Aligning an 80GHZ link at a mile and other licensed backhauls

Recently we had a teaching moment for a couple of folks who had not had much experience with aligning higher frequency antennas with very tight beamwidths.  This particular day we were aligning 2 foot Siklu 80GHZ antennas.

One of the questions we often get asked is how do you align these? These questions are usually asked by someone who is familiar with aligning 5ghz antennas with a 10 or 20 degree beam which you can eyeball and has tried a microwave shot. They find out it is much harder.  The higher you go in frequency the tighter and smaller the beam is.  Distance also affects how far off you can be.  Think of it as a laser pointer.  If you have ever taken a laser pointer out at night and shone it a long distance you will notice even the slightest movement will cause it to jump inches, even feet.  Keep laser pointer analogy in mind for this next section.

In order to understand alignment, we need to understand lobes on an antenna. An antenna is just a device that focuses radiation in a direction.  In a licensed microwave setup, these antennas focus the radiation in a tighter “beam”.  Let’s go back to our laser pointer analogy.  Some laser pointers project a smaller dot at 10 feet than others.  Same for antennas.   The diagram below shows what is called the main lobe and the side lobe.

The way to get the best signal is to get both dishes locked on to the main lobe. Sounds easy right? With higher frequencies, you are talking about millimeter waves. This means the main lobe may only be 3mm wide, about the size of this text on a laptop screen.  Now imagine trying to keep that 3mm beam in the center of a paper plate at a mile.  On top of that, the difference between the main lobe and locking onto a side lobe could be the difference of 1-2mm. A slight wind can move a dish 2mm.

To give you a real-world example. A 2ft 23 GHz antenna having 3 dB beamwidth of 1.6 degrees. Allowing for a path length of about 2.5 miles (this is licensed 23GHZ) the actual beamwidth at the receiving antenna is around 370 ft and is, therefore, likely to be greater than the height of the tower. If the antenna’s out of horizontal by even a couple of degrees to start, the antennas will miss by around 460 ft and not be able to “see” each other. This can be amplified as frequency and distance increase.

This is all fine and dandy, but what about the practical world? How do I align the thing?
It all starts with the FCC path coordination paperwork you will receive on your licensed link. There is a wealth of information in here.  It tells you all of the following:
-Your mounting height (this is typically already known)
-Your heading (more on this in a bit)
-The antenna angle downtilt or uptilt (very important)
-The expected signal target

Armed with this information you will have all of the information you need to align the link.  From this point, the philosophical side of things kicks in.  Some tower climbers are good with using a compass to get their exact bearings.  Others have high dollar tools to do it all via GPS such as microwave path alignment from Sunsight.

What everyone doing alignment should have in their toolkit are the following:
-A small magnetic bubble Level. We want to make sure we start with a level mount.  We would be fighting an uphill battle if the pipe or standoff we are mounting to is not level.

-An angle Finder is very helpful for determining the antenna down or uptilt per the path calculation.

Obviously, the above tools are just one of many examples.  There are more expensive ones and bare bones ones.  Tools are only as good as the person using them.

-Ratcheting wrenches for the left and right and up and down adjustments.
Having ratcheting wrenches makes fine-tuning a very easy process.  You will see why later.

-A good hands-free communication method.  Depending on the tower FM communications may or may not work.  Cell phones may or may not work. Being able to talk to the crew on the other end is crucial.  And yes, to make this smooth you want a crew on the other end.

Aligning backhauls, especially microwave, is a skilled trade.  With any skilled trade, you will get all kinds of tips and tricks of the trade.  Some you may use, others you may not.  Ask any Carpenter, Drywaller, or Mason and they will tell you little tips and tricks. They probably all are great and will work, but you may only use some of them.  I am going to tell you mine. You may find others you like better.

We always start with a google earth plot of the path. I call this Phase 1.  The goal of phase 1 is to get the radios talking.  We make sure the line is exactly on the two points, not just approximate.  If the backhaul it on the left side of the tower, we draw the line to/from the left side of the tower.  We then pick 2-3 landmarks along the path as we can.  We start with something close to the tower the climber should be able to see.

In our photo above we have picked out two reference points close to the tower the climber can see.  The first is the clump of trees on the climbers left.  The path passes “just to the right” of the edge of the end of the trees.  The second reference is the intersection of the county roads about 2-3 miles out.  Our path should be just to the right of those.  That point of reference is more of a sanity check. More than anything. The climber at the other end has a similar printout.   I have found communication during this process works best if both climbers and someone logged to at least one radio on the ground with a laptop are on a conference bridge.  Many radios have lights, tones, or multimeter outputs to indicate signal.  Some modern radios only have web-interfaces and apps.  Hold a phone while trying to align can be cumbersome.  This is where the guy on the ground can take some load off what the climbers are doing.

