UBNT Unifi upgrade issues

Recently my best friend installed some unifi access points in his home.  We had ordered a 60W unifi switch, a couple of AP-LR, and a couple of AC-Lites.  These were ordered and sat for several months until we could get around to installing them.  Upon installation, the AC Lites were adopted and had to go through the normal upgrades to bring them up to the latest version.

However, the AP-LRs were used and had very old firmware on them and would not upgrade properly. They would adopt but not upgrade.  We fixed this in the following ways.
1. We Factory reset the APs. At this point, they grabbed DHCP from the local network. Quick ssh into the AP verified it had internet connectivity.

2. I was able to find some old firmware on the UBNT web-site.  We issued the following command to each LR AP

upgrade http://dl.ubnt.com/unifi/firmware/BZ2/3.7.58.6385/BZ.ar7240.v3.7.58.6385.170508.0942.bin

the “HTTP” is important to note.  If you copy the link directly from the UBNT website it has https in it.  The older firmware blows an error due to invalid certs (fixed in newer versions).

Once it came back we were able to upgrade from the controller.

AirFiber 4.10 is out

Important notes
  • Please update far end of a link before the near end
  • Please refresh browser cache when logging into a v4.1.0 unit for the first time
  • UNMS cannot upgrade airFiber firmware loaded with pre-beta8 firmware (i.e. -beta7, etc.)
  • If you are upgrading from pre-v4.0 software, your password (after upgrade) will be the first 8 characters of your pre v4.0 password. If you chose to downgrade, please ensure that your password is no longer than 8 characters or you will be locked out of your unit.
Features
  • Added additional modulation rates (3x, 5x, 7x, 9x, 11x)
  • Improved throughput capacity (improved modulation performance)
  • Added support for UNMS
  • Added telemetry reporting (optional)
  • Changes to support Apple SSL certificate location rules
  • Updated default https certificates validity for 18 years
  • Added Paraguay and Swaziland country codes
  • Telnet Server port number now displayed on Services tab when using default number (23)
  • Added alert box when Receive Target Power is enabled
  • Build number now shown in system tab
  • Firmware version now displayed with product ID (i.e AF11 vs AF09)
  • Assorted web changes to colors, initial login screens, updated EULA
Improvements
  • Manual browser refresh not required when upgrading FROM 4.1.0
  • Updated SNMP MIB
Bugfixes
  • Detect and recover from OTA management traffic lockup
  • Detect and recover from user traffic lockup
  • Fixed issue where capacity graph showed 2x capacity when there was no GPS signal at the timing master
  • Fixed issue where GPS process would use 100% of the CPU
  • Fixed issue where RF link would repeatedly reset if Ethernet port was disabled
  • Addressed issue with moving (jittery) labels around signal strength graph
  • Corrected conducted power reading when using Receive Target Power
  • Fixed issue with Carrier Drop Operation where unit would not come back if Block Data After Pulse was enabled
  • Fixed issue where disabling Management VLAN after upgrade from pre v4.0 could corrupt networking configuration
  • Fixed SNMP reporting of frequency (SNMP now reports frequencies in MHz)
  • Fixed Static IP gateway address usage (was ignored if configured with v4.0.x)
  • Fixed GUI issue where deleting link name and pasting in a replacement would not work
Known issues
  • If you are upgrading from pre-v4.0 software, your password (after upgrade) will be the first 8 characters of your pre v4.0 password. If you chose to downgrade, please ensure that your password is no longer than 8 characters or you will be locked out of your unit.

Official Page and Download links here

Compliance Test for LTU and AC gear

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

Capacity of a UBNT AP vs the number of clients

Note: I am in the process of updating this for AC based radios. This was published in 2014, but much is still relevant.

Almost all the time I get asked: “How many clients can an AP handle?” . My answer is always a very long and drawn out one. There is no set in stone answer. There are many factors which can affect this. I will go into some of these and then explain how to calculate this.

Some things that we will assume.
1.You are calculating on an 802.11N Ap with some kind of polling (TDMA, NSTREME, AIRMAX, etc)
2.You know the MCS values and/or data rates at channel widths.
3.When I say in an ideal situation I mean basically in the lab. This is our baseline. This means no outside noise, everything is working properly, and all the connected clients are excellent.

