Kitz Forum
Broadband Related => ISPs => Topic started by: bignose2 on February 06, 2022, 10:44:22 AM
-
Hi,
I already have 2 ISP line Zen & Vodafone. both FTTC 70 down & 11 Up. very reliable both.
I have on same LAN IP range but the VF static IP so can route a few PC's & phone system to use that but I have access to any devices from my main PC.
I would like to bond the two lines just to make of the any spare BW at anyone time & potentially really fast single connection if needed.
I am struggling to work out the costs.
AAISP seem to be the real deal but expensive, seems £200 per month & not sure if that does inc the 2 line rentals, not that clear or either I being stupid. (I still need a normal phone number/line)
Sharedband appears to be £34 pm or appears less on broadbandbuyer.co.uk, as a package but £120 per year each line.
This IS on top of the current lines but Zen + VF + £34 (or 240/12= £20) is still half AA & I don't think (not sure) there is a data limit.
Never had one before & not sure if 10TB on A&A might just show up. So much 4k streaming on multiple TV's & business use & VOIP calls etc. especially when ISDN is shut down.
I know CS & quality equipment can be the most essential/critical but is this one of those things that might just work & forget about it. In all the years of BB & many ISP, I have had exactly the same 99% reliable connection & speed. Perhaps lucky.
An experience of either.
This is a really would like to have but not quite essential.
Have emailed evolutions & quick reply but no hint of prices & I know a 100's of options but just annoys me when there is absolutely no idea of costs. Perhaps good sales but I often won't bother any further thinking, if you have to ask you can't afford it. childish I know.
Many thanks I/A
-
Have you considered session bases load balancing, where you could keep your existing ISP’s ?
-
If you only want the speed for multi-threaded downloads (OS updates, game downloaders, game consoles, etc) not uploads, then load balancing makes more sense.
-
Welcome to the forum!
I have three bonded lines from AA, have been with them for over eleven years. Triple speed in both directions. The £200 per month figure sounds like Office::1 perhaps? I don’t use that, I have three Soho::1 accounts and it’s rather cheaper than that for my three lines never mind two. It’s difficult for me to tell you exactly how much my three lines costs me because my bill contains other services such as 4G SIMs, email, DNS, domain name renewals x many etc. I pay line rental times three to AA as well.
I have a Firebrick FB2900 which handles the bonding at my end, AA’s Firebricks do the same at their end. If all lines fail it switches to 3G.
AA gave me a free IPv4 /26 and of course I have IPv6 too. No NAT :) ! Just ask for the IPv4 space you need.
I recently did a post for someone else about the good things I find about AA, just need a bit of help finding it.
-
I recently did a post for someone else about the good things I find about AA, just need a bit of help finding it.
I have checked your last 675 posts, which took me back to the end of May 2021, and could not find the above post.
-
Me too. I seem to remember posting a long formatted list of good things I find about AA. Perhaps I’m dreaming it, or the iPad ate it. I seem to remember we were also perhaps talking about Zen. I don’t think it was that long ago, but am unsure of keywords to search for. I presume it’s not possible to search for bbcode such as the [li][/li] markers.
-
I seem to remember posting a long formatted list of good things I find about AA.
Yes, that is exactly for what I was looking.
-
Many thanks for the AA info.
I was looking at Office package thinking that was the best for bonding but will be very pleased if I can bond 2 lines & cheaper as AA does look like the slickest option
Can do some better research on Monday when the companies are open but good to have personal real world experience.
Thanks again.
-
You can add bonding to any package with no extra cost. For Home::1 or SoHo::1 you just buy two lots of that for the two copper lines and then ask them to click the options on their control panel and reporting server clueless.aa.net.uk (a spectacular control panel and display where you can change a mountain of things yourself).
For upstream, a Firebrick handles the upstream bonding. You can rent a Firebrick from AA if you prefer, so I believe, saves you the upfront outlay. It of course needs two modems. I use ZyXEL modems that have custom firmware in them allowing full IP MTU of 1500 bytes. `it’s not the end of the world if you’re restricted to IP MTU 1492 not 1500 bytes, but I prefer to be free from the restriction.
-
I found the earlier post about AA, it’s at https://forum.kitz.co.uk/index.php/topic,26696.msg447641.html#msg447641
-
I found the earlier post about AA, it’s at https://forum.kitz.co.uk/index.php/topic,26696.msg447641.html#msg447641
D'oh! :doh:
My only excuse for not spotting it was probably due to me having a micro-nap whilst scrolling through the list of your posts! :D
-
It had the words "Andrews and Arnold" in it, and not "AA", that’s why we couldn’t find it, no?
One other thing to consider about bonding is the fantastic reliabilty. You will get nearly 100% uptime, bar major service outages. If you get a Firebrick then put a 3G or 4G dongle in it for even more reliability.
See below a picture of my control panel with traffic rates and latency, packet loss shown. The IP addresses have been redacted: 81.187.xx.yy/26 and 2001:8b0:xxxx:xxxx::/64 and various other single IPv4 addresses, eg for WAN i/f addresses and 4G SIMs.
