All posts by richard

Terrafix TVC4000 Notes and Warnings

First up. I do not work for Terrafix, I’m neither an agent or official service tech. I’m simply just another tinkerer trying to keep old tech out of the trash.

Secondly, if you have one of these with full software, you probobly shouldn’t have it. The software is proprietary and tied to the original customer. Unless you have explicit permission, using the original software could be classed as a prosecutable, criminal offence. Most of these units remain the property of the original owner and those that are out there are often only available due to oversight during decommissioning. At best you may be looking at theft or handling stolen goods, at worse a whole slew of other offences under the Computer Misuse act may be added. If you are a medical professional this WILL cost you your professional qualifications.

Thirdly, this is a work in progress and its likely not to get finished anytime soon.

The TVC4000 is an embedded PC specifically intended for use by the emergency services. Its based around PC hardware and has a lot of tweaks made so that it can interact with the vehicle and deal with the realities of being on the road. Vehicles aren’t nice places for PCs. It bundles in 2 serial ports, GPS, WLAN, Wifi, CAN, GPIO, Audio, Networking, one open MiniPCIe slot, Displayport and a GMSL port. Hardware wise it is a pretty aneamic box. An untterly underwhelming Atom N2600 dual core processor is backed up with 2Gb of DDR3. It is supplied running Windows 7 Pro as it stands

Using one as is? DONT!
As you’ll see above this machine has integrated WLAN, 3G/GPRS in this case. This is handled via PPP to present as a network adapter. We all know Windows 7 is not only well past end of life, but has some serious security issues that are wormable. So this box is exposed to the outside world with just the W7 firewall to protect it. Worse the dev box was missing a lot of very, very important updates. If the 3G carrier uses CGNAT then this is still an issue but not as severe as if the system is given a public IP, which some carriers do. If you pop in a SIM from such a carrier this machine is extremely vulnerable and would likely be compromised quickly. Likewise it plugging it into a network take precautions and get the updates on. It’s possible these updates are missing on purpose as they may break something. If you are using one of these in a clinical setting you MUST perform a risk assessment and look closeley at how this all ties in with your data governance and security assessment. Windows 7 automatically means you would not typically be considered compliant, unless you are on LTS there is no way to fix this and these systems should NOT be used for critical or confidential (clinical) data.

Getting it going
So you have one of these and you want to get it going. There is some good news here. These units rarely come up complete so you’ll either have all you need, awesome, or you are going to have to do some cobbling together of parts. If you do have the unit , display and display cable then you are most of the way there. The display and GMSL cables are hard/impossible to find without buying direct. If you don’t have these the Displayport does work as the primary device as do the USB ports.

Power wise you are going to need 12V at about 2.5A. There is an oboard battery that will need to charge and that will trip smaller supplies up. Idle the system uses about 1.7A with an SSD. You will need a 4 pin molex plug as used on many ATX power supplies. Looking at the TVC4000 from the back the top left pin is 1 then follow around clockwise. 1 is switched ignition, 2 is GND, 3 is power and 4 is not used.

When you power the unit up for the first time you may find the unit power cycles but never boots, flashing the red power LED a few times and restarting. This is the result of a low battery. Simply leave it alone for a while and it’ll boot.

From this point its a normal PC with rather limited hardware. If you are starting over without a hard drive then get a good SSD and a stick of 4GB DDR3L and pop them in, it’ll make life significantly better. 4GB is the max this machine will take and you’ll need a 64 bit windows install to go further.

OS Install Time
Windows 7 installs easily enough without any issues. I would expect Linux to work happily but expect some issues with the touch screen and potentially audio. In this situation Linux may be a better be a better fit as it can be secured and updated a lot easier than Windows 7. It depends on your end use scenario. Before you do anything get Chrome installed. This is the most modern browser you’ll get and you will need it as the bundled IE that comes with 7 will fail on almost all websites. Once you have that done you need to start on updates. Getting Win 7 to update is an uphill battle and there is a specific sequence of updates you need to download and apply before you even try to get it updating as follows…

KB3102810 should be the very first and then reboot. After that KB947821, KB3050265, KB3083710, KB3102810, KB311234, KB3138612 and KB3145739. Reboot when asked, don’t try and do the lot in one hit. After that you should be able to run Windows update. The first search may take up to 15 minutes and you’ll have a few GB of updates. To have some fail is normal, just keep going till you are all done. It is possible while it is checking for updates it may grab a few anyway, you’ll see the install updates request pop up on shutdown/restart if it does. It takes a few goes to get it all up to date and it does take a fair while.

Hardware wise all the drivers can be found with a bit of digging and I’ll upload a driver package for the system at some point and link it here. The only fly in the ointment seems to be the 3G WAN driver which falls over due to driver signing. Once the GMA display driver is in the system will be able to treat the GMSL and Displayport displays as separate displays.

Windows 10 needs the 4Gb and ideally an SSD. The Install goes through easily enough though although it isn’t quick, this CPU/Chipset really doesn’t have the bandwidth to exploit the SSD properly although its still faster than spinning rust. You’ll also want to disconnect the LAN cable before you starts and skip connecting to a WiFi network else you’ll be forced into using a Microsoft ID. 10 does find most of the hardware on its own making the install much, much easier than 7. Although the Atom N2600 Cedarview CPU isn’t officially supported it does work just fine. It may take a few passes to get all the drivers and don’t forget to check the optional updates, these are where the drivers will be.