Before I get into what affects how many clients can an AP handle we need to shift our thinking a little. We don’t think in terms of how many clients can an AP handle. We need to think in terms of how much capacity an AP has. This is very important to think in these terms. If you do so things will become more clear and more quantifiable.

So now, on to what affects the total capacity of an AP.

1.The channel width. In and ideal situation you will get more Capacity out of a 20 mhz channel than you will a 10mhz channel.
2.Noise. In the real world you will have interference. If you have interference the noise floor drops, customer signals can’t reach maximum modulation, and there are retransmits.
3.Plain old signal. Things such as trees, distance, fresnel zone, and antenna gain all affect signal
4.The speed you are giving to each customer.
5.Overselling. The concept of overselling has been around since the dial-up days. You are betting your customers are not all online at the same exact time doing the exact same stuff. So you can oversell your capacity. I will explain this a little more in a bit how this factors in.

Okay, so let’s dive into this. I am going to use a Ubiquity Rocket M5 as an example. Again, this can be applied to any polling type N radio.

Say we have a Rocket M5. At a 20MHZ channel the best modulation this M5 will do is MCS 15 at 130 Megs of over the air. What do you mean Over the Air? Well there is a difference between actual throughput and the Wireless Data Rate (aka over the air). Your actual throughput/capacity will be 1/2 of the over the air rate minus a little for overhead. I factor in 10% overhead for easy figuring.

Back to our figuring. You have 130 megs of capacity on your AP in an ideal situation on a 20 mhz channel. If we do our math:
130 / 2 = 65 Megs of Capacity to sell on the AP.
Now here comes the overselling part.
If we oversell at a 2:1 ratio we have 130 Megs of capacity on the AP.
If we oversell at a 3:1 ratio we have 195 megs of capacity on the AP.

We can do higher ratios, but it starts to become a moving target. With the spread of Netflix, Youtube, Hulu, and other streaming services the average customer is sucking down more and more bandwidth for longer periods of time. Think of a restaurant with so many tables. If your customers are staying longer and longer, you don’t have as much seating capacity to turn over for new people to sit down and consume your food. This is for another blog post.

So, let’s say we are overselling at 3:1. We have 195 megs of capacity. We now need to think about what packages we are selling to our customers. If they are all say 5 meg packages, this means we can safely sell 39 connections to the AP. 195 / 5 = 39. You can figure up the math if you have 3 Meg, 10 meg, or a mixture.

Now to the real world (aka why do my customers hate me and my AP sucks?).

The following is a real AP in the wild.  Blacked out to protect the innocent from script kiddies.

ubnt-main-screen
Couple of things to Note (circled in Red).

20 MHZ Channel
Capacity at 45% . This is more important than anything, even CCQ.
43 clients associated.

Let’s apply our math we learned earlier. We know a 20 mhz channel nets us MCS15 – 130 Megs

Here is the kicker.  Our capacity is at 45%.  This means we only have 45% of 130 megs of Over the air capacity.  Take this in half (130 / 2= 65   45% of 65 = 29.25.
This means all 43 of these customers are sharing 29 megs of capacity on the AP.  And the quality isn’t the greatest (37%).  So this means there are retransmissions going on between the client and the AP. The client can’t talk as fast as it is capable of in most cases. This means you can’t oversell the AP as much due to the quality of the signals being poor.  It is important to note I am talking about the quality and capacity of the signals, not signal strengths.

If those 43 people are all paying for, let’s say, 2 Megs download.  That means your AP needs to support a minimum of 86 megs. Thats without overselling.  We only have 29 megs in the current state!

We need to get those capacity numbers up.  How do we do that?

1. Channel selection. A noisy channel will drag everyone down.

2. Antenna gain.  This can be done at both the client and the AP.  A higher gain or better quality antenna can cause the clients to “hear” better.  You might not get an increase in signal strengths, but you are looking for an increase in quality. I use a loudspeaker metaphor.  You can hear a loudspeaker from a far distance, but you might not always be able to make out what is being said.  If you can somehow make out what is being said more clearly, then you don’t have to have the speaker turn up the volume.

