they have? If you don’t own the product, imagine the accounting ramifications.
Feds okay iPhone Jailbreaking
Is the Bios an Operating System?
Google Chromium OS
Offloading – Add CLI commands to disable flow-table flushing in offloading engine when routing table changes: set system offload ipv4 disable-flow-flushing-upon-fib-changes set system offload ipv6 disable-flow-flushing-upon-fib-changes
Prior to 1.10.3 firmware flow-table in offloading engine was always flushed when route was updated in linux routing table. Flow flushing ensured that offloading engine got routing updates instantly but it wasted a lot of CPU time and decreased performance if routing table was constantly updated for (instance in Full BGP, big OSPF or flapping PPPoE interface scenarios)
In 1.10.3 firmware by default disable-flow-flushing-upon-fib-changes is not set which means that flow table in offloading engine is always flushed upon routing table changes same way as it used to be in previous firmware.
If you have Full-BGP table or large OSPF network they you are advised to set disable-flow-flushing-upon-fib-changes this will ensure less CPU-load and increase max throughput.
Important note for multi-WAN environments – if nexthop interface of default-gateway changes and disable-flow-flushing-upon-fib-changes is set then it will take up to flow-lifetime seconds before all existing offloaded flows switch to new nexthop interface (up to 12 seconds by default).
Offloading – Add CLI command to modify flow-lifetime in offloading engine (expressed in seconds):
set system offload flow-lifetime 24Prior to 1.10.3 firmware flow-lifetime parameter was hardcoded and was not synchronized between different ER platforms: 12 seconds on ER-Lite/ER-Poe, 6 seconds on ER/ER-pro/ER-4/ER-6 and 3 seconds on ER-Infinity.
In 1.10.3 firmware default value of flow-lifetime is set to 12 seconds for all ER platforms and now it can be modified. By modifying flow-lifetime parameter you control how much traffic skips from offloading engine into linux network stack.
If you increase flow-lifetime then:
a) Offloaded IP flows will expire less frequently and less packets will be forwarded to linux
b) CPU load will decrease and max throughput will increase
c) if disable-flow-flushing-upon-fib-changes parameter is set then it will take more time for offloading engine to detect changes in routing table
If you decrease flow-lifetime then:
a) Offloaded IP flows will expire more frequently and more packets will be forwarded to linux
b) CPU load will increase and max throughput will decrease
c) if disable-flow-flushing-upon-fib-changes parameter is set then it will take less time for offloading engine to detect changes in routing table
Offloading – add CLI command to show flows in offloading engine: show ubnt offload flows Offloading – add CLI command to show offloading engine statistics: show ubnt offload statistics
Enhancements and bug fixes:
LDP – fixed regression in 1.10.0 when LDP configuration failed. Discussed here LoadBalancing – fixed regression in 1.10.1 when LoadBalancing failed to recover if WAN interface lost&restored link in 3 second interval. Discussed here DHCP – fixed bug when DHCP server configuration failed to commit with networks other than /8, /16, and /24. Discussed here TrafficControl – fixed regression in 1.10.0 when “command not found” output was printed when running “show traffic-control …” commands. Discussed here
I have been meaning to start this review for several weeks. Due to the holidays and sickness that has not happened until now. Recently Ubiquiti Networks released the airCubeAC. I won’t bore you with all the stats, just some of the highlights. For the complete list go here…
-AC radio containing 5ghz and 2.4 Radios (AC Model)
-4 Gigabit ethernet ports
-Supports POE in and Out
One of the first things you notice about the modern UBNT products like this is the nice retail looking package. This could be on the shelf of Best Buy, or on the shelf of any computer shop. The packaging is modern and eye-catching.
After unboxing we find a very minimal packaging.
All that is contained in the packaging is the airCube itself, quick start guide, and the power cord. One of the first things I noticed as I went to plug this in was the length of the power cord. Too many companies give you a short power cord you are always fighting against. This cord has to be 7-8 feet long. In addition, the power plug is a compact size to fit into most surge protectors with ease. It’s the little design features like this which can really make a product shine.
