Get the top HN stories in your inbox every day.
pabs3
the_mitsuhiko
I think it's vital that you can run your own modem but I'm not convinced that it's a good idea to force a custom ONT. An ONT is about as dumb as it gets and it's entirely transparent on the stack.
The benefit with an ONT (or even DOCSIS dumb modem) managed by the ISP is that they can do fleet upgrades much quicker as they don't have to keep all old protocols running. For instance the GPON -> XGSPON upgrade that some ISPs are running right now (or DOCSIS 3 upgrade) really only works well if you can turn off the old protocol which requires swapping out all ONTs/DOCSIS modems.
If customers bring their own stuff then you're stuck with these things for much longer.
cillian64
In some places it sounds like the ONT is integrated with the router (like with DOCSIS), and being forced to use the ISP’s router is a problem.
But in cases where the ONT just looks like a media converter and you have a separate router I really can’t see any reason for the customer to provide their own ONT. Especially given PON is a shared medium so a misbehaving ONT can affect other customers.
Aaron2222
> But in cases where the ONT just looks like a media converter and you have a separate router
That's how it works in New Zealand, but we take it a step further. The GPON/XGS-PON fibre network is run by a separate company[0] from the ISPs (and the company running the fibre network is prohibited from providing internet services[1]). So the ONT just functions as a media converter[2], and all our ISPs deliver internet over the same fibre network. This decoupling between the fibre network provider and ISP means you can change ISPs without any swapping of ONTs or repatching of fibre[3][4] (in fact, the process can be entirely automated, switching to some ISPs can take effect within an hour or two of placing the order). That and most ISPs allow bringing your own router (as there's no monopoly in the ISP space).
[0]: The NZ Government contracted four companies to build, own, and run fibre networks (three being new companies co-owned by local lines companies and the government to serving their local area, with the rest of the country being served by Chorus, the company that owns the country's copper network). These fibre companies are heavily regulated (including how much they can charge ISPs).
[1]: In fact, this requirement resulted in Telecom (the company that owned our copper network and who was one of the companies that provided phone and internet service to consumers) being split up, with Chorus being spun off, owning the copper network and owning the fibre network for the majority of the country.
[2]: Chorus did start deploying ONTs with a built-in router/AP a while back. They did offer this to ISPs to use, but uptake was very low, so it's since been discontinued.
[3]: I don't know how it works over in European countries where ISPs run their own fibre networks when switching ISPs, I assume they have to either install their own fibre line into the premises or the existing fibre is repatched to their network?
[4]: The fibre companies are required to offer use of their fibre network directly to ISPs, with the ISPs PON network running in parallel to the fibre company's, with the ISP providing their own fibre splitters and ONTs (which would be run on a second fibre line that each premises already has) and running their own OLTs. I believe this requirement still exists, but no-one ever took them up on it.
the_mitsuhiko
> In some places it sounds like the ONT is integrated with the router (like with DOCSIS), and being forced to use the ISP’s router is a problem.
I agree, and that is a problem. The rules and regulations are different in different countries. In Austria for instance the ISP can force you to use a specific DOCSIS modem or ONT but they have to provide you with a transparent way to connect to it (bridge mode etc.). Which from where I'm standing is a good tradeoff because it gives the ISP the flexibility to do mass migrations without having to consider very old deployed infrastructure.
With PON I think it doesn't matter all _that_ much but for instance people running ancient DOCSIS modems and limited frequency availability has been a massive pain for people stuck with DOCSIS infrastructure that want more upstream and can't.
bobmcnamara
I replaced my Google fiber ONT by cloning the network parameters into a cheap SFP one because the Google supplied one only supports gigabit Ethernet but uses 2.5/1.25gbit optics. The upgrade reduced latency a small, but measurable amount, and improved my NTP jitter.
jeroenhd
In theory the ONT can act like a listening device. They're also often Linux or BSD devices that can get hacked.
If you're paranoid, you may want to run an ONT that you control, just in case. I doubt it's something that matters to a lot of people, but even if it only matters to some, it shouldn't be made impossible for those that want to.
