router

Packets Down Range #6:OpenWifi, iOT, RDOF,CBRS

Welcome to issue #6 of Packets Down Range. The thing I am excited about lately is the 100 Gig passive mux by solid optics. One of the hats I wear is running an IX. We are always looking for ways to best utilize our dark fiber assets to increase data rates. Keep those tips and articles coming. I am working on the Patreon edition, and it will be released shortly.

Data Center News

•Are Data Centers pricing themselves out of the market? Rising energy costs, increases in cross-connect fees, and just general price raising are causing more folks to look at moving more things into the cloud.

Building an IoT backbone


Interconnection & Peering

•Hurricane Electric expands to DataBank DFW1.


ISP News
•According to Leichtman Research Group, Verizon and T-Mobile added 15x more subscribers in Q3 2022 than the top 7 cable providers in the US combined.

101 most innovative Texas wireless companies according to beststartuptexas.com.

•Crosstown Fiber extends its footprint in the greater Chicago area.
Crosstown’s underground network is designed for customers who need access to resilient fiber pathways. The company will target school systems, large corporations, hyperscalers and data center operators, small cell wireless carriers, content providers, and municipal and other government agencies.

California Internet (GeoLinks) and Shenandoah Cable Television are the latest to be authorized by the FCC for their RDOF-winning bids. People’s communications in Texas is the latest to default on their bids. The full article can be read here.


Podcasts & Events
Inside Towers Podcast

•Willie Howe has a video on routers vs. firewalls.

Ohio Linux Professionals conference December 2nd and 3rd.


Other Industry News
•ARIN releases a new version of its RSA.

•FCC to release updated broadband map on November 18th

NTIA releases plans for all that BEAD money

•Netflix is still winning the streaming wars…for now.

•Does CBRS fall short? This article claims it does.

•What does your office do for fun or unique awards for employees?

•META moves away from connectivity. Will OpenWiFi suffer because of it?


Advertise with Packets Down Range

Notable Equipment

•Solid optics releases a new 8 Channel OWDM mux. What does this mean for you? You can run 8 100 gig waves over a passive mux system up to 20km. Each channel is 400 GHz.

•Juniper announces ACX7024 Metro Router.

WIFI 7 routers are on the way.


Please consider becoming a sponsor by advertising or becoming a Patreon or donating any amount via Paypal for additional content. #packetsdownrange packetsdownrange.com

WIFI calling port forwarding

Recently I came across a need to do some port forwarding for wifi calling. I have assembled a resource guide to help you if you need to do such things. IPSEC should be allowed per RFC 5996 https://tools.ietf.org/html/rfc5996 for all wifi calling

Verizon
https://community.verizonwireless.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659
UDP ports 500 and 4500 open to sg.vzwfemto.com and wo.vzwwo.com

TMobile
https://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-network
IPv4 Address Block: 208.54.0.0/17 and 66.94.0.0/19:
UDP Ports 500 and 4500
5061 for SIP/TLS
TCP port 443 and 993
Also whitelist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36

AT&T
https://www.att.com/support/article/wireless/KM1114459/
UDP Ports 500 and 4500
TCP Port 143

Whitelist the following:

  • epdg.epc.att.net
  • sentitlement2.mobile.att.net
  • vvm.mobile.att.net

Sprint
UDP Ports 500 and 4500

Any of the above is subject to change.

CCR1016 BGP route pull down

This morning I had a Mikrotik CCR1016 where I had to change the router ID, which caused all the sessions to reset. The following is a screenshot of the time it took to re-learn all of the peers. Obviously, the smaller prefixes were learned pretty quickly. It took about 10 minutes to learn two full IPv4 route tables and about 5 minutes to learn the IPv6 routing tables.

This is why I always get full routes plus a default from the upstream when it warrants full routes. This way I can have slow convergence time like this and still have traffic flowing.

Ultimate DD-WRT router guide

An interesting post about DD-WRT crossed my inbox awhile back.  Like most interesting things I saved it to look at later.

Custom firmware, such as DD-WRT makes the process easier, and provides you with a lot of additional options as well; thereby turning a standard $100 router into a super router that is suitable for any home or office.

With this DD-WRT router guide you’ll be increasing your wireless range, data transfer rates, creating NAS solutions, setting up a VPN Service, and so much more in no time at all. Some of these, you can even implement without having DD-WRT.

