The importance of phone numbers in a WISP

One of the things I see startup wisps do wrong is their use of phone numbers.  This is one of those details that is often overlooked but is critical. It’s critical not only for tracking but also for the sanity of everyone involved.  Let’s identify where many WISPs go wrong.

The typical startup wisp is a type A go-getter. This is what Entrepreneurs are by default.  Once they have a plan they jump head over heels in. Many may start with a simple phone number, but when they call a customer if they are on their way to do an install or something they end up using their phone number.  The problem is customers keep this cell phone.  If the office is closed they start texting or calling any number they have.  Some customers will be respectful of boundaries, but many will not.  If they are getting packet loss at 3 am they are calling and texting.  This problem compounds as you grow and you have multiple installers involved. You want customer issues tracked in some sort of ticket/CRM system. You also don’t want your employees ahev to answer customer texts or calls after hours if they aren’t being paid.  It’s one of the quickest ways for employees to get burnt out or say the incorrect things.

So how do you solve this? The simple buzzword answer is unified communications.  One of the easiest and cheapest is Google Voice. With Google Voice and others, you have a primary number. This is the number you give out to clients. They call this and it rings another phone or phones.  This can be an extension on the VOIP system it is a part of, another number, and/or cell phones.  Depending on the level of sophistication it can ring all the programmed numbers at once, or ring one, and move on to the next one. If no one answers it drops the caller into voice mail. With Google voice, the programmed numbers are all rang at once.

The inbound ringing is pretty standard.  The “trick” for the WISP is the outgoing calling. You want to be able to call a customer and have it come up as the main number’s caller ID, not your cell phone. Most PBX systems can be set up to do this with the extensions attached to them.  Cell phone calls are a little more complicated.  The way Google Voice solves this is through the use of forwarding numbers, You bring up the app, enter a number and it actually calls a different number.  Behind the scenes, it is using this forwarding number to “spoof” your number to the person you are calling.   Your phone is not calling the other party directly. Your phone calls this forwarding number behind the scenes and works it all out on the backend.

Other vendors have Apps which do similar functions. Asterisk has their DISA function.  Once you have these functions setup it boils down to training and processes.  Your installers need to remember to use the app or the function when calling customers.  As the company grows, a way to help this situation is for employees to not use personal cell phones.  If a company provides a cell phone the employee can customize voicemail, or even forward no answers to the help desk should a customer get the cell phone.

Hope this helps one of the glaring issues a startup faces.

Guest Article:Routers can catch viruses

Our friends over at TechWarn have their take on routers vulnerable to virus attacks

https://www.expressvpn.com/blog/can-my-router-catch-a-virus/

Big price differences between routers are often confusing to consumers as, unlike with personal computers, the quality difference is not always obvious. As routers are normally tied to a physical location, it is also rather difficult to test their reliability in different environments, unlike with highly mobile laptops or smartphones.

Routers often do not receive updates, or updates have to be manually downloaded and applied — a cumbersome process that is not an attractive option to many non-tech-savvy users.

Routers are desirable targets for attackers as they sit at a very sensitive spot on a network — right at the edge. They are a centralized point and connected to every single device in the network. Routers read all of the data that each device sends to the Internet, and if these connections are unencrypted, the router could easily inject malicious scripts and links.

Fluke Networks explains fiber polarity

https://www.flukenetworks.com/blog/cabling-chronicles/b-c-s-fiber-polarity

Polarity defines direction of flow, such as the direction of a magnetic field or an electrical current. In fiber optics, it defines the direction that light signals travels through an optical fiber.

To properly send data via light signals, a fiber optic link’s transmit signal (Tx) at one end of the cable must match the corresponding receiver (Rx) at the other end.

 

Importance of PIM in LTE

As the number of WISP LTE deployments increase, there are many things WISPs will need to be mindful of.  One such item is properly supporting antenna cables. LTE systems are more sensitive to cable issues.  In a previous blog post, I talked about pim and low-pim cables.   One of the things that can cause low pim is improperly mated cables.  If cables are not supported they can become loose over time.  Vibration from equipment or even the wind can loosen connections.

