Guest Article:Routers can catch viruses

Our friends over at TechWarn have their take on routers vulnerable to virus attacks

https://www.expressvpn.com/blog/can-my-router-catch-a-virus/

Big price differences between routers are often confusing to consumers as, unlike with personal computers, the quality difference is not always obvious. As routers are normally tied to a physical location, it is also rather difficult to test their reliability in different environments, unlike with highly mobile laptops or smartphones.

Routers often do not receive updates, or updates have to be manually downloaded and applied — a cumbersome process that is not an attractive option to many non-tech-savvy users.

Routers are desirable targets for attackers as they sit at a very sensitive spot on a network — right at the edge. They are a centralized point and connected to every single device in the network. Routers read all of the data that each device sends to the Internet, and if these connections are unencrypted, the router could easily inject malicious scripts and links.

The changing RF landscape for WISPs

Recently, there have been some discussions on Facebook about waining support for 2.4GHZ .  KP Performance recently published a Future of 5GHZ and beyond blog post. So why all this focus on 5GHZ and why are people forgetting about 2.4?

To answer this question, we need to update our thinking on the trends in networks, not just wireless networks.  Customers are demanding more and more speed. Network backbones and delivery nodes have to be updated to keep up with this demand. For anything but 802.11 wifi,2.4GHZ can’t keep up with the bandwidth needs.

One of the significant limitations of many 2.4 radios is they use frequency-hopping spread spectrum (FHSS) and/or direct-sequence spread spectrum (DSSS) modulation. Due to 2.4GHZ being older, the chipsets have evolved around these modulation methods because of age.  When you compare 2.4GHZ to 5GHZ radios running OFDM, you start to see a significant difference.  In a nutshell, OFDM allows for higher throughput. If you want to read all about the differences in the protocols here ya go: http://www.answers.com/Q/Difference_between_ofdm_dsss_fhss

Secondly, is the amount of spectrum available.  More spectrum means more channels to use, which translates into a high chance of mitigating interference. This interference can be self-induced or from external sources. To use an analogy, the more rooms a building has, the more simultaneous conversations can happen without noise in 2.4GHZ we only have 3 non-overlapping channels at 20mhz. Remember the part about more and more customers wanting more bandwidth? In the wireless world, one of the ways to increase capacity on your APs is to increase the channel width. Once you increase 2.4 to 30 or 40 MHz, you do not have much room to deal with noise because your available channels have shrunk.

One of the biggest arguments in support of using 2.4GHZ for a WISP environment is the physics.  Lower frequencies penetrate trees and foliage better. As with anything, there is a tradeoff.  As the signal is absorbed, so is the available “air time” for transmission of data.  As the signal travels through stuff, the radios on both sides have to reduce their modulation rates to deal with the loss of signal.  Lower modulation rates mean lower throughput for customers.  This might be fine for customers who have no other choice.  This thinking is not a long term play.

With LTE especially, the traditional thinking is being uprooted.  Multiple streams to the customer as well as various paths for the signal due to antenna stacking are allowing radios to penetrate this same foliage just as well as a 2.4 signal, but delivering more bandwidth. These systems are becoming more and more carrier class.  As the internet evolves and becomes more and more critical, ISPs are having to step up their services.  The FCC  says the definition of broadband is at least 25 meg download. A 2.4 radio just can’t keep up in a WISP environment.  I am seeing 10 meg becoming the minimum customers want. Can you get by with smaller packages? Yes, but how long can you maintain that as the customer demand grows?

So what is the answer? Cell sizes are shrinking.  This is helping 2.4 hold on.  The less expensive radios can be deployed to less dense areas and still provide decent speeds to customers.  This same trend allows 5GHZ cells to be deployed as well. With less things to go through, 5GHZ can perform in modern networks at higher modulation rates.  Antenna manufacturers are also spending R&D to get the most out of their 5GHZ antennas. More money in the pipeline means stronger products. My clients are typically deploying 3.65 and 5GHZ on their towers.  LTE is changing RF WISP design and taking the place of 2.4 and 900.

