[HN Gopher] Hack GPON - how to access, change and edit fibre ONTs
___________________________________________________________________
Hack GPON - how to access, change and edit fibre ONTs
Author : pabs3
Score : 227 points
Date : 2024-09-25 00:41 UTC (22 hours ago)
(HTM) web link (hack-gpon.org)
(TXT) w3m dump (hack-gpon.org)
| jiveturkey wrote:
| It's an interesting site but where's the 0xbeef? OK it explains
| how to telnet into some units but then what? How do I get the
| free HBO ser?
| abound wrote:
| I'm only just digging into the site, but some ONT pages (ex
| [1]) have information on how to set low-level parameters (MAC,
| various equipment IDs, etc). Probably won't get you free HBO,
| more likely to get your ONT banned at your ISP, but _maybe_ you
| 'll get free internet before that.
|
| [1] https://hack-gpon.org/ont-nokia-g-010g-t/#gponomci-settings
| bpye wrote:
| There are also folks that want to overwrite the MAC, serial,
| etc to clone their ISPs ONT - allowing them to use a
| different GPON/XGSPON ONT/SFP(+) module [0].
|
| [0] https://pon.wiki/
| silotis wrote:
| This isn't about getting free internet, no competent ISP will
| let the link come up without a serial number registered with
| the port. This is about bypassing the awful gateway hardware
| many fiber ISPs mandate.
| Brian_K_White wrote:
| The point is to be able to use your own hardware, a fiber
| equivalent of buying your own cable modem and router.
| ezekielmudd wrote:
| It is my understanding that ISPs have management software that
| watches all the ONT activities. They will mark a rogue ONT as an
| "alien" and blacklist it.
| 1oooqooq wrote:
| not to mention that its probably jail time in the USA if they
| want to go after you. All they have to do is to show a judge
| that you "hacked" their device with some hacker "jtags" to
| extract the very well protected passwords.
| greyface- wrote:
| People have in fact done prison time for "uncapping" DOCSIS
| CPE (although I believe only in situations where they were
| making a commercial operation out of it). I love seeing sites
| like this, but if I were involved, I'd tread lightly around
| commercialization, advertising, taking donations, etc.
|
| https://www.justice.gov/opa/pr/oregon-man-sentenced-
| boston-3...
|
| https://arstechnica.com/tech-policy/2010/01/hacking-cable-
| mo...
| sulandor wrote:
| jailtime for a mouthful of internet is somewhat of a
| stretch
| appendix-rock wrote:
| Yes. Exactly.
| thayne wrote:
| I assume that is why they have a page full of disclaimers
| before you get to any content.
| pabs3 wrote:
| BTW: in the EU there is movement towards mandating ISPs allow
| BYOD, including fibre ONTs.
|
| https://fsfe.org/activities/routers/
| vlabakje90 wrote:
| Mandatory in the Netherlands, since last year.
| t0mas88 wrote:
| And as a result for example KPN (one of the largest fiber
| ISPs) has a document to tell you what to connect and with
| which specs: https://assets.ctfassets.net/zuadwp3l2xby/2Yp0Ht
| LJPKBUX5mqr3...
|
| Some years ago there was only unofficial documentation even
| on the parts behind the ONT, like which VLAN carries internet
| and which one is IPTV etc. Now it's all officially documented
| and you can run your own modem, router and firewall if you
| want.
|
| I've left their ONT in place and plugged it directly into a
| Linux box that does the rest. Gives me more flexibility on
| things like IPv6 and easier to host local services without
| port forwarding through their modem.
| the_mitsuhiko wrote:
| Do you know how this works contract wise? When you get
| network are you guaranteed that GPON will work or can they
| refuse service after a certain point in time and force you
| to upgrade to XGS-PON (or some other standard)?
| marceldegraaf wrote:
| The provider can upgrade their network from GPON to XGS-
| PON; in fact KPN (a large Dutch provider) does this
| regularly, especially in areas with new housing
| developments.
| the_mitsuhiko wrote:
| > The provider can upgrade their network from GPON to
| XGS-PON
|
| The provider can transparently run GPON and XGS-PON
| simultaniously because they run on different wavelengths.
| However unless the provider can tell all existing GPON
| customers to replace their infrastructure they cannot
| stop providing GPON. GPON -> XGS-PON is not an upgrade,
| it's double the infrastructure where the splitter is.
|
| So my question is quite specifically if there is a
| contractual way for KPN to turn off GPON and force
| customers to migrate, or if they are required to service
| both until the last GPON customer goes away on a
| splitter.
|
| This has been an issue with DOCSIS for in many places of
| the world where we are already running out of available
| frequency spectrum.
| t0mas88 wrote:
| Consumer contracts don't guarantee GPON support in any
| way. So if KPN wants to upgrade they can just send the
| customer a letter telling them to get an XGS-PON
| compatible ONT by some date.
|
| They'll probably take a bit more customer friendly
| approach and at least send you a free provider owned XGS-
| PON compatible one and a new modem. But for your own
| equipment you have to manage everything and make sure it
| complies with their published specifications.
| the_mitsuhiko wrote:
| That sounds like a somewhat pragmatic approach. Curious
| to see how that plays out in practice. I presume the
| total number of consumers that are interested in running
| their own ONT is limited. In Germany the situation seems
| a bit different. There customer owned Fritzbox devices
| with integrated ONTs are very widespread making the
| situation for an ISP quite different when it comes to
| upgrades.
| jeroenhd wrote:
| KPN and other Dutch ISPs don't really care about custom
| customer hardware, on a practical level and on a
| contractual level. The Dutch standard is that you use the
| rented hardware your ISP provides, unless you want
| something special, then you get specs and settings and
| you're on your own. Even if you use your own hardware,
| you often still get a modem delivered to your doorstep.
