This isn't necessarily operational content, so I apologize in advance for the noise and thus encourage off-list replies (and/or flames). I figure the NANOG demographic might be able to point me in the right direction seeing as how far reaching into the industry the readership is. I'm doing research on potential FTTH CPE vendors and I'd like to poke around for some potential vendors to see who I've missed. The feature wish list more or less looks like so: - Small, wall-mount'ish form factor - 6-8 wire speed 10/100/1000 LAN ports - Generic consumer grade NAT/Firewall - Fixed BX WAN port - 1-2 POTS ports with SIP UA - TR-69 support for full CPE configuration (User features/configuration and SP features/configuration) - No Wifi (or the ability to disable it from the SP provisioning side) - DHCP client - 802.1q on LAN and WAN ports - Multicast - -48v input - Per VLAN egress shaping/policing over WAN port - DHCP option 82 support If anyone has something like this in the field or knows of a vendor who can meet these requirements in some fashion by product line or custom build, please drop me a line. Also, if anyone knows of any NANOG'esque FTTH lists, I'd welcome a subscribe URL. Thanks in advance.
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge? Owen
Why? As long as it can be a transparent router, why would it need to be a bridge?
Layer 2 CPE capability is a big deal, especially if you're doing unrouted multicast (see many TV/VoD over ethernet platforms for details). But it's also nice for handing the customer a layer-2 service port like they're used to getting, if they want it that way. The routing engine in CPE's is often simply not as capable as the bridging mechanism, so there's an end-user experience to consider. It's also worth noting that this feature will probably become less important as IPv6 and DHCP6-PD becomes more widely deployed. Until then, the extra routing in IPv4 starts to chew up some serious address space if you're rolling out thousands or more of the CPEs. See most national ISP's CPE configuration if you think it's unusual to want to hand off services on a bridged interface- it's not, at all. Nathan Eisenberg
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs. He didn't say IPv6 only, right? I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4. Owen
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space. If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain? -- Dan White
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Any rational layer 2 access gear regardless of the technology (DSL, FTTx, wireless, or DOCSIS) will/can handle layer 2 isolation already. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On Aug 4, 2011, at 2:55 PM, Dan White wrote:
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me. I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases. Owen
On 2011-08-04, at 6:43 PM, Owen DeLong <owen@delong.com> wrote:
On Aug 4, 2011, at 2:55 PM, Dan White wrote:
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
> - Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
Owen
Realistically, how many home Internet consumers terminate IPSec VPNs? It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?
IPSEC Not so common. At least it's easy enough for them to be the initiator, in most cases, and IPSEC NAT-T works great. Much more common application would include PC gamers, xbox live, remote desktop, slingbox, windows home server, and torrents. Granted, some of these support UPNP (if your router does too...), but others simply do not do so as easily, or prefer a more static external access solution. On Thu, Aug 4, 2011 at 5:08 PM, Dan Armstrong <dan@beanfield.com> wrote:
On 2011-08-04, at 6:43 PM, Owen DeLong <owen@delong.com> wrote:
On Aug 4, 2011, at 2:55 PM, Dan White wrote:
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
>> - Generic consumer grade NAT/Firewall > > Hobby horse: please make sure it support bridge mode? Those of us
> want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't
be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single
who they public
IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
Owen
Realistically, how many home Internet consumers terminate IPSec VPNs?
It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?
Among the people I know, on the order of 35%. Not a majority, but, I would not call 1/3rd less than 1%. Owen On Aug 4, 2011, at 4:08 PM, Dan Armstrong wrote:
On 2011-08-04, at 6:43 PM, Owen DeLong <owen@delong.com> wrote:
On Aug 4, 2011, at 2:55 PM, Dan White wrote:
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
>> - Generic consumer grade NAT/Firewall > > Hobby horse: please make sure it support bridge mode? Those of us who > want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
Owen
Realistically, how many home Internet consumers terminate IPSec VPNs?
It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?
