We run our cnMaestro on prem. It still phones home to the sas.cbrs.cambiumnetworks.com rather than our Google SAS provider directly.
Just search for “AWS Outage”, “Route53 Outage”, or “Cloudflare outage” and you’ll see they all seem to have an outage now and again. Unfortunately, when one of those have an outage it takes down the whole Cambium SAS house of cards. Even though our Google SAS is still be reachable directly. Why can’t Cambium enable us to communicate directly to the Google SAS via cnMaestro on-prem? Seems it’d cut out all of those potentials for failures and we’d only have to rely on Google being up and our path to Google (which we peer with directly in multiple markets). > On Jul 19, 2020, at 9:42 AM, Ken Hohhof <af...@kwisp.com> wrote: > > The idea seems to be that you are outsourcing your redundancy to a big > company like Cloudflare or Amazon that can do it better than you could, or at > least has more resources. > > A quick read of some of the discussion lists indicates that you can’t run > Cloudflare DNS and something else for redundancy. I don’t understand the > technical issues, but apparently that’s not how it works. There’s also > supposedly the issue that Cloudflare is doing attack mitigation, and if you > disclose the IP addresses of your other DNS servers, they will get attacked > and won’t be able to survive a terabit flood of traffic. > > I’m still not clear on whether Cambium is using AWS DNS with Cloudflare > attack mitigation, or if the DNS is actually hosted by Cloudflare. Either > way, the effect was the same. Also not clear is where cnMaestro Cloud is > hosted, if that is also on AWS. Like, if we put the IP address for > cloud.cambiumnetworks.com <http://cloud.cambiumnetworks.com/> into the AP > instead of the hostname, would that have worked around the problem? Of we > could have quickly set our own DNS servers to think they were authoritative > for cambiumnetworks.com <http://cambiumnetworks.com/>. > > > From: AF <af-boun...@af.afmug.com> On Behalf Of Dave > Sent: Sunday, July 19, 2020 9:19 AM > To: af@af.afmug.com > Subject: Re: [AFMUG] Federated Wireless SAS outage? > > Well sheet... Bunch of windoze Hooie if ya ask me :) > If this is to be soo critical better start thinking like mil spec NBC > resilient type infrastructure other wise yes it dies. > > On 7/17/2020 9:14 PM, Ken Hohhof wrote: >> I think maybe they use AWS for DNS, but that Cloudflare is doing attack >> mitigation for AWS. >> >> From: AF <af-boun...@af.afmug.com> <mailto:af-boun...@af.afmug.com> On >> Behalf Of Matt Hoppes >> Sent: Friday, July 17, 2020 8:52 PM >> To: AnimalFarm Microwave Users Group <af@af.afmug.com> >> <mailto:af@af.afmug.com> >> Subject: Re: [AFMUG] Federated Wireless SAS outage? >> >> That’sa major problem. >> >> >> >>> On Jul 17, 2020, at 9:30 PM, Cassidy B. Larson <c...@infowest.com >>> <mailto:c...@infowest.com>> wrote: >>> >>> So, appears cambiumnetworks.com <http://cambiumnetworks.com/> uses >>> cloudflare for DNS alone. Cloudflare goes inaccessible, bye bye >>> cambiumnetworks.com <http://cambiumnetworks.com/> and I assume cnheat. >>> >>> sas.cbrs.cambiumnetworks.com <http://sas.cbrs.cambiumnetworks.com/> is the >>> URL for the cnmaestro SAS URL. >>> >>> cloudflare DNS tell us to go ask AWS DNS for how to resolve >>> *.cbrs.cambiumnetworks.com <http://cbrs.cambiumnetworks.com/>, but >>> cloudflare tell us to only cache these NS records for 5 min.. so there’s >>> our problem. >>> >>> 5 min of cloudflare being unresponsive and we’re toast for valid cnmaestro >>> SAS URL resolution. >>> >>> >>> >>>> On Jul 17, 2020, at 4:59 PM, castarritt <castarr...@gmail.com >>>> <mailto:castarr...@gmail.com>> wrote: >>>> >>>> cnHeat was broken too. >>>> >>>> On Fri, Jul 17, 2020 at 5:34 PM Ken Hohhof <af...@kwisp.com >>>> <mailto:af...@kwisp.com>> wrote: >>>>> I think it was actually cnMaestro that went away, or its IP address >>>>> couldn’t be looked up. >>>>> >>>>> >>>>> From: AF <af-boun...@af.afmug.com <mailto:af-boun...