|
| If anything breaks on the network side, the
| troubleshooting procedure is "connect the hardware we
| sent you and see if it works". If it does, it's up to you
| to fix your side. If that requires new hardware, you're
| kind of screwed. KPN has the obligation to permit you to
| run your own hardware and to provide you with the
| information necessary, but not to keep any kind of
| backwards compatibility.
|
| (Euro)DOCSIS should be backwards compatible, but things
| like radio channels and unencrypted video signals have
| already been replaced by their digital equivalents to add
| more upstream capacity by Ziggo (the last remaining large
| Dutch cable company). This broke functionality for a
| whole bunch of devices, but these changes were announced
| months in advance so customers had to choose between
| ending their contract and taking it.
|
| The trouble with dealing with KPN is that KPN is also the
| company operating the POPs in most places, with many
| other ISPs leasing their lines. So even if you switch to
| a different ISP in protest of the XGS-PON switch, you're
| very likely to still end up with a XGS-PON signal from
| KPN.
| t0mas88 wrote:
| You're almost certain to end up with the exact same line
| just a different provider on it. Very few areas have
| multiple fiber networks, although it's getting more
| common.
|
| I still believe that the original move, forcing KPN and
| other network owners to allow competitors on their
| network, was a better option than digging up the streets
| twice to get two fiber networks in place.
| ThePowerOfFuet wrote:
| Not more infra at the splitter; they are simple optical
| devices which use no electricity (hence the P in PON).
|
| More infra at the OLT end, yes.
| the_mitsuhiko wrote:
| Sorry yes, you are correct.
| t0mas88 wrote:
| The contract does not guarantee GPON or XGS-PON. They
| have a tool to help you figure out what you have, but
| they can legally change it when they're upgrading their
| network.
|
| The only guarantee is that they'll give you a new
| provider owned ONT and router during the upgrade. But
| that's not very useful if you want to keep running your
| own equipment.
| vrytired wrote:
| Google translated to English:
| https://static.r2kba.net/file/Sharex--
| Uploads/ShareX/2024/09...
| the_mitsuhiko wrote:
| I think it's vital that you can run your own modem but I'm not
| convinced that it's a good idea to force a custom ONT. An ONT
| is about as dumb as it gets and it's entirely transparent on
| the stack.
|
| The benefit with an ONT (or even DOCSIS dumb modem) managed by
| the ISP is that they can do fleet upgrades much quicker as they
| don't have to keep all old protocols running. For instance the
| GPON -> XGSPON upgrade that some ISPs are running right now (or
| DOCSIS 3 upgrade) really only works well if you can turn off
| the old protocol which requires swapping out all ONTs/DOCSIS
| modems.
|
| If customers bring their own stuff then you're stuck with these
| things for much longer.
| cillian64 wrote:
| In some places it sounds like the ONT is integrated with the
| router (like with DOCSIS), and being forced to use the ISP's
| router is a problem.
|
| But in cases where the ONT just looks like a media converter
| and you have a separate router I really can't see any reason
| for the customer to provide their own ONT. Especially given
| PON is a shared medium so a misbehaving ONT can affect other
| customers.
| the_mitsuhiko wrote:
| > In some places it sounds like the ONT is integrated with
| the router (like with DOCSIS), and being forced to use the
| ISP's router is a problem.
|
| I agree, and that is a problem. The rules and regulations
| are different in different countries. In Austria for
| instance the ISP can force you to use a specific DOCSIS
| modem or ONT but they have to provide you with a
| transparent way to connect to it (bridge mode etc.). Which
| from where I'm standing is a good tradeoff because it gives
| the ISP the flexibility to do mass migrations without
| having to consider very old deployed infrastructure.
|
| With PON I think it doesn't matter all _that_ much but for
| instance people running ancient DOCSIS modems and limited
| frequency availability has been a massive pain for people
| stuck with DOCSIS infrastructure that want more upstream
| and can't.
| Rinzler89 wrote:
| _> but they have to provide you with a transparent way to
| connect to it_
|
| Can you provide the source for that? Because the Wifi 6
| enabled Modem from Magenta doesn't support bridge mode.
| the_mitsuhiko wrote:
| > Can you provide the source for that?
|
| There has not been an official ruling, but that was not
| necessary because there is a soft commitment by ISPs to
| provide bridge mode which was enough for the RTR: https:/
| /www.rtr.at/TKP/was_wir_tun/telekommunikation/konsume...
|
| But they are very explicit:
|
| > Gleichzeitig gibt es eine gesetzlich garantierte
| Endgeratefreiheit (Art. 3 Abs. 1 TSM-VO). Auf Grund
| dieser haben alle Nutzer:innen das Recht, einen Router
| ihrer Wahl zu verwenden. Stellt der Anbieter einen Router
| mit integriertem Modem zur Verfugung, muss es moglich
| sein, diesen Router in den sogenannten "Brigde-Modus" zu
| schalten.
|
| > Because the Wifi 6 enabled Modem from Magenta doesn't
| support bridge mode.
|
| It does. Call customer support and they enable it for
| you. It turns into a dumb modem afterwards behind which
| you need to put your own infrastructure.
|
| It's also mentioned on their FAQ:
| https://www.magenta.at/faq/entry/~technische-
| anfrage~kabelin...
| kilburn wrote:
| This is the same in Spain: ISP-provided ont/router combos
| are fine but they must have a bridge mode (you may have
| to call support to enable it).
