The Communications and Law Enforcement Act (CALEA) passed in 1994 is a piece of legislation every U.S. ISP should know about and be in compliance with. If for the simple fact the government can levy heavy fines if you aren’t compliant.
First of all CALEA isn’t simply sticking wireshark onto your network and sending a packet dump to a law enforcement agency. It is much more complicated than that. You have several things which the CALEA standard addresses.
1.The ability to send multiple streams, in real time, to different law enforcement agencies.
2.The ability to not interrupt the connection to a person of interest. In other words you don’t want to interrupt their connection to insert a piece of hardware.
3.The ability to provide just the information on the warrant. Too much information can actually violate the court order.
4.There is a difference between a typical “request for information” warrant and a CALEA request. These are not the same. CALEA almost always comes from a federal agency. They are expecting you to be compliant with CALEA.
Now, here is where things get a little subjective. The FBI has https://askcalea.fbi.gov/ which is linked from the above fcc.gov web-site. The askcalea web-site has not been updated since 2011. The service provider login and service provider registration simply does not work. The information about CALEA is pretty outdated.
So what does this mean for you as a small ISP? Stay tuned for more information.
We are happy to announce the release of pfSense® software version 2.3!
The most significant changes in this release are a rewrite of the
webGUI utilizing Bootstrap, and the underlying system, including the
base system and kernel, being converted entirely to FreeBSD pkg. The
pkg conversion enables us to update pieces of the system individually
going forward, rather than the monolithic updates of the past. The
webGUI rewrite brings a new responsive look and feel to pfSense
requiring a minimum of resizing or scrolling on a wide range of
devices from desktop to mobile phones.
You can find all the details in the release announcement here:
https://blog.pfsense.org/?p=2008
MTIN is excited to announce our newest support offering, Mnet. Mnet allows customers using Milkrotik and Ubiquiti routers an option of a tiered support level on a per device basis. This allows customers a guaranteed support level at a fixed price. This is an enterprise level support option for critical infrastructure.
The way Mnet works is a customer purchases one of our tiered plans below. They register the serial number with us and we simply provide the paid level of support on that device. This support includes technical support on that device as well as the services included with the purchased Tier.
Tier I (Overwatch) $199 per year (only $16 per month)
This tier is designed for the user who needs the occasional support but wants to make sure things like backups and software are being looked after.
Basic Remote monitoring & notification of device
Software notification of upgrades and personalized recommendations on needed action.
Monthly configurations backup to online secured storage
Next business day support of issues.
Hardware replacement option available
Initial configuration review
Tier II (Operator) $399 per year (only $34 per month) This tier is for the user who needs that extra bit of help when it comes to configuration and wants an extra set of eyes.
Tier II includes all of the Tier I services and adds
Weekly configuration backup via e-mail and online secured storage
Enhanced monitoring & notification of devices
Same business day support (6 hour maximum lead time)
Weekend and holiday support (6 hour maximum lead time)
Discount on consulting services
Tier III (Spec Ops) $599 per year (only $50 per month)
This tier is for absolute mission critical devices.
Tier III includes all of the previous tiers and adds
Same day business support (2 hour maximum lead time)
Weekend and holiday support (3 hour maximum lead time)
Weekly backups of configuration via e-mail and online secured storage
Quarterly review and recommendations on configuration
FAQ:
Do I have to get this on every device? No, we recommend this on your critical routers or routers doing advanced services such as BGP or core routing functions.
Does this replace your normal consulting services? No. This is an add-on to our consulting services. We find we have customers who need help with certain aspects of their network and this fills that gap.
Can I get quantity discounts? Yes, contact us for a quote
I want to upgrade my router. How will this affect mNET? We would simply transfer your support contract from the old device to the new one. Upgrade support is included.
What configuration support is included? Technical support including configuration and troubleshooting is included on supported devices. Other devices can be included at our normal hourly consulting rate.
Do you make changes? All changes are explained and signed off by customer before being implemented. Changes are done during an agreed upon maintenance window with a change management process.
How do I obtain support? Customer is provided a login to the MTIN portal. Online tickets are the best method for opening a case. Telephone support is also included, but tickets are normally quicker.
How does the lead time work? MTIN strives to meet customer expectations. Lead times are the maximum amount of time it will take. Some days this time may be measured in minutes, other times it may be longer.
Do you cover other devices?
Yes, we have plans for AirFiber, Mimosa, and other platforms.
Can I upgrade to a higher Tier?
yes, However it will take 3 business days for upgrades to process. During this time your Tier level will remain the same.
How is payment handled? Payment is due at device registration.
Can I pay monthly? No. If you need occasional support please see about hourly consultation services.
If you would like more information please fill out the form below.
So Mikrotik has a very cheap hAP Lite coming out. This is a 4 port, 2.4 b/g/n router/access point which retails for $21.95. Baltic networks has pre-orders for $18.95.
