I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy. I work for SaaS provider who requires a source IP to access our system to businesses. Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs. However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money. Here are my questions: 1. Is it really accurate that the customer’s address is tied to the modem/router? 2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere? 3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit. --- Keith Stokes
On Thu, Jul 30, 2015 at 9:02 AM, Keith Stokes <keiths@neilltech.com> wrote:
I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to businesses.
That is probably a problematic practice.
Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs.
However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money.
Here are my questions:
1. Is it really accurate that the customer’s address is tied to the modem/router?
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
---
Keith Stokes
AT&T addressing has been detailed here in some ways. I am not sure how accurate it is or at what state this has been deployed http://www.networkworld.com/article/2188898/lan-wan/at-t-demands-we-change-o... But, it is possible that AT&T does not have IPv4 static addresses to assign.
On Thu, Jul 30, 2015 at 12:14 PM, Ca By <cb.list6@gmail.com> wrote:
On Thu, Jul 30, 2015 at 9:02 AM, Keith Stokes <keiths@neilltech.com> wrote:
I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to businesses.
That is probably a problematic practice.
"probably"
People need to really stop using Source IP as an ACL mechanism whereever possible. Have you considered using SSL certs or SSH keys or some other sort of API key instead? I'm mean, do you really want to have to know how the technology of every ISP that every possible SaaS customer may use to access your service is set up? On Thu, Jul 30, 2015 at 04:02:06PM +0000, Keith Stokes wrote:
I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to businesses.
Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs.
However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money.
Here are my questions:
1. Is it really accurate that the customer’s address is tied to the modem/router?
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
Access is not the only reason we ask for non-changing source IP addresses. I’m not arguing the long-term sensibility of the approach. It’s arguably a legacy app and has 5000 endpoints that we have to still support until different solutions on our side are complete. That process is outside of my control. On Jul 30, 2015, at 11:20 AM, Chuck Anderson <cra@WPI.EDU<mailto:cra@WPI.EDU>> wrote: People need to really stop using Source IP as an ACL mechanism whereever possible. Have you considered using SSL certs or SSH keys or some other sort of API key instead? I'm mean, do you really want to have to know how the technology of every ISP that every possible SaaS customer may use to access your service is set up? On Thu, Jul 30, 2015 at 04:02:06PM +0000, Keith Stokes wrote: I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy. I work for SaaS provider who requires a source IP to access our system to businesses. Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs. However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money. Here are my questions: 1. Is it really accurate that the customer’s address is tied to the modem/router? 2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere? 3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit. --- Keith Stokes
On Thu, 30 Jul 2015, Keith Stokes wrote:
1. Is it really accurate that the customer’s address is tied to the modem/router?
AT&T calls it "Sticky IP address." A U-Verse Residential Gateway tends to get the same IP address from DHCP, for months or years, but its not guaranteed. An subnet may change anytime wihout notice for the convience of network engineering, i.e. splitting on a new DSLAM slot, moving equipment in CO's, replacing the RG hardware, DHCP server changes, etc. If a cusomer wants assurance and notification about future IP address changes affecting their IP address assignment, they will need to pay for U-Verse "Static IP address" service.
I've had AT&T UVerse for 3 years now and it has changed at least twice since I got it. The DHCP address has an expiration of ~7 days and it usually keeps the same address upon renewal but a few times I have noticed that it's changed. I wouldn't trust it to be static forever. -- James Hartig
“Forever” is a long time. We’re shooting for not having to change people’s address multiple times per week while still trying to help them save costs by not paying extra for “official" static IPs. Changing every 6 months as some have pointed out as their experience is perfectly acceptable to us. On Jul 30, 2015, at 11:51 AM, James Hartig <fastest963@gmail.com<mailto:fastest963@gmail.com>> wrote: I've had AT&T UVerse for 3 years now and it has changed at least twice since I got it. The DHCP address has an expiration of ~7 days and it usually keeps the same address upon renewal but a few times I have noticed that it's changed. I wouldn't trust it to be static forever. -- James Hartig --- Keith Stokes
I have AT&T u-verse small business connection at my office with a static IP setup, and my experience matches with the AT&T tech said. We have a separate router behind the AT&T router. The AT&T router is an Arris (former Motorola) NVG595. Our router has a static IP out of our subnet and does NAT for the office network. As far as I can tell, the u-verse supplied router cannot be replaced with something less sucky. The problem is getting the 802.1x certificate needed to authenticate on the wan port. I dislike AT&T's hardware as it has more limitations than just this, but some of those limitations can be worked around with an additional router downstream of it. Quoting Keith Stokes <keiths@neilltech.com>:
I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to businesses.
Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs.
However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money.
Here are my questions:
1. Is it really accurate that the customer’s address is tied to the modem/router?
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
---
Keith Stokes
On Thu, 30 Jul 2015 12:02:06 -0400, Keith Stokes <keiths@neilltech.com> wrote:
1. Is it really accurate that the customer’s address is tied to the modem/router?
To the 802.1x identity of the device, yes. That's the unit serial number, which (partial) contains the MAC.
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
No. It's just "plain" DHCP. Until the pool is depleted, addresses don't get recycled. So, even if your address were released, it would take days before it would be assigned to someone else. (which DOES happen, btw) Addresses are *NOT* hard coded. You can order (and pay for) a static subnet that is routed to whatever dynamic link address you get. That's the only "static" they offer.
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
Yes. This is a fundamental part of the network. If you *do* manage to side-step their PoS hardware, your own router will experience the same addressing scheme.
participants (8)
-
Ca By
-
Christopher Morrow
-
Chuck Anderson
-
Dan Drown
-
James Hartig
-
Keith Stokes
-
Ricky Beam
-
Sean Donelan