Some stat screens from a cambium 550. This is a short hop. Less than a mile.
Category: Wireless
One of our climbers took this picture while climbing to do an install for a WISP client inside a “golf ball” water tower.
The following are results from a series of tests of AGLcom’s parabolic dish antennas on an existing link that is 5.7 miles long. The link typically passes 80-90Mbs with a TX capacity of 140 Mbs and radios used are Ubiquiti AF5X operating at 5218 Mhz. A full PDF with better Readability can be downloaded here..
The tests were taken in stages:
- 1) The normal performance of the link was recorded.
- 2) The 2′ dish at one end, B, was replaced with the AGLcom, C, dish and the link reestablished.The link performance was recorded.
- 3) The 2′ dish at the other end, A, was replaced with the AGLcom, D, dish and the link reestablished. The link performance was recorded.
- 4) The setting on the AF5xs were adjusted to optimize the link performance with data recorded.
- 5) The 2′ dish, B was put back in the link and the performance was recorded.
- 6) The ACLcom C was put back into place.
The tables below do not follow the test order as the third line of data was actually the last test performed.
Antennas:
A-Jirous JRC-29EX MIMO
B-Jirous JRC-29EX MIMO C-AGLcom – PS-6100-30-06-DP D-AGLcom – PS-6100-29-06-DP-UHP
Results:
Table 1 is the signal strength results of the various dishes on the link. The first line, A-B, is the original Jirous to Jirous. A is the first two columns of the link and are the A side and the last two columns are the B side on the link. What is of interest is that exchanging B to C in the second line brought the signal deviation between the channels to only 1db and 0 db as seen in Table 2. The third line was a result of replacing the horn on the A dish and optimizing the setting on the AF5X radios. This changed the signal by around 7db and improved the link capacity, Table 3. Clearly, the A dish had a problem with the original horn.
In the fourth line, D-B, the signal strength improved as well at the signal deviation on the two channels, Table 2 first two columns. This link was not optimized. The fifth line, D-C is both AGLcom dishes which improved the bandwidth, Table 3, and the signal deviations, Table 2. The final line, D-C, was the previous line optimized. The signal strengths moved closer together and the bandwidth improved.
Link Ch0 Ch1 Ch0 Ch1
- A-B -73 -76
- A-C -73 -74
A*-C -64 -66
- D-B -63 -62
- D-C -62 -62
D*-C -60 -60
-70 -74 -71 -71 -65 -66 -59 -59 -58 -58 -61 -61
Signal Strength (* optimized data) Table 1
Table 2 has four data columns, the first two being the measured results and the latter two being the measured difference from theory. The Jirous and AF5X calculators were used for the theory signals. Clearly the signal approached the theoritical limit with the optimization and with the change of dishes. The optimization improved the signal by ~9db for the link that we replaced the horn on the Jirous and by ~2db for the AGLcom link.
Link dSig dSig A-B 3 4 A-C 1 0 A*-C 2 1 D-B -1 0 D-C 0 0 D*-C 0 0
dSig dSig -16.5 -17.4 -17.0 -15.0 -8.0 -9.0 -13.3 -5.3 -7.0 -4.3 -5.0 -6.0
Signal strength variation from theory Table 2
The band width improvement was more obvious, Table 3, from 22 Mbs to 39 Mbs for the RX and 144 Mbs to 141 Mbs TX for the link with the horn replacement. The bandwidth improvement for the optimization of the AGLcom link was from 61Mbs to 66Mbs RX and from 211Mbs to 267Mbs for TX.
The bandwidth improvement from the original, optimized link to the AGLcom link is from 61Mbs RX to 67Mbs and from 210Mbs TX to 267Mbs. There is a clear improvement for the AGLcom link over the Jirous link.