On 8/4/2011 8:22 PM, Owen DeLong wrote:
Among the people I know, on the order of 35%.
Not a majority, but, I would not call 1/3rd less than 1%.
Again, you're not in any way shape or form representative. IPSEC IS less than 1% for residential Internet customers in the US and its not even 30% for business accounts. I have visibility into access networks around North America which gives me a sample size that is far larger than required for statistical significance. -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
----- Original Message -----
From: "Scott Helms" <khelms@ispalliance.net>
Again, you're not in any way shape or form representative. IPSEC IS less than 1% for residential Internet customers in the US and its not even 30% for business accounts. I have visibility into access networks around North America which gives me a sample size that is far larger than required for statistical significance.
Which is fine, but it does *not* justify not putting the check on the tick-list. You merely assign it a lower weight. "Whether to do it" is a cost-benefit analysis. "Not checking to see if you can have it for free" is malpractice. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
There continue to be many legitimate reasons why a consumer might not want NAT on their connection. I wouldn't' consider IPSEC the primary one, as even having one side under NAT is generally not an issue in most cases if it's the initiator (further skewing your netflow statistics to even less than the 1% figure as a business case). You've explicitly asked for a CPE without wifi (or one where the SP can disable it). Yes, I know you could buy a wireless "access point", but no consumer will do that. They will run to best buy and come home with a "wireless router". They when they want a "public" IP on _their_ router they will (try) to follow all the guides on xbox.com/slingbox.com/torrentsite.com/ that advise how to bridge the Provider's CPE and run DHCP/PPPOE/L2TP/whatever on their linksys home router. They won't be able to do this with your service. In turn two levels of NAT will break all sorts of stuff, including stuff UPNP commonly handles today, only resolvable via a CPE that can bridge. Stuff far more common than IPSEC. Most other prominent access technologies supports bridging (ADSL, Cable, etc.), it probably wouldn't be too much effort to have a tick box to do the same for your consumer, consider bridging is typically supported in the bottom of the CPE barrel. On Fri, Aug 5, 2011 at 9:35 AM, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Scott Helms" <khelms@ispalliance.net>
Again, you're not in any way shape or form representative. IPSEC IS less than 1% for residential Internet customers in the US and its not even 30% for business accounts. I have visibility into access networks around North America which gives me a sample size that is far larger than required for statistical significance.
Which is fine, but it does *not* justify not putting the check on the tick-list. You merely assign it a lower weight. "Whether to do it" is a cost-benefit analysis. "Not checking to see if you can have it for free" is malpractice.
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 4, 2011, at 7:08 PM, Dan Armstrong wrote:
On 2011-08-04, at 6:43 PM, Owen DeLong <owen@delong.com> wrote:
On Aug 4, 2011, at 2:55 PM, Dan White wrote:
On 04/08/11 14:32 -0700, Owen DeLong wrote:
On Aug 4, 2011, at 2:08 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
>> - Generic consumer grade NAT/Firewall > > Hobby horse: please make sure it support bridge mode? Those of us who > want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they be able to terminate IPSec VPNs? Note I did say TRANSPARENT router. That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address, that's a waste of a /30 block (sans routing tricks requiring higher end customer equipment). Multiply that by the number of residential customers you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
Owen
Realistically, how many home Internet consumers terminate IPSec VPNs?
It seems kind of silly to engineer a network around a tiny fraction of less than 1% of the population, doesn't it?
It seems kind of silly to engineer a network against a tiny fraction of less than 1% of the population, doesn't it? James R. Cutler james.cutler@consultant.com
You say waste, I say perfectly valid use.
Its waste to carve out of that many subnets without a good reason (and no the reason presented so far are NOT compelling, IPSEC works perfectly over a bridged interface).
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
If you want that then you need to run a router not have a /30 routed over your WAN interface. Its far better for your WAN interface to be part of a much larger subnet that we can in turn route a network to.
Owen
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
On Aug 5, 2011, at 8:13 AM, Scott Helms wrote:
You say waste, I say perfectly valid use.
