Do I know anyone who works at OptiComm? After mercifully completing the saga of trying to get working internet in my apartment, I'd now like to investigate my options (if any) of replacing my Huawei ONT (https://aus.social/@mattcen/111158535966634838) with something not from Huawei.
What's the likelihood that there's anything significantly sinister about the ONT, just by virtue of its brand name? Probably pretty low, but I just really don't trust it, but replacing it would involve getting one from a wholesale supplier (at my own expense of probably ~$400; can't know for sure because every site wants me to request a quote) and then liaising with OptiComm (which usually should do via my ISP) to reconfigure everything.
I'm just evaluating options at this stage, but knowing whether I have a contact within OptiComm who I can bounce ideas off may help.
I'll also accept thoughtful feedback on whether I'm being overly paranoid about the trustworthiness of the Huawei box.
@mattcen if you are able to connect a Linux box as directly as possible to the ONT (temporarily!), the output of ndisc6 and rdisc6 might be interesting.
@voltagex It's really not, unfortunately. (But I also don't properly know how to drive those tools, so 🤷 )
Also disappointed (though not entirely surprised) that OpenWRT doesn't have those packaged, or this reply would've come much sooner!
@jpm Now you see, this is why I'm so frustrated! I had to go look up what those acronyms were because I haven't had the opportunity to properly play with IPv6 because I keep hitting insufficient hardware or network support! 😭
(Thanks for the input though! 😊)
@mattcen@jpm Huawei ONTs do IPv6 just fine. I support Huawei GPON networks for another carrier in Australia. Regardless it really should not make any difference since it should be setup as a layer 2 device with your RSP (or your BYO) router behind it. IPv6 support is the responsibility of your RSP, not Opticomm.
@haakon@mattcen the quirk of OptiComm is they are more of a wannabe cable tv company, which is why I immediately suspected multicast issues (likely multicast dropping on subscriber-facing network ports so nobody can steal TV)
@jpm@haakon What's particularly confusing to me is how this ONT is set up. Like, it looks like a router, and has Wifi and 4 LAN ports, but the Wifi (once I'm connected to it) routes nowhere except direct to the ONT, and only plugging into LAN1 gives me a public IP. I can however access the ONT's web interface, but most of the config in there seems to be focussed on using it as a router, rather than just for bridging fiber and Ethernet.
It's quite weird.
@mattcen@jpm by default it is a router. However you can push layer2 bridges to it, via OMCI or TR-069.
In the networks I manage we pull one of the LAN ports away from the router side and map it to a common vlan for the building intercom system. We also have to change default multicast behaviour to transparent on the GPON side of the network. By default it will drop “unknown multicast” as a security measure.
A wholesale service is somewhat similar, but you should have a separate vlan per service.
@mattcen@jpm probably a firmware issue around option 128 injection. NBN used to have issues with it until they did a firmware update on their ONTs. Would not surprise me if DHCP-PD worked fine if it was pppoe encapsulation on the WAN side
@mattcen I would be shocked if Opticomm let you do this. Also, it's highly likely the OLT at the other end of the fibre is Huawei, as well as who knows how much of the rest of their network.
As long as you're using secure protocols I wouldn't worry any more about that NTU than I would about any of the equipment between you and the destination network, made and owned by god knows who 🤷♀️
@mattcen FWIW our TPG Enterprise fibre connection at work has a Huawei switch as a handoff. Clearly they don't think it's a problem. I just consider any network hardware compromised by at least one state actor.
Add comment