Regardless of the mechanics of the radio, the goal of Phase 1 is to establish a radio link, no matter how bad it is. Now, here is where the real meat and potatoes of backhaul alignment come into play.  This is a very deliberate and calculated process.  Your goal at the end of the entire alignment process is to end up with the following diagram

What many folks don’t realize is it is possible to establish a signal on a side lobe. So how do you know if you are on a side lobe? Here is how we start phase 2. This is what I call fine-tuning. Real original huh? Depending on good, or lucky you were during phase 1 you may have a long way to go or a short way to go to meet target.  Remember that in your paperwork we talked about earlier?  One side and one side only starts moving their fine adjustment on their antenna to the left and right and up and down.  This is typically called sweeping.  The key thing to note here is you need to find the very edges of the radio signal, not just the lobe you happen to be on.

Let’s take a real-world example to explain how sweeping affects main and side lobes.  At the start of this article, we mentioned an 80ghz link.  With our phase 1 rough alignment, we were able to get linked at a -86.  The target was a -32.   The first side to start alignment started sweeping to the right, signal started going from a -86 down to a -72 rather quickly. This was using very small turns of the adjustment.  The ratcheting wrench was only clicking 1-2 times for each 2-3 db of signal change. Once it reached a -72 it started climbing back up.   The climber then kept going to the right to find the edge of the signal, not just the lobe we were on.  The signal started getting worse until we were back into the upper 80’s.

Now, the climber brings the alignment back to the left, and stops at the -72 and makes a mental note of where that is in relationship to the overall placement of the dish, etc.  Some mounts have distinct notches, some guys use markers, others just remember.  Now the climber continues on to the left and the -72 gets worse and goes back down to the -86 and continues to get worse.  So the climber, at least for now, has found the sweet spot for the left and right alignment.  The climber also knows this will probably change, but has found it for now.   Climber repeats the same procedure for the up and down. Due to the anglefinder, the climbers have with them they feel pretty confident they are fairly close with the up and down so they do not adjust the up and down travel as much as the procedure goes on.

Next, the other side does the same procedure the first side did. They do the left to right and get the signal down to a -62. Essentially, what the climbers are trying to do is find the center, which will contain the strongest signal, by sweeping past the other signals.  Keep in mind there may be only millimeters separating these other lobes.  Due to physics, and the shape of the signal, the first lobe is actually stronger than the edges of the main beam.

Say what? The first lobe is stronger than the edges of the main beam? Yes, but not stronger than the main beam.  Let’s go back to our installers. They have each had a go around at alignment and are only at a -62.  On a 5ghz backhaul that would be respectable, depending on your noise floor. But we are 30db away from our target of -32. Some climbers, incorrectly I might add, try to do a shortcut by scanning in an x pattern instead of x and y-axis separately. This makes it easier to lock onto a side lobe.

80ghz backhaul

So now our first climber goes back to making the left and right adjustments.   At this point, the installer finds something odd.  He has gotten the signal down to a -55, but that’s the best he can do. Even a small turn jumps the signal up    Then our installer remembers the above statement.  The first lobe is always stronger than the edges of the main beam.  He gets the signal back down to a -55 and turns the alignment over to the other side.

Here is a very important thing to note.  Both of our installers have now “gotten a feel” for the few turns needed to adjust the signal on these dishes.  To them compared to 5ghz dishes, these are very tiny and almost insignificant movements. But they sure make a difference in signal.  Now our installer at tower B has his second alignment session.  As he is making adjustments the signal is not changing.  He is moving his wrench for what seems like forever and the signal is barely moving, Any other time their signal would have been a -90 or dropped.  What has happened here? The main lobe of one side has locked onto the first lobe because it is always stronger.  Since the main lobe is bigger it seems like it takes forever to make any change.  If we had a guy on the laptop he was probably also probably seeing very mismatched data rates.  One side was probably much higher than the other by a large margin.

Then boom, all of a sudden the signal goes from a -55 to a -42.  A 17 db jump!   We can now tell we are on the main lobe.  If the laptop person looks at the data rates now they should be more balanced.

