PfSense + ubiquity

Thomas Scott mr.thomas.scott at gmail.com
Thu Jun 11 07:37:33 MST 2020


Well as of the first, I am no longer employed by the aforementioned service
provider. The article was interesting - but I actually wrote the author
with the following after reading the article - my question is whether the
8-12GB was upload only, or upload/download

Was 8 - 12 TB (TeraBYTES) the combined, or just the upload? From reading
> the article it was unclear which was being referred to.
>
> The reason this number caught my eye is that 12 TB on a 35 Mbps
> (MegaBITS/second) connection is literally 100% of a regular 30 day month.
> If it's upload only - he's using his upload pegged at 35 Mbps for the
> entire time he's online. I recognized that number from looking at
> utilization graphs for business class customers (which don't have a cap).
> I'm not in any position to comment on this officially (especially as a
> former employee), but if someone is uploading 8-12 TB/month, on a shared
> medium, which DOCSIS over HFC (Hybrid Fiber/Coaxial) definitely is, they
> are the single largest user of upstream bandwidth on the node.
>
> Here's the fun part - I'm a consumer, I get that what "unlimited" means is
> an arbitrary and oft debated question. Looking at data caps in the mobile
> industry - is unlimited truly ever unlimited? At the other hand, I'm a
> professional service provider engineer - those nodes are using shared
> upstream sources, and he is utilizing 20% of that upstream on a regular
> basis. How do you decide to police that? How much is too much, etc, etc. As
> i said, I can't comment on that - but given that shared upstream is only
> 150Mbps on a node - and that nodes serve 100s of customers, he's an
> outlier, and *the* outlier, as in "you can't lie out any further".
>
> Granted that's all an assumption off of that being upload only - if it's
> shared up/down, then it's still notable, and he's still an outlier.
>
> Managing these networks isn't easy - but it is getting better, Cox is
> aggressively rolling out Fiber deeper into their nodes and splitting them
> using newer techniques that will allow coax to deliver much faster down
> speeds (10Gbps if I recall correctly) and everyone's favorite punching back
> on cable - upload (up to 1Gbps). Those are contingent on newer DOCSIS
> specs, 3.1 -> 4.0 and some magic caled Full Duplex DOCSIS that allow you to
> use all frequences on the RF plant both directions.
>

I honestly have no idea how to manage a DSLAM/DSL network, are they on a
shared medium like DOCSIS RF? If so individual QoS can be implemented and
shared much more easier than an HFC design.

Speaking to FTTH builds - Cox is still doing those in greenfield builds, as
is CLINK, but it's incredibly expensive to do in brownfield (already built)
neighborhoods. I live in one of the areas of GA that has FTTH and love it,
but I don't relish the digging that had to be done to accomplish it. Not
saying it can't be done, but I get why Google Fiber, AT&T, VZ Fios, et. al
have held off for so long or have delayed/canceled their future
brownfields. It's not easy - granted we'll see how 5G impacts all of this
for eyeball networks. But in a forum like this, I don't see 5G for 10TB
uploads anytime soon. Some of us aren't exactly eyeballs only :)

Not a huge fan of the caps - but it's a nasty cycle to be in - node splits
are at least 50K a pop, and when I was with former employer, they were done
more often in high Business traffic areas (higher monthly revenue, no
bandwidth caps), but I wouldn't be surprised to see those mitigated by the
new OCML (https://broadbandlibrary.com/ocml-for-converged-access-networks/)
for those builds now.

- Thomas Scott | mr.thomas.scott at gmail.com  <mr.thomas.scott at gmail.com>


On Wed, Jun 10, 2020 at 8:04 PM Michael Butash via PLUG-discuss <
plug-discuss at lists.phxlinux.org> wrote:

> I started getting taxed with Cox when I was experimenting with letting
> some family and friends vpn into my storage, and everyone started
> downloading off me at once.  I wasn't graced to get gigablast, so no
> unlimited for me.  Go figure, but I got annoyed quick with cox telling me I
> was going over my "allocation" and charging me to boot.  I moved to CL, no
> more overages, and far cheaper overall.  Service is meh at times, but see
> prior comments.  I'll take cheap, usually fast, and allow for leeching for
> the fam.
>
> Leeching, backups, all the same.
>
> -mb
>
>
> On Wed, Jun 10, 2020 at 8:08 AM Stephen Partington via PLUG-discuss <
> plug-discuss at lists.phxlinux.org> wrote:
>
>> I ended up with fiber to the home in my area, and Have used anywhere from
>> 2-10 TB a month since long before its availability. Only once did I receive
>> a call, I explained I was doing a backup restore to cloud and that was it.