3. Shielding. This helps eliminate the amount of stuff a client or AP hears.

4. Channel Width.  Sometimes dropping the channel width down can increase signals, thus raising the overall capacity.  Keep in mind it will lessen the overall capacity of the AP.

5.Simply getting rid of customers that shouldn’t be installed.  We have all done installs that were iffy.  These can drag down the overall capacity.

I hope this has helped understand.  The biggest thing I want you all to take away from this is think in terms of the amount of capacity you have to sell, not the number of connections.

Ubiquiti launches Speedtest Server/network

https://blog.ui.com/2019/08/13/ubiquiti-launches-a-speed-test-network/

Ubiquiti launches the Ubiquiti Speedtest, the first public test network integrated with enterprise network equipment. Ubiquiti Speedtest comprises a network of test servers and built-in speed test capabilities. Reports include uplink/downlink throughput and latency. Sharing the results is easy via email or social media.

It appears you can run this on a Ubuntu server or VM. They have an installer and a docker image.   You can do browser-based speed tests or their WiFiman App.

Tests may run over LAN, Wi-Fi, or mobile networks. Ubiquiti Speedtest uses Ubiquiti test endpoints and provides automated and manual test target selection. The automated selection uses a combination of geolocation and latency measurements for determining the best servers. The algorithm may use several parallel endpoints for the best measurement accuracy.

Preseem releases access point paper

https://www.preseem.com/2019/06/wireless-access-point-market-insights/

Unlike spec sheets from manufacturers, Preseem collects real-world data from access points in all kinds of deployments and analyzes statistics at a top level to offer valuable insights. So, as part of our Fixed Wireless Network Report, we calculated wireless access point market insights on market share, connected subscriber count, performance on QoE metrics like latency and much more…

Ubiquiti vs Cambium – The legal battle

The Recently, it was announced that Ubiquiti Networks Inc (UBNT) is suing Cambium over the Cambium Elevate.   This will be a long post, so sit back with your favorite beverage and read away.

Disclaimers. I have been in the ISP world since 1991. I cut my teeth on BBS systems and moved onto dial-up. I am also an independent Cambium certified consultant.  Read about the consultant program here... I also have clients who run a wide variety of UBNT products, and the last ISP we sold was 90 percent UBNT. We run some UBNT routers in MidWest-IX as well.  My father was an attorney for over 40 years. I grew up around attorneys, have regular conversations with friends who are attorneys, and was learning about the law from the time I was 10. Having said that, I am not an attorney. Nothing in here should be construed as an official legal opinion.

So let’s get some background on what has transpired with Cambium and their elevate software. Cambium came up with a way to load their software onto select UBNT wireless units and, after a reboot, had the cambium EPMP software active on them.

Why did this work?
UBNT Airmax radios use U-Boot loader. If you want to read all about it you can read the references at the bottom of this article under References. The thing to know is it is released under the GNU General Public License.

UBNT and Cambium EPMP both use “commodity” wifi chipsets.  This keeps the cost down and the software becomes the majority of the “special sauce” that makes them different.   This is in contrast to the UBNT Airfiber and Cambium 450 lines. These use custom made chipsets. This is is one reason those lines are more expensive.

By using an open source bootloader and commodity hardware Cambium was able to figure out how to load their own software onto the UBNT devices.   UBNT countered with modifying the bootloader to accept only signed software images. The only images that were recognized were ones signed by UBNT.  If you are interested in learning more about signed software go here: https://www.quora.com/What-does-signed-firmware-means

Cambium came up with instructions on how to downgrade and by-pass the ability to only load signed firmware onto the device.  The method I am aware of is downgrading the installed UBNT firmware to a certain version.

All in all the Elevate process turned the UBNT hardware into a device running Cambium’s software.

The gray areas aka this is why we have attorneys
There are several arguable points in this lawsuit.  If you want to read articles on the Lawsuit
https://www.law360.com/articles/1071813/wireless-co-ubiquiti-says-rival-sells-hacking-firmware

Debate #1 – The Hardware
The term Software Defined Radio (SDR) has been around for quite some time now.  Basically, this is a radio with very little RF elements to it.  Ham radio has been using SDRs for quite some time now.  The idea is the manufacturer uses off the shelf components to build a single radio which can do various functions depending on what software is loaded.  It also allows features in the chipset to be activated and licensed should the programmer want to support them.  It’s interesting to note Wireless is not the only place this is happening. Software Defined Networking (SDN) is a growing thing, as well as a plethora of devices. A PC could be considered a software-defined device.  More on that later.