Link BW-RX
- A-B 22.5
- A-C 39.0
A*-C 60.9
- D-B 61.4
- D-C 60.6
D*-C 66.6
BW-TX 144.6 141.4 210.0 211.0 215.0 267.6
Table 3
Conclusions:
The data supports a measurable improvement in both signal strength and bandwidth with the use of the AGLcom dishes. However, it is difficult to quantify the improvement. The Jirous dishes were identical whereas the AGLcom dishes were not. One of the jirous dishes was under performing initially but was repaired for the last tests. Additional testing is needed to provide accurate data analysis and performance comparison. The best performance tests would involve identical AGLcom dishes, ideally two links, one each of both types of dishes.
The Recently, it was announced that Ubiquiti Networks Inc (UBNT) is suing Cambium over the Cambium Elevate. This will be a long post, so sit back with your favorite beverage and read away.
Disclaimers. I have been in the ISP world since 1991. I cut my teeth on BBS systems and moved onto dial-up. I am also an independent Cambium certified consultant. Read about the consultant program here... I also have clients who run a wide variety of UBNT products, and the last ISP we sold was 90 percent UBNT. We run some UBNT routers in MidWest-IX as well. My father was an attorney for over 40 years. I grew up around attorneys, have regular conversations with friends who are attorneys, and was learning about the law from the time I was 10. Having said that, I am not an attorney. Nothing in here should be construed as an official legal opinion.
So let’s get some background on what has transpired with Cambium and their elevate software. Cambium came up with a way to load their software onto select UBNT wireless units and, after a reboot, had the cambium EPMP software active on them.
Why did this work?
UBNT Airmax radios use U-Boot loader. If you want to read all about it you can read the references at the bottom of this article under References. The thing to know is it is released under the GNU General Public License.
UBNT and Cambium EPMP both use “commodity” wifi chipsets. This keeps the cost down and the software becomes the majority of the “special sauce” that makes them different. This is in contrast to the UBNT Airfiber and Cambium 450 lines. These use custom made chipsets. This is is one reason those lines are more expensive.
By using an open source bootloader and commodity hardware Cambium was able to figure out how to load their own software onto the UBNT devices. UBNT countered with modifying the bootloader to accept only signed software images. The only images that were recognized were ones signed by UBNT. If you are interested in learning more about signed software go here: https://www.quora.com/What-does-signed-firmware-means
Cambium came up with instructions on how to downgrade and by-pass the ability to only load signed firmware onto the device. The method I am aware of is downgrading the installed UBNT firmware to a certain version.
All in all the Elevate process turned the UBNT hardware into a device running Cambium’s software.
The gray areas aka this is why we have attorneys
There are several arguable points in this lawsuit. If you want to read articles on the Lawsuit
https://www.law360.com/articles/1071813/wireless-co-ubiquiti-says-rival-sells-hacking-firmware
Debate #1 – The Hardware
The term Software Defined Radio (SDR) has been around for quite some time now. Basically, this is a radio with very little RF elements to it. Ham radio has been using SDRs for quite some time now. The idea is the manufacturer uses off the shelf components to build a single radio which can do various functions depending on what software is loaded. It also allows features in the chipset to be activated and licensed should the programmer want to support them. It’s interesting to note Wireless is not the only place this is happening. Software Defined Networking (SDN) is a growing thing, as well as a plethora of devices. A PC could be considered a software-defined device. More on that later.
So an argument could be made the UBNT devices are a software defined radio. they did not use custom chips. They most certainly have a proprietary board layout, but that is not a criterion in an SDR. So if a customer buys a piece of hardware, should they be able to load whatever software they want on it?
An argument saying yes they should can be pulled from many areas. This Verge Article (more in the reference at the bottom) says the Government ended the debate in 2015 giving consumers the ability to Jailbreak their phones and devices without legal penalties. Before that is was briefly illegal to “Jailbreak” your phone. This was mainly lead by Apple. The government said it was fair use to Jailbreak, but not carrier unlock your phone without permission.