>> . I have heard nothing else since.
>>
>> On Wed, Jun 10, 2020 at 7:58 AM Michael Butash via PLUG-discuss <
>> plug-discuss at lists.phxlinux.org> wrote:
>>
>>> Kind of a funny read, made me think of this Cox discussion.  As usual,
>>> even when you pay for unlimited, it's not really, and if you piss off a
>>> random top-talker metric, you get smacked.  Actually get what you pay for?
>>> Nah.
>>>
>>>
>>> https://arstechnica.com/tech-policy/2020/06/cox-slows-internet-speeds-in-entire-neighborhoods-to-punish-any-heavy-users/
>>>
>>> I don't buy the FUD about the "downgrade the whole neighborhood", unless
>>> the neighborhood is just overused/saturated as it is, in which case Cox
>>> needs to fix it with a node split per normal direction.  They won't
>>> police/shape a whole neighborhood like that, rather they'd just
>>> decommission or lower the bandwidth on the offenders modem usually, ala
>>> this guy.
>>>
>>> May be a bit different if an actual Cox fiber/pon site, , but these seem
>>> still rare like hens teeth, and only was deployed as buzz during Google
>>> Fiber threatening them.  Cox doing fiber to the home I think died with
>>> Google Fiber.
>>>
>>> -mb
>>>
>>>
>>> On Thu, May 14, 2020 at 9:32 AM Michael Butash <michael at butash.net>
>>> wrote:
>>>
>>>> I'll agree with the CL being saturated comment - pretty sure it doesn't
>>>> matter whether DSL or Fiber, their peering and aggregation is the same per
>>>> region, and really it's where they converge that is the problem, which is
>>>> where said saturation occurs.  CL just *feels* saturated in use, where I
>>>> didn't get that with Cox.  Everything loads a little slower, you can just
>>>> sort of tell after using long enough.  Cox would periodically too, but they
>>>> tended to already be working on a fix by the time I'd hit up someone I knew
>>>> there to complain.  CL I have no such faith in.
>>>>
>>>> I'm paying almost half my Cox bill with CL however, and no random
>>>> overage charges, so I'm willing to live with it honestly, and it's never
>>>> been *that bad*.  If I download something, it downloads quickly, be it http
>>>> or torrents.  Just random viewing of pages in quick succession, ala
>>>> scanning news just always seems a bit slow to start.  That usually feels
>>>> like buffers are blown out somewhere inline.
>>>>
>>>> -mb
>>>>
>>>>
>>>> On Wed, May 13, 2020 at 8:34 PM Thomas Scott via PLUG-discuss <
>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>
>>>>> They are welcome to, but node splits are a 6 month minimum last I
>>>>> checked 😁 - granted we're getting faster with how many we're doing. In the
>>>>> next 5 years, most cable operators will implement some sort of
>>>>> aggressive node splitting to keep up with demand. Current employer not
>>>>> excluded.
>>>>>
>>>>> I've had CLink on fiber - they're upstream nodes are a little more
>>>>> saturated, but they do peer locally in the valley. Current employer does
>>>>> have peering with FAANG and a couple other heavy hitters in the valley (not
>>>>> any proprietary information here, any trace route from the valley to those
>>>>> sites will show it terminating in 2 or 3 hops), but if I recall correctly
>>>>> 70% of CLink traffic hits their DCs in Phoenix. Granted it's all best
>>>>> effort past that, but if you don't have a heavily saturated node, you'll do
>>>>> all right. GPON fiber is GPON fiber, regardless of Service Provider. It's
>>>>> just a question of how many other subscribers are on your PON port and how
>>>>> big the upstream links are.
>>>>>
>>>>> - Thomas Scott | mr.thomas.scott at gmail.com
>>>>> <mr.thomas.scott at gmail.com>
>>>>>
>>>>>
>>>>> On Tue, May 12, 2020 at 4:04 PM Stephen Partington via PLUG-discuss <
>>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>>
>>>>>> This last bit is interesting. I have Cox Fiber (no data cap for
>>>>>> Gigablast fiber yet) and Century Link just announced a competing service in
>>>>>> my area. For about half the cost. For the same Gigabit Fiber (or 940mbps as
>>>>>> they are calling it).
>>>>>>
>>>>>> Anyone with any experience with them on residential fiber?