And here starts the first bit of stupidity, graphics. There are NO windows 10 drivers. Hell there are no official 64 bit drivers. This isn’t a huge thing and if you are planning on using this thing as is the default windows driver isn’t actually broken. I’ve seen a few suggested fixed but nothing actually seems to work without blue screens. If you need the dual head support then you will have to install Win 7. *IF* the second PCIe slot is a true slot you may be able to add graphics here. I have personally added full graphics cards to single lane slots and depending on the card, it does work well. You may be able to get Win 10 32 bit using the driver following this guide here.

Take a moment to not only go through and shut Windows 10 up by disabling all the advertising rubbish but pop over to Spiceworks and grab the Decrapifier script here. Arguably 10 brings better driver support, security and usability but it also brings along bundled garbage, lack of control over updates and unpredictable reboots to add “features”. Its a bit of a trade off sadly. I’ve found the best order for installation is Windows, Chrome/Edge then update till it won’t update no more (check for driver updates) and decrappify.

Power Saving
Last but not least, knock out power saving on both operating systems. Windows 7 seems to behave for the best part but the more aggressive power management in 10 seems to cause the odd black screen of death.

Apps to round it out…
So assuming you are at the point where things are working and you have all your drivers its time to… no, not yet. Back it up! Use Acronis or EaseUs and make a disk image to recover from, you will thank me for it later!

Now, lets add some apps…
If you are using 7, as we have already covered, you will need a modern browser. You will also want good anti virus with a firewall, Esset is a good call as its lightweight and isn’t popup happy. Bear in mind the usual home user type solutions are constantly throwing ads or pop ups and this isn’t what you need in this situation.

If you are planning to be able to test and troubleshoot the system you’ll want Putty, Ublox UCentre, Visual GPS View, Ublox MCentre and CANKing. These should cover most things you might want to do. I don’t know of a way to test the GPIO pins, there is an official Kontron package but it requires subscription.

If this is going into a vehicle you’ll want to drop Mapfactor Navigator on there. This is a VERY capable navigation system with a lot of extras designed just for this sort of system. I’d urge you to give these guys some cash, for what this program is, it’s not expensive. Centrafuse is also worth a look for less commercial uses and integrates with pretty much everything

So in summary, both OS’s are compromises, 7 with security and 10 with the display driver. If the second display isn’t an issue then its an easy win for 10, however you’ll pay the price for this in a slightly slower system and needing more RAM. If this is an issue then use 7 but bolt it down. Either of these you should be looking at an external 4G modem anyway. Most of these will work happily with the antenna already on the vehicle.

Cisco SPA232D and FreePBX

This is a quick guide, mainly for me and as a reference. Getting this to play ball on Chan_SIP was a breeze. PJ_SIP breaks this somewhat. The guides I’ve found are focused on pure Asterisk and/or Chan_SIP. This is what I had to do to get this to play ball and work. This is for UK installations so if you aren’t in the UK or US (Defaults work for the US/Can) you will need to find your localisation settings yourself…

I’ll assume the unit has been factory reset, instructions for this are at : https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/spa100-200/quick_start/SPA232D_QSG-en_78-21580-01.pdf

First up. We need to setup the network side of things. Plug a PC into the LAN port of the 232 and make sure you get an IP address. Don’t just plug one of these into a LAN as they run a DHCP server. Login to the web UI as admin/admin…

A few sites mention using the LAN port will cause issues, and left at the defaults it will. We need to disable routing and bridge those ports. Click ‘Network setup’ from the top options, then ‘basic setup’ from the side. Under the new options pick ‘Network Settings’

You’ll need to disable the DHCP server. Click the ‘disabled’ checkbox and hit apply. As long as you do the next step quickly you don’t need to make any networking changes to your PC. If you allow the lease to expire, you’ll need to set a static IP for your PC on 192.168.15.0/25 to continue. I’ve never had to do this.

Click ‘Network Service’ and change the dropdown to ‘Bridge’. Submit the change and the unit will boot. As your PC won’t ever see the network drop it may not renew your IP address.
Once the SPA has rebooted your WAN and LAN ports are connected to the same network. Either place the SPA on your main network now where it’ll get a DHCP address and reconnect your PC to your LAN or stay plugged into the SPA, it doesn’t matter at this point. It helps to know the MAC printed on the SPA if you have more than one device at this point. Log into your router or firewall/router and check your DHCP lease table / list of known devices and find where your SPA went…

If you have more than one SPA device, use the MAC to identify it. You can then re-connect with your web browser to the new address. This set of steps removes the need to go through allowing remote access and stops a layer of NAT being added to a protocol which, quite frankly, hates NAT 🙂

Before you go any further check Administration => Firmware Upgrade. Make sure you are running 1.4.1, if not click here to go and get it and update the SPA. If you don’t you may have issues with getting a 202 error making outgoing calls. The latest (and last) firmware fixes this.

I’ll now run through each page, I’ll highlight where we are changing defaults and list the changes. If I haven’t touched a field the default is just fine. Hitting submit can, depending on the screen, reboot the unit or take a while to return.