Its waste to carve out of that many subnets without a good reason (and no the reason presented so far are NOT compelling, IPSEC works perfectly over a bridged interface).
If you're dealing with business customers, then your usage versus wasted ratio is much higher and less of a concern, but what's the point? Are you trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given to me in a routed environment in most cases.
If you want that then you need to run a router not have a /30 routed over your WAN interface. Its far better for your WAN interface to be part of a much larger subnet that we can in turn route a network to.
I was speaking from the service provider perspective. If I deploy CPE to a customer, I want it to be a router, not a bridge. Owen
I was speaking from the service provider perspective. If I deploy CPE to a customer, I want it to be a router, not a bridge.
Owen
Why? What is/are the technical or marketing reason(s) that make you want to deploy routers over bridges knowing that they are more expensive? For what kinds of customers? What kinds of access networks? How much do you want to spend on CPE gear? How much remote manageability? How much customer manageability? What about mass firmware upgrades, diagnostics, and other OSS functions? (AFAIK the only standards based option for management behind a router is TR-069). -- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------
You don't have to use bridge mode for this (and the Actiontec router VZ supplies with FiOS is capable of doing bridge mode, but unless you jump through some fairly esoteric hoops, doing so breaks the guide and VOD, trust me on this...oh and you have to jump through them every time you reset the damn thing for any reason). I set mine with my D-Link as the DMZ host and forward all traffic on all ports unimpeded to it, and it works; Poor Man's Bridge, but it works. Jamie -----Original Message----- From: Jay Ashworth [mailto:jra@baylink.com] Sent: Thursday, August 04, 2011 5:08 PM To: NANOG Subject: Re: FTTH CPE landscape ----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs. He didn't say IPv6 only, right? I have a couple of customers who can't get bridge mode on residence FiOS service, and therefore can't run their own routers to terminate IPsec. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Thu, 04 Aug 2011 13:30:35 PDT, Owen DeLong said:
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
I must be having a senior moment, but what in the world is a "transparent router" and how is it different from running in bridged mode? (Note that if if it's transmogrifying the packets in some way, it's not really transparent, and if it's not, it's basically bridging...)
On Aug 4, 2011, at 5:38 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 04 Aug 2011 13:30:35 PDT, Owen DeLong said:
On Aug 4, 2011, at 8:35 AM, Jay Ashworth wrote:
- Generic consumer grade NAT/Firewall
Hobby horse: please make sure it support bridge mode? Those of us who want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to be a bridge?
I must be having a senior moment, but what in the world is a "transparent router" and how is it different from running in bridged mode? (Note that if if it's transmogrifying the packets in some way, it's not really transparent, and if it's not, it's basically bridging...)
A transparent router (sorry, poor choice of terminology on my part) is a router which doesn't NAT or become selectively opaque (firewall). In other words, it forwards packets and it doesn't do any other arbitrary things to them at the whim of the ISP, but, rather passes along what the customer gives it to the ISP and vice versa without interference. It differs from a bridge in that it terminates the collision and broadcast domains on either side of it. Owen
On Fri, 2011-08-05 at 01:23 -0700, Owen DeLong wrote:
A transparent router (sorry, poor choice of terminology on my part) is a router which doesn't NAT or become selectively opaque (firewall). In other words, it forwards packets and it doesn't do any other arbitrary things to them at the whim of the ISP, but, rather passes along what the customer gives it to the ISP and vice versa without interference.
So... It's a router? I'm confused as to why the definition "router" exists to describe a device that NATs/selectively firewalls traffic, where "transparent router" describes something that just routes traffic. What?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 5, 2011, at 4:59 AM, Tom Hill wrote:
On Fri, 2011-08-05 at 01:23 -0700, Owen DeLong wrote:
A transparent router (sorry, poor choice of terminology on my part) is a router which doesn't NAT or become selectively opaque (firewall). In other words, it forwards packets and it doesn't do any other arbitrary things to them at the whim of the ISP, but, rather passes along what the customer gives it to the ISP and vice versa without interference.
