The following is an estimate of loss using LTE frequencies and common building materials.
-Fiberglass -2dB
-Drywall -4dB
-6″ Concrete 12-20 dB
-Brick -10-20dB
Category Archives: Wireless
WISP Tower leasing Resources
The following are leasing companies that I have worked with on securing vertical real-estate over the years. This is not a total list of tower companies. If you provide co-location services to Wireless ISPs and want to be included please reach out to me. Donations motivate me to update these lists. Ones with a Star next to them are WISP friendly from our dealings.
American Tower
https://www.americantower.com/
Clearview Tower
http://clearviewtower.squarespace.com/
Crown Castle
https://www.crowncastle.com/
Heartland Tower
http://www.heartlandtower.com/
Insite Wireless
https://insitewireless.com/
Melody Wireless
http://www.melodywireless.com/
MidAmerica Towers
https://midamericatowers.com/
Nexus Towers
https://nexustowers.com/
Subcarrier Communications
https://www.subcarrier.com/
Tillman Infrastructure
https://www.tillmaninfrastructure.com/
TowerCO
https://www.towerco.com/TowerSearch
Towersites.com
https://tower-sites.com/
Tower Ventures
https://towerventures.com/
Vertical Bridge
http://www.verticalbridge.com/
Justin’s List of xISP vendors and resources
I have been working on this list for a while. The following are vendors, manufacturers, and various companies I have dealt with in my career as an ISP owner and consultant. This is not a complete list by any means. These are companies I have dealt with personally and/or are sponsors of this site. Companies with the are ones that support this blog and I personally recommend. I don’t recommend them just because they support this blog, but because they provide a good product or service. If you would like to be included on this list please contact me as I am working on more detailed lists per category. This is a starting point for those looking to narrow down some focus of their research.
Distributors
ISP Supplies
Texas-based distributor carrying a big number of product lines such as Cambium, Mikrotik, Airspan, and many others
Baltic Networks
Chicagoland based distributor carrying product lines such as Mikrotik, Cambium, and others.
CTIconnect
Distributor of fixed wireless and telecommunications infrastructure for Internet Service Providers (ISP’s), Cable Operators, Telephone Companies
Billing
Azotel
Mature billing solution which can
manage all aspects of your ISP.
Sonar
Modern Billing software with many backend automation
VISP
Automation and control of your WISP customers
More Billing providers can be found at xISP billing platforms
Manufacturers
Baicells
LTE and CBRS based solutions
Cambium Networks
Manufacturer of fixed wireless products such as EMP, 450, and cnPilot wireless.
Mikrotik
Manufacturer of Mikrotik routers and RouterOS routing and switching products
Ubiquiti
Manufacturer of WISP and WIFI products. Product lines include AirFiber and Unifi.
Tower Related
TowerOne
Training and equipment to keep climbers and companies compliant and safe. Large selection of needed items such as Harnesses and rope related items for tower work.
Voice
Atheral
Unified communications with experts to help you migrate and stay compliant. Here is a link to a podcast I did with Ateral.
True IP Solutions
Unified communications solutions integrated
with access and camera solutions.
Training
Rick Frey
mikrotik training and certification as well
as consulting and integrations solutions
LinkTechs
Training on Mikrotik and distributor of related products
More info on training for the xISP
Supporting Services
TowerCoverage
RF Mapping and Modeling for tower sites and customer pre-qualification
Wireless Mapping
Radio Mapping, two-way radio, mark study information, and Municipal broadband.
IntelPath
Microwave and Millimeter Wavechannel procurement.
Organizations, web-sites, and groups
WISPA
Trade Organization supporting Wireless Internet Service Providers=
Cambium Users group on Facebook
YouTube Channels
TheBrothersWISP
Networking, ISP, and related topics
Did I forget you? Would you like to sponsor this blog and your name listed? Contact me for more information.
Amazon Sidewalk is announced
Amazon has announced a new feature called Sidewalk.
When enabled, Sidewalk uses a small portion of your Internet bandwidth to provide these services to you and your neighbors. This setting will apply to all of your supported Echo and Ring devices that are linked to your Amazon account.
In essence, what this does is it uses Bluetooth running in the 900MHZ band to form an adjacency with neighbors and other Sidewalk enabled devices. In the old CB terms, we might call this a sideband connection. Amazon is using a portion of a sidewalk enabled device to create a shared network in your community. Some of the examples they use are for locating lost pets with a sensor tied to their collar. As the pet passes your neighbor’s sidewalk enabled hub you will see that on a map. Another example might be a sensor that can’t see your wifi network but might see the neighbors.
You can read more at the link below, but here is the quick and dirty from their FAQ.
How does Amazon Sidewalk work?
Customers with a Sidewalk Bridge (today, many Echo devices, Ring Floodlight Cams and Ring Spotlight Cams) can contribute a small portion of their internet bandwidth, which is pooled together to create a shared network that benefits all Sidewalk-enabled devices in a community. Amazon Sidewalk uses Bluetooth, the 900 MHz spectrum and other frequencies to extend coverage and provide these benefits.