Select Network Setup=> Basic Setup, Time Settings

There is probobly no pressing need to do this but if you want to later use TLS, or the debug logs it’s worth doing. Set your timezone, time server and enable “Auto Recovery After Reboot”. Hit “Submit” and wait for the UI to return.

Voice => System, SIP and Provision have nothing to change.

Voice=> Regional

There is a fair amount here and you need to get it right or your SPA may act up. BT aren’t totally consistent across exchanges and though most of the defaults here will work, on some exchanges you may se issues with caller ID and call termination if you don’t change these… snarfed from here

Note this screenshot shows the DEFAULT values. New ones below to copy and paste
Voice > Regional > Call Progress Tones
    Dial tone: 350@-19,440@-22;10(*/0/1+2) 
    Ring back: 400@-20,450@-20;*(.4/.2/1+2,.4/2/1+2) 
    Busy tone: 400@-20;10(.375/.375/1) 
    Reorder tone: 400@-20;10(*/0/1) 
    SIT 1 tone: 950@-16,1400@-16,1800@-16;20(.330/0/1,.330/0/2,.330/0/3,0/1/0) 
    MWI dial tone: 350@-19,440@-22;10(.75/.75/1+2) 
Again, this shows the DEFAULT values, new ones are below.
Voice > Regional > Distinctive Call Waiting Tone Patterns
    CWT1 cadence: 30(.1/2) 
    CWT2 cadence: 30(.25/.25,.25/.25,.25/5) 

Voice > Regional > Distinctive Ring Patterns
    Ring 1 cadence: 60(.4/.2,.4/2) 
    Ring 2 cadence: 60(1/2) 
    Ring 3 cadence: 60(.25/.25,.25/.25,.25/1.75) 
    Ring 4 cadence: 60(.4/.8) 
    Ring 5 cadence: 60(2/4)

Voice > Regional > Ring and Call Waiting Tone Spec
    CWT frequency: 400@-10

Voice > Regional > Miscellaneous
    FXS Port Impedance: 370+620||310nF (or 270+750||150nF ) 
    Caller ID Method: ETSI FSK With PR(UK)

Note the two fields for gain here. As they stand they are normally ok but we have had to tweak these on longer lines. A little is a lot though so be careful. Submit your changes and wait for the UI to return.

Again these are the defaults, new values below.

Voice => PSTN

Scroll down to the bottom of this page. We will be back here in a minute but we need to make these changes…

Voice > PSTN > PSTN Disconnect Detection
    Detect Polarity Reversal: no 
    Min CPC Duration: 0.09 
    Detect Disconnect Tone: yes 
    Disconnect Tone - 400@-30,400@-30; 2(3/0/1+2)
Voice > PSTN > International Settings
    FXO Country Setting: UK

Click submit and as far as UK setup goes, you are done.

You will need the CID for this line and to set a password. The CID is used for call routing and the PJSIP setup rather than a username, you have a little less flexibility here than Chan_SIP and mistakes here will make this behave in odd ways.

Voice => Line 1

Change SIP Port to 5060, these are (for some reason) reversed between this and the next page. They *should* be different and this caused no end of headaches until someone elsewhere pointed out the documentation is wrong. Prior to changing this we were seeing calls out fail with channel unavailable and the cause given as incomplete number supplied.

Again, these are the defaults…

Proxy & Registration
Set the proxy to the IP of your Freepbx Server. Change “Register” to no, “Make Call Without Reg” and “Ans Call Without Reg” to yes.

Subscriber Information
Set “Display Name” and “User Id” to your DID. These must match the PJ Sip trunk name we will create in a bit. There are some odd UI behaviours setting these up in FreePBX, this just makes life easier for all. Password is what you’ll set in Freepbx for this trunk so set these and keep them for later.

Hit Submit and wait for it to come back, we are halfway there.

Skip User 1 and we want to be in the PSTN settings now…

SIP Settings

Change SIP port to 5060. Again not quite sure why this is needed and why so much documentation has it wrong, but it seems to be what really upsets PJSIP.

Again… defaults

Proxy & Registration
Set Proxy to the IP address of your Freepbx box. Display name, User Id and Auth ID should be your DID and Password the one you already used. A few guides say it is important to leave display name blank. Again doing so seems to occasionally trip PJSIP by mangling headers.

Dial Plans

Leave Dial Plan 1 alone. Set 2 as follows. Watch the brackets!

S0<:123456789@127.0.0.1>

Change 123456789 for your DID. This is what will be matched for your inbound route. You can change this to anythign you like but typically trunks are matched on the DID and Freepbx has limitations on the DID field. Keep it simple! 127.0.0.1 should be replaced with the IP of your freepbx box.

Voip-To_PSTN Gateway Setup
Set Line 1 Called DP and Voip Caller DP to none. Not sure why I highlighted the DECT one, we aren’t using it.

PSTN-To-VoIP Gateway Setup
Set PSTN Ring Through to no. This is personal preference but can help mask the occasional appearance of two ring tones after dialling. PSTN Caller Default DP changes to to, pointing at the dial plan we created earlier to route the call to Freepbx.


PSTN Timer Values (sec)
Change PSTN Answer Delay to 1. This is how many rings before the FXO seizes the line. There is anecdotal evidence that while 0 works it can cause some odd race conditions. We have set everything else we need to now, so hit submit and wait for the reboot.

