[ale] AT&T fiber and IPv6?
Michael Still
stillwaxin at gmail.com
Mon Feb 14 12:55:43 EST 2022
On Sun, Feb 13, 2022 at 11:21 AM Derek Atkins via Ale <ale at ale.org> wrote:
> Hi,
>
> Yes, the ONT is the Optical Network Terminal. It's a small box that
> converts the fiber to ethernet, which then plugs into your network. AT&T
> requires their box to authenticate over the ON to bring your network
> online. And yes, an ER-4 is the Edgerouter 4. I had an ER-X in place,
> but it can't switch fast enough to keep up with a fully-loaded 1Gbps
> symmetric service (but the ER-4 can).
>
> The biggest issue I have had with the AT&T devices (and note that I also
> have a /29 of static IPv4 with them) is that even when using my static
> IPs, If I go through their gateway then I am subject to their NAT Table
> size limitations (and the added latency of their box). This was the
> primary reason I went with an architecture to remove their box from my
> data path: to remove their NAT table limits. The fact that it also
> removed about 10ms of latency is just an added bonus.
>
> I've never used a UDM Pro. It's certainly possible that you could set up
> the EAP Proxy service there. The fact that it uses SFP shouldn't make a
> difference, but you will need 1000BaseT ethernet for the ONT input.
>
> Beyond that, I cannot really talk about the stability or reliability of
> their IPv6. Like I said in my first post, I found that IPv6 performance
> wasn't as good as IPv4, but that was "by eye". I can't really find a good
> way to measure that because speedtest is a false test (it only tests from
> your device to the other end of the fiber, effectively), and fast.com
> (which is a more realistic measurement) doesn't do IPv6. And I turned it
> off because facetime stopped working (but again, I suspect that's due to
> firewall issues). (FYI, I still do the DHCPv6-PD; I just turned off the
> announcement of the delegation onto my LAN network).
>
I'm not sure if this is anything that's changed recently or is a Comcast
specific thing but I just ran a test from fast.com on my Comcast connection
here (city of Atlanta) and it used IPv6.
>
> I elided the fact that I have two Edgerouter products on my network; I've
> got an ER-Pro8 behind the ER-4, so that is likely part of my facetime
> firewall issue. I just didn't spend a lot of time on it.
>
> -derek
>
> On Sun, February 13, 2022 10:47 am, James Sumners (ALE) wrote:
> > Let’s assume I’ve only ever picked up fiber cable and never actually
> > installed or managed a network with it. From your diagram, I am picking
> up
> > that the ONT is the device where the fiber terminates in my house, and
> the
> > ER-4 is an Ubiquiti Edge Router.
> >
> > I am likely to be getting an Ubiquiti UDM Pro to replace my pfSense box
> > (given that I no longer need to care about tracking total bytes across
> the
> > WAN interface). This gateway device has SFP+ ports. Would those factor
> > into your diagram in any way?
> >
> > How does using the AT&T gateway device as an authenticator only device
> > change the IPv6 reliability?
> >
> > On February 13, 2022 at 09:43:29, Derek Atkins
> > (derek at ihtfp.com(mailto:derek at ihtfp.com)) wrote:
> >
> >> Just a small correction -- while AT&T does require their box to be
> >> online
> >> for 802.1x authentication, you can absolutely design a network where the
> >> AT&T box is not in the data path! Indeed, I've done that here. Basically
> >> my network looks like:
> >>
> >> --fiber-- [ONT] ---- [ ER-4 ] --- LAN
> >> |
> >> [AT&T Box]
> >>
> >> Using EAP Proxy and some firewall rules allows this to work and -- viola
> >> -- AT&T box is no longer involved in your day-to-day data usage.
> >>
> >> -derek
> >>
> >> On Sun, February 13, 2022 9:23 am, James Sumners \(ALE\) via Ale wrote:
> >> > Sounding a lot like I’ll be hoping Comcast actually tries to compete
> >> now
> >> > that AT&T has brought actual broadband to my area. 😔
> >> >
> >> >
> >> > On February 12, 2022 at 19:17:58, Bryan L. Gay (ale at bryangay.com)
> >> wrote:
> >> >
> >> > I had both Comcast and AT&T Fiber for years in Kennesaw. I was never
> >> able
> >> > to get IPv6 delegation working reliably on AT&T, even after they
> >> stopped
> >> > doing 6rd. I have Comcast now at the new place, 1.2Gbps downlink, and
> >> have
> >> > never had an issue with Comcast's IPv6. AT&T just never seemed to get
> >> > their act together. While having 1Gbps symmetric over IPv4 was great,
> >> and
> >> > it was less expensive, I'm happily on Comcast, now. AT&T requires you
> >> use
> >> > their gateway, which introduces other recurring problems. On Comcast,
> >> I
> >> > own my own DOCSIS dumb modem.
> >> >
> >> > On Fri, Feb 11, 2022, 17:06 James Sumners (ALE) via Ale <ale at ale.org>
> >> > wrote:
> >> >
> >> >
> >> > Earlier today AT&T attached some fiber to the pole directly across the
> >> > street from my driveway. I’m sure it will take them another month or
> >> two
> >> > to activate the line, but I want to go ahead and solicit some
> >> knowledge
> >> > from you folks.
> >> >
> >> > Currently, I’m on Comcast (plain residential). I despise the business,
> >> but
> >> > their network people are top notch and have rolled out a nice stable
> >> IPv6
> >> > network. They assign my WAN interface a `/128` and allow network
> >> > assignments via a `/64` or `/60` prefix delegation over DHCPv6. The
> >> `/60`
> >> > allows me to create multiple VLANs in my house for things like IoT
> >> devices
> >> > separate from my primary devices.
> >> >
> >> > Does anyone have experience with AT&T’s IPv6 implementation? Would
> >> > switching to them be mostly transparent in this regard? Are there any
> >> > “gotchas” that I should be aware of?
> >> > _______________________________________________
> >> > Ale mailing list
> >> > Ale at ale.org
> >> > https://mail.ale.org/mailman/listinfo/ale
> >> > See JOBS, ANNOUNCE and SCHOOLS lists at
> >> > http://mail.ale.org/mailman/listinfo
> >> > _______________________________________________
> >> > Ale mailing list
> >> > Ale at ale.org
> >> > https://mail.ale.org/mailman/listinfo/ale
> >> > See JOBS, ANNOUNCE and SCHOOLS lists at
> >> > http://mail.ale.org/mailman/listinfo
> >> >
> >>
> >>
> >> --
> >> Derek Atkins 617-623-3745
> >> derek at ihtfp.com www.ihtfp.com
> >> Computer and Internet Security Consultant
> >>
> >
> >
>
>
> --
> Derek Atkins 617-623-3745
> derek at ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
[stillwaxin at gmail.com ~]$ cat .signature
cat: .signature: No such file or directory
[stillwaxin at gmail.com ~]$ cat all-opinions-are-my-own
All opinions are my own and do not represent any of my employer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220214/d8d5b658/attachment.htm>
More information about the Ale
mailing list