The new age of case studies

After the recent filing of Ubiquiti vs Cambium, Winncom, and BLIP networks the question of case studies has come up.  One of the pieces of complaints is a case study Blip Networks did on Cambium Elevate.

What changes do you think will be forthcoming in future case studies? Should end users who do the case study require more terms from the manufacturer they are doing the case study to protect themselves? Are we going to see actual legal documents for any case studies to be done? Or are companies just not going to want to do case studies for fear of opening themselves up for retaliation?

I am interested to know your thoughts.

ALG Antenna test vs Jirous dishes

The following are results from a series of tests of AGLcom’s parabolic dish antennas on an existing link that is 5.7 miles long. The link typically passes 80-90Mbs with a TX capacity of 140 Mbs and radios used are Ubiquiti AF5X operating at 5218 Mhz.  A full PDF with better Readability can be downloaded here..

The tests were taken in stages:

  1. 1)  The normal performance of the link was recorded.
  2. 2)  The 2′ dish at one end, B, was replaced with the AGLcom, C, dish and the link reestablished.The link performance was recorded.
  3. 3)  The 2′ dish at the other end, A, was replaced with the AGLcom, D, dish and the link reestablished. The link performance was recorded.
  4. 4)  The setting on the AF5xs were adjusted to optimize the link performance with data recorded.
  5. 5)  The 2′ dish, B was put back in the link and the performance was recorded.
  6. 6)  The ACLcom C was put back into place.

The tables below do not follow the test order as the third line of data was actually the last test performed.

Antennas:

A-Jirous JRC-29EX MIMO
B-Jirous JRC-29EX MIMO C-AGLcom – PS-6100-30-06-DP D-AGLcom – PS-6100-29-06-DP-UHP

Results:

Table 1 is the signal strength results of the various dishes on the link. The first line, A-B, is the original Jirous to Jirous. A is the first two columns of the link and are the A side and the last two columns are the B side on the link. What is of interest is that exchanging B to C in the second line brought the signal deviation between the channels to only 1db and 0 db as seen in Table 2. The third line was a result of replacing the horn on the A dish and optimizing the setting on the AF5X radios. This changed the signal by around 7db and improved the link capacity, Table 3. Clearly, the A dish had a problem with the original horn.

In the fourth line, D-B, the signal strength improved as well at the signal deviation on the two channels, Table 2 first two columns. This link was not optimized. The fifth line, D-C is both AGLcom dishes which improved the bandwidth, Table 3, and the signal deviations, Table 2. The final line, D-C, was the previous line optimized. The signal strengths moved closer together and the bandwidth improved.

Link Ch0 Ch1 Ch0 Ch1

  1. A-B  -73 -76
  2. A-C  -73 -74

A*-C -64 -66

  1. D-B  -63 -62
  2. D-C  -62 -62

D*-C -60 -60

-70 -74 -71 -71 -65 -66 -59 -59 -58 -58 -61 -61

Signal Strength (* optimized data) Table 1

Table 2 has four data columns, the first two being the measured results and the latter two being the measured difference from theory. The Jirous and AF5X calculators were used for the theory signals. Clearly the signal approached the theoritical limit with the optimization and with the change of dishes. The optimization improved the signal by ~9db for the link that we replaced the horn on the Jirous and by ~2db for the AGLcom link.

Link dSig dSig A-B 3 4 A-C 1 0 A*-C 2 1 D-B -1 0 D-C 0 0 D*-C 0 0

dSig dSig -16.5 -17.4 -17.0 -15.0 -8.0 -9.0 -13.3 -5.3 -7.0 -4.3 -5.0 -6.0

Signal strength variation from theory Table 2

The band width improvement was more obvious, Table 3, from 22 Mbs to 39 Mbs for the RX and 144 Mbs to 141 Mbs TX for the link with the horn replacement. The bandwidth improvement for the optimization of the AGLcom link was from 61Mbs to 66Mbs RX and from 211Mbs to 267Mbs for TX.