FreePBX
I’m only going to cover getting the trunk setup. Routes etc are down to you. If you’ve followed my example and used your DID you’ll be able to match on this. No Pictures here as I don’t want my PBX info all over the net 🙂 Maybe I’ll redo this with a lab setup.

Add a new PJsip Trunk. Name your trunk as your DID. Set your caller ID to match your DID and max channels to 1. Everything on “General” stays on defaults

Under PJsip settings…
Authentication to None
Registration to None
SIP Server is set to the IP of your SPA, this is where you may want to set a static IP for it.
SIP Server port is set to 5060

Under the advanced tab set:
Permanent Auth Rejection to Disabled (Unchecked)
Forbidden Retry Interval to 10
General retry Interval to 15
Expiration to 60
Max Retries to 10
Qualify Frequency to 15

Submit then apply settings. If you’ve had calls while setting up you *may* need to go check the Intrusion Detection module and make sure your SPA hasn’t been blacklisted.

I realise there are almost certainly settings that don’t need to be changed here BUT this is a copy of what eventually worked for us. The whole thing seems way more picky than CHAN_SIP but this setup does work. I hope it helps someone.

Making DOCSIS config files under Debian (8)

This is a really quick brain dump so I remember what I’ve had to do to make this work. This is to get DOCSIS files to work with an Arris CMTS100 and old NTL (ambit) 250 modem.

There is a free windows app here to do this but I just got errors from the CMTS from it. This may be my fault or something else but the Linux DOCSIS program seems to be much more consistent, it’s not tried to abstract everything too much and allows finer grained control and decoding of the DOCSIS files.

You’ll need to grab the source from here which includes a link to example files. You’ll need all the usual development packages, GCC, Make etc. You will also need to download and compile net-snmp from here. I also had to make a symlin to my libperl.so on the dev box (ln -s libperl.so.5.20 libperl.so) to get net-snmp to compile. The instructions for doing this are here. You will also need to make sure you have Bison available. You will need libsnmp-dev and flex, neither of which the configure script will tell you are missing if you try to run it. If you are good at this point you can unpack the source and do a ./configure and all will be good. So in my bare Debian 8 dev box…

apt-get install gcc make flex bison libsnmp-dev -y
./configure
make all
make install

You should now be able to type “docsis” and get help.

In use we have a text file that has our config and another with our key for the CMTS….

docsis docsis.txt key.txt docsis.md5

H50B-IC LCD Touch HMI Module. Getting It Working

Some of you may have seen these modules on Ebay, Wish and Aliexpress. On the surface they seem a really good way to get a full colour GUI with touch on something fairly low powere. These will work with a low end PIC or Atmega but I’m working with a Arduino Mega and STM32 here.

An example can be found here (as long as the link is live) and i looks like this :

The specimin in questio

SO on paper this looks like a good bet, it works over I2C, you have a designer application for it, its full colour, a good resolution and in theory all you have to do is update content and process events. Perfect for what I need to do. It even comes with a datasheet, programming cable, examples and software…

Well, thats sort of true, you get the display, a cable for programming (CH340 USB dongle) a cable for connecting it and that is it. There isnt even any demo code loaded so powering it up will get nothing. The vendor didnt reply to requests for help so off to the net I went. and found that this is a common issue. The manufacturer is Hunda Tech and if you pop over to here you can find an almost useless datasheet for it and right at the bottom there is some Arduino examples. There is no sign of the Visual LCD Studio that you need to actually edit the stored displays. You can find this in this archive here, this includes the software, examples, english datasheets and much better documentation. You should be able to get started with this archive.

BUT…

The application is buggy and complete garbage. It really is a prime example of fire and forget software. Save often, do not leave it open (It leaks memory) and expect it to crash with no warning or hope of recovery if you haven’t saved. Many controls do not behave as expected and as for the help… One of the biggest bugbears is auto control numbering, it has a ‘fencepost’ error and will cause compile errors

Arduino, Blue Pill, STMDuino Serial and the non-booting Meshnode

I’m posting this because I just KNOW someone else is being driven nuts by this.
I’m migrating away from the Atmega chips and Arduino, but doing it in stages. For now I’m using STM32F devices with the Arduino IDE. I have a mesh system that works OK wiht the Atmega but it really needs a bit more CPU horsepower and memory. I’m going to write the new mesh from scratch so I thought I’d at least get the off the shelf stuff working first.

After some false starts I got it all running, talking to the old Atmega based nodes and all was good. Popped it into a case, powered it up…nada…zip…nothing. It seemed to boot as best as I could tell but the slave nodes never connect.

Switching back to the PC to power it, all works just fine. Ahh, must be power. So I go on and add way more filtering than needed, check the +5v and +3v rails with a scope, they seem quieter than the PC by a wide margin, way less switching noise. I’ve put bypass caps everywhere at this stage and lost two days to this, I’m about ready to quit. I’ve even used a USB power bank on the basis that should be as close to a perfect supply as possible. Every time the moment I plug the PC in, everything syncs up and all is good.

So I decide to plug a USB to TTL onto A9 and A10 and power it that way… nothing, no boot messages at all. But on reset I CAN use the bootloader, uh? At this point I’ve reached out to people for a few ideas and not had anything back. On the way back from I job I decide I have way too much else to do so it can all go back in it’s project box for now.

