[milankragujevic]

> I don't believe it's an ISPs role to be fiddling with the application level services of someone's internet.

It is not but it doesn't mean they won't do it. I am lucky enough to be unlucky enough to be using VDSL2, so I use my own CPE where possible, and often just disable the TR069 interface and CWMP functionality so the ISP can't break into my modem.

The reason for this is they often factory reset the modem if their automated auditing scripts notice something "forbidden", i.e. DMZ to my router, which causes me great inconvenience to have to log into the modem again and setup a DMZ. Same would happen if I was using (soft-disabled) Bridge mode.

So I just deny them access. On some modems I also download the config, change SSH and Telnet password (as well as "admin" and "telecomadmin" passwords for web UI), remove CWMP entries completely, and then restore the config so the modem won't connect.

Best part is, if I have a problem that I have to report to the ISP, I first factory reset the modem, it pulls the config via TFTP on TR069 interface, resets again and configures itself according to their wishes - then I try to reproduce the problem, and if it is present, I call them to open a support ticket. If it is not present, I roll back to my config and try to debug the issue on my side.

No harm to the modem, no time wasted for me.

Sadly this is not at all possible for DOCSIS cable modems nor GPON ONTs for fiber to the home service. There you're SOL if your ISP is being mean and displaying anti-user behavior.

[mnd999]

I didn't think TR069 normally works in bridge mode? It doesn't on my ZyXEL VMG1312-B10A anyway. Have to take it out of bridge mode to let the ISP mess with it. I'm with A&A (in the UK) though and they don't massively care what you run your end.

[milankragujevic]

It depends how they do TR069. My ISP has multiple interfaces, i.e. HSI (high speed internet, bridge or NAT PPPoE), Voice (bridge with ISP network, VoIP for phones), Voice_ATA (bridge with ISP network, VoIP via embedded ATA, modem acts as one IP phone), TR069 (through which CWMP communicates and also which exposes SSH, Telnet, HTTP and HTTPS management on an internal IP address, bridged with ISP network) and IPTV (used for IPTV STBs, bridged with their network).

All interfaces are separate, and if you bridge your modem it only bridges HSI on LAN1. Phone works, IPTV on LAN 2 and 3 works and of course TR069 works.

If on xDSL, ISP can see all stats on their end of the DSLAM, there is literally nothing to configure from the modem side, except maybe turn on/off certain modes, but by default they're all turned on.

[m01]

The way the Zyxel box is configured in modem mode on A&A results in it not having a globally routable IP address, since your router gets it instead. I expect this is a common way to setup modem mode, and it feels like the "correct default" way to do it.

This makes basic connectivity between the Zyxel box acting as a modem and the TR069 server challenging, though perhaps not impossible (you could, say, allocate a small IPv6 prefix to the modem, but I'm not sure if A&A's TR069 servers work over an IPv6 only connection).

[msh]

I have GPON fiber, to which the ISP supplies a fiber converter that puts out ethernet. I am supposed to attach my ISP router to that but there is no issue in replacing that with my own router configured to the right VLAN.

[milankragujevic]

That is uncommon, usually users get a single device that does it all and cannot easily replace the all-in-one with a media converter or single-port ONT.

[kogepathic]

My ISP uses GPON FTTH and anticipates you to use their all-in-one box they provide.

You can "easily" replace the Freebox, provided you can:

A) find the necessary ipip6 configuration for your region

B) you don't mind losing VOIP and IPTV

It should even be possible to retain IPTV if you route the correct VLAN to their set-top box, but I didn't care enough to go through that.

The amazing part to me is that (IMO) they are selling you a more expensive monthly subscription to get an all-in-one box with a less terrible WiFi implementation. [1]

The standard WiFi experience with their lower-tier all-in-one is terribad, which could easily be solved by buying a WiFi AP and plugging it into their box via Ethernet.

German ISPs do the same thing, by offering you the choice of a basic router or a Fritz!Box for a higher fee. In every instance I have seen, you're better off selecting the cheapest device your ISP will provide, putting it into bridge mode, and using your own router/AP via Ethernet.

[1] https://www.free.fr/freebox/

[kuschku]

> German ISPs do the same thing, by offering you the choice of a basic router or a Fritz!Box for a higher fee. In every instance I have seen, you're better off selecting the cheapest device your ISP will provide, putting it into bridge mode, and using your own router/AP via Ethernet.

That's true, but pretty much everyone chooses the Fritz!Box, cause they're just that great for the price. Easy to use, lots of functionality, and actually really great performance. For a home router, at least.

[milankragujevic]

But where do you plug in the fiber? Where does one even get GPON CPE on the market? And how do you clone the serial number of the ONU?

[xoa]

>Where does one even get GPON CPE on the market?

Plenty of places, and it can be fairly cheap. Here's Ubiquiti's selection for example [0], the basic one is $45-50 [1] (and less in quantity). I don't recommend Ubiquiti stuff much anymore because the company has gone to shit overall sadly, but for specific dedicated application stuff they're still a worthwhile data point. GPON into an SFP is interesting too.

>And how do you clone the serial number of the ONU?

