Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[burakkucat]

This is purely a theoretical query.

Assume there is a end-user who takes a 900 Mbps service from BT (retail / consumer / whatever the current name), delivered via an Openreach GPON ONT - say a Nokia G-010G-Q. Let us assume that the end-user does not want to use the BT provided all-in-one CPE but would prefer to use a MikroTik single box solution.

What are the various options? A hAP-AC2, a hAP-AX2 or ? 

[meritez]

Do we have to use the Openreach ONT, or can we put that on the SFP port of the Tik?

If keeping Openreach ONT:
hAP ac3
hAP ax2
hAP ax3
Audience
Chateau LTE18 ax
Chateau 5G ax

The ac2 is excluded as it only has 16MB NAND, does not have the space for Tik's WiFiWave2 drivers.

If replacing the SFP:
RB4011iGS+5HacQ2HnD-IN

[burakkucat]

Do we have to use the Openreach ONT, . . .

I used that delivery method (FTTP) just for convenience of the query. If it was based on my own current case (VDSL2) or as twelve years ago (ADSL2+), I could have stated having an Openreach branded Huawei HG612 in situ, converting xDSL to/from Ethernet frames.

hAP ac3
hAP ax2
hAP ax3
Audience
Chateau LTE18 ax
Chateau 5G ax

The ac2 is excluded as it only has 16MB NAND, does not have the space for Tik's WiFiWave2 drivers.

Thank you for that list. It might be a useful reference point, sometime in the future.

For the next device, you clearly intended to type "If replacing the ONT with an SFP:"

RB4011iGS+5HacQ2HnD-IN

[meritez]

Yeah probably,

Good news, other half volunteered at a homeless shelter last friday

Bad news, brought home a sore throat and cold, sharing it as a result, not fun.

[Weaver]

Am not understanding something here. Will users of a MikroTik ONT come up against the problem of programming the unit with the correct PON decryption key from BT etc ? Apologies in advance if I have misunderstood completely and have noted the "theoretical".

[meritez]

@Weaver,

Theoretically, there's available SFP GPONs like the MA5671A that can reprogrammed to replace an Openreach ONT.
At the other end, an Openreach ONT should be treated like a BT Master Socket, not yours to tinker with.

[Weaver]

That’s what I thought. Hence the theoretical. How does Mikrotik solve this though ? Is it ok in other countries?

[XGS_Is_On]

Am not understanding something here. Will users of a MikroTik ONT come up against the problem of programming the unit with the correct PON decryption key from BT etc ? Apologies in advance if I have misunderstood completely and have noted the "theoretical".

No decryption key programming, Weaver, just a serial number to authenticate the ONU. The encryption key is negotiated between the two sides once the ONU is authenticated.

You can absolutely buy ONU/ONT SFP+ modules that are compatible with Mikrotik and allow the user to set the serial number. Indeed some enterprising types sell modules on the specific basis that their serial numbers are programmable.

Openreach do not appear to conduct further checks. I have gone hugely overboard in replicating their configuration it seems. Not aware of any operators of GPON networks that do care about anything besides serial number. Aside from transmitting at the wrong times, obscuring other ONUs' legitimate transmissions, or transmitting high powered garbage continuously and blinding the OLT optical receiver there's not really much an ONU/T can do to harm things.

[Weaver]

Ah, I know absolutely nothing about the subject and would like to read up on it. So could one simply duplicate another user’s serial number and then successfully receive and decode their inbound data?

[j0hn]

Ah, I know absolutely nothing about the subject and would like to read up on it. So could one simply duplicate another user’s serial number and then successfully receive and decode their inbound data?

Nope. The same serial number cannot be online twice.

I have also tried swapping my ONT and my neighbours ONT (both on the same PON) and neither authenticated.

I was testing to see if you could simply spoof a neighbours ONT serial number and connect to their broadband.
We are both with Talktalk so it's DHCP, no password.
I was half expecting the ONT's to authenticate and us to connect to each others accounts but Openreach must somehow be able to detect which part of the split you are on?
Either that or the engineer was incorrect and we are on separate PONs, but I doubt that.

[Weaver]

Very odd. But then you really would hope that they would have incorporated the required design cleverness, since the alternative, ignoring the requirement, would be very worrying.

[burakkucat]

Considering both XGS_Is_On and j0hn's experimental results, it appears that the requirements are to --

• Use an identical serial number as that of the originally installed ONT.
• Be on the same "split".

For Weaver, I mention the GPON-ONU-34-20BI SFP which is available from FS.

[craigski]

I have also tried swapping my ONT and my neighbours ONT (both on the same PON) and neither authenticated.

Interesting. How could the OLT know it was on a different split, maybe detected a slight difference in loss some how? How long did you leave them swapped for in your experiment, I wonder if they were was left for longer they would have re-authenticated?

[dee.jay]

If you swap two ONT's on the same PON port there's no intelligence to know that they have moved.

So not sure why they didn't come up. Unless it just so happens you and your neighbour are on different PON ports, and that's highly unlikely