Then sat down blasting aliens on my phone I had a thought… Am I barking up the wrong tree here, it can’t be power. Does the STM32 bootloader evaluate available serial ports at boot? Are the UARTs getting messed up somehow. If the PC isn’t connected is port 0 ( Serial.begin() ) getting messed up? And then it hit me. Like many coders I use a line like this:

  Serial.begin(9600);
    while (!Serial) {}

Some of the ARM based Arduinos need this, I was also seeing some loss of console logs so I left it there, and this is where it falls over. We get stuck here, the mesh never starts, the other serial port never gets initialised hence the no output on the other port. I wouldn’t say it’s a bug, in fact the contrary I can see it being handy to jam the STM32 into a debug mode. What happened is if there is no USB connection the serial port presented by the bootloader/HAL presented UART simply never becomes ready. The code above hangs and nothing ever works. For now, I’ve removed that line and added a delay (5 seconds) as a fix for having no delay to wait for the port to become ready.

Sometimes a break is all you need!

‘Motes’

This is more for the guys that I work with detailing what got done today…

The ESP based ‘motes’ are an arse to setup needing a serial console to do so. We’ve standardised on a WiFi setup for initial setup of most things so today was centres on making the motes manageable remotely.

A mote as it stands needs a hard coded SSID and PSK to use. This means the customer has to let us know these in advance and if they are going to change this the motes all need reprogramming. The upload settings, name, id etc all had to be hard coded at compile time, this is an immense ball ache

So as of today the motes will use a default SSID, PSK and server address on first power up. They will generate their own unique ID and then ateempt to connect to our service. The mote will be denied a connection however t he attempt is logged. The mote can then be enabled from our control panel, the ID, Name, SSID, PSK, Poll frequency, server address, server port can all be set from our control panel and updated on the next data push to the server from the mote.

This is all in preparation for the first ‘Swarm’ devices being deployed shortly and allows us to not only build our own, secure IOT cloud but unlike other services, allows us to support local servers.

New motes can be designed, built and be up and running in minutes rather than days.

“My Broadband is Slow – Pt 2”

So we looked at the things that could happen at your end to make things slower and how you might look to resolve them. Now lets look at what your provider may be doing and what could happen on their network. We will be focusing on Cable and Telephone delivered services here (ADSL/VDSL). For those of you that work on these networks there is a level of simplification here. Yes I know there are other steps but they are of little if any concern to the end customer.

So we have two main categories here to look at. Deliberate decisions by the provider and ones they have no control over.

Deliberate decisions include over subscription, capping, bandwidth management, backhaul insufficiency and under investment. Now if you are going with a low end or monopoly provider all of these are likely to be bigger factors. So lets look at them….

Over subscription, the single biggest cause of slow downs and issues. Bandwidth is a finite resource and despite the technical differences both cable and phone delivered services use the same model with the only difference being where your connection gets merged with the rest. With VDSL and Cable this happens at your local cabinet and ADSL at your exchange. With the latter your connection goes to a local cabinet or mode. Once it’s here it is combined with everyone else’s and send on to providers facility. What you need to note here is that if you use VDSL you’ll be getting stuffed in with everyone else no matter who the provider is unless you are very lucky and use a provider with their own network. From the exchange out to the cabinets and on you you BT Openreach own ALL of this and you are on their network, even if you use Sky, Plustnet or Kcom for example. In some areas its even the case that Virgin traffic flows on these lines. So at this stage for 99% of the UK you are on the Virgin Network or the Openreach network. Each cabinet is normally supplied by a fibre and includes either the Virgin Headend or BT DSLAM. There is another small difference in that smaller Virgin cabinets feed into the “master” cabinets so one Virgin master cabinet may serve thousands of properties. These then connect to the Virgin fibre network and everyone’s traffic gets blasted down the same fibre. A BT DSLAM tends to service around 300 properties.

The backhaul, the fibre that goes to the next stop for your connection, has to carry everything and bandwidth on a fibre is again, finite. Multiple pairs can be used but there is a realistic upper limit on this. Right away you can see that 300 32Mbit connections isn’t going to be the same issue as say, 3000 100Mbit connections. ADSL, although slower, is actually installed at the same location as most BT connections end so it’s less of an issue here. The number of properties you share this fibre with is your contention ratio. This was a headline figure years ago when fibre was slow and many hundreds of ADSL connections were connected to low speed fibre. Nowadays it still plays a huge part but no one mentions it.

This all relies on one really big assumption, all of the customers arent going to be online using all of their bandwidth at once. Traditionally this works well but with the massive uptick in people staying at home or home working, it isn’t working so well and has been a source of constant issues and failure. This is where over subscription, selling connections based on a theoretical traffic model rather than actual traffic comes in. Virgin has way more scope to add users past what is sensible than Openreach as the DSLAM units are physically restricted in terms of connections.

One way providers try and manage this is use of traffic or bandwidth management. Although your connection speed doesn’t slow, the provider artificially slows the traffic on your connection to free up more bandwidth. This is a process many use and has drawn a lot of bad press. Thankfully it is falling out of favour. Lower cost providers or those with heavily congested networks often resort to this. As the data has to be paid for by the provider to BT many will use this as a cost reducing exercise. Incidentally traffic management is also VERY common on 3.5G and 4G mobile networks. As an end user this will show up as loss of performance despite your connection showing a normal speed. This will often happen at the same time every day and most end any management after midnight.