RE: misbehaving hardware: the same is very much true for cable internet and there are plenty of countries where people hook up their own modem without any trouble. If someone wanted to mess with the fiber network they could just disconnect the ONT and shine a laser pointer down there. All off-the-shelf devices are built to just work and follow the necessary standards, because there's nothing to be gained by messing with the PON network like that.
cmsj
Definitely agree. The smart place to demarcate the connection is the point at which a device does DHCP/SLAAC to get whatever IPs the ISP assigns the customer.
woodrowbarlow
as long as the ISP isn't charging a rental fee for the ONT.
pbasista
> If customers bring their own stuff then you're stuck
Why? There is nothing preventing an ISP from saying that from date X, only protocols A, B and C are supported. If you want to use your own device, make sure it supports these protocols.
In other words, the requirement to allow customers to use their own devices does not mean that they can choose all available protocols. The allowed protocols can still be controlled by the ISPs.
naming_the_user
You are at the end of the day still running a business.
It's like saying that Spotify could suddenly decide to retire support for Android 12 or something. They could, but how many customers are they going to lose and how much support burden is that going to generate?
thefz
> Why? There is nothing preventing an ISP from saying that from date X, only protocols A, B and C are supported. If you want to use your own device, make sure it supports these protocols.
A lot of overhead for ISP support in those cases in which a customer knows they can buy any router with any ONT, plugs it and forgets it without zero knowledge of what a protocol even is.
appendix-rock
Hahahaha! Have you ever done any customer support!? This is not how it works.
neelc
When I had CenturyLink, I replaced the ONT via a JTAG cable on the new ONT. The stock CL ONT (Calix 716GE-I R2) had a 16384 connection limit, which prevented me from running high-bandwidth Tor relays. The new ONT (Calix 803G) did not.
Calix for some reason makes it easy to clone some models.
I have a post on this: https://www.neelc.org/posts/clone-calix-ont/
Now I'm in NYC with Verizon Fios where I don't need a cloned ONT. Woo! The Verizon ONT is big and has a huge power brick, presumably because of RFoG alongside GPON.
ImSorryButWho
That's very cool, but just to point out: that's not JTAG, it's serial (UART).
JTAG is a much lower level protocol, typically used for hardware or low-level software debugging. Serial/UART gives you a command-line interface to the software that's running.
Using a JTAG interface is a lot more complicated. If you're interested in playing with it, check out OpenOCD.
muppetman
How is the ONT, a Layer2/Ethernet device, involved in L3 sessions? Was it also the default gateway/router all rolled up into one?
bauruine
Consumer routers are all extremely limited when it comes to many connections. Even an Ubiquiti UDM Pro only allows 65536 by default.
NoMoreNicksLeft
If ISPS weren't cheapskate assholes, then they'd offer the ONT SFP module, so I didn't have some shitty plastic doodad hanging from my router because there's no place to put a mounting bracket for it and get it in the panel. I'm sure you'll tell me why the black bakelight rotary telephones were the only telephones I really needed, and I was just making trouble for little ole AT&T when I wanted something more.
teeray
That’s all great and wonderful, but I shouldn’t have to pay to rent a device that really only benefits the ISP. I would rather have a slick ONU SFP+ module in my router, than yet another plastic block on my telecom panel I need to find space and power for. “This makes our network easier to manage” AND “we make extra money doing this” is double-dipping.
bcrl
You can actually run GPON and XGSPON simultaneously over the same PON segment as they use different wavelengths of light, so there is no reason to rip out all the GPON nodes at the same time. This allows deferring the truck roll and ONT costs until the customer upgrades to higher speeds.
With DOCSIS there is much more pressure to upgrade all CPE as any given chunk of RF spectrum can only run one version of DOCSIS. One 6MHz channel of RF spectrum on coax has a puny amount of bandwidth compared to a single lambda on fibre.
zokier
> I think it's vital that you can run your own modem but I'm not convinced that it's a good idea to force a custom ONT.
Did you mean "router" instead of "modem" here?
xattt
I’m counting myself lucky dealing with Bell Aliant who issue a router with an SFP stick. I’ve pulled it and stuck it into an Edgerouter X SFP. They do split their IPTV, VoIP and Internet networks onto various VLANs, but that’s about it. No weird authentication hacks like PPPoE either.