| Aaron2222 wrote:
| > But in cases where the ONT just looks like a media
| converter and you have a separate router
|
| That's how it works in New Zealand, but we take it a step
| further. The GPON/XGS-PON fibre network is run by a
| separate company[0] from the ISPs (and the company running
| the fibre network is prohibited from providing internet
| services[1]). So the ONT just functions as a media
| converter[2], and all our ISPs deliver internet over the
| same fibre network. This decoupling between the fibre
| network provider and ISP means you can change ISPs without
| any swapping of ONTs or repatching of fibre[3][4] (in fact,
| the process can be entirely automated, switching to some
| ISPs can take effect within an hour or two of placing the
| order). That and most ISPs allow bringing your own router
| (as there's no monopoly in the ISP space).
|
| [0]: The NZ Government contracted four companies to build,
| own, and run fibre networks (three being new companies co-
| owned by local lines companies and the government to
| serving their local area, with the rest of the country
| being served by Chorus, the company that owns the country's
| copper network). These fibre companies are heavily
| regulated (including how much they can charge ISPs).
|
| [1]: In fact, this requirement resulted in Telecom (the
| company that owned our copper network and who was one of
| the companies that provided phone and internet service to
| consumers) being split up, with Chorus being spun off,
| owning the copper network and owning the fibre network for
| the majority of the country.
|
| [2]: Chorus did start deploying ONTs with a built-in
| router/AP a while back. They did offer this to ISPs to use,
| but uptake was very low, so it's since been discontinued.
|
| [3]: I don't know how it works over in European countries
| where ISPs run their own fibre networks when switching
| ISPs, I assume they have to either install their own fibre
| line into the premises or the existing fibre is repatched
| to their network?
|
| [4]: The fibre companies are required to offer use of their
| fibre network directly to ISPs, with the ISPs PON network
| running in parallel to the fibre company's, with the ISP
| providing their own fibre splitters and ONTs (which would
| be run on a second fibre line that each premises already
| has) and running their own OLTs. I believe this requirement
| still exists, but no-one ever took them up on it.
| ensignavenger wrote:
| I am curious about this model. How well is this working
| in practice? How many ISPs do you have to choose from,
| and how do they differentiate? How close to wholesale are
| the retail prices?
| cycomanic wrote:
| I believe the number of ISPs differs regionally (I
| suspect due to where they have network equipment), but I
| just put in my adress into the main search website
| (https://www.broadbandcompare.co.nz) and it came back
| with 13+ ISPs (although some of them might belong to same
| parent companies). Prices tend to be quite similar (which
| I suspect indicates that it is operating close to cost)
| and differentiation happens mainly on bundling with other
| services (mobile, power, TV, included Netflix...) Keep in
| mind that I have only lived here for 1.5 years, but from
| my limited experience it definitely seems like there is a
| healthy amount of competition.
| ensignavenger wrote:
| Cool, one similiar network in the US is UTOPIA in Utah...
| they seem to have similiar results.
| https://www.utopiafiber.com/residential-pricing/
|
| But I have read that some other communities that have
| tried the same model have had trouble attracting ISPs.
| bdavbdav wrote:
| The UK does the same thing. openreach own the infra and
| sell the transit wholesale to providers. It works really
| well on the whole.
| bauruine wrote:
| About [3]. In Switzerland most of the fiber network is
| built by Swisscom, a former telecom monopoly and still
| 51% state owned company that also owns the old copper
| network. Other ISPs can use the network but everyone has
| their own router with an integrated ONT. ONTs as a
| separate device are pretty much unknown. On XGS-PON only
| certified ONTs are whitelisted [0] The wholesale price
| list is public [1] For actuall prices see [2] They
| differentiate mostly through support, price and
| additional services like TV. Data caps are basically
| unheard of (I don't call something like the fiber7 FUP of
| 600TB a data cap) and CGNAT is, while not uncommon, at
| most a phone call to disable it.
|
| [0] https://www.swisscom.ch/dam/swisscom/en/ws/documents/
| E_BBCS-...
|
| [1] https://www.swisscom.ch/content/dam/swisscom/de/ws/do
| cuments...
|
| [2]
| https://en.comparis.ch/telecom/zuhause/angebote/internet-
| abo
| jeroenhd wrote:
| In theory the ONT can act like a listening device. They're
| also often Linux or BSD devices that can get hacked.
|
| If you're paranoid, you may want to run an ONT that you
| control, just in case. I doubt it's something that matters
| to a lot of people, but even if it only matters to some, it
| shouldn't be made impossible for those that want to.
|
| RE: misbehaving hardware: the same is very much true for
| cable internet and there are plenty of countries where
| people hook up their own modem without any trouble. If
| someone wanted to mess with the fiber network they could
| just disconnect the ONT and shine a laser pointer down
| there. All off-the-shelf devices are built to just work and
| follow the necessary standards, because there's nothing to
| be gained by messing with the PON network like that.
| the_mitsuhiko wrote:
| > In theory the ONT can act like a listening device
|
| Sure, but so can the other endpoint. Even many AON
| installations these days are just hidden XPS-PON and
| similar, you just never see the ONT. (See a lot of ISPs
| in Switzerland)
| bobmcnamara wrote:
| And so can all the other endpoints if they're not
| encrypting downstream traffic
| worewood wrote:
| In the year 2024 it is prudent to think of everything
| that leaves the premises as potentially listened upon.
|
| That's why we've got HTTPS an DoT/DoH so widespread these
| days
| lxgr wrote:
| There's still a huge privacy impact if anyone can listen
| to your traffic (since hostnames are almost always
| plaintext due to SNI).
| woodrowbarlow wrote:
| as long as the ISP isn't charging a rental fee for the ONT.