Data Rates on a Mimosa B11 Rates properly aligned but not fine-tuned

At this point, it is just a simple matter of each side making finer and finer adjustments back and forth to get the signal down.  If you think of the above circle/crosshair you are making smaller and smaller adjustments to nudge toward the center of the circle. This is where the ratcheting wrenches help by giving a very measured amount of travel.  This helps with the whole feel of alignment.  Much of it is feel to see how much you can move the adjustment mechanisms to make the numbers move.  Sometimes it may be a single click of the wrench.  Sometimes it may be one or two.  It just depends.  As you get closer and closer to target you are moving the adjustment less and less.

As you get closer and closer to target you need to be thinking about how tightening down the adjustment bolts will affect the alignment.  Even tightening them down snug can affect the signal.  That extra amount movement to tighten them down can move them slightly past their alignment center.  You may need to take into account the amount of travel it takes to tighten down the adjustment bolt into account on smaller dishes.  If it takes a half turn of the bolt to get it tight you may need to stop a half turn and tighten “into” target.  As you tighten it down fully that is where you end up in align.  If you wait until you are in align and then snug it completely down, the force of snugging it down may pull it past and you will end up with a worse signal.

This article sprinkled in some examples from a real-world install, with some theory, with some practical knowledge. Your mileage and experience will vary.  Your experience with 6ghz vs 80ghz will vary as well. Each frequency will have it’s own quirks and tricks.

Save bandwidth on Apple updates

Like many networks, you have users using Apple devices. iPhones, Ipads, computers, and other Apple devices are constantly updating apps, downloading updates, and other content.  MTIN can install an OSX Caching server on your network. This low powered server caches software updates, allowing faster downloads, especially for new iPhone IOS updates.

Contact MTIN today and learn about our turnkey solutions for making your Apple users happier.

The problem with peering from a logistics standpoint

Many ISPs run into this problem as part of their growing pains.  This scenario usually starts happening with their third or 4th peer.

Scenario.  ISP grows beyond the single connection they have.  This can be 10 meg, 100 meg, gig or whatever.  They start out looking for redundancy. The ISP brings in a second provider, usually at around the same bandwidth level.  This way the network has two pretty equal paths to go out.

A unique problem usually develops as the network grows to the point of peaking the capacity of both of these connections.  The ISP has to make a decision. Do they increase the capacity to just one provider? Most don’t have the budget to increase capacities to both providers. Now, if you increase one you are favouring one provider over another until the budget allows you to increase capacity on both. You are essentially in a state where you have to favor one provider in order to keep up capacity.  If you fail over to the smaller pipe things could be just as bad as being down.

This is where many ISPs learn the hard way that BGP is not load balancing. But what about padding, communities, local-pref, and all that jazz? We will get to that.  In the meantime, our ISP may have the opportunity to get to an Internet Exchange (IX) and offload things like streaming traffic.  Traffic returns to a little more balance because you essentially have a 3rd provider with the IX connection. But, they growing pains don’t stop there.

As ISP’s, especially WISPs, have more and more resources to deal with cutting down latency they start seeking out better-peered networks.  The next growing pain that becomes apparent is the networks with lots of high-end peers tend to charge more money.  In order for the ISP to buy bandwidth they usually have to do it in smaller quantities from these types of providers. This introduces the probably of a mismatched pipe size again with a twist. The twist is the more, and better peers a network has the more traffic is going to want to travel to that peer. So, the more expensive peer, which you are probably buying less of, now wants to handle more of your traffic.

So, the network geeks will bring up things like padding, communities, local-pref, and all the tricks BGP has.  But, at the end of the day, BGP is not load balancing.  You can *influence* traffic, but BGP does not allow you to say “I want 100 megs of traffic here, and 500 megs here.”  Keep in mind BGP deals with traffic to and from IP blocks, not the traffic itself.

So, how does the ISP solve this? Knowing about your upstream peers is the first thing.  BGP looking glasses, peer reports such as those from Hurricane Electric, and general news help keep you on top of things.  Things such as new peering points, acquisitions, and new data centers can influence an ISPs traffic.  If your equipment supports things such as netflow, sflow, and other tools you can begin to build a picture of your traffic and what ASNs it is going to. This is your first major step. Get tools to know what ASNs the traffic is going to   You can then take this data, and look at how your own peers are connected with these ASNs.  You will start to see things like provider A is poorly peered with ASN 2906.

Once you know who your peers are and have a good feel on their peering then you can influence your traffic.  If you know you don’t want to send traffic destined for ASN 2906 in or out provider A you can then start to implement AS padding and all the tricks we mentioned before.  But, you need the greater picture before you can do that.

One last note. Peering is dynamic.  You have to keep on top of the ecosystem as a whole.

WPA is not encrypting your customer traffic

There was a Facebook discussion that popped up tonight about how a WISP answers the question “Is your network secure?” There were many good answers and the notion of WEP vs WPA was brought up.

