So Covid-19 has led to many people working from home on an extended basis, and I am in that camp. For most of the time I have found my Broadband provider, Plusnet, to be reliable. However, in recent weeks this has substantially degraded to a point of having 30-60 dropouts a day. The pace of Plusnet’s combined with OpenReach’s support team has, in all honesty, left a lot to be desired and I am contemplating whether I’ll be a long-term customer.
On the positive side, two visits from BT OpenReach engineers has provided a wealth of information about how they deliver the service, and some useful insights. Lots of work in the VDSL cabinet and line tests took place but the source of random dropouts was continuing to evade both me and the BT OpenReach engineers. Error correction has been upped to medium level and the line has been banded by Plusnet. A setting on the VDSL cabinet green port, allocated to the property, was remotely changed from the Diagnostic Centre of Excellence, all the way over in India, last week.
I was hopeful that with BT OpenReach involved the fix would appear quickly before I started to have to spend money on workarounds. I am still none the wiser, and reluctantly have tried to find alternative solutions, with the expense ensuing.
The first solution (the ultimate insurance policy) I cobbled together was to dispense with VDSL completely and use another bearer, the obvious and economical choice being 4G and a hotspot. Fairly standard stuff and easy to get going on Android. Yet I wanted to achieve something more than a laptop link up to my hotspot. As the house has a mixture of Fast Ethernet cabling and several 802.11 SSIDs, I wanted to integrate the lot into the Android AP without breaking the bank - the idea being that all devices in the house from TV to DVD player would use the hotspot as a bearer.
It was easy to do this as some time back in Q1 I had installed a Juniper SRX as the perimeter firewall relegating the ISP VDSL router to become a glorified VDSL modem. I bridged network (and down-stream 802.11 APs) from the SRX WAN port using a Netgear N300 WiFi extender. A simple re-IP and connection of the WAN port to the N300 switched all connectivity to a hotspot running off my Android phone.
This worked fairly well, and was easily usable for Internet traffic, my WFH VPN, and some AV applications such as WebEx. The downsides are relatively high latency and a perhaps 4G network that is not expecting 15+ hard-wired Ethernet devices and WiFi, streaming sticks, and Sky Q, to be presenting themselves through your Android handset. The Android OS build hardcodes IP address space as 192.168.46.0/24, with 192.168.46.1/24 as the gateway, and it is not easy to change it but easy enough to transfer this into the SRX configuration. The configuration I opted for in the N300 was to present the Android AP hotspot under a new SSID albeit with the same key. Moving the handset around to get the best signal became an occasional task. Finally, days of unlimited cellular data seem to be long gone, so I started to rapidly chew through my data allowance, which was the most expensive downside.
Looking at my Plusnet router constantly disconnecting and, it seemed, restarting itself, became frustrating. So, I took on board the positive remarks about the DrayTek product line from OpenReach and sourced a second-hand DrayTek 130 from eBay (https://www.draytek.co.uk/products/business/vigor-130).
This is an ADSL & VDSL2 (FTTC/BT Infinity) Ethernet Modem capable of bridging single IPs or subnets. It also has support for MTU1508 Jumbo Frames, and VDSL vectoring. The beauty of the DrayTek 130 solution is there is no dreaded NAT, so one less point of failure. As a bridging modem it also lacks 802.11, switching and routing functionality, and multimedia support. It is probably the best match to my requirements, dispensing with features I had no need for.
This then makes the Juniper SRX the true perimeter device, exposed to the Internet. This requires PPP over Ethernet functions to be configured and active on the WAN port, as opposed to Ethernet and TCP/IP stack previously needed for the Plusnet router. Phil Lavin’s notes on this were extremely helpful, proposing the following configuration:
interfaces {
ge-0/0/4 {
description "Plusnet Off-Net WAN via Zyxel Modem";
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "your-password";
local-name "yourusername@plusdsl.net";
no-rfc2486;
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/4.0;
idle-timeout 0;
auto-reconnect 10;
client;
}
family inet {
mtu 1480;
negotiate-address;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
security {
zones {
security-zone public {
interfaces {
pp0.0 {
host-inbound-traffic {
system-services {
ping;
traceroute;
ike;
ssh;
}
}
}
}
}
}
flow {
tcp-mss {
all-tcp {
mss 1440;
}
}
}
}
Source: https://phil.lavin.me.uk/2017/04/juniper-srx-pppoe-configuration-for-plusnet-adsl/
My approach was to use the setup wizard in the SRX to write out the configuration file and as much of the PPPoE configuration that it could, in an attempt to minimise syntax errors in a rather nested configuration file. Then I used the interactive editor to modify the configuration to match Phil’s notes, except for removing the exposed services under "zones > security-zone public > .... > system-services" and leaving the static routing configuration as the SRX created. The username and password were those required by Plusnet.
On the DrayTek 130, the indicator lights are as follows:
Apart from that, it is a plug and play unit with no requirement to access a management interface. Nevertheless you can, and I did, access the interface by using a DHCP-enabled client over Ethernet to apply firmware updates. After deploying the updated configuration to the SRX, viola – the connection came up with ACT flashing, LAN steady/flash and DSL steady. A quick external port scan to detect open ports on the SRX and the job was finished.
Having switched everything back to VDSL, the DrayTek 130 seems to be very stable, without any of the difficulties encountered by the Plusnet One router. My development server on the network runs some home-grown latency scripts and a throughput tester, so I will get some results from that over the next 24 hours and I will update this blog post.
So how much has all this cost? More than I'd prefer as I naturally expect Plusnet to provide kit that works! Cost-wise, the 4G option was £20 for the outlay for a new Netgear N300 and a monthly contact for Lebara of around £15 pcm. The Draytek 130 was second hand for about £40, though they retail new for over £100.
Incidentally, I did not entirely abandon the idea of using cellular data for the house. Some searching around highlighted Lebara offer an unlimited SIM only deal, with no contract, for around 15 GBP per month. Putting this into an old Android handset together with the N300 gives me some fallback in the event of further woes and provides a useful mobile hotspot.
The SRX, interestingly, has an RPM probe capability down to a per-second resolution. This conceivably would allow automatic failover within the SRX itself for two WAN ports – one the VDSL DrayTek and the other the N300 that uplinks to the Android AP. So it might be possible to integrate both approaches as a cheaper alternative to something like BT 4G Assure.
The nice capability in using a VDSL modem in this way is that you can cater for a subnet and not only a single public IP, and present this to firewall. This is helpful if you need to offer Internet services and/or segment outbound traffic in some way.
November 24, 2020