Aquiss

[Rainmaker]

I searched for 'the' Aquiss thread on here, and realised there wasn't one. We have a thread for most of the providers, so I'm starting this rather than tag onto the main BT/FTTP thread. I ordered 'Family Pure Fibre 1000' with a /29 IPv4 and a /58 IPv6 last Friday. The MD (Martin) has been very responsive and helpful, I can't fault them so far. Openreach called today to drop fibre from the pole to the front of the property. The chap was excellent, and did a really nice job negotiating a badly placed soil pipe and some other obstacles, hiding the drop across the street name sign and down behind a drain pipe, so it's virtually invisible. Top marks.

The fibre isn't actually lit atm. Openreach previously said a node is being repaired/completed further along in the area, and it'll be finished by tomorrow or the day after. Then the fibre will be lit, and we'll get a formal install date in the next couple of days. Can't wait. I'm planning to get a RackyRax 12u wall mounted cabinet, PDU, patch panel and shelf installed this week so I can finally tidy up what became, but was never intended to be, the 'network corner'.

            _______________
            | RUCKUS R710 |
            | WALL MOUNT  |
            |   WIFI AP   |
            |_____________|
                   ||
                   ||
.__________________||___________________.
|            RAS PI 3B+ (DNS)           |
|       RADXA ROCK 5B (DNS & DHCP)      |
|   SYNOLOGY DS218+ 40TB (*arr stack)   |
|     BEELINK SER 5 (PROXMOX HOST):     |
|     - ROCKY LINUX LXC: Docker stuff   |
|     - OPENBSD VM: httpd/reverse proxy |
|-------------- 1u SHELF ---------------|
|        x86 ROUTER (VyOS/OpenWRT)      |
|              PATCH PANEL              |
|        NETGEAR PROSAFE L3 SWITCH      |
|                  - -                  |
|                 P D U                 |
[_______________________________________]

I was debating replacing the venerable x86 router (Pentium G4560, 8GB DDR4, 512GB m.2 SSD, VyOS) with either a GL.INET Flint 2 (faster than an MP to the expenses office, uglier than Boris Johnson making a baby, non-rackable), or the Q4 2023 released TP-Link ER8411 10Gbe (fast, unobtrusive looks, rackable). As it turns out though, the IPv6 ACL and firewall is lacking in the TP-Link, which is typical of them in new releases. Maybe in a couple of years when it loses £100 and gains some maturity! There's also the possibility of a nice little Beelink EQ12 (N100 based mini-PC with 8GB DDR5, 256GB NVMe, dual I225-V3 2.5Gbe NICs). I foresee Openreach matching VM in the next year or two on at least the 2Gb front, so it'd make sense to get something along these lines now while I'm having a shuffle around.

I found Aquiss' WhatsApp channel a handy place for 'breaking news', core router upgrade info, emergency works etc. Join if you haven't already (it'd probably help if you're a customer, though ). So, Aquiss customers assemble!

 

[Rainmaker]

going live on wednesday as long as everything goes to plan, thanks for creating this thread will definitely be useful.
will also be on the fibre 1000 plan

Would you mind posting up a bbc.co.uk traceroute and a few pings when you get it installed? What router are you using?

 

[Rainmaker]

Been with Aquiss for a year this month, it's been brilliant not a single disconnect. Transfer many TB's of data each month without a hitch.

thanks for the Whatsapp group link, didn't know that existed.

I'm just running OPNsense on a Dell 5050 SFF unit under Proxmox.

Seeing that I am connected:
...

Nice! Here's VM for comparison, though tbf (1) it's 1.20am now and (2) I do have QoS (fq_codel) active to combat bloat. VyOS is CLI based and it's a whole 'thing' to disable QoS (delete a dozen lines of config one-by-one, test, re-add the lines, commit changes, save...). At peak time, basically 4pm until gone midnight, those same pings are into the 30ms range and above, with spikes to triple figures(!). Even so, compared to fibre they're still poor and especially the jitter - again, considering QoS is active as well. Those should be as tight as a proverbial.

traceroute to bbc.co.uk (151.101.64.81), 30 hops max, 60 byte packets
 1  _gateway (10.100.0.1)  0.134 ms  0.092 ms  0.090 ms
 2  10.53.35.5 (10.53.35.5)  11.211 ms  11.172 ms  11.125 ms
 3  pres-core-2b-ae55-650.network.virginmedia.net (213.104.74.153)  11.987 ms  11.964 ms  11.940 ms
 4  * * *
 5  tcma5-ic-1-ae0-0.network.virginmedia.net (62.253.174.181)  12.789 ms  13.757 ms  15.992 ms
 6  * * *
... timeout.

