February 2017
M T W T F S S
« Jan    
 12345
6789101112
13141516171819
20212223242526
2728  

Archives

Categories

Air conditioning? We don’t need no stinking air conditioning!

It has been hot out around here the last week or so. Somebody’s office server needed a little extra help:

Office server fan

Office server fan

I am not a fan (pun intended) of this type of thing.  Too often, we make do with things that are simply substandard.  In an emergency, I get it; you do what you have to to get things going again.  However, after the system is recovered comes the remedial phase, which includes making permanent repairs, replacing outdated equipment, installing things properly, making sure that wiring meets electrical code, documentation, labeling, etc.

The remedial phase is often neglected or forgotten altogether.   There are two reasons for this; the “saving money” reason, or the too busy to deal with it reason.  However, later on, we or the person that follow us, will have to deal with this again after some sort of catastrophic failure.  Then there will be the questions:  How did this happen?  How long has it been like that? and so on.

As far as saving money goes; you are not.  Cutting corners may save a few pennies in the short term, but long term, it only creates bigger problems which will have to be dealt with at some point.  Doing things the right way will shift the engineering effort from a reactive (e.g. fire fighting) to a proactive stance and everyone will be much happier.

Network Security, part II

With the spate of ransomware and crypto virus attacks on automation systems, perhaps a quick review of network security is in order:

  1. Isolate the automation system on a separate network from the general office network and do not allow internet access on the automation system’s work stations or servers.
  2. Use a separate switch for all automation network connections.
  3. install a small router between the automation network and the office network.  On the router, the WAN port faces outward toward the office network, make the WAN port non-pingable.  Grant access from the office network for certain users; e.g. traffic, music director, etc via access lists.  Open up a few ports for VNC or RDP on the router so technicians can remotely access machines to do maintenance and troubleshooting.
  4. Use supported and up to date operating systems.
  5. Use separate admin and user accounts, make sure that admin rights are removed from user accounts and keep machines logged in as users.  This ensures that some errant DJ or other person does not install any unauthorized programs.
  6. Install and keep up to date a good antivirus program.
  7. Back up the data and test the backups.

The office network is more vulnerable because of the human element.  Internet access is require, of course.  Click on a pop up, sure!  Hey, that photograph has a funny file extension, lets open it and see what it is.  I never heard of this person before, but look, they sent me an executable!

Much of the office network security will rely on the quality of the router connected to the internet and the antivirus software installed.  Of course, the network users have a good deal of responsibility also.

Cable Porn

On occasion, the company I currently work for does installation work. Thus, I am always keeping my eyes open for new equipment and tools to make that job easier. The cable comb seems like it is just such a thing:

ACOM tools cable comb

ACOM tools cable comb

Instructional video from youtube:

Then there is this:

Which is simply amazing. It is described as “1320 Category 6 cables, dressed and terminated.”

Incidentally, there is an entire sub-reddit: reddit.com/r/cableporn for all those cable geeks that like to look at neat cabling work.

Computer guys…

Some guy posted this picture on Reddit:

Small Office network

Small Office network

In the comments, he gets blasted for being too neat and using wire ties.  I know a lot of IT guys that are not very neat with their work and document nothing.  This is a big problem in the industry and does not, contrary to popular belief, promote job security.  I have walked into some very messy situations in wiring closets and rack rooms over the years.  My solution is always the same; run some temporary wires for critical machines/functions, then get out the big wire cutters and start chopping.

Graphical Network Simulator

I have been working with GNS3 (Graphical Network Simulator) in some of my classes.  It is a fine tool with which one can build simulated computer networks using various routers and switches.  The software program itself is free, however the Cisco IOS images are not included and must be found elsewhere due to copyright issues.  This detail is a bit of a pain, but not too bad.  Once the program is set up and the appropriate IOS images are loaded, the console functions exactly like whatever router is being simulated.  This includes running which ever terminal program is preferred, e.g. hypertermial, putty, or if using the Linux version, x-term, etc.

