The story of the internet in Germany and the undocumented features of Juniper SRX
Hello!
While the idea of the second part of the article about moving to Germany gradually acquires clear outlines, I decided to tell a little about how I set up the home Internet here for my specific IT needs.
Internet in Germany is a thing in itself. There is no Ethernet, and even more so PON, in apartments here in 99% of cases is not carried out. Optics, at least to the basement, are also rare luxury. The market here is divided between providers offering the Internet on various xDSL technologies, and cable TV operators, distributing the Internet via DOCSIS. The lines, as a rule, are in good condition, and the speed can be obtained quite comparable with the "traditional" methods of connection.
')
All this is good and quite enough for most home users, but as soon as you want to connect your own router, problems begin. If you also use IP-telephony, VPN and other similar things, everything becomes completely sad. What is for DSL, that for DOCSIS, the choice of routers is extremely limited here, and when connected, providers issue the most widely used “soap dishes”, many of which simply do not know how to work in bridge mode. That is, you have to either additionally buy an expensive modem, or set up your router for NAT, or abandon the idea altogether. After tormenting some time in trying to “make friends” with your Juniper SRX100 and provider Fritz! Box 7590 , I did some research and at a very good price I bought Juniper SRX220H on eBay, and MPIM - VDSL2 modem module, SRX-MP-1VDSL2-A .
But then begin the tricks.
As follows from the description, this module supports VDSL2 Annex A (that is, VDSL over POTS), while in Germany, VDSL2 Annex B (VDSL over ISDN) is widely used. There are no modules for Annex B for Juniper SRX in nature; support for this standard is stated only for Juniper SRX110 embedded interfaces. Moreover, the Juniper technical documentation clearly and clearly states that VDSL Vectoring (cable interference suppression mode) actively used in Germany is not supported for VDSL2 Annex B, even in SRX110. Dead end? Not at all. A familiar networker from Düsseldorf, having a little less than dofig Juniper certificates, explained to me that the chips on which these modules are built support VDSL2-B by themselves. But, since these solutions were “sharpened” for the most part under the US market, where Annex A is commonly used, they were not tested on European networks since Annex B. Following the Juniper logic, “not tested” means “not supported.”
Another feature is that VDSL Vectoring is supported only in the latest modem firmware, version 2.16, my module came with firmware version 2.10. Not having found the firmware in open access, I wrote to the Juniper forum , and on the same day, the tech support sent me the desired firmware - absolutely free. Manual for updating the firmware is here , it is quite trivial.
Okay, enough of the lyrics. Below is an example of setting up the SRX-MP-1VDSL2-A on the SRX220H router for the Vodafone provider. In principle, this will work for any provider that uses PPP through VDSL2 Annex B, only the credentials will need to be substituted. Go:
1. Check the firmware version of the VDSL modem:
2. Configure the VDSL interface. It's all very simple. The Vlan number used in Germany by the overwhelming majority of providers is 7:
Important: do not specify the VDSL profile, leave the auto! If you specify it explicitly, for example, 17a for a speed of 100 Mbps, the modem will rise to Annex A, and synchronization with the DSLAM will not work.
3. Configure the PPPoE interface:
Here, too, has its own nuances. For each provider, they are different, but specifically for Vodafone - in the paper with the credentials that you receive when you connect, the login for PPPoE is given in the form ab12345678. This is enough for local “shared” routers, because when they are configured, the provider must be selected, and depending on it, the router itself forms the configuration. But with fully manual configuration on non-standard equipment, as in our case, the correct login string will be like this: "vodafone-vdsl.komplett / ab12345678".
4. That's all. Register security zones, commit, and check:
5. Profit. Now we have a direct connection of the router to the provider, with an external IP on the interface, without any intermediate devices and additional NATs. At the same time, Juniper keeps the connection much more stable than the Fritz! Box - that once every two or three days there was a synchronization failure, and after installing the SRX220 such problems are no longer observed.
PS Alarm is on because I changed the circuit for turning on the coolers and powered them through a separate controller to reduce noise. In JunOS there is a trigger for low revolutions of the coolers, it actually works. The temperature at the same time remains within the normal range.
PPS Owl on the router - the work of my sister. We have a lot of owls in the apartment :)
While the idea of the second part of the article about moving to Germany gradually acquires clear outlines, I decided to tell a little about how I set up the home Internet here for my specific IT needs.
Internet in Germany is a thing in itself. There is no Ethernet, and even more so PON, in apartments here in 99% of cases is not carried out. Optics, at least to the basement, are also rare luxury. The market here is divided between providers offering the Internet on various xDSL technologies, and cable TV operators, distributing the Internet via DOCSIS. The lines, as a rule, are in good condition, and the speed can be obtained quite comparable with the "traditional" methods of connection.
')
All this is good and quite enough for most home users, but as soon as you want to connect your own router, problems begin. If you also use IP-telephony, VPN and other similar things, everything becomes completely sad. What is for DSL, that for DOCSIS, the choice of routers is extremely limited here, and when connected, providers issue the most widely used “soap dishes”, many of which simply do not know how to work in bridge mode. That is, you have to either additionally buy an expensive modem, or set up your router for NAT, or abandon the idea altogether. After tormenting some time in trying to “make friends” with your Juniper SRX100 and provider Fritz! Box 7590 , I did some research and at a very good price I bought Juniper SRX220H on eBay, and MPIM - VDSL2 modem module, SRX-MP-1VDSL2-A .