>>>>>>
>>>>>> On Tue, May 12, 2020 at 5:59 AM Michael Butash via PLUG-discuss <
>>>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>>>
>>>>>>> So Cox subs can reach out to you when we're having saturation
>>>>>>> issues?  :)
>>>>>>>
>>>>>>> Having been around for the beginnings of cable modem tech at @home
>>>>>>> networks in the 90's dealing with almost every big MSO (Cox, Comcast, ATT,
>>>>>>> Intermedia, etc), I like to talk about the tech as a bit proud where it's
>>>>>>> gone.  I liked Cox as one of the last decent hold-outs for things like
>>>>>>> keeping Usenet around longer than they should, not killing customers for
>>>>>>> mpaa/riaa abuse complaints, and keeping data caps off when the industry was
>>>>>>> moving in that direction, so I think they're better than the rest, but
>>>>>>> eventually they hopped on the money train with data caps too.  And now
>>>>>>> they're paying for their pro-pirate stance as well with lawsuits
>>>>>>> against them winning
>>>>>>> <https://www.billboard.com/articles/business/legal-and-management/8546842/cox-1-billion-piracy-lawsuit-labels-publishers>,
>>>>>>> probably using that extra cap revenue to pay the trolls.
>>>>>>>
>>>>>>> Would I go back?  Not as long as they have data caps, and someone
>>>>>>> else around me doesn't, but yes - much better network.  I don't like random
>>>>>>> overages in my bill, I get that enough with power.  If I thought the covid
>>>>>>> restrictions to remove caps would hold, I'd probably switch back now, but
>>>>>>> I'm sure they'll find a reason to reimplement them asap as that's lost
>>>>>>> revenue on your rsu's.
>>>>>>>
>>>>>>> It's always good to hear from other docsis speakers, welcome back!
>>>>>>>
>>>>>>> -mb
>>>>>>>
>>>>>>>
>>>>>>> On Mon, May 11, 2020 at 6:54 PM Thomas Scott <
>>>>>>> mr.thomas.scott at gmail.com> wrote:
>>>>>>>
>>>>>>>> Day job is for a certain ISP HQ in Atlanta that supplies internet
>>>>>>>> for a lot of the valley - I work in Network Operations first in Phoenix and
>>>>>>>> now in Atlanta, and was surprised to see so much of what I talk
>>>>>>>> about everyday in PLUG!
>>>>>>>>
>>>>>>>> CLink trying to play FTTN as FTTH, nothing new there. I live in a
>>>>>>>> neighborhood outside of Atlanta that had some AT&T brownfield development
>>>>>>>> for FTTH, and I've had no regrets (300 up 300 down!) Cox is moving towards
>>>>>>>> "10G" with DOCSIS 4.0 and they are getting fiber closer to the home with
>>>>>>>> their node splits. If you find that you all off a sudden have an extra hop
>>>>>>>> in your path, that might be the seen you've been on one of those nodes that
>>>>>>>> have been lit and split. The amount of bandwidth going up and down will go
>>>>>>>> up dramatically.
>>>>>>>>
>>>>>>>> @Michael - yeah I don't think the caps are going anywhere, the
>>>>>>>> industry as a whole (driven by big red) has moved that direction, but I
>>>>>>>> think you'll see speeds and caps rise as N+0 goes to full duplex DOCSIS. I
>>>>>>>> do know they've been relaxed with the COVID-19 FCC initiatives, but how
>>>>>>>> long that lasts, I'm not sure.
>>>>>>>>
>>>>>>>> @Mac - the cox supplied modems are almost all going to "Panoramic
>>>>>>>> Wi-Fi" and the number of holes found in DOCSIS devices is... disturbing to
>>>>>>>> say the least. It was designed to be operated on a shared RF medium, and
>>>>>>>> like other "trusting" protocols (i.e. BGP) has a lot of issues. The more
>>>>>>>> virtualized it becomes, I think we'll see more of those go away - the
>>>>>>>> smaller the broadcast domains, and the smaller the first upstream router,
>>>>>>>> the better those will be able to be maintained and automated. Looking at
>>>>>>>> the road maps, it will be interesting what comes next.
>>>>>>>>
>>>>>>>> - Thomas Scott | mr.thomas.scott at gmail.com
>>>>>>>> <mr.thomas.scott at gmail.com>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, May 6, 2020 at 3:54 PM Michael Butash via PLUG-discuss <
>>>>>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>
>>>>>>>>> Oddly enough, the model number of your router stuck in my head,
>>>>>>>>> the C3000Z, and I realized I used the same thing, but for my 150mbps dsl
>>>>>>>>> modem.  You sure you have actual gig fiber?  They tend to misrepresent
>>>>>>>>> their actual products in sales.  Ask me how I know.