GNS3 screen shot, topology and router console

GNS3 screen shot, topology and router console

The advantages to this over something like Cisco’s Packet Tracer program are many.  In Packet Tracer, certain functions are locked out and generally there is only one acceptable way to complete any given task.  With GNS3, the IOS is fully functional, which means that experimentation and failure are available to play with.  Failure is a great way to learn things in any hands on environment.  The advantage of virtual failure is that only you know about it.

For real world applications, this means that router and switch configurations can be created, tested and tuned ahead of time then loaded into working devices, saving downtime and potentially handfuls of hair.

A few things about using GNS3, the PC idle tuning is required.  Each instance of IOS assumes that the entire processor is available to use, thus starting several routers can wonk a PC’s processor to 100% and windows will never fully recover.  Secondly, when starting each router, wait 10 to 20 seconds before starting another one.  Again, this has to do with the way IOS uses processors.  Also, to save time, store the IOS image as a decompressed file.  This saves quite a bit of time on startup.  Finally, do not forget to copy running config to startup config.  Even though GNS3 says it is saving the router configs, it does not save the running config unless you issue the copy run start command, just like a real router.

Wireshark; what is it good for

Wireshark is a packet protocol analyzer that is free for download and runs on Windows, Linux, BSD, OS X and Solaris.  In the evolving broadcasting studio, computer networks are the backbone of the facility. Not just on the office side of the house, but also in the broadcast origination side as well. Today, almost everyone uses some type of computer automation system running on a network. In addition, new technologies such as, AoIP consoles, VoIP phone systems, audio and video routing, remote control, off site monitoring, audio processing, etc continue to develop.  Because of this, more and more broadcast engineering work is falling into the computer and networking realm.

Like anything else, networks can fail.  Failure modes can originate from both the physical side, e.g. wiring, connectors, patch bays, network interface cards or the software/protocol side.  Being able to diagnose problems quickly and take remedial action is important.  On the networking side, if a physical problem has been ruled out, then the problem exists with a protocol.  That is where Wireshark becomes useful; it takes the guess work out of networking protocol troubleshooting.

Wireshark packet protocol analyzer has the following features (from their website):

  • Deep inspection of hundreds of protocols, more are in development
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Versions available for Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others OS
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • Filtering by protocol, IP address, MAC address, frame type, sequence number, etc
  • VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Here is a quick video with some tips and tricks on using Wireshark:

A few things to keep in mind with the physical connection.  Connecting a computer to a switchport will establish collision domain between the switchport and the computer which is also called a network segment.  The computer NIC will see all traffic on that collision domain and all broadcast traffic on the network or sub network that the switch is attached to.  If there is a suspected problem with a particular network segment, the Wireshark computer needs to join that collision domain.

Creating a network segment tap with a hub

Creating a network segment tap with a hub

This can be done most simply by installing wireshark on the host in that domain. Alternately, a hub can be used to add another host to the collision domain.  Or, if it is a managed switch, there may be a provision to send all traffic on the switch out of one designated port.  This is called ‘port mirroring’, ‘port monitoring’, ‘Roving Analysis’ (3Com), or ‘Switched Port Analyzer’ or ‘SPAN’ (Cisco).

Network diagram with managed switch

Network diagram with managed switch

A quick tutorial on what to look for when using Wireshark, Part A:

Part B:

And briefly, that is how it is done.  There are many more videos on youtube and elsewhere if interested in learning more.

Very basic network security for Broadcast Engineers

Most broadcast facilities have an engineering department or service and an IT department or service which are separate.  There is often a fuzzy line between what machines belong strictly to engineering and what belongs to IT.  There are several different systems that have network interfaces but are not generally considered computers and fall squarely in the engineering department.  These include such equipment as transmitters, satellite receivers, EAS machines, IP based audio routers and audio consoles and IP audio CODECS.  In many cases, windows based automation systems and servers also fall under the responsibility of the engineering department.

