I'm doing some research for a group that has a 100Mb FIOS Internet connection at their site. I was surprised to learn that Verizon supplied them with the same Actiontec router that they provided me with on my 10Mb connection at home. Needless to say the Actiontec router is not up to the task of moving all of that traffic (they are using about 80Mb now and sometimes max out their connection). Verizon has been good about replacing the router multiple time when they finally fail, however having to power-cycle the router multiple times per day is not acceptable. What I would like to do is set them up with a router/firewall that is capable of handling their current bandwidth needs as well as their anticipated future growth. My concern is terminating the FIOS connection from the ONT directly to something like a Cisco 3900 (Output from the ONT is CAT5 terminating to RJ-45). I have been searching around the Internet and found one discussion where someone claims to have been able to accomplish just this using a Cisco 871 router. Based on the loose discussions that I have read it seems that the FIOS connection configuration can vary from area to area. I am also aware that we can configure the Actiontec router as a bridge, but I would much rather remove it altogether particularly with the amount of traffic this group is moving. Has anyone been able to accomplish this or something similar with any hardware other then the router Verizon provides? Any insight on Verizon's official stance on this would be helpful. If there is someone from Verizon out there that can contact me about the technical aspects of doing this, that would be much appreciated as well. - Chris
I worked for a small business that purchased 20Mbps FiOS. I threw the actiontech out the day it showed up in the mail. Plugged the copper hand off from the ONT into my 2851 and never looked back. I can't recall what was involved back then in doing so. Verizon clearly stated that they won't support that. In other words, i'd have to hook up the actiontech every time I would need to call them, but that never happened. The link was solid day in and day out. So the only time I ever used it when VZN tech showed up to "make sure everything works" on the first day of service. iirc, I was researching that before I did that and stumbled upon some forums that claimed that if I hook up the actiontech first and then take it out and plug in something else, I'll have issues with VZN caching my MAC address or some bullsh*t like that. But that only seemed to apply in case of if the customer is using a DHCP address. At the time we paid for a block of 5 IPs, so we had static. In short, I never say a single issue, but just to be fair, I only did NAT out for user access. Never hosted a server on it or anything like that. The only thing I recall bugging VZN about is for them to hand me off RJ45 copper, rather than coax, but sounds like you've got RJ45 hand off already, so you should be set. Hope this helps. Andrey On Thu, May 27, 2010 at 10:21 AM, Chris Burwell <cburwell@gmail.com> wrote:
I'm doing some research for a group that has a 100Mb FIOS Internet connection at their site. I was surprised to learn that Verizon supplied them with the same Actiontec router that they provided me with on my 10Mb connection at home. Needless to say the Actiontec router is not up to the task of moving all of that traffic (they are using about 80Mb now and sometimes max out their connection). Verizon has been good about replacing the router multiple time when they finally fail, however having to power-cycle the router multiple times per day is not acceptable.
What I would like to do is set them up with a router/firewall that is capable of handling their current bandwidth needs as well as their anticipated future growth. My concern is terminating the FIOS connection from the ONT directly to something like a Cisco 3900 (Output from the ONT is CAT5 terminating to RJ-45). I have been searching around the Internet and found one discussion where someone claims to have been able to accomplish just this using a Cisco 871 router. Based on the loose discussions that I have read it seems that the FIOS connection configuration can vary from area to area.
I am also aware that we can configure the Actiontec router as a bridge, but I would much rather remove it altogether particularly with the amount of traffic this group is moving.
Has anyone been able to accomplish this or something similar with any hardware other then the router Verizon provides? Any insight on Verizon's official stance on this would be helpful. If there is someone from Verizon out there that can contact me about the technical aspects of doing this, that would be much appreciated as well.
- Chris
-- Andrey Khomyakov [khomyakov.andrey@gmail.com]
Would a hardware firewall appliance do the trick? Limited routing features should be sufficient for an access application typical of FIOS. A Cisco ASA 5510 or Juniper SSG5 wouldn't be bad choices.
I've deployed SonicWALL NSA appliances for use on FiOS with good results. With any firewall, size it to be able to handle the bandwidth and applications involved. On May 27, 2010, at 11:26 AM, David Storandt wrote:
Would a hardware firewall appliance do the trick? Limited routing features should be sufficient for an access application typical of FIOS. A Cisco ASA 5510 or Juniper SSG5 wouldn't be bad choices.