>>>>>>>>>
>>>>>>>>> <tldr>
>>>>>>>>>
>>>>>>>>> I say this because I called CL before going to them, and asked if
>>>>>>>>> I could get fiber in the network.  They said yes.  Hmm, I knew damn well
>>>>>>>>> they did not, as no one wants to build fiber into old peoria neighborhoods
>>>>>>>>> such as mine.  After some conversation and calling him out, he explained
>>>>>>>>> that "oh, it's a gigabit network", just not fiber to your house.  I could
>>>>>>>>> get dual-band DSL, which means 75mbps x2, for a total of 150mbps, delivered
>>>>>>>>> by a gigabit network!  I sort of facepalmed, but ordered it anyways as it
>>>>>>>>> was significantly more than I had with cox (80mbps at the time I think),
>>>>>>>>> significantly cheaper, and no bandwidth cap.
>>>>>>>>>
>>>>>>>>> If there is anything other than fiber directly in your modem, I'd
>>>>>>>>> call bullocks, but FTTH is a myth to me.
>>>>>>>>>
>>>>>>>>> Crappier service, but I'll take the (usually) cheap and fast.  It
>>>>>>>>> is most certainly not gigabit fiber to my house, even though that's what
>>>>>>>>> they tried to sell me I was getting.  Only new house/community builds get
>>>>>>>>> fiber, and if even that.  Cox did the same to compete with Google fiber,
>>>>>>>>> and as soon as Google Fiber died, so did Cox ever mentioning fiber again.
>>>>>>>>> Truth is Cox doesn't need it, shielded coax can deliver soon 10g over it
>>>>>>>>> just fine with new modulation schemas and docsis improvements.
>>>>>>>>> Centurylink's 100 year old 2-8 wire infrastructure cannot, all they can do
>>>>>>>>> is build new with fiber, but they probably won't being decrepit.
>>>>>>>>>
>>>>>>>>> I hear friends of mine mention they have fiber, and wonder just if
>>>>>>>>> they really do.  This is why Google Fiber folded, it was unrealistic unless
>>>>>>>>> a net-new community build.  Google fiber retrofits were a disaster
>>>>>>>>> <https://gizmodo.com/when-google-fiber-abandons-your-city-as-a-failed-experi-1833244198>
>>>>>>>>> .
>>>>>>>>>
>>>>>>>>> Fun-fact:  Oddly enough the guy that built Google Fiber, Milo
>>>>>>>>> Medin, is the same guy that started @Home Networks back in late 90's for
>>>>>>>>> Cable Modem services, and pioneered current industry standards in use today
>>>>>>>>> globally to deliver cable internet.  The last-mile regional MSO providers
>>>>>>>>> snuffed him/company back then, took it over themselves, and then they
>>>>>>>>> snuffed him out again as he tried the same incursion with Google Fiber, and
>>>>>>>>> realized it just cost too damn much to compete.  Cable Monopolies, flawless
>>>>>>>>> victory.
>>>>>>>>>
>>>>>>>>> Next I expect he'll team up with Elon or Bezos to try again via
>>>>>>>>> terrestrial.
>>>>>>>>>
>>>>>>>>> -mb
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, May 6, 2020 at 10:32 AM Michael Butash <michael at butash.net>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> I tend to find the CL network a bit wonky, having moved to DSL
>>>>>>>>>> from Cox (damn bandwidth caps).  I find the general performance is worse
>>>>>>>>>> than cox, where I suspect they simply don't manage the bandwidth and are
>>>>>>>>>> far too oversubscribed as it feels like the internet buffers at times,
>>>>>>>>>> literally.  Cox would occasionally get that way too, and it was easy to see
>>>>>>>>>> in an ongoing MTR when their peering in LA would get slammed and latency
>>>>>>>>>> would jump (not to mention I know the guys that manage that bandwidth,
>>>>>>>>>> telling them often got it fixed).  Oddly Using MTR with CL, they filter
>>>>>>>>>> icmp/udp specifically that seems to hide responses to track well.  Go
>>>>>>>>>> figure, truth hurts, so hide it.