(https://i.ibb.co/kqmqX1c/1-BCFE2-B7-7134-4275-86-E9-183115-F4-A699.jpg)
-
This image is a really poor quality jpeg. It’s a screenshot which looks fine, sharp and perfect on my iPad. How can I improve the quality of the uploaded version a lot ? The postimage.cc website uploader must be messing it up when it converts to a jpeg.
Don't upload it to postimage! As long as the size of the file is under 300KB, attach it to the post.
-
No, it was way too big, I think 3 MB iirc.
I used imgBB instead for uploading, which gives you size/quality controls. It’s much more fiddly though because like most of these sites apart from postimage.cc it gives you a link to a web page that wraps round the image, whereas what you want is a direct link straight to the picture. Nothing prevents you from getting the address of the picture itself on imgBB so it’s fine; just a bit more of a fiddle though.
-
Thanks for everyone taking the time to advise,
Still investigating but AA does look like the way to go.
I don't mind the upfront cost, to a point. I like to keep the monthly within reason.
What got me looking a little harder into bonding was as well as general overall improvement was my daughter often works from home at our house and really struggles with speed.
I imagine could be a multitude of reasons but her VPN (cisco anyconnect) slows to a crawl on my internet.
any other PC = 70 down & 11 Up. VPN using any online speedtest & confirmed by just general slow file download,lucky to get 5 down & 2 up -usually worse & have had 0.3 upload.
Her company & Zen (FritzBox) both say nothing to do with them but no way of finding out really but do read Anyconnect is pretty bad on speeds.
It is much better at boyfriends on Virgin (not 100% sure which one but I guess minimum 150mbps).
Perhaps more VPN friendly modem or just raw speed enough to overcome.
I don't expect anyone to advise on what to do about the VPN but just mention. Also someone advised load balancing & perhaps it would help a bit but think/hope bonding would give the best chance. When speeds were bad we made a point of not using anything else that might effect bandwidth.
Thanks again.
-
bonding will not change the bandwidth on a vpn, you are still limited by the upload speed of the vpn server.
I'll give an example, I have a vpn client that can connect to a vpn server on a 24/1 ADSL connection, the fastest speed my vpn client can download over the vpn is 1, as that is the upload bandwidth of the ADSL connection.
-
Hi,
I did wonder, seemed strange as I had so much spare speed but as it is fine on Virgin & most of her colleges who have really fast FTTC or FTTP do not have a problem I just figured the VPN overhead somehow just coped better if the raw speed was really high.
I don't know much about VPN's, never really used myself but read some have well over 70% loss, even up to 90% but improved when they got better services.
It is a really, really big company & whilst I guess they can be lazy & often the worst I would think v.well resourced.
I always come back to, never, ever had a problem at boyfriends but frequently had to get in the car at my house & go there & carried on working fine.
Is not a deal breaker anyway, I have the two lines & going to be years to FTTP so unless cost's a fortune prefer to just get it sorted now.
So disappointed as a month ago, hoards of BT engineers swarmed down our lane. Great I thought FTTP. Turns out Point To Point for a resident, up & past my house & business. I know different tech but why they don't either offer or pull more cables through as they go.
I guess if the cabinet is not ready but when aiming to roll out FTTP to as many as possible, why not do it then!
I know a lot still on ADSL but we were v.slow to get FTTC and don't think a handful of houses and couple of business are going to be anytime, soon/ever.
-
My bonded setup multiplies the speed of single flows upstream or downstream, single transfers. So should double the speed of your VPN. My upstream speeds are very ill-matched for some reason so things are complicated; out-of-order packet delivery could be a danger in some situations and receiving system might whine about that or go somewhat slower than double. If your lines are the same as one another then things are quite simple.
-
Have you discounted load balancing
-
Does "load balancing" mean assigning different flows to various pipes, requiring multiple flows to be present ?
-
Essential yes. It’s like a bonded line on multi thread, without the cost. I have 2 x FTTC and 1 4G session based load balanced. A speed test on a multi thread gives the sun of all three :P
-
Hi,
I was preferring the idea of proper bonding.
Many years ago I did load balancing on adsl, it worked pretty well & had its uses but did not really double up on the speed a lot of the time, it also would complain/error sometimes (& I really cannot remember when or where) but www's knew it was from two different IP's & security on www's would have issue but really don't go on my v.old memories if thinking of trying.
Speed checkers seem to be able to report the full combined speeds but often downloading or streaming just used one or the other that was allocated from the router.
Might be different now & better routers etc.
I would be interested in the experience of the previous poster, can't see the name whilst replying.
-
A few notes about the graph image I posted earlier (https://forum.kitz.co.uk/index.php/topic,26766.msg448874.html#msg448874): The key to the graphs is on the extreme right, may need to scroll.
