Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Firebrick; Modems with Same Config on Each Separate Line  (Read 1092 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Firebrick; Modems with Same Config on Each Separate Line
« on: February 21, 2020, 01:16:24 AM »

On each of my lines I have a modem whose config is line-number-specific (the line number became termed ‘slot’ number). This came about because a modem say modem in slot #2 has an IP address for it’s admin-I/F of 192.168.2.1 in general 192.168.n.1 and my Firebrick router has an interface looking towards modem #2 which lives at an address seen by that modem at 192.168.n.254=192.168.2.254. Thus each modem’s config has to be different as the addresses they use are different. If I put the modem in the wrong slot,my hen it will still work, do it’s job, and send/receive data to/from the internet with no problem, because PPPoE knows nothing about IP, works at L2 only. However in the wrong slot I won’t be able to talk to the modem’s admin I/F, won’t be able to administer it or look at stats. Now having to keep track of which slot each modem has to go in is fine normally - just requires some sticky labels. But when dealing with a load of spares in waiting in reserve one cannot just configure one properly in readiness and have it ready to just plug in, not without the problem of not being able to administer it. In an emergency, as mentioned before a wrong-slot modem will work so you can just drop it in and go but it would really need reconfiguring properly later on at some point.

Ideally I would like to change this and have all modems with the same config. This is done with AA’s design if config for this situation but I don’t like their design because each modem’s admin i/f is accessed by the user at a unique per-slot TCP port number. This changing port numbers from the standard thing is very limiting, as it makes it so that you can’t use protocols that use other port numbers. I use NTP for example. I decided not to go with AA’s design; I can see that for AA one single config is the only sane choice obviously. But I’m wondering if I can have my cake and eat it.

Is there a way of designing a Firebrick NATing and redirection setup where each modem could live at the same address but packets coming out/in could be rewritten so that they would be unique when on the LAN ?

I don’t know how to tell the Firebrick to redirect something to an interface, only to an IP address. And the interfaces could not all have clashing IP address ranges - how would the brick be able to route anything ? The AA standard design manages to work somehow even though each one of the configs is the same.
« Last Edit: February 21, 2020, 01:21:36 AM by Weaver »
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #1 on: February 21, 2020, 07:14:07 PM »

I was going to type "hardware MAC of each modem" but then realised that would still be limiting.

Ideally you would like the Firebrick to be as configurable as something from Adva, Cisco, Juniper or Mikrotik, for example.

At the moment, I can't think of anything . . . Now where is CarlT?
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #2 on: February 21, 2020, 07:44:22 PM »

Good idea, however, I don’t see how I could use MAC addresses in this case because the modems are not in the same LAN as a sender, who is on the main LAN, and so that sender cannot successfully ARP to get a modem’s MAC address in order to send stuff to it.

I’m thinking that the Firebrick is perhaps less general because it is more pragmatic and less confusing. The xml elements are very much associated with practical nouns, verbs and adjectives and you don’t have to tell it how to do things just to do them. One example is failover, there’s nothing to work out, you just mention the usb ‘dongle’ NIC and it does the right thing. Which is nice.

I’m thinking that what I want to do is actually illogical, self-contradictory anyway. I want the LAN ranges of the 2-node lans (ie miniature broadcast domains) that the modems live on to all be different, from the Brick’s point of view, for routing, and the same from all the modems’ points of view so that they each see something that fits their expectations from their config. The ultimate would be for the Firebrick to DHCP-configure the modems so that they wouldn’t need IP configuration specified in their config files. But I don’t know if the modems can res upon to DHCP on the LAN side.

That is a non starter so we’re back to the question of what would happen with a lot of 2-node LANs that all have the same IP address range and thus clash inside the Firebrick for routing purposes. And there’s still also the problem of language of expressing destinations for addressing.

So which ever way, it seems truly impossible and so AA’s design and my own might well be the only options.
« Last Edit: February 21, 2020, 07:49:31 PM by Weaver »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #3 on: February 21, 2020, 08:11:20 PM »

At least it’s not so bad now, as things are. I just run a program I wrote for the iPad, enter a slot number 1…4 and the program creates a file with an appropriate name and customised contents, by programmatically firing up the Textastic text editor and remotely commanding it to create a named file, which Textastic then saves. So it’s only one small step before configuring and only then if the master config has changed. The per-slot customised, per-slot named config file is saved after this, so it’s ready for the next spare modem that is going to be put in that same slot, and the command doesn’t need running again. I have config files named something like yyyy-mm-dd-mn.cfg.xml - E.g. yyyy-mm-dd-m4.cfg.xml for modem 4 say, so I just pick one appropriately named file when I’m uploading config into a modem.
Logged

DaveC

  • Reg Member
  • ***
  • Posts: 197
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #4 on: February 21, 2020, 09:11:45 PM »

You should just need a small tweak to the rule-sets in A&A's standard config, which I think is something along these lines:


Code: [Select]
<rule-set name="Modems"
           source-ip="[permitted source IPs]"
           target-ip="[local IP of firebrick"
           target-port="81-83"
           no-match-action="continue">
  <rule name="Modem_1"
        target-port="81"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="1"
        action="accept"
        comment="Get to Modem 1"/>
  <rule name="Modem_2"
        target-port="82"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="2"
        action="accept"
        comment="Get to Modem 2"/>
  <rule name="Modem_3"
        target-port="83"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-target-port="80"
        set-table="3"
        action="accept"
        comment="Get to Modem 3"/>
 </rule-set>

(let me know if you don't know the correspondng interface/subnet sections to set this up - it relies on using separate routing tables for each modem)

This forwards connections to your modems based on the target port, which as you say limits you to one port per device.

