Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Weaver]

It seems that my router, the Firebrick FB2900 has died. RIP. The whole LAN went crazy this morning, internet access was lost and I wasted a lot of time blaming WAPs, partly because of insane nonsensical error behaviour from iOS / iPadOS. It turned out that all the madness was due to the failure of DHCP. When the penny finally dropped it was because I went to AA’s control panel website Clueless which showed that both DSL lines supposedly went down at 7:30 on Friday morning. The principal way that Clueless determines up/down line state is from the non-reply to PPP LCP echo requests (PPP LCP ‘pings’). It is the Firebrick that replies to these LCP pings not the modems and so when the Fb2900 died, it made it look as if the lines were down as far as AA could see. Well, they weren’t effectively working, so a reasonable state report. Then I asked Janet to take a look at the Firebrick, no LEDs showing at all but the unit was still quite warm which says to me that the (internal) PSU was not completely dead.

I emailed AA about it, but no reply from a human; not surprising as there would have been no one around probably, given that by then it was Friday mid afternoon and every one would be heading home.

Luckily I have my FB2500 in the emergency equipment box, and a Solwise 4G wireless router, for total disaster situations. Getting the FB2500 set up properly was a real fiddle, which was my own fault as I have neglected it for five years and have no installed o/s updates not pushed new config versions into it. The old o/s was not compatible syntactically with the current modern-day config XML. The modern config has some XML attributes that the old o/s has not heard of, so I had to delete various bits to get it to load the XML config. I should have updated the o/s first but I needed to get the device working 100% on the internet so I wanted the Firebrick’s XML config to be good enough for the modern day state-of-affairs first. It did work ok-is even with the 2017 config so perhaps I should have upgraded the o/s first, benefit of hindsight when not in a kerfuffle state. Upgrading the o/s wasn’t simple. First I upgraded the boot loader, just to be a conscientious citizen. Then upgraded the o/s, which failed and I didn’t notice the fact - so UI could have been better surrounding the upgrade procedure. The reason it failed, so I discovered was that the o/s was so old that you can’t upgrade all the way in one leap - you have to upgrade in a number of intermediate steps. I think this is what are called the system of ‘breakpoints’ in the releases website. Again, the upgrade procedure UI could be better on the Firebrick. When it tells you to upgrade to v.vvv.vvv then it should be more greatly emphasised and it should explicitly say loudly that that the version number shown is not the one you desired, but an intermediate one and explain that. It took several intermediate upgrades to get there, but I managed it in the end.

After this it should be possible to upload the normal config. Because an FB2500 is not feature-compatible with an FB2900/FB2700 because the FB2500 lacks the 3G USB NIC ‘dongle’ feature, any mention of USB causes the config-load to fail. I wrote an automatic FB2900/FB2700-to-FB2500 converter program, first in awk, then in iOS Shortcuts, which was a pain as it’s incredibly slow. This gets run automatically if you try to use my standard uploader tool to upload an FB2900/FB2700 config file into an FB2500 router.

So, a very fraught day, with three hours of panicking and debugging and then wrestling to bring the neglected FB2500 up to modern standards. Note to self: every six months or so, upgrade o/s and config of backup routers in storage.

I see that AA will rent out Firebricks now. This might be quite attractive if it means that you can upgrade models. Will have to ask. I suppose there ought to be some way though. I will be always wanting to have two Bricks in stock. Since the Firebrick supports VRRP, I should really be exploiting that I feel. There are a couple of concerns about this:

1. I have been concerned about the scenario where a lightning strike takes out two Bricks not just one. I have lost a Firebrick to a lightning strike before, and that time AA just gave me a free replacement, which I thought was amazing. I now have a small 8-way ZyXEL switch between the modems and the Firebrick which now is really only there as lightning protection for the Firebrick. So perhaps that extra protection is enough to protect two Firebricks in VRRP. I presume that you would be mad to try two dissimilar models in VRRP pairing?

2. Janet asked the excellent question (she is starting to think like a sysadmin, so I tell her in praising her question) of how does the sysadmin know if a router has died if VRRP is hiding the state ? I have no idea, I said to her. I’m sure one of our number will know. There could be a Firebrick feature meant to address this, or some standard feature associated with VRRP, or an add-on standards-based monitoring solution might be required.

[tubaman]

The most likely cause of failure of your Firebrick is the power supply and that is probably repairable if you know someone who could do it. Failed electrolytic capacitors would be my guess. As for lightening protection of devices I'd say that the only sure form of protection is complete disconnection when storms threaten. Your Zyxel switch may offer some protection for the most minor of events but for anything more I rather doubt it'll make a lot of difference unfortunately.

[vic0239]

When my FB2700 died the power supply was the culprit. It's a self-contained unit so was very easy to swap out and A&A sent a replacement immediately. Hopefully your FB2900 will be the same. 

[burakkucat]

It seems that my router, the Firebrick FB2900 has died. RIP.