Apple also went through this briefly when they switched to Intel processor chips. People were figuring out ways to load Apple OSX onto Dells, HP, and other “PCs”. The debate was whether this was legal or not. The following article sums up why these “hackintosh” computers were shut down. By clicking on the “Agree” of the End User License Agreement (EULA) before installing OSX you agree to a great number of things. The short of it was the user license of OSX says you can not install this on non-apple hardware. However, it says nothing about installing non-Apple Operating systems on the hardware. Apple knows it is commodity hardware. If you want to buy a 2000 mac and put windows 10 on it, go ahead. They even help you with an option called Bootcamp.
Our last example is the Linksys WRT54G and DD-WRT and its variants. A quick history of the DD-WRT Controversy doesn’t revolve much around the loading of the software onto Linksys hardware, it involves the use of the GPL license by DD-WRT. There were some FCC concerns, but we will talk about those later.
So the questions to be argued for this point:
Q1.Is the UBNT device a software-defined Radio?
2. Does the user have the legal ability to load whatever software they want to on hardware they own?
Debate #2 – Was the UBNT firmware “hacked” as they allege?
There are lots of unknowns here. Attorneys try to prove intent in arguments like this.
Did Cambium somehow reverse engineer the UBNT software, thus violating copyright laws? At what point is the line crossed? Since UBNT used a bootloader free to everyone, was the simple act of loading new software onto the units a hack? From what I know, and I am not a programmer, is Cambium used the bootloader to overwrite the UBNT software and install their own. How is this any different than installing Linux on a Dell PC? Computers have a bootloader called a BIOS. On a Wireless radio, where does the bootloader stop and the software start? To me, these are clearly defined. Bootloader and Image file.
If you boot up the UBNT unit out of the box without agreeing to the EULA have you violated the EULA? Can you be penalized for loading software onto a device you never had the opportunity to see and agree to anything? Did the simple act of taking it out of a box and booting it up via TFTP cause you to agree to something?
In a Brothers Wisp video on this topic, Justin Miller mentions some arguments on why this can be allowed.
Debate 3 – Did Cambium violate FCC rules?
If we believe the user has the ability to load software onto units they own it is the user, as well who developed the software to go on the device, to follow all laws then it is not up to UBNT to police this. This is the job of the FCC, provided it is agreed that once the user buys the hardware it is theirs. For this specific case, UBNT claims Cambium is violated allowed power limits by loading their software onto the UBNT device. Also, is the new device an FCC certified system? Most likely not unless it is resubmitted to the FCC for testing, and any labels removed and new ones added. However, this is not up to UBNT to enforce this. This is the job of the FCC.
Is UBNT being a steward of the community to bring this to the attention of the FCC, thus saving UBNT from possible issues with the FCC? Maybe, but why not bring suit against any of these others?
Bitlomat
DD-WRT
HamNet
It’s interesting to note this page on HamNet
I am not a telecom attorney and I do not know the ins and outs. From what little I know of being in the industry you have to have an FCC certified system with proper identification stickers. I remember when UBNT had to send out stickers for units several years ago for DFS certification. You were supposed to put them on all your upgraded radios to be compliant. By changing the software did Cambium no longer make it a certified system? Or, because they use the same chipset is it still legal in the eyes of the FCC?
Debate 4 – Collusion and the end user
This is the biggest bombshell out of this whole ordeal and actually makes my blood boil. UBNT is suing Cambium of course. They are also suing a distributor and an end-user ISP. Cambium I can understand. UBNT is trying to protect their intellectual property and believe it was violated. They have every right to do so.
The distributor I can understand the argument. The distributor allegedly participated in distributing the “hacked” software. Not saying it’s right or wrong, but I can see why there would be the argument.
The most disturbing part of this an end-user ISP is named in the lawsuit. UBNT is suing a customer who was using the UBNT product and then decided to switch to a competitors product. In the case of elevate, the end-user ISP loaded the software onto their existing hardware. If we go along with the idea of you own the hardware, UBNT is suing a customer who bought their hardware and loaded the elevate software on it. This would be like Dell suing a school corporation for loading Linux onto new PCs they bought.
