AT&T 20 gig fiber to homes

[coxhaus]

I am not sure what we will use for routers.

AT&T Is Working on 20-Gigabit Fiber to Homes, Could Launch Next Year - CNET

I am not sure we have fast enough CPUs for routers. Maybe we will have to switch the traffic and then run it through an IDS/IPS firewall for scanning. There needs to be NAT in there somewhere. Maybe 3 devices.

That is 40 gig full duplex.

Maybe we could create a router NAT with no scanning then run a separate firewall for IDS/IPS scanning.

 

[L&LD]

20Gbps symmetrical isn't 40Gbps full duplex.

Myself, I'm happy to see this being pursued. That means that real routers with beefy hardware specs will be available soon enough.

 

[coxhaus]

This is what I read "In a demo done between two of its Austin offices, AT&T was able to show off download and upload speeds over 20Gbps"
To me if you process both inbound and outbound traffic at the same time then it seems like a total of 40 Gbps is being processed.

Any way it will take some serious hardware.
AT&T is offering 5 gig right now around me. I am 25 miles from the center of Austin Texas. My problem is AT&T fiber is about a mile from my house.

 

[L&LD]

40 Gbps may be processed, but a network isn't a one-way stream. It's only a 20 Gbps full-duplex connection.

 

[coxhaus]

You are right. And a lot of firewalls don't process outbound traffic.

I wonder if we start seeing these higher speed internet fiber connections like 5, 10, 15 and 20 gig that maybe it will kill 2.5 gig hardware before it really gets started.

 

[Tech Junky]

it will kill 2.5 gig hardware before it really gets started

No, the price tag for 20GE device will scare normal consumers.

Moving to SMB class devices will be required or DIY. 3GE service with Comcast is $300/mo. They provide the terminal to terminate the fiber.

This sort of thing isn't meant for cheap consumers running off the shelf routers w/ WIFI. Eventually in 10 years there might be something you can walk into Best Buy and purchase a router that's capable. And for the FW thing.. I did walk into a client site where they were using a ASA/PIX for the "router" so, it's possible to do stupid stuff and have it work.

If you want line speed through a FW though it's going to make you take out a mortgage to pay for it. This is where going DIY makes more sense as you can get line speed w/o the Cisco TAX. Prepackaged devices aren't always the best option when securing a network. They are for support staff that aren't smart enough to think outside the box and configure anything else.

I could take my existing DIY setup and throw a dual 10GE NIC into it and bond the two IF's together and be up and running in ~2 minutes on 20GE fiber. Or investing in a SFP+ NIC ($150) and then SFP's for it ($100) and run a single fiber into the box. Something on the consumer level though I envision costing at least 5-10X that without WIFI and 20X for a built in AP. It just gets stupid pricing for consumers.

Getting up to 100GE though would be more complicated SR $100 / LR $400 for the QSFP. The heat those would be putting off though would likely require a dedicated fan on them. The NIC would be another $500. Getting into these prices for a home based internet solution surely will keep your average person from diving into this tier of service.

 

[Clark Griswald]

connections like 5, 10, 15 and 20 gig that maybe it will kill 2.5 gig hardware before it really gets started.

My 2.5Gbe Quest
I was starting on what is clearly the bottom step of the speed ladder, and now looking at upgrading my LAN to 10Gbe.

 

[L&LD]

I too believe that for consumer hardware, 10GbE will be the next 'standard', above the current 2.5GbE offers.

It's about time too, only 20 years after it was introduced!

 

[Justinh]

And all the while, 200Mbps is more than enough for more households.

 

[L&LD]

Anything over ~30Mbps, fully symmetrical, on a Fibre connection, is 'enough' to use almost any online service(s) effectively 'enough'.

What 1Gbps (or faster) connections offer is the ability to multitask online, at the connected server's speed as if you were only doing that one thing (but you're actually connected to 8 or more).

I do not know a single person that has moved back from a faster connection back to a slower one. The online experience increase is that obvious. Particularly when paired with a router (i.e. RT-AX86U) that allows your network to take advantage of the distinctions a faster connection offers.

