[ale] An unnecessary outage

Ron Frazier atllinuxenthinfo at c3energy.com
Sat Jun 25 10:39:40 EDT 2011


Michael,

I know this thread is old, but I thought I'd throw a small item in.  You 
mentioned that Comcast appears to only have SMC equipment.  I'm a 
Comcast customer, with 16-20 Mbit internet plus 3 telephone lines.  The 
modem I have is an Arris Touchstone telephony modem.  Also, I think I 
had a Tarayon (spelling?) modem at one time.  That might have been 
Docsis2, but I'm not certain.  Regardless, I don't know if they ever let 
you get much access to those devices.  If it's worth the money to you, 
you could consider Comcast Business Class service.  I think they have 
higher up time and faster tech service, but I've never looked into it 
since I generally don't need more than the residential service gives 
me.  When it does go down, on occasion, it is very annoying.  I once had 
to rangle around with tech support for two weeks about intermittent 
problems.  I finally got them to escalate the problem and send a tech 
with some specialized knowledge and test equipment.  He found that 
someone had put a nail into the cable line up on the power pole.  They 
replaced that cable segment, and everything was cool.  For the most 
part, though, the service has been pretty good.  If you have reason to 
doubt the cable modem for some problem, I think they can replace that to 
you in person if you drop by one of their cable TV customer service 
offices.  I know they have to send a tech out if you're a telephone 
customer.  I also shut everything down when the lightning gets near the 
area.  I read that GA has the second highest incidence of lightning in 
the country.  I have lost about $500 - 1000 worth of mostly non computer 
equipment to power issues even with surge protectors on most every outlet.

