AT&T has replaced the ONT+gateway (communicating over RJ45) by a SFP directly integrated in the gateway. According to some people I've talked to, they are no longer issuing the old hardware, and instead deploying exclusively this. It may make sense, as upgrading would just require swapping the SFP.
I wonder how hard it would be to connect the Nokia 3fe4960ac SFP to a linux server and initiate a DHCP on their 802.11q vlan, or PPPoE, or whatever else they may use?
I am not with at&t but with a very large Canadian provider that provides the same setup (Bell).
Yes, you can do just that. You can also use a commercial firewall with an sfp port.
SFP ports can be a little troublesome. There are a few standards (SFP/SFP+) and different link speeds.
The you need to know your ISP's specific info to configure your hardware. Bell uses pppoe on VLAN 35. You need your username/password for pppoe, which is not a given since the technician will usually do the initial config for you.
Another option is to use a media converter. They are very cheap and "dumb" devices, that simply converts the fiber to copper ethernet. You then connect using just about any router that supports vlans and pppoe.
If you also get bundled TV or Phone subscription on your fiber link, these will be on another VLAN and connection is much more obscure. Usually the logic is embedded in the all-in-one router they provide.
Good suggestion and question. Another challenge for bring-your-own-ONT is making a clean fiber connection without expensive tools, but I would imagine that's also solvable.
My ONT has a standard single SC connector. The only custom splicework on the install is the run from the street to the service entrance. From there it's an off the shelf single mode SC-SC cable to the ONT.
Knowing little about the GPON protocol, what does the ONT actually contain to authenticate to the network? With some quick web research, it seems like it's a serial number and/or a static password Would it be possible to replace the ONT with a well documented model that you have flashed with the appropriate identifiers?
You might have to figure out how to take the ISP's provisioning profile and make your own device use those parameters? Then again if the ISP didn't want dodgy devices on their TDM network they should remove the motivation by deploying non-broken gear in the first place.
I tried connecting a Ubiquiti ONT to a Calix OLT once, but couldn't get any combination of settings to make it work. The OLT saw the ONT, but we couldn't get packets to flow. (This was a test network, so no permissions issues or passwords to guess or anything. Just couldn't make a usable profile for the device. I will admit that I really didn't know what I was doing, I just saw one of the ONTs floating around on a Friday afternoon and poked it a bit.)
Wat? If PPPoE is running on the router, then how is the ONT meddling with TCP connections? Is PPPoE being run on the ONT rather than the router? I guess PPPoE isn't encrypted and the ONT could be deencapsulating and reencapsulating frames, but that seems unlikely?
That's weird! I don't know much about PPPoE but I wonder if it would be possible to mess with the framing so that the specific DPI/modification wouldn't work. Like add some nonstandard options to the header, and hope the ONT used fixed offsets for getting addresses.
Given that ONTs probably aren't subject to too much hardware security research, maybe it would be possible to hook up a debugger and NOP out the connection tracking hooks.
I wonder how hard it would be to connect the Nokia 3fe4960ac SFP to a linux server and initiate a DHCP on their 802.11q vlan, or PPPoE, or whatever else they may use?