Under investment is the last part. All carriers are guilty of this one. Much of the network is old and in some cases bits of the Openreach network just cant support the speeds people want, this is particular bad on some industrial sites where older aluminium cables are installed. Large chunks of the Virgin network are as Nynex/Videotron/CW left them in the early 90s and this leads to some of the issues we will look at next.

External Forces

There are any number of things that can cause issues on the network of providers. Some obvious, some less so. There are of course the really obvious ones, damage to infrastructure from road works, road traffic accidents, tress and lightning and to be fair, there is little anyone can actually do about these. It wasn’t long ago our local FTTC cabinet was flattened by a car.

The cable network is pretty resilient, it’s almost exclusively underground and bar someone taking a cabinet or cable out its rare to have issues related to weather. Most cables in the network are point to point, so your cable goes to the cabinet in one go meaning its a long, uninterrupted run. Phone lines however run all over the place, the infrastructure is often quite old and lines are frequently merged and connected underground or in exposed locations leading to frequent issues with water ingress and/or flooding. Failing cables overhead can cause issues in winds and in icing conditions and are frequently treated to lightning strikes. Flooded ducts and open junction boxes are common causes of issues and the sight of an Openreach engineer in a cabinet or up a pole strikes fear into many customers.

Some sections of the Openreach network do use microwave links. Mostly these are remote villages or locations it’s hard to get fibre to. These installations can be affected by the weather in particular heavy rain, snow and fog.

“My Broadband is Slow”

Possibly one of the biggest complaints I hear and often the provider isn’t to blame or a simple change of equipment is all you need. So lets look at things you can do to help, how to narrow down issues and why they may happen.

This covers the issues you have control of, if you want to see what your provider may be doing to cause it click here…

Before we go anywhere remember, faults can and do happen. How often and how long for is directly related to your bill. Our Leased lines cost a fortune but in the time we have had them we have had one outage in three years which lasted minutes. Don’t expect to pay bargain basement prices and get good service, that’s not how it works.

WiFi

That out of the way lets look at the most common issue: WiFi
Almost all of t he issues I see are caused by WiFi. Either bad equipment, poor setup and unrealistic expectations. If you are having speed issues the very first thing you need to do is rule out the WiFi connection. Connect to the router with a cable, if you are using a laptop, turn the WiFi off on the machine, some machines will STILL use WiFi even if cabled (I’m looking at you here HP). Re-run your speed tests and if all is well, you have WiFi issues. If not, something deeper is going on. for at least half of people that have issues this will solve the issue.

So what are the possible causes. First and foremost, the router may just be pants. There are a lot of very unrealistic claims put out by many providers about their kit. At the end of the day these were all built by the lowest bidder with little QA or actual verification of the claims. A number of times providers have been told by the ASA they need to prove this and have been unable to. Dont beleive the hype. For example one of the larger providers touts their router as being the best in the world, able to solve world hunger and cure cancer in rats. Sad fact of the matter is that not only is it garbage, but it can actually slow other people’s connections arounf you down which brings us on to:

Congestion. The radio waves are not an infinite resource. You have to share a relativeley small amount of radio spectrum with everyone else. The most commonly used band at 2.4Ghz is quite small with only 11 channels. Given the distance WiFi can go thats normally enough but in dense housing you may have a problem. This is made worse by many supplier routers being fixed to one of those 11 channels by default and in the case of one of the larger suppliers, the router using up to 4 channels in one hit. That 11 channels doesn’t go so far with this happening. To make it worse. Microwave Ovens, Wireless AV, DECT cordless phones, Bluetooth, radio control and many, many other things.

The location of your router can make things worse with regards to interferance, especially with cheaper units. Site the router away from any of the above items and one of the most common trouble makers here is the DECT cordless phone sat on the top of the router. It needs to be at least 3ft from the router.

5Ghz WiFi can reduce a lot of this but that band also has some big users meaning that its not immune, although there are less things up here at the moment it IS affected by some doppler and fire control radars making it a little hit and miss around military installations and airfields

There are many apps available for mobiles that enable you to see channel use in relation to your router and if you know how, you can fix your router on clear channels. If your provider use your router to broadcast a free network for your provider’s customers to use, you can ask for this to be turned off (Virgin and BT do this by default!) Sometimes a channel change is all that’s needed.

Obstruction is another issue. WiFi does not penetrate well, especially metal or materials containing moisture. Adding repeaters or moving your router can help but a repeater may be the best bet. The 2.4 and 5Ghz bands behave differently. Although both are affected by metal 2.4Ghz gives better distance where as 5Ghz scatters better and gives better connections close in. Many routers use both to get better coverage.

Often overlooked is the capability of the router. Many broadand connections are capable of well over 100Mbit and many routers top out at 54Mbit. This was a particular concern for some BT Homehubs where the WiFi cannot match the broadband speed. Replacing an older router may help and you have to remeber, once again, that your connection id not only shared by you and your household but by every device and router in range on that channel.

The Router

We have touched on this already above, sometime it’s just time to upgrade the equipment. Your provider will sometimes do this but in most cases it is easy enough to do yourself and you’ll get better equipment this way. Quite often as technology advances lines get the new technology but the old equipment can’t support it and so you never see the gain. Vectoring being deployed by BT is a good example of this. Very few routers including their own support this yet it is being enabled on many lines and gives more stable connections and in some cases better speed. G.Fast is another example. There are still DOCSIS 2 modems out there on the virgin network that top out at 10Mbit despite Virgin no longer offering a service that slow.