Pings:

--- bbc.co.uk ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 10713ms
rtt min/avg/max/mdev = 7.266/12.697/18.857/1.610 ms

--- 8.8.8.8 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 9973ms
rtt min/avg/max/mdev = 16.857/23.070/30.932/2.146 ms

--- 1.1.1.1 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 9978ms
rtt min/avg/max/mdev = 13.853/19.937/26.340/2.345 ms

What spec router are you running OPNsense on? How's it handling PPPoE at gigabit?

 

[Rainmaker]

My install date is next week,hoping to use asus router then switch to openwrt router to compare,
been on virgin for well over 20 years now,time for a change .

Zia

A similar boat to me, then! I stayed out of contract with VM for two years(!) and paid full whack, just because fibre was coming 'soon' and I didn't want to be stuck mid-contract when it did. I wanted out that badly... Being able to order the moment I received the Openreach email was nice.

 

[Rainmaker]

Ooft, yeah those pings aren't pretty. A freind of mine has been on VM for years, finally got FTTP recently and switched, and is blown away at how much more responsive it feels from the lower latency, the much faster upload and download being a big bonus too.

It's a Dell Optiplex 5050 SFF, running an i5 7500. Handles PPPoE fairly well, although CPU usage does get pretty high. I can still max out the connection on a wireguard VPN to Private Internet Access though, so it's not struggling too bad I think it would be nice if they moved away from PPPoE as it does carry quite an overhead.

Yeah, I looked hard for an ISP offering a /29 or better, /64 or better, and DHCP rather than PPPoE. TT residential do DHCP in favour of PPPoE but they don't offer static IPs (or even IPv6 iirc?). The business side does static IPs, but PPPoE only. As I'm sure you know, PPPoE is single threaded and poorly optimsed on *BSD at the moment. It runs a lot faster on Linux, but *BSD will manage with suitable hardware. A desktop class i7 shouldn't find much to worry about though!

 

[Rainmaker]

Nice! Currently, on my VM connection (which is variable as the wind, and shows the difference from my last post at night time):

ping -c 4 -i 0.5 bbc.co.uk
PING bbc.co.uk (151.101.0.81): 56 data bytes
64 bytes from 151.101.0.81: icmp_seq=0 ttl=57 time=26.157 ms
64 bytes from 151.101.0.81: icmp_seq=1 ttl=57 time=22.863 ms
64 bytes from 151.101.0.81: icmp_seq=2 ttl=57 time=26.432 ms
64 bytes from 151.101.0.81: icmp_seq=3 ttl=57 time=24.972 ms

--- bbc.co.uk ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 22.863/25.106/26.432/1.406 ms

 

[Rainmaker]

oh wow that is windy.
what have u set your dns too? i used cloudflare at the time of those results which tends to be fastest for me

I run my own DNS, on and off prem. A combination of dnsmasq (router), AdGuard Home (Rocky in an LXC on Proxmox, Radxa ROCK 5B) and Blocky (4 core 12GB RAM VPS in London). It won't materially affect your ping though mate, as once you've resolved the domain it'll be held in cache by your OS (and your router, and your upstream DNS).

 

[Rainmaker]

Would any of you chaps on Aquiss kindly run the testmy.net latency test and share the results link? You don't need to post a screenshot, I only did that to show you all what it is. Just click the green 'Test My Latency' button on the top left, and it will check every location in the list. The test takes a couple of minutes, but it should be very interesting to see the differences.

My results from VM Gig1 (which are crap, even on OpenWrt with cake and layer cake), tested from a 12 thread Ryzen 5500U machine over Ethernet:

TestMy Latency

testmy.net

 

[Rainmaker]

Thanks @ash888

 

[Rainmaker]

Some interesting data there, thanks again!

 

[Rainmaker]

https://www.waveform.com/tools/bufferbloat?test-id=79b2a599-a50d-444d-bd70-aa4d23705182

Looks similar to Speedtest.net results for loaded and unloaded.

Cracking result assuming no SQM already running, and symmetric too! Thanks for the results, they're very interesting.