Why should you deploy this little gem and how? We have found over the years routers account for more than half of the support issues. In some networks this number is closer to 80-90%. Whether it be a substandard router, one with out of date firmware, or poor placement by the customer.
Deployment of the hAP lite can be approached in one of two ways. Both ways accomplish the same goal for the ISP. That goal is to have a device to test from that closely duplicates what the customer would see. Sure you can run tests from most modern wireless CPE, but it’s not the same as running tests m the customer side of the POE.
Many ISPs are offering a managed router service to their customers. Some charge a nominal monthly fee, while others include it in the service. This is a pretty straightforward thing. The customer DMARC becomes the wireless router. The ISP sets it up, does firmware updates, and generally takes care of it should there be issues. The managed router can be an additional revenue stream in addition to providing a better customer experience. Having a solid router that has been professionally setup by the ISP is a huge benefit to both the provider and the customer. We will get into this a little later.
Second option lends itself better to a product such as the hAP lite. With the relative cheap cost you can install one as a “modem” if the customer chooses their own router option. The actual method of setup can vary depending on your network philosophy. You can simply bridge all the ports together and pass the data through like a switch. The only difference is you add a “management ip” to the bridge interface on your network. This way you can reach it. Another popular method, especially if you are running PPPoE or other radius methods, is to make the “modem” the PPPoE client. This removes some of the burden from the wireless CPE onto something a little more powerful. There are definite design considerations and cons for this setup. We will go into those in a future article. But for now let’s just assume the hAP is just a managed switch you can access.
So what are the benefits of adding one of these cheap devices?
-You can run pings and traceroutes from the device. This is helpful if a customer says they can’t reach a certain web-site.
-Capacity is becoming a larger and larger issue in the connected home. iPads, gaming consoles, tvs, and even appliances are all sharing bandwidth. If you are managing the customer router you can see the number of connected devices and do things like Torch to see what they are doing. If a customer calls and says its slow, being able to tell them that little Billy is downloading 4 megs a second on a device called “Billy’s xbox” can help a customer. It could also lead to an upsell.
-Wireless issues are another huge benefit. If the customer bought their own router and stuck it in the basement and now their internet is slow you have a couple of tricks to troubleshoot without a truck roll. If the hAP is in bridge mode simply enable the wireless, setup an SSID for the customer to test with and away you go. This could uncover issues in the house, issues with their router, or it might even point to a problem on your side.
-Physical issues and ID10T errors can be quickly diagnosed. If you can’t reach your device it’s either off or a cabling issue. If you can reach the hAP and the port has errors it could be cabling or POE.
These are just a few benefits you can gleam from sticking a $20 Mikrotik device on your customer side network. It becomes a troubleshooting tool, which makes it money back if it saves you a single truck roll. The implementation is not as important as having a tool closer to the customer. There several vendoars you can order the hAP lite from. Baltic Networks is close to me so they are my go-to. http://www.balticnetworks.com/mikrotik-hap-lite-tc-2-4ghz-indoor-access-point-tower-case-built-in-1-5dbi-antenna.html .
This isn’t practical for business and Enterprise customers, but you should already be deploying a router which has these features anyway right? 🙂
Several clients have asked how to mount 1/2-1″ pipe to handrails or other such surfaces. Below are some beam clamps and conduit hangers. Our tip is to “pin” them by drilling some self-tapping screws to hold the pipe from spinning.
So, I have an very heartwarming story today related to the WISP industry.
So this started back in March.A client was having issues with a circuit.The transport provider had so many fails in troubleshooting the issue from the start. First, the tech from the transport company did not have the tools he needed (we found this out 12 hours later) and could not troubleshoot the problem properly. Secondly, the Transport company (okay let’s just call them Zayo from now on) had little to no documentation on this issue.
So after 12 hours of back and forth troubleshooting the transport provider finally sends a tech out.The tech gets on site, and is told he should be in another location because they finally found a problem on the switch port. If the tech would have had the proper tools this process wouldn’t have taken 12 hours. But that’s another story
So, and here is part one of the heartwarming part, the problem is determined to be a cross connect at the data center.I call Eric Rogers at 3AM and he is at the data center at 4am tracking down the problem with the backbone provider.The problem ends up being a loose jumper inside the Backbone providerscabinet.It seems about the time the circuit started having issues someone from Zayo was inside the patch panel doing work.The knocked the jumper loose and when it was opened back up it just kinda fell out. A simple plug in and it was fixed.It shouldn’t have taken 12 hours to fix, but thats not the end of the story.
Fast forward to a few weeks ago.Keep in mind the above happened in March.It’s now September.Zayo sends the client a substantial bill for their techs time that night saying it was a cross connect issue and not a Zayo issue. There are threats to turn off the services if this outrageous bill, which was their fault to begin with, is not paid.So, here is where heartwarming part #2 come in.Eric Rogers takes time out of his very busy day to write a letter detailing what he saw that night, and what the problems were.After submitting the letter to Zayo the client has received word from Zayo they have credited the account. In the provider world this is as close to a win as you get.
