[ale] State of play re home Internet with static IP

Jeremy T. Bouse jeremy.bouse at undergrid.net
Mon Mar 4 22:12:09 EST 2019 

Running my own email services is just one reason, but even then my MX
ingestion is done outside my home network and it only funnels down to me
for storage (IMAP). I also have several web servers running along with
an OpenPGP keyserver cluster. Granted the web servers actually aren't
accessed directly through the static IP addresses I have either. For me
the main reason for the static IP addresses is the site-to-site VPN
connections which require static IP addresses for my GW endpoint. I have
2 Cisco ASA firewalls terminating site-to-site VPN connections. 1 ASA is
going back into my employers network for me to work from home, the other
is terminating into my AWS VPC. My websites are then serviced by
connections hitting Cloudfront with the AWS ALB as the origin with my
web servers on my home network in the appropriate target groups reached
via private IP address over the VPN connection. Cloudfront caches the
content on the edge and limits the amount of round trip traffic that
actually has to go over the VPN.

On 3/4/2019 10:05 PM, dev null zero two wrote:
> a couple dumb questions:
>
> why do y'all host email at home other than for learning / lab purposes?
>
> why do y'all need static IPs aside from email server purposes when
> dynamic dns works so well nowadays with cloudflare for instance?
>
> most next gen firewalls can take DNS in place of IPs for ACLs and
> rarely does any commercial internet facing service have just one IP
> address in any case (anycast, load balancing, etc)
>
> On Mon, Mar 4, 2019 at 9:58 PM Jeremy T. Bouse via Ale <ale at ale.org
> <mailto:ale at ale.org>> wrote:
>
>     I just dumped my Comcast Business Internet and Comcast Residential
>     Cable service at the first of the year. At that time Comcast was
>     raising the rate on the monthly router lease which I only
>     begrudgingly got because they said that was the only way I could
>     get a /29 static subnet so I was paying for the 50/10 internet
>     service, the modem and the static IP block. I went with AT&T
>     GigaPower fiber. I'm getting 995/956 as of my last speed test
>     yesterday.  So to address Joey's comment about it not being fiber
>     to the side of the house, I can claim with 100% certainty that I
>     have fiber all the way into my second story room where my router
>     sits as I watched the tech run the fiber up to the box and plug it
>     all up. Then again the ADSL service I had years ago before going
>     with Comcast was delivered over fiber to the beige box in my
>     neighbors yard across the street where it went from the ONC to
>     copper to the side of my house, but in the past couple years AT&
>     brought the fiber the last 25-50yards give or take to the side of
>     the house.
>
>     So far in the 2 full months I've had the service I've had no
>     outages and I'm pushing TBs up and down through it. The only port
>     blocking I've encountered is their old grandfather's firewalling
>     of 25/tcp outbound but nothing stopping ports inbound so far that
>     I've found. I have the same /29 subnet worth of static IP
>     addresses at $10 less per month than Comcast and AT&T doesn't
>     charge a monthly fee for the router and the installation fee was
>     waived for me. I'm currently paying half what I paid for Comcast
>     and have over 20x the bandwidth.  I was paying $150 to Comcast for
>     the Business internet and they were raising that so I went with
>     AT&T for $75 a month.
>
>     On 3/4/2019 7:24 PM, Jeff Hubbs via Ale wrote:
>>
>>     After many years at the status quo (AT&T UVerse and POTS land
>>     line) I'm finally looking into a rework of the home telecomm
>>     situation.
>>
>>     I have two main drivers that are forcing the decision:
>>
>>      1. Even after the shortest of power outages, upstream UVerse
>>         service goes dead and stays dead for 10-20 minutes. This was
>>         not always the case but in the last few years it's been the
>>         "new normal;" my wife works at home via VPN enough that
>>         that's a problem, and it's no good for me either. Yes, I have
>>         UPSses out the wazoo on everything and it doesn't matter.
>>         I've tried to get through to AT&T by phone to at least get
>>         the problem acknowledged but that's been impossible.
>>      2. There's a good chance I might be leaving town for my next job
>>         for an unknown amount of time, but that won't mean that I'll
>>         stop being the "IT guy" for the house; I will simply *have*
>>         to be able to shell in from the outside. If there is such a
>>         thing as a "reflector" service that sits on the Internet -
>>         even if it's my own server somewhere - that gives me a way to
>>         tunnel in reverse through some kind of connection that's
>>         initiated from inside the house, I don't want to be dependent
>>         on it.
>>
>>     Being able to run my own Internet-reachable web and email servers
>>     in the house is anticipated but is secondary to those two main
>>     drivers. 
>>
>>     It is my understanding that only AT&T and Comcast serve my street.
>>
>>     I've spoken to a rep for Comcast Business and they're telling me
>>     that within reason (with respect to affected region(s) and length
>>     of outage, I presume) their service will remain unaffected by
>>     power outage. That handles 1. above, and they also offer as few
>>     as one static IP address which should be sufficient to handle 2.
>>
>>     I have not yet called about any of AT&T's business residential
>>     offerings but when I got a flyer in the mail about some kind of
>>     fiber service being available in my neighborhood and called to
>>     inquire, I couldn't get anything even remotely like a straight
>>     answer but the upshot was that no, the fiber service wasn't
>>     available to me. I'm quite rather done with AT&T, to be honest.
>>
>>     Comcast says they can give me a VoIP-like service that can
>>     optionally use my old phone number. I'm undecided on that; the
>>     phone rings with random robocalls and other solicitations 3-5
>>     times a day (Do Not Call list notwithstanding) and there are only
>>     3 living persons whom we know who ever, *ever* call that line.
>>
>>     We would like to have a TV service with DVR available and it's my
>>     understanding from talking to Comcast that it would have to be
>>     Xfinity piggybacked on the Comcast Business service. It would be
>>     either that or satellite to still have DVR. I've never dealt with
>>     satellite service before but the houses to either side of us have
>>     it. I've built an HDTV antenna and mounted it in the attic but I
>>     haven't completed the cabling to know for sure how well it will
>>     work, and if we went that route, there'd be no DVR unless I went
>>     the whole MythTV (or equivalent) route and I'm really not willing
>>     to try that again.
>>
>>     I'm all (rabbit) ears, so let your replies rip.
>>
>>     - Jeff
>>
>>
>>     _______________________________________________
>>     Ale mailing list
>>     Ale at ale.org <mailto:Ale at ale.org>
>>     https://mail.ale.org/mailman/listinfo/ale
>>     See JOBS, ANNOUNCE and SCHOOLS lists at
>>     http://mail.ale.org/mailman/listinfo
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     https://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
> -- 
> Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20190304/5510b448/attachment.html>

More information about the Ale mailing list