Industry Forums > Wireless Service Providers > network up time

network up time

Sounds right to me. He should buy a licensed microwave link from you to him.

reply to GTOV8
Yeah in a situation like this I would require him to purchase a licensed link. There's no way he can make demands like that from any ISP unless he's paying large amounts of money to dedicate a link to him.

reply to GTOV8
It sounds like he's wanting the kind of service that typically comes with an SLA; perhaps a T1 would be more up his alley.

Upload 20 gigs?

Id tell him to find another provider

reply to GTOV8

reply to GTOV8
Send him a polite letter telling him that the current plan is "best effort" and that if he requires something with a SLA and response time then you will need to discuss options with him, however is he is happy with best effort he can carry on...

reply to GTOV8
If he has something that is that mission critical he needs a T1 with an SLA. I would bet he is full of it. I have a hard time believing that banks would allow someone to run something that that mission critical over a wireless connection. Even with encryption many banks freak out over the term wireless and will not allow anything over wireless because they often lump anything wireless in with 802.11b.

reply to GTOV8
I agree with battleop.. This sounds quite shady. Have you made sure he isn't using this link to hack or issue denial of service attacks? Check his traffic. I ask because of this:

reply to GTOV8
dr mongolia, this is why I love this group. That is an excellent suggestion and it just didn't occur to me. We have colo space in a datacenter sitting on gigabyte fiber loops. I just emailed him and asked him why he would want to mess around with doing it over his connection when I can give him a dedicated 1U server with up to 100mb of bandwidth for $150/mo. He can manage the server via terminal services and keep as many ssh and vpn connections open as he needs. He can upload and download much faster from there and using TS on a 5mbps wireless link it'll be like he's sitting at the console. I do it all the time myself. But I didn't think of it as a solution. Thank you very much!!!!

reply to GTOV8
Wow here is what this guy responded with. I suggested we put a server in our colo rack and then he could vpn into that and work on a server that is sitting on a huge fiber ring. Here is his reply:

*** will not let any computer other than their own laptop which is identified by a secure digital certificate that cannot be faked. There is no way for me to access the *** VPN other than from the *** laptop. There are lots of security deamons running on the laptop that allow them to monitor the laptop through the VPN and they install updates to the OS etc. on a daily basis. The laptop becomes a node that is part of an Enterprise Management network. That node cannot be a server in the data center. It is required for the Iron Mountain software to run a complete backup of the laptop to the corp backup servers over the VPN on a daily basis.

I do not use the ssh sessions to transfer the large files, I need the files on my laptop as that is where I write code to process the files etc. I use FTP to transfer the files to my laptop.

I use the ssh sessions to monitor log files on the *** servers and start and stop processes etc. I have to write all the code and process the files on my laptop as the software that is licensed to me for that work only runs on Windows XP.

I have a laptop that was sent to me by FedEx and it is all setup with a Cisco VPN including a digital certificate that is assigned to me, and all the software applications I need to do my job. I dont even have admin rights on the laptop. They are very security minded which makes sense, since once I am on the VPN I can access the *** production servers in ** and ** where all the account balances are calculated every night. They are protective about access.

I had a similar thought, as I also have a server in a data center that is sitting on multiple T3 backbones with multiple power sources etc. etc. I cannot use my server either, I have asked.

I am finding that your network works fine for me as long as it does not drop the VPN. It dropped the VPN again this afternoon, but this time I did not loose access to the internet, the VPN just dropped. I had to reconnect everything but after that it has been stable this afternoon. A VPN is just so touchy, it does not take many dropped packets or much latency to cause one to drop connection. I have never used a VPN over wireless like this so I dont know what to expect. I am trying though.........
______________

There were no packet drops on our network that would have caused a vpn connection to drop. This guy has a great stable signal on our Canopy network and Prizm shows no disconnects in the history graphing.