So, it’s thanks to guys like Rick Harnish who have fostered the willingness to work together which has made situations like this possible.Not only did Eric get up at 3AM to help another WISP out, but he took the time to put words to paper to help correct a resulting bad call. We could go over all the fails in this issue, but the wins are what makes it great!
I have been wanting to write this article for awhile. When the topic is fresh in my mind I am usually too tired from a day of climbing. By the time things get around the lessons learned have escaped me. So, after a day of being in the sun on a 150 foot monopole I figured I would share some best practices. These are aimed toward the WISP who wants to maximize their climbs.
1.Tighten sector brackets on the ground and other bolts. If it is holding it to the sector tighten it. The idea is the climber wants to be able to position the antenna against the mounting pole as easily as possible without needing extra hands. Sometimes having both hands free is a challenge. If you want to adjust downtilt on the ground the following links can help speed up the process. This is not necessary nor is it a requirement. It just is one less thing to do in the air. Some helpful Links:
I am planning on another blog article about downtilt calculations and my thoughts. We will go into this in a future post.
2.For Wireless backhaul shots in the 0-7 mile range use google earth. Draw a line between the two points and use two reference points to get in the neighborhood. By looking at the below screenshot I know to align my path over the edge of the building almost at the base of the tower. This helped me determine mounting location and get a pretty close aim. You can get fancy with compasses, GPS alignment devices, and other high-tech toys, but people are typically visual people. Having a reference point is easier on the mind than having a number like 121 degrees off north. Microwave shots are a different beast so don’t lump tight beamwidth licensed links into the above statement.
3.Don’t get too hung up on labels. Instead I like to color code things. If I am putting up 3 sectors I will get some colored tape and label them with a blue piece, a red piece, and a green piece. This way if the client wants to have a sector facing north We have the software labeled blue. I can identify color and tell the ground crew I faced the blue sector north. Makes things easier in the high stress environment of being hundreds of feet in the air. The cellular companies have some standardized labeling of their sectors:
Alpha is the North FACING vertical antenna on the cell tower
Beta is the Southeast FACING vertical antenna on the cell tower
Gamma is the Southwest FACING vertical antenna on the cell tower
I would suggest come up with a SOP for all your tower deployments, but be flexible. Due to the various mounting locations it’s not always prudent to cookie cutter a WISP deployment like the cellular folks do. I have installed gear on towers where you have a small corner of a rooftop or grain facility. Due to other things being up there, the fact you are trading service or paying very little, your mounting options may be limited.
4.On a related note color code everything. If you use colored tape, make sure to match the ethernet cables going to the sectors. This way it is easier to identify the cable going to the sector. This also helps in easier identification of where things are plugged in.
5.There are six phases of the a WISP deployment.
Stage one- assembly and staging
Stage two – Mounting radio equipment and antennas
Stage three – Connecting power and connectivity.
Stage four – Physical adjustment and tuning
Stage five – Testing and tweaking
Stage six – cleanup and zip up
Think about each of these. This will be another future blog post.
6.Have a plan of action. Have a flexible order of doing things. Be able to adjust this on the fly due to various factors. Sometimes is makes sense to mount the sectors, backhauls, and any other boxes at the top. Once you have them mounted then make the connections. Other times it may make sense to run the cable when you mount the device.
7. Have a loadout of specific tools in a bucket or tool pouch. I like to include the following:
Knife – Automatic or assisted opening
Crescent wrench
Super-88 Tape
Zip ties
Phillips Screwdriver
Flat Screwdriver
Slip Joint pliers
Other tools such as ratchet wrenches, different sized tools, power tools, etc. are handy, and can make life easier. However, the above tools will allow you to 90% of what you need to do to install or remove most WISP equipment. The flat screwdriver can be used to pry things loose or for leverage.
8.If you can do it on the ground do it. Terminating and testing cat-5 is easier on the ground than 150 feet in the air.
9. Train the ground crew to think about how this affects someone on the tower. Most of the time folks don’t have the luxury of platforms. So they are hanging off the tower in awkward positions. Doing a pull with 3 sectors attached to a load line might seem like you are saving time, but it might make things complicated for the climber. Sometimes, 3 pulls might make their life easier. They only have to deal with one thing at a time. They aren’t fighting trying to unhook multiple antennas or figuring out what is what. This is where straps come in very handy. A strap allows a climber some extra flexibility to move things around and position them better.
10.Have a checklist of sorts. This can be a running thing as you go along. I routinely tell the ground crew to remind me to do this. If you have someone writing this stuff down they can read it back to you before you come down.
There are a great variety of tools, tricks, and ways of putting stuff on the tower. Many people have their own ways of doing things. These are just some of the best practices I have come up with through experience. We could debate tape vs zip ties and other things for hours. Please leave comments and some tips that make your life easier.
You must be logged in to post a comment.