| bobmcnamara wrote:
| I replaced my Google fiber ONT by cloning the network
| parameters into a cheap SFP one because the Google supplied
| one only supports gigabit Ethernet but uses 2.5/1.25gbit
| optics. The upgrade reduced latency a small, but measurable
| amount, and improved my NTP jitter.
| cmsj wrote:
| Definitely agree. The smart place to demarcate the
| connection is the point at which a device does DHCP/SLAAC
| to get whatever IPs the ISP assigns the customer.
| pbasista wrote:
| > If customers bring their own stuff then you're stuck
|
| Why? There is nothing preventing an ISP from saying that from
| date X, only protocols A, B and C are supported. If you want
| to use your own device, make sure it supports these
| protocols.
|
| In other words, the requirement to allow customers to use
| their own devices does not mean that they can choose all
| available protocols. The allowed protocols can still be
| controlled by the ISPs.
| thefz wrote:
| > Why? There is nothing preventing an ISP from saying that
| from date X, only protocols A, B and C are supported. If
| you want to use your own device, make sure it supports
| these protocols.
|
| A lot of overhead for ISP support in those cases in which a
| customer knows they can buy any router with any ONT, plugs
| it and forgets it without zero knowledge of what a protocol
| even is.
| appendix-rock wrote:
| Hahahaha! Have you ever done any customer support!? This is
| _not_ how it works.
| tuetuopay wrote:
| Well this is about _allowing_ customer supplied ONT, not
| _supporting_ them. As in, you have to follow upgrade
| procedures announced X days in advance, etc.
| the_mitsuhiko wrote:
| In theory yes. In practice that might work that way if
| ~5% of your users are in that situation. If ~50% of your
| user base is running on a legacy protocol and you're
| running into Churn risks, the company is going to re-
| evaluate if they want to retire the old protocol.
|
| There _is_ a reason even legacy cable TV and ancient
| DOCSIS channels are still being available in many
| countries because actually retiring a lot of old modems
| has shown to be risky to the business.
| iphoneisbetter wrote:
| Lol, that's hilarious. Thanks for the chuckle. Tell me
| you've never supported (limited knowledge) end-users
| without saying it out loud.
| beerandt wrote:
| I mean you're right in general- but we're talking about a
| subset of customers that want to mess with their own
| fiber connection.
|
| That's either a horde that understands the issue, or is
| an even smaller subset that is going to be a pita anyway.
| naming_the_user wrote:
| You are at the end of the day still running a business.
|
| It's like saying that Spotify could suddenly decide to
| retire support for Android 12 or something. They could, but
| how many customers are they going to lose and how much
| support burden is that going to generate?
| zokier wrote:
| > I think it's vital that you can run your own modem but I'm
| not convinced that it's a good idea to force a custom ONT.
|
| Did you mean "router" instead of "modem" here?
| teeray wrote:
| That's all great and wonderful, but I shouldn't have to pay
| to rent a device that really only benefits the ISP. I would
| rather have a slick ONU SFP+ module in my router, than yet
| another plastic block on my telecom panel I need to find
| space and power for. "This makes our network easier to
| manage" AND "we make extra money doing this" is double-
| dipping.
| NoMoreNicksLeft wrote:
| If ISPS weren't cheapskate assholes, then they'd offer the
| ONT SFP module, so I didn't have some shitty plastic doodad
| hanging from my router because there's no place to put a
| mounting bracket for it and get it in the panel. I'm sure
| you'll tell me why the black bakelight rotary telephones were
| the only telephones I really needed, and I was just making
| trouble for little ole AT&T when I wanted something more.
| neelc wrote:
| When I had CenturyLink, I replaced the ONT via a JTAG cable
| on the new ONT. The stock CL ONT (Calix 716GE-I R2) had a
| 16384 connection limit, which prevented me from running high-
| bandwidth Tor relays. The new ONT (Calix 803G) did not.
|
| Calix for some reason makes it easy to clone some models.
|
| I have a post on this: https://www.neelc.org/posts/clone-
| calix-ont/
|
| Now I'm in NYC with Verizon Fios where I don't need a cloned
| ONT. Woo! The Verizon ONT is big and has a huge power brick,
| presumably because of RFoG alongside GPON.
| ImSorryButWho wrote:
| That's very cool, but just to point out: that's not JTAG,
| it's serial (UART).
|
| JTAG is a much lower level protocol, typically used for
| hardware or low-level software debugging. Serial/UART gives
| you a command-line interface to the software that's
| running.
|
| Using a JTAG interface is a lot more complicated. If you're
| interested in playing with it, check out OpenOCD.
| muppetman wrote:
| How is the ONT, a Layer2/Ethernet device, involved in L3
| sessions? Was it also the default gateway/router all rolled
| up into one?
| neelc wrote:
| There is a mis-feature on the ONT called "Broadcom Packet
| Flow Cache". It apparently speeds up TCP sessions but at
| the expense of allowing a large amount of then.
|
| Lumen fortunately moved off these ONTs. However, the new
| Smart NIDs have their fair share of issues from what I
| heard. I moved out of Lumen territory so have no
| experience with them.
| bauruine wrote:
| Consumer routers are all extremely limited when it comes to
| many connections. Even an Ubiquiti UDM Pro only allows
| 65536 by default.
| RicoElectrico wrote:
| Yeah, I'd love this. My HALNY ONT doesn't support hairpin NAT
| which complicates accessing stuff exposed outside from home.