 

[Tech Junky]

I do not know a single person that has moved back from a faster connection back to a slower one.

You do now. I switched from Comcast to TMHI and that's a slow down in speed but, a gain in no data cap. Plus the bill is 50% of what it was with CC. While having the prestigious 1gig plan was nice the upload being capped at 40mbps and the potential for overages @ $10/50GB or paying the unlimited tax of $50/mo. I hit the 1.2TB one time and just hammered them for almost 3TB in protest of the data cap that month.

I find moving to TMHI though not to be that big of an impact on day to day use. My downloads still hit good speeds around the same as w/ CC. I mean sure NVIDIA / Intel drivers for the GPU won't be hitting 800mbps but, skipping those revisions monthly to prevent issues makes more sense anyway. Nothing you're currently doing really needs gig speeds unless you're doing medical imaging or something where those files are 500GB in size.

TMHI is an interesting little can of worms though. My highest speeds have been 400/100 and daytime usually sit at 200/70 with some middle of the night usually 300/85. I ripped the box apart and have been trying different antenna setups seeing what potential I can unlock since the modem can do 2.5gbps / 300mbps with the right configuration. My phone on the same tower can hit 600/100 so, I know the bandwidth is there. The issue seems to be more about the bands the box is connecting to but, with some further hacking of the HW I should be able to direct it a bit more to get those higher speeds and possibly more. Just have to find the secret sauce with the right mixture of the ingredients.

I mean I do have a cell site on the roof of my building after all and know where the equipment is located in the building as well.

 

[coxhaus]

I could take my existing DIY setup and throw a dual 10GE NIC into it and bond the two IF's together and be up and running in ~2 minutes on 20GE fiber. Or investing in a SFP+ NIC ($150) and then SFP's for it ($100) and run a single fiber into the box. Something on the consumer level though I envision costing at least 5-10X that without WIFI and 20X for a built in AP. It just gets stupid pricing for consumers.

I am not sure there is enough PCI bus in an average PC to process 40 gig of data. Plus the processor. Maybe multi-processors with some kind of high end server. So in your setup do you run IDS/IPS or do you just run a big NAT?

I am slow today as I had BBQ and Margaritas last night. I will start with this.

 

[Tech Junky]

So,
PCI3 x4 and above
PCI4 x2 and above
PCI5 x1 and above

Those are pretty attainable.

 

[coxhaus]

I think we crossed posts. Do you run IDS/IPS or just NAT. What package do you run for IDS/IPS?


I misread this. I am with you now on PCI 5.0. I don't own any PCI 5.0 so I have not kept up.

 

[Tech Junky]

I run NAT and for fw iptables. When you break into Cisco beyond the fancy GUI it's just running Linux. All of the GUI crap is just macros to implement rules based on your goals. I've broken my fair share of ids/ips boxes and recovered them from scratch. They're nothing special. Once you get under the hood they're just micro PC with ASICs. And the hefty fees for licensing. The benefits for Businesses is the short replacement time and standardized implementation but beyond that they're just another PC. I've been hands on with CRS down to the cheapest gear they offer for Soho use.

 

[zorinlynx]

My very strong suspicion is that they're doing this for marketing reasons more than anything else. Very few people have home networks that can push over 1Gbps, much less 2.5 or even 10. If they can say they're providing 20Gbps, it gives a (probably false) impression that the network is robust and will be able to handle more traffic than before. Frankly if they're distributing RGs that can do 20gbps I think they're wasting their money on the most advanced PHYs required if pretty much no one will be able to take advantage of it.

I currently have a 1200/35 connection from Comcast, and I don't even bother upgrading components to use that extra 200mbps above gigabit. It's just not a noticeable difference and not worth the expense. But Comcast can advertise a bigger number and people will go for it.

The only reason I even have that plan instead of the 900/20 is because of that extra 15mbps upload which is important for me. I wish AT&T had fiber in my area.

