Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: New standard needed for PPPoEoE modems  (Read 3533 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
New standard needed for PPPoEoE modems
« on: July 01, 2018, 12:27:44 AM »

There is so much trouble involved with two-box systems where an ethernet router talks to a PPPoEoE-speaking modem over an ethernet cable.

1. The modem has a devil of a job getting internet access. (Leaving aside from things such as TR-069, which is not general, nor continuously available in the background, and is ISP-only.) It might internet access to use NTP, to send logs, to get software updates, or access the DNS or forty things. Certainly there are missed opportunities here because a lot of services that modems want to use are typically just sitting there broken.

2. Users want to get access to the modem to get stats and administer it. But the router is in the way and addressing is a right old mess.

What we need is a new standard that delivers slick well designed support for both of these issues. For (1), a standard, lean system for a modem to get internet access, probably involving talking to or through the router, because the router knows what to do and how to do it the modem does not. And for (2), a standardised method of publishing the modem’s admin interfaces on the LAN-side, plus a means of routing traffic through the router from the LAN-side to the modem and back again and setting up addresses automatically.

I think it would be a bit tricky to write it up, but given a bit of thought it should not take an inordinate amount of time. It should use IPv6 as far as possible and that might shorten the spec. Many modems only speak IPv4 currently so unfortunately the PPPoEoE half of the system would need to have IPv4 as well as IPv6 access defined.

I would think it might be worth at least considering putting in an IPv6 to IPv4 protocol converter inside the modem for (2) though, think through the question of whether you even need to spec IPv4 access from the LAN to modems or make it IPv6-only and use protocol conversion if need be. It would basically just be a kind of NAT64, if one went that way.
Logged

parkdale

  • Reg Member
  • ***
  • Posts: 597
Re: New standard needed for PPPoEoE modems
« Reply #1 on: July 01, 2018, 11:42:48 AM »

I don't know if ZyXEL support this standard https://avm.de/fileadmin/user_upload/Global/Service/Schnittstellen/AVM_TR-064_first_steps.pdf

But I could play around with the internal protocols in the Fritzbox....

[Moderator edited to insert the direct link.]
« Last Edit: July 01, 2018, 06:18:17 PM by burakkucat »
Logged
Vodafone FTTC ECI cab 40/10Mb connection / Fritz!box7590

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: New standard needed for PPPoEoE modems
« Reply #2 on: July 01, 2018, 06:22:26 PM »

I'm currently not in a position to check but I believe that the ZyXEL VMG1312-B10A does have a menu entry labelled TR-064 . . .
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: New standard needed for PPPoEoE modems
« Reply #3 on: July 01, 2018, 08:09:42 PM »

Get shot of PPP as is in progress then just copy DOCSIS. Job done.

Not sure this is something that's going to get much attention though. Network operators that provide stand alone modems tend to follow the Openreach approach, ISPs usually provide combined modem routers and very few people who bring their own kit buy standalone modems.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: New standard needed for PPPoEoE modems
« Reply #4 on: July 01, 2018, 08:11:39 PM »

I'm currently not in a position to check but I believe that the ZyXEL VMG1312-B10A does have a menu entry labelled TR-064 . . .

indeed it does - this is mine running in bridge mode

Logged

niemand

  • Kitizen
  • ****
  • Posts: 1836
Re: New standard needed for PPPoEoE modems
« Reply #5 on: July 01, 2018, 08:19:08 PM »

Regarding Internet access modems are routers in bridge mode. If Internet access is required an additional VLAN can be configured, however there is no need to provide modems access to the public Internet. There is no need to upload logs remotely and time and firmware upgrades can be handled on-net.

Modems have been around for a really long time so requirements are fairly clear and everything needed is provided for. We should be moving away from this complexity and having engineering effort put into just making things work, not providing unnecessary and attack surface increasing services.

As fibre to the premises becomes more widely available this will get better, the ideal being a simple Ethernet presentation. Both PON and P2P solutions provide this with no statistics to monitor or be concerned by.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New standard needed for PPPoEoE modems
« Reply #6 on: July 02, 2018, 05:11:32 PM »

What ignitionnet said about ‘there is no need’, translates as he ‘has no need’. :-)

I have functions that are just broken because of the difficulty of setting things up for my modems. Lack of NTP being one example, somthe clicks are wrong in all the modems.

I should not have said public internet access, just access to anything, including the main LAN is a right pain with things as they are, and so if you think that logging and admin will not be conducted over the public internet (I do not see why not, in a large setup, the admins could be elsewhere geographically) then there still is the issue of how boxes in the main lan are to query the modems and how the modems are to reply.

