UBNT Air Cube first impressions

I have been meaning to start this review for several weeks.  Due to the holidays and sickness that has not happened until now.  Recently Ubiquiti Networks released the airCubeAC. I won’t bore you with all the stats, just some of the highlights.  For the complete list go here…

-AC radio containing 5ghz and 2.4 Radios (AC Model)
-4 Gigabit ethernet ports
-Supports POE in and Out

One of the first things you notice about the modern UBNT products like this is the nice retail looking package.  This could be on the shelf of Best Buy, or on the shelf of any computer shop. The packaging is modern and eye-catching.

After unboxing we find a very minimal packaging.

All that is contained in the packaging is the airCube itself, quick start guide, and the power cord. One of the first things I noticed as I went to plug this in was the length of the power cord.  Too many companies give you a short power cord you are always fighting against.  This cord has to be 7-8 feet long. In addition, the power plug is a compact size to fit into most surge protectors with ease.  It’s the little design features like this which can really make a product shine.

While waiting for it to boot a quick tour around the outside reveals the four gigabit ethernet ports, one of them being the WAN port.

The quickstart guide was very helpful, except for the terminology used for the UMOBILE app. On the IOS store, I finally figured out the UNMS app was the correct one to use. This might be confusing for some folks. Maybe newer documentation reflects the change in the naming.

I connected the Cube to my home network and fired up the app, the wizard was very helpful in getting me connected to the Cube.

The use of the QR code to customize the instructions is a very nice time saver.  I was up and connected within 40 seconds.  Most of that time was switching over to my settings to connect to the wifi and switching back to the app. A nice feature would be launching the settings app for you.  Not sure if such system calls are allowed on iOS but something to consider.  On a side note, there is Puerto Rico listed as a country yet again. Not sure why this is a recurring theme with UBNT.

Anytime I get a new device like this one of the first things I do is upgrade the firmware to the latest. This was a very easy process. The app even had a little orange information thing directing me to go check it. The addition of the changelog within the app is a very nice touch. The total firmware upgrade took about 2 minutes.

I made the mistake of switching out of the app before the upgrade was done. The unit was not reporting the firmware was upgraded, and when I tried to upgrade again it gave me an error. Hitting logout on the app and logging back in refreshed the app and confirmed I was indeed at the latest firmware.

It’s getting late, but I wanted to get this out there and get the ball rolling.  Look for part 2 coming shortly when I go over the interface in detail. For now, I will leave you with my first impression summary.

The airCube has many nice physical features.  The long power cable makes the flexibility of installation easy.  No longer do you have to set it in an awkward place just because the power cable did not reach.  It does POE in and out, so you could power the unit with a wireless CPE POE if you were a WISP running UBNT gear. This would save on a power plug because you would only need one for your outdoor radio and the airCube. However, if you are deploying these with non-UBNT gear, or simply in a home with fiber or cable the small power plug makes for a neat and compact installation.

Setup was easy, minus the documentation issue on the app to get.  This is probably simply the app being updated for whatever reason and the documentation that came with my Cube being behind.

Look for part two coming soon.

 

Interesting Mikrotik GUI behavior

While bringing up a BGP session for a client I kept trying to add our side of a /126.  It kept reverting to the network address.  The video shows what happens when I tried to add ::12/126 to the IPV6 addresses.

After some second-guessing and then some Facebook chatting I decided to do a terminal /ipv6 address print.  Sure enough the proper IP shows up.  Must be a GUI bug.

Tower crew in today’s world

One of the questions we often are asked is why our rates for tower work are what they are. In today’s world, a tower crew needs the following, not only for themselves but to protect and do the best job for the client.

The first key is equipment.  Having a crew with proper ropes, proper lifting blocks, and pulleys, and proper safety gear goes a long way. A job can be done more efficiently with the proper tools.  In-Shape tools make a big difference. How many times have you gone to cut something with a dull blade? Tools get used up and have to be replaced.

Next up is safety and insurance.  I lump these into the same category because an insured crew is safe for the client.  Having the proper insurance protects the client from anything that may happen.  Tower work is dangerous work.  With insurance requirements comes updated training. Not only does this teach crews new methods of doing things, it helps them in becoming complacent in safety practices.

Availability is the next thing. Having a crew that can roll out in a timely manner to meet client’s needs takes a dedicated staff.  We see too many part-time crews not bringing in enough money so they are having to moonlight doing other things this lessens the availability because you have to find steady work to have quality people.

The last thing is the experience our crews have.  Having been a veteran of the WISP industry for over 12 years I have seen many ways of doing things, so Have the rest of the experienced folks in our crews. We have done night climbs, harsh weather work, and custom work.  Having someone who knows the WISP industry doing your tower work makes a huge difference.