Many of the arguments you read are about you don’t own the software. If you buy the hardware, and it has a GPL licensed bootloader and load your own software onto the device, what laws have you violated?
Imagine this scenario. A user opens up a UBNT radio they bought. They see it uses an Atheros chipset, like many other radios. They write some code to talk to the hardware, all without ever looking at the software that came on the radio, boot up the unit via TFTP and load their own compiled image onto the hardware. All the while they never have seen the UBNT software. Did they violate any laws or user agreements?
This case and some others will help define who owns the hardware. We know the company, in this case, UBNT, owns the software. You have no legal standing to de-compile their intellectual property. That is cut and dry. What isn’t, is if they are using the same hardware everyone else, the same bootloader, is that considered proprietary? If not, and you overwrite their software were you allowed to because you own the hardware. Is the GPL bootloader considered proprietary? If we apply the analogy the bootloader is the same as the BIOS in the PC, no it is not proprietary. The BIOS debate has already been solved in court. Many of the PC debates have been loading a company’s software onto other hardware, such as Apple Hackintosh Computers and not the other way around, such as this case. As we talked in point 1, in the PC world, Apple even gives you the tools to install other Operating systems.
If UBNT sticks code in that says the bootloader only recognizes signed images is that “hacking” to put your own software on? Is this any different than Jailbreaking an Iphone?
So what does this all mean?
Going forward I believe we will see EULA and licensing agreements change. The hardware from a manufacturer will still be the property of the manufacturer, much like John Deere software.
The definition of what you own and have access to will change.
Proprietary bootloaders will take the place of Open Source bootloaders.
There will be a rise in manufacturers who make white box radios. Will there be a long-term solution? Only time will tell. We are seeing this trend in software-defined networking.
We will see more NDAs to end users about products. I believe we will see fewer case studies on newer products. End users will definitely be more tight-lipped about what they are doing.
So it will be interesting to see how this all plays out. Will there be enough precedent in the hardware world to squash some of this? Or does UBNT have a case? Obviously, UBNT has a responsibility to their shareholders to vigorously defend their Intellectual property. This case will help define where the commodity/open source items stop and where the intellectual property starts.
Where does this leave distributors? Do they want to continue carrying the Elevate product? Do they want to cut relationships with a manufacturer who has sued one of their own? The same goes for the end-user community. Do WISPs want to do business with a company that could potentially sue them for using and talking about a competitor’s product? Do the end users own the hardware they buy? If so, how much freedom do they have? If you don’t own the product, imagine the accounting ramifications.
https://wiki.openwrt.org/toh/ubiquiti/airmaxm
https://www.wired.com/2015/04/dmca-ownership-john-deere/
https://www.wired.com/2010/07/feds-ok-iphone-jailbreaking/
Feds okay iPhone Jailbreaking
https://superuser.com/questions/424892/is-bios-considered-an-os
Is the Bios an Operating System?
https://www.chromium.org/chromium-os
Google Chromium OS
There has been much discussion on the performance of going from an N Series outdoor wireless system to AC. Not all AC is created equal. Right now there is AC Wave 1 and AC Wave 2. Just about all the AC stuff currently in the pipeline for outdoor wireless is wave 1. There is wave 2 indoor gear available, but for a WISP you are interested in the outdoor gear.
So what’s the difference?
For some reading about spatial streams, channel sizes, etc. look at this article https://info.hummingbirdnetworks.com/blog/80211ac-wave-2-vs-wave-1-difference
For the WISP folks who want the Cliff Notes version here are some key differences.
-Wave 1 uses 20,40,and 80 Mhz Channels. Wave 2 can support 80 and 160mhz channels. The 160mhz channel would be two 80mhz channels bonded together.
-Wave 1 can do 3 spatial streams. Wave 2 does 4. This requires an additional antenna to take advantage of wave2. This is a hardware upgrade from wave1 to wave 2.
-Wave 2 supports MU-MIMO. The AP can talk to 4 clients individually at once. The client must also support this, which is a hardware upgrade from wave 1 to wave 2 on both the client and the AP.