Don’t have the time to read all of this today? I’d recommend at least reading the introduction so you can find out what this “DD-WRT” business is all about.

https://proprivacy.com/vpn/guides/dd-wrt

Guest Article:Routers can catch viruses

Our friends over at TechWarn have their take on routers vulnerable to virus attacks

https://www.expressvpn.com/blog/can-my-router-catch-a-virus/

Big price differences between routers are often confusing to consumers as, unlike with personal computers, the quality difference is not always obvious. As routers are normally tied to a physical location, it is also rather difficult to test their reliability in different environments, unlike with highly mobile laptops or smartphones.

Routers often do not receive updates, or updates have to be manually downloaded and applied — a cumbersome process that is not an attractive option to many non-tech-savvy users.

Routers are desirable targets for attackers as they sit at a very sensitive spot on a network — right at the edge. They are a centralized point and connected to every single device in the network. Routers read all of the data that each device sends to the Internet, and if these connections are unencrypted, the router could easily inject malicious scripts and links.

Route Server Diagram for an IX

Normally on a peering exchange, all connected parties will establish bilateral peering relationships with each other customer connected to the exchange. As the number of connected parties increases, it becomes increasingly more difficult to manage peering relationships with customers of the exchange.

However, by using route servers for peering relationships, the number of BGP sessions per router stays at two, if the IX has deployed redundant servers.

Why every ISP should be deploying hAP Lite to customers

This was originally posted at:
https://www.mtin.net/blog/why-every-isp-should-be-deploying-hap-lite-to-customers/

So Mikrotik has a very cheap hAP Lite coming out.   This is a 4 port, 2.4 b/g/n router/access point which retails for $21.95. Baltic networks have pre-orders for $18.95.

Why should you deploy this little gem and how? We have found over the years routers account for more than half of the support issues. In some networks, this number is closer to 80-90%. Whether it be a substandard router, one without of date firmware, or poor placement by the customer.

Deployment of the hAP lite can be approached in one of two ways.  Both ways accomplish the same goal for the ISP. That goal is to have a device to test from that closely duplicates what the customer would see. Sure you can run tests from most modern wireless CPE, but it’s not the same as running tests m the customer side of the POE.

Many ISPs are offering a managed router service to their customers.  Some charge a nominal monthly fee, while others include it in the service.  This is a pretty straightforward thing.  The customer DMARC becomes the wireless router.  The ISP sets it up, does firmware updates, and generally takes care of it should there be issues.  The managed router can be an additional revenue stream in addition to providing a better customer experience.  Having a solid router that has been professionally set up by the ISP is a huge benefit to both the provider and the customer.  We will get into this a little later.

The second option lends itself better to a product such as an hAP lite. With the relatively cheap cost you can install one as a “modem” if the customer chooses their own router option.  The actual method of setup can vary depending on your network philosophy.  You can simply bridge all the ports together and pass the data through like a switch.  The only difference is you add a “management ip” to the bridge interface on your network. This way you can reach it.  Another popular method, especially if you are running PPPoE or other radius methods, is to make the “modem” the PPPoE client.  This removes some of the burdens from the wireless CPE onto something a little more powerful.   There are definite design considerations and cons for this setup.  We will go into those in a future article. But for now, let’s just assume the hAP is just a managed switch you can access.

So what are the benefits of adding one of these cheap devices?
-You can run pings and traceroutes from the device.  This is helpful if a customer says they can’t reach a certain web-site.
-Capacity is becoming a larger and larger issue in the connected home.  iPads, gaming consoles, TVs, and even appliances are all sharing bandwidth.  If you are managing the customer router you can see the number of connected devices and do things like Torch to see what they are doing. If a customer calls and says its slow, being able to tell them that little Billy is downloading 4 megs a second on a device called “Billy’s Xbox” can help a customer. It could also lead to an upsell.
-Wireless issues are another huge benefit.  If the customer bought their own router and stuck it in the basement and now their internet is slow you have a couple of tricks to troubleshoot without a truck roll.  If the hAP is in bridge mode simply enable the wireless, set up an SSID for the customer to test with and away you go.  This could uncover issues in the house, issues with their router, or it might even point to a problem on your side.
-Physical issues and ID10T errors can be quickly diagnosed.  If you can’t reach your device it’s either off or a cabling issue.  If you can reach the hAP and the port has errors it could be cabling or POE.

These are just a few benefits you can glean from sticking a $20 Mikrotik device on your customer side network. It becomes a troubleshooting tool, which makes it money back if it saves you a single truck roll. The implementation is not as important as having a tool closer to the customer.  There are several vendors you can order the hAP lite from.  Baltic Networks is close to me so they are my go-to.  http://www.balticnetworks.com/mikrotik-hap-lite-tc-2-4ghz-indoor-access-point-tower-case-built-in-1-5dbi-antenna.html .

This isn’t practical for business and Enterprise customers, but you should already be deploying a router that has these features anyway right?