So... It's a router?
I'm confused as to why the definition "router" exists to describe a device that NATs/selectively firewalls traffic, where "transparent router" describes something that just routes traffic.
What?
In the context of taking about CPE gear, it does seem wise to make the distinction. I suppose we can thank Linksys for that. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJOO7Y5AAoJEDSV5GS4KsJ4HeYIAIgFepq6FE58MXrUNXDrLxmq HojnMUmcjMuK1esyYwLTRUP5C8rGeGrvLRTABdVyilPuSwGcWZAs3lae+GTOutHF Q9vLn5czh/G56xBC+S+ksFBbkTplPP6T9O2rWWTJE4jZxrB947HeJeD1r0s1MLnc pHiIac2VNIhQngZviIREYa6SYrg0k+XYhgVIKJluVEeyk8YRaBueHkyADKQ1mpmq xbfXz0Xcc2RcPvEcLuVf46J8NE2fkE57c1/BlW2WnIcU5hg9Fr1PPxJ2qm83s+S6 OpgRyMfctSzGTg24RU06pcRvIdfZSduM17yBbo4vP6f5ka2c0CowUl180w8C8tc= =V1dA -----END PGP SIGNATURE-----
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
A transparent router (sorry, poor choice of terminology on my part) is a router which doesn't NAT or become selectively opaque (firewall). In other words, it forwards packets and it doesn't do any other arbitrary things to them at the whim of the ISP, but, rather passes along what the customer gives it to the ISP and vice versa without interference.
It differs from a bridge in that it terminates the collision and broadcast domains on either side of it.
It differs from a bridge in that *it requires a chunk of routable IP space to put behind it*, and a route to go there. For the specific situation I posited, a consumer connection, you can get a static IP, but you *will not* get routable space; you have to go to a business connection for that, at 2-4 times the cost. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 5, 2011, at 7:10 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
A transparent router (sorry, poor choice of terminology on my part) is a router which doesn't NAT or become selectively opaque (firewall). In other words, it forwards packets and it doesn't do any other arbitrary things to them at the whim of the ISP, but, rather passes along what the customer gives it to the ISP and vice versa without interference.
It differs from a bridge in that it terminates the collision and broadcast domains on either side of it.
It differs from a bridge in that *it requires a chunk of routable IP space to put behind it*, and a route to go there. For the specific situation I posited, a consumer connection, you can get a static IP, but you *will not* get routable space; you have to go to a business connection for that, at 2-4 times the cost.
That really depends on the ISP, doesn't it? Owen
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
It differs from a bridge in that *it requires a chunk of routable IP space to put behind it*, and a route to go there. For the specific situation I posited, a consumer connection, you can get a static IP, but you *will not* get routable space; you have to go to a business connection for that, at 2-4 times the cost.
That really depends on the ISP, doesn't it?
Sure. If you'd prefer, substitute "large, consumer ISP -- on the order of Verizon DSL or Road Runner". Both of those have told me that in the past, and, these days, I don't think they're unrepresentative of the common case. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Aug 5, 2011, at 10:47 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
It differs from a bridge in that *it requires a chunk of routable IP space to put behind it*, and a route to go there. For the specific situation I posited, a consumer connection, you can get a static IP, but you *will not* get routable space; you have to go to a business connection for that, at 2-4 times the cost.
That really depends on the ISP, doesn't it?
Sure. If you'd prefer, substitute "large, consumer ISP -- on the order of Verizon DSL or Road Runner". Both of those have told me that in the past, and, these days, I don't think they're unrepresentative of the common case.
Sure, but, there's more than one way to solve the problem. Owen
-----Original Message----- From: Jay Ashworth [mailto:jra@baylink.com] Sent: Friday, August 05, 2011 1:47 PM To: NANOG Subject: Re: FTTH CPE landscape
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
It differs from a bridge in that *it requires a chunk of routable IP space to put behind it*, and a route to go there. For the specific situation I posited, a consumer connection, you can get a static IP, but you *will not* get routable space; you have to go to a business connection for that, at 2-4 times the cost.