The bandwidth improvement from the original, optimized link to the AGLcom link is from 61Mbs RX to 67Mbs and from 210Mbs TX to 267Mbs. There is a clear improvement for the AGLcom link over the Jirous link.

Link BW-RX

  1. A-B  22.5
  2. A-C  39.0

A*-C 60.9

  1. D-B  61.4
  2. D-C  60.6

D*-C 66.6

BW-TX 144.6 141.4 210.0 211.0 215.0 267.6

Table 3

Conclusions:

The data supports a measurable improvement in both signal strength and bandwidth with the use of the AGLcom dishes. However, it is difficult to quantify the improvement. The Jirous dishes were identical whereas the AGLcom dishes were not. One of the jirous dishes was under performing initially but was repaired for the last tests. Additional testing is needed to provide accurate data analysis and performance comparison. The best performance tests would involve identical AGLcom dishes, ideally two links, one each of both types of dishes.

The importance of phone numbers in a WISP

One of the things I see startup wisps do wrong is their use of phone numbers.  This is one of those details that is often overlooked but is critical. It’s critical not only for tracking but also for the sanity of everyone involved.  Let’s identify where many WISPs go wrong.

The typical startup wisp is a type A go-getter. This is what Entrepreneurs are by default.  Once they have a plan they jump head over heels in. Many may start with a simple phone number, but when they call a customer if they are on their way to do an install or something they end up using their phone number.  The problem is customers keep this cell phone.  If the office is closed they start texting or calling any number they have.  Some customers will be respectful of boundaries, but many will not.  If they are getting packet loss at 3 am they are calling and texting.  This problem compounds as you grow and you have multiple installers involved. You want customer issues tracked in some sort of ticket/CRM system. You also don’t want your employees ahev to answer customer texts or calls after hours if they aren’t being paid.  It’s one of the quickest ways for employees to get burnt out or say the incorrect things.

So how do you solve this? The simple buzzword answer is unified communications.  One of the easiest and cheapest is Google Voice. With Google Voice and others, you have a primary number. This is the number you give out to clients. They call this and it rings another phone or phones.  This can be an extension on the VOIP system it is a part of, another number, and/or cell phones.  Depending on the level of sophistication it can ring all the programmed numbers at once, or ring one, and move on to the next one. If no one answers it drops the caller into voice mail. With Google voice, the programmed numbers are all rang at once.

The inbound ringing is pretty standard.  The “trick” for the WISP is the outgoing calling. You want to be able to call a customer and have it come up as the main number’s caller ID, not your cell phone. Most PBX systems can be set up to do this with the extensions attached to them.  Cell phone calls are a little more complicated.  The way Google Voice solves this is through the use of forwarding numbers, You bring up the app, enter a number and it actually calls a different number.  Behind the scenes, it is using this forwarding number to “spoof” your number to the person you are calling.   Your phone is not calling the other party directly. Your phone calls this forwarding number behind the scenes and works it all out on the backend.

Other vendors have Apps which do similar functions. Asterisk has their DISA function.  Once you have these functions setup it boils down to training and processes.  Your installers need to remember to use the app or the function when calling customers.  As the company grows, a way to help this situation is for employees to not use personal cell phones.  If a company provides a cell phone the employee can customize voicemail, or even forward no answers to the help desk should a customer get the cell phone.

Hope this helps one of the glaring issues a startup faces.

Cambium Roadshow 2018 Morning Session

Recently I attended the Cambium Roadshow 2018. Some notes.

-Epmp 3000 expected to be here in September.  4×4 Mimo product. Early marketing should be coming in the next couple of weeks.
-820C pricing is getting aggressive.
-Mikrotik Open beta Elevate is out.  Ability to elevate Mikrotik units.

Force 300
-second radio can be used as management access or a realtime spectrum analyzer
-No more java client for the analyzer
-65k packets per second
-About 10% throughput at the sector in a legacy network.  Future software updates can lessen this.
-Dynamic spectrum capability
-Future vision is to have CNMaestro be aware of spectrum. This opens up the ability to view channels and interference on a network level.