 

[Rainmaker]

I do like a small ISP that actually provides the S in ISP

Just noticed this thread, ironically I have been looking at the ER8411 as an alternative to a UDM Pro or SE for similar reasons (simple life, fewer moving parts). I’m currently doing unspeakable things to shift packets (proxmox + OPN on virtual interfaces to pre-tag WAN VLAN, with a physical HA that’s not deployed yet, so you can imagine how much fun that is if I have to update the hypervisor), and just wanted a cleaner solution. I believe TPLink have addressed the IPv6 ACL issue according to the latest firmware release notes On paper, the numbers are impressive, and unlike Ubiquiti, TPLink seem to be open to feedback and if they can replicate the issue will deal with it, where as Ubiquiti have threads on the forums from 3 years ago about poor VPN performance with staff tagged that have just been ignored despite regular bumps/tags.

I’m going to have a play round with *wrt and perhaps OPN bare metal again, my ISP is DHCP but uses VLAN tagging on WAN, it’s simple enough to get OpenWRT/OPNSense to play nice, but both did some dummy spitting and required manually disabling and re-enabling the interfaces to restore connectivity and thats not going to work for me. Pre-tagging via proxmox virtual interfaces seemed like a simpler way to just present a clean DHCP interface to <insert distro here> and skip driver support issues on 2.5/10Gb NIC’s, but brings with it additional issues. I have almost resigned myself to an ER8411 sized box arriving next week.

Yeah, I saw that after I posted but tbh I didn't think anyone would care about the update. Serves me right for assuming! It seems a solid little unit tbf, especially now they fixed/added the IPv6 ACL, stateful firewall (I still can't believe they released it without one!) and QoS. The throughput (I'm assuming the specs are based on ~1500 byte packets) is phenomenal for the pricepoint, including multi-gig IPSEC/WireGuard/OpenConnect. I've run FOSS routers for *years* now, but this is really tempting me to the point I'm pretty sure I'll also have an ER8411 shaped box arriving next week. I'd really like to know what speeds it manages running QoS, but tbh I don't think I'll meaningfully need that on gigabit FTTP anyway. The only real bummer is that it's 2x SFP+ and then gigabit copper. It'd have been really nice if they'd made it SFP+ and 2.5Gb at least. Alas, I think they were aiming at undercutting the UDM stuff.

I have tried to shop around for alternatives, but there's really not much along those lines in the market that I'd consider buying - at least under four figures. Mikrotik stuff is always quite well regarded, yet seems afflicted by significantly higher prices despite all but their higest end gear having only a single SFP+ port and then a bunch of gigabit ports, which seems wasteful. At least the ER8411 can take in an SFP+ to RJ45 module for WAN (from the ONT) and still also downlink to a 10G switch for the LAN.

Some of the Chinese x86 units were tempting, with 1u 19" rackmount form factor, N100 or better, DDR5, 2x SFP+ and 6-8 I216-V copper ports. I had to work really hard not to buy one of those! TBH if it wasn't for the six week delivery projections I probably would have. Alas, I just want something that works, is reliable and covers the bases for upgrades and the bedrock functionality (SPI firewall, wirespeed PPPoE, IPv6, 1:1 NAT etc). That the ER8411 can last through 2.5 and 10Gbps WAN upgrades is just the icing on the cake.

 

[Rainmaker]

@zia stick some SQM/QoS on the upstream and you'll be golden.

 

[Rainmaker]

Will swap over to optiplex and have a play

Just spent over hr trying to cancel virgin media.....God i hate them

Zia

You can send them a letter and then just wait, saves the hassle. Otherwise, I found web chat painless enough (once I got past the 'What can we offer you?' script) - took about 20 mins. If you're using OpenWrt enable SQM, set the speed to 0 on downstream and 100000 on upstream, choose cake and piece of cake, link adaptation Ethernet, overhead 44 mpu 84. See how you go. If it's anything else (i.e. fq_codel) try setting an upstream shaper only at 100000 but you may need to tweak down to 95000 or so. Post your results!

 

[Rainmaker]

I get D, and latency of 17 and +15ms. Not great.

I actually think something's wrong with the WaveForm site. My VM line has always been A+ on there, with SQM+cake enabled. This week I can't get past an 'A' but usually get B-F depending on settings, and my downstream is borked no matter what I try. If I test with Cloudflare, speedtest.net CLI (up and down ICMP under load), DSLReports or whomever it comes out fantastic. Flent confirms my line is as tight as a drum, but that site just keeps on saying it's horrific. It actually often gives me the exact same result whether SQM is enabled or disabled(!), so something's definitely not right.

