WISP Tower leasing Resources

The following are leasing companies that I have worked with on securing vertical real-estate over the years. This is not a total list of tower companies. If you provide co-location services to Wireless ISPs and want to be included please reach out to me. Donations motivate me to update these lists. Ones with a Star next to them are WISP friendly from our dealings.


American Tower
https://www.americantower.com/

Clearview Tower
http://clearviewtower.squarespace.com/

Crown Castle
https://www.crowncastle.com/

Heartland Tower
http://www.heartlandtower.com/

Insite Wireless
https://insitewireless.com/

KGI
https://kgiwireless.com/

Melody Wireless
http://www.melodywireless.com/

MidAmerica Towers
https://midamericatowers.com/

Nexus Towers
https://nexustowers.com/

SBA
https://www.sbasite.com/

Subcarrier Communications
https://www.subcarrier.com/

Tillman Infrastructure
https://www.tillmaninfrastructure.com/

TowerCO
https://www.towerco.com/TowerSearch

Towersites.com
https://tower-sites.com/

Tower Ventures
https://towerventures.com/

Vertical Bridge
http://www.verticalbridge.com/

Justin’s List of xISP vendors and resources

I have been working on this list for a while. The following are vendors, manufacturers, and various companies I have dealt with in my career as an ISP owner and consultant. This is not a complete list by any means. These are companies I have dealt with personally and/or are sponsors of this site. Companies with the are ones that support this blog and I personally recommend.  I don’t recommend them just because they support this blog, but because they provide a good product or service. If you would like to be included on this list please contact me as I am working on more detailed lists per category.  This is a starting point for those looking to narrow down some focus of their research.

Distributors
ISP Supplies
Texas-based distributor carrying a big number of product lines such as Cambium, Mikrotik, Airspan, and many others

Baltic Networks
Chicagoland based distributor carrying product lines such as Mikrotik, Cambium, and others.

CTIconnect
Distributor of fixed wireless and telecommunications infrastructure for Internet Service Providers (ISP’s), Cable Operators, Telephone Companies

Double Radius


Billing
Azotel
Mature billing solution which can
manage all aspects of your ISP.

Sonar
Modern Billing software with many backend automation

VISP
Automation and control of your WISP customers

More Billing providers can be found at xISP billing platforms


Manufacturers
Baicells
LTE and CBRS based solutions

Cambium Networks
Manufacturer of fixed wireless products such as EMP, 450, and cnPilot wireless.

Mikrotik
Manufacturer of Mikrotik routers and RouterOS routing and switching products

Ubiquiti
Manufacturer of WISP and WIFI products. Product lines include AirFiber and Unifi.


Tower Related
TowerOne
Training and equipment to keep climbers and companies compliant and safe. Large selection of needed items such as Harnesses and rope related items for tower work.


Voice
Atheral
Unified communications with experts to help you migrate and stay compliant. Here is a link to a podcast I did with Ateral.

True IP Solutions
Unified communications solutions integrated
with access and camera solutions.


Training
Rick Frey
mikrotik training and certification as well
as consulting and integrations solutions

LinkTechs
Training on Mikrotik and distributor of related products

More info on training for the xISP 


Supporting Services
TowerCoverage
RF Mapping and Modeling for tower sites and customer pre-qualification

Wireless Mapping
Radio Mapping, two-way radio, mark study information, and Municipal broadband.

IntelPath
Microwave and Millimeter Wavechannel procurement.


Organizations, web-sites, and groups
WISPA
Trade Organization supporting Wireless Internet Service Providers=

WISP Talk on Facebook

Cambium Users group on Facebook


YouTube Channels 
TheBrothersWISP
Networking, ISP, and related topics

MSFixit


Did I forget you? Would you like to sponsor this blog and your name listed? Contact me for more information.

Denial of Service and the xISP Part 1

Most service providers have been the victim of a Denial of Service (DoS) attack at one point or another. Sometimes you may not realize you are under an attack. A few months ago, I posted a simple screenshot at https://blog.j2sw.com/networking/anatomy-of-a-ddos/ of what an active DDoS looks like.

Types of Attacks
In order to know what to look for you have to understand the four basic types of attacks. I will outline this and talk about how modern attacks are affecting Internet Service Providers (ISPs). In my next article, we will talk about identifying these types of attacks and some mitigation techniques you can employ.

Throw everything at you attack aka Buffer overflow
This type of attack is throwing enormous amounts of traffic at you to fill up your switch and router buffers, causing the device to exceed its capabilities. Your devices become crushed by an overwhelming volume of data throw at them. This attack isn’t always sheer bandwidth. Sometimes it is tens of thousands of remote connections.

Attacking vulnerable protocols
Attackers go after exposed services like ICMP to do amplification attacks. Fragmented packets, which keep the router tied up are also a common method of attacking a host.

Application attacks
These are the ones most consumers hear about. Vulnerabilities in operating systems, applications, and packages are exploited and used in attacks.