MidWest Co-Location Special

1U Server co-location Special
-1 IP (more based upon justification at additional cost)
-Dual A/B power (dual power or transfer switch capable)
-Multiple transit BGP carriers (HE.NET, Cogent)
-MidWest-IX (www.midwest-ix.com) peering
-Dedicated gigabit port
-10 Megs of burstable bandwidth (more available)
$99 a month
$99 setup fee

Lots of add-ons available. Direct peers to Chicago, FedRamp certified facilities, redundant metro connections, redundant data centers.

Data Center Highlights

  • 99.995% uptime
  • F5 tornado resistant architecture
  • N+N redundant power and cooling
  • Fire suppression and environmental controls
  • Multi-layered security systems
  • Secure workspace for staging, storage and offices

Contact us today for questions and to setup service.

SaaS aka why I should pay per month for billing

The topic of paying per user for a billing or management platforms comes up every so often.  I was able to sit down and talk with several vendors at WISPAPALOOZA this year about the value of their customers paying a per-user fee.

The most prevalent thought is about innovation and new features.  SaaS allows the billing vendor to invest development and testing time in rolling out new features to support new equipment, and other software.  LTE platforms are the hot thing in billing integration. New additions to software take people power and hours of testing and tweaking. Without monthly recurring revenue to drive such things billing vendors would have to develop this and then charge to the early adopters as an add-on.  This can be a double-edged sword. The early adopters have to pay a premium in order to get a partial solution because the vendor has to really prioritize how their development resources are used. The Vendor is always chasing the next big thing, which means other additions or fixes tend to get pushed back. They have to finish add-ons they think more folks will want to buy first.

The next thing is plain old hosting. Hosting a software application, whether in the cloud or on your own hardware costs money.  Co-location, software patches on the OS, hardware lifecycles, etc.  This cuts down on the end-user maintenance side of the hardware but pushes it back to the vendor. The peace of mind of knowing the thing that collects your money is running is backed up, and is available as part of the monthly fee you pay.

SaaS also allows for quicker releases of bugs and new features.  Vendors have more resources dedicated to development and changes. This allows for new add-ons to become available quicker.  Take the traditional model where you get bug fixes, but major feature add-ons are either a full point upgrade or major version upgrade. This usually costs money and is a slower process.  Not only does the vendor have to spend resources advertising, but they have to deal with support and other issues. With billing vendors who charge a monthly fee fixes from companies such as Paypal or Authorize.net are almost always rolled out very quickly at no additional charge to the end user ISP.

Some companies such as Basecamp, which is not a billing platform, have taken a hybrid approach to SaaS. Every major revision that comes out is an upgrade. You can choose to upgrade or stay where you are and pay the same amount.  This can leave customers behind but still allows them to use what they are paying for.  They just don’t get new features or bug fixes.

So the next time you are figuring out why you should pay for a billing platform on a monthly, customer, or subscription basis take all of this into account.

For those looking for xISP billing, and mainly WISP billing, here is a partial list:

www.azotel.com
www.visp.net
www.powercode.com
www.sonar.software
www.splynx.com
www.ispbilling.com (Platypus)
www.freeside.biz
www.quickbooks.com

If you have more please add them in the comments.

Did you know Amazon business account…

Did you know if you have an Amazon business account you can get preferred pricing with some vendors who sell Cambium on Amazon? This is not the same pricing you see when you visit amazon.com.  This is pricing that is extended to you from vendors who sell on Amazon.

The way this works is by passing along your business ID, which is public information, to a seller.  this seller then qualifies you for direct pricing, and if accepted you receive an e-mail saying you have been approved for direct pricing.  When you log in and view the Cambium items the updated pricing is reflected.

MTIN is not the seller of these items, but if you are interested we can pass your Business ID along to some vendors who do.

Vulnerability in WPA2

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8am Monday, East Coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

 

From Mikrotik:

On October 16. CERT/CC/ICASI released a public announcement about discovered vulnerabilities in WPA2 handshake protocols that affect most WiFi users and all vendors world wide.
RouterOS v6.39.3, v6.40.4, v6.41rc are not affected!
It is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected.
These organizations did contact us earlier, so we have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue.
We released fixed versions last week, so if you upgrade your devices routinely, no further action is required.
CWE-323
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13083
CVE-2017-13084
CVE-2017-13085
CVE-2017-13086
CVE-2017-13087

 

Tower Climber Harnesses

Recently there has been a thread on WISP-Talk about the best tower harness. Rather than going down the road of the best brand I figured I would take a different approach.  I sat down with Lee and Nick from TowerOne Inc. at WISPAPALOOZA 2017 in Las Vegas.

I asked them what they look for in a good harness and here were their top features.

Both said weight was very important.  This makes sense because you will be spending long amounts of time with the harness attached to you. Another feature was the ability to customize the fit.  Belts with synch type adjustments tend to be more comfortable than belt buckles with holes every 1 inch.