Just MAC authentication and go..
vlabakje90
Mandatory in the Netherlands, since last year.
t0mas88
And as a result for example KPN (one of the largest fiber ISPs) has a document to tell you what to connect and with which specs: https://assets.ctfassets.net/zuadwp3l2xby/2Yp0HtLJPKBUX5mqr3...
Some years ago there was only unofficial documentation even on the parts behind the ONT, like which VLAN carries internet and which one is IPTV etc. Now it's all officially documented and you can run your own modem, router and firewall if you want.
I've left their ONT in place and plugged it directly into a Linux box that does the rest. Gives me more flexibility on things like IPv6 and easier to host local services without port forwarding through their modem.
the_mitsuhiko
Do you know how this works contract wise? When you get network are you guaranteed that GPON will work or can they refuse service after a certain point in time and force you to upgrade to XGS-PON (or some other standard)?
vrytired
Google translated to English: https://static.r2kba.net/file/Sharex--Uploads/ShareX/2024/09...
undefined
Kipters
This has been the case in Italy since 2018, but I'm OK with ISP-provided ONTs to be honest, as long as I can use my own router.
The problem here is that the ISP will try to avoid giving any kind of support (even when the problem is on _their_ side) if you opt into BYOD.
RicoElectrico
Yeah, I'd love this. My HALNY ONT doesn't support hairpin NAT which complicates accessing stuff exposed outside from home.
microtonal
This can be a good stopgap, but the solution is to lobby for a law that mandates free ONT/modem/router choice.
We have such legislation in NL and the ISP is required to make it possible to use your own equipment.
Coincidentally, I had my ISP register my Fritz!Box Fiber 5590 as my ONT yesterday, so I have it directly hooked up to XGS-PON with their SFP+ module (no more Genexis ONT \o/).
tootie
Why? Is there an advantage to using your own ONT? Is it just a personal freedom thing or are there features you can unlock?
kuschku
> Is there an advantage to using your own ONT
Some customers might want a dedicated ONT, some might want an SFP+ module, some might want one integrated into their router.
Some ISPs only allow registering one ONT per account and don't allow changing ONT serial. With your own ONT you can have a hot spare available if one fails.
Some ISPs restrict access to ONT information, with your own ONT you can log connection quality data into grafana and setup alerts.
The ONT is directly accessible from the ISP's network, some ISPs haven't provided updates for their ONTs since 2016. With your own ONT, you can ensure you're always patched and secure.
aidenn0
I'm not on PON, but on DOCSIS cable, the advantage to using my own modem is:
1. When it breaks, I don't have to wait for weeks for the cable company to send someone to replace it. I just keep a spare on my shelf and can be back up in minutes.
2. Cost: buying my own pays for itself in 6 months.
3. Disintegration: This is more recent, but I've heard from neighbors that the cable company lately doesn't want to rent a modem, only an integrated WAP/router/modem.
matja
Does your ISP require you to register the MAC address of the HFC interface of your spare modem?
microtonal
Sorry for the late reply, but very often the provider equipment is not great. E.g. with my provider it's kinda random if you get a Genexis or Nokia ONT and people have a lot of issues with Genexis ONTs. I think it is because with the relatively low subscription fees, a more expensive ONT eats out of their fees. In fact, our ISP uses the same FRITZ!Box 5590 that I use for business customers.
There may also be a latency benefit of using a device that is an ONT/modem/router in one. It's one ethernet hop less, but I haven't measured.
tl;dr: when you use your own ONT, you have a choice of picking a known-reliable option.
sulandor
> I had my ISP register my Fritz!Box Fiber 5590 as my ONT yesterday
what did registration entail and how long did it take?
microtonal
There is a self-service form where they call you back to confirm. However, they had issues with entering my ONT's ID in the system.
I am also subscribed to extra support. It's 5 Euro per month extra, but you skip all the queues and get directly connected to someone who knows all the technical stuff. With them it's basically giving them your ONT ID over the phone and they immediately set it for you (and they stay on the line until it's confirmed on both sides that it works). I will just call them again after the FRITZ!Box 5690 XGS comes out.
t0mas88
Also NL here, my provider has a self service online form for it. Takes only a few minutes.
avhception
Funny, I just got my own GPON-capable SFP (a Zyxel pmg3000-d20b) last week.