@af.afmug.com>> On >>>>> Behalf Of Cassidy B. Larson >>>>> Sent: Friday, July 17, 2020 5:14 PM >>>>> To: AnimalFarm Microwave Users Group <af@af.afmug.com >>>>> <mailto:af@af.afmug.com>> >>>>> Subject: Re: [AFMUG] Federated Wireless SAS outage? >>>>> >>>>> Our Google SAS also went offline. Whatcha wanna bet CNMaestro hard codes >>>>> requests to 1.1.1.1 to resolve SAS URLs? >>>>> >>>>> Gonna have to do some tcpdumps to verify. >>>>> >>>>> >>>>>> On Jul 17, 2020, at 3:58 PM, Larry Smith <lesm...@ecsis.net >>>>>> <mailto:lesm...@ecsis.net>> wrote: >>>>>> >>>>>> Cloudflare had a major issue lasting about 30 minutes >>>>>> >>>>>> -- >>>>>> Larry Smith >>>>>> lesm...@ecsis.net <mailto:lesm...@ecsis.net> >>>>>> >>>>>> On Fri July 17 2020 16:47, Joe Novak wrote: >>>>>> >>>>>>> whatever just blipped on the internet probably caused it, >>>>>>> authoritative servers at Cloudflare maybe? It's appears to be working >>>>>>> again >>>>>>> here via Comcast and work. >>>>>>> >>>>>>> On Fri, Jul 17, 2020 at 4:44 PM Ken Hohhof <af...@kwisp.com >>>>>>> <mailto:af...@kwisp.com>> wrote: >>>>>>> >>>>>>>> TTL on DNS record is 1 minute. Serial number is 1 which seems strange. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *From:* AF <af-boun...@af.afmug.com <mailto:af-boun...@af.afmug.com>> >>>>>>>> *On Behalf Of *Nate Burke >>>>>>>> *Sent:* Friday, July 17, 2020 4:37 PM >>>>>>>> *To:* AnimalFarm Microwave Users Group <af@af.afmug.com >>>>>>>> <mailto:af@af.afmug.com>> >>>>>>>> *Subject:* Re: [AFMUG] Federated Wireless SAS outage? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Cloud.cambiumnetworks.com <http://cloud.cambiumnetworks.com/> is >>>>>>>> working fine for me. I'm resolving to >>>>>>>> us-east-1-rtr-1-578252723.us-east-1.elb.amazonaws.com >>>>>>>> <http://us-east-1-rtr-1-578252723.us-east-1.elb.amazonaws.com/> >>>>>>>> [18.213.196.79] >>>>>>>> >>>>>>>> On 7/17/2020 4:36 PM, Ken Hohhof wrote: >>>>>>>> >>>>>>>> Actually, I can’t get DNS resolution for cloud.cambiumnetworks.com >>>>>>>> <http://cloud.cambiumnetworks.com/>. Even >>>>>>>> at my home which is not on my network. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *From:* AF <af-boun...@af.afmug.com <mailto:af-boun...@af.afmug.com>> >>>>>>>> <af-boun...@af.afmug.com <mailto:af-boun...@af.afmug.com>> *On Behalf >>>>>>>> Of *Ken Hohhof via AF >>>>>>>> *Sent:* Friday, July 17, 2020 4:32 PM >>>>>>>> *To:* 'AnimalFarm Microwave Users Group' <af@af.afmug.com >>>>>>>> <mailto:af@af.afmug.com>> >>>>>>>> <af@af.afmug.com <mailto:af@af.afmug.com>> >>>>>>>> *Cc:* Ken Hohhof <af...@kwisp.com <mailto:af...@kwisp.com>> >>>>>>>> <af...@kwisp.com <mailto:af...@kwisp.com>> >>>>>>>> *Subject:* [AFMUG] Federated Wireless SAS outage? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Anyone else experiencing SAS not reachable errors? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Cambium CBRS with Federated Wireless SAS. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> AF mailing list >>>>>>>> AF@af.afmug.com <mailto:AF@af.afmug.com> >>>>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>>>> <http://af.afmug.com/mailman/listinfo/af_af.afmug.com> >>>>>> -- >>>>>> AF mailing list >>>>>> AF@af.afmug.com <mailto:AF@af.afmug.com> >>>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>>> <http://af.afmug.com/mailman/listinfo/af_af.afmug.com> >>>>> >>>>> -- >>>>> AF mailing list >>>>> AF@af.afmug.com <mailto:AF@af.afmug.com> >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> <http://af.afmug.com/mailman/listinfo/af_af.afmug.com> >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com <mailto:AF@af.afmug.com> >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> <http://af.afmug.com/mailman/listinfo/af_af.afmug.com> >>> >>> -- >>> AF mailing list >>> AF@af.afmug.com <mailto:AF@af.afmug.com> >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> <http://af.afmug.com/mailman/listinfo/af_af.afmug.com> >> > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
