Another water tower install earlier this year for a client. To critique our own work the cables were moved under the mounts after these pictures were taken. this was done to minimize damage to the cables.
The following are leasing companies that I have worked with on securing vertical real-estate over the years. This is not a total list of tower companies. If you provide co-location services to Wireless ISPs and want to be included please reach out to me. Donations motivate me to update these lists. Ones with a Star next to them are WISP friendly from our dealings.
I have been working on this list for a while. The following are vendors, manufacturers, and various companies I have dealt with in my career as an ISP owner and consultant. This is not a complete list by any means. These are companies I have dealt with personally and/or are sponsors of this site. Companies with the are ones that support this blog and I personally recommend. I don’t recommend them just because they support this blog, but because they provide a good product or service. If you would like to be included on this list please contact me as I am working on more detailed lists per category. This is a starting point for those looking to narrow down some focus of their research.
Texas-based distributor carrying a big number of product lines such as Cambium, Mikrotik, Airspan, and many others
Chicagoland based distributor carrying product lines such as Mikrotik, Cambium, and others.
Distributor of fixed wireless and telecommunications infrastructure for Internet Service Providers (ISP’s), Cable Operators, Telephone Companies
Mature billing solution which can
manage all aspects of your ISP.
Modern Billing software with many backend automation
Automation and control of your WISP customers
More Billing providers can be found at xISP billing platforms
LTE and CBRS based solutions
Manufacturer of fixed wireless products such as EMP, 450, and cnPilot wireless.
Manufacturer of Mikrotik routers and RouterOS routing and switching products
Manufacturer of WISP and WIFI products. Product lines include AirFiber and Unifi.
Training and equipment to keep climbers and companies compliant and safe. Large selection of needed items such as Harnesses and rope related items for tower work.
True IP Solutions
Unified communications solutions integrated
with access and camera solutions.
mikrotik training and certification as well
as consulting and integrations solutions
Training on Mikrotik and distributor of related products
More info on training for the xISP
RF Mapping and Modeling for tower sites and customer pre-qualification
Radio Mapping, two-way radio, mark study information, and Municipal broadband.
Microwave and Millimeter Wavechannel procurement.
Organizations, web-sites, and groups
Trade Organization supporting Wireless Internet Service Providers=
Networking, ISP, and related topics
Did I forget you? Would you like to sponsor this blog and your name listed? Contact me for more information.
Most service providers have been the victim of a Denial of Service (DoS) attack at one point or another. Sometimes you may not realize you are under an attack. A few months ago, I posted a simple screenshot at https://blog.j2sw.com/networking/anatomy-of-a-ddos/ of what an active DDoS looks like.
Types of Attacks
In order to know what to look for you have to understand the four basic types of attacks. I will outline this and talk about how modern attacks are affecting Internet Service Providers (ISPs). In my next article, we will talk about identifying these types of attacks and some mitigation techniques you can employ.
Throw everything at you attack aka Buffer overflow
This type of attack is throwing enormous amounts of traffic at you to fill up your switch and router buffers, causing the device to exceed its capabilities. Your devices become crushed by an overwhelming volume of data throw at them. This attack isn’t always sheer bandwidth. Sometimes it is tens of thousands of remote connections.
Attacking vulnerable protocols
Attackers go after exposed services like ICMP to do amplification attacks. Fragmented packets, which keep the router tied up are also a common method of attacking a host.
These are the ones most consumers hear about. Vulnerabilities in operating systems, applications, and packages are exploited and used in attacks.
The fourth kind is not lumped in with Application attacks, but I wanted to separate it for a few reasons. The first reason is that someone compromising a system is not always sophisticated. If a bad actor guessed the password on your router and erased the configuration, they have performed a Denial of Service against you. If you don’t keep your software up-to-date and someone exploits a backdoor and “hacks” your system, they have performed of DoS attack.
Modern Attacks against networks
Modern DoS attacks are always evolving. As network administrators find ways to mitigate these attacks, the bad actors find ways to tweak them and get around mitigation techniques employed by providers. Most of the exploits above involve sheer volumes of traffic or connections being directed at a host to take it offline. This attack is especially detrimental for service providers because it takes your customers offline if the attack is significant enough.