| xattt wrote:
| I'm counting myself lucky dealing with Bell Aliant who issue a
| router with an SFP stick. I've pulled it and stuck it into an
| Edgerouter X SFP. They do split their IPTV, VoIP and Internet
| networks onto various VLANs, but that's about it. No weird
| authentication hacks like PPPoE either.
|
| Just MAC authentication and go..
| Kipters wrote:
| This has been the case in Italy since 2018, but I'm OK with
| ISP-provided ONTs to be honest, as long as I can use my own
| router.
|
| The problem here is that the ISP will try to avoid giving any
| kind of support (even when the problem is on _their_ side) if
| you opt into BYOD.
| justahuman74 wrote:
| Being forced to used an ISPs fiber router can be frustrating, I
| hope we can get regulations to force BYO
| CharlesW wrote:
| Are some ONTs routers? Mine (Calix GigaPoint GP1100X) is not.
| appendix-rock wrote:
| I'm pretty sure that 95% of the positive responses to this
| thread are people that are conflating the two, and 4% are
| people overstating the utter importance of running your own
| ONT, conflating "it sounds fun for a select few mega-nerds
| and we should regulate for that" with "meaningful consumer
| choice".
| jeroenhd wrote:
| Yes. Several ISPs I've used sent out routers with integrated
| fiber connectors, no separate ONT. Their routers weren't
| terrible enough for me to want to replace them immediately,
| but not everybody gets a ONT+router combo from their ISP.
|
| I think it's often more a "router with ONT built in" rather
| than an "ONT with router built in".
| danieldk wrote:
| This can be a good stopgap, but the solution is to lobby for a
| law that mandates free ONT/modem/router choice.
|
| We have such legislation in NL and the ISP is required to make it
| possible to use your own equipment.
|
| Coincidentally, I had my ISP register my Fritz!Box Fiber 5590 as
| my ONT yesterday, so I have it directly hooked up to XGS-PON with
| their SFP+ module (no more Genexis ONT \o/).
| sulandor wrote:
| > I had my ISP register my Fritz!Box Fiber 5590 as my ONT
| yesterday
|
| what did registration entail and how long did it take?
| t0mas88 wrote:
| Also NL here, my provider has a self service online form for
| it. Takes only a few minutes.
| tootie wrote:
| Why? Is there an advantage to using your own ONT? Is it just a
| personal freedom thing or are there features you can unlock?
| aidenn0 wrote:
| I'm not on PON, but on DOCSIS cable, the advantage to using
| my own modem is:
|
| 1. When it breaks, I don't have to wait for weeks for the
| cable company to send someone to replace it. I just keep a
| spare on my shelf and can be back up in minutes.
|
| 2. Cost: buying my own pays for itself in 6 months.
|
| 3. Disintegration: This is more recent, but I've heard from
| neighbors that the cable company lately doesn't want to rent
| a modem, only an integrated WAP/router/modem.
| kuschku wrote:
| > Is there an advantage to using your own ONT
|
| Some customers might want a dedicated ONT, some might want an
| SFP+ module, some might want one integrated into their
| router.
|
| Some ISPs only allow registering one ONT per account and
| don't allow changing ONT serial. With your own ONT you can
| have a hot spare available if one fails.
|
| Some ISPs restrict access to ONT information, with your own
| ONT you can log connection quality data into grafana and
| setup alerts.
|
| The ONT is directly accessible from the ISP's network, some
| ISPs haven't provided updates for their ONTs since 2016. With
| your own ONT, you can ensure you're always patched and
| secure.
| theideaofcoffee wrote:
| GPON is one of those technologies that should have been drowned
| in the bath before the spec even made it out of its ITU
| committee. It's just yet another patch papering over how cheap
| the ISPs were and how they continue to be. Yes, let's add another
| layer on top of all of the other layers. Now however many
| millions of links out to subscribers are hamstrung with that
| decision to split the physical layer up and throw in nonsensical
| TDM into the mix as well. Good luck squeezing much out beyond 25g
| in the future, you're just gonna have to rip all of that fiber up
| anyway and do home runs. Might as well have done it up front with
| all of the billions that have been given away to the littly piggy
| piggy ISPs.
|
| I made a comment a few days ago about how I despair when I see
| anything modern datacenter related. I get the same sort of
| revulsion when I look at the list of all of the gpon hardware on
| that page and thing: how much duplicated and wasted effort has
| gone in to making dozens of different models of the exact same
| thing. A thing that's not really even needed if a halfway-
| competent ISP made an investment that's more than the absolute
| minimum required.
|
| Nice directory democratizing some good reverse engineering,
| though!
|
| </end soapbox>
| the_mitsuhiko wrote:
| I didn't really understand the criticism. PON is just fine. I
| have an XGPON ONT and previously there was a GPON ONT.
| Upgrading was just getting one from the ISP after they upgraded
| the splitter. GPON and XGSPON can live simultaneously.
|
| I don't think we will ever hit the limits of PON quite frankly
| and swapping out PONs for newer and better standards is rather
| trivial.
| theideaofcoffee wrote:
| It's equivalent to an old POTS party line, just with some
| makeup covering its shambling corpse (read: ITU G-number) and
| a bit more razzle-dazzle after strapping on some lasers. We
| can do better!
| jojobas wrote:
| What are the alternatives with passive splitter hardware
| that can work underwater if shit happens?
| the_mitsuhiko wrote:
| > It's equivalent to an old POTS party line
|
| I strongly disagree. On a party line information flows
| along the copper cable to every connected endpoint
| bidirectionally. While it's true that incoming information
| flows to all subscribers, never does information that flows
| out and you only get scrambled data even on the incoming
| stream. So if you're trying to make a security argument:
| the system is also safe on a physical level.
|
| > We can do better!