Finally got a fiber connection from Deutsche Telekom 2 months ago, after almost 5 years of waiting and a huge amount of fear and loathing. At one point, they threatened to cancel my order, claiming a certain subcontractor was unable to reach me. Of course that subcontractor had already done it's job months ago at that point. And this is just one of the many, many shenanigans that went on during those years.
At the moment, I'm using a Fritz!Box 5530 Fiber directly hooked up to the fiber with the AVM-supplied GPON interface. But I'm planning for the Zyxel SFP to go directly into my homelab server and route from there :)
kuschku
Make sure to check which firmware version the module you got is using.
The module I ordered last year still uses an old firmware from 2020 which has telnet access available.
The module I ordered a few weeks ago uses a new firmware with no telnet access, which also means no way to set the serial number anymore.
I haven't yet checked whether it's still possible to access the interface via uart.
sschueller
I am so glad that here in Switzerland the government went after the large ISP that tried to install only P2MP instead of the decided on standard of P2P for fiber.
misterdata
In my neighborhood (Netherlands) it appears the fiber network is physically point-to-point (subscriber to ODF), but is operated as XGS-GPON (so all subscribers see the same light signal so to say, but each over their own ptp fiber from the ODF). So point-multipoint only at the active layer.
I was told that this is because the company who is rolling out the fiber wants to make the network as attractive as possible to ISP’s who want to offer services over it (and wants them to compete) which may be more difficult in an actual physical point-multipoint network (which requires PON). The ISP currently likes PON more than AON (basically Ethernet over fiber to a switch) because the equipment is cheaper. In theory I should be able to switch to an ISP who offers AON or its own PON (they’d only have to physically patch my fiber in a different port at the ODF).
the_mitsuhiko
Even in Switzerland there were attempts of not building out AON. Swisscom was hoping they can get away with just having XGS-PON all the way to the customer and the other ISPs were also in favor of that (other than init7 which does not actually lay any fiber). The cost of P2P is pretty significant.
sschueller
~CHF 65 more per connection is the cost difference that was calculated. For a de-facto future proof connection that should be considered insignificant.
Swisscom pissed away millions of tax payer money after the government ordered an injunction to stop building out on the P2MP network. All they did was continue but just not connect those lines hoping they would win the court cause.
ezekielmudd
It is my understanding that ISPs have management software that watches all the ONT activities. They will mark a rogue ONT as an “alien” and blacklist it.
1oooqooq
not to mention that its probably jail time in the USA if they want to go after you. All they have to do is to show a judge that you "hacked" their device with some hacker "jtags" to extract the very well protected passwords.
greyface-
People have in fact done prison time for "uncapping" DOCSIS CPE (although I believe only in situations where they were making a commercial operation out of it). I love seeing sites like this, but if I were involved, I'd tread lightly around commercialization, advertising, taking donations, etc.
https://www.justice.gov/opa/pr/oregon-man-sentenced-boston-3...
https://arstechnica.com/tech-policy/2010/01/hacking-cable-mo...
thayne
I assume that is why they have a page full of disclaimers before you get to any content.
sulandor
jailtime for a mouthful of internet is somewhat of a stretch
jesprenj
Where I live, you can replace an ONT easily. GPON in my small country is only secured with the ONT serial number and a static well known password.
From a security perspective, that's perfectly fine. No one is going to hack their own neighbours or dig out fibre cables. From a usability and freedom of hardware choice, that's even better -- SN is written on the ONT and can be easily input into another ONT, unlike passwords and encryption keys that are largely unnecessary and only complicate things, providing little security because no one will hack GPON infrastructure.
You run into problems, however, if you are subscribed to telephony. It's possible that the ONT will handle VoIP for you and provide you just with a RJ11 jack. In that case, you can't easily swap your ONT. But for IPTV and Internet, it works out of the box.
edude03
I’m a bell customer in Canada and it used to be the case that the ISP provided modem had a CPU too slow to run PPPoE at a gigabit despite the ISP selling plans up to 1.5gb/s (it could only do 600mb/s or something but don’t quote me). That model has a sfp ont and so you could swap it into something else with no hacking but now you can only get the model with the ont built it. The new model is better hardware wise but just as bad software wise so it feels like a step back in practice.
