I looked all over for this information; I found it, essentially, in no one place. While this is not FreeNAS-related per se (hence, it is in Off-Topic), I still decided to put this post here because not only will it be academically interesting to many of you, but I suspect many people just like me (minus the FreeNAS) will stumble upon it because they are searching for this information, and maybe, they'll join us in FreeNAS. :) A disclaimer, however, before I begin: I only figured this stuff out to precisely the extent that I needed in order to make correct decisions about what equipment to buy; I am not an expert on Verizon's product line, nor am I an SME on the underlying FiOS technology.
In the United States, and in most suburban areas (urban areas are sometimes left out) with people with decent incomes, Verizon has had a product out there for just over ten years, called "FiOS". The gimmick with this product is that it's essentially FTTP (fiber-to-the-premises): fiber comes straight from the backbones to the "last mile" as they say, and then to (usually the side of) your house, where it terminates in an ONT, and provides customers with "triple play" services, to include cable TV, internet, and the modern instantiation a la fiber of POTS. These interface readily to the pre-existing phone wire and/or coax in your home. The centerpiece technology (aside from the FTTP) is something called MoCA, which, in a nutshell, allows ethernet to be carried on coaxial cable, "out-of-band" as it were.
Back in the day, Verizon provided 5, 10, or 20'ish Mbps (at first asymmetrically, but later same up and down) internet service; that seemed pretty impressive in 2006. When they used to do this, they simply didn't even fire up the ethernet on the ONT, they just delivered the whole cable TV + internet over the single coaxial feed, using "MoCA for the WAN". They had this really monstrous and technologically immature router from ActionTec known as the MI424, and this router MoCA'd that internet connection for you into 4 bound ethernet ports right on the MI424 plus 802.11b/g. At the time, there wasn't a lot of MoCA equipment people like us could just buy on the market, and there wasn't much call for it. Net result: You more or less needed that MI424 inline if you wanted to get things like video-on-demand and program guides, which were all provided over IP to the set-top box(es), which themselves were MoCA devices, unbeknownst to anyone really. The main problem here was the MI424 (or at least, the firmware) was never a totally satisfactory thing, and higher-level hobbyists that were using FiOS (like me) lamented both that we were essentially trapped on the MI424 (the only escape came at too high a cost of convenience), and that the thing was just a disaster (e.g., many models had such woefully small NAT tables that they could be overpowered by simply searching for available Day of Defeat servers on Steam), and to really top it off, had terrible wireless range, and performance. Later revisions of the MI424 brought to bear things like GigE on the LAN and better 802.11, repaired some of the earlier boo-boos, but it was still painfully clear to any advanced user that it was really sub-par stuff.
Over time Verizon got better. They rebranded the current instantiation of FiOS as "Quantum" (I guess?) and provided now this G-1100 router, which handles the 50, 100, 150+ Mbps that we now have on FiOS, which seems to work somewhat differently in terms of topology. The G1100 has MoCA, good routing tables, OK performance, and a much improved (but still disappointing) wireless access point. While still disappointing, because the router is designed for Aunt Sally, not DrKK, I would have probably lived with it. But now the story gets interesting.
For these higher speeds, Verizon has NOT been using the MoCA for the WAN. Verizon has been using a direct ethernet connection. That direct ethernet connection gets fed in the G1100, which then busts it out like any switch to its 4 LAN ports. There is also a coaxial port on the G1100 which has NOTHING to do with the cable TV (yes, you heard that correctly---there is a *SEPARATE* coaxial cable from the ONT that never touches the "router" that carries your cable TV), but merely provides a LAN MoCA bridge to your network. If you look over your FiOS Quantum FiOS install, you should see two things coming in through the ONT: Ethernet, and the coaxial cable for the cable TV. There is this coax from the G1100 which MEETS with the aforementioned coax, presumably in a splitter, near in the network ingress point. This latter has NOTHING to do with the Cable TV, and EVERYTHING to do with everything else.
Consider your set top boxes. You should notice (with Quantum) one of them, presumably the most convenient/out-of-the-way one, is a big, heavy, box, that has all your hard drives (DVR) in it, and so on. I will call this the "master" STB. The remaining boxes are these tiny things, with a tiny PCB in them, about the size of a paperback book, they are the "slaves" in my nomenclature. Here's the deal:
You can see this in action---disconnect your master STB, and you will see that you cannot watch TV now any of the slave boxes, even though all slave boxes have access to the CATV signal on the coax, see. So essentially, this means that any cable TV you are watching on any of the slave STB's, is really IP television provided to you on demand from the master box. But this also means something else: you'll notice your slave STB's have an ethernet port on back. Sure enough, if you disconnect the coax ENTIRELY, and just hook up your ethernet, you are going to be able to watch TV. Further proof that you're watching IP television on the slave boxes. This was the moment of revelation for me.
- The master STB presumably gets an IP address from DHCP over its MoCA, and announces its presence (either at the IP or ethernet layer, didn't investigate this thoroughly).
- The slave STBs do the same, and they listen for their master.
- If you watch TV at the master STB, the master STB appears to demultiplex the requested cable tv channel from the traditional CATV signal on the coax, and presents it to you.
- If you watch TV at a slave STB (and this is interesting), the slave STB appears to tell the master STB what channel you want. and the master STB now demultiplexes that channel for you, and sends it up to the slave STB via IP/ethernet, typically getting to this layer on MoCA (because all STB's are MoCA boxes as well).
So, I have problems with running Verizon's G1100 router:
These problems were "annoying". I understand why they have port(s) open into your LAN---if they didn't, they're going to triple their hassle and cost with all of the morons using FiOS calling customer server for lost wi-fi passwords and whatnot. I understand they have to charge for things and make a profit. etc. I get it. I would have let it slide. But then the most annoying thing of all time happened:
- They open ports, that I cannot un-open, nor control. I do not want Verizon on my LAN.