As the recent incidents of network intrusions into vulnerable EAS machines shows, after installation, steps must be taken to secure networked equipment from malicious or accidental intrusions.  The aforementioned EAS intrusion was bad but it could have been much worse.

Anything with a network interface can be exploited either internally or externally and either by purpose or accident.  The threat plain looks like this:

Computer network intrusion plain

Computer network intrusion plain

Every unauthorized network access incident falls somewhere on this plain.  An unauthorized network intrusion can be as simple as somebody using the wrong computer and gaining access to back end equipment.  It can also be the hacker or cracker from a foreign country attempting to breach a fire wall.

Basic network security falls into these categories:

  1. Physical security of machine or server room
  2. Security against internal accidental or malicious use
  3. Security against external intrusion
  4. Protection against malicious software exploitation

The first category is the easiest to understand.  Physical security means securing the server room through locking doors and preventing crawl over/under entries.  Security cameras and monitoring is also a part of physical security.  Something that is often neglected is extended networks that bridge to transmitter sites.  Non-maned off site facilities that have network access are a vulnerable point if multiple clients or tower tenants have access to the same room.  Locked equipment racks and video cameras are two ways to secure non-maned transmitter sites.  Also, when using good quality, managed switches at transmitter sites, switchport security features can be enabled and unused switchports shutdown.

Accidental or malicious internal intrusions can be reduced or eliminated with proper password policies.  The first and most important password policy is to always change the default password.  There are lists of default router and switch passwords available online.  The default passwords for EAS machines and other equipment is published in owner’s manuals and most broadcast engineers know them by heart.  Always change the default password, if you do nothing else, do this.

no-default-password

Other password policies include such things as minimum password length, requiring special characters, numbers and both upper and lower case letters.  Even taking those steps, passwords are still vulnerable to dictionary attacks.  To prevent a dictionary attack, the login attempts should be limited to five or so with a thirty minute freeze out after the attempt limit is reached.

External intrusion can come from a number of different sources.  Unsecured WIFI is the easiest way to gain access to a network.  Always secure WIFI with WPA or WPA2 AES encrypted pre-shared key.  This will keep all but the most determined intruders out.  Other external threats can come from man in the middle attacks.  IP bridges and WIFI must always be encrypted.

External attacks can also come over the wired network.  Most small routers have default network and password settings.  I have started moving away from using 192.168 internal networks.  Router firewalls and personal software firewalls are effective but not foolproof.  Software updates need to be performed regularly to be effective.  One recently discovered exploit is UPnP, which is enabled on many home and small office routers.  UPnP (Universal Plug-n-Play) SSDP (Simple Service Discovery Protocol) can be exploited of exposed to the public network side of the router.  ShieldsUP! by Gibson Research Corporation is a good evaluation tool for router exploits, leaks and phone homes.  They also have links to podcasts and youtube videos.

Disabling unused features on routers is a good security policy.  Features such as DHCP, DNS, SNMP, CDP, HTTP server, FTP server etc are all vulnerable to exploitation of one form or another.  Turning off those protocols that are not in use will eliminate at least a portion of those threats.

Finally, worms, bots, viruses and other malicious software can come from anywhere.  Even reputable websites now have drive-bys in linked advertizing banners.  Non-windows operating systems are less vulnerable to such programs, but not immune.   All windows machines and servers that are in anyway connected to the internet need to have updated antivirus software.  Keyloggers can steal passwords and send them to bad places where people have nefarious intent.

There are entire books, standards and upper level classes taught on network security.  This less than 1,000 word article barely brushes the surface, as the titles says, these are but a few very basic ways to implement a security policy.  It is important for technical managers and engineers to learn about, understand and implement security policies in broadcast facilities or suffer the consequences of complacency.

Pinouts

Over the years, I have collected many pinouts for all sorts of interfaces, connectors, jacks, etc.  These are all stored on my laptop and in my smartphone.  It is easy enough to look these things up online, however, there are occasions when the internet is not available for whatever reason.  Thus, this is my collection of pinouts, many of which have been adapted from wikipedia articles.  Many times I put things here for my own use.  However, if I have spent ten minutes looking for the USB pin out on my smart phone, someone else has done the same thing.  Most all of these images have higher resolutions available.

