Router needed for FTTH broadband.

Energize

Energize

Energize

Caporegime
Joined
12 Mar 2004
Posts
29,962
Location
England
At our riding school in the country we've just had a 1GBit fibre connection installed, I get the full 1000Mb/s up and down but the router B4RN they've supplied is crap, there is no ability to restrict ports on the router to specific wan addresses so rdp, sql etc on the server would be open to attack by the world, I believe the router/gateway is a Genexis model. I don't have any experience with these kind of connections, so I'm not sure what kind of router would act as a suitable replacement. Any advice here would be appreciated guys. :)
 
Is the supplied router also the modem for the FTTH connection? Any chance of pictures of the connection/port going into it?
 
Sophos SG 135 with a media converter to turn the fibre into copper. Or a SG 310 if you're loaded and want a single box solution.
 
Orcvader said:
Is the supplied router also the modem for the FTTH connection? Any chance of pictures of the connection/port going into it?
Click to expand...

I may be wrong but a glance at their website talks of a wall mounted CPE and seems to indicate that it's just an ethernet connection to the pictured router. Personally I'd build a well specced pfSense box for a couple of hundred quid, or you could even install Sophos UTM on it instead. As Caged said Sophos make some good stuff. Ubiquiti edgerouters of various descriptions would also fit the bill if it's just an ethernet cable for the WAN input.
 
I think we should also clarify if you want a basic router with NAT functionality and a stateful firewall or a full UTM solution.
 
Orcvader said:
Is the supplied router also the modem for the FTTH connection? Any chance of pictures of the connection/port going into it?
Click to expand...

This is the installation guide.
http://www.genexis.eu/medialib-download/693/drg700-version-2-quick-installation-guide-.pdf

I'll try to get a picture when I go later on today.

Caged said:
I think we should also clarify if you want a basic router with NAT functionality and a stateful firewall or a full UTM solution.
Click to expand...

Basic router is fine really, I just really need a way to prevent opening up ports to any random ip address. Which cheap home routers seem to offer yet this doesn't. I know that £50 a month isn't expensive for gigabit Fibre but I would still expect them to supply something fit for purpose when selling to a business!
 
Last edited:
Looks like the fibre terminates on a couple of SC connectors according to http://www.genexis.eu/medialib-download/716/drg-ftu-quick-installation-guide.pdf.

So in theory you could get a couple of SC couplers and an SC to LC pigtail and shove it into an SFP attached to an Ubiquiti ER-X SFP. This totally depends on the ISP supporting you with this - you'd need to know IP address ranges, VLANs, MTU values etc.

Edit: Looking closer at the install guide it appears to be one fibre for TV and one fibre for data services, so you'd need to get a bidirectional SFP in the wavelengths in use by B4rn. I would probably spend a bit of time looking for a way to bridge the incoming fibre straight through to an ethernet port before replacing the whole thing.

Edit again: This is the SFP module that will be compatible: https://www.flexoptix.net/en/produk...-transceiver-sc-10km-tx-1310nm-rx-1550nm.html. You'd still need to confirm that you'd have support of the ISP to do this, and would need VLAN details etc. Get as many screenshots as you can from the CPE UI and post them here and I'll take a look.
 
Last edited:
Caged said:
So in theory you could get a couple of SC couplers and an SC to LC pigtail and shove it into an SFP attached to an Ubiquiti ER-X SFP. This totally depends on the ISP supporting you with this - you'd need to know IP address ranges, VLANs, MTU values etc.
Click to expand...

Just to note the Ubiquiti ER-X-SFP does not have hardware offload -

The ERL has more hardware support for routing to achieve it's 1M+ PPS performance numbers, but there is currently no offload support for bridging so even the ER-PRO will have poor performance if you need to use it as a switch.

Enter the ER-X-SFP: a device that can be a good switch AND a very feature-rich router.

The ER-X-SFP is built using a hardware switching platform, so you get all the features and functionality of the ERL but the benefit of an SFP port to support a fiber uplink, and line-rate switching performance. While the routing path for the ER-X-SFP doesn't have the offload of the ERL or ER-PRO, it does have 130K PPS performance, which is somewhere between a Cisco ISR 1841 and 1941 (devices that cost $1,000), and about 500 Mbps for "average length" packets around 512-bytes.


https://community.ubnt.com/t5/EdgeMAX/ER-X-SFP-Vs-ERL/td-p/1232338
Click to expand...
 
Yeah, I was weighing it up against the pricing though. Larger packets will give you better throughput, if you want to go much past 500Mbps then you'd have to step up to the EdgeRouter Pros which are closer to the £300 mark.

If you have the option to bridge from the existing CPE then you can use the EdgeRouter Lite which is great value and will more than handle the throughput. It's the SFP cage requirement which limits your options to the pricier models.
 
I received an email about the issue from the ISP.

"Since your phone call this afternoon I’ve been doing some thinking about your router and I realised you probably don’t need one with an sfp, you can still use the B4RN termination unit and attach your own router to that but it may still prove expensive."

What I don't understand is why they don't give an option to use your own router by default, it limits consumer choice. Why not use standard connections that other fibre providers do?
 
Last edited:
All providers that run fibre direct to the premises will terminate it with active equipment that hands off on copper (up to a gigabit at least). In B4rn's case it seems like this device also has basic 'home user' level routing and wireless built in. If there's a way to disable all of that and have the fibre connection passed straight through to LAN1 or something then that will be your best bet.

There's no real information on B4rn's website about this so you'd need to ask them how to turn their device into a bridge.
 
I received another email today about the options,

  1. ​Create a point to point connection between the Genexis router and the customer router and configure double NAT to forward traffic between the two.
  2. Take up the option of assigning an IP for the business for an additional £5 per month which would then bridge between the Genexis router and one of your choice.
The main issue really is the complete lack of firewall on the device so all outgoing traffic is allowed and incoming traffic on forwarded ports. The other option would be to buy a firewall and have all traffic going through it, however most firewalls I've looked at only seem to have a firewall throughput of ~100Mb/s. I only need a stateless firewall with a high throughput.
 
Last edited:
Caged said:
All providers that run fibre direct to the premises will terminate it with active equipment that hands off on copper (up to a gigabit at least). In B4rn's case it seems like this device also has basic 'home user' level routing and wireless built in. If there's a way to disable all of that and have the fibre connection passed straight through to LAN1 or something then that will be your best bet.

There's no real information on B4rn's website about this so you'd need to ask them how to turn their device into a bridge.
Click to expand...

I've been looking into these Edge routers and the Lite version seems perfect. If I can have a router that will give me 1GB/s wan to lan firewall performance, that would be perfect, £50 seems like a bargain.

The ISP mentioned either using a point to point connection between the two routers or bridging them, what are the pros/cons of both these options. And as the above poster mentioned, is it not possible to just set the 2nd router as a DMZ host and send all traffic to it like I would a pfsense firewall?
 
You must log in or register to reply here.
Back
Top Bottom