Just after midnight until 02:00 you can see live streaming video being transmitted at 3 x 1 = 3 Mbps. The downstream speeds of the three lines are fairly close to equal, upstream is a different story. At around 04:50 there’s a short upload, flat out - notice the flat tops of lines 2 and 4. Line 1 has the fastest upstream by far, so the behaviour of TCP means that it’s not completely maxed out. At 11:00 you see an enormous upload taking half an hour; this was a backup of an iPad I suspect.
Line 0 "Dongle (3G) for FB" shows a burst of packet loss (red) at around 12:40 and a decrease in latency (dark blue). This is some kind of weird problem where a 3G USB NIC connected to my Firebrick router disconnects and reconnects to the 3G network, for reasons unknown. Should ask AA what they think about it. The packet loss has been detected by AA’s servers because they send a PPP LCP echo request (other type of ping) every few seconds and if they don’t get a reply then this is shown on the graph as red coming down from the top, the height indicating the percentage of PPP packets lost.
-
It’s changed a lot since then. I don’t know of any servers that don’t like multiple IP’s, I’ve never had an issue. Many users on here use this technique. But, you can always route a single IP to the preserver if necessary. My thruput for all uses is certainly good. My services only give 20/2 at best ( 4G better but variable)
-
I ought to explain that the internet only sees one IP address as the endpoint of a flow when the flow is split three ways. The server at the other end and routers in the middle have no way of knowing about the existence of the line bonding as it’s all hidden by the Firebrick routers at AA and my own Firebrick.
The service charge cost is literally zero. AA doesn’t charge anything for bonding. You need to buy or rent a Firebrick which must be the higher software variant called "fully loaded" and you need to pay for two lines unless you’re using the Office::1 package which includes the cost of three lines iirc. That’s one of the all-you-can eat services where you can download as much as you want without extra charges.
-
I'd have to agree with full bonding here, as it sounds like the problem is mostly the lack of upload bandwidth.
-
I imagine could be a multitude of reasons but her VPN (cisco anyconnect) slows to a crawl on my internet.
I don't see why Anyconnect would need appreciably more bandwidth. There's a bit of overhead of course with the IPsec and UDP encapsulation but that wouldn't be a big percentage. Have you looked at round trip times from home to her VPN head end, via each of your two ISPs? I'm assuming that her VPN works OK from other Internet connections, and that she is a normal end-user type user and therefore downloading more than she uploads.
-
I also have 2 ADSL connections at home which I load balance and it works great, especially if you have multiple users, but its also true it doesn't function exactly like a single connection for single stream applications - for this you are right you need a bonded connection. I haven't had any issues with multiple IP's myself.
Personally I decided not to go down this route as it was much more expensive, it sounds like you have a different usage case to me.
I am waiting for a (realistically priced) FTTP option to decommission the second line, unfortunately I live in the boonies.
-
Hi,
I was the original poster.
Have ordered from A&A, 2 new lines to take over the Zen & Vodafone.
Switch over 22nd Feb so will report back.
Very helpful sales & tech.
Most don't talk about cost but I would have found it helpful so here it is.
Line 1 £35 - less than 2) but I have to add my own voice
Line 2 £45 - to inc. line rental (no voice)
£20 FireBrick Rental (might buy outright at some point but are v.expensive)
£16 voice line rental to go with Line 1
All + VAT. (bonding included) Soho 1.
Pretty sure accurate but would not want to put someone off or encourage if I have made a mistake.
Around £55 inc VAT pm more than I was paying for the 2 lines but for me worth it.
Would have had to buy a new router to load balance and in my case have BT move one socket which I did not really want, in a slightly remote location, business office & as a fail safe can still plug direct to the BT socket there. 60m between. (easy to run a Cat6 for the modem to firebrick)
Thank for all your advise.
-
£20 FireBrick Rental (might buy outright at some point but are v.expensive)
This was my setup before I moved to FTTP and it worked flawlessly. I now have a Firebrick FB2700 which I no longer have any need for if you are interested. Granted not the latest model, but "fully loaded" and has a new power supply. I had it out recently to update the firmware and it still does the job.
-
I would have probably taken my chances with VoIP as its a lot cheaper than line rental, though as the issue at hand is potentially lack of bandwidth I can see why you might want to avoid this.
I do believe moving from line rental to VoIP is easier with AAISP though and you will be able to test it out for reliability first by keeping line rental for now.
-
If you don’t need a physical voice line you can always go VoIP with A&A, but then you already know that and it only saves you £6.
I didn’t add up all the numbers because I don’t have that info to hand; my wife is the financial director. I also pay a load of other charges to AA such as email, web space, DNS hosting, domain renewals x lots, many 4G SIMs so I couldn’t just look at the bottom line and quote you that without being very misleading.
I gave away my own FB2700 to another kitizen because I already had both an FB2500 and an FB2900. As vic0239 says, an FB2700 would do the job for you fine, they’re claimed to do - what - routing of 350 Mbps ? Is that right ? But for all I know they may do more than that unless the firewall config might affect that, not sure.
-
Hi,
I started this thread and very pleased to say went live yesterday with the two bonded lines.
Getting almost exactly the combined rates, fortunately both were v.close before.