Actually getting support from the ISP for your own CPE would often be the stickier wicket I suspect. My fiber comes from a nice local ISP I've worked with for 20+ years now, I can get right to senior techs and they're happy to do whatever, and indeed are happy to use me as a guinea pig for trying out equipment. Getting the right OLT profile and auth info was just a matter of contacting them. Of course for that very reason it's less important since they're not messing with anyone's stuff anyway. Maybe the kind of ISP you'd most want your own full stack for in most instances is also the kind that'd make it harder/refuse? Though sometimes I've been surprised and with dedication/effort one can slip through the cracks or find an SMB angle.

----

0: https://store.ui.com/search?mockup=gpon&q=gpon*

1: https://www.balticnetworks.com/ubiquiti-ufiber-loco-high-per...

[milankragujevic]

Yes, my point was that you cannot "just" use your own equipment. There are many hoops to jump through.

Also, most widely sold Unifi equipment is expensive, cheaper devices are very rare to find in limited markets.

I would not consider this available if I have to order it from another country and pay customs + wait weeks for delivery.

And again, the equipment has to be whitelisted by the OLT and most ISPs don't want to that. And cloning the S/N is difficult/impossible.

I think we have two different kinds of ISPs in mind. I'm talking about mass-market monopolies, and you're talking about "artisanal" small ISPs where you can walk into the CEOs office and pass a rack of routers on the way there.

[kogepathic]

The ISP provides a Fiber 10G-EPON ONU which plugs into their all-in-one. [1]

It is my understanding that subscribers with a Freebox Delta only receive this, since the Delta is SFP+ capable. Since I have the older Freebox Revolution the ISP provided me a media converter which accepts the ONU and provides a normal SFP port which can be plugged into a normal device with an SFP port. [2] Then, you just have to configure the ipip tunnel on your device and you're online.

[1] https://lafibre.info/images/pon/201012_SFP_Free_FTTH_10G-EPO...

[2] https://lafibre.info/gpon/olt-sfp-possible-revolution/msg433...

[milankragujevic]

That is not a common scenario, most people in the world get an ONT with an integrated ONU. For example Huawei HG8245Q2. So in your case obviously you can just plug in any router. But a lot of people get it all in one device. And most ISPs don't let you choose what CPE you get.

[wil421]

What’s worse having VDSL or DOCSIS/GPON and not being able monkey with your config?

[milankragujevic]

Having DOCSIS is the worst. The connection is unpredictably unstable and I personally reject any belief of a "tuned cable system" existing. It's all a mess. And by design since DOCSIS auth is done on the CPE (modem), the device is not trusted and you cannot use your own unless the ISP [is forced to] allows it and whitelists it.

So DOCSIS is hell.

GPON is ... depends. The technology is great, but some ISPs can and will ruin it because they're greedy and shortsighted. Someplaces you can get a bridge CPE (ONT) that does have remote access but doesn't allow configuration, someplaces the ONT itself is fine (i.e. HG8245 series for which too you can disable TR069 interface and CWMP and change the passwords - which I did), but someplaces you just get the "DOCSIS over fiber" experience, with hostile ONT in your home network the ISP uses to make your existence miserable.

Personally, DSL is fine for me. I am so used to low speeds (~20/2 Mbps) when I am in the village (since march due to COVID, working from home), I have started bonding [0] DSL and LTE for around 95/45 Mbps and that is fine for me.

So, I'd rather stay on tried-and-true, stable, low ping DSL, than muck around with DOCSIS and fear any rain or wind.

For GPON it depends on the ISP, but the technology does not dictate any remote management requirements except OMCI which is not concerned with "higher layer" configuration such as WiFi or router features.

[0] https://milankragujevic.com/openmptcprouter-true-bonding-of-...

[sidewndr46]

At least where I live, the key is to have a modem that does not support the latest DOCSIS standard the ISP claims to have supported. They basically never get the implementation of the latest thing correct, so you don't want to wind up using it. I have the option to bring my own modem, so I just get a cheaper and slightly older modem and use that.

The prevailing issue is the way the US regulates ISPs leading to a lack of competition, giving them little incentive to do anything other than raise prices on a regular basis. While I have at least talked to technical support people who understand the concept of a cable modem being supported or not, there is no one available you can talk to who understands signal levels, etc. The only diagnostic they can perform is "does speedtest show the advertised speeds".

There is still some sort of issue with the cable modem getting "stuck" in a bad state. I have a USB controlled relay that is used each morning to interrupt the DC power to the cable modem. This basically fixes it. I'm not awake when the modem resets so it is a non issue to me.

[milankragujevic]

Yes but the key is to have an ISP that [is forced to] allows you to get your own modem. Also most of the world is on DOCSIS 3.0, so any older than that is DOCSIS 2.0 which would be max 50 Mbps which is not ... nice, and that's DSL territory (VDSL2 does up to 100/30 Mbps).

Being able to use your own modem would fix a lot of problems I have with DOCSIS ISPs, but sadly there's no regulation for it. So yeah, you have to use theirs.

[pabs3]

I wish AON was more common than GPON, since with AON you can have your own CPE, while with GPON your CPE will get data from multiple customers, so you controlling it is a privacy risk.

[milankragujevic]

Yes, me too. But it's more expensive. And ISPs are so used to milking old infrastructure it's a miracle we're getting any fiber now that DOCSIS can do gigabit.

edit: funnily enough, DSL is similar to AON in that it's dedicated last mile

[pabs3]

I wish there were fully libre DSL routers.