In today’s society, you need end-to-end encryption for data to be secure. An ISP has no control over where the customer traffic is going. Thus, by default, the ISP has no control over customer traffic being secure.  “But Justin, I run WPA on all my aps and backhauls, so my network is secure.”  Again, think about end-to-end connectivity. Every one of your access points can be encrypted, and every one of your backhauls can be encrypted, but what happens when an attacker breaks into your wiring closet and installs a sniffer on a router or switch port?What most people forget is that WPA key encryption is only going on between the router/ap and the user device.  “But I lock down all my ports.” you say.  Okay, what about your upstream? Who is to say your upstream provider doesn’t have a port mirror running that dumps all your customer traffic somewhere.  “Okay, I will just run encrypted tunnels across my entire network!. Ha! let’s see you tear down that argument!”. Again, what happens when it leaves your network?  The encryption stops at the endpoint, which is the edge of your network.

Another thing everyone hears about is hotspots. Every so often the news runs a fear piece on unsecured hotspots.  This is the same concept.  If you connect to an unsecured hotspot, it is not much different than connecting to a hotspot where the WPA2 key is on a sign behind the cashier at the local coffee shop. The only difference is the “hacker” has an easier time grabbing any unsecured traffic you are sending. Notice I said unsecured.  If you are using SSL to connect to a bank site that session is sent over an encrypted session.  No sniffing going on there.  If you have an encrypted VPN the possibility of traffic being sniffed is next to none. I say next to none because certain types of VPNs are more secure than others. Does that mean the ISP providing the Internet to feed that hotspot is insecure? There is no feasible way for the ISP to provide end to end security of user traffic on the open Internet.

These arguments are why things like SSL and VPNs exist. Google Chrome is now expecting all websites to be SSL enabled to be marked as secure. VPNs can ensure end-to-end security, but only between two points.  Eventually, you will have to leave the safety and venture out into the wild west of the internet.  Things like Intranets exist so users can have access to information but still be protected. Even most of that is over encrypted SSL these days so someone can’t install a sniffer in the basement.

So what is a WISP supposed to say about security? The WISP is no more secure than any other ISP, nor are then any less secure.  The real security comes from the customer. Things like making sure their devices are up-to-date on security patches.  This includes the often forgotten router. Things like secure passwords, paying attention to browser warnings, e-mail awareness, and other things are where the real user security lies. VPN connections to work. Using SSL ports on e-mail. Using SSH and Secure RDP for network admins. Firewalls can help, but they don’t encrypt the traffic. Does all traffic need encrypted? no.

Everything you wanted to know about NTP

Network Time Protocol (NTP) is a service that can be used to synchronize time on network connected devices.   Before we dive into what NTP is, we need to understand why we need accurate time.

The obvious thing is network devices need an accurate clock.  Things like log files with the proper time stamp are important in troubleshooting.  Accurate timing also helps with security prevention measures.  Some attacks use vulnerabilities in time stamps to add in bad payloads or manipulate data. Some companies require accurate time stamps on files and transactions as well for compliance purposes.

So what are these Stratum levels I hear about?
NTP has several levels divided into stratum. All this is the distance from the reference clock source.  A clock which relays UTC (Coordinated Universal Time) that has little to no delay (we are talking nanoseconds) are Stratum-0 servers. These are not used on the network. These are usually atomic and GPS clocks.  A Stratum-0 server is connected to time servers or stratum-1 via GPS or a national time and frequency transmission.  A Stratum 1 device is a very accurate device and is not connected to a Stratum-0 clock over a network.  A Stratum-2 clock receives NTP packets from a Stratum-1 server, a Stratum-3 receives packets from a Stratum-2 server, and so on.  It’s all relative of where the NTP is in relationship to Stratum-1 servers.

Why are there levels?
The further you get away from Stratum-0 the more delay there is.  Things like jitter and network delays affect accuracy.  Most of us network engineers are concerned with milliseconds (ms) of latency.  Time servers are concerned with nanoseconds (ns). Even a server directly connected to a Stratum-0 reference will add 8-10 nanoseconds to UTC time.

My Mikrotik has an NTP server built in? Is that good enough?
This depends on what level of accuracy you want. Do you just need to make sure all of your routers have the same time? then synchronizing with an upstream time server is probably good enough. Having 5000 devices with the same time, AND not having to manually set them or keep them in sync manually is a huge deal.

Do you run a VOIP switch or need to be compliant when it comes to transactions on servers or need to be compliant with various things like Sox compliance you may need a more accurate time source.