- The wireless, while better, is not sufficient.
- They charge me to run it, and I don't want to run it.
- If it were up to me, there'd be a far more cuspy network in play, with routers I totally control.
So I decided it was best not to even call. It was time, now, to cut Verizon's router totally out of the loop, because I knew I couldn't rely on it. The next I'm in China, or Australia, or, hell, even at work for the day, and router drops, and I have a wife and kids going apecrap? No thanks. So that's when I began to try to unravel the mess.
- The MoCA LAN on the G1100 started flaking out a bit. Like, the hardware piece, not something Verizon was doing. It would totally drop out of service for hours at a time, and since I was using MoCA at my office, and for my wireless access point (Ubiquiti AC-LR), having the router drop its LAN connection meant all of *MY* stuff was no longer on the LAN. That, my friends, wouldn't fly.
- The thought of calling Verizon and explaining this to them filled me with dread.
- I knew neither the first, second, nor third level of person I'd talk to at Verizon would understand what I was saying, and it would take the fourth level.
- I knew that each level represented a 30 minute wait time.
- I knew that each level represented 20 units of systolic blood pressure increase.
Ultimately, after trying several lower-priced versions, I determined that there was no substitute for the Actiontec MoCA bridges. These are by far the best made, and most reliable MoCA bridges for consumers out there. I went to the Verizon router, I disconnected the LAN MoCA coax from the router and splitter (leaving, obviously, the cable TV cable--that is nowhere near the router--in place), and instead ran it to the separate ActionTec MoCA bridge, my own piece of coax, and ethernet connection back to the router. Currently, these guys are $70 apiece in the United States. I used the Actiontec bonded MoCA 2.0 bridge to provide my own LAN to coax bridge at the router side, leaving the G1100 in place for now. That worked, and immediately, everything was working better on my LAN. Excellent. Then, after some discussion, I decided I need a proper Nerd's Router....the kind you can't buy at most stores, and the kind you don't even know how to begin using unless you're practically a sysadmin. For these, the two main low-cost players are MikroTik and Ubiquiti Edge Router. As I am a big Ubiquiti fan, I was partial to the Edge Router. But there's a pesky and horrifying UDP-reordering bug that so far has resisted a fix, for over a year, with the CPU's on those products. As I run some pretty serious UDP both LAN-to-LAN and WAN-to-LAN, that was a non-starter for me (sorry, Ubiquiti, I wish it were different). So I went with the MikroTik hEX router.., which is an amazing little tiny 4-watt thing slightly larger than a pack of cigarettes, yet orders of magnitude more beefy than Verizon's router.
Now. If you've never used something like this before, it's hard core as hell. These things are way way way way more complex than 98% of people out there can even dream of using. There are no pretty menus with easy to understand options. You basically have to program these things from the command-line interface, or from a GUI which is only half a step away from a command line interface. You "forward a port", for example, by accessing the Internet Protocol menu, firewall rule submenu, then inserting a routing rule, putting it in the dst-nat chain, tieing that to ether1 on the input and for IP packets that match protocol 17 (or 6, or whatever your use-case is), and then triggering the action dst-nat to such-and-such an IP address and port address on such-and-such ports on such-and-such switch chip in the router. The word "port forward" occurs nowhere, in any of the approximate 150 subsections. But let me tell you, *IF* you can handle it, the feeling of joy you will experience is unbounded, once you have this thing running. So I'm not going to tell you how to handle a MikroTik router, but if you can handle it, let me tell you, that's the best $60 you'll spend in your life. Here is one tip you'll need: Most people are accustomed to their ISP-provided router providing "Hairpin NAT" for them automatically---this router provides nothing at all. You'll want to put a LAN-to-LAN Hairpin NAT as a "masquerade" in there. If you don't, then any WAN-looking requests you make from inside the LAN to destinations in the LAN won't route correctly. (for example, if your WAN IP is 22.214.171.124, and you have a port forward from port 19999 to port 20000, and you try to access 126.96.36.199:19999 from within your LAN, it won't work right). Anyway, you'll need that tip most likely ;)
So here we are. The G1100 now serves no function in my network, and I have removed it from the network. Every feature of FiOS works, including all video on demand, all television, all program guides, etc. Join me in liberation, friend.
View attachment 21366 View attachment 21367
On the left, the Actiontec MoCA bridge, and the Mikrotik hEX router, grand total, approximately 5 watts, and about 10 times the performance and reliability of the G1100, pictured at right, with suggested treatment.
Edits: For missing words/typo, also spelling of "MikroTik" vs "MicroTik"
Hi. just found your posts about VZ and Fios. Very helpful. I want to confirm what I believe to be the flow of data in your original G1100 setup as well as your new setup. Basically do both the G1100 and your new router pass the VOD/GUIDE data through to the RJ45 ports even though in the G1100 splits (copies?) it to the coax? I'm assuming yes. Also when you say you connected the MOCA adapter to an ethernet port on the router, you mean a LAN port, not the WAN port. I assume the WAN port still has the ethernet cable connected from the ONT.
Am I correct in saying the Guide/VOD data continues as IP data over COAX and the STB can handle both standard tv cable signa (digital I assume) as well as IP data (VOD/Guide).
So basically you replicated/replaced the G1100's internal MOCA adapter with the external actiontec moca adapter. This allowed you to use your own router (mikrotik). This all sounds good to me but assumes the router can pass the VOD/Guide data to it's LAN ports. Apparently the G1100 did this by default. Did you have to do anything special with your mikrotick to pass the VOD/Guide data? In other words can I use a decent SOHO consumer router? We only have one STB (no slave/secondary STB's).