The question to ask your vendors is what is the upgrade path if you are using existing AC gear. If you are running AC currently you are most assuredly going to have to replace your AP radios and antennas. Will your existing clients work with the new AC wave 2 aps? An important thing to ask.
Recently we had a teaching moment for a couple of folks who had not had much experience with aligning higher frequency antennas with very tight beamwidths. This particular day we were aligning 2 foot Siklu 80GHZ antennas.
One of the questions we often get asked is how do you align these? These questions are usually asked by someone who is familiar with aligning 5ghz antennas with a 10 or 20 degree beam which you can eyeball and has tried a microwave shot. They find out it is much harder. The higher you go in frequency the tighter and smaller the beam is. Distance also affects how far off you can be. Think of it as a laser pointer. If you have ever taken a laser pointer out at night and shone it a long distance you will notice even the slightest movement will cause it to jump inches, even feet. Keep laser pointer analogy in mind for this next section.
In order to understand alignment, we need to understand lobes on an antenna. An antenna is just a device that focuses radiation in a direction. In a licensed microwave setup, these antennas focus the radiation in a tighter “beam”. Let’s go back to our laser pointer analogy. Some laser pointers project a smaller dot at 10 feet than others. Same for antennas. The diagram below shows what is called the main lobe and the side lobe.
The way to get the best signal is to get both dishes locked on to the main lobe. Sounds easy right? With higher frequencies, you are talking about millimeter waves. This means the main lobe may only be 3mm wide, about the size of this text on a laptop screen. Now imagine trying to keep that 3mm beam in the center of a paper plate at a mile. On top of that, the difference between the main lobe and locking onto a side lobe could be the difference of 1-2mm. A slight wind can move a dish 2mm.
To give you a real-world example. A 2ft 23 GHz antenna having 3 dB beamwidth of 1.6 degrees. Allowing for a path length of about 2.5 miles (this is licensed 23GHZ) the actual beamwidth at the receiving antenna is around 370 ft and is, therefore, likely to be greater than the height of the tower. If the antenna’s out of horizontal by even a couple of degrees to start, the antennas will miss by around 460 ft and not be able to “see” each other. This can be amplified as frequency and distance increase.
This is all fine and dandy, but what about the practical world? How do I align the thing?
It all starts with the FCC path coordination paperwork you will receive on your licensed link. There is a wealth of information in here. It tells you all of the following:
-Your mounting height (this is typically already known)
-Your heading (more on this in a bit)
-The antenna angle downtilt or uptilt (very important)
-The expected signal target
Armed with this information you will have all of the information you need to align the link. From this point, the philosophical side of things kicks in. Some tower climbers are good with using a compass to get their exact bearings. Others have high dollar tools to do it all via GPS such as microwave path alignment from Sunsight.
What everyone doing alignment should have in their toolkit are the following:
-A small magnetic bubble Level. We want to make sure we start with a level mount. We would be fighting an uphill battle if the pipe or standoff we are mounting to is not level.
-An angle Finder is very helpful for determining the antenna down or uptilt per the path calculation.
Obviously, the above tools are just one of many examples. There are more expensive ones and bare bones ones. Tools are only as good as the person using them.
-Ratcheting wrenches for the left and right and up and down adjustments.
Having ratcheting wrenches makes fine-tuning a very easy process. You will see why later.
-A good hands-free communication method. Depending on the tower FM communications may or may not work. Cell phones may or may not work. Being able to talk to the crew on the other end is crucial. And yes, to make this smooth you want a crew on the other end.
Aligning backhauls, especially microwave, is a skilled trade. With any skilled trade, you will get all kinds of tips and tricks of the trade. Some you may use, others you may not. Ask any Carpenter, Drywaller, or Mason and they will tell you little tips and tricks. They probably all are great and will work, but you may only use some of them. I am going to tell you mine. You may find others you like better.