Hacks
The fourth kind is not lumped in with Application attacks, but I wanted to separate it for a few reasons. The first reason is that someone compromising a system is not always sophisticated. If a bad actor guessed the password on your router and erased the configuration, they have performed a Denial of Service against you. If you don’t keep your software up-to-date and someone exploits a backdoor and “hacks” your system, they have performed of DoS attack.

Modern Attacks against networks
Modern DoS attacks are always evolving. As network administrators find ways to mitigate these attacks, the bad actors find ways to tweak them and get around mitigation techniques employed by providers. Most of the exploits above involve sheer volumes of traffic or connections being directed at a host to take it offline. This attack is especially detrimental for service providers because it takes your customers offline if the attack is significant enough.

One of the most common techniques these days is the Distributed Denial of Service attack (DDoS). These are usually botnets involving thousands of compromised machines or devices acting against a host(s). These can be anywhere in the world. They could even be users inside your network with compromised machines or other devices. Distributed attacks are hard to mitigate because they can be legitimate traffic pointed at a web-server as an example. The traffic is not malicious from a technical perspective. You have thousands and thousands of machines sending legitimate requests to a web-server or other host on your network. This traffic looks legitimate but is overwhelming for your hardware and Internet pipe.

Image courtesy of https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/

So what does a DDoS look like and what are your options when it comes to Denial of Service Attacks? In my next article in this series, I will talk about some best practices you can do so you are not as vulnerable to these types of attacks.

BGP, a single /24 and two diverse non-connected exit points

I am starting to see the following scenario more and more as IPv4 space is hard to get, but isn’t.

With ARIN it is still possible to get an IPv4 allotment. Many smaller ISPs qualify for a /24 and can get one if they wait long enough on the ARIN waiting list. a /24 of IPv4 space is the smallest block that 99% of the Internet allows to be advertised on the Capital I Internet. There are filter rules in place that drop smaller prefixes because that is the agreed upon norm.

So what happens if you are an ISP and you have a shiny new /24 but you have two networks which are not connected. Let’s look at our scenario.

The above network have no connectivity between the two of them on the internal side. These could be half way across the world or next door. If they were half way across the world it would make sense to try and get another /24. Maybe they are either side of a big mountain or one is down in a valley and there is no way to get a decent link between the two networks.

So what is a way you can use this /24 and still be able to assign IP addresses to both sides of the network? One way is to use a tunnel between your two edge routers.

Without the tunnel the scenario is traffic could come into network1, but if the IP is assigned on network 2 it will come back as unreachable. BGP is all about networks finding the shortest path to other networks. You don’t have much control over how networks find your public IP space if you have two providers advertising the same information. Some of the Internet will come in Network2 and some will come in Network1.

By running a tunnel between the two you can now subnet out that /24 into two eqal /25s and assign one /25 Network1 and one /25 to Network2 or however you want to. You can make the tunnel a GRE, EOIP, or other tunnel type. If I am using Mikrotik I prefer to use EOIP. If it’s another vendor I tend to use GRE.

Once the tunnel is established you can use static routing, OSPF, or your favorite IGP (interior Gateway Protocol) to “tell” one side about the routes on the other side. Let’s look at a fictional use.

In the above example our fictional ISP has an IPv4 block of 1.2.3.0/24. They have two networks separated by a tall mountain range in the center. It’s too cost prohibitive to run fiber or a wireless backhaul between the two networks so they have two different upstream providers. The ISP is advertising this /24 via BGP to Upstream1 from the Network 1 router. Network 2 router is also advertising the same /24 via BGP to Upstream 2.

We now create a Tunnel between the Mikrotiks. As mentioned before this can be EOIP, GRE, etc. We won’t go into the details of the tunnel but let’s assume the ISP is using Mikrotik. We create an EOIP tunnel (tons of tutorials out there) between Network 1 router and Network 2 router. Once this is established we will use 172.16.200.0/30 as our “Glue” on our tunnel interfaces at each side. Network 1 router gets 172.16.200.1/30. Network 2 router gets 172.16.200.2/30

To keep it simple we have a static route statement on the Network 1 Mikrotik router that looks like this:

/ip route add dst-address=1.2.3.129/25 gateway=172.16.200.2

This statement routes any traffic that comes in for 1.2.3.128/25 via ISP 1 to network1 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.

Conversely, we have a similar statement in the Network 2 Mikrotik router

/ip route add dst-address=1.2.3.0/25 gateway=172.16.200.1

This statement routes any traffic that comes in for 1.2.3.0/25 via ISP 2 to network2 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.

It’s as simple as that. You can apply this to any other vendor such as Cisco, Juniper, PFSense, etc. You also do not have to split the network into even /25’s like I did. You can choose to have os of the ips available on one side and route a /29 or something to the other side.

The major drawback of this scenario is you will takef a speed hit because if the traffic comes in one side and has to route across the tunnel it will have to go back out to the public internet and over to the other ISP.