70 & 13 + 75+11 = 138 down & 23 up max, average fraction less but not by much.
FP2900
Sales & support reply in minutes usually so been & very smooth process.
The router config is taking a bit of getting use to as nothing quite like it.
I have asked rather a lot of questions of them to get up & running so would quite like to ask here some of the more non-urgent stuff & from the prospective of others who have set up.
1) Is there a way in the FB status to view/list the devices attached that are on static IP's.
I know can see those on DHCP. Status/DHSCP/Lan
I can use external programs but assume the FB keeps track & has a list somewhere.
2) I may have to ask them but for ease I got the two zytel modem from them, just plugged in & no config.
my IP range is 192.168.2.1 - 154.
Do you think the modems are on 1.1. I cannot access from the LAN as on the different subnet, I would quite like to view their www & status from time to time. Can I change to my .2. range. I guess would have to plug a separate PC in direct.
3) Would quite like to plan a fall back system. Unfortunately my setup mitigates slightly the great benefit of bonded lines, I have the two modems 70m apart so if this was broken the furthest would not access the FB, the 2nd is right by it so that would be OK.
If I am around I can fix any breakages (not happened in 20 years but is outdoors) but if away my staff would be in trouble.
I would like to be able to unplug this modem & plug in another that is already set up with router/dhcp facility so that remote office is back online.
I might be over complicating this, I guess a modem with the same WAN settings but just with DHCP enabled (& not bridge as they currently are) & it might just work. I guess the question is does the A&A ISP side need to see a firebrick, again I guess a question for them.
Thanks I/A
-
Sounds like a successful install.
Can't answer 1.
2. Depends on how the zyxels were configured, if all ports are in bridge mode.
3. That's some distance, is it possible to have the FB in the middle and run cables either side?
-
Hi,
The zytel auto configured when plugged in & they then went into bridge mode.
I have spare routers so think I can set up to take over the WAN & then do its own DHCP, it is really just this remote office that has the BT socket & now zytel modem & then 70m outdoor cable (its along a secure wired fence) basically I have a boarding kennels, my home next door with the FB & main 24 port switch & usual home stuff, multiple TV, sky netflix etc etc.
I am not sure if AA ISP will complain if it does not find a FB.
Will let things settle then may look at options.
-
What Zyxel models did they send? They've gone through a few over the years.
-
What Zyxel models did they send? They've gone through a few over the years.
Mediatek ;)
-
What Zyxel models did they send? They've gone through a few over the years.
Mediatek ;)
The ZyXEL VMG1312-T20B, I believe. :)
-
Mediatek ;)
Well well, how disappointing.
-
Well well, how disappointing.
Perfectly decent if configured for BT MCT DSL Interoperability, as A&A do: https://drive.google.com/file/d/1Io_GS_yzhKuyN6kRrl_2uE55L9sRRNhP/view?usp=sharing
-
1) Is there a way in the FB status to view/list the devices attached that are on static IP's.
Only by viewing the ARP table: Status - ARP/ND
-
Perfectly decent if configured for BT MCT DSL Interoperability, as A&A do: https://drive.google.com/file/d/1Io_GS_yzhKuyN6kRrl_2uE55L9sRRNhP/view?usp=sharing
That's the first I've heard of this and it implies we should have been doing this with Broadcom units too to make sure they meet BT spec.
-
Hi,
All been working pretty well apart from a few strange drops in speed, woken up to big reduction in speeds, from 130 Mbps to 10 to 20!!
fine throughout the day, many tests.
Turn off Modem 1 and get the full speed from modem 2, 70Mbps
Turn modem 1 back on back up to 135Mbps for both bonded.
Trying to look into that as before migrations never had a problem.
The most annoying aspect of this that leads me to a new question is unable to log into the Zyxtel VMG1312, actually just factory reset because AA could not work out why any of the passwords would not work.
Would have been very handy to monitor the SNR etc but been unable.
Hopefully can access now but might like the option to be able to use my old trusty & familiar TP-Link VR600
AA have spent a long time trying to help with the Zytel & even the TP-Link VR600 but understandably with the Zyxtel working don't really want to spend ages trying to sort my router so thought ask here.
Mostly working but no internet via the FireBrick
Bridge Mode, Says connected to the internet
the FB shows WAN 1, green flashing LED but no yellow, just the odd flash I guess trying to connect.
Is there anything obvious I can try.
Turned off IPv4 SIP
there are numerous ALG setting all ticked, have left as thought when put in bridge mode all the important stuff would be adjusted.
bridge in the only interface available.
Thanks I/A
-
Have you factory reset the Zyxels?
-
AA staff are very patient. I recommend you make an account for AA staff to remotely log in if you haven’t already done so.
I have managed to configure my Firebrick so that I can log into my VMG1312-B10A modems. AA has their own recipe (which is in the support wiki - just ask) however I preferred a different system of addressing my modems compared to that in AA’s technique: mine all have IPv4 addresses 192.168.1.1, 192.168.2.1 etc and each is in its own /24 subnet.