We always start with a google earth plot of the path. I call this Phase 1. The goal of phase 1 is to get the radios talking. We make sure the line is exactly on the two points, not just approximate. If the backhaul it on the left side of the tower, we draw the line to/from the left side of the tower. We then pick 2-3 landmarks along the path as we can. We start with something close to the tower the climber should be able to see.
In our photo above we have picked out two reference points close to the tower the climber can see. The first is the clump of trees on the climbers left. The path passes “just to the right” of the edge of the end of the trees. The second reference is the intersection of the county roads about 2-3 miles out. Our path should be just to the right of those. That point of reference is more of a sanity check. More than anything. The climber at the other end has a similar printout. I have found communication during this process works best if both climbers and someone logged to at least one radio on the ground with a laptop are on a conference bridge. Many radios have lights, tones, or multimeter outputs to indicate signal. Some modern radios only have web-interfaces and apps. Hold a phone while trying to align can be cumbersome. This is where the guy on the ground can take some load off what the climbers are doing.
Regardless of the mechanics of the radio, the goal of Phase 1 is to establish a radio link, no matter how bad it is. Now, here is where the real meat and potatoes of backhaul alignment come into play. This is a very deliberate and calculated process. Your goal at the end of the entire alignment process is to end up with the following diagram
What many folks don’t realize is it is possible to establish a signal on a side lobe. So how do you know if you are on a side lobe? Here is how we start phase 2. This is what I call fine-tuning. Real original huh? Depending on good, or lucky you were during phase 1 you may have a long way to go or a short way to go to meet target. Remember that in your paperwork we talked about earlier? One side and one side only starts moving their fine adjustment on their antenna to the left and right and up and down. This is typically called sweeping. The key thing to note here is you need to find the very edges of the radio signal, not just the lobe you happen to be on.
Let’s take a real-world example to explain how sweeping affects main and side lobes. At the start of this article, we mentioned an 80ghz link. With our phase 1 rough alignment, we were able to get linked at a -86. The target was a -32. The first side to start alignment started sweeping to the right, signal started going from a -86 down to a -72 rather quickly. This was using very small turns of the adjustment. The ratcheting wrench was only clicking 1-2 times for each 2-3 db of signal change. Once it reached a -72 it started climbing back up. The climber then kept going to the right to find the edge of the signal, not just the lobe we were on. The signal started getting worse until we were back into the upper 80’s.
Now, the climber brings the alignment back to the left, and stops at the -72 and makes a mental note of where that is in relationship to the overall placement of the dish, etc. Some mounts have distinct notches, some guys use markers, others just remember. Now the climber continues on to the left and the -72 gets worse and goes back down to the -86 and continues to get worse. So the climber, at least for now, has found the sweet spot for the left and right alignment. The climber also knows this will probably change, but has found it for now. Climber repeats the same procedure for the up and down. Due to the anglefinder, the climbers have with them they feel pretty confident they are fairly close with the up and down so they do not adjust the up and down travel as much as the procedure goes on.
Next, the other side does the same procedure the first side did. They do the left to right and get the signal down to a -62. Essentially, what the climbers are trying to do is find the center, which will contain the strongest signal, by sweeping past the other signals. Keep in mind there may be only millimeters separating these other lobes. Due to physics, and the shape of the signal, the first lobe is actually stronger than the edges of the main beam.
Say what? The first lobe is stronger than the edges of the main beam? Yes, but not stronger than the main beam. Let’s go back to our installers. They have each had a go around at alignment and are only at a -62. On a 5ghz backhaul that would be respectable, depending on your noise floor. But we are 30db away from our target of -32. Some climbers, incorrectly I might add, try to do a shortcut by scanning in an x pattern instead of x and y-axis separately. This makes it easier to lock onto a side lobe.
So now our first climber goes back to making the left and right adjustments. At this point, the installer finds something odd. He has gotten the signal down to a -55, but that’s the best he can do. Even a small turn jumps the signal up Then our installer remembers the above statement. The first lobe is always stronger than the edges of the main beam. He gets the signal back down to a -55 and turns the alignment over to the other side.