Sincerely,

Ron

On 4/13/2011 5:34 PM, Michael B. Trausch wrote:
> On 04/13/2011 01:50 PM, Matt Rutherford wrote:
>    
>> Lurker cable person here. First, what's hardware version of the SMC? You
>>      
> It's a pretty heavily locked down SMC D3G, r1.01.  While I have access
> to the Web-based UI, it's pretty useless---just enough to see what it's
> doing, and configure some basic firewall-type behavior.  That's pretty
> much it.  It has the upstream capability to do things like VPN and flash
> updates, but I have access to none of those options.
>
>    
>> might check if there are known-fix options for it. Do you have access to
>> the GUI on it via it's local gateway IP? I've worked with some of the
>> 'business class' SMC modems that cable companies use and there are some
>> weird issues with some versions. That said, I've been on the support end
>> of the line plenty of times with residential cable modems where a
>> problem on the internal network (typically the routers) will actually
>> offline a modem entirely or cause serious problems with the network. So
>> there is no 100% guarantee that the modem won't be impacted on the
>> DOCSIS/RF side of things by a device in the home. Same goes for anything
>> throwing enough static sharing the same power strip, though happens less
>> often overall.
>>      
> Joy.
>
>    
>> Do you know what happened to the Linksys? I'm just curious if this was
>> an issue where the Linksys and the modem were fighting for control of
>> default gateway route, or something more hardware-level. Most modems
>> providing NAT or bridge/routing mode still advertise a local address
>> (for residential cable modems typically 192.168.100.1) that you can use
>> to reach their GUI and check diagnostics. If the Linksys got reset to
>> defaults or conflicting settings, I can see that causing problems.
>> Hardware level stuff can be much more random-seeming.
>>      
> The problem started yesterday at just a little after noon (12:06 was
> when my alarms started going off).  We were experiencing a lot of high
> winds then, so I'm guessing that we probably experienced a slight power
> surge.  The Linksys device probably stopped functioning properly at that
> time.  It seems to me that they are sensitive to things like certain
> types of power spikes.  This is the first time this one has ever done
> that and it's been here for seven months or so now.  (That said, it's
> malfunction should have affected only its network segment, seriously.)
>
> The tech unplugged the Ethernet cables one-by-one from the SMC box and
> when he unplugged the one that goes upstairs to feed the Linksys
> wireless router, the cable modem started working correctly.
>
> The other interesting thing to note is that this happened not just with
> one SMC box, but two of them (the second one being brand new).  That is
> why I have the feeling that this is some sort of result of a design
> flaw.  I cannot recall _ever_ having a switch that suffered complete
> failure when one device on it was misbehaving.
>
>    
>> Replacing the SMC with your own equipment it depends on how your
>> provider has their IP routing set up. I've mostly seen RIPv2 based
>> routing for 'business class' or static IP service from cable ISPs. This
>> requires your modem to have the static IP configurations in place and
>> the (non customer visble/secret) RIP key in place to make these IP's
>> route to the modem at the premises. This means that cloning the MAC
>> address alone of the device won't set up the modem to route your /28.
>>      
> Sigh.
>
> Never did I think that AT&T would have a point in its favor, but it'd
> seem it does.  The way _they_ do static-address subnetworks is to update
> a routing table on their network whenever a PPPoE session is started for
> a customer that has it.  I confirmed that when I swapped out my client's
> AT&T provided DSL modem with one from Fry's (which I did because AT&T
> swapped the modem their modem three times to no avail, and their modems
> would stop working every 24 hours, like clockwork).
>
> That said, if the device is using something like RIP or similar, that
> means that the device has to have the public key of the target server
> (if using encryption) or its own private key (if just signing); there is
> no way around that requirement that I can think of.  Which means that
> it's likely possible to do, though it would be a veritable pain in the ass.
>
>    
>> Additionally, most residential class/off the shelf modem/router combo's
>> won't actually accept a static IP configuration due to the firmware
>> imaging. I'll cut short a lot of detailed info but in a nutshell the
>> firmware on modems (customer owned or corporate provided) is provided by
>> the cable company and if a non-authorized image is detected the modem
>> won't be authorized for service. For standard cable modems, the services
>> are based on MAC address, but the checks for an authenticated/signed
>> firmware image will prevent services thanks to happy cable modem hackers
>> - especially in Docsis3. This is typically in the small print of the
>> contract/user agreement/policies - even if it's your equipment, the
>> cable company can force firmware updates and deny service to
>> non-authorized images.
>>      
> That's... interesting.  I will need to re-read my contract.  I do not
> recall such a provision in it.  Though, it is possible that I could have
> overlooked it.
>
>    
>> I do not think you will see the DOCSIS side broadcasts from wireshark
>> since these go out from a separate interface which performs DOCSIS
>> encapsulation between the modem's RF out chip and the CMTS upstream,
>> where the traffic is re-encapsulated to head out on the backbone.
>>      
> Well, right.  I know this much: wireshark knows the DOCSIS protocols.
> I'd presume that means it's been used for that purpose before, unless
> this was just implemented either to a spec or in order to monitor
> emulated hardware or something.
>
> I was hoping that there would be some way to get on the other side of
> that interface.  Something like connecting a "tap" on the coax line and
> logging/monitoring the traffic going across the physical link.
>
>    
>> Lastly, the mixed luck news: I've not seen a single cable operator that
>> will route a static IP block to a modem they don't own because of the
>> secret key for whatever routing scheme they use. Making that available
>> to end-user controlled modems would be a major security flaw. However
>> many operators do have more than one type or provider of the modems they
>> use in the market. You may be able to call the cable operator and
>> request a modem from a different manufacturer, but that depends heavily
>> on the market you're in and what hardware availability is like.
>>      
> Comcast only seems to have the SMC boxes.
>
> Don't get me wrong here: they're probably great for most people.  You
> plug 'em in, and they work.  They handle multiple IP networks on the
> bridged segment just fine, pass protocol 41, and (for the most part)
> work as they should.
>
> But it comes at the cost of using one of your static IP addresses (I
> have a /28; I can't use the first address because it's the network
> address, I can't use the last address because it's the broadcast
> address, and I can't use the second to the last address because that's
> the one that the gateway takes).  AT&T does the same thing with their
> own DSL modems, but you get the gateway IP address back if you don't use
> their equipment, since it's tied to the PPPoE session; of course that
> means that when you have a /29 with them, you actually get an extra
> address because the PPPoE session has a dynamic IP which serves as the
> gateway address for the /29 that you have.
>
>    
>> With regard to internal cable modems, their unavailability comes from a
>> couple directions: Control of hardware, control of software. There's
>> some interesting books out there about cable modem hacking and the
>> history of cable modems, but from my understanding it boils down to the
>> controllers of the DOCSIS spec (CableLabs) having a vested interest in
>> keeping end-users from fiddling with and bypassing security and
>> authentication measures, including the digital certificates internal to
>> the modems. I'm highly doubtful a computer-internal cable modem would
>> ever get licensed for DOCSIS or pass DOCSIS certification.
>>      
> That's sad.  There were DOCSIS 1.0, 1.1, and 2.0 internal cable modems
> that I was able to find, but of course those would do me no good.
>
>    
>> In summary, your best bet is to contact your cable provider and ask
>> about alternate modem availability to see if another modem doesn't have
>> the same kind of problem. It's possible they could also re-configure the
>> SMC to a different setup to prevent possible failure of this type in the
>> future if there was a known-issue from a tech bulletin/etc.
>>      
> They do nothing with the firmware, other than "program" it for your
> static IP allocation when it is deployed.
>
> Sigh.
>
> The more I have minor little troubles here and there, the more I wish I
> had the money to just get a pair of dedicated lines that I could do BGP
> announcements on and have an SLA with a high level of service.  For the
> price, Comcast is not bad.  But the whole notion that the cable company
> cannot proactively monitor its equipment, will not let you provide your
> own equipment, and provides only a 24-turnaround time guarantee to
> engage you on an issue that you report is getting to be very obnoxious
> to me.
>
> Perhaps I need to spend a week on dialup.  That ought to refresh my
> perspective and get me to quit my bitching.  Mostly, anyway.
>
> 	--- Mike
>
>    

-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com



More information about the Ale mailing list