450 Product Line
-Channel sizes have increased to 30 and 40mhz
-450b radios Integrated (17dBi for $299) and high gain (24dBi for $349)
-New processor
-4.9-5.925 GHZ
-Single gigabit port
-30 volt power supply, polarity Agnostic
-450 3.65 will be SaS compliant

cnArcher
-iPhone app should be here soon.
-Ability to push configs from the App

450M
-8×8 mimo due to physical size. 12×12 or 16×16 would mean a very large product
-Integrated 90 degree sector
-Direct DC power
-SFP port
-Current SMs will connect

 


MTIN Family of web-sites
www.mtin.net
www.j2sw.com
www.indycolo.net
www.startawisp.info

Winbox brute Force

You really should not have your winbox port open to anything but a management network, but if you need a script to help with brute force on the Mikrotik.
add action=drop chain=input comment="drop winbox brute forcers" dst-port=8291 \
protocol=tcp src-address-list=winbox_blacklist
add action=add-src-to-address-list address-list=winbox_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=8291 \
protocol=tcp src-address-list=winbox_stage3
add action=add-src-to-address-list address-list=winbox_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
protocol=tcp src-address-list=winbox_stage2
add action=add-src-to-address-list address-list=winbox_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
protocol=tcp src-address-list=winbox_stage1
add action=add-src-to-address-list address-list=winbox_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
protocol=tcp
add action=drop chain=forward comment="drop WINBOX brute downstream" dst-port=8291 \
protocol=tcp src-address-list=winbox_blacklist

Of course changing your Winbox port number and disallowing access from anything but trusted Ip addresses is one of the best ways.

What is a BGP Confederation?

In network routing, BGP confederation is a method to use Border Gateway Protocol (BGP) to subdivide a single autonomous system (AS) into multiple internal sub-AS’s, yet still advertise as a single AS to external peers. This is done to reduce the number of entries in the iBGP routing table.  If you are familiar with breaking OSPF domains up into areas, BGP confederations are not that much different, at least from a conceptual view.

And, much like OSPF areas, confederations were born when routers had less CPU and less ram than they do in today’s modern networks. MPLS has superseded the need for confederations in many cases. I have seen organizations, who have different policies and different admins break up their larger networks into confederations.  This allows each group to go their own directions with routing policies and such.

if you want to read the RFC:https://tools.ietf.org/html/rfc5065

Mikrotik Releases 6.42

From Mikrotik

We have released new RouterOS versions in current channel.

To upgrade, click “Check for updates” at “System/Package” in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

What’s new in 6.42 (2018-Apr-13 11:03):