So an argument could be made the UBNT devices are a software defined radio.  they did not use custom chips.  They most certainly have a proprietary board layout, but that is not a criterion in an SDR. So if a customer buys a piece of hardware, should they be able to load whatever software they want on it?

An argument saying yes they should can be pulled from many areas.  This Verge Article (more in the reference at the bottom) says the Government ended the debate in 2015 giving consumers the ability to Jailbreak their phones and devices without legal penalties.  Before that is was briefly illegal to “Jailbreak” your phone.   This was mainly lead by Apple. The government said it was fair use to Jailbreak, but not carrier unlock your phone without permission.

Apple also went through this briefly when they switched to Intel processor chips.  People were figuring out ways to load Apple OSX onto Dells, HP, and other “PCs”. The debate was whether this was legal or not. The following article sums up why these “hackintosh” computers were shut down. By clicking on the “Agree” of the End User License Agreement (EULA) before installing OSX you agree to a great number of things.   The short of it was the user license of OSX says you can not install this on non-apple hardware.  However, it says nothing about installing non-Apple Operating systems on the hardware.  Apple knows it is commodity hardware.  If you want to buy a 2000 mac and put windows 10 on it, go ahead.  They even help you with an option called Bootcamp.

Our last example is the Linksys WRT54G and DD-WRT and its variants.  A quick history of the DD-WRT Controversy doesn’t revolve much around the loading of the software onto Linksys hardware, it involves the use of the GPL license by DD-WRT. There were some FCC concerns, but we will talk about those later.

So the questions to be argued for this point:
Q1.Is the UBNT device a software-defined Radio?
2. Does the user have the legal ability to load whatever software they want to on hardware they own?

Debate #2 – Was the UBNT firmware “hacked” as they allege?
There are lots of unknowns here.  Attorneys try to prove intent in arguments like this.
Did Cambium somehow reverse engineer the UBNT software, thus violating copyright laws?  At what point is the line crossed? Since UBNT used a bootloader free to everyone, was the simple act of loading new software onto the units a hack? From what I know, and I am not a programmer, is Cambium used the bootloader to overwrite the UBNT software and install their own.  How is this any different than installing Linux on a Dell PC? Computers have a bootloader called a BIOS. On a Wireless radio, where does the bootloader stop and the software start? To me, these are clearly defined. Bootloader and Image file.

If you boot up the UBNT unit out of the box without agreeing to the EULA have you violated the EULA? Can you be penalized for loading software onto a device you never had the opportunity to see and agree to anything? Did the simple act of taking it out of a box and booting it up via TFTP cause you to agree to something?

In a Brothers Wisp video on this topic, Justin Miller mentions some arguments on why this can be allowed.

Debate 3 – Did Cambium violate FCC rules?
If we believe the user has the ability to load software onto units they own it is the user, as well who developed the software to go on the device, to follow all laws then it is not up to UBNT to police this.  This is the job of the FCC, provided it is agreed that once the user buys the hardware it is theirs.  For this specific case, UBNT claims Cambium is violated allowed power limits by loading their software onto the UBNT device.   Also, is the new device an FCC certified system? Most likely not unless it is resubmitted to the FCC for testing, and any labels removed and new ones added.  However, this is not up to UBNT to enforce this. This is the job of the FCC.

Is UBNT being a steward of the community to bring this to the attention of the FCC, thus saving UBNT from possible issues with the FCC? Maybe, but why not bring suit against any of these others?
Bitlomat
DD-WRT
HamNet

It’s interesting to note this page on HamNet

I am not a telecom attorney and I do not know the ins and outs.  From what little I know of being in the industry you have to have an FCC certified system with proper identification stickers.  I remember when UBNT had to send out stickers for units several years ago for DFS certification.  You were supposed to put them on all your upgraded radios to be compliant. By changing the software did Cambium no longer make it a certified system? Or, because they use the same chipset is it still legal in the eyes of the FCC?