Enjoy!

EIA/TIA 568a and b ethernet cable standard

EIA/TIA 568a and b ethernet cable standard

Standard networking connectors for Ethernet connections. Rumor has it that only the “A” standard is accepted for government work and the “B” standard is being depreciated.

803.3af Power over Ethernet, imposed on EIA/TIA 568 a and b

803.3af Power over Ethernet, imposed on EIA/TIA 568 a and b

Power over Ethernet pinouts. More and more commonly used in VOIP phone systems, but can also be found in wireless access points and other things of that nature.

10/100 base T cross over cable

10/100 base T cross over cable

Ethernet crossover cables are useful for connecting to similar pieces of equipment together, e.g. a computer to a computer, or a switch to a switch. Many new switches have port sensing, which will automatically cross the connection if a straight through cable is used.  Others have a specific port or a switch for a specific port which will cross over the cable.  Gigabit Ethernet uses all four pairs, thus a 1000 base T crossover looks a little bit different.

10/100/1000 base T Ethernet crossover cable

10/100/1000 base T Ethernet crossover cable

This type cable is backwards compatible with 10/100 base T systems.

Registered Jack 11/14/25

Registered Jack 11/14/25

Telephone system equipment jacks.

Registered Jack (RJ) 48, commonly used on T-1 and ISDN circuits

Registered Jack (RJ) 48, commonly used on T-1 and ISDN circuits

RJ48 and 48X used on T-1 (DS-1) and ISDN connections.  Since BRI and PRI ISDN are two wire circuits, the active pins are 4/5, which is the same as an RJ11.  I have often used RJ11 jacks for ISDN and found no issues with doing so.

T-1 (DS-1, DSX-1) crossover cable

T-1 (DS-1, DSX-1) crossover cable

Crossover cable for T-1 (DS-1 or DSX-1 interface). Note, this is different from an Ethernet crossover cable, which will not work for in a DS-1 interface.  A T-1 loopback connector goes from pin 1 to pin 4 and pin 2 to pin 5 on a 8P8C connector.

RJ21 and 21X color code.

RJ21 and 21X color code.

RJ21 and 21X connectors are often found on the side of punch blocks and make for quick connections on cabling trunks.

25 pair color code

25 pair color code

The generic 25 pair color code, which is always a good thing to have.

RS-232 data pins out for various connectors

RS-232 data pins out for various connectors

RS-232 is still commonly used for data transfer in broadcast facilities. RS-485 is also used, however, that standard is often used with screw terminals or some other generic connection.

Null modems, cables and pinouts

Null modems, cables and pinouts

Null modems for connecting equipment together and testing.

Universal Serial Buss (USB) connections and pinouts

Universal Serial Buss (USB) connections and pinouts

Various USB connectors and pinouts. USB has replaced RS-232 data ports on most newer computers.

VGA connector and pinout

VGA connector and pinout

Computer graphics card pinouts.

Computer Parallel port pinout

Computer Parallel port pinout

Computer parallel port pinout, not used very much anymore, replace by mostly USB devices. Can also be used as a limited GPI/GPO interface.  Some small automation software programs use pins 10,11,12,13 and 15 for closure information and pins 1, 14, 16, and 17 for output switching, machine starts and the like.

PS2 mouse and keyboard connector

PS2 mouse and keyboard connector

PS2 mouse and keyboard connectors, again, replaced by USB but still found on older motherboards.

RJ-45 to balanced analog and digital audio

RJ-45 to balanced analog and digital audio

RJ-45 to balanced audio. This is a fairly standardized audio application for RJ-45 connectors developed by Radio Systems/Studio Hub. It is also used by Telos/Axia and Wheatstone, although often the +/- 15 VDC power is not included.

