I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to businesses.
Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs.
However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money.
Here are my questions:
1. Is it really accurate that the customer’s address is tied to the modem/router?
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
I’m wondering if some can share their experiences or maybe there’s an AT&T
person here who can confirm policy.
I work for SaaS provider who requires a source IP to access our system to
businesses.
That is probably a problematic practice.
Normally we tell the customer to request a “Static IP” from their
provider. That term makes sense to most ISPs.
However, we’ve recently worked with an AT&T higher-up tech who told us
that every U-Verse modem is locked to an address even when set to DHCP and
will not change unless the unit is changed. Ordering a “Static IP” from
them means your devices will individually get public addresses, which isn’t
a requirement for us, isn’t quite as easy to add multiple devices and costs
our customers more money.
Here are my questions:
1. Is it really accurate that the customer’s address is tied to the
modem/router?
2. For my curiosity, is this done through a DHCP reservation or is there a
hard coded entry somewhere?
3. Do all U-Verse modem/routers behave the same way? This particular unit
was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
---
Keith Stokes
AT&T addressing has been detailed here in some ways.
I am not sure how accurate it is or at what state this has been deployed
But, it is possible that AT&T does not have IPv4 static addresses to assign.
People need to really stop using Source IP as an ACL mechanism
whereever possible. Have you considered using SSL certs or SSH keys
or some other sort of API key instead? I'm mean, do you really want
to have to know how the technology of every ISP that every possible
SaaS customer may use to access your service is set up?
Access is not the only reason we ask for non-changing source IP addresses.
I’m not arguing the long-term sensibility of the approach. It’s arguably a legacy app and has 5000 endpoints that we have to still support until different solutions on our side are complete. That process is outside of my control.
AT&T calls it "Sticky IP address." A U-Verse Residential Gateway tends
to get the same IP address from DHCP, for months or years, but its not guaranteed. An subnet may change anytime wihout notice for the convience of network engineering, i.e. splitting on a new DSLAM slot, moving equipment in CO's, replacing the RG hardware, DHCP server changes, etc.
If a cusomer wants assurance and notification about future IP address
changes affecting their IP address assignment, they will need to pay for U-Verse "Static IP address" service.
I've had AT&T UVerse for 3 years now and it has changed at least twice
since I got it. The DHCP address has an expiration of ~7 days and it
usually keeps the same address upon renewal but a few times I have noticed
that it's changed. I wouldn't trust it to be static forever.
I have AT&T u-verse small business connection at my office with a static IP setup, and my experience matches with the AT&T tech said. We have a separate router behind the AT&T router. The AT&T router is an Arris (former Motorola) NVG595. Our router has a static IP out of our subnet and does NAT for the office network.
As far as I can tell, the u-verse supplied router cannot be replaced with something less sucky. The problem is getting the 802.1x certificate needed to authenticate on the wan port.
I dislike AT&T's hardware as it has more limitations than just this, but some of those limitations can be worked around with an additional router downstream of it.
“Forever” is a long time. We’re shooting for not having to change people’s address multiple times per week while still trying to help them save costs by not paying extra for “official" static IPs.
Changing every 6 months as some have pointed out as their experience is perfectly acceptable to us.
1. Is it really accurate that the customer’s address is tied to the modem/router?
To the 802.1x identity of the device, yes. That's the unit serial number, which (partial) contains the MAC.
2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere?
No. It's just "plain" DHCP. Until the pool is depleted, addresses don't get recycled. So, even if your address were released, it would take days before it would be assigned to someone else. (which DOES happen, btw)
Addresses are *NOT* hard coded. You can order (and pay for) a static subnet that is routed to whatever dynamic link address you get. That's the only "static" they offer.
3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit.
Yes. This is a fundamental part of the network. If you *do* manage to side-step their PoS hardware, your own router will experience the same addressing scheme.