Supplier routers are normally ‘just good enough’ often with just enough processing power to get the job done and no more. On top of this some kit is bugged and crippled out the box. The Virgin Superhubs are infamous for having a serious bug that couldn’t be fixed. When you get down to the very low end routers they can be truly awful.

A router issue will show up with a poor speed result regardless of what you do, even direct cable connection. Its always worth rebooting the router before you go any further and leave it off for at least 5 mins before powering back up. If you still have issues then you have one last thing to look at, the line.

Sadly not all broadband services are created equal. With ADSL, VDSL (Also incorrectly called Fibre) and 4G you have the option to change your router. Some providers don’t like this but you are free to do it and in almost every case, even where there is no problem this will result in an improvement. If you are on a cable connection though you have less control and you must used the supplied router. All is not lost though, most of not all support being used as a modem, turning off the router side of things and then you can use most types of commonly available broadband router. The same can be done with most satellite providers, however as a rule the supplied routers are normally actually pretty good and rarely a source of trouble.

The Lines

This is different depending on your provider.
For cable all you can do is look for loose connections. The F connectors used can work loose. Check the box outside and make sure the cover is on. Thats about all you can do.

For full fibre, you are in the same boat. Check the cables for damage and make sure they are secure.

For ADSL and VDSL youc an do a little more. The first thing your provider will ask you to do is disconnect everything except the modem. If you have a BT type socket you can remove the lower half of the face place on the NTE5C sockets with a built in filter. This leaves your modem as the only thing connected. If this helps, you have an issue in the house and more likeley than not a bad or missing microfilter. They do actually fail believe it or not! On the older sockets you can remove that plate and plug your microfilter right into the socket behind it. Likewise if this helps you have an issue in the house. Now Openreach will do this same test for your provider. If THEY find this solves the issue you’ll be charged for the call out so its good to do this if you can.

If it’s still no good the odds are you have a line problem and you need to speak to your Provider.

“Stuck” BT Office 365 Tennancy

This is hopefully a quick guide to get you out of a hole with the old, free O365 offer BT did. Neither MS or BT will be helpful with this BUT if you can make it to second line support, you do get the answer. Neither online chat/WhatsApp or basic business support will be able to help and you’ll often end up getting the run around.

You can *try* to ask MS to remove the account, I’ve tried numerous avenues to make this happen, none even got a response even those suggested by our O365 partner. Its also been suggested invoking right to be forgotten may be helpful but I’m not sure how that applies here.

If you have an on site exchange server you *may* have had random password warnings after an Outlook patch a few months ago, I think I covered this elsewhere but it does serve as a warning you *may* be about to run into this issue.

This will only work if you can still log into the BT business portal at http://business.bt.com/ Otherwise you’ll need to throw yourselves on their mercy. The portal is painfully slow and I got a fair few HTTP 500 errors. The Ui doesnt seem to refresh that well, this may be Edge as Chrome wouldn’t login at all!

The Scenario:
Customer would like to move to Office 365. Upon setting up the count you find their tenancy can’t be completed as the domain is already used in a tenancy elsewhere. It transpires the customer had a 365 account which is no longer used as part of a BT business package. The above password symptoms can give this away.

The Fix:
Log into http://business.bt.com/
Under “Manage Services” click “Manage Domains”
Click “Manage Email Accounts” to expand it
Find your package, normally “Business Email Lite” and click Manage
Every single account shown on the domain you wish to recover must be removed, this isn’t a quick process. you’ll potentially have issues with the Primary User. Use the “go back to main hub” link at the bottom liberally as it seems to not always refresh the email list.

Primary User:

*IF* your primary user is not an account on that domain then you are done. The moment the last user of your domain has gone BT will release that domain.

If the user *is* a member of the domain this is where is goes all runny. I’ve not been able to find a way within the broken UI or O365 to do this. You are on the mercy of BT for this step I’m afraid. However if you call them and are clear about what you want and what you are trying to do this will only take a few moments to sort,




Huawei SmartMX 5616 Crash Guide Part 2 – Chassis Setup

If you haven’t already please read part 1

W have our telnet connection up and running, we have the cards initalised and we know why we are here. Next up we need to get the VDSL profiles, line profiles and templates done.

First up we want to force H248 mode. H248 is covered here

protocol support h248

This has been the default so far for the systems I’ve looked at. I’m not overly sure WHAT the repercussions are of not setting this are but this is Huawei’s recommendation for VDSL. We now setup a line profile. When you hear the words “reset your IP profile” this is what is meant. These profiles decide how to handle your line and decide what connection speeds you’ll be allowed. A profile may have a max and min SNR and these are used to calculate what settings to use. We will only be adding one here but you could add multiples or just add them as needs be. The line profile and channel profile go together to make an overall picture of how that line will be handled. Huawei go into this in exhaustive detail here

vdsl line-profile quickadd 3 transmode 1 bitswap 2 2 adapt 2 2 snr 60 0 300 60 0 300 power-management 2 2 255 30 255 3 9 name VDSL LINE PROFILE 2

If you are copy and pasting you may want to pop this into notepad first, copy and pasting long lines *can* include line breaks too.