With modems in bridge mode, everything to do with routing and NAT (if you use it) is handled by the Firebrick. I would recommend you consider you not use NAT and just ask AA for the number of IPv4 addresses you need. (I don’t use NAT).
Did you say one of your modems is 70m away? I would ensure that I’m using top-quality CAT6A ethernet cable for a long run. (CAT5E may be fine but I would spend a little extra from paranoia). Any ethernet PDU corruption would cause the symptoms of slowdowns due to TCP retransmissions. That would show up on AA’s CQM graphs as scarlet packet loss ("dripping blood"). I have been thinking about doing (rather shorter) similar runs and I was thinking of running hi-spec cable inside polyethylene water pipe. Can you consider asking AA to book OR to do a "change point of entry" to get the master socket moved to a convenient point for you, or isn’t it like that? (I had this done for my first line: cost was modest.)
The FB diagnostics menu has a lot of excellent tools in it, for debugging problems.
I could send you a copy of my FB config but it won’t be compatible with yours on account of IP addressing layout, passwords, many irrelevant DHCP static assignments, and huge number of very long comments to remind me on how to make future changes. It might be more helpful to just read it and steal any bits you like.
I recommend you make an account for AA staff to remotely log in if you haven’t already done so.
Any help at all with anything, please don’t hesitate to ask.
-
I would ask AA before factory-resetting the ZyXELs to see if AA has included any special BT/OR- or AA-related stuff.
My VMG 1312-B10A modems have an AA-supplied config in them, which is in XML so easily editable. I adapted it where necessary for each modem (unfortunately my modems have unique admin IPv4 addresses) and wrote a quick program to write out a customised per-modem file for each.
> That's the first I've heard of this and it implies we should have been doing this with Broadcom units too to make sure they meet BT spec.
Well, I’m assuming that AA did this for my own VMG 1312-B10A modems so I should expect to be fine.
Can you post some of your AA CQM graphs - that will have been the first thing AA looked at.
-
Hi,
Many thanks for your very detailed reply,
So far this morning working OK but do want to investigate & prepare while I have the time.
I factory reset whilst chatting to AA so they could resend the config immediately. (reminds me must save the config)
I can now log in & at least view the SNR etc before rebooting the T20B if it happens again.
Speeds OK this morning but before had been OK 3 out of 5 days
Is 70m away on quality Cat6, it appears to have been the local (7m away) modem that failed as powering on/off that fixed it but I guess perhaps could have been an in balance to the FB. AA did think this would be OK, but not ideal.
Trying to avoid moving the BT socket, this remote modem is in a separate office & originally backup if my house had power cut or this link was broken that it would continue to work, now bonded not so easy as of course would need to swap in a modem/router & AA would need to config at their end but they said this could be done. This is basically if I was away and my staff (non-tech) could recover.
What I would like to do it get my previous VR600 modem working to test if is slows down again, should be the easiest way to rule out the Zyxtel but just cannot get it to work with the FB.
Have it set up as far as I can tell the same as the T20B. same IP, range etc, Bridge mode, says has internet .. AAISP.
FB WAN1 Green flashing so think connected but just the odd flicker of the yellow.
Will look at the diagnostics of the FB but would really like telnet access so I can chart the T20B SNR & errors etc, use to use routerstats many years ago but does not seem to play nice with the T20B, the T10B is listed as compatible.
One thing I don't quite understand is how the modem & FB IP's link & how to change. My LAN is 192.168.2.0/23
both modems are 192.168.1.1, in the FB Interface/IP subnet on the interface/192.168.1.33/24
This is in the DHCP of the modem, does the FB simply use that 1.33 as specified.
As the other T20B is the same & I would like to view over my LAN & assume cannot connect it to the LAN as will conflict with the other. on same 1.1
What would be the smart way to change Modem B
as .2. & 3. is in use I would prefer to leave it & have both in the .1's especially as my main PC set up with a IPv4/Advanced/Secondary IP of 192.168.1.2 so I can access the modem from .2
Could I e.g.
leave Modem A as 192.168.1.1 reduce DHCP accordingly
Static Modem B 192.168.1.100 adjust DHCP 101 - 164
Would I then change the FB Modem Interface/IP subnet on the interface, to e.g. 192.168.1.133 - not sure what to put here though as can't have /24
I guess I might have to /26 255.255.255.192 for 63 Ip's or less
Perhaps Modem B needs to have it's own range .0 or perhaps .4 but not so keen, not sure if adding more IP ranges on a Windows PC makes a difference anywhere else.
This is where I don't quite understand
Would quite like you config if you can send, for the comments, not sure how you go about going that?
Sorry got rather long again.
-
bignose2,
Another AAISP/FB user here.
Based on the config AAISP gave us for our Office firebrick (2 bonded ADSL lines), they configure the modems to all have the same IP address (to make replacement easy), but place them in different "routing tables" in the Firebrick's config.