I've been using linux/iptables since day 1. 100Mbps is a walk in the park. ---------- Original Message ----------- From: Chris Burwell <cburwell@gmail.com> To: NANOG <nanog@nanog.org> Sent: Thu, 27 May 2010 10:21:01 -0400 Subject: FIOS Router
I'm doing some research for a group that has a 100Mb FIOS Internet connection at their site. I was surprised to learn that Verizon supplied them with the same Actiontec router that they provided me with on my 10Mb connection at home. Needless to say the Actiontec router is not up to the task of moving all of that traffic (they are using about 80Mb now and sometimes max out their connection). Verizon has been good about replacing the router multiple time when they finally fail, however having to power-cycle the router multiple times per day is not acceptable.
What I would like to do is set them up with a router/firewall that is capable of handling their current bandwidth needs as well as their anticipated future growth. My concern is terminating the FIOS connection from the ONT directly to something like a Cisco 3900 (Output from the ONT is CAT5 terminating to RJ-45). I have been searching around the Internet and found one discussion where someone claims to have been able to accomplish just this using a Cisco 871 router. Based on the loose discussions that I have read it seems that the FIOS connection configuration can vary from area to area.
I am also aware that we can configure the Actiontec router as a bridge, but I would much rather remove it altogether particularly with the amount of traffic this group is moving.
Has anyone been able to accomplish this or something similar with any hardware other then the router Verizon provides? Any insight on Verizon's official stance on this would be helpful. If there is someone from Verizon out there that can contact me about the technical aspects of doing this, that would be much appreciated as well.
- Chris ------- End of Original Message -------
On 5/27/10 10:25 AM, Randy McAnally wrote:
I've been using linux/iptables since day 1. 100Mbps is a walk in the park.
See the response I just posted, but in all likely, he's being hampered by the fact the handoff from the ONT is 100BT ethernet and OpenRG (which bolts on top of a Linux OS and 'replaces' the functionality of iptables and such). -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
---------- Original Message ----------- From: Brielle Bruns <bruns@2mbit.com>
See the response I just posted, but in all likely, he's being hampered by the fact the handoff from the ONT is 100BT ethernet and OpenRG (which bolts on top of a Linux OS and 'replaces' the functionality of iptables and such).
I really meant a real Linux server (or desktop box loaded with CentOS, Deb, ect) with some basic IPtables rules and dual NIC. I never intended to use any kind of appliance or router device loaded with 'brand x' Linux. A 100bT hand-off should have NO issues reaching ~98Mbps without packet loss; just a little extra latency as you start filling buffers. Since the first day our FiOS was installed, we switched out the cruddy Dlink router (later swapped with Actiontec) with a Linux box running CentOS and a simple iptables script. I later added a Atheros-based wifi card with HostAP and madwifi to create an AP from the same box. Linux/Wifi is not for all of course, but the dual-nic and IPtables part pretty much anyone can do...you could just as easily hang a small wifi router off the box. -R
On 5/27/10 8:21 AM, Chris Burwell wrote:
I'm doing some research for a group that has a 100Mb FIOS Internet connection at their site. I was surprised to learn that Verizon supplied them with the same Actiontec router that they provided me with on my 10Mb connection at home. Needless to say the Actiontec router is not up to the task of moving all of that traffic (they are using about 80Mb now and sometimes max out their connection). Verizon has been good about replacing the router multiple time when they finally fail, however having to power-cycle the router multiple times per day is not acceptable.
Which Actiontec did they give your client? There's like 3 different revisions of the Actiontec MoCA/Ethernet routers, and I know some of the earliest ones have some odd issues. The Actiontec MI424WR is actually a fairly beefy and nice router - but its hampered by two major things in terms of performance: 1) The ethernet hand-off from the ONT to the Actiontec is only 100BT. As we all know, 100mbit != actual 100mbit transfer. I believe MoCA can do better then 100mbit, so you'd have to use the MoCA port to get closer. 2) Jungo OpenRG is a pile, and buggy. My parents have FiOS and their MI424WR won't hand out any IP addresses for DNS other then itself no matter how I configure it. There's a bizarre slowdown when DNS is handled by the MI424WR, that I have yet to figure out. Yay for closed source crap bolted on top of open source stuff to 'replace' non-broken functionality with something that a company can restrict.
What I would like to do is set them up with a router/firewall that is capable of handling their current bandwidth needs as well as their anticipated future growth. My concern is terminating the FIOS connection from the ONT directly to something like a Cisco 3900 (Output from the ONT is CAT5 terminating to RJ-45). I have been searching around the Internet and found one discussion where someone claims to have been able to accomplish just this using a Cisco 871 router. Based on the loose discussions that I have read it seems that the FIOS connection configuration can vary from area to area.
I am also aware that we can configure the Actiontec router as a bridge, but I would much rather remove it altogether particularly with the amount of traffic this group is moving.