How do we support cables?
We can take a cue from the cellular industry. The following are some examples of proper cable support.  Thanks to Joshua Powell for these pics.

Where can you get these?
A good place to start are sites like sitepro1 or Tessco has a selection.

So the next time you are planning your LTE deployment think about cable support.

PHPIPAM upgrade 1.3.2 to 1.4 error and fix

Tonight I was upgrading PHPIPAM from version 1.3.2 to version 1.4 and ran into an issue.  After doing a git pull I logged into the web GUI and went to upgrade the database.  I receive the following error.

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'dbversion' in 'field list'

Since I run Webmin, I logged into Webmin and ran the following command on my database

alter table settings add column dbversion tinyint(1);

Once that was executed I was able to go back into the web GUI and upgrade the database.  I ended up with two theme errors which were easily fixed.

Indianapolis Data Center landscape

We like to refer to Indianapolis, Indiana as an “NFL  City” when explaining the connectivity and peering landscape.  It is not a large network presence like Chicago or Ashburn but has enough networks to make it a place for great interconnects.

At the heart of Indianapolis is the Indy Telcom complex.  www.indytelcom.com (currently down as of this writing).  This is also referred to as the “Henry Street” complex because West Henry Street runs past several of the buildings.   This is a large complex with many buildings on it.

One of the things many of our clients ask about is getting connectivity from building to building on the Indy Telcom campus. Lifeline Data Centers ( www.lifelinedatacenters.com ) operates a carrier hotel at 733 Henry. With at least 30 on-net carriers and access to many more 733 is the place to go for cross-connect connectivity in Indianapolis.   We have been told by Indy Telcom the conduits between the buildings on the campus are 100% full. This makes connectivity challenging at best when going between buildings. The campus has lots of space, but the buildings are on islands if you wish to establish dark fiber cross-connects between buildings. Many carriers have lit services, but due to the ways many carriers provision things getting a strand, or even a wave is not possible.  We do have some options from companies like Zayo or Lightedge for getting connectivity between buildings, but it is not like Chicago or other big Date centers.  However, there is a solution for those looking for to establish interconnections.   Lifeline also operates a facility at 401 North Shadeland, which is referred to as the EastGate facility. This facility is built on 41 acres, is FEDRAMP certified, and has a bunch of features.  There is a dark fiber ring going between 733 and 401.  This is ideal for folks looking for both co-location and connectivity.  Servers and other infrastructure can be housed at Eastgate and connectivity can be pulled from 733.  This solves the 100% full conduit issue with Indy Telcom. MidWest Internet Exchange ( www.midwest-ix.com ) is also on-net at both 401 and 733.

Another location where MidWest-IX is at is  365 Data Centers (http://www.365datacenters.com ) at 701 West Henry.  365 has a national footprint and thus draws some different clients than some of the other facilities.  365 operates Data centers in Tennessee, Michigan, New York, and others. MidWest has dark fiber over to 365 in order to bring them on their Indy fabric.

Another large presence at Henry Street is Lightbound ( www.lightbound.com ).  They have a couple of large facilities. According to PeeringDB, only three carriers are in their 731 facility.   However, their web-site lists 18+ carriers in their facilities. The web-site does not list these carriers.

I am a big fan of peeringdb for knowing who is at what facilities, where peering points are, and other geeky information.  Many of the facilities in Indianapolis are not listed on peering DB.  Some other Data Centers which we know about:

Zayo (www.zayo.com)
LightTower ( www.lightower.com )
Indiana Fiber Network (IFN) (https://ifncom.co/)
Online Tech ( www.onlinetech.com )

On the north side of Indianapolis, you have Expedient ( www.expedient.com ) in Carmel. Expedient says they have “dozens of on net carriers among all markets”.  There are some other data centers in the Indianapolis Metro area. Data Cave in Columbus is within decent driving distance.

Why WPA is not encrypting your traffic

There was a Facebook discussion that popped up tonight about how a WISP answers the question “Is your network secure?” There were many good answers and the notion of WEP vs WPA was brought up.