>>>>>>>>>>
>>>>>>>>>> Having worked for service providers numerous times over the
>>>>>>>>>> years, working in and building them, routers are always an issue in a metro
>>>>>>>>>> city or even interstate networks.  No two platforms are ever the same,
>>>>>>>>>> whether buying all Cisco, Juniper, Nokia, or any combo of all and more,
>>>>>>>>>> which as you said, many do.  Hardest part is usually capacity planning,
>>>>>>>>>> particularly with something like covid, every isp took a kick in the groin
>>>>>>>>>> at the same time to augment their networks, suddenly by some magnitude,
>>>>>>>>>> when everyone else in the world is doing the same.  Slowness in networking
>>>>>>>>>> can often be attributed to those not having enough capacity, though they'll
>>>>>>>>>> never admit it.
>>>>>>>>>>
>>>>>>>>>> I'm on the 150mbps dsl, and a speed test can provide that for
>>>>>>>>>> sure, but general usage, which I use a lot of tabs and apps, tends to bring
>>>>>>>>>> things to a crawl often.  I'd even go back to cox if they got rid of the
>>>>>>>>>> bandwidth cap.  CL might as well be government, and they're run by unions,
>>>>>>>>>> so nothing happens fast, including capacity augments.
>>>>>>>>>>
>>>>>>>>>> Re: mac limits, having been around Cox both as a customer and
>>>>>>>>>> network engineer working there early 2000's, the mac security was more
>>>>>>>>>> about limiting the amount of hosts behind a modem that could be allowed to
>>>>>>>>>> a single mac and IP address.   Back Circa 1998 I had my first Cox modem,
>>>>>>>>>> and there were no routers, you just got yourself a phat 10baset switch from
>>>>>>>>>> computer city and connected up your family on public ip addresses, each
>>>>>>>>>> with their own mac and ip's.  With no limits or filters that led to
>>>>>>>>>> security issues (hey, I see my neighbor's c drive shared!), Cox and others
>>>>>>>>>> then pushed people to then buy a router, which by then around 2002, you
>>>>>>>>>> could buy a cheap wrt54g linksys.  The advent of docsis also allowed to
>>>>>>>>>> both filter and restrict the macs by default, also let them reduce to now
>>>>>>>>>> 1:1 IP to User ratio, which was good for ip management, the abuse
>>>>>>>>>> departments, and fbi warrants from legal.  You used to be able to buy
>>>>>>>>>> another ip, they'd push a new docsis config with mac-alowed=2, but not
>>>>>>>>>> anymore.
>>>>>>>>>>
>>>>>>>>>> Same reasons they're just building in the router functions now,
>>>>>>>>>> it ensures they can offer some basic customer security, plus lets them run
>>>>>>>>>> whatever spyware in their embedded router os they want.  Better off buying
>>>>>>>>>> your own standalone modem and router combo, one you ideally trust.
>>>>>>>>>>
>>>>>>>>>> -mb
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, May 5, 2020 at 10:07 PM Donald Mac McCarthy via
>>>>>>>>>> PLUG-discuss <plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Putting a CL modem into a bridge mode where it only handles the
>>>>>>>>>>> PPPoE connection is simply checking a radial select button and hitting
>>>>>>>>>>> apply. If your firewall supports PPoE, even better, as you no longer need
>>>>>>>>>>> their Modem and router in the mix. But, that is just my experience, and it
>>>>>>>>>>> is limited. I have a CL fiber to the door drop, and they gave me a Zyxel
>>>>>>>>>>> C3000Z device for connection. I promptly ripped it out and allowed pfSense
>>>>>>>>>>> to maintain the PPPoE connection. I had to call support for packet loss one
>>>>>>>>>>> time, and they refused to help me. So goes it rolling your own I guess.
>>>>>>>>>>> Turns out a day later we had a several hour outage due to one of the
>>>>>>>>>>> multiplexing cards used to distribute the 40Gb/s core fiber to the GPON
>>>>>>>>>>> devices failed. Seems like that was a likely culprit for some of the packet
>>>>>>>>>>> loss the previous day.
>>>>>>>>>>>
>>>>>>>>>>> Having just gotten off a call in which the Senior Director of
>>>>>>>>>>> Security Architecture and Engineering (a friend of mine from Atlanta) for
>>>>>>>>>>> Cox was a participant, before he hung up I asked him about the typical Cox
>>>>>>>>>>> supplied modems. Very, very few of them are purely bridge devices -
>>>>>>>>>>> especially with the push to "Panoramic WiFi". A member of CentryLink who
>>>>>>>>>>> was also on the call (ISP InfoSec sharing/working group) mentioned how
>>>>>>>>>>> painful it was to support the number of company issued
>>>>>>>>>>> modems/gateway/router models there are for different infrastructure and
>>>>>>>>>>> connections - let alone ones that customers buy and bring to the party.