While waiting for it to boot a quick tour around the outside reveals the four gigabit ethernet ports, one of them being the WAN port.
The quickstart guide was very helpful, except for the terminology used for the UMOBILE app. On the IOS store, I finally figured out the UNMS app was the correct one to use. This might be confusing for some folks. Maybe newer documentation reflects the change in the naming.
I connected the Cube to my home network and fired up the app, the wizard was very helpful in getting me connected to the Cube.
The use of the QR code to customize the instructions is a very nice time saver. I was up and connected within 40 seconds. Most of that time was switching over to my settings to connect to the wifi and switching back to the app. A nice feature would be launching the settings app for you. Not sure if such system calls are allowed on iOS but something to consider. On a side note, there is Puerto Rico listed as a country yet again. Not sure why this is a recurring theme with UBNT.
Anytime I get a new device like this one of the first things I do is upgrade the firmware to the latest. This was a very easy process. The app even had a little orange information thing directing me to go check it. The addition of the changelog within the app is a very nice touch. The total firmware upgrade took about 2 minutes.
I made the mistake of switching out of the app before the upgrade was done. The unit was not reporting the firmware was upgraded, and when I tried to upgrade again it gave me an error. Hitting logout on the app and logging back in refreshed the app and confirmed I was indeed at the latest firmware.
It’s getting late, but I wanted to get this out there and get the ball rolling. Look for part 2 coming shortly when I go over the interface in detail. For now, I will leave you with my first impression summary.
The airCube has many nice physical features. The long power cable makes the flexibility of installation easy. No longer do you have to set it in an awkward place just because the power cable did not reach. It does POE in and out, so you could power the unit with a wireless CPE POE if you were a WISP running UBNT gear. This would save on a power plug because you would only need one for your outdoor radio and the airCube. However, if you are deploying these with non-UBNT gear, or simply in a home with fiber or cable the small power plug makes for a neat and compact installation.
Setup was easy, minus the documentation issue on the app to get. This is probably simply the app being updated for whatever reason and the documentation that came with my Cube being behind.
Look for part two coming soon.
One of the most asked questions which comes up in the xISP world is “How do I learn this stuff?”. Depending on who you ask this could be a lengthy answer or a simple one sentence answer. Before we answer the question, let’s dive into why the answer is complicated.
In many enterprise environments, there is usually pretty standard deployment of networking hardware. Typically this is from a certain vendor. There are many factors involved. in why this is. The first is total Cost of Ownership (TCO). It almost always costs less to support one product than to support multiples. Things like staff training are usually a big factor. If you are running Cisco it’s cheaper to train and keep updated on just Cisco rather than Cisco and another vendor.
Another factor involved is economies of scale. Buying all your gear from a certain vendor allows you to leverage buying power. Quantity discounts in other words. You can commit to buying product over time or all at once.
So, to answer this question in simple terms. If your network runs Mikrotik, go to a Mikrotik training course. If you run Ubiquiti go to a Ubiquiti training class.
Now that the simple question has been answered, let’s move on to the complicated, and typically the real world answer and scenario. Many of our xISP clients have gear from several vendors deployed. They may have several different kinds of Wireless systems, a switch solution, a router solution, and different pieces in-between. So where does a person start?
We recommend the following path. You can tweak this a little based on your learning style, skill level, and the gear you want to learn.
1.Start with the Cisco Certified Network Associate (CCNA) certification in Routing and Switching (R&S). There are a ton of ways to study for this certification. There are Bootcamps (not a huge fan of these for learning), iPhone and Android Apps (again these are more focused on getting the cert), online, books, and even youtube videos. Through the process of studying for this certification, you will learn many things which will carry over to any vendor. Things like subnetting, differences between broadcast and collision domains, and even some IPV6 in the newest tracks. During the course of studying you will learn, and then reinforce that through practice tests and such. Don’t necessarily focus on the goal of passing the test, focus on the content of the material. I used to work with a guy who went into every test with the goal of passing at 100%. This meant he had to know the material. CompTIA is a side path to the Cisco CCNA. For reasons explained later, COMPTIA Network+ doesn’t necessarily work into my plan, especially when it comes to #3. I would recommend COMPTIA if you have never taken a certification test before.