Here is a very important thing to note. Both of our installers have now “gotten a feel” for the few turns needed to adjust the signal on these dishes. To them compared to 5ghz dishes, these are very tiny and almost insignificant movements. But they sure make a difference in signal. Now our installer at tower B has his second alignment session. As he is making adjustments the signal is not changing. He is moving his wrench for what seems like forever and the signal is barely moving, Any other time their signal would have been a -90 or dropped. What has happened here? The main lobe of one side has locked onto the first lobe because it is always stronger. Since the main lobe is bigger it seems like it takes forever to make any change. If we had a guy on the laptop he was probably also probably seeing very mismatched data rates. One side was probably much higher than the other by a large margin.
Then boom, all of a sudden the signal goes from a -55 to a -42. A 17 db jump! We can now tell we are on the main lobe. If the laptop person looks at the data rates now they should be more balanced.
At this point, it is just a simple matter of each side making finer and finer adjustments back and forth to get the signal down. If you think of the above circle/crosshair you are making smaller and smaller adjustments to nudge toward the center of the circle. This is where the ratcheting wrenches help by giving a very measured amount of travel. This helps with the whole feel of alignment. Much of it is feel to see how much you can move the adjustment mechanisms to make the numbers move. Sometimes it may be a single click of the wrench. Sometimes it may be one or two. It just depends. As you get closer and closer to target you are moving the adjustment less and less.
As you get closer and closer to target you need to be thinking about how tightening down the adjustment bolts will affect the alignment. Even tightening them down snug can affect the signal. That extra amount movement to tighten them down can move them slightly past their alignment center. You may need to take into account the amount of travel it takes to tighten down the adjustment bolt into account on smaller dishes. If it takes a half turn of the bolt to get it tight you may need to stop a half turn and tighten “into” target. As you tighten it down fully that is where you end up in align. If you wait until you are in align and then snug it completely down, the force of snugging it down may pull it past and you will end up with a worse signal.
This article sprinkled in some examples from a real-world install, with some theory, with some practical knowledge. Your mileage and experience will vary. Your experience with 6ghz vs 80ghz will vary as well. Each frequency will have it’s own quirks and tricks.
DHCP starvation attacks are designed to deplete all of the addresses within the DHCP scope on a particular segment. Subsequently, a legitimate user is denied an IP address requested via DHCP and thus is not able to access the network. Yersinia is one such free hacking tool that performs automated DHCP starvation attacks. DHCP starvation may be purely a DoS mechanism or may be used in conjunction with a malicious rogue server attack to redirect traffic to a malicious computer ready to intercept traffic. Imagine a user filling up the dhcp pool and then re-directing users to their own DHCP server.
How do you fix this?
802.11 has several mechanisms built in. DHCP Proxy is one way. Port security is another. If you are running Mikrotik there are some scripts which can alert you to rogue DHCP servers, but that is an after-the-fact kind of thing.
There was a Facebook discussion that popped up tonight about how a WISP answers the question “Is your network secure?” There were many good answers and the notion of WEP vs WPA was brought up.
In today’s society, you need end-to-end encryption for data to be secure. An ISP has no control over where the customer traffic is going. Thus, by default, the ISP has no control over customer traffic being secure. “But Justin, I run WPA on all my aps and backhauls, so my network is secure.” Again, think about end-to-end connectivity. Every one of your access points can be encrypted, and every one of your backhauls can be encrypted, but what happens when an attacker breaks into your wiring closet and installs a sniffer on a router or switch port?What most people forget is that WPA key encryption is only going on between the router/ap and the user device. “But I lock down all my ports.” you say. Okay, what about your upstream? Who is to say your upstream provider doesn’t have a port mirror running that dumps all your customer traffic somewhere. “Okay, I will just run encrypted tunnels across my entire network!. Ha! let’s see you tear down that argument!”. Again, what happens when it leaves your network? The encryption stops at the endpoint, which is the edge of your network.