   

[Weaver]

Has anyone ever used VRRP ?

[dee.jay]

Yes, use it all the time - not seen it on consumer gear but I think the FB is aimed higher than that.

In Enterprise/DC networks it is used widely in VLAN's to protect against router/firewall failure. VRRP is an industry standard so is widely understood. The way it works is that your two devices agree on the IP that is to be shared, and they have a standby IP when they are not the "master" device. VRRP is active/standby routing where an election takes place to decide who is the master device for that subnet, and they adopt the virtual IP and answer replies for it.

The other devices monitor the master and if there is some error in the master then a re-election occurs and another device takes over. This of course is all transparent to all the end devices depending on that as their gateway.

[Weaver]

Thanks Dee.Jay. I need to read up on it. I’m not sure how on earth I am to connect the modems to a virtual router, or to two physical routers. A switch in between ? I already have one that just does MUXing / deMUXing of VLANs, between Firebrick and DSL modems, each modem being on a distinct VLAN from the days when I had four DSL modems. Any additional switch would introduce another single point of failure though no?

* Any thoughts on Janet’s question 2, anyone? 

… how does the sysadmin know if a router has died if VRRP is hiding the state ? …

I’m thinking it would be mad to use VRRP because in the event of a lightning strike, sod’s law I would lose two routers, not just one. Perhaps it’s time to revisit the old plan of having pairs of fibre media convertors inline between each modem and the Firebrick, to break the electrical circuit, since now I only have two lines so only need 2 * 2 convertors not 2 * 4. That’s assuming that I protect the MUX switch, but only one pair of convertors needed if I only protect the Firebrick. The cheap plan!

[burakkucat]

Perhaps it’s time to revisit the old plan of having pairs of fibre media convertors inline between each modem and the Firebrick, to break the electrical circuit, since now I only have two lines so only need 2 * 2 convertors not 2 * 4.

When I close my eyes, I see the following --

• Two incoming circuits each carrying an ADSL2 based service.
• Two ZyXEL VMG1312-B10As.
• One managed media converter, VLAN capable, with two Ethernet ports and one SFP cage populated with an optical transceiver.
• Optical fibre.
• FB2900 Firebrick with its SFP cage populated with an optical transceiver.
• Main switch.
• WAPs.

[Weaver]

Ah, of course, I forgot the SFP slot.

[burakkucat]

Ah, of course, I forgot the SFP slot.

 

Item number three on my list, above, needs to be as cheap as possible and readily available . . . just in case there is a big zap that takes out both VMG1312-B10As and the media converter (plus the SFP optic).

[Weaver]

I was thinking of the ‘in-line’ type of cheap fibre media converter.

[burakkucat]

Notice that my list has removed the small switch (Mux/Demux) replacing it with the managed media converter.

[meritez]

@Weaver do you want a few Mikrotik to replace the fb2900 with?

https://www.ebay.co.uk/itm/266031098588

[aesmith]

Has anyone ever used VRRP ?

I've only ever used HSRP originally because it predated VRRP and latterly because of the specific enhancements in the Nexus switches.  Also, I suppose inertia and lack of any perceived reason to do otherwise.

However I think the principle is the same, and I can't see how it could work without doing something on the PPPoE side as well. VRRP virtualises a LAN IP address only, not the whole router/firewall.  Behind that LAN address the two devices will each be autonomous and working independently so if configured for PPPoE they'll both be trying to talk to the modems. You'd need something to synchronise it so that the device that's VRRP active on the LAN is the only one active on PPPoE.

Could that be done in the Firebrick with events and a triggered script? PPPoE stays shutdown, but a script triggered by VRRP becoming active enables it?

[Weaver]

I’m wondering if using VRRP just moves the single point of failure to some new device that wasn’t required before? I suspect from what you say that VRRP is simply untenable in this kind of setup. And we have no answer to Janet’s question #2. I would need to know when a router dies, and I suspect that I would have to do something complicated myself with no built-in help to arrange to get that event notification.

@Meritez - there are many fans of Mikrotik here. I love the Firebrick because of its ease of use, the XML config that is editable and the free lifetime support from AA so that it’s a one-stop shop for problems be they network or router, it’s all AA’s problem. I need the AA support because of the crippling effects of the pain drugs that I’m on. Unfortunately now I will lose the one-stop-shop thing as 4G failure or semi-failure will not be something that AA can help with and it’s always there as something that will need debugging and monitoring. I’m hoping that this will only be a temporary stopgap until I can get FTTP. I’m working on that but I am far from hopeful, don’t dare let myself be so.

I’m assuming that AA will have to come up with a new smaller-9000 type of small Firebrick so that customers can cope with gigabit FTTP properly and I will be waiting for that.

I’m very pleased that you gave me that tip about the eBay sale - would appreciate further such. I will follow that link and read up about that product.

I forget, but I presume you use MikroTik yourself?