!) tile – improved system performance and stability (“/system routerboard upgrade” required);
!) w60g – increased distance for wAP 60G to 200+ meters;
*) bridge – added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge – added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge – added per-port learning options;
*) bridge – added support for static hosts;
*) bridge – fixed “master-port” configuration conversion from pre-v6.41 RouterOS versions;
*) bridge – fixed bridge port interface parameter under “/interface bridge host print detail”;
*) bridge – fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge – fixed incorrect “fast-forward” enabling when ports were switched;
*) bridge – fixed MAC learning for VRRP interfaces on bridge;
*) bridge – fixed reliability on software bridges when used on devices without switch chip;
*) bridge – hide options for disabled bridge features in CLI;
*) bridge – show “hw” flags only on Ethernet interfaces and interface lists;
*) capsman – added “allow-signal-out-of-range” option for Access List entries;
*) capsman – added support for “interface-list” in Access List and Datapath entries;
*) capsman – improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman – log “signal-strength” when successfully connected to AP;
*) certificate – added PKCS#10 version check;
*) certificate – dropped DES support and added AES instead for SCEP;
*) certificate – dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate – fixed incorrect SCEP URL after an upgrade;
*) chr – added “open-vm-tools” on VMware installations;
*) chr – added “qemu-guest-agent” and “virtio-scsi” driver on KVM installations;
*) chr – added “xe-daemon” on Xen installations;
*) chr – added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr – added support for booting from NVMe disks;
*) chr – added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr – added support for NIC hot-plug on VMware and Xen installations;
*) chr – fixed additional disk detaching on Xen installations;
*) chr – fixed interface matching by name on VMware installations;
*) chr – fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr – fixed suspend on Xen installations;
*) chr – make additional disks visible under “/disk” on Xen installations;
*) chr – make Virtio disks visible under “/disk” on KVM installations;
*) chr – run startup scripts on the first boot on AWS and Google Cloud installations;
*) console – fixed “idpr-cmtp” protocol by changing its value from 39 to 38;
*) console – improved console stability after it has not been used for a long time;
*) crs1xx/2xx – added BPDU value for “ingress-vlan-translation” menu “protocol” option;
*) crs212 – fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 – fixed known multicast flooding to the CPU;
*) crs3xx – added switch port “storm-rate” limiting options;
*) crs3xx – added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet – fixed “detect-internet” feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp – improved DHCP service reliability when it is configured on bridge interface;
*) dhcp – reduced resource usage of DHCP services;
*) dhcpv4-server – added “dns-none” option to “/ip dhcp-server network dns”;
*) dhcpv6 – make sure that time is set before restoring bindings;
*) dhcpv6-client – added info exchange support;
*) dhcpv6-client – added possibility to specify options;
*) dhcpv6-client – added support for options 15 and 16;
*) dhcpv6-client – implement confirm after reboot;
*) dhcpv6-server – added DHCPv4 style user options;
*) dns – do not generate “Undo” messages on changes to dynamic servers;
*) email – set maximum number of sessions to 100;
*) fetch – added “http-content-type” option to allow setting MIME type of the data in free text form;
*) fetch – added “output” option for all modes in order to return result to file, variable or ignore it;
*) fetch – increased maximum number of sessions to 100;
*) filesystem – implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig – properly apply configuration provided by Flashfig;
*) gps – improved NMEA sentence handling;
*) health – added log warning when switching between redundant power supplies;
*) health – fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot – improved HTTPS matching in Walled Garden rules;
*) ike1 – display error message when peer requests “mode-config” when it is not configured;
*) ike1 – do not accept “mode-config” reply more than once;
*) ike1 – fixed wildcard policy lookup on responder;
*) ike2 – fixed framed IP address received from RADIUS server;
*) interface – improved interface configuration responsiveness;
*) ippool – added ability to specify comment;
*) ippool6 – added pool name to “no more addresses left” error message;
*) ipsec – fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec – improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec – properly detect interface for “mode-config” client IP address assignment;
*) ipv6 – fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 – update IPv6 DNS from RA only when it is changed;
*) kidcontrol – initial work on “/ip kid-control” feature;
*) led – added “Dark Mode” support for wAP 60G;
*) led – added w60g alignment trigger;
*) led – fixed unused “link-act-led” LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led – removed unused “link-act-led” trigger for devices which does not use it;
*) lte – added initial support for Quectel LTE EP06-E;
*) lte – added initial support for SIM7600 LTE modem interface;