XLR connectors, old technology, still used

XLR connectors, old technology, still used

The ubiquitous XLR connector, still used for analog audio and also AES/EBU digital audio.

Subnetting 101

More information on IP networking:

Most radio station networks that I have seen are divided along several different lines based on functions.  These functions are:

  • Office network; E-mail, document storage and retrieval, printing, applications like traffic and billing, promotions, music scheduling and so on
  • Automation network; automation servers, workstations and audio editing machines used in production
  • Audio over IP (AOIP) network; any AOIP consoles, devices or STL equipment
  • Voice over IP (VOIP); telephone system
  • Wireless LAN; WLAN or WIFI

It is helpful, then, to segment the network into different broadcast domains to reduce the congestion on any one network.  That is where a good subnetting scheme can be beneficial.  Subnets segment the network into smaller parts, reducing the amount of broadcast traffic and increasing network speeds by reducing MAC table sizes, and thus switching and lookup times.  They also can secure certain areas of the network from the outside or other subnets, adding a level of security.  For example, it may not be a good idea for the automation computers or the AOIP consoles to have access to the internet.  Certain functions in routers and switches can be enabled for that added security.

It is also important to efficiently use IP addresses in a large organization where WANs are used.  The better the subnetting scheme, the easier it is to understand and the better it performs.   Avoiding or reducing discontiguous networks is key to efficient and speedy routing.   That is an important consideration where applications like AOIP and VOIP are concerned

To really understand subnetting, it must be broken down into the fundamental parts.  This pertains to IPv4, which will likely remain in use for quite some time.  The big chart, class B networks:

3nd  octet 4th octet CIDR Decimal Wild card Hosts 3rd Up by Subnets
00000000 00000000 /16 255.255.0.0 0.0.255.255 65,534 255 0
10000000 00000000 /17 255.255.128.0 0.0.127.255 32,766 128 2
11000000 00000000 /18 255.255.192.0 0.0.63.255 16,382 64 4
11100000 00000000 /19 255.255.224.0 0.0.31.255 8,190 32 8
11110000 00000000 /20 255.255.240.0 0.0.15.255 4,094 16 16
11111000 00000000 /21 255.255.248.0 0.0.7.255 2,046 8 32
11111100 00000000 /22 255.255.252.0 0.0.3.255 1,022 4 64
11111110 00000000 /23 255.255.254.0 0.0.1.255 510 2 128
11111111 00000000 /24 255.255.255.0 0.0.0.255 254 1 256

Class C networks

3rd octet 4th octet CIDR Decimal Wild card Hosts 4th Up by SubnetsB SubnetsC
11111111 00000000 /24 255.255.255.0 0.0.0.255 254 255 256 0
11111111 10000000 /25 255.255.255.128 0.0.0.127 126 128 512 2
11111111 11000000 /26 255.255.255.192 0.0.0.63 62 64 1024 4
11111111 11100000 /27 255.255.255.224 0.0.0.31 30 32 2048 8
11111111 11110000 /28 255.255.255.240 0.0.0.15 14 16 4096 16
11111111 11111000 /29 255.255.255.248 0.0.0.7 6 8 8192 32
11111111 11111100 /30 255.255.255.252 0.0.0.3 2 4 16384 64
11111111 11111110 /31 255.255.255.254 0.0.0.1 0 2 N/A
11111111 11111111 /32 255.255.255.255 0.0.0.0 0 1 N/A

The terms “Class B” and “Class C” networks are outdated.  Basically, I broke the chart up along a classful boundary to make it easier to read.