2.Once you have the CCNA under your belt, take a course in a vendor you will be working the most with. At the end of this article, I am going to add links to some of the popular vendor certifications and then 3rd party folks who teach classes. One of the advantages of a 3rd party teacher is they are able to apply this to your real world needs. If you are running Mikrotik, take a class in that. Let the certification be a by-product of that class.
3.Once you have completed #1 and #2 under your belt go back to Cisco for their Cisco Certifed Design Associate (CCDA). This is a very crucial step those on a learning path overlook. Think of your networking knowledge as your end goal is to be able to build a house. Steps one and two have given you general knowledge, you can now use tools, do some basic configuration. But you can’t build a house without knowing what is involved in designing foundations, what materials you need to use, how to compact the soil, etc. Network design is no different. These are not things you can read in a manual on how to use the tool. They also are not tool specific. Some of the things in the Cisco CCDA will be specific to Cisco, but overall it is a general learning track. Just follow my philosophy in relationship to #1. Focus on the material.
Once you have all of this under your belt look into pulling in pieces of other knowledge. Understanding what is going on is a key to your success. If you understand what goes on with an IP packet, learning tools like Wireshark will be easier. As you progress let things grow organically from this point. Adding equipment in from a Vendor? Update your knowledge or press the new vendor for training options. Branch out into some other areas ,such as security, to add to your overall understanding.
Never stop learning! Visit our online store for links to recommend books and products.
WISP Based Traning Folks.
These companies and individuals provide WISP based training. Some of it is vendor focused. Some are not. My advice is to ask questions. See if they are a fit for what your goals are.
If you provide training let me know and I will add you to this list.
So today UPS dropped off a brand new EdgeSwitch 16XG. I won’t bore you with all the cool stats. You can read the official product literature here. This is just a first look. Future posts will dive into configuration, testing, and other such things. For those wanting the cliff notes version of what this switch is about:
- (12) SFP+ Ports
- (4) 10G RJ45 Ports
- (1) RJ45 Serial Console Port
- Non-Blocking Throughput: 160 Gbps
- Switching Capacity: 320 Gbps
- Forwarding Rate: 238.10 Mpps
- (12) 1/10 Gbps SFP+ Ethernet Ports
- (4) 1/10 Gbps RJ45 Ethernet Ports
- Rack Mountable with Rack-Mount Brackets (Included)
- DC Input Option (Redundant or Stand-Alone)
UBNT is following a natural trend in the switch world. As more and more networks are looking at 1Gig being their minimum, the switches are reflecting this. Gone are the days of 10/100 ports. Now are going toward 1/10 gig ports, even on copper. 10/100/1000 switches still have their place, but usually not on switches with 10 gig ports.
Out of the box the switch isn’t anything sexy. I feel like it should have a shiny UBNT logo somewhere.
I like the fact that none of the ports are shared ports. You can use all 16 ports. It always annoys me when I buy a switch and can’t use all the ports because they are shared on the bus.
An interesting feature on this switch is a redundant DC input option. This can be anything from 16-25volts and be able to support 56watts. This results in a minimum of a 2.2 Amp power supply. This is assuming a full load on the switch as well. For the WISP market this could be a very handy option. You could install the switch where it is drawing from AC power but in the event of AC outage it will switch to a DC source. One of my questions to UBNT is if you can run it off total DC.
Now on to some nitpicky design things. None of these really affect the performance of the switch, just are annoyances.
-The console port not being on the front. In today’s dense rack environments we are putting patch panels and Transfer switches in the backs of the rack. If we have to get to the back of the front mounted devices then anything other than power becomes an annoyance. This is not an issue if you install every new switch with a console cable back to a console server like we do, but even that doesn’t always happen.