*) lte – added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte – do not add DHCP client on LTE modems that doesn’t use DHCP;
*) lte – fixed DHCP client adding for MF823 modem;
*) lte – fixed LTE band setting for SXT LTE;
*) mac-ping – fixed duplicate responses;
*) modem – added initial support for AC340U;
*) netinstall – fixed MMIPS RouterOS package description;
*) netinstall – sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch – limit to read, write, test and reboot policies for Netwatch script execution;
*) poe – do not show “poe-out-current” on devices which can not determine it;
*) poe – hide PoE related properties on interfaces that does not provide power output;
*) ppp – added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp – allow to override remote user PPP profile via “Mikrotik-Group”;
*) quickset – fixed NAT if PPPoE client is used for Internet access;
*) quickset – properly detect IP address when one of the bridge modes is used;
*) quickset – properly detect LTE interface on startup;
*) quickset – show “G” flag for guest users;
*) quickset – use “/24” subnet for local network by default;
*) r11e-lte – improved LTE connection initialization process;
*) rb1100ahx4 – improved reliability on hardware encryption;
*) routerboard – added RouterBOOT “auto-upgrade” after RouterOS upgrade (extra reboot required);
*) routerboard – properly detect hAP ac^2 RAM size;
*) sniffer – fixed “/tool sniffer packet” results listed in incorrect order;
*) snmp – added “/caps-man interface print oid”;
*) snmp – added “/interface w60g print oid”;
*) snmp – added “board-name” OID;
*) snmp – improved request processing performance for wireless and CAP interfaces;
*) ssh – fixed SSH service becoming unavailable;
*) ssh – generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh – improved key import error messages;
*) ssh – remove imported public SSH keys when their owner user is removed;
*) switch – hide “ingress-rate” and “egress-rate” for non-CRS3xx switches;
*) tile – added “aes-ctr” hardware acceleration support;
*) tr069-client – added “DownloadDiagnostics” and “UploadDiagnostics”;
*) tr069-client – correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client – fixed “/tool fetch” commands executed with “.alter” script;
*) tr069-client – fixed HTTPS authentication process;
*) traffic-flow – fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade – improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups – improved communication between router and UPS;
*) ups – improved disconnect message handling between RouterOS and UPS;
*) userman – added support for ARM and MMIPS platform;
*) w60g – added “tx-power” setting (CLI only);
*) w60g – added RSSI information (CLI only);
*) w60g – added TX sector alignment information (CLI only);
*) watchdog – retry to send “autosupout.rif” file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox – added “antenna” setting under GPS settings for MIPS platform devices;
*) winbox – added “crl-store” setting to certificate settings;
*) winbox – added “insert-queue-before” to DHCP server;
*) winbox – added “use-dn” setting in OSPF instance General menu;
*) winbox – added 160 MHz “channel-width” to wireless settings;
*) winbox – added DHCPv6 client info request type and updated statuses;
*) winbox – added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox – added possibility to delete SMS from inbox;
*) winbox – allow to comment new object without committing it;
*) winbox – allow to open bridge host entry;
*) winbox – fixed name for “out-bridge-list” parameter under bridge firewall rules;
*) winbox – fixed typo from “UPtime” to “Uptime”;
*) winbox – fixed Winbox closing when viewing graph which does not contain any data;
*) winbox – improved stability when using trackpad scrolling in large lists;
*) winbox – made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox – moved “ageing-time” setting from STP to General tab;
*) winbox – moved OSPF instance “routing-table” setting in OSPF instance General menu;
*) winbox – removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox – show Bridge Port PVID column by default;
*) winbox – show CQI in LTE info;
*) winbox – show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox – show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox – use proper graph name for HDD graphs;
*) wireless – added “realm-raw” setting for “/interface wireless interworking-profiles” (CLI only);
*) wireless – added initial support for “nstreme-plus”;
*) wireless – added support for “band=5ghz-n/ac”;
*) wireless – added support for “interface-list” for Access List entries;
*) wireless – added support for legacy AR9485 chipset;
*) wireless – enable all chains by default on devices without external antennas after configuration reset;
*) wireless – fixed “wds-slave” channel selection when single frequency is specified;
*) wireless – fixed incompatibility with macOS clients;
*) wireless – fixed long “scan-list” entries not working for ARM based wireless interfaces;
*) wireless – fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless – fixed RB911-5HnD low transmit power issue;
*) wireless – fixed RTS/CTS option for the ARM based wireless devices;
*) wireless – fixed wsAP wrong 5 GHz interface MAC address;
*) wireless – improved compatibility with specific wireless AC standard clients;
*) wireless – improved Nv2 PtMP performance;
*) wireless – improved packet processing on ARM platform devices;
*) wireless – improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless – improved wireless scan functionality;