Interesting topic on discontinued gear

So an interesting topic came up on Facebook tonight that got me to thinking. As WISPs grow and evolve, what are your thoughts on hoarding gear you have been using for years when it becomes discontinued? We will examine some ideas as to why this isn’t necessarily all a technical problem. It’s also a philosophical thing with the WISP owner/management.

First off let us examine the whys you would hoard equipment. One big reason is that you have a significant investment in the gear you are using.  This gear has been proven to work, and you have deployed large amounts of it. As a company grows, the ability to introduce new gear into things facing the customer becomes a slower process. To use the analogy, the larger the company grows, the slower the ship turns.

Another reason is the amount of capital needed to migrate to new gear.  Many times when a product line gets discontinued, there is no clear replacement for it. The Facebook post which brought up this post involved the Mikrotik NetMetal 9s.  These are now discontinued by Mikrotik and have no replacement.  If a WISP were to migrate to something else there would be a significant cost in new access points, but more costly, would-be customer CPE. “But just put up the new gear alongside the old and migrate customers over,” you say. This brings us to the next point.

Frequency plays a big role in any migration path. In a perfect world, everyone has open channels and there is no interference. However, that is hardly the case in many scenarios.  This scenario is especially true of 900mhz.  You only have 902-928 MHz to deal with in the US FCC realm.  At 20 MHz wide this is only one non-overlapping channel.   If you put up another access point on 900mhz on top of your existing you will be interfering with yourself. Besides, the frequency may be the reason you are able to reach customers.

Finally, the pros of hoarding equipment are the soft costs of upgrading. Training, engineering, customer service, and possible re-work of some installs can add to the overall cost.  Anyone who has had to change the pins on a reverse polarity Subscriber Module knows the pain I am talking about.

The Cons

The biggest trap I see operators fall into is they horde equipment and then forget about i.  They have spares on the shelves, and enough to service customers. They fool themselves into a false sense of security and kind of wait for something to fall into their laps.  Then, it seems all of a sudden, something happens, and they are scrambling for a solution.  Sometimes this is a software update current equipment gets, but the older stuff does not. This could be some critical security vulnerability or new code to interface with a new system.  Either way, this equipment is stranded on a software island.

Next up is hardware failure.  As equipment gets old it, is more prone to failure.  A WISP may find their reserves depleted after a weekend of storms or bad luck. What may have been plentiful supplies a month ago is now an issue.

Lastly, the performance of the equipment is a big issue.  In today’s bandwidth-hungry consumer ISP radios are needing to perform better and deliver more bandwidth to the customer. Sometimes a manufacturer discontinues a product because they see the limitations of the band or the equipment. Sometimes the manufacturer sees operators are moving on to other ways of doing things. This could be newer frequencies or data algorithms. Usually, it boils down to the equipment was too expensive to make or wasn’t selling well enough.

So whats a WISP to do?

The number one thing a WISP needs to do is not fall into a rut of doing the same old same old for too long when it comes to equipment.  What worked five years ago, may work okay today, but will it work two years from now? Always have a strategy to dump your equipment if need be for something better.  Whether that strategy makes business sense is a different question. Sometimes the approach is to have money in the bank for when the right equipment comes along. Until then, it’s business as usual. Don’t let yourself keep saying you will figure it out tomorrow.

I believe that WISPs should have three lines of thinking.

  1. What am I doing in the immediate future to run my business?
  2. What am I doing in the next 18 months to keep my business competitive?
  3. What am I doing in the next 24-36 months to grow and keep up with customer demand?

If you have strategies for each of these then hoarding equipment is no big deal.  You have plans in place. Just don’t let yourself fall into a false sense of security. Always be learning about new rules, technologies, equipment, and methods.  As your business grows you can delegate this to others, so you don’t have to be in the thick of it and can concentrate on your business.  If you are that “techie” who is doing all of this, keep an open mind.  Don’t be the typical I.T. guy stuck in your ways. None of this is saying hoarding discontinued gear is wrong, just have a strategy.

#packetsdownrange

 

My 3rd WordPress speedup tip

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at "Patrons Only" or higher tier

Another WordPress speedup tip

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at "Patrons Only" or higher tier

Mikrotik 6.45.2 is out

What’s new in 6.45.2 (2019-Jul-17 10:04):

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

*) bonding – fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud – properly stop “time-zone-autodetect” after disable;
*) interface – fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec – added “connection-mark” parameter for mode-config initiator;
*) ipsec – allow peer argument only for “encrypt” policies (introduced in v6.45);
*) ipsec – fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec – improved stability for peer initialization (introduced in v6.45);
*) ipsec – show warning for policies with “unknown” peer;
*) ospf – fixed possible busy loop condition when accessing OSPF LSAs;
*) profile – added “internet-detect” process classificator;
*) radius – fixed “User-Password” encoding (introduced in v6.45);
*) ssh – do not enable “none-crypto” if “strong-crypto” is enabled on upgrade (introduced in v6.45);
*) ssh – fixed executed command output printing (introduced in v6.45);
*) supout – fixed supout file generation outside of internal storage with insufficient space;
*) upgrade – fixed “auto-upgrade” to use new style authentication (introduced in v6.45);
*) vlan – fixed “slave” flag for non-running interfaces (introduced in v6.45);
*) wireless – improved 802.11ac stability for all ARM devices with wireless;
*) wireless – improved range selection when distance set to “dynamic”;

RouterOS 6.45.1 Out – Security Fixes

Mikrotik has released RouterOS 6.45.1 with some security vulnerability fixes.  Some of these have been known and fixed before, while others are new fixes

MAJOR CHANGES IN v6.45.1:
———————-
!) dot1x – added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 – added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security – fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security – fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security – fixed vulnerability CVE-2019-13074;
!) user – removed insecure password storage;

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.

Some notes on the security Fixes
CVE-2018-1157
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.

CVE-2018-1158
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.

CVE-2019-11477/11478
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

CVE-2019-13074
This has been reserved and not been made widely public yet. Although a CVE ID may have been assigned by either CVE or a CAN, it will not be available in the NVD if it has a status of RESERVED by CVE.  This is traditionally done to give the vendor, in this case, Mikrotik and possibly others, a chance to fix this before the exploit is released to the general public.

Rest of the Changelog available at https://www.mikrotik.com/download

ePMP tip of the day

http://community.cambiumnetworks.com/t5/ePMP-FAQ/How-does-the-GPS-Sync-Radio-utilize-the-Active-and-Inactive/m-p/82855#M143

ePMP GPS Sync Radio devices that have an onboard GPS contain two banks of flash memory which each contain a version of software.

The version of software last installed onto the device flash memory (using software upgrade procedures) is configured in the Active Bank. This software will be used by the device when the device is rebooted.