Has anyone been able to accomplish this or something similar with any hardware other then the router Verizon provides? Any insight on Verizon's official stance on this would be helpful. If there is someone from Verizon out there that can contact me about the technical aspects of doing this, that would be much appreciated as well.
Like I said, your going to be hampered by the fact that the ethernet handoff from the ONT is 100BT. Don't forget, there's all this overhead between ethernet, TCP/IP, the ATM network, etc that will even further limit your performance. If you call up and badger Verizon, you should be able to get them to switch between MoCA and ethernet handoffs if needed - I've only personally managed to get them to switch to ethernet once without faking a problem on our end to get a tech to come out and do it. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Sadly, I have only the 50/20 FiOS service. I would love to get 100/100. Where do I sign up. My initial installation used MoCA. It would not reliably deliver 50Mbps on tcp-based download tests. (coax network brand new, very small). Test results were erratic, typically between 30 and 40Mbps. Technician told me to put up with it (not making this up). I fought with VZ and had them re-provision me to 100BaseT connection on the ONT. I immediately observed reliable, consistent download speeds at 51.8Mbps. (Since dropped to 49.2 after their speed re-provisioning a few months ago.) MoCA is a half-duplex channel with sophisticated MAC (e.g. BW reservations and so forth). The MoCA diag displays show that the STBs see each other and the Actiontech at speeds over 220Mbps. I doubt the issue is inadequate phy connection. I assume the interplay between the MoCA MAC and TCP yields poor performance. But, I did not research this. I had them take my Internet off the MoCA path and it has worked fine since. So, how I go about getting 100/100?
To be honest, I'm not sure how they got the 100Mb service. The fastest service I have seen on the FiOS website is the 50/20. I can only assume that it varies by region. - Chris On Thu, May 27, 2010 at 3:22 PM, Robert Enger - NANOG <nanog@enger.us> wrote:
Sadly, I have only the 50/20 FiOS service. I would love to get 100/100. Where do I sign up.
My initial installation used MoCA. It would not reliably deliver 50Mbps on tcp-based download tests. (coax network brand new, very small). Test results were erratic, typically between 30 and 40Mbps. Technician told me to put up with it (not making this up).
I fought with VZ and had them re-provision me to 100BaseT connection on the ONT. I immediately observed reliable, consistent download speeds at 51.8Mbps. (Since dropped to 49.2 after their speed re-provisioning a few months ago.)
MoCA is a half-duplex channel with sophisticated MAC (e.g. BW reservations and so forth). The MoCA diag displays show that the STBs see each other and the Actiontech at speeds over 220Mbps. I doubt the issue is inadequate phy connection. I assume the interplay between the MoCA MAC and TCP yields poor performance. But, I did not research this. I had them take my Internet off the MoCA path and it has worked fine since.
So, how I go about getting 100/100?
On Thu, May 27, 2010 at 3:40 PM, Chris Burwell <cburwell@gmail.com> wrote:
To be honest, I'm not sure how they got the 100Mb service. The fastest service I have seen on the FiOS website is the 50/20. I can only assume that it varies by region.
It does, or it used to... rumors were DFW was a good place to get the 100/100 service. As to the actiontec, just ditch it, if you have cat-5 from the ONT you've been presented with an ethernet LAN, plug that into any old switch and feed your end systems off that (presuming you have more than 1 ip address and static addressing). If you NEED a router/firewall, then get an ssg5 or use a little linux-alike box. -Chris
On Thu, May 27, 2010 at 3:22 PM, Robert Enger - NANOG <nanog@enger.us> wrote:
Sadly, I have only the 50/20 FiOS service. I would love to get 100/100. Where do I sign up.
My initial installation used MoCA. It would not reliably deliver 50Mbps on tcp-based download tests. (coax network brand new, very small). Test results were erratic, typically between 30 and 40Mbps. Technician told me to put up with it (not making this up).
I fought with VZ and had them re-provision me to 100BaseT connection on the ONT. I immediately observed reliable, consistent download speeds at 51.8Mbps. (Since dropped to 49.2 after their speed re-provisioning a few months ago.)
MoCA is a half-duplex channel with sophisticated MAC (e.g. BW reservations and so forth). The MoCA diag displays show that the STBs see each other and the Actiontech at speeds over 220Mbps. I doubt the issue is inadequate phy connection. I assume the interplay between the MoCA MAC and TCP yields poor performance. But, I did not research this. I had them take my Internet off the MoCA path and it has worked fine since.
So, how I go about getting 100/100?
participants (8)
-
Andrey Khomyakov -
Brielle Bruns -
Chris Burwell -
Christopher Morrow -
Daniel Senie -
David Storandt -
Randy McAnally -
Robert Enger - NANOG