Verizon/Qwest single end-user difficulty vs Xfinity

• Previous message (by thread): Verizon/Qwest single end-user difficulty vs Xfinity
• Next message (by thread): Spamhaus flags any IP announced by our ASN as a criminal network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Mar 18, 2023 at 12:52 PM Jeff Woolsey <jlw at jlw.com> wrote:

> Verizon 5G Internet Support is not at a high-enough pay grade to assess
> this problem...  So I'm turning to y'all.
>
> I'm trying to save $$$ and increase speed, using Verizon 5G Home
> Internet to replace XFinity, even though they gave me a faster modem a
> few weeks ago.  I run both of the modems in Bridge/Passthrough mode.
>

Uh...there's a pretty big difference between "Bridge" and "IP Passthrough";

I suspect you're actually running IP Passthrough, *not* bridge, and therein
may lie your problem.

In Bridge mode, the CPE acts as a layer 2 device, and by and large does not
get involved in layer 3 politics.

In IP Passthrough mode, the CPE is the layer 3 termination point for the IP
address; it looks at the five tuple to determine if the packet is one that
*it*
needs to accept (management traffic from the ISP to the CPE), in which case
it is handed to the CPE CPU to process locally; otherwise, the destination
MAC
is altered to the customer's router MAC address, and the frame is re-sent
out
the LAN side towards the customer's router.

Because the CPE is the initial termination point for the layer 3 connections
in IP Passthrough mode, you have two points of possible interaction:
1) you should make sure any and all firewall settings, content filters, and
ALGs are disabled on the CPE, as they will still block traffic from being
passed through
and
2) any port/protocol tuple on the CPE that is used for managing the device
from the ISP end *cannot* be passed through to the customer router, as it
will be intercepted and terminated on the CPE CPU locally.

So--if you've turned off every family filter option, every firewall rule,
and ALG, and you still can't reach that port,
I suspect you're trying to use a port that is one that the ISP uses for
managing their CPE devices, such as TCP 7547.
Try switching to a different port number, and see if your connection works
as expected.
For more exhaustively in-depth details of what 5-tuples your CPE in IP
Passthrough will ingest upstream of you,
I refer you to
https://www.broadband-forum.org/download/TR-069_Amendment-5.pdf
specificially sections 3.2.2 and Annex K, starting on page 185.

Best of luck!

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230319/7a26ceea/attachment.html>

• Previous message (by thread): Verizon/Qwest single end-user difficulty vs Xfinity
• Next message (by thread): Spamhaus flags any IP announced by our ASN as a criminal network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]