|
| Depends on what "better" is. I was quite critical of PON in
| the past but I have come around. Practically at this point
| I think PON is a better way to run networks in most places.
| At one point you hit a bottleneck anyways and not having to
| run individual fibers makes for a more resilient and
| cheaper system.
| stephen_g wrote:
| Yes, exactly like one of those old copper POTS party lines
| - remember how providers could easily supply a reliable
| symmetrical multi-gigabit service over those (like we can
| with XGS-PON) and how they theoretically could use DWDM to
| move hundreds of gigabits over them? No??
| greyface- wrote:
| I don't like PON either, and I applaud your soapboxing about
| it, but IMO this overstates the extent of the impending 'rip it
| all out and replace it'. They can keep most if not all of the
| fiber runs, and just switch the PON muxes out for DWDM muxes
| when they need a home run link to each customer.
| theideaofcoffee wrote:
| Yep, you could hack in some DWDM and scale with the
| capabilities of those endpoints, but at the end of the day
| it's still running over a shared medium. I don't think it's
| all impending doom and gloom, just a design decision that I
| think will not age well. It will be done eventually though I
| think.
| the_mitsuhiko wrote:
| > but at the end of the day it's still running over a
| shared medium
|
| Everything is eventually a shared medium. You don't have
| your own fiber all the way to Facebook. So the question is
| just at which point do you share and that should be a
| decision made on throughput and cost.
| jandrese wrote:
| Yeah, as long as your ISP link isn't the bottleneck then
| it doesn't really matter if they are not as fast as they
| could be. I'm running on the cheapest FIOS plan and I can
| count on one hand the number of services where it is the
| bottleneck. In fact I can only thing of one at the
| moment: Steam, and even then only sometimes. Even then
| the difference is downloading a game in 12 minutes
| instead of 10 minutes assuming it isn't release week on a
| big game and the servers are slow.
| praseodym wrote:
| Fiber investment in The Netherlands from the big telcos is now
| fully based on XGS-PON. Many homes that already had fiber
| installed do have the technically superior AON (a dedicated
| fiber to the home), but it seems like investment in this
| infrastructure has stopped.
|
| The current situation is one where XGS-PON users can get 5Gbps
| subscriptions, whereas AON users are stuck at 1Gbps - seemingly
| because the telcos aren't upgrading their point-of-presence
| hardware to support anything beyond 1Gbps.
| sulandor wrote:
| > whereas AON users are stuck at 1Gbps - seemingly because
| the telcos aren't upgrading
|
| poor souls, though can we care about the low-end first?
| the_mitsuhiko wrote:
| > poor souls, though can we care about the low-end first?
|
| What is the low end? Austria has a similar problem. There
| are some quite old and unmaintained AON networks where
| people are stuck with 100MBit whereas even G.Fast copper
| eclipses that in some cities at this point.
| sulandor wrote:
| > What is the low end?
|
| from my pov: <100mbps
| the_mitsuhiko wrote:
| > from my pov: <100mbps
|
| Sure, but it's pretty ironic if you are stuck on a
| 100MBit fiber connection and a few buildings down you get
| 300MBit over twisted pair. And the problem with AON
| losing support is that you often can't find an
| independent ISP that would actually give you service over
| that AON you have.
| jeroenhd wrote:
| The low end doesn't have to deal with AON vs GPON. They get
| DSL or DOCSIS, or if they're unlucky dial-up.
|
| And when the poor souls on slow internet do get upgraded,
| AON vs GPON suddenly decides if they can get upgraded to
| the new higher speeds in the next ten years or not. 1gbps
| may be relatively slow in 10 years, but with a widely
| spread GPON you're not getting much more out of that, while
| with AON entire neighbourhoods can be upgraded by replacing
| a single rack in the local POP.
| the_mitsuhiko wrote:
| > but with a widely spread GPON you're not getting much
| more out of that, while with AON entire neighbourhoods
| can be upgraded by replacing a single rack in the local
| POP
|
| Except in a few places it has been exactly the other way
| round. AON networks in Austria for instance have been
| built a few years back, some random companies ended up
| owning that infrastructure and don't upgrade. On the
| other hand the incumbents have built fiber, have rolled
| out GPON and have in the meantime upgraded to XGS-PON
| whereas many on AON got stuck. It's slowly moving but
| very gradually.
| martijnvds wrote:
| They've also started replacing AON with XGS-PON in some
| areas, by putting all the fiber combining/muxing devices you
| need for that inside the AON POP building (and sending out
| new devices etc.)
| the_mitsuhiko wrote:
| Even if you have AON you might have XGS-PON behind the
| scenes. In Switzerland end user fiber is AON more or less
| by regulation, but they just deploy the XGS-PON splitters
| in the COs.
| t0mas88 wrote:
| For a while the maximum connection speed I could order was
| limited to 1 gbps. No XGS-PON here, the fiber rollout was 20
| years ago in my neighbourhood so it's still the older
| standard. But interestingly they're now offering 4 gbps
| connections on the older standard as well.
|
| I'm not sure how many home users order that, given the extra
| cost of 10g switches, NICs etc and then 90% of usage being
| via WiFi that only just makes it to 1 gbps. But it makes a
| lot of sense for businesses with multiple users sharing one
| connection.
| formerly_proven wrote:
| Do they actually bury PON components? Because around here
| they don't. Fiber runs from homes to their concentrators and
| those house both the PON splitters and the OLTs. There's some
| roadside boxes as well but afaik they're only for splices,
| because those aren't buried, either.
| sulandor wrote:
| i dislike shared media and overly complicated mac as well as
| the next guy.