Using 8.8.8.8 or local resolvers for ISPs

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $0.01 or more
Already a qualifying Patreon member? Refresh to access this content.

EVPNs: The answer to your MPLS issues

I had a good discussion with my Buddy JJ tonight on kind of the next step of network evolution for provider networks.  Many providers have evolved to MPLS networks with VPLS.  There are some inherent issues with this when it comes to things like bonding, MLAG, among other issues. Nothing is perfect, right?

So as we dive into What is EVPN I want you to know I am approaching this from a service provider standpoint. I also am no EVPN expert, but I am seeing it more and more as a solution to solve specific issues.  As a result, EVPN is sliding into a natural progression of the service provider network.

So what is EVPN?
There are folks much more versed on EVPN than I am. As a result, I will lean on some already written articles.
https://blog.ipspace.net/2018/05/what-is-evpn.html

https://www.cisco.com/c/en/us/products/ios-nx-os-software/ethernet-vpn.html#~stickynav=1

Components of EVPN
Now that you have a high-level overview of EVPN, what are some of the major components and features you should know? Let’s dive into that

Unified control plane.  EVPN can be used throughout your network.  You don’t have to use one stack for data center, one for metro to the data center, and yet another for connectivity between data centers. You can bring it all under one control roof so to speak.

EVPN, through BGP, marries the Layer 2 and Layer 3 layers together.  With MPLS everything is controlled at the layer3 level.  Now with EVPN Mac addresses become much more important. For example, Each EVPN MAC route announces the customer MAC address and the Ethernet segment associated with the port where the MAC was learned from and is associated MPLS label. This EVPN MPLS label is used later by remote PEs when sending traffic destined to the advertised MAC address. Pretty cool huh?

Image result for evpn service provider

As networks grow network engineers learn about things such as north-south traffic and east-west traffic.  Microsoft has a great article which explains this concept. https://blogs.technet.microsoft.com/tip_of_the_day/2016/06/29/tip-of-the-day-demystifying-software-defined-networking-terms-the-cloud-compass-sdn-data-flows/

East-West – East-West refers to traffic flows that occur between devices within a datacenter. During convergence for example, routers exchange table information to ensure they have the same information about the internetwork in which they operate. Another example are switches, which can exchange spanning-tree information to prevent network loops.

North | South – North- South refers to traffic flows into and out of the datacenter. Traffic entering the datacenter through perimeter network devices is said to be southbound. Traffic exiting via the perimeter network devices is said to be northbound.

So, if you are a growing Service provider look at EVPN.  In some upcoming articles, I will talk more about various components of EVPN and such.

 

Why every ISP should be deploying hAP Lite to customers

This was originally posted at:
https://www.mtin.net/blog/why-every-isp-should-be-deploying-hap-lite-to-customers/

So Mikrotik has a very cheap hAP Lite coming out.   This is a 4 port, 2.4 b/g/n router/access point which retails for $21.95. Baltic networks have pre-orders for $18.95.

Why should you deploy this little gem and how? We have found over the years routers account for more than half of the support issues. In some networks, this number is closer to 80-90%. Whether it be a substandard router, one without of date firmware, or poor placement by the customer.

Deployment of the hAP lite can be approached in one of two ways.  Both ways accomplish the same goal for the ISP. That goal is to have a device to test from that closely duplicates what the customer would see. Sure you can run tests from most modern wireless CPE, but it’s not the same as running tests m the customer side of the POE.

Many ISPs are offering a managed router service to their customers.  Some charge a nominal monthly fee, while others include it in the service.  This is a pretty straightforward thing.  The customer DMARC becomes the wireless router.  The ISP sets it up, does firmware updates, and generally takes care of it should there be issues.  The managed router can be an additional revenue stream in addition to providing a better customer experience.  Having a solid router that has been professionally set up by the ISP is a huge benefit to both the provider and the customer.  We will get into this a little later.