Another thing everyone hears about is hotspots. Every so often the news runs a fear piece on unsecured hotspots. This is the same concept. If you connect to an unsecured hotspot, it is not much different than connecting to a hotspot where the WPA2 key is on a sign behind the cashier at the local coffee shop. The only difference is the “hacker” has an easier time grabbing any unsecured traffic you are sending. Notice I said unsecured. If you are using SSL to connect to a bank site that session is sent over an encrypted session. No sniffing going on there. If you have an encrypted VPN the possibility of traffic being sniffed is next to none. I say next to none because certain types of VPNs are more secure than others. Does that mean the ISP providing the Internet to feed that hotspot is insecure? There is no feasible way for the ISP to provide end to end security of user traffic on the open Internet.
These arguments are why things like SSL and VPNs exist. Google Chrome is now expecting all websites to be SSL enabled to be marked as secure. VPNs can ensure end-to-end security, but only between two points. Eventually, you will have to leave the safety and venture out into the wild west of the internet. Things like Intranets exist so users can have access to information but still be protected. Even most of that is over encrypted SSL these days so someone can’t install a sniffer in the basement.
So what is a WISP supposed to say about security? The WISP is no more secure than any other ISP, nor are then any less secure. The real security comes from the customer. Things like making sure their devices are up-to-date on security patches. This includes the often forgotten router. Things like secure passwords, paying attention to browser warnings, e-mail awareness, and other things are where the real user security lies. VPN connections to work. Using SSL ports on e-mail. Using SSH and Secure RDP for network admins. Firewalls can help, but they don’t encrypt the traffic. Does all traffic need encrypted? no.
Network Time Protocol (NTP) is a service that can be used to synchronize time on network connected devices. Before we dive into what NTP is, we need to understand why we need accurate time.
The obvious thing is network devices need an accurate clock. Things like log files with the proper time stamp are important in troubleshooting. Accurate timing also helps with security prevention measures. Some attacks use vulnerabilities in time stamps to add in bad payloads or manipulate data. Some companies require accurate time stamps on files and transactions as well for compliance purposes.
So what are these Stratum levels I hear about?
NTP has several levels divided into stratum. All this is the distance from the reference clock source. A clock which relays UTC (Coordinated Universal Time) that has little to no delay (we are talking nanoseconds) are Stratum-0 servers. These are not used on the network. These are usually atomic and GPS clocks. A Stratum-0 server is connected to time servers or stratum-1 via GPS or a national time and frequency transmission. A Stratum 1 device is a very accurate device and is not connected to a Stratum-0 clock over a network. A Stratum-2 clock receives NTP packets from a Stratum-1 server, a Stratum-3 receives packets from a Stratum-2 server, and so on. It’s all relative of where the NTP is in relationship to Stratum-1 servers.
Why are there levels?
The further you get away from Stratum-0 the more delay there is. Things like jitter and network delays affect accuracy. Most of us network engineers are concerned with milliseconds (ms) of latency. Time servers are concerned with nanoseconds (ns). Even a server directly connected to a Stratum-0 reference will add 8-10 nanoseconds to UTC time.
My Mikrotik has an NTP server built in? Is that good enough?
This depends on what level of accuracy you want. Do you just need to make sure all of your routers have the same time? then synchronizing with an upstream time server is probably good enough. Having 5000 devices with the same time, AND not having to manually set them or keep them in sync manually is a huge deal.
Do you run a VOIP switch or need to be compliant when it comes to transactions on servers or need to be compliant with various things like Sox compliance you may need a more accurate time source.
What can I do for more accurate time?
Usually, a dedicated appliance is what many networks use. These are purpose built hardware that receives a signal from GPS. the more accurate you need the time, the more expensive it will become. Devices that need to be accurate to the nanosecond are usually more expensive than ones accurate to a microsecond.
If you google NTP Appliance you will get a bunch of results. If you want to setp up from what you are doing currently you can look into these links:
http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html
You must be logged in to post a comment.