One of the most common techniques these days is the Distributed Denial of Service attack (DDoS). These are usually botnets involving thousands of compromised machines or devices acting against a host(s). These can be anywhere in the world. They could even be users inside your network with compromised machines or other devices. Distributed attacks are hard to mitigate because they can be legitimate traffic pointed at a web-server as an example. The traffic is not malicious from a technical perspective. You have thousands and thousands of machines sending legitimate requests to a web-server or other host on your network. This traffic looks legitimate but is overwhelming for your hardware and Internet pipe.
So what does a DDoS look like and what are your options when it comes to Denial of Service Attacks? In my next article in this series, I will talk about some best practices you can do so you are not as vulnerable to these types of attacks.
I am starting to see the following scenario more and more as IPv4 space is hard to get, but isn’t.
With ARIN it is still possible to get an IPv4 allotment. Many smaller ISPs qualify for a /24 and can get one if they wait long enough on the ARIN waiting list. a /24 of IPv4 space is the smallest block that 99% of the Internet allows to be advertised on the Capital I Internet. There are filter rules in place that drop smaller prefixes because that is the agreed upon norm.
So what happens if you are an ISP and you have a shiny new /24 but you have two networks which are not connected. Let’s look at our scenario.
The above network have no connectivity between the two of them on the internal side. These could be half way across the world or next door. If they were half way across the world it would make sense to try and get another /24. Maybe they are either side of a big mountain or one is down in a valley and there is no way to get a decent link between the two networks.
So what is a way you can use this /24 and still be able to assign IP addresses to both sides of the network? One way is to use a tunnel between your two edge routers.
Without the tunnel the scenario is traffic could come into network1, but if the IP is assigned on network 2 it will come back as unreachable. BGP is all about networks finding the shortest path to other networks. You don’t have much control over how networks find your public IP space if you have two providers advertising the same information. Some of the Internet will come in Network2 and some will come in Network1.
By running a tunnel between the two you can now subnet out that /24 into two eqal /25s and assign one /25 Network1 and one /25 to Network2 or however you want to. You can make the tunnel a GRE, EOIP, or other tunnel type. If I am using Mikrotik I prefer to use EOIP. If it’s another vendor I tend to use GRE.
Once the tunnel is established you can use static routing, OSPF, or your favorite IGP (interior Gateway Protocol) to “tell” one side about the routes on the other side. Let’s look at a fictional use.
In the above example our fictional ISP has an IPv4 block of 188.8.131.52/24. They have two networks separated by a tall mountain range in the center. It’s too cost prohibitive to run fiber or a wireless backhaul between the two networks so they have two different upstream providers. The ISP is advertising this /24 via BGP to Upstream1 from the Network 1 router. Network 2 router is also advertising the same /24 via BGP to Upstream 2.
We now create a Tunnel between the Mikrotiks. As mentioned before this can be EOIP, GRE, etc. We won’t go into the details of the tunnel but let’s assume the ISP is using Mikrotik. We create an EOIP tunnel (tons of tutorials out there) between Network 1 router and Network 2 router. Once this is established we will use 172.16.200.0/30 as our “Glue” on our tunnel interfaces at each side. Network 1 router gets 172.16.200.1/30. Network 2 router gets 172.16.200.2/30
To keep it simple we have a static route statement on the Network 1 Mikrotik router that looks like this:
/ip route add dst-address=184.108.40.206/25 gateway=172.16.200.2
This statement routes any traffic that comes in for 220.127.116.11/25 via ISP 1 to network1 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.
Conversely, we have a similar statement in the Network 2 Mikrotik router
/ip route add dst-address=18.104.22.168/25 gateway=172.16.200.1
This statement routes any traffic that comes in for 22.214.171.124/25 via ISP 2 to network2 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.
It’s as simple as that. You can apply this to any other vendor such as Cisco, Juniper, PFSense, etc. You also do not have to split the network into even /25’s like I did. You can choose to have os of the ips available on one side and route a /29 or something to the other side.