The second option lends itself better to a product such as an hAP lite. With the relatively cheap cost you can install one as a “modem” if the customer chooses their own router option.  The actual method of setup can vary depending on your network philosophy.  You can simply bridge all the ports together and pass the data through like a switch.  The only difference is you add a “management ip” to the bridge interface on your network. This way you can reach it.  Another popular method, especially if you are running PPPoE or other radius methods, is to make the “modem” the PPPoE client.  This removes some of the burdens from the wireless CPE onto something a little more powerful.   There are definite design considerations and cons for this setup.  We will go into those in a future article. But for now, let’s just assume the hAP is just a managed switch you can access.

So what are the benefits of adding one of these cheap devices?
-You can run pings and traceroutes from the device.  This is helpful if a customer says they can’t reach a certain web-site.
-Capacity is becoming a larger and larger issue in the connected home.  iPads, gaming consoles, TVs, and even appliances are all sharing bandwidth.  If you are managing the customer router you can see the number of connected devices and do things like Torch to see what they are doing. If a customer calls and says its slow, being able to tell them that little Billy is downloading 4 megs a second on a device called “Billy’s Xbox” can help a customer. It could also lead to an upsell.
-Wireless issues are another huge benefit.  If the customer bought their own router and stuck it in the basement and now their internet is slow you have a couple of tricks to troubleshoot without a truck roll.  If the hAP is in bridge mode simply enable the wireless, set up an SSID for the customer to test with and away you go.  This could uncover issues in the house, issues with their router, or it might even point to a problem on your side.
-Physical issues and ID10T errors can be quickly diagnosed.  If you can’t reach your device it’s either off or a cabling issue.  If you can reach the hAP and the port has errors it could be cabling or POE.

These are just a few benefits you can glean from sticking a $20 Mikrotik device on your customer side network. It becomes a troubleshooting tool, which makes it money back if it saves you a single truck roll. The implementation is not as important as having a tool closer to the customer.  There are several vendors you can order the hAP lite from.  Baltic Networks is close to me so they are my go-to.  http://www.balticnetworks.com/mikrotik-hap-lite-tc-2-4ghz-indoor-access-point-tower-case-built-in-1-5dbi-antenna.html .

This isn’t practical for business and Enterprise customers, but you should already be deploying a router that has these features anyway right?

Podcast: Quick troubleshooting for ISP networks

Been a little bit so I wanted to do a short talk about troubleshooting in ISP networks. I see too many folks waste a lot of time when they should be starting qt the lower levels of the OSI model and working up.

Helpful web-sites for ISPs Part 1

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $0.01 or more
Already a qualifying Patreon member? Refresh to access this content.

Corporate vs ISP networks for the ISP

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $0.01 or more
Already a qualifying Patreon member? Refresh to access this content.

j2 Briefing: FCC news, Microsoft whitespace, polls

The j2 Podcast for August 29, 2019

Microsoft is pushing it’s Whitespace product as a solution to the Digital divide. This has been branded “Airband”
https://www.multichannel.com/news/microsoft-brands-rural-divide-national-crisis

The FCC
The commission unanimously voted to distribute more than $20 billion of Universal Service Fund subsidies over the next decade as part of the Rural Digital Opportunity Fund. It also adopted a long-awaited proposal to get more detailed information from broadband providers about where they offer service in order to improve the agency’s coverage maps.  <let’s hope this revamps the form 477 reportin>

iOt is showing it’s age
Amazon is killing off the gimicky Dash buttons.
https://www.engadget.com/2019/08/01/amazon-dash-buttons/

Verizon turns up 5G

In the ever-changing 5g race Verizon turns up 5G in Atlanta, Detroit, Indianapolis, Washington DC

New poll says the Internet is more important than Air conditioning while on vacation
https://www.swnsdigital.com/2019/08/majority-of-americans-would-rather-give-up-air-conditioning-than-have-no-internet-on-vacation/

Mobile Users double since 2013
The percentage of respondents who said their primary online access devices is mobile has effectively doubled since 2013, and many of those are using mobile as a substitute, rather than a complement, to wired broadband service.
https://www.multichannel.com/news/pew-mobile-broadband-users-double-since-2013