 

[coxhaus]

I run NAT and for fw iptables. When you break into Cisco beyond the fancy GUI it's just running Linux. All of the GUI crap is just macros to implement rules based on your goals. I've broken my fair share of ids/ips boxes and recovered them from scratch. They're nothing special. Once you get under the hood they're just micro PC with ASICs. And the hefty fees for licensing. The benefits for Businesses is the short replacement time and standardized implementation but beyond that they're just another PC. I've been hands on with CRS down to the cheapest gear they offer for Soho use.

NAT is very limited compared to IDS/IPS. This is why all medium and large businesses run at least IDS. I am sure there are a lot with IPS but I am getting out of date. With homes people run with less and hope for the best as IDS/IPS takes a lot of support. The only 2 systems I have run that don't require a lot of support is Untangle and Cisco PIX with PIX being more of an inbound and outbound traffic processor. The PIX was at its top back 20 years ago so it is outdated and I have not run the latest but I believe the Cisco FTD using ASM code to be very close to the old PIX.

If you look at real Cisco enterprise it is all command line no GUI. Only Cisco small business has GUI and wizards that I know about.

I should add IDS/IPS takes more a lot more CPU power than running just NAT.

So I still stand by my statement processing 40 gig of a data in a 2 way stream non-stop is going to be difficult.

 

[Tech Junky]

GUI or CLI on Cisco still does the same thing. We're beating a dead horse here again. It doesn't matter because it's still the same crap. You can use ASDM on any security device Cisco offers. Just need to DL and put it on the flash to run it.

Enterprise vs SP is also a big difference in the types of equipment being deployed. I've run DC equipment SP equipment SMB equipment.... It's all the same just different price points. If you've touched one Cisco you've touched them all. Physically they're all different in size and capabilities but, they all run the same.

IDS/IPS is all marketing in my book. If you properly configure your rules you don't need either of them nor benefit from the bottlenecks they create. If you're worried about the crap they might alert you about then your IT policies are lacking on the prevention in the first place and you didn't lock things down properly to prevent users from introducing things to the network.

When you properly segregate the networks from each other so they can't cross communicate with each other directly it's not an issue.

40GE is nothing when it's actually 20x20. When you're used to running 100GE 100x100 and the transceiver alone is the size of the phone in your pocket you have something to worry about.

 

[L&LD]

@Tech Junky, 400/100 Mbps speeds Trump 1000/40 Mbps speeds any day, all day.

Still don't know anyone who has experienced fully symmetrical faster speeds drop to a lower tier.

 

[Tech Junky]

@L&LD There's plenty of reasons but, symmetrical speeds are the envy of some. Cable HFC connections are working on FDX though. How long before it happens though is questionable. 5G on the cellular side won't do it but, 7G might. It depends on the 3GPP,

The only complaint I have so far is the monitoring API for the gateway crashes when using a monitor app that polls it continuously and requires a reboot to bring it back. Also, it's locked down foe advanced configurations but, works fine with your own "router" behind even though it's technically a triple NAT with CGNAT / NAT / NAT. Maybe I don't see issues because of WG running to a public IP on the VPN provider side.

Since I'm under the cell site the signals may not be the best since they work better from a distance vs reflecting back to me. Internal antennas vs external seem to mostly not make a difference due to this. Though the highest speed was obtained using external antennas.

 ./SpeedTest
SpeedTest++ version 1.14
Speedtest.net command line interface
Info: https://github.com/taganaka/SpeedTest
Author: Francesco Laurita <francesco.laurita@gmail.com>

IP: 185.247.70.5 ( M247 Ltd ) Location: [32.7889, -96.8021]
Finding fastest server... 10 Servers online
..........
Server: Dallas, TX dallas1.cabospeed.com:8080 by Sparklight (1.45143 km from you): 25 ms
Ping: 25 ms.
Jitter: 1 ms.
Determine line type (2) ........................
Fiber / Lan line type detected: profile selected fiber

Testing download speed (32) ..........................................................................................................................................
Download: 434.55 Mbit/s
Testing upload speed (12) ...............................................................................................................
Upload: 92.08 Mbit/s