This is the snippet from our firebrick:
<interface name="Modem_1"
port="WAN1"
table="1"
comment="Interface to get to Modem 1">
<subnet ip="192.168.1.33/24"/>
</interface>
<interface name="Modem_2"
port="WAN2"
table="2"
comment="Interface to get to Modem 2">
<subnet ip="192.168.1.33/24"/>
</interface>
It then has these firewall rules to NAT connections to them:
<rule-set name="Modems"
source-ip="list of allowed source IPs"
target-ip="81.x.x.x" <!-- An IP address belonging to your Firebrick -->
target-port="81-82"
no-match-action="continue">
<rule name="Modem_1"
target-port="81"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="1"
action="accept"
comment="Get to Modem 1"/>
<rule name="Modem_2"
target-port="82"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="2"
action="accept"
comment="Get to Modem 2"/>
</rule-set>
So you would then access modem 1 at http://81.x.x.x:81/ and modem 2 at http://81.x.x.x:82/
You could add similar rules for telnet/ssh/https (or whatever your modems support).
-
I honestly didn't know you could do that.
-
I had vaguely heard of it, very clever stuff. Didn’t have a clue though and my approach was much more long winded. That’s how you do duplicate equal IPs.
I don’t like the per-port thing one bit at all. I had seen that thanks to (maybe) vic0239? I can address particular modems admin IPs straightforwardly (seemingly, even though the innards are longwinded). But for them, replacement has to not be a mess.
I have to label modems and then in order to do a replacement, I have to run a program to customise a per-modem ‘slot n’ config file and then load that into the new modem.
-
I don’t like the per-port thing one bit at all. I had seen that thanks to (maybe) vic0239? I can address particular modems admin IPs straightforwardly (seemingly, even though the innards are longwinded). But for them, replacement has to not be a mess.
I wonder if you can just pick any random IP addresses (one per modem) and rewrite access based on IP address, rather than port. e.g.
<rule-set name="Modems"
source-ip="list of allowed source IPs"
target-ip="192.168.200.0/24"
no-match-action="continue">
<rule name="Modem_1"
target-ip="192.168.200.1"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-table="1"
action="accept"
comment="Get to Modem 1"/>
<rule name="Modem_2"
target-ip="192.168.200.2"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-table="2"
action="accept"
comment="Get to Modem 2"/>
</rule-set>
If that works, you could then just access the modems at 192.168.200.1 and 192.168.200.2
EDIT: I've just tested the above, and it looks like it works fine.
-
True, but begs the question why have them on a single IP address in different segments if you're going to NAT them to different addresses?
-
I had vaguely heard of it, very clever stuff. Didn’t have a clue though and my approach was much more long winded. That’s how you do duplicate equal IPs.
I don’t like the per-port thing one bit at all. I had seen that thanks to (maybe) vic0239? I can address particular modems admin IPs straightforwardly (seemingly, even though the innards are longwinded). But for them, replacement has to not be a mess.
I have to label modems and then in order to do a replacement, I have to run a program to customise a per-modem ‘slot n’ config file and then load that into the new modem.
It's been a while since I used this configuration on the FB, but this is the snipped from the config showing the WAN definitions. The .1 addresses refer to the ZyXel bridge LAN IP address if my memory serves me correctly.
<interface name="WAN1"
port="WAN1"
graph="WAN1"
ra-client="false"
comment="WAN interface 1">
<subnet name="VMG1312-1"
ip="192.168.2.2/24"
gateway="192.168.2.1"/>
</interface>
<interface name="WAN2"
port="WAN2"
graph="WAN2"
ra-client="true"
comment="WAN interface 2">
<subnet name="VMG1312-2"
ip="192.168.3.2/24"
gateway="192.168.3.1"/>
</interface>
-
True, but begs the question why have them on a single IP address in different segments if you're going to NAT them to different addresses?
Not sure I understand the question, but the motivation is to allow all the modems to have identical configurations (including the same IP address). So if you have a spare, you can just swap it in without needing to modify it.
You can, of course, just give them different IP addresses if you don't care about that.
-
Hi,
AA have spent a huge amount of time trying to help but weirdly I asked the same questions 7 or 8 times & never got an answer, in the end I assumed the setting was not relevant in bridge mode but yesterday had a nightmare where pretty much my whole network went down, could not ever access the FB.
Perhaps you could advise so I don't end up in the same situation.
I have IP range 192.168.2.0/23 so .2 & .3
<interface name="LAN"
port="LAN"
graph="LAN">
<subnet ip="192.168.2.1/23 2001:8b0:dcf3:4eed::/64"
ra="true"
nat="true"/>
<dhcp ip="192.168.2.101-254"
lease="2:00:00"/>
<dhcp ip="192.168.3.101-254"/>
The modems both were on 1.1 with DHCP On,
I moved to 192.168.2.8 No DHCP & to 192.168.2.9 static & No DHCP
I left the FB setting the same 192.168.1.1 & 192.168.1.33/24 - this is what I kept asking, Do I change!!!
Later on network went crazy as above, no access, IP's were being dished out in the 1.1 range ??
Few things I thought might have caused.
AA actually mistakenly put the modem subnet in 255.255.253 but DHCP off but still thought that might be a problem?