What does Amazon charge for use of the network?
Amazon does not charge any fees to join Amazon Sidewalk, which uses a small portion of bandwidth from a Sidewalk Bridge’s existing internet service. Standard data rates from internet providers may apply.
How will Amazon Sidewalk impact my personal wireless bandwidth and data usage?
The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.
Will I know what other Sidewalk-enabled devices are connected to my Bridge?
Preserving customer privacy and security is foundational to how we’ve built Amazon Sidewalk. Information transferred over Sidewalk Bridges is encrypted and Bridge customers are not able to see that Sidewalk-enabled devices are connected to their Bridge. Customers who own Sidewalk-enabled devices will know they are connected to Sidewalk but will not be able to identify which Bridge they are connected to. For more information, visit our whitepaper here.
The problem with broadband projects in general
Before Covid I tried to attend as many meetings community leaders and towns had about bringing broadband to their communities. This is what you are supposed to in order to let the leaders know you, or in my case, my clients are there, right? Sometimes I would attend to provide my input as part of giving back to a community.
I have found some similarities in these meetings and workshops. Let’s go over them. If you are a community leader don’t let yourself fall into some of these.
The High-Level view
The high-level view starts out with noble intentions. The leaders want to get broadband to underserved areas. They have not bothered to dig deeper into seeing what is actually in the areas they want to cover. These folks may have called the ISP they have or someone their family has. they don’t actually know which providers service what areas. In their defense it’s not their job to. What they do with these meetings determines if progress is made or not. I have been in meetings where there have been four providers that service the area in question. The leaders say they must do more studies to see who is in the area. You literally have four sitting at your table who can tell you what they service. Take their information, take their maps and progress.
Bedazzled by the incumbent
Typically this person has XYZ Internet at their home and they love it. They love it so much they want it everywhere. This is great, but there are reasons that XYZ Internet is not everywhere. Otherwise, you would not be doing these meetings. Some of this is due to lack of money. Either XYZ Internet does not have enough or the return just is not there. This leader is one of the most hampering of all. I have been in many meetings where the small local company is putting their own money into investing in the community and this type of leader overlooks the small company. They even go as far to suggest the local company help XYZ become bigger in their own service area.
These leaders often invite their beau to these meetings to give their take on broadband in the area. Sometimes these companies are honest and straightforward. Sometimes they paint the picture they are the only ones who can solve the broadband issue.
The “let’s do a study” crowd
Studies are nice. They give you nice graphs, charts, and tons of fluff information about an area. It makes for good reading for those who like to learn about facts. These folks are probably the ones who know the stats of many sports figures, who lived in the prominent houses in the lcoal towns and other facts. They are willing to spend twenty thousand dollars on a piece of paper to get this information. In many instances, sitting down with the right group of people could tell you 90% of the information you need.
Unrealistic goals
Let’s face it, not everyone knows everything about the topic they are trying to address. Being able to provide gigabit to every home is a nice goal, but is hard to achieve. Not everyone needs or wants gigabit. In my county and the surrounding area, there are towns of only three or four houses. Unless lots of government money is involved fiber will not be coming to them anytime soon.
The academic
These are usually the most frustrating for the existing ISP. Terms like focus groups and thirty thousand foot view are thrown around. They are usually applying for some grants or RPF. They already have their goal and possibly the outcome in mind. They are not there to solve issues but to get the “bigger picture”. They may only know broadband from buzzwords. 5G and internet of everything are thrown around alot.
What folks do you see at these meetings? Let me know as we are working on a funny video.
Siklu Case study 80 GHZ Indianapolis Indiana
Some photos from a Siklu 80GHZ deployment in Downtown Indianapolis, Indiana. This was deployed by On-Ramp Indiana (https://www.ori.net). The problem being solved is moving video files around a network in order to get it to smart screens and projectors. This is a very urban area and wireless was pretty much the only option to get from building to building.
Siklu 80GHZ was on the shortlist due to the distances involved. Another consideration was the footprint of the equipment. The equipment had to be as low profile as possible.
Another needed aspect of this network was the ability to move traffic around at layer 2. Not all traffic is IP based in this type of network.
Equipment used
Ether Haul 1200FX
https://www.siklu.com/product/etherhaul-kilo-series/
Some technical Details
As you can see traffic is reasonably consistent in the 80-100 meg range. We needed a solution that did not slow down due to interference. A possible 10’s of thousands of visitors to this attraction in a weekend, reliability and performance were critical. When this was installed we did not know about COVID, but this is an attraction people can enjoy from their cars and social distancing. This use added to the visibility of this attraction, thus making the reliability even more crucial.
Articles about the finished product
https://www.wthr.com/article/news/local/monument-circle-get-new-light-show-time-holidays/531-ef1819ca-5f27-4886-9283-17e481c33f39
On-Ramp Indiana Contacts www.ori.net 317.774.2100
Mikrotik Audience
This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
Unlock with PatreonPhoto Sunday
Follow me on Instagram for technology, and sometimes not technology, related photos.