The major drawback of this scenario is you will takef a speed hit because if the traffic comes in one side and has to route across the tunnel it will have to go back out to the public internet and over to the other ISP.
So, due to Covid, weather and everything else I am quite behind on blog updates and such. this is one that kinda fell through the cracks. I meant to get this out much sooner than now. My buddy Schylar Utley has a pretty cool projects for optimizing CPE deployments and such.
Check them out at https://github.com/MajesticFalcon
I have included an old video to give you an idea. I am sure things have changed since this video was created.
Before Covid I tried to attend as many meetings community leaders and towns had about bringing broadband to their communities. This is what you are supposed to in order to let the leaders know you, or in my case, my clients are there, right? Sometimes I would attend to provide my input as part of giving back to a community.
I have found some similarities in these meetings and workshops. Let’s go over them. If you are a community leader don’t let yourself fall into some of these.
The High-Level view
The high-level view starts out with noble intentions. The leaders want to get broadband to underserved areas. They have not bothered to dig deeper into seeing what is actually in the areas they want to cover. These folks may have called the ISP they have or someone their family has. they don’t actually know which providers service what areas. In their defense it’s not their job to. What they do with these meetings determines if progress is made or not. I have been in meetings where there have been four providers that service the area in question. The leaders say they must do more studies to see who is in the area. You literally have four sitting at your table who can tell you what they service. Take their information, take their maps and progress.
Bedazzled by the incumbent
Typically this person has XYZ Internet at their home and they love it. They love it so much they want it everywhere. This is great, but there are reasons that XYZ Internet is not everywhere. Otherwise, you would not be doing these meetings. Some of this is due to lack of money. Either XYZ Internet does not have enough or the return just is not there. This leader is one of the most hampering of all. I have been in many meetings where the small local company is putting their own money into investing in the community and this type of leader overlooks the small company. They even go as far to suggest the local company help XYZ become bigger in their own service area.
These leaders often invite their beau to these meetings to give their take on broadband in the area. Sometimes these companies are honest and straightforward. Sometimes they paint the picture they are the only ones who can solve the broadband issue.
The “let’s do a study” crowd
Studies are nice. They give you nice graphs, charts, and tons of fluff information about an area. It makes for good reading for those who like to learn about facts. These folks are probably the ones who know the stats of many sports figures, who lived in the prominent houses in the lcoal towns and other facts. They are willing to spend twenty thousand dollars on a piece of paper to get this information. In many instances, sitting down with the right group of people could tell you 90% of the information you need.
Let’s face it, not everyone knows everything about the topic they are trying to address. Being able to provide gigabit to every home is a nice goal, but is hard to achieve. Not everyone needs or wants gigabit. In my county and the surrounding area, there are towns of only three or four houses. Unless lots of government money is involved fiber will not be coming to them anytime soon.
These are usually the most frustrating for the existing ISP. Terms like focus groups and thirty thousand foot view are thrown around. They are usually applying for some grants or RPF. They already have their goal and possibly the outcome in mind. They are not there to solve issues but to get the “bigger picture”. They may only know broadband from buzzwords. 5G and internet of everything are thrown around alot.
What folks do you see at these meetings? Let me know as we are working on a funny video.
Some photos from a Siklu 80GHZ deployment in Downtown Indianapolis, Indiana. This was deployed by On-Ramp Indiana (https://www.ori.net). The problem being solved is moving video files around a network in order to get it to smart screens and projectors. This is a very urban area and wireless was pretty much the only option to get from building to building.
Siklu 80GHZ was on the shortlist due to the distances involved. Another consideration was the footprint of the equipment. The equipment had to be as low profile as possible.
Another needed aspect of this network was the ability to move traffic around at layer 2. Not all traffic is IP based in this type of network.
Ether Haul 1200FX
Some technical Details
As you can see traffic is reasonably consistent in the 80-100 meg range. We needed a solution that did not slow down due to interference. A possible 10’s of thousands of visitors to this attraction in a weekend, reliability and performance were critical. When this was installed we did not know about COVID, but this is an attraction people can enjoy from their cars and social distancing. This use added to the visibility of this attraction, thus making the reliability even more crucial.
Articles about the finished product