I actually think my problems were caused by a 3rd erroneous LAN Server Settings ..
under the first 2 correct ones was a blank 0.0.0.0/24
I put the modems back to 1.1. & disconnected the LAN cable in a desperate attempt to fix, seem OK at the moment.
BUT if I want to put the Modems back on 2.8 & 2.9 static & No DHCP.
What do I put in the Modem settings on the FB
I actually don't understand the 192.168.1.33/24 - how is this any relation to 1.1 & why the 24/
<interface name="Modem_1"
port="WAN1"
table="1"
comment="Interface to get to Modem 1">
<subnet ip="192.168.1.33/24"/>
</interface>
<interface name="Modem_2"
port="WAN2"
table="2"
comment="Interface to get to Modem 2">
<subnet ip="192.168.1.33/24"/>
</interface>
<interface name="LAN"
port="LAN"
graph="LAN">
<subnet ip="192.168.2.1/23 2001:8b0:dcf3:4eed::/64"
ra="true"
nat="true"/>
<dhcp ip="192.168.2.101-254"
lease="2:00:00"/>
<dhcp ip="192.168.3.101-254"/>
<rule-set name="Modems"
target-port="81-82"
no-match-action="continue">
<rule name="Modem_1"
target-port="81"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="1"
action="accept"
comment="Get to Modem 1"/>
<rule name="Modem_2"
target-port="82"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="2"
action="accept"
comment="Get to Modem 2"/>
Basically if static & no dhcp as on my already DHCP'd by the FB
I guess the set-target-ip="192.168.2.8" & 2.8
What about the the 1.33's
Really struggling here
Thanks I/A
-
Need to keep it very simple, and use the auto-rollback feature in the FB so that when you make a dubious config change, it times out and undoes it if you don’t confirm that it’s ok within the time limit. Can’t remember the details just now. My config is a lot more straightforward, easier to understand than the AA one, but I don’t have their voluminous wisdom regarding the subject. Did we already once discuss my config in an earlier thread somewhere? Am too exhausted to snip out all the pieces from my own huge XML config file just now unfortunately but will try later.
-
@bignose2,
I think this thread is getting a bit confused, with various people offering configuration advice, all with different approaches, and I'm not sure I understand what the problem is any more...
Maybe you could post your entire existing config file (with any private information redacted), and then we can take it from there?
If I was you, I would try and keep the config as close as possible to how AAISP have initially configured it, at least until you've gained more firebrick experience.
Dave.
-
Good advice, from Dave.
-
I think this thread is getting a bit confused, with various people offering configuration advice, all with different approaches, and I'm not sure I understand what the problem is any more...
A mod report requested that we split this off, but after reading the whole thread neither another mod nor myself can find a logical point to start splitting off posts without it disrupting the flow and causing further confusion.
As suggested the best course of action would be for the OP to follow Dave's suggestion.
-
I agree that this topic is getting rather difficult to follow. :(
If I am understanding correctly, there are a pair of lines providing a VDSL2 (ITU-T G.993.2) based service from A&A. The lines are bonded.
Surely, therefore, at bignose2's end the two ZyXEL VMG1312-T20Bs should just be configured to be VDSL2/PTM/VLAN end-points and nothing more? I.e. consider each one of them to be a media-convertor. ???
-
Quite correct. Same as me: PPPoE, bridge modem-only modems.
-
Hi,
I was the OP.
I think sorted all the network problems, a big combination of small but wrong settings in the modem, switch, even putting another ethernet into the modem when trying to access it to test, not just the 1 to the FB. removed now.
This question is about accessing the modem stat's via the lan, on a different subnet to the modems. I have seen most of you contributed on an old & then even older 2016 forum but thought ask here in the hope its more straight forward now.
because ..
after my initial delight of double speeds etc etc every 24 hours or so, no set time or pattern it would drop out usually with massive packet loss. A simple re-start of one of the modems would fix, no specific one but trying to monitor frequently and easy access is important.
both modems 192.168.1.1 & access is meant to be via ports 192.168.1.1:81 & :82
The strange thing is I can via :81 but nothing on :82
A&A actually spent a long time trying to help but partially as trying to get access to one of the modems themselves, suspected faulty in the end & replaced, they can now get access but I still can't. Since then did have the packet loss so not that at fault for the data problems.
Any ideas?