Security is not a valid point. We need to secure everything we provide, that argument is completely general and there is nothing that disqualifies the current use case.
Logged

nallar

  • Member
  • **
  • Posts: 55
    • Smokeping
Re: New standard needed for PPPoEoE modems
« Reply #7 on: July 04, 2018, 11:19:36 AM »

I have NTP working on an HG612 as a modem. Shouldn't be any need for a new standard...

You need an NTP server running on the router and listening on the interface connected to the modem, and a static IP for the router on that interface.

https://imgur.com/a/KLdzhGA

edit: If you don't want to run a local NTP server, it may also be possible to add a static route on the HG612 back to the router for a remote NTP server. The router would then send this through the PPPoE link to the remote NTP server. Haven't tried this as running a local NTP server is best practice to reduce the number of NTP requests made by devices on your network.
« Last Edit: July 04, 2018, 11:28:26 AM by nallar »
Logged
Virgin Media cable, A&A ADSL. OPNsense router.

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: New standard needed for PPPoEoE modems
« Reply #8 on: July 04, 2018, 12:22:48 PM »

i got my zyxel running in bridge mode to connect to the NTP using a static route.
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: New standard needed for PPPoEoE modems
« Reply #9 on: July 04, 2018, 02:28:20 PM »

I posted my working NTP solution for the VMG1312-B10A in the recent thread asking how to get it working.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New standard needed for PPPoEoE modems
« Reply #10 on: July 04, 2018, 09:44:20 PM »

I am thinking of something that is just zero-config though and allows modems to just work with the same level of easy access to resources as WAPs do.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: New standard needed for PPPoEoE modems
« Reply #11 on: July 05, 2018, 07:42:35 AM »

I am thinking of something that is just zero-config though and allows modems to just work with the same level of easy access to resources as WAPs do.

a modem essentially sits outside the network though, so you'll never have them working the same as a WAP.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New standard needed for PPPoEoE modems
« Reply #12 on: July 05, 2018, 01:17:08 PM »

@chenks that is just what my idea is designed to address, to give a modem a pipe back to the router and let it sit on the inside of the LAN as well, an auto-configured back-channel that gets set up as part of PPPoE extended setup, and an auxiliary channel can carry traffic meant for the modem itself back into the router (and the reverse direction). The modem acquires an address by a choice of various methods, applying to the router as a normal LAN-side box does.
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: New standard needed for PPPoEoE modems
« Reply #13 on: July 05, 2018, 05:23:00 PM »

Would be a bad idea imo.
The modem isn't meant to have access anything WAN side and I'd rather keep it like that.

I should have to set the static route I have to accomplish this.
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New standard needed for PPPoEoE modems
« Reply #14 on: July 06, 2018, 04:23:47 AM »

@j0hn I could hopefully fix your objection by making sure there were on/off switches in the spec. The modem would be logically positioned by the proposed system inside the firewall, despite appearances, so it would have the same protection as any box on the LAN. As well as a total on/off switch, I would add individual internet access on/off and LAN access on/off switches. The defaults would be to deny internet access and deny access to and from boxes on the LAN. You could configure a system so the modem could be allowed access to services provided by the router but that is all, or router plus internet, or any other combination of options.

Access controls should be implemented twice, on the router as well as in the modem, with the modem and router both consulting these flags. The router should apply access blocking according to the flags in case of a compromised modem. To really go to town, as well as packet filtering to apply these controls, the modem could be denied appropriate classes of addresses, so for example the modem might only acquire a link-local address or no IP addresses at all, and the router might not publish RA and DHCP to the modem. Such a lack of addresses might make things a bit more difficult for a compromised modem to get going with some nefarious project.

I think that with some care, security worries could be handled responsibly.

I would like to explore the case where only the modem has the code to support this and the router does not, but is hand-configured to give some or all of the services and types of access that the modem desires. The modem should just handle this half-manual case smoothly and do the right thing. The bad things here are inconvenience and possibly lack of functionality, as the user has the usual pain of having to work out how to configure the router, if this can even be achieved at all.

I just think about the amount of struggle, and brain ache and the number of half-working systems lying around. Once a number of example modules have been written for a modem and a router and a spec is written up I hope this would just make life incredibly straightforward for the two-box user.
« Last Edit: July 06, 2018, 04:41:46 AM by Weaver »
Logged
 

anything