Attachment and gear hooks came in next as a must-have feature. Breathability of the material was another one.  After a hot day on the tower, the ability to whisk away as much sweat as possible is vital to be as comfortable as you can.

TowerOne usually brings several different types of harnesses with them to their training events.  This way folks can try things on.  One that has been discovered is people tend to make how the harness is put on an important decision when buying a harness. Some like to put their harness on like a vest.  Others like stepping into the harness and then pulling it up.

So no matter what harness you go with, look into what feature are important to you and how it feels.

A story about a rotten company

Recently I received an e-mail from a company I haven’t done business with since 2003. They had kept my e-mail all this time and decided now was the time to send me a spam e-mail.  Let me give you a little backstory on Advanced Internet Technologies Inc.

Back in 2001 I went out on my own as an ISP.  Previously, I had worked for a dial-up ISP and they had been acquired by a larger company.  I saw the writing on the wall and decided now was the time to go out on my own.  With some borrowed money I made my first purchase, a white box 1U server. Keep in mind this is 2001.  This server with a pair of 80 gig hard drives and dual 1GHZ Xeon Pentiums cost me $1800. I had talked to a sales guy from AIT, and liked everything about the company. So I had my little server directly shipped to them and the loaded on Redhat Linux 4.  I was able to cobble my way through setting up sendmail, apache, and some other services and my ISP was up and running in a few weeks.  Things were clicking along for a few years.  We were doing dial-up and had a wholesale agreement with DialUpUSA for nationwide dial-up and ISDN.

Now, here is where it gets good.  One night in 2003 I notice my server load going crazy.  Server load was in the 30’s. Anyone who knows Linux knows this is something bad going on. So as I trying to track down what is going on I lose all connection to my server. No pings, nothing.  So, I call the AIT noc and see if they can look into my server.  I am told they would look at it.   Several hours go by and I am calling and calling trying to get an update.  I had suspected I had been compromised in one way or another and my server was doing bad things. 10PM turns into 10AM.  I call my sales guy at AIT basically pleading for him to find out what is going on.  He answers my phone call once, but subsequent phone calls go unanswered and no one returns my calls.  Still no answers.  I am calling every 15 minutes trying to get someone, anyone to give me answers.  This goes on for a few days.  By this time my business is suffering, because e-mail is down, including my own. After 4 days of no answers, I am in full-blown panic mode.  Luckily I was using the DIALUPUSA radius and e-mail and the web-site were the things down. In the meantime, I find FDC Servers in Chicago which had space and cheap bandwidth.  I rented a dedicated server from them and was able to get things back up and going after a week of downtime.

Fast forward about a month I receive my server in a poorly packed box with a note saying my server had been compromised and had taken down their entire network because it was sending out junk.  At this time on their web-site they were advertising a capacity of 45 megs to the Internet.  That was big time for 2003. And included in this note was an invoice for $2700 for work they had to do in order to deal with my server causing an outage on their network. The next day my attorney was sending them a very strongly worded letter with phone records on my attempts to contact them and how we would be pursuing legal action for violation of their SLA, which did include turn around time for trouble resolution. Many letters and calls later we never heard from AIT again. We were sending certified letters on a weekly basis.  My father would have been proud the amount of legal paperwork we sent to try and generate a response.

Anyway, So now 14 years later I get a SPAM e-mail from Byron Briggs, Chief Operating Officer of Advanced Internet Technologies Inc. on their dedicated server special. They kept my information after all these years, even after one of our letters told them to purge all of my information from their databases.

 

Dear Byron Briggs,
Your company is one of the lousiest companies I have ever done business with. Your total lack of response almost ruined my company. I was a loyal, and on-time paying customer every month of me being an AIT customer.  I still have the original server in my house as a reminder of how awful a company can be.  I feel sorry for the server for even having to be in a data center ran by such uncaring and callous people.  The poor Linux box suffered enough in its life.  I see on your Linked in you have only been at AIT since 2008. It would be easy to say that was in the past. However, Charles Briggs was there during my time as a customer. I am assuming you are one of his four children he speaks of.  I remember talking to Charles on the phone on several occasions when the company was small.  I referred business and we talked about the future of things. The lack of response after all of that was just the nail in the coffin.

Justin Wilson

If you are considering any type of co-location with ait.com I would recommend sticking your server in a refrigerator or cardboard box with a box fan hooked to the local Starbucks wifi before trusting this company with your business.

Oh, and don’t take my word for it
https://www.bbb.org/myrtle-beach/pages/business-reviews/internet-services/advanced-internet-technologies-in-fayetteville-nc-11001845/reviews-and-complaints?noskin&clean

http://www.vistainter.com/reviews/A/ait.com/