So what are we doing here? vdsl line-profile quickadd is our command. You *can* use add rather than quickadd and do this interactively. Specifying quickadd a profile number and pressing ? will help you build the line. Most of what’s here can stay as defaults unless you REALLY know what you are doing, the SNR parameters are specified after power-management and using the help system will help you build a different line profile if you know what you need. This line works well with the Huawei white modems and the HomeHub 5 so it follows this is a good setup for UK specific modems. And alternate line looks like :

vdsl line-profile quickadd 3 snr 60 0 300 60 0 300

Which is the one used by Hong Telecom. The first line is from Huawei themselves so I’d stick with that. Next up is the VDSL channel profile…

vdsl channel-profile quickadd 3 path-mode both interleaved-delay 8 2 inp 4 2 rate 128 100000 128 100000 100000 100000 rate-threshold 0 0 0 0 name VDSL CHANNEL PROFILE 3

This one is the profile that’s applied to a line, this is where you apply line rate limits etc. Again you have the option to do this interactively (recomended) or use ? to build the command line but most of what is above will do you. This is going in as profile 3 again there is a lot you should leave be but the rates are specified after the rate keyword. In order these are:

Minimum transmit rate downstream
Minimum reserved transmit rate downstream
Maximum transmit rate downstream
Minimum transmit rate upstream
Minimum reserved transmit rate
Maximum transmit rate upstream

The last bit is to stitch these together into a template….

vdsl line-template quickadd 3 line 3 channel1 3 100 100 name VDSL LINE TEMPLATE 3

Again you have the same two options to do this interactively or be guided. In this case we added template 3 using line template 3, channel template 3. the two numbers control line adaptation and can stay as they are, then lastly we give it a name. The documention does mention alarm profiles however we will stay with the default one for now. We just want these lines up.

We are working with VLAN 1, the default one for ease of use. We now need to make sure our GE and fibre ports are members of VLAN 1, they are by default but it can’t hurt. These are ports 0 and 1 respectively. Bear in mind the SFP port 0 is connected to the GE port so you only have 2 ports here

port vlan 1 0/0 0
port vlan 1 0/0 1

You’ll most likely get a warning about the ports already being members. Now comes the bit that will mess you up, especially if you follow the online examples. Pay careful attention to this next bit.

We mow need to tie each vdsl port to the VLAN we are working with. Here you have the ability to control exactly how traffic will be handled. We could split endpoints into multiple vlans, provide multiple vlans to the endpoint, eg a CCTV and Telephony VLAN and direct these to actual VLANs on the outgoing trunks. A vlan MUST exist and be routed to an external interface before traffic from the remote will flow. Vlan ? will get you started on this part. So our command here is:

service-port 0 vlan 1 vdsl mode ptm 0/1/0 multi-service user-vlan 100

If you want to omit the vlan management (this gave me some issues) use:

service-port 0 vlan 1 vdsl mode ptm 0/2/1

So we are setting up service port 0, you can have 1999 of these so even with the number of channels on this unit you wont run out soon. Our destination vlan is 1, the default vlan and we are in ptm mode. Next is our port ID, we covered this in part one. So we are looking at frame 0, board 1, port 0 here. which is the first VDSL channel on board 1. Multi-service as we want to be able to embed multiple tags. You can ignore this, however if you want to use BT surplus kit or equipment setup for use in the UK you will want to set this. User VLAN specifies the vlan we are going to use.

Many people setting up VDSL modems in the UK will run accross a modem that syncs but no traffic flows. By default *most* UK providers use a VLAN which is why we enabled multi service above and set the VLAN as 101 which is what most use. You can of course set this as anything you want or even not set multi-service at all. By doing so your modems and routers will need to be configured specifically for this setup, the beauty of setting this is that all the off the shelf, cheap/free ISP provided kit will work right off the bat with no modifications especially the white Huawei and ECI modems.

The bad news is you’ll need to do this on a per port basis, have fun with that. Last make damn sure you do

save configuration

If you plug in to that VDSL port now and all is well traffic will be flowing. You’ll note there is no authentication going on here. Generally what would happen is each port gets mapped either to a specific vlan and then this vlan is forwarded to a PPPOE server either in bulk or a per port vlan. Typically a carrier would use per port and something called stacking so that authentication and traffic are unique to each user. In this setup we have done you *could* snoop traffic at an endpoint.

Now there is an issue here I haven’t fixed, I can’t get the second SFP port running. This is do do with working as part of a GPON solution which means there’s only 1Gb or 10Gb of traffic routing here and thats only if your infrastructure is capable of handling 10Gbit. A 10GBit capable card in the firewall itself would be one way to do this but watch your PCI-E bandwidth if you are planning on getting close. 10Gb allows for 100 100Mb channels concurrently, which *should* be enough.

UPDATE

Changing the port mode is stupidly easy. After trying some more things I ended up with a non routing system again, so I dug round, fixed the issue and stumbled on the solution. In my case this did nuke all the settings and it does warn you of this!

port mode 0/0/0 ge

Will put port 0 and the GE port into plain old Gigabit ethernet mode. This is the default. To take 1 out of GPON and into GE just do:

port mode 0/0/1 ge

Port now will happily play with a normal SFP now. Dont forget to save!