Instead of that, you could probably (although I haven't tested) assign 4 local (loopback) IPs to the brick, and then modify the above rules to replace "target-ip" with the appropriate loopback address, and remove the "target-port" and "set-target-port" attributes.  i.e.

Code: [Select]
<rule-set name="Modems"
           source-ip="[permitted source IPs]"
           target-ip="local-ip-1 local-ip-2 local-ip-3"
           no-match-action="continue">
  <rule name="Modem_1"
        target-ip="local-ip-1"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-table="1"
        action="accept"
        comment="Get to Modem 1"/>
  <rule name="Modem_2"
        target-ip="local-ip-2"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-table="2"
        action="accept"
        comment="Get to Modem 2"/>
  <rule name="Modem_3"
        target-ip="local-ip-3"
        set-source-ip="192.168.1.33"
        set-nat="true"
        set-target-ip="192.168.1.1"
        set-table="3"
        action="accept"
        comment="Get to Modem 3"/>
 </rule-set>

Edit: Seems we had this discussion a couple of years ago:

https://forum.kitz.co.uk/index.php/topic,21402.0.html  ;D
« Last Edit: February 21, 2020, 09:17:58 PM by DaveC »
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #5 on: February 21, 2020, 09:31:14 PM »

Edit: Seems we had this discussion a couple of years ago:

https://forum.kitz.co.uk/index.php/topic,21402.0.html  ;D

And there is an even earlier discussion, from four years ago. So here they are, in chronological order --

Firebrick access to modems for inspecting stats, begun on January 6, 2016.
Firebrick FB2700 and Three Modems' Admin Interfaces, begun on April 21, 2018.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #6 on: February 21, 2020, 09:43:06 PM »

DaveC you are a star. This gets round the issue of the Firebrick doing routing by nit having it do any at all; forcing the whole thing with ‘firewall’ rewrite/redirect rules, is that right?
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #7 on: February 21, 2020, 09:43:43 PM »

A sudden thought.  :idea:

TR-069 is for WAN-side CPE configuration and TR-064 is for LAN-side CPE configuration.

So all new modems, as they are received, are factory-reset and updated with the relevant firmware before they are put into storage. Upon deployment, a local TR-064 server sees the new device at the factory-default setting and promptly configures it for the "logical slot" into which the CPE has been placed.

Hmm . . .  :hmm:
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #8 on: February 21, 2020, 09:46:39 PM »

Now that is interesting.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #9 on: February 21, 2020, 09:50:45 PM »

@DaveC I bow to your knowledge because I don’t understand the application of the set routing table command. Is that the key, things are set up differently in multiple routing tables? But I don’t know how to create the routing tables’ contents themselves.
Logged

DaveC

  • Reg Member
  • ***
  • Posts: 197
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #10 on: February 21, 2020, 10:44:25 PM »

This is the other bit of my config, which sets up the interfaces:

Code: [Select]
<interface name="Modem_1"
            port="WAN1"
            table="1"
            comment="Interface to get to Modem 1">
  <subnet ip="192.168.1.33/24"/>
 </interface>
 <interface name="Modem_2"
            port="WAN2"
            table="2"
            comment="Interface to get to Modem 2">
  <subnet ip="192.168.1.33/24"/>
 </interface>
 <interface name="Modem_3"
            port="WAN3"
            table="3"
            comment="Interface to get to Modem 3">
  <subnet ip="192.168.1.33/24"/>
 </interface>

By default, all the traffic passing through your firebrick is in routing table "0" - that's the default value for the "table" attribute.

So in my example (with three modems), there are four routing tables going on - the default (0), and then three clones, all with 192.168.1.33 as the IP of the Firebrick, and 192.168.1.1 as the IP of the modem.  Traffic in one routing table stays in that routing table unless processed by a rule with "set-table", which routes between them.

Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Firebrick; Modems with Same Config on Each Separate Line
« Reply #11 on: February 22, 2020, 05:30:34 AM »

Dave thank you so much. You’re a genius. The multiple tables thing just is what it says on the tin.

I had forgotten about those earlier threads and also forgotten about the use of set table in AA’s solution.

In the interface definitions below, is the interface attribute just like a target-marking for that interface, making it a destination for set table-marked traffic?
Logged
 

anything