|
| 25gbps being "short sighted" is a bit of a stretch imho
| (running with 100mbps dsl and not feeling disadvantaged yet)
| zokier wrote:
| I'm no fan of PONs myself[1], but realistically they do still
| represent more than order of magnitude improvement over copper
| (or wireless _shudder_ ), while also proven to be very
| economical to deploy. Lets remember that perfect is the enemy
| of good, I'd much rather have PON with 90% household coverage
| than active fiber with 10% coverage.
|
| Practically also with 50G PON already being standardized and
| 200G in the horizon it will take decades before the limitations
| will be relevant; with typical 1:32 split you get comfortably
| 1G service to subscribers. I do expect gigabit connectivity to
| be generously good for 99% of users for long time.
|
| It is also noteworthy that while PON was originally
| standardized as asymmetric, it seems like ISPs have had a
| change of heart and are widely deploying symmetric PON (i.e.
| XGS-PON). I don't know what is driving that change (Twitch
| streamers and Youtubers? :D) but I'm happy about that.
|
| You blame ITU for PON, but IEEE has been pushing EPON
| (ethernet-PON) for almost as long (GPON ratified 2003, EPON in
| 2004). Ultimately standards organizations are driven by
| industry, not the other way around. With the industry having
| some very big players in it, I have no doubt that PONs would
| have happened regardless of their standardization status.
|
| While PON is shared medium which is conceptually yucky, in
| consumer world its impact is less because lines are massively
| oversubscribed anyways. It doesn't make much difference if you
| have PON or active fiber if the bottleneck is the uplink.
|
| [1] https://news.ycombinator.com/item?id=41634415
| hacst wrote:
| Some providers do what imo is a best of both worlds approach
| here: Every customer has a full fiber run to the PoP, but there
| they use GPON to save on the active components. The actual
| fiber is pretty cheap compared to actually bringing it into the
| ground and that way you retain full flexibility.
| snvzz wrote:
| All I want is to replace the accursed ISP's integrated
| GPON+router box.
|
| Visited site, and tried to find SFP+ GPON modules that can do
| 2.5gbps.
|
| It doesn't seem to have a simple list of SFP modules at all. Wtf?
| sulandor wrote:
| maybe try fs.com
| avhception wrote:
| Funny, I just got my own GPON-capable SFP (a Zyxel pmg3000-d20b)
| last week.
|
| Finally got a fiber connection from Deutsche Telekom 2 months
| ago, after almost 5 years of waiting and a huge amount of fear
| and loathing. At one point, they threatened to cancel my order,
| claiming a certain subcontractor was unable to reach me. Of
| course that subcontractor had already done it's job months ago at
| that point. And this is just one of the many, many shenanigans
| that went on during those years.
|
| At the moment, I'm using a Fritz!Box 5530 Fiber directly hooked
| up to the fiber with the AVM-supplied GPON interface. But I'm
| planning for the Zyxel SFP to go directly into my homelab server
| and route from there :)
| wslh wrote:
| I just want to say thank you! This is truly great work and could
| be an inflection point for fiber optic ISP consumers. Many people
| have been quietly seeking this solution for years, without
| finding a response. For those unfamiliar with what this means,
| take a moment to understand that many of these acronyms and
| technologies have been part of your fiber optic connection
| without you even realizing it.
|
| I'd also like to mention that the 'workaround' for many was to
| use the pass-through option in their routers, but not all ISP-
| provided routers offered that feature!
| sschueller wrote:
| I am so glad that here in Switzerland the government went after
| the large ISP that tried to install only P2MP instead of the
| decided on standard of P2P for fiber.
|
| https://blog.init7.net/en/die-glasfaserstreit-geschichte/
| misterdata wrote:
| In my neighborhood (Netherlands) it appears the fiber network
| is physically point-to-point (subscriber to ODF), but is
| operated as XGS-GPON (so all subscribers see the same light
| signal so to say, but each over their own ptp fiber from the
| ODF). So point-multipoint only at the active layer.
|
| I was told that this is because the company who is rolling out
| the fiber wants to make the network as attractive as possible
| to ISP's who want to offer services over it (and wants them to
| compete) which may be more difficult in an actual physical
| point-multipoint network (which requires PON). The ISP
| currently likes PON more than AON (basically Ethernet over
| fiber to a switch) because the equipment is cheaper. In theory
| I should be able to switch to an ISP who offers AON or its own
| PON (they'd only have to physically patch my fiber in a
| different port at the ODF).
| the_mitsuhiko wrote:
| Even in Switzerland there were attempts of not building out
| AON. Swisscom was hoping they can get away with just having
| XGS-PON all the way to the customer and the other ISPs were
| also in favor of that (other than init7 which does not
| actually lay any fiber). The cost of P2P is pretty
| significant.
| sschueller wrote:
| ~CHF 65 more per connection is the cost difference that was
| calculated. For a de-facto future proof connection that
| should be considered insignificant.
|
| Swisscom pissed away millions of tax payer money after the
| government ordered an injunction to stop building out on
| the P2MP network. All they did was continue but just not
| connect those lines hoping they would win the court cause.
| FrankSansC wrote:
| GPON = Gigabit Passive Optical Network ONT = Optical Network
| Terminal OLT = Optical Line Termination SFP = Small Form-factor
| Pluggable
| bauruine wrote:
| ONT = The device you have at home where the fiber goes in
| (router / modem)
|
| OLT = The device where the fiber goes in on the provider side
| dstroot wrote:
| OMG Thank You!
| ta1243 wrote:
| OMG?
| kubanczyk wrote:
| good ol' Object Management Group
|
| > The Object Management Group(r) Standards Development
| Organization (OMG(r) SDO) is a global, open membership,
| non-profit consortium.