I think selling users SFP ONTs is probably the right balance of ISP control vs allowing customer freedom
bigfatfrock
I can only pray this births a ddwrt equivalent for fiber ONTs.
I’m caretaking for my parents who are on ATT fiber with their giant scary black box ONT, and am consistently paranoid of what it is attempting or is doing on their network. This would be a great way to gain more transparency in its operation and possibly open useful features.
somat
The ont should not be on their network.
The normal state of affairs is
demarcation point
isp network | your network
---[fiber]---(ont)===[copper]===(router)===(wifi ap)
Demarcation point
? ? ?
---[fiber]---(ont/router/ap)***[2.4GHz]***the_mitsuhiko
> with their giant scary black box ONT, and am consistently paranoid of what it is attempting or is doing on their network
But is this different from network equipment deployed somewhere, where you don't see it? There are AON networks that are just a PON behind the scenes but you don't see that.
justahuman74
Being forced to used an ISPs fiber router can be frustrating, I hope we can get regulations to force BYO
CharlesW
Are some ONTs routers? Mine (Calix GigaPoint GP1100X) is not.
appendix-rock
I’m pretty sure that 95% of the positive responses to this thread are people that are conflating the two, and 4% are people overstating the utter importance of running your own ONT, conflating “it sounds fun for a select few mega-nerds and we should regulate for that” with “meaningful consumer choice”.
jeroenhd
Yes. Several ISPs I've used sent out routers with integrated fiber connectors, no separate ONT. Their routers weren't terrible enough for me to want to replace them immediately, but not everybody gets a ONT+router combo from their ISP.
I think it's often more a "router with ONT built in" rather than an "ONT with router built in".
bayindirh
My ISP called me a while back and told me that they're decommissioning all copper infra, so it'd be better if I switch to fiber. I said OK.
They brought in a Nokia GPON ONT, and a new Zyxel router. I protested against the router, and I was ready to bypass it with bridge mode (whiich it allows), but with a reliable, powerful, and flexible WiFi6 router with better coverage than my WiFi5 one won over me, and I left it in service.
The thing is a beast with 4 different SSIDs plus a guest network, full gigabit ports and reliable operation. Plus it terminates my POTS line, too. It can handle the full 1000/50 mbps network without even getting warm, either.
So all in all, it's not a bad device overall, and I'm a happy camper.
WarOnPrivacy
> It can handle the full 1000/50 mbps network
Your fiber is asymmetrical (not 1g/1g) - like low-latency cable?
packetlost
GPON is the most commonly deployed FTTH technology and is not symmetric, though it should be much closer than a 20:1 down:up ratio, much closer to 2:1 IME.
bayindirh
Actually, the hardware symmetric capable, but they don't provide symmetric service (yet?).
I think the two reasons are market segmentation and preventing people from running services from their homes. 50mbps is enough uplink for what I do, and I don't care about providing services or self-hosting from home.
I have enough experience to run my services somewhere else on an isolated network and absorb the mayhem outside my home network.
undefined
daveoc64
I have an XGS-PON ONT at home (an Adtran SDX 622v) to support the symmetric 8Gbps connection I have, but it's so basic that I can't really see what benefit there would be to replacing it or hacking it.
It just works, and I can plug my own router in to it.
peter_d_sherman
The future needs at least one completely Open Source, Open Hardware ONT... ideally several...
A Google search at this point in time seems to fail to locate even one...
The next best thing (a step in that direction) might be open source firmware for existing proprietary ONT's, for which I found the following links for people who are apparently attempting getting something like that working:
"Has anyone tried making custom firmware for your ONT?":
https://broadband.forum/threads/has-anyone-tried-making-cust...
"Build for Nokia G-2425G-A":
https://forum.openwrt.org/t/build-for-nokia-g-2425g-a/106936
Anyway, the future needs a completely Open Source, Open Hardware ONT...
Get the top HN stories in your inbox every day.
BTW: in the EU there is movement towards mandating ISPs allow BYOD, including fibre ONTs.
https://fsfe.org/activities/routers/