@j2sw
WIFI calling port forwarding
Recently I came across a need to do some port forwarding for wifi calling. I have assembled a resource guide to help you if you need to do such things. IPSEC should be allowed per RFC 5996 https://tools.ietf.org/html/rfc5996 for all wifi calling
Verizon
https://community.verizonwireless.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659
UDP ports 500 and 4500 open to sg.vzwfemto.com and wo.vzwwo.com
TMobile
https://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-network
IPv4 Address Block: 208.54.0.0/17 and 66.94.0.0/19:
UDP Ports 500 and 4500
5061 for SIP/TLS
TCP port 443 and 993
Also whitelist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36
AT&T
https://www.att.com/support/article/wireless/KM1114459/
UDP Ports 500 and 4500
TCP Port 143
Whitelist the following:
- epdg.epc.att.net
- sentitlement2.mobile.att.net
- vvm.mobile.att.net
Sprint
UDP Ports 500 and 4500
Any of the above is subject to change.
OpenVPN, rooter project, and Mikrotik
Over the past couple of weeks, I have been fighting with getting an LTE device running The Rooter Project to establish an OpenVPN connection with a Mikrotik router. Apparently, OPENVPN is the only option when it comes to VPNs on The Rooter Project. For the purpose of this article, I am going to refer to the software as “the rooter”. This is just to denote the device running The Rooter Project software. In my case, this is a GL.iNET GL-X750 LTE device.
There are two parts to this setup. The OpenVPN setup on the Mikrotik and the setup on the rooter.
Mikrotik Setup
The Mikrotik setup is pretty straight forward. There are some great tutorials out there for a more in-depth setup. The RouterOS version I used for this setup is 6.47.
Creating Certificates
You will need to create 3 certificates on the Mikrotik.
1. cert_export_ca-certificate.crt, 2.cert_export_client-certificate.crt3.cert_export_client-certificate.key
/certificate add name=ca-template common-name=example.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server add name=client-template common-name=client.example.com days-valid=3650 key-size=2048 key-usage=tls-client
Signing Certificates
Once you have created the above certificates you will need to sign them with the following
/certificate sign ca-template name=ca-certificate sign server-template name=server-certificate ca=ca-certificate sign client-template name=client-certificate ca=ca-certificate
Exporting Certificates
Run the following commands to add a passphrase to your key certificate and export them to files
/certificate export-certificate ca-certificate export-passphrase="" export-certificate client-certificate export-passphrase=j2sw123com
This will give you three files: cert_export_ca-certificate.crt, cert_export_client-certificate.crt, and cert_export_client-certificate.key. Download these out of “files” from the Mikrotik to the same computer you have access to the rooter on. I like to rename them to ca.crt, client.crt, and client.key so I can keep track of what is what.
Rooter Client Setup
Caveats
I could not find out how to make the operating system read a config file I would edit by hand. Even after a reboot, the config file would not be read. I am not sure if there is a command to read it into the running-config. If someone knows, let me know and that will make this process much easier.
client dev tun proto tcp remote example.com 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key remote-cert-tls server cipher AES-128-CBC auth SHA1 auth-user-pass redirect-gateway def1 verb 3
In my rooter, the config is in /var/etc. I would cat this occasionally to make sure I did not have any extra options turned on. Since I could not make my edits the file stick, I would make the below changes in the GUI and verify they matched up to my above file.
If your OpenVPN is using a username and password create a file named passowrd.txt and put the username on the first line and the password on the second.
You will need that file along with the three files you generate on the Mikrotik above.
Log in to the router and create you an open VPN instance. In my case, I named it Nexstream because this is who I was working for on this project. You can name it anything you want.
Click on edit and you will be brought to the following screens. Fill them out as shown.
When you get to the bottom this is where you upload your password.text and your cert and key files. If you see anything missing go to the bottom and select the field and click add.
Make sure to hit save and apply before proceeding. Click on “switch to advanced configuration”. Match up your configuration with the following screenshots, which match up with the above config file. You are just basically making the proper checkboxes to match the plain text config I posted above. Again, if anyone knows how to get OpenVPN. on the rooter to read the config in let me know.
Once you have the GUI part done and the certs uploaded to the rooter you will need to deal with the keyphrase via the command line. Simply SSH to the rooter. The below code is a generic code for changing the client.key to not ask for a passphrase anymore.
cd /etc/luci-uploads/ openssl.exe rsa -in client.key -out client.key Enter pass phrase for client.key: j2sw123com writing RSA key
Couple of things to note about the process.
1. Your location may vary. You must either be inside the directory with your keys or provide the path to the keys in the OpenSSL command
2.when I uploaded the keys it changed them to cbid.openvpn.FRIENDLYNAME.key.
what my actual code looked like to change the passphrase
cd /etc/luci-uploads/ openssl.exe rsa -in cbid.openvpn.vpnout.key -out cbid.openvpn.vpnout.key Enter pass phrase for client.key: j2sw123com writing RSA key
If everything goes well you will be rewarded with the following screen on your OpenVPN main page. If, for some reason, it does not start the system log is actually pretty informative on what is going on.