Debate 4 – Collusion and the end user
This is the biggest bombshell out of this whole ordeal and actually makes my blood boil.  UBNT is suing Cambium of course.  They are also suing a distributor and an end-user ISP.   Cambium I can understand. UBNT is trying to protect their intellectual property and believe it was violated.  They have every right to do so.

The distributor I can understand the argument.  The distributor allegedly participated in distributing the “hacked” software. Not saying it’s right or wrong, but I can see why there would be the argument.

The most disturbing part of this an end-user ISP is named in the lawsuit.  UBNT is suing a customer who was using the UBNT product and then decided to switch to a competitors product.  In the case of elevate, the end-user ISP loaded the software onto their existing hardware.  If we go along with the idea of you own the hardware, UBNT is suing a customer who bought their hardware and loaded the elevate software on it.  This would be like Dell suing a school corporation for loading Linux onto new PCs they bought.

Many of the arguments you read are about you don’t own the software.  If you buy the hardware, and it has a GPL licensed bootloader and load your own software onto the device, what laws have you violated?

Imagine this scenario.  A user opens up a UBNT radio they bought.  They see it uses an Atheros chipset, like many other radios.  They write some code to talk to the hardware, all without ever looking at the software that came on the radio, boot up the unit via TFTP and load their own compiled image onto the hardware.  All the while they never have seen the UBNT software.  Did they violate any laws or user agreements?

This case and some others will help define who owns the hardware.  We know the company, in this case, UBNT, owns the software.  You have no legal standing to de-compile their intellectual property. That is cut and dry.  What isn’t, is if they are using the same hardware everyone else, the same bootloader, is that considered proprietary? If not, and you overwrite their software were you allowed to because you own the hardware. Is the GPL bootloader considered proprietary?  If we apply the analogy the bootloader is the same as the BIOS in the PC, no it is not proprietary.  The BIOS debate has already been solved in court. Many of the PC debates have been loading a company’s software onto other hardware, such as Apple Hackintosh Computers and not the other way around, such as this case. As we talked in point 1, in the PC world, Apple even gives you the tools to install other Operating systems.

If UBNT sticks code in that says the bootloader only recognizes signed images is that “hacking” to put your own software on? Is this any different than Jailbreaking an Iphone?

So what does this all mean?
Going forward I believe we will see EULA and licensing agreements change.  The hardware from a manufacturer will still be the property of the manufacturer, much like John Deere software.

The definition of what you own and have access to will change.

Proprietary bootloaders will take the place of Open Source bootloaders.

There will be a rise in manufacturers who make white box radios.  Will there be a long-term solution? Only time will tell.  We are seeing this trend in software-defined networking.

We will see more NDAs to end users about products.  I believe we will see fewer case studies on newer products.  End users will definitely be more tight-lipped about what they are doing.

So it will be interesting to see how this all plays out.  Will there be enough precedent in the hardware world to squash some of this? Or does UBNT have a case? Obviously, UBNT has a responsibility to their shareholders to vigorously defend their Intellectual property.  This case will help define where the commodity/open source items stop and where the intellectual property starts.

Where does this leave distributors? Do they want to continue carrying the Elevate product? Do they want to cut relationships with a manufacturer who has sued one of their own? The same goes for the end-user community.  Do WISPs want to do business with a company that could potentially sue them for using and talking about a competitor’s product? Do the end users own the hardware they buy? If so, how much freedom do they have? If you don’t own the product, imagine the accounting ramifications.

References
https://motherboard.vice.com/en_us/article/xykkkd/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware

https://wiki.openwrt.org/toh/ubiquiti/airmaxm

https://www.wired.com/2015/04/dmca-ownership-john-deere/

https://www.wired.com/2010/07/feds-ok-iphone-jailbreaking/
Feds okay iPhone Jailbreaking

https://superuser.com/questions/424892/is-bios-considered-an-os
Is the Bios an Operating System?

https://www.chromium.org/chromium-os
Google Chromium OS

 

This was originally published at http://www.mtin.net/blog/ubnt-vs-cambium/