I guess we'll just keep working with him for a while. I already told him we'll give him a partial refund and I pointed him to our printed and publicly published terms which are right on the contract forms:

Routine maintenance and periodic system repairs, upgrades and reconfigurations, public emergency or necessity, force majeure, restrictions imposed by law, acts of God, labor disputes and other situations, including mechanical or electronic breakdowns may result in temporary impairment or interruption of service. As a result, **** does not guarantee continuous or uninterrupted service and reserves the right from time to time to temporarily reduce or suspend service without notice. Client shall indemnify and hold *** and its directors, officers, employees, and agents harmless from any and all obligations, charges claims, liabilities, costs and fees incurred as the result of interruptions or omissions of service.

_______________________

This guy is doing only up to 300kbps during the day and then I see a 3mb bandwidth for 20 mins and that was it for 24 hours. Weird. I hate when they get weird. I need to put wording in the contract: "If we think you are weird, this contract is null and void."

reply to GTOV8
How intelligent can this guy be..

He is "loosing" his VPN

Jesus.. learn how to spell.

reply to GTOV8
I have a bucket of rocks from the yard at home I can mail to you. You can give them to your customer and tell him to pour them on the ground and kick them.

I also have some sand bags you could use, and you can tell him to pound them.

I'm in a good mood today.
--
"No job is so important, and no service is so urgent that we cannot take the time to perform our work safely."
-- AT&T, Your World, Destroyed.
--Safety One Tower Rescue Certified
--LLigetfa:"Wimax is like teenage sex. Everyone talks about doing it."

reply to GTOV8
Yeah this guy seems quite unusual. I'm also fairly certain that the problem isn't on your end, because:

i would go a step farther and actively graph his copmuter/router connection to you. We have done this with a few people in the past at 10 second intervals.

I'm big on graphing though..It's hard to dispute a graph that says you're not broken. Also, check and get the IP of his VPN termination server. You may be able to do the same thing there also. And your bases are covered.

We aren't perfect,but there are a lot of people that use VPN's through us. No problems there either. Some go through triple NAT even. The few things that come to my mind with his VPN are do you NAT? Is he on a "true" routed public IP? And or do you have multiple gateways or any kind of balancing/policy routes that could be changing on him? Things like that can cause (although very fast) unpredictable results with a strict policied VPN set-up.

reply to GTOV8
We do a good number of IPsec VPNs over wireless for very large corporations and have done for many years. There is no doubt that wireless can get a little weird when coupled with certain revs of Cisco VPN firmware.

Generally things are fine, but every once in a while the VPN has problems even when our testing shows everything SHOULD be OK.

The restrictions the guy lays out are not that strange. We have a good number of individual customers on our network who work for large banks/brokerage houses/health authorities who all work under similar restrictions. Sometimes they end up reconnecting their sessions many times in a day if we are having problems at our end.

They also recognize that we try very hard to keep a stable link for them, and do much, much better than our 'competition'.

George
--
Don't steal, the government doesn't like competition!!!

Just so. I agree with dr mongolia btw, the best secure VPN we know of is OpenVPN over UDP. Works great over wireless.

We run a considerable number of links using ZeroShell as both the server and client. Works great...

But the corporate world standard is still Cisco IPsec, unfortunately.

George
--
Don't steal, the government doesn't like competition!!!

reply to GTOV8
I will give him credit, Ive found that alot of preconfigured secure boxes for remote users are so overly secure they barely work. His VPNs are probably set up to die if theres any inconsistency to it to eliminate the risk of a man in the middle attack (because its so possible to do that on a vpn right?)
sarc.

I think theres some malarkey (sp)

turn his power on the radio to zero, act like youre troubleshooting it for a week, then tell him you just can service his location any more

reply to GTOV8
Now he says it's not doing too bad. I guess he's kinda settled into knowing that we're his only alternative. I ordered a Canopy Advantage SM for him so we can give him better bandwidth and latency than the regular SM. That may help. We have all Advantage APs but only use the Adv SM when need be and charge extra for them of course. The new SM may be very helpful. I think he's calming down. He also acknowledged that he's read our terms on the contract that specifically says we do not guarantee up time at all.