That really depends on the ISP, doesn't it?
Sure. If you'd prefer, substitute "large, consumer ISP -- on the order of Verizon DSL or Road Runner". Both of those have told me that in the past, and, these days, I don't think they're unrepresentative of the common case.
Knology DOCSIS (residential) here in Huntsville uses a bridged CPE, Arris brand. I like that, as I can use my own router and handle any NAT if I want.
Are you looking for an xPON ONT? Frank -----Original Message----- From: Jason Lixfeld [mailto:jason@lixfeld.ca] Sent: Thursday, August 04, 2011 9:58 AM To: nanog@nanog.org Subject: FTTH CPE landscape This isn't necessarily operational content, so I apologize in advance for the noise and thus encourage off-list replies (and/or flames). I figure the NANOG demographic might be able to point me in the right direction seeing as how far reaching into the industry the readership is. I'm doing research on potential FTTH CPE vendors and I'd like to poke around for some potential vendors to see who I've missed. The feature wish list more or less looks like so: - Small, wall-mount'ish form factor - 6-8 wire speed 10/100/1000 LAN ports - Generic consumer grade NAT/Firewall - Fixed BX WAN port - 1-2 POTS ports with SIP UA - TR-69 support for full CPE configuration (User features/configuration and SP features/configuration) - No Wifi (or the ability to disable it from the SP provisioning side) - DHCP client - 802.1q on LAN and WAN ports - Multicast - -48v input - Per VLAN egress shaping/policing over WAN port - DHCP option 82 support If anyone has something like this in the field or knows of a vendor who can meet these requirements in some fashion by product line or custom build, please drop me a line. Also, if anyone knows of any NANOG'esque FTTH lists, I'd welcome a subscribe URL. Thanks in advance.
Nope, Ethernet. -- Sent from my mobile device. On 2011-08-04, at 6:10 PM, "Frank Bulk" <frnkblk@iname.com> wrote:
Are you looking for an xPON ONT?
Frank
-----Original Message----- From: Jason Lixfeld [mailto:jason@lixfeld.ca] Sent: Thursday, August 04, 2011 9:58 AM To: nanog@nanog.org Subject: FTTH CPE landscape
This isn't necessarily operational content, so I apologize in advance for the noise and thus encourage off-list replies (and/or flames).
I figure the NANOG demographic might be able to point me in the right direction seeing as how far reaching into the industry the readership is.
I'm doing research on potential FTTH CPE vendors and I'd like to poke around for some potential vendors to see who I've missed.
The feature wish list more or less looks like so:
- Small, wall-mount'ish form factor - 6-8 wire speed 10/100/1000 LAN ports - Generic consumer grade NAT/Firewall - Fixed BX WAN port - 1-2 POTS ports with SIP UA - TR-69 support for full CPE configuration (User features/configuration and SP features/configuration) - No Wifi (or the ability to disable it from the SP provisioning side) - DHCP client - 802.1q on LAN and WAN ports - Multicast - -48v input - Per VLAN egress shaping/policing over WAN port - DHCP option 82 support
If anyone has something like this in the field or knows of a vendor who can meet these requirements in some fashion by product line or custom build, please drop me a line.
Also, if anyone knows of any NANOG'esque FTTH lists, I'd welcome a subscribe URL.
Thanks in advance.
participants (15)
-
Cutler James R
-
Dan Armstrong
-
Dan White
-
Eric Wieling
-
Frank Bulk
-
Jamie Bowden
-
Jason Lixfeld
-
Jay Ashworth
-
Kenneth Ratliff
-
Nathan Eisenberg
-
Owen DeLong
-
PC
-
Scott Helms
-
Tom Hill
-
Valdis.Kletnieks@vt.edu