-The SFP cages should stick out just a tad from the front. During inserting and re-inserting SFPs I actually pushed the cage back a little. This resulted in some of the SFPs not clicking in correctly. The little tabs holding the top of the SFP cages aren’t sturdy enough to hold some repeated clicking in and out.
After seeing this I was prompted to open the switch and see what is under the hood.
I think this will be a hugely popular switch for anybody looking to do 10Gig. At a $600 approximate price these are, by far, the most cost effective 10 Gig switch out there. Many manufacturers have tacked on one or two, sometimes 4 SFP+ ports, but if you need to go beyond that you are talking 4 digit pricing. This is something we have struggled with MidWest-IX. It usually leads to us buying something on the used market that has the port density we need.
There you have it for a first look at this switch. More articles to follow that include:
-Questions I and you, the reader, have for UBNT
MTIN is excited to announce our newest support offering, Mnet. Mnet allows customers using Milkrotik and Ubiquiti routers an option of a tiered support level on a per device basis. This allows customers a guaranteed support level at a fixed price. This is an enterprise level support option for critical infrastructure.
The way Mnet works is a customer purchases one of our tiered plans below. They register the serial number with us and we simply provide the paid level of support on that device. This support includes technical support on that device as well as the services included with the purchased Tier.
Tier I (Overwatch) $199 per year (only $16 per month)
This tier is designed for the user who needs the occasional support but wants to make sure things like backups and software are being looked after.
- Basic Remote monitoring & notification of device
- Software notification of upgrades and personalized recommendations on needed action.
- Monthly configurations backup to online secured storage
- Next business day support of issues.
- Hardware replacement option available
- Initial configuration review
Tier II (Operator) $399 per year (only $34 per month)
This tier is for the user who needs that extra bit of help when it comes to configuration and wants an extra set of eyes.
Tier II includes all of the Tier I services and adds
- Weekly configuration backup via e-mail and online secured storage
- Enhanced monitoring & notification of devices
- Same business day support (6 hour maximum lead time)
- Weekend and holiday support (6 hour maximum lead time)
- Discount on consulting services
Tier III (Spec Ops) $599 per year (only $50 per month)
This tier is for absolute mission critical devices.
Tier III includes all of the previous tiers and adds
- Same day business support (2 hour maximum lead time)
- Weekend and holiday support (3 hour maximum lead time)
- Weekly backups of configuration via e-mail and online secured storage
- Quarterly review and recommendations on configuration
Do I have to get this on every device?
No, we recommend this on your critical routers or routers doing advanced services such as BGP or core routing functions.
Does this replace your normal consulting services?
No. This is an add-on to our consulting services. We find we have customers who need help with certain aspects of their network and this fills that gap.
Can I get quantity discounts?
Yes, contact us for a quote
I want to upgrade my router. How will this affect mNET?
We would simply transfer your support contract from the old device to the new one. Upgrade support is included.
What configuration support is included?
Technical support including configuration and troubleshooting is included on supported devices. Other devices can be included at our normal hourly consulting rate.
Do you make changes?
All changes are explained and signed off by customer before being implemented. Changes are done during an agreed upon maintenance window with a change management process.
How do I obtain support?
Customer is provided a login to the MTIN portal. Online tickets are the best method for opening a case. Telephone support is also included, but tickets are normally quicker.
How does the lead time work?
MTIN strives to meet customer expectations. Lead times are the maximum amount of time it will take. Some days this time may be measured in minutes, other times it may be longer.
Do you cover other devices?
Yes, we have plans for AirFiber, Mimosa, and other platforms.
Can I upgrade to a higher Tier?
yes, However it will take 3 business days for upgrades to process. During this time your Tier level will remain the same.
How is payment handled?
Payment is due at device registration.
Can I pay monthly?
No. If you need occasional support please see about hourly consultation services.
If you would like more information please fill out the form below.
So I was messing around one day with an infrared thermometer and decided to see what the temp of a rocket m5 was powered on. This is not scientific by any means. Just something fun.