But then begin the tricks.
As follows from the description, this module supports VDSL2 Annex A (that is, VDSL over POTS), while in Germany, VDSL2 Annex B (VDSL over ISDN) is widely used. There are no modules for Annex B for Juniper SRX in nature; support for this standard is stated only for Juniper SRX110 embedded interfaces. Moreover, the Juniper technical documentation clearly and clearly states that VDSL Vectoring (cable interference suppression mode) actively used in Germany is not supported for VDSL2 Annex B, even in SRX110. Dead end? Not at all. A familiar networker from Düsseldorf, having a little less than dofig Juniper certificates, explained to me that the chips on which these modules are built support VDSL2-B by themselves. But, since these solutions were “sharpened” for the most part under the US market, where Annex A is commonly used, they were not tested on European networks since Annex B. Following the Juniper logic, “not tested” means “not supported.”
Another feature is that VDSL Vectoring is supported only in the latest modem firmware, version 2.16, my module came with firmware version 2.10. Not having found the firmware in open access, I wrote to the Juniper forum , and on the same day, the tech support sent me the desired firmware - absolutely free. Manual for updating the firmware is here , it is quite trivial.
Okay, enough of the lyrics. Below is an example of setting up the SRX-MP-1VDSL2-A on the SRX220H router for the Vodafone provider. In principle, this will work for any provider that uses PPP through VDSL2 Annex B, only the credentials will need to be substituted. Go:
1. Check the firmware version of the VDSL modem:
vlad@fra> show system firmware
Part Type Tag Current Available Status
version version
FPC 2
PIC 0 VDSLBCM 10 2.16.0 OK
Routing Engine 0 RE BIOS 0 2.8 2.8 OK
Routing Engine 0 RE BIOS Backup 1 2.8 2.8 OK2. Configure the VDSL interface. It's all very simple. The Vlan number used in Germany by the overwhelming majority of providers is 7:
pt-2/0/0 { vlan-tagging; vdsl-options { vdsl-profile auto; } unit 0 { encapsulation ppp-over-ether; vlan-id 7; } } Important: do not specify the VDSL profile, leave the auto! If you specify it explicitly, for example, 17a for a speed of 100 Mbps, the modem will rise to Annex A, and synchronization with the DSLAM will not work.
3. Configure the PPPoE interface:
pp0 { unit 0 { ppp-options { chap { default-chap-secret "$SuperSecretPassword"; ## SECRET-DATA local-name vodafone-vdsl.komplett/ab12345678; passive; } } pppoe-options { underlying-interface pt-2/0/0.0; idle-timeout 0; auto-reconnect 5; client; } family inet { mtu 1400; negotiate-address; } } } Here, too, has its own nuances. For each provider, they are different, but specifically for Vodafone - in the paper with the credentials that you receive when you connect, the login for PPPoE is given in the form ab12345678. This is enough for local “shared” routers, because when they are configured, the provider must be selected, and depending on it, the router itself forms the configuration. But with fully manual configuration on non-standard equipment, as in our case, the correct login string will be like this: "vodafone-vdsl.komplett / ab12345678".
4. That's all. Register security zones, commit, and check:
vlad@fra> show interfaces pt-2/0/0 media
Physical interface: pt-2/0/0, Enabled, Physical link is Up
Interface index: 148, SNMP ifIndex: 533
Type: PTM, Link-level type: Ethernet, MTU: 1518, VDSL mode, Speed: VDSL2
Device flags : Present Running
CoS queues : 8 supported, 8 maximum usable queues
Current address: 48:a0:52:b9:62:51
Last flapped : 2018-02-23 00:36:23 CET (17:11:57 ago)
Input rate : 0 bps (0 pps)
Output rate : 376 bps (0 pps)
VDSL alarms : None
VDSL defects : None
VDSL status:
Modem status : Showtime (Profile-17a)
VDSL profile : Auto Annex B
Last fail code: None
Subfunction : 0x00
Seconds in showtime : 61918
vlad@fra> show pppoe interfaces
pp0.0 Index 95
State: Session up, Session ID: 111,
Service name: None,
Session AC name: BGEJ00, Configured AC name: None,
Remote MAC address: a0:4d:2c:54:92:d6,
Session uptime: 17:12:02 ago,
Auto-reconnect timeout: 5 seconds, Idle timeout: Never,
Underlying interface: pt-2/0/0.0 Index 945. Profit. Now we have a direct connection of the router to the provider, with an external IP on the interface, without any intermediate devices and additional NATs. At the same time, Juniper keeps the connection much more stable than the Fritz! Box - that once every two or three days there was a synchronization failure, and after installing the SRX220 such problems are no longer observed.
PS Alarm is on because I changed the circuit for turning on the coolers and powered them through a separate controller to reduce noise. In JunOS there is a trigger for low revolutions of the coolers, it actually works. The temperature at the same time remains within the normal range.
PPS Owl on the router - the work of my sister. We have a lot of owls in the apartment :)
Source: https://habr.com/ru/post/349838/
All Articles