An IP v4 address consists of four octets of binary data. A common example is 192.168.1.154, which in binary numbers looks like this: 11000000.10101000.00000001.11111110. It is converted to base ten numbers (dotted decimal) so that we humans can deal with it. A typical subnet mask seen in many office networks is 255.255.255.0, which in binary looks like this: 11111111.11111111.11111111.00000000.  When a router receives a packet, it does something called an “ANDing process.”  When a router ANDs, it overlays the subnet mask on the network address and uses the following function: 1+1 = 1, 1+0 = 0 and 0+0 = 0.  Thus, in the above example, a router AND would look like this:

Dotted Decimal Binary Octets
192 168 1 254
255 255 255 0
192 168 1 0
11000000 10101000 00000001 11111110
11111111 11111111 11111111 00000000
11000000 10101000 00000001 00000000

The subnet mask is telling the router to ignore the last octet, thus saving a bit of time and processing power.  It may seem very small and insignificant.  When considering that routers make sometimes hundreds or thousands of routing decisions in a second, even a small bit of work reduction adds up quickly.  Subnet masks allow routers to look at only the layer three network address, ignoring the host portion.  This takes advantage of IPs inherent hierarchical addressing system and speeds the process of routing to the proper destination.

Another way to look at it:

IPv4 subnet chart

IPv4 subnet chart, click for .pdf version

There are three IPv4 address ranges set aside for private (internal) use:

  • 192.168.0.0 to 192.168.255.255 /16
  • 172.16.0.0 to 172.31.255.255 /12
  • 10.0.0.0 to 10.255.255.255 /8

Thus, very large networks can use an internal IP address scheme in the 10.0.0.0 range and have up to 16,777,216 hosts, or 224 addresses minus two, one for the network line address and one for the broadcast address.  That would be one giant network clogged with ARP requests, ICMP packets and other miscellaneous multicast messages. A notation of /16 means that 16 bits are used for the network address, the remaining address bits are host bits.  A /24 network has 24 network bits and 8 host bits making the available hosts 254.

An example of an efficient network would be a medium market operation with six radio station under one roof.  This facility has ten studios and a news room using AOIP consoles, a VOIP phone system, an automation system, an office network with an internal file server and exchange server.  The number of required hosts on each subnetwork is

  • Office network, servers and wireless hosts: 78
  • VOIP phone system: 70
  • AOIP consoles and nodes: 30
  • Broadcast automation system: 22

Given IP address: 172.19.0.0 /22

In most instances, office networks are usually installed on one class C segment, that is to say, the network mask is 255.255.255.0.  However, in the example above, 254 hosts are not needed on the office network, thus it can be divided in half using the subnet mask of 255.255.255.128, leaving the other half for the VOIP phone system.  This subnetting scheme would leave 126 hosts on the office network and 126 hosts on the VOIP network.  The AOIP console and broadcast automation system can be placed on another class C segment, using the subnet mask of 255.255.255.192, which would give each subnet 62 hosts.  All subnets would have room to expand.  Each subnet is isolated from the others by a router.  The office subnet contains the gateway to the internet, usually .1 or .126 (first or last) IP address.

That would look something like this:

Office network
Line address First available Last available Broadcast Subnet mask
172.19.0.0 172.19.0.1 172.19.0.126 172.19.0.127 255.255.255.128
VOIP phone system
Line address First available Last available Broadcast Subnet mask
172.19.0.128 172.19.0.129 172.19.0.254 172.19.0.255 255.255.255.128
AOIP consoles and nodes
Line address First available Last available Broadcast Subnet mask
172.19.1.0 172.19.1.1 172.19.1.62 172.19.1.63 255.255.255.192
Broadcast Automation system
Line address First available Last available Broadcast Subnet mask
172.19.1.64 172.19.1.65 172.19.1.126 172.19.1.127 255.255.255.192

That keeps the network segments small but has room to grow.  This is a diagram of a converged network:

Radio Broadcast Facility converged network

Radio Broadcast Facility converged network

With a setup like this, reliability is the key to a happy life. The router should be a good Cisco product with four or more Fast Ethernet ports. A second way to do this would be to have four routers plugged into a distribution switch and use OSPF to route between subnetworks. The switches should also be a good Cisco product, which can take advantage of port security options and QoS on the VOIP and AOIP segments.  VOIP systems usually require Power over Ethernet (POE) ports, thus that switch can be specialized for that purpose.

