Skip to content
Jul 21 / thebrotherswisp

TheBrothersWISP 18 – GPON, GAON, AirFiber, New Mikrotik, New Ubiquiti, Mimosa

It’s been ages since we’ve gotten together, but we had a pretty good showing. Greg Sowell, Tom Smyth, Justin Miller, Mike Hammet, and JJ Boyd talk shop.

Some of the things discussed:
airFiber/New Ubiquiti Gear
New Mikrotik gear – Thanks for assembling everything Andrew Cox!
New Mimosa gear
Observium monitoring tools
Cacti monitoring tools
A little about IPTV and content rights.

Click here to view the post!

May 25 / Greg

Settlers of Catan: Why I Can’t Game

Over the weekend I was at a work function with several of my fellow employees. We ended up playing a board game called Settlers of Catan. I was being very resistant to playing it at first. I mean, I like playing Trivial Pursuit and Pictionary, but these long involved strategy games just don’t do it for me…but why is that?

I started to think about on a run this morning. I know I used to like strategy games like Warcraft and Command and Conquer, but they hold little interest for me know. I think I hit on the answer at about mile 3. I live in a strategy game…only with much higher stakes. The balance of networking that I do on a daily basis if done wrong could cost thousands, tens of thousands, or even hundreds of thousands in damages if done wrong. That and my employment would be in question as well as the future long-term stability of my family’s well being. Beyond that we work with dangerous equipment on a semi-regular basis.

When comparing a few brick cards or lumber, how can a serious board game compare? I suppose that’s why I just stick with the trivia and drawing dumb picture games…keeps life light. Oh, and BTW, I won Catan…like a boss!

May 16 / Greg

Mikrotik V6.13 Released

What’s new in 6.13

*) console – comments are now accepted where new command can start, that is,
where ‘/’ or ‘:’ characters can be used to start new command, e.g.
/interface { # comment until the end of the line
*) backup – backups by default are encrypted now (with user password).
To use backup on older versions, you should disable encryption with dont-encrypt
flag when creating it;
I’m assuming this means those sites that will decrypt your passwords won’t work any more.
*) files with ‘.sensitive.’ in the filename require ‘sensitive’
permission to manipulate;
*) lcd – reduce CPU usage when displaying static screens;
*) l2tp – fixed occasional server lockup;
*) pptp – fixed memory leak;
*) sstp – fixed crashes;
Nice fix on the leaks and crashes. I was thinking of trying out an SSTP concentrator ;)

Apr 30 / Greg

How To Setup A Backup Radius Manager Install

Radius Manager is a product from DMA softlabs that acts as a radius authentication system for your wireless or hotspot clients. I personally use it for my hotspot clients in Mikrotik.

The point of this article is to show you how to add some redundancy to your configuration. The software is licensed via a MAC address on one of your server’s NICs. I think for the price of the software is great, so I would never advocate a method to circumvent licensing. What I’m showing you how to do is simply setup a backup box for authentication, not administration. When you duplicate the server as shown below the web GUI is no longer available…the box is only good for authentication; it will keep your clients working while you get the main box going again.

Step one is to have a valid, licensed, working build.

I, as most of you, installed my server on VMWare as a virtual guest. Duplicate your guest VM and move it to another VMWare host. The easiest way to do this is to browse your datastore, highlight the files, copy them, then create a new folder on the target VMWare host, and paste the files.

Start your newly duplicated VM and tell the system you copied it.

Edit your interface configuration in the server and give it a new IP address.

Edit the system hostname:
/etc/sysconfig/network Set hostname= to your new hostname.
/etc/hosts Set your hostname correctly to the new IP.
Use the hostname command from the cli to set your new hostname


Edit the raddb client file to allow all clients to connect. When you use radius manager and add a new NAS, it manually updates the raddb client file, then restarts the radiusd service. Since radius manager isn’t running on your duplicated server you either need to manually update the config file with each NAS update or put a catchall client in the list.

client {
	secret		= SharedBackupPassword
	shortname	= BackupClients

Now that this is done, clients can technically authenticate off of this box…once you add additional radius servers to your hotspot that is. One thing…there is no replication between the master radius box and this backup, so everything is stale. Let’s fix that!

First allow TCP 3306 in the input chain firewall on both of your servers.

Configure MySQL replication:
On the master server:
Edit /etc/my.cnf and add the following to the [mysqld] section:


Restart the mysql service:

service mysqld restart

Create a replication user from the mysql CLI:

CREATE USER 'replication'@'' IDENTIFIED BY 'slavepass';
GRANT REPLICATION SLAVE ON *.* TO 'replication'@'';

From the mysql CLI issue “SHOW MASTER STATUS;” and record the “file” and “position”.