>>>>>>>>>>> BTW, the MAC address thing is because they do actually use a MAC locking
>>>>>>>>>>> like feature for security. Apparently it is bad for the network if you just
>>>>>>>>>>> go plug your modem in at several houses in the neighborhood due to the way
>>>>>>>>>>> DOCSIS works. I still have to dig into that and ask some more questions on
>>>>>>>>>>> that one.
>>>>>>>>>>>
>>>>>>>>>>> There was a collective groan among the engineers when another
>>>>>>>>>>> ISP spoke up about the number of critical flaws they find in their DOCIS
>>>>>>>>>>> devices each year.
>>>>>>>>>>>
>>>>>>>>>>> With the amount of consolidation which has happened in the past
>>>>>>>>>>> 20 years in the broadband market, the landscape is riddled with legacy bits
>>>>>>>>>>> and pieces of this provider and that provider somehow being coerced into
>>>>>>>>>>> working together to accomplish passing traffic. One of the ISPs mentioned
>>>>>>>>>>> they had no less than 350 different models of core switching equipment made
>>>>>>>>>>> by more than a dozen manufacturers in their network. They have a team of 40
>>>>>>>>>>> (really 5 teams of 8) that simply monitor and ensure that the OSPF
>>>>>>>>>>> functions properly among the various models and brands to make sure that
>>>>>>>>>>> the network properly heals/manages congestion.
>>>>>>>>>>>
>>>>>>>>>>> Anyway, just throwing it out so that people can see and
>>>>>>>>>>> understand the picture at a higher level. The final comment on the call was
>>>>>>>>>>> from an engineer at a midwestern rural provider and one that I am sure many
>>>>>>>>>>> of us can relate to. She said she spends all day pulling her hair out
>>>>>>>>>>> trying to keep the network functioning at the highest of levels. The first
>>>>>>>>>>> words out of her kids' mouths when she gets home are "Mom, the WiFi seems
>>>>>>>>>>> slow today."
>>>>>>>>>>>
>>>>>>>>>>> I talked with Alexander this afternoon, and it looks like he has
>>>>>>>>>>> a functioning network again. The APs were reluctant to give up their old
>>>>>>>>>>> configuration, so a factory reset and new DHCP leases seem to have done the
>>>>>>>>>>> trick.
>>>>>>>>>>>
>>>>>>>>>>> Hopefully this sheds a bit of light on something for a few
>>>>>>>>>>> people.
>>>>>>>>>>>
>>>>>>>>>>> Mac
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Michael Butash via PLUG-discuss wrote on 5/4/20 4:59 PM:
>>>>>>>>>>>
>>>>>>>>>>> Ideally when you plug into a cable modem, it comes up, and
>>>>>>>>>>> passes your ethernet to the cmts in a bridge, lets one mac address
>>>>>>>>>>> dhcp/arp, and things work.  It learns that one ip/mac, and disallows any
>>>>>>>>>>> other mac.  No security, nat, nothing, just real dumb dhcp + default
>>>>>>>>>>> routing with a public ip.  Routers/firewalls try to NAT you, thus double
>>>>>>>>>>> NAT if using a router behind it.
>>>>>>>>>>>
>>>>>>>>>>> CL sells you a dsl modem/router that does your local security
>>>>>>>>>>> whether you want it or not, full router/nat/firewall, and probably
>>>>>>>>>>> spyware.  Making it a modem is possible, but takes work, and your firewall
>>>>>>>>>>> has to support PPPoE (not all can/do).  Last time I touched a combo Cox
>>>>>>>>>>> router/modem, I didn't see any way to do so.  I told them to buy a real
>>>>>>>>>>> modem, and that worked with their belkin/cisco/linksys/netgear they had.
>>>>>>>>>>>
>>>>>>>>>>> If your "modem" mentions wifi, it's a router/firewall, not a
>>>>>>>>>>> modem.  Not all are clear about this, as they dumb it down for consumers,
>>>>>>>>>>> but an important point.
>>>>>>>>>>>
>>>>>>>>>>> -mb
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, May 4, 2020 at 1:53 PM Stephen Partington via
>>>>>>>>>>> PLUG-discuss <plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> I Owned a Nighthawk Router/Modem combo, The way that Netgear
>>>>>>>>>>>> handled that is that the modem was hard-wired to a bridge on the router
>>>>>>>>>>>> side. and technically you could see it as a separate device in the router
>>>>>>>>>>>> configs if you rooted around enough. but the modem side was just a modem.