| sylware wrote:
| GPON has been such a bad idea...
|
| One fiber, One ISP port has always been the right way.
| jesprenj wrote:
| I disagree. GPON is WAY cheaper to deploy.
| sylware wrote:
| The right way does not mean cheaper.
| cycomanic wrote:
| Why is one fibre (actually you'd probably like 2 for
| upstream and downstream) to one customer the way to go?
| Even with >100 customers on a single fibre it should be
| possible to get everyone on 100 Gbit/s (although there are
| currently no standards for it). That will future proof for
| a long time.
| edude03 wrote:
| I'm a bell customer in Canada and it used to be the case that the
| ISP provided modem had a CPU too slow to run PPPoE at a gigabit
| despite the ISP selling plans up to 1.5gb/s (it could only do
| 600mb/s or something but don't quote me). That model has a sfp
| ont and so you could swap it into something else with no hacking
| but now you can only get the model with the ont built it. The new
| model is better hardware wise but just as bad software wise so it
| feels like a step back in practice.
|
| I think selling users SFP ONTs is probably the right balance of
| ISP control vs allowing customer freedom
| jesprenj wrote:
| Where I live, you can replace an ONT easily. GPON in my small
| country is only secured with the ONT serial number and a static
| well known password.
|
| From a security perspective, that's perfectly fine. No one is
| going to hack their own neighbours or dig out fibre cables. From
| a usability and freedom of hardware choice, that's even better --
| SN is written on the ONT and can be easily input into another
| ONT, unlike passwords and encryption keys that are largely
| unnecessary and only complicate things, providing little security
| because no one will hack GPON infrastructure.
|
| You run into problems, however, if you are subscribed to
| telephony. It's possible that the ONT will handle VoIP for you
| and provide you just with a RJ11 jack. In that case, you can't
| easily swap your ONT. But for IPTV and Internet, it works out of
| the box.
| daveoc64 wrote:
| I have an XGS-PON ONT at home (an Adtran SDX 622v) to support the
| symmetric 8Gbps connection I have, but it's so basic that I can't
| really see what benefit there would be to replacing it or hacking
| it.
|
| It just works, and I can plug my own router in to it.
| Stem0037 wrote:
| I wonder how ISPs would react to this. They're usually not
| thrilled about customers messing with their gear.
| bigfatfrock wrote:
| I can only pray this births a ddwrt equivalent for fiber ONTs.
|
| I'm caretaking for my parents who are on ATT fiber with their
| giant scary black box ONT, and am consistently paranoid of what
| it is attempting or is doing on their network. This would be a
| great way to gain more transparency in its operation and possibly
| open useful features.
| the_mitsuhiko wrote:
| > with their giant scary black box ONT, and am consistently
| paranoid of what it is attempting or is doing on their network
|
| But is this different from network equipment deployed
| somewhere, where you don't see it? There are AON networks that
| are just a PON behind the scenes but you don't see that.
| somat wrote:
| The ont should not be on their network.
|
| The normal state of affairs is
| demarcation point isp network | your
| network
| ---[fiber]---(ont)===[copper]===(router)===(wifi ap)
|
| Now having laid out that nice neat little diagram, this is the
| real world Things are messy, there is a real desire to
| consolidate boxes. If your network looks like below, My
| condolences, it sucks when you don't know where the demarcation
| point is. And I agree, In those cases it should probably be
| demarcated at the fiber line coming in.
| Demarcation point ? ? ?
| ---[fiber]---(ont/router/ap)***[2.4GHz]***
| bayindirh wrote:
| My ISP called me a while back and told me that they're
| decommissioning all copper infra, so it'd be better if I switch
| to fiber. I said OK.
|
| They brought in a Nokia GPON ONT, and a new Zyxel router. I
| protested against the router, and I was ready to bypass it with
| bridge mode (whiich it allows), but with a reliable, powerful,
| and flexible WiFi6 router with better coverage than my WiFi5 one
| won over me, and I left it in service.
|
| The thing is a beast with 4 different SSIDs plus a guest network,
| full gigabit ports and reliable operation. Plus it terminates my
| POTS line, too. It can handle the full 1000/50 mbps network
| without even getting warm, either.
|
| So all in all, it's not a bad device overall, and I'm a happy
| camper.
| WarOnPrivacy wrote:
| > It can handle the full 1000/50 mbps network
|
| Your fiber is asymmetrical (not 1g/1g) - like low-latency
| cable?
| bayindirh wrote:
| Actually, the hardware symmetric capable, but they don't
| provide symmetric service (yet?).
|
| I think the two reasons are market segmentation and
| preventing people from running services from their homes.
| 50mbps is enough uplink for what I do, and I don't care about
| providing services or self-hosting from home.
|
| I have enough experience to run my services somewhere else on
| an isolated network and absorb the mayhem outside my home
| network.
| packetlost wrote:
| GPON is the most commonly deployed FTTH technology and is
| _not_ symmetric, though it should be much closer than a 20:1
| down:up ratio, much closer to 2:1 IME.
| tguvot wrote:
| a bit more practical guides for those who want to swap ONT to SFP
| https://pon.wiki/
| netsharc wrote:
| The fat warning about optics make me realize a fibre optic cable
| can transmit light straight to the ISP's box (or can it?), and
| that it might be possible to shoot a laser to do some damage at
| the other end of a communication link, however little.
|
| That makes me think of this Danger 5 scene:
| https://www.youtube.com/watch?v=rDhrjKZprOo
___________________________________________________________________
(page generated 2024-09-25 23:01 UTC)