Many AOIP systems want to see Gigabit switches or at least Fast Ethernet switches with Gigabit or better back planes.  Any AOIP STL system can be connected to the AOIP network along with other things like AOIP remote broadcast and studio telephone solutions.

Many WLAN access points can be configured as a network router and DHCP server for wireless hosts.

The largest users of the public (i.e. internet) network would be the VOIP phone system and office network.  The broadcast automation network may also be a if voice tracking or other program delivery over WAN is used.

Nanobridge M5 wireless LAN link, Part II

After a bit of delay, we were able to return to the WICC transmitter site to install the Wireless LAN link.  The installation was pretty straight forward.  The studio unit was mounted on an existing STL tower on the top of the elevator room, the transmitter unit was mounted on an existing pipe on the roof of the transmitter building.

M5 Nanobridge mounted on transmitter building with radome

M5 Nanobridge mounted on transmitter building with RADOME

I included RADOMEs for a couple of reasons; first, there is a lot of critters around of the two legged and winged kind. The upright two legged critters may be attracted to the signal strength lights at night. This unwanted attention could invite the juvenile delinquents bored teenagers to throw various objects found laying around on the ground at the antenna, damaging it.  The winged type critter may be inclined to view the feed horn as a good nesting location. The other reason is this site gets a lot of rain, wind, ice and snow, therefore the RADOMEs afford some protection against the weather.

Aiming the antennas was pretty straight forward, but requires at least two people.  Using landmarks, we aligned the dishes in the general direction of each other.  Both ends of the system were turned on and we had a -89 dBm signal path, and somewhat surprisingly, the radios linked up and my laptop grabbed an IP address via DHCP.  Using the signal strength meter on the side of the antenna, each dish was peaked in turn:

M5 Nanobridge Antenna signal strength meter

M5 Nanobridge Antenna signal strength meter

Then, somebody on either end went below and looked at the signal strength screen on the web interface while the other end was peaked.  In the end, we had about -65 dBm signal strength, which is somewhat less than the -58 dBm predicted.  I think we can do better, so on the next clear day, I am going to peak the signal again.

The data rate initially reported was over 100 MBPS, however, once I started transferring files back and forth, that dropped to about 50 MBPS.  If it is raining, that rate drops to about 35 MBPS, which is still far above what we need this link to do.  As a test, I streamed a youtube video, downloaded a windows update, loaded several web pages and checked my email simultaneously.  There where no issues with the data rate while those tasks were being preformed.

It is quite amazing to me that these little inexpensive radios can work so well.  My boss thinks that they will be blown up by lightning during the first thunderstorm of the season.  I don’t know.  There are several of these units that have been installed at mountain top tower sites and have been working for several years without issue.

Next step, installing the IP cameras and warning signs on the fence, setting up the monitoring software, etc.

Transmitter site security cameras

Transmitter site security cameras

Cameras mounted on old chimney platform.  This is the first set of cameras covering the south, north and west approaches.  A fourth camera will be mounted on the back of the building covering the east approach.  Then, under the eves cameras will be mounted on all four corners of the building and the generator shed.  If anything moves, it will be recorded.

Axiom


A pessimist sees the glass as half empty. An optimist sees the glass as half full. The engineer sees the glass as twice the size it needs to be.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
~1st amendment to the United States Constitution

Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
~Benjamin Franklin

The individual has always had to struggle to keep from being overwhelmed by the tribe. To be your own man is hard business. If you try it, you will be lonely often, and sometimes frightened. But no price is too high to pay for the privilege of owning yourself.
~Rudyard Kipling

Everyone has the right to freedom of opinion and expression; this right includes the freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers
~Universal Declaration Of Human Rights, Article 19

...radio was discovered, and not invented, and that these frequencies and principles were always in existence long before man was aware of them. Therefore, no one owns them. They are there as free as sunlight, which is a higher frequency form of the same energy.
~Alan Weiner

Free counters!