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, May 4, 2020 at 11:03 AM Michael Butash via PLUG-discuss
>>>>>>>>>>>> <plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Cox modems *are* bridges first and foremost typically, unless
>>>>>>>>>>>>> you get a bundled router/modem, which is only what CenturyLink sells.  If
>>>>>>>>>>>>> you got a "router/modem" combo, just buy a modem-only device for a dumb
>>>>>>>>>>>>> bridge and simple ethernet for a public ip.  I recommend staying with an
>>>>>>>>>>>>> arris cable modem, originally motorola, they basically developed cable
>>>>>>>>>>>>> modem docsis, and are always the best.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I moved from Cox to CL when Cox started adding a usage cap,
>>>>>>>>>>>>> and that was new to me to get my Fortinet firewall online with CL and their
>>>>>>>>>>>>> DSL doing PPPOE.  I've seen the router/cable modem combo boxes later, but
>>>>>>>>>>>>> never owned one as I always have my own router/firewall.
>>>>>>>>>>>>>
>>>>>>>>>>>>> -mb
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, May 4, 2020 at 8:36 AM Donald Mac McCarthy <
>>>>>>>>>>>>> mac at oscontext.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Will Cox allow for a bridge/virtual bridge mode? Xfinity
>>>>>>>>>>>>>> does, which allows you to put in a firewall, and use the modem only as a
>>>>>>>>>>>>>> gateway, therefore preventing a double NAT situation. Never lived in a Cox
>>>>>>>>>>>>>> area before, and currently ride CL fiber.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Mac
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Michael Butash via PLUG-discuss wrote on 5/3/20 2:00 PM:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Cox modems will learn and allow only 1 mac at a time (unless
>>>>>>>>>>>>>> business is set to allow more, but not on residential).  If switching out
>>>>>>>>>>>>>> firewalls, I 99% of time reboot the modem first and foremost.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -mb
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Sun, May 3, 2020 at 12:08 PM Snyder, Alexander J via
>>>>>>>>>>>>>> PLUG-discuss <plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I got it working.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I assigned the SFP+ port as my LAN and assigned it the
>>>>>>>>>>>>>>> 10.x.x.x/16 network. Then I had to call COX and list the WAN Mac address
>>>>>>>>>>>>>>> with them. Upon doing so I was able to reach external sites, and all
>>>>>>>>>>>>>>> downstream devices started coming alive!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks for all the suggestions and help!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>> Alexander
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Sent from my Galaxy S10+
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Sun, May 3, 2020, 03:14 Herminio Hernandez, Jr. via
>>>>>>>>>>>>>>> PLUG-discuss <plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Can you  login to the FW via the LAN interface? Can you
>>>>>>>>>>>>>>>> ping the FW LAN interface? Check the routing and NAT policy on the FW. All
>>>>>>>>>>>>>>>> outbound traffic should NAT to the FW WAN interface and there should be a
>>>>>>>>>>>>>>>> default (0.0.0.0/0) route to the internet.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Sat, May 2, 2020 at 7:27 PM Seabass via PLUG-discuss <
>>>>>>>>>>>>>>>> plug-discuss at lists.phxlinux.org> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I'm with Mac, I think it is not the firewall, but if you
>>>>>>>>>>>>>>>>> have the ability to plug it into a display with a keyboard, you can use
>>>>>>>>>>>>>>>>> that for configuration and modify a different device at the same time.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Makes it easier to troubleshoot by giving you the ability
>>>>>>>>>>>>>>>>> to configure your pfSense ports at the same time.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Message: 2
>>>>>>>>>>>>>>>>> Date: Sat, 2 May 2020 09:04:35 -0700
>>>>>>>>>>>>>>>>> From: Donald Mac McCarthy <mac at oscontext.com>
>>>>>>>>>>>>>>>>> To: "Snyder, Alexander J via PLUG-discuss"
>>>>>>>>>>>>>>>>> <plug-discuss at lists.phxlinux.org>
>>>>>>>>>>>>>>>>> Subject: Re: pfSense + Ubiquity
>>>>>>>>>>>>>>>>> Message-ID: <
>>>>>>>>>>>>>>>>> 18adfa38-3e72-7b0a-e31a-1ddf175d717f at oscontext.com>
>>>>>>>>>>>>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I can help - but I am unavailable to do so until tomorrow.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Make sure there are not any thing other than default VLANs
>>>>>>>>>>>>>>>>> on the
>>>>>>>>>>>>>>>>> interfaces to start with. Ubiquiti is famous for not
>>>>>>>>>>>>>>>>> havinght eSFP+
>>>>>>>>>>>>>>>>> ports active in the default configuration, and I believe
>>>>>>>>>>>>>>>>> the switch has
>>>>>>>>>>>>>>>>> all the ports to shutdown on default config as well.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I think it is the switch not passing traffic through - no
>>>>>>>>>>>>>>>>> the firewall.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Mac
>>>>>>>>>>>>>>>>> Snyder, Alexander J via PLUG-discuss wrote on 5/2/20 8:53
>>>>>>>>>>>>>>>>> AM:
>>>>>>>>>>>>>>>>> > Does anyone out there have experience with pfSence and
>>>>>>>>>>>>>>>>> Ubiquity switches?