On the slave server:
Edit /etc/my.cnf and add the following to the [mysqld] section:


From the mysql CLI issue:


From the same CLI issue:

slave start;

You can verify replication status via the CLI with:

show slave status\G

The easiest thing to do now is to reboot your secondary server.

Any changes you make to Radius Manager on the primary box should automatically replicate to our new backup box. If for some reason your primary box fails, clients can still authenticate off of your secondary box until you can stand the primary back up.

Thanks and happy routing guys.

Apr 28 / Greg

Cisco BGP Prepend All Routes – The Lazy Way

One man’s lazy is another man’s efficient. I’m the most efficient guy you know :P

Prepending is adding your AS number to BGP NLRI multiple times to make a set of routes look further away and thus less preferred.

Without Prepending:

Router# show ip bgp
BGP routing table entry for, version 555663701
  65001 4323 15169, (received & used)

With Prepending:

Router# show ip bgp
BGP routing table entry for, version 555663701
  65001 65001 65001 4323 15169, (received & used)

As you can see, in the second entry with prepending the AS distance to the route was 2 AS hops further away, and thus less preferred.

Say for example a customer wants you to prepend every route to them. The customer could just adjust local preference on their side, but if they aren’t comfortable with that, you can do the adjustment to prepending for them.

First, we create a route map that will do the prepending:

route-map bgp->prepend permit 10 !create the map
 description :: Prepend 2 times to routes !always add a description ALWAYS
 set as-path prepend 65001 65001 !add the prepending command

Normally on a route-map statement you are required to use a “match” command. In the match command you will use something like an access-list or a prefix-list to specify which NLRI to act upon. In our case we wanted to act on everything. If you simply omit the match statement it uses an implicit “any”, and will capture everything.

We then add the route-map to the neighbor:

router bgp 65001 !enter your BGP process
 address-family ipv4 !enter the v4 address family
 neighbor route-map bgp->prepend out !assign our new route-map to the peer outgoing
exit !get back to config mode
exit !get back to enable mode
clear ip bgp soft out !do a soft clear on the peer to send the new prepending towards the

That’s just about as few lines as you can use to prepend everything. I like using route-maps like this because if later on down the road I want to adjust them again, I just add an incremented statement :)

Apr 10 / Greg

Broadband Communities Summit Day 2

FTTX Hardware

Greenfield install = “Brand new” building. Easier install as you can drop cabling before the walls go up.
Brownfield install = “Existing structure”. Harder/more costly to retrofit.
Some things that may be tricky with condos are that each unit is owned property, so there are legal concerns with running through/around.
No such thing as “cookie cutter” in the MDU market.
Know legal access laws.
Know aesthetic expectations.

New Advancements all the time:
New hardware.
New transmission techniques.

GPON = Gigabit Passive Optical Network.
GPON is 2.4Gb down and 1.2Gb up.
GPON is a shared medium – usually around 32 users per port.
Some ONTs can do active or passive. Active is ethernet(you have to insert an SFP), and you will also have symmetric, dedicated speeds per user.

Apr 9 / Greg

Broadband Communities Summit Day 1

Internet Only Providers

This session was how internet only providers can differentiate themselves.

  • MDUs further out via wireless are interesting opportunities.
  • Older MDUs can be serviced via wifi (they aren’t willing to wire the MDU) – One guy says “Ruckus has it figured out.”
  • Seeing a shift of areas with younger “hip” kids that don’t want voice or video services. Everything is internet based.
  • Some are doing free X day trials in MDUs.
  • Apartment providers will provide 3 amenities in the future – Water, Electricity, Internet.
  • Customer surveys say 51% of customers don’t like their ISP.
  • Need to work on relation ships with property owners. Difference between Provider and a Partner.
  • Internet can be considered a “customer focused utility”.
  • A good marketing tool is to sell your service as “Buffer free”.
  • Allowing any tech in the field to offer 1 free month of service to a customer. It empowers the tech to “go the extra mile.” Gives them some ownership.
  • Beat the competition with service. Tell your techs to go the extra mile for property owners.
  • Student Housing

  • Just delivering more BW isn’t the answer. Improved latency and jitter.
  • Some service providers will no-bid SH. Students don’t tend to want TV, which is where they make more money.
  • Foreign content providing is increasing. A large surge in BitTorrent is due to foreign content not offered in local area.
  • 802.11AC is going to see much larger uptake in the next year (you guys saw this coming).
  • 80% of devices are connecting via wifi
  • Planning for 36-60 months of life in the wifi infrastructure.