What can I do for more accurate time?
Usually, a dedicated appliance is what many networks use.  These are purpose built hardware that receives a signal from GPS. the more accurate you need the time, the more expensive it will become.  Devices that need to be accurate to the nanosecond are usually more expensive than ones accurate to a microsecond.

If you google NTP Appliance you will get a bunch of results.  If you want to setp up from what you are doing currently you can look into these links:

http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html

How to Build a Stratum 1 NTP Server Using A Raspberry Pi

 

Building a Stratum 1 NTP Server with a Raspberry Pi

 

The problem with speedtests

Imagine this scenario. Outside your house, the most awesome super highway has been built.  It has a speed limit of 120 Mile Per Hour.  You calculate at those speeds you can get to and from work 20 minutes earlier. Life is good.  Monday morning comes, you hop in your Nissan GT-R, put on some new leather driving gloves, and crank up some good driving music.  Your pull onto the dedicated on-ramp from your house and are quickly cruising at 120 Miles an hour. You make it into work before most anyone else. Life is good.  

Near the end of the week, you notice more and more of your neighbours and co-workers using this new highway.  Things are still fast, but you can’t get up to speed to work like you could earlier in the week.  As you ponder why you notice you are coming up on the off-ramp to your work.  Traffic is backed up. Everyone is trying to get to the same place.  As you are waiting in the line to get off the super highway, you notice folks passing you by going on down the road at high rates of speed.  You surmise your off-ramp must be congested because it is getting used more now.

Speedtest servers work the same way. A speedtest server is a destination on the information super-highway. Man, there is an oldie term.  To understand how speedtest servers work we need a quick understanding of how the Internet works.   The internet is basically a bunch of virtual cities connected together.  Your local ISP delivers a signal to you via Wireless, Fiber, or some sort of media. When it leaves your house it travels to the ISP’s equipment and is aggregated with your neighbours and sent over faster lines to larger cities. It’s just like a road system. You may get access via a gravel road, which turns into a 2 lane blacktop, which then may turn into a 4 lane highway, and finally a super-highway.  The roads you take depend on where you are going. Your ISP may not have much control over how the traffic flows once it leaves their network.

Bottlenecks can happen anywhere. Anything from fiber optic cuts, oversold capacity, routing issues, and plain old unexpected usage. Why are these important? All of these can affect your speedtest results and can be totally out of control of your ISP and you.  They can also be totally your ISP’s fault. They can also be your fault, just like your car can be.  An underpowered router can be struggling to keep up with your connection. Much like a moped on the above super-highway can’t keep up with a 650 horsepower car to fully utilize the road, your router might not be able to keep up either.  Other things can cause issues such as computer viruses, and low performing components.

Just about any network can become a speedtest.net node or a node with some of the other speedtest sites.  These networks have to meet minimum requirements, but there is no indicator of how utilized these speedtest servers are.  A network could put up one and it’s 100 percent utilized when you go running a speedtest. This doesn’t mean your ISP is slow, just the off-ramp to that speedtest server is slow.

The final thing we want to talk about is the utilization of your internet pipe from your ISP.  This is something most don’t take into consideration.  Let’s go back to our on-ramp analogy.  Your ISP is selling you a connection to the information super-highway.   Say they are selling you a 10 megabyte download connection.  If you have a device in your house streaming an HD Netflix stream, which is typically 5 megs or so, that means you only have 5 megs available for a speedtest while that HD stream is happening. Speedtest only test your current available capacity.  Many folks think a speedtest somehow stops all the traffic on your network, runs the test, and starts the traffic. It doesn’t work that way. A speedtest tests the available capacity at that point in time.  The same is true for any point between you and the speedtest server.  Remember our earlier analogy about slowing down when you got to work because there were so many people trying to get there.  They exceeded the capacity of that destination.  However, that does not mean your connection is necessarily slow because people were zooming past you on their way to less congested destinations.

This is why speedtest results should be taken with a grain of salt. They are a useful tool, but not an absolute. A speedtest server is just a destination.  That destination can have bottlenecks, but others don’t.  Even after this long article, there are many other factors which can affect Internet speed. Things we didn’t touch on like Peering, the technology used, speed limits, and other things can also affect your internet speed to destinations.

Some Random Visio diagram

Below, We have some visio diagrams we have done for customers.

This first design is a customer mesh into a couple of different data centers. We are referring to this as a switch-centric design. This has been talked about in the forums and switch-centric seems like as good as any.

This next design is a netonix switch and a Baicells deployment.

Design for a customer