</services>
<port name="WAN1"
ports="1"/>
<port name="WAN2"
ports="2"/>
<port name="LAN"
ports="3 4"/>
<interface name="Modem_1"
port="WAN1"
table="1"
comment="Interface to get to Modem 1">
<subnet ip="192.168.1.33/24"/>
</interface>
<interface name="Modem_2"
port="WAN2"
table="2"
comment="Interface to get to Modem 2">
<subnet ip="192.168.1.33/24"/>
</interface>
<interface name="LAN"
port="LAN"
graph="LAN">
<subnet ip="192.168.2.1/23 2001:8b0:dcf3:4eed::/64"
ra="true"
nat="true"/>
<dhcp ip="192.168.2.101-254"
lease="2:00:00"/>
<dhcp ip="192.168.3.101-254"
lease="2:25:00"/>
</interface>
<ppp name="WAN1"
port="WAN1"
username="xxxxxxxx"
password="xxxxxxxxxxxxx"
auto-percent="95"
graph="Line 1"
lcp-rate="1"
lcp-timeout="10"
remote="xxxxxxxxxxx"/>
<ppp name="WAN2"
port="WAN2"
username="xxxxxxxxxxxxxx"
password="xxxxxxxxxxxxx"
auto-percent="95"
graph="Line 2"
lcp-rate="1"
lcp-timeout="10"
remote="xxxxxxxxxxxxx"/>
<usb>
<dongle name="backup"
nat="true"
graph="Backup"
comment="3G Backup"/>
</usb>
<rule-set name="Portmaps"
source-interface="LAN"
target-ip="192.168.1.1"
target-port="81-82"
no-match-action="continue">
<rule name="Modem1"
target-port="81"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="1"
action="accept"
comment="LAN access to Modems"/>
<rule name="Modem2"
target-port="82"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-table="2"
action="accept"
comment="LAN access to Modems"/>
</rule-set>
<rule-set name="Modems"
source-ip="xxxxxxxxxxx xxxxxxxx xxxxxxxxxx/24 xxxxxxxxxxx/24" .....WAN IP's
target-ip="xxxxxxxxxx" ..... FB WAN IP
target-port="81-82"
no-match-action="continue">
<rule name="Modem_1"
target-port="81"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="1"
action="accept"
comment="Get to Modem 1"/>
<rule name="Modem_2"
target-port="82"
set-source-ip="192.168.1.33"
set-nat="true"
set-target-ip="192.168.1.1"
set-target-port="80"
set-table="2"
action="accept"
comment="Get to Modem 2"/>
</rule-set>
The packet loss is weird.
I will mention but more interested in getting access to the modem at the moment, to help diagnose below.
before migration had both lines so same wiring etc and never, ever had a problem, 70+ Mbps without fail. Perhaps 1 disconnection a month but always re-sync full speed. I would never have known apart from looking at the log's.
e.g. day before yesterday 5.20pm sudden huge packet loss (can't' see stat's from previous day, just graph, is there a way to enlarge the charts?) but 15 to 20% dripping red on Modem/Line 1. max DL test speed 0.6Mbps !!
I checked stats and the modem SNR was 6.5 up & down, sync speed still usual 76Mbps.
Been like it for 50 minutes.
I watched for a little longer and packet loss continued, all bad & speed bad.
Then did a software restart, not even a power cycle of Modem 1
Immediately 70Mbps speed test obviously from Modem 2
When the Line 1/Modem 1 came back full speed again all good?
This makes me think nothing wrong with the line itself, at that point anyway, so why report continued packet loss?
If the FB was reporting to the control 10% packet loss when surely there was none anymore on the line, what could be the problem.
I could understand perhaps a large blip on the line, cause SNR to drop & connection to drop & sync v.slow. This would only be recovered by a restart but this would be in the modem stats, low sync speed, perhaps the SNR would be back up but the sync does not auto adjust.
I do not understand quite how the FB interprets issues, if a problem for a few seconds does it get stuck reporting the bad stuff, I am use to combined modem/router & may be this behaviour is normal & could still be a multiple causes including continued line but I keep coming back to, if a restart fixed it so easy is it more likely the modem/FB that the line?
-
Sounds like the modem might be at fault.
-
HI,
I think it was the modem, finally managed to configure my VR600 and 3 days in, no drop out/speed reductions but still slightly too early to be sure, would not be good for both zyxtel modems to arrive faulty.
Different subject now but figured keep on this thread with so much AAisp experience here.
Is there a simple walk through to set up a VPN, I want as easy as possible method to access a pc on my LAN from Android phone via WAN.
Its just a PC running blueiris CCTV IP cameras but don't really want to open a port.
Had on my old Zen Fritzbox as simple password & code & matched on the Andoird App, done in 2 minutes.
Rather confused by the AAisp instructions, Road warrior & StrongSwan.
I downloaded StrongSwan, ....
-------------------------
"From the Android device, log in to the FireBrick
Go to Config - Certificates (Screenshot below)
Download the CA certificate in PEM format (or email it to yourself)
Open StrongSwan, go to (Menu) CA Certificates - (Menu) Import
Choose the Certificate, in our example the File is ca-cert.pem is found in the Downloads folder, select it."
-------------------------
It says the Certificate is invalid.
I am guessing got to do a lot more on the FB side but a lot of different procedure which just seems complicated, also getting into rules & NAT rules.
"Using FireBrick's built in ACME feature makes installing and maintaining a Let's Encrypt certificate easy. This certificate will be renewed by the FireBrick itself, and can then be used for https access to its web interface and also for ipsec."
My VR600 although just in bridge mode now, I can see that can set up a VPN would have been pretty easy if it was the router also.
Is there a easy to follow method?
thanks I/A