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > I have zero with either but that didn't stop me from
>>>>>>>>>>>>>>>>> buying both ....
>>>>>>>>>>>>>>>>> > how hard could it be?! LOL.
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > I bought a Negate XG-1537-1U. I bought a Unifi Pro 24
>>>>>>>>>>>>>>>>> PoE switch.
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > I can configure the FW immediately after
>>>>>>>>>>>>>>>>> > firstboot/restore-default-configs, but only if i set the
>>>>>>>>>>>>>>>>> LAN interface
>>>>>>>>>>>>>>>>> > to be the cable that goes directly to my laptop. That's
>>>>>>>>>>>>>>>>> great, but
>>>>>>>>>>>>>>>>> > that does shit for the downstream switch.
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > I have a 10GB SFP+ Port that I want to configure as the
>>>>>>>>>>>>>>>>> downstream
>>>>>>>>>>>>>>>>> > port to ubiquity, but any configuration other than
>>>>>>>>>>>>>>>>> mentioned above
>>>>>>>>>>>>>>>>> > fails .... and I'm now on my 12th "Reset To Factory
>>>>>>>>>>>>>>>>> Defaults" ... any
>>>>>>>>>>>>>>>>> > help on this would be greatly appreciated!
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > Thanks,
>>>>>>>>>>>>>>>>> > Alexander
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > Sent from my Galaxy S10+
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>> > ---------------------------------------------------
>>>>>>>>>>>>>>>>> > PLUG-discuss mailing list -
>>>>>>>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>>>>> > To subscribe, unsubscribe, or to change your mail
>>>>>>>>>>>>>>>>> settings:
>>>>>>>>>>>>>>>>> > https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>>>>>>>>>> Director, Field Operations
>>>>>>>>>>>>>>>>> Open Source Context
>>>>>>>>>>>>>>>>> +1.602.584.4445
>>>>>>>>>>>>>>>>> mac at oscontext.com
>>>>>>>>>>>>>>>>> https://oscontext.com
>>>>>>>>>>>>>>>>> -------------- next part --------------
>>>>>>>>>>>>>>>>> An HTML attachment was scrubbed...
>>>>>>>>>>>>>>>>> URL: <
>>>>>>>>>>>>>>>>> http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200502/aeab14b4/attachment-0001.html
>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ------------------------------
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Subject: Digest Footer
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ------------------------------
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> End of PLUG-discuss Digest, Vol 179, Issue 2
>>>>>>>>>>>>>>>>> ********************************************
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>>>>>>> Director, Field Operations
>>>>>>>>>>>>>> Open Source Context
>>>>>>>>>>>>>> +1.602.584.4445
>>>>>>>>>>>>>> mac at oscontext.com
>>>>>>>>>>>>>> https://oscontext.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> A mouse trap, placed on top of your alarm clock, will prevent
>>>>>>>>>>>> you from rolling over and going back to sleep after you hit the snooze
>>>>>>>>>>>> button.
>>>>>>>>>>>>
>>>>>>>>>>>> Stephen
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Donald "Mac" McCarthy
>>>>>>>>>>> Director, Field Operations
>>>>>>>>>>> Open Source Context
>>>>>>>>>>> +1.602.584.4445
>>>>>>>>>>> mac at oscontext.com
>>>>>>>>>>> https://oscontext.com
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>
>>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>
>>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> A mouse trap, placed on top of your alarm clock, will prevent you
>>>>>> from rolling over and going back to sleep after you hit the snooze button.
>>>>>>
>>>>>> Stephen
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> --
>> A mouse trap, placed on top of your alarm clock, will prevent you from
>> rolling over and going back to sleep after you hit the snooze button.
>>
>> Stephen
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20200611/3b8b17e9/attachment.html>


More information about the PLUG-discuss mailing list