#packetsdownrange

Netbox Mikrotik Ansible Config generator

So, due to Covid, weather and everything else I am quite behind on blog updates and such. this is one that kinda fell through the cracks. I meant to get this out much sooner than now. My buddy Schylar Utley has a pretty cool projects for optimizing CPE deployments and such.

Check them out at https://github.com/MajesticFalcon

I have included an old video to give you an idea. I am sure things have changed since this video was created.

Mikrotik Connection tracking and CPU usage

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

The problem with broadband projects in general

Before Covid I tried to attend as many meetings community leaders and towns had about bringing broadband to their communities. This is what you are supposed to in order to let the leaders know you, or in my case, my clients are there, right? Sometimes I would attend to provide my input as part of giving back to a community.

I have found some similarities in these meetings and workshops. Let’s go over them. If you are a community leader don’t let yourself fall into some of these.

The High-Level view
The high-level view starts out with noble intentions. The leaders want to get broadband to underserved areas. They have not bothered to dig deeper into seeing what is actually in the areas they want to cover. These folks may have called the ISP they have or someone their family has. they don’t actually know which providers service what areas. In their defense it’s not their job to. What they do with these meetings determines if progress is made or not. I have been in meetings where there have been four providers that service the area in question. The leaders say they must do more studies to see who is in the area. You literally have four sitting at your table who can tell you what they service. Take their information, take their maps and progress.

Bedazzled by the incumbent
Typically this person has XYZ Internet at their home and they love it. They love it so much they want it everywhere. This is great, but there are reasons that XYZ Internet is not everywhere. Otherwise, you would not be doing these meetings. Some of this is due to lack of money. Either XYZ Internet does not have enough or the return just is not there. This leader is one of the most hampering of all. I have been in many meetings where the small local company is putting their own money into investing in the community and this type of leader overlooks the small company. They even go as far to suggest the local company help XYZ become bigger in their own service area.

These leaders often invite their beau to these meetings to give their take on broadband in the area. Sometimes these companies are honest and straightforward. Sometimes they paint the picture they are the only ones who can solve the broadband issue.

The “let’s do a study” crowd
Studies are nice. They give you nice graphs, charts, and tons of fluff information about an area. It makes for good reading for those who like to learn about facts. These folks are probably the ones who know the stats of many sports figures, who lived in the prominent houses in the lcoal towns and other facts. They are willing to spend twenty thousand dollars on a piece of paper to get this information. In many instances, sitting down with the right group of people could tell you 90% of the information you need.

Unrealistic goals
Let’s face it, not everyone knows everything about the topic they are trying to address. Being able to provide gigabit to every home is a nice goal, but is hard to achieve. Not everyone needs or wants gigabit. In my county and the surrounding area, there are towns of only three or four houses. Unless lots of government money is involved fiber will not be coming to them anytime soon.

The academic
These are usually the most frustrating for the existing ISP. Terms like focus groups and thirty thousand foot view are thrown around. They are usually applying for some grants or RPF. They already have their goal and possibly the outcome in mind. They are not there to solve issues but to get the “bigger picture”. They may only know broadband from buzzwords. 5G and internet of everything are thrown around alot.

What folks do you see at these meetings? Let me know as we are working on a funny video.

Siklu Case study 80 GHZ Indianapolis Indiana

Some photos from a Siklu 80GHZ deployment in Downtown Indianapolis, Indiana. This was deployed by On-Ramp Indiana (https://www.ori.net). The problem being solved is moving video files around a network in order to get it to smart screens and projectors. This is a very urban area and wireless was pretty much the only option to get from building to building.

Siklu 80GHZ was on the shortlist due to the distances involved. Another consideration was the footprint of the equipment. The equipment had to be as low profile as possible.

Another needed aspect of this network was the ability to move traffic around at layer 2. Not all traffic is IP based in this type of network.

Equipment used
Ether Haul 1200FX
https://www.siklu.com/product/etherhaul-kilo-series/

Right above the observation windows, you can see the Siklu just to the right of the center corner

Some technical Details

Average traffic over the past 2 months

As you can see traffic is reasonably consistent in the 80-100 meg range. We needed a solution that did not slow down due to interference. A possible 10’s of thousands of visitors to this attraction in a weekend, reliability and performance were critical. When this was installed we did not know about COVID, but this is an attraction people can enjoy from their cars and social distancing. This use added to the visibility of this attraction, thus making the reliability even more crucial.

Articles about the finished product
https://www.wthr.com/article/news/local/monument-circle-get-new-light-show-time-holidays/531-ef1819ca-5f27-4886-9283-17e481c33f39

https://www.wthr.com/article/news/local/new-light-show-sound-system-entertain-monument-circle-visitors/531-576ce095-501c-41c6-913a-518a0cc05779

On-Ramp Indiana Contacts www.ori.net 317.774.2100