Try speedtest.net and see what your latency is at idle, and under load (down and up), or better yet run a Flent RRUL test to Dave Taht's server london.starlink.taht.net.

 

[Rainmaker]

Here's an rrul test (Flent) on VM, which WaveForm currently says is awful (F grade) on the downstream. As you can see, the line's perfectly fine, especially for VM:

 

[Rainmaker]

I couldn't figure out how to use that.

You can use it from CLI or the GUI. Download per the instructions in the link I provided earlier. Open the GUI then CTRL + R for a new test. Test name is RRUL. Output directory for the data file and any saved pics (eg /home/user/flent or C:\flent) but remember the directory should already exist. Set the destination host to Dave's server at london.starlink.taht.net. Test title whatever you like (eg sqm-900-100). Leave the rest as-is and click 'Run test'. After 70 seconds you'll have some pretty graphs and can scroll through them using the menu on the right. the 'all scaled (Download, upload, ping (scaled versions))' is the primary one. Run it when the network is quiet (i.e. no torrents, game downloads, etc) and if you need any more help just shout mate.

 

[Rainmaker]

OK after some heavy testing, it definitely seems like either something's screwy with WaveForm atm, or the routing is busted to it on VM. However, rejoice! Cloudflare offer a very similar (much faster, more informative) test! It loads the connection, measures latency and jitter and all the other goodies, and then rates your line. Their 'great' is equivalent to A+ on the other site, good is A-B and anything below that, you don't want anyway. The page is long, and gives all the various speed results (small file sizes through to large file sizes, hence the 'steps' in the speed graph), all the latency info for up and down, etc.

Here's mine with OpenWrt and SQM/Cake. The downstream is restricted to favour latency, I could get much more speed but I prefer the lower ping:

...and switching to fq-codel instead for lulz:

Give it a go, and report back if you like. This test tallies with the rrul test and I'd trust this over the 'your SQM has no effect' results offered by WaveForm atm. BTW, my install is today (Monday) and I should be asleep... and yet here I am nerding out over latency, on a connection that I'm about to throw into the bin anyway lol. I'm just practising for Aquiss, honest.

 

[Rainmaker]

Well, install day arrived! The install itself went without a hitch, though after the engineer left I couldn't sync OpenWrt due to PPPoE errors. It kept saying the auth failed, so I after half an hour I called Martin at Aquiss. I have to say, I've only spoken to him on ticket before, and he's one of the nicest chaps I've spoken to in a long time. Down to earth, helpful, polite, professional and a real sense of humour lol. That guy knows his onions! Long story short, the engineer hadn't signed off the job (yet) so the ONT wasn't activated fully. While we were troubleshooting (direct connection from MBP to the ONT, no router, failed also), it just sprang to life.

Oh. My. God.

Single digit latency, jitter measured in μS not ms, and the speed is absolutely instant and rock solid. I had some minor bloat on the line out of the box (as is expected when a big pipe bumps into a smaller one), but SQM soon fixed that. I'm still tweaking, but basically ping 8-10ms, loaded exactly the same (up and downstream), jitter a few μS. I'm in love!

I couldn't recommend Aquiss highly enough, and thanks to Martin for being such a nice bloke and actually knowing his **** and being no-nonsense.

Changeover from VM (LOL):

Bear in mind there are five other people at home 'Internetting' atm:

Win! @zia are you using any advanced parameters (eg setting LLA to Ethernet with overhead 44 and nat dual-dsthost ingress besteffort mpu 84 and nat dual-srchost ack-filter besteffort, or just straight entered the speeds in the GUI and away? I'm still tweaking. It was very usable out of the box, but hackers gotta hack lol.

 

[Rainmaker]

Yep LLA on ethernet overhead at 44,mpu at 84,everything else on default.

Zia

Yup, spot on. I think I was over-egging it... Too used to having to beat VM into submission with the nuclear arsenal. Once I dialled it back and removed the extra 'dangerous' options it actually improved again(!). Bear in mind I have half a dozen people in the house (me, wife, four kids who are more addicted to the Internet than even I am) and also am running half a dozen servers and a Tor Snow flake Proxy (constant up/down bandwidth), I think this is more than acceptable!

I think I'll include a 'LinusTorvaldsToNvidia.jpg' pic with the Virgin 'SuperHub' when it goes back...
Edit: Because I didn't mean 'that' kind of snow flake and it was censored for no reason.