This isn't necessarily operational content, so I apologize in advance for the noise and thus encourage off-list replies (and/or flames).
I figure the NANOG demographic might be able to point me in the right direction seeing as how far reaching into the industry the readership is.
I'm doing research on potential FTTH CPE vendors and I'd like to poke around for some potential vendors to see who I've missed.
The feature wish list more or less looks like so:
- Small, wall-mount'ish form factor
- 6-8 wire speed 10/100/1000 LAN ports
- Generic consumer grade NAT/Firewall
- Fixed BX WAN port
- 1-2 POTS ports with SIP UA
- TR-69 support for full CPE configuration (User features/configuration and SP features/configuration)
- No Wifi (or the ability to disable it from the SP provisioning side)
- DHCP client
- 802.1q on LAN and WAN ports
- Multicast
- -48v input
- Per VLAN egress shaping/policing over WAN port
- DHCP option 82 support
If anyone has something like this in the field or knows of a vendor who can meet these requirements in some fashion by product line or custom build, please drop me a line.
Also, if anyone knows of any NANOG'esque FTTH lists, I'd welcome a subscribe URL.
Why? As long as it can be a transparent router, why would it need to be
a bridge?
Layer 2 CPE capability is a big deal, especially if you're doing unrouted multicast (see many TV/VoD over ethernet platforms for details). But it's also nice for handing the customer a layer-2 service port like they're used to getting, if they want it that way. The routing engine in CPE's is often simply not as capable as the bridging mechanism, so there's an end-user experience to consider.
It's also worth noting that this feature will probably become less important as IPv6 and DHCP6-PD becomes more widely deployed. Until then, the extra routing in IPv4 starts to chew up some serious address space if you're rolling out thousands or more of the CPEs. See most national ISP's CPE configuration if you think it's unusual to want to hand off services on a bridged interface- it's not, at all.
If they could get routed static IPv4 rather than bridge, why wouldn't they
be able to terminate IPSec VPNs? Note I did say TRANSPARENT router.
That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address,
that's a waste of a /30 block (sans routing tricks requiring higher end
customer equipment). Multiply that by the number of residential customers
you have and that's bordering on mismanagement of your address space.
If you're dealing with business customers, then your usage versus wasted
ratio is much higher and less of a concern, but what's the point? Are you
trying to cut down on a large broadcast domain?
For residential use, for users currently requesting one public address,
that's a waste of a /30 block (sans routing tricks requiring higher end
customer equipment). Multiply that by the number of residential customers
you have and that's bordering on mismanagement of your address space.
If you're dealing with business customers, then your usage versus wasted
ratio is much higher and less of a concern, but what's the point? Are you
trying to cut down on a large broadcast domain?
Any rational layer 2 access gear regardless of the technology (DSL, FTTx, wireless, or DOCSIS) will/can handle layer 2 isolation already.
Hobby horse: please make sure it support bridge mode? Those of us who
want to put our own routers on the wire will hate you otherwise.
Why? As long as it can be a transparent router, why would it need to
be a bridge?
Ask a Verizon FiOS customer who wants to run IPv4 VPNs.
He didn't say IPv6 only, right?
I have a couple of customers who can't get bridge mode on residence FiOS
service, and therefore can't run their own routers to terminate IPsec.
If they could get routed static IPv4 rather than bridge, why wouldn't they
be able to terminate IPSec VPNs? Note I did say TRANSPARENT router.
That would mean no NAT and routed static IPv4.
For residential use, for users currently requesting one public address,
that's a waste of a /30 block (sans routing tricks requiring higher end
customer equipment). Multiply that by the number of residential customers
you have and that's bordering on mismanagement of your address space.
You say waste, I say perfectly valid use.
If you're dealing with business customers, then your usage versus wasted
ratio is much higher and less of a concern, but what's the point? Are you
trying to cut down on a large broadcast domain?
Why is it less of a waste to allocate a /30 to a business using a single public
IP than it is to a residence? This makes no sense to me.
I simply prefer the additional troubleshooting and other capabilities given
to me in a routed environment in most cases.
IPSEC Not so common. At least it's easy enough for them to be the
initiator, in most cases, and IPSEC NAT-T works great.
Much more common application would include PC gamers, xbox live, remote
desktop, slingbox, windows home server, and torrents.
Granted, some of these support UPNP (if your router does too...), but others
simply do not do so as easily, or prefer a more static external access
solution.
I must be having a senior moment, but what in the world is a "transparent
router" and how is it different from running in bridged mode? (Note that if if
it's transmogrifying the packets in some way, it's not really transparent, and
if it's not, it's basically bridging...)
A transparent router (sorry, poor choice of terminology on my part) is a router
which doesn't NAT or become selectively opaque (firewall). In other words,
it forwards packets and it doesn't do any other arbitrary things to them at the
whim of the ISP, but, rather passes along what the customer gives it to the
ISP and vice versa without interference.
It differs from a bridge in that it terminates the collision and broadcast domains
on either side of it.
I'm confused as to why the definition "router" exists to describe a
device that NATs/selectively firewalls traffic, where "transparent
router" describes something that just routes traffic.
You don't have to use bridge mode for this (and the Actiontec router VZ supplies with FiOS is capable of doing bridge mode, but unless you jump through some fairly esoteric hoops, doing so breaks the guide and VOD, trust me on this...oh and you have to jump through them every time you reset the damn thing for any reason). I set mine with my D-Link as the DMZ host and forward all traffic on all ports unimpeded to it, and it works; Poor Man's Bridge, but it works.