In today’s society, you need end-to-end encryption for data to be secure. An ISP has no control over where the customer traffic is going. Thus, by default, the ISP has no control over customer traffic being secure.  “But Justin, I run WPA on all my aps and backhauls, so my network is secure.”  Again, think about end-to-end connectivity. Every one of your access points can be encrypted, and every one of your backhauls can be encrypted, but what happens when an attacker breaks into your wiring closet and installs a sniffer on a router or switch port?What most people forget is that WPA key encryption is only going on between the router/ap and the user device.  “But I lock down all my ports.” you say.  Okay, what about your upstream? Who is to say your upstream provider doesn’t have a port mirror running that dumps all your customer traffic somewhere.  “Okay, I will just run encrypted tunnels across my entire network!. Ha! let’s see you tear down that argument!”. Again, what happens when it leaves your network?  The encryption stops at the endpoint, which is the edge of your network.

Another thing everyone hears about is hotspots. Every so often the news runs a fear piece on unsecured hotspots.  This is the same concept.  If you connect to an unsecured hotspot, it is not much different than connecting to a hotspot where the WPA2 key is on a sign behind the cashier at the local coffee shop. The only difference is the “hacker” has an easier time grabbing any unsecured traffic you are sending. Notice I said unsecured.  If you are using SSL to connect to a bank site that session is sent over an encrypted session.  No sniffing going on there.  If you have an encrypted VPN the possibility of traffic being sniffed is next to none. I say next to none because certain types of VPNs are more secure than others. Does that mean the ISP providing the Internet to feed that hotspot is insecure? There is no feasible way for the ISP to provide end to end security of user traffic on the open Internet.

These arguments are why things like SSL and VPNs exist. Google Chrome is now expecting all websites to be SSL enabled to be marked as secure. VPNs can ensure end-to-end security, but only between two points.  Eventually, you will have to leave the safety and venture out into the wild west of the internet.  Things like Intranets exist so users can have access to information but still be protected. Even most of that is over encrypted SSL these days so someone can’t install a sniffer in the basement.

So what is a WISP supposed to say about security? The WISP is no more secure than any other ISP, nor are then any less secure.  The real security comes from the customer. Things like making sure their devices are up-to-date on security patches.  This includes the often forgotten router. Things like secure passwords, paying attention to browser warnings, e-mail awareness, and other things are where the real user security lies. VPN connections to work. Using SSL ports on e-mail. Using SSH and Secure RDP for network admins. Firewalls can help, but they don’t encrypt the traffic. Does all traffic need encrypted? no.

OTV and VXLAN differences

A great article on explaining what OTV is and how it compares to VXLAN.

OTV(Overlay Transport Virtualization) is a technology that provide layer2 extension capabilities between different data centers. In its most simplest form OTV is a new DCI (Data Center Interconnect) technology that routes MAC-based information by encapsulating traffic in normal IP packets for transit”

https://www.routexp.com/2018/03/vxlan-and-otv-what-is-difference.html

Tower crews in the modern WISP

One of the questions we often are asked is why our rates for tower work are what they are. In today’s world, a tower crew needs the following, not only for themselves but to protect and do the best job for the client.

The first key is equipment.  Having a crew with proper ropes, proper lifting blocks, and pulleys, and proper safety gear goes a long way. A job can be done more efficiently with the proper tools.  In-Shape tools make a big difference. How many times have you gone to cut something with a dull blade? Tools get used up and have to be replaced.

Next up is safety and insurance.  I lump these into the same category because an insured crew is safe for the client.  Having the proper insurance protects the client from anything that may happen.  Tower work is dangerous work.  With insurance requirements comes updated training. Not only does this teach crews new methods of doing things, it helps them in becoming complacent in safety practices.

Availability is the next thing. Having a crew that can roll out in a timely manner to meet client’s needs takes a dedicated staff.  We see too many part-time crews not bringing in enough money so they are having to moonlight doing other things this lessens the availability because you have to find steady work to have quality people.

The last thing is the experience our crews have.  Having been a veteran of the WISP industry for over 12 years I have seen many ways of doing things, so Have the rest of the experienced folks in our crews. We have done night climbs, harsh weather work, and custom work.  Having someone who knows the WISP industry doing your tower work makes a huge difference.