dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
14758

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande to cramer

MVM,

to cramer

Re: U-Verse Business NVG585 NAT limit

You are misunderstanding what I said. The router itself can have a private IP address on its transit interface to route the public static IP block to. The router would use the public static IPs for NATing all the user traffic. I never suggested that the users should NAT behind the private IP of the cascaded router. That would just be a waste.

TR
@rr.com

TR

Anon

I'm going to chime in here, as I too have been having this issue... we have an internet company here with, call it, 100 devices on the internal network. We ordered the 300/75 plan. We crushed the NAT table the instant I switched over to it during peak hours.

I would love a solution to the 2,500 limit. I've spoken with the business services rep and they were out of ideas for me and only option was to send me up the chain to get a T-1 line installed (? 1995 called...) I'm back to running on our TWC 50/5 line for now, which doesn't have any problem with our number of devices, until we can get a real piece of hardware in here.
brianlan
join:2009-10-12
Garner, NC

brianlan

Member

You wont get anything other than the NVG589 or equivalent software limitation...

Did you check out the NVG5xx bypass method I put together?

»AT&T Residential Gateway Bypass - True bridge mode!

mackey
Premium Member
join:2007-08-20

mackey to cookiesowns

Premium Member

to cookiesowns
So, what firmware version are these things running?

TR
@rr.com

TR to brianlan

Anon

to brianlan
Briannlan, thank you for that write-up. That solution is wonderful and I already have all the equipment necessary to pull it off... Unfortunately, since we're a 7 day a week office, if something happens when I'm not here, it won't just come back up online without some interaction that may be hard for the regular staff around here to pull off.

I'm just blown away their only other offering was to run fiber to our end point with a $1800/mo. price tag for far slower service :-\
brianlan
join:2009-10-12
Garner, NC

brianlan

Member

Yeah I can see this as a problem for a 24x7 shop. At home it works nicely, if the network goes down at home all the kids and wife have LTE backup on their iDevices

Herm
@sbcglobal.net

Herm to TR

Anon

to TR
said by TR :

I'm going to chime in here, as I too have been having this issue... we have an internet company here with, call it, 100 devices on the internal network. We ordered the 300/75 plan. We crushed the NAT table the instant I switched over to it during peak hours.

I would love a solution to the 2,500 limit. I've spoken with the business services rep and they were out of ideas for me and only option was to send me up the chain to get a T-1 line installed (? 1995 called...) I'm back to running on our TWC 50/5 line for now, which doesn't have any problem with our number of devices, until we can get a real piece of hardware in here.

We're also on a new L.A. area 300/75 fiber to NVG595, just got it operational to replace a current older fiber circuit. As soon as a small number of users come on line ( 10 with computer and voip), the 595 starts dropping packets like crazy (1 out of 4 to 20 pings dropped). Moved everybody to static IPs, all firewall stuff off, no better. Loaded up a static IP with "iperf" to see if that was an issue, and it's not, load doesn't affect the packet drops, only the number of active users does.

I'm ok with passing through to a cisco router if that would help but need to stop NAT table usage for statics. Our workday on the prior circuit says NAT connections peak at 18676 last week (not including statics).

How do we get past this issue? (Private VPN or stealthing in an NVG595 replacement doesn't seem workable in a public commercial environment.) Suggestions?

TR
@rr.com

TR

Anon

When I spoke to the sales rep, he said the service wasn't meant for an office of our size... even though it's "business class". It does blow my mind that the NVG595 still uses the NAT during ip-passthrough... quite annoying. It's something that could easily be fixed with firmware.

rolande
Certifiable
MVM,
join:2002-05-24
Dallas, TX
ARRIS BGW210-700
Cisco Meraki MR42

rolande

MVM,

said by TR :

When I spoke to the sales rep, he said the service wasn't meant for an office of our size... even though it's "business class".

Wait...the sales rep sold it to you knowing your office size and then they told you it was never meant for an office your size?? WTF?! Earth to AT&T...are you hearing us?? That is about the dumbest cock and bull story I've heard in awhile. They should have a business hardware option, at a premium charge, that supports 100-200K connections. Otherwise they should support static IP pass-through to a cascaded router without managing the connections at all.

TR
@rr.com

TR to brianlan

Anon

to brianlan
brianlan: I'm giving your routine a shot over the weekend... I think the steps are easy enough for me to just put on a little note card so anyone in here can get it going again, we also have a dual-WAN setup that'll fail over to our TWC in the event of an outage anyway.

Has anyone managed to get brianlan's bypass method to work with a -static- ip address? Thanks!

-tR
brianlan
join:2009-10-12
Garner, NC

brianlan

Member

Sounds good, let us know your results!

C99hrisb
@rr.com

C99hrisb

Anon

Re: U-Verse Business NVG595 NAT limit

Have you considered the Mikrotik using the same VLAN approach where you could run a script before the time limit to reset the clock by changing the VLANS back to allow the authentication then back to the mode to bypass the NVG595?

Just a thought

TestBoy
Premium Member
join:2009-10-13
Irmo, SC

TestBoy to cookiesowns

Premium Member

to cookiesowns

Re: U-Verse Business NVG585 NAT limit

PMJI.....

Doing the bypass of the gateway for home users/enthusiasts/experimentation is okay in my book.

I would NEVER consider it for a business service EVER.
That said... if AT&T is selling 300/75 or whatever service on fiber then giving you a consumer grade router...

RUN AWAY.
RUN AWAY FAST.

That NVG595.. they call it business grade and that is a SICK JOKE.
I don't mean to come off elitist but that's just BS...

AT&T selling a service like that? holy crap!
cramer
Premium Member
join:2007-04-10
Raleigh, NC

cramer

Premium Member

NOTHING about Uverse is "business" grade. If you want real fiber, go to AT&T proper. (and you will be paying $$$$)
cookiesowns
join:2010-08-31
Irvine, CA

1 edit

cookiesowns

Member

Sooo...

Anyone with the new uverse "Business" deployments try this yet? I just got off the phone with a few reps, and they want to help.

I'm looking at provisioning a copper 200/200 setup in the office to see if it's an issue with the Fiber/Ethernet conversion, or just not doable without the gigapower ONT.

waldo22
join:2015-07-13
Chapel Hill, NC

waldo22

Member

Sorry for my ignorance of 802.1x, but why can't we just use our own pfsense router with 802.1x?

Is it that we can't get the certificate from the NVG, and even if we could we can't get the password to unlock the certificate?

If we had the certificate and password, we should not need MAC spoofing, right?

What does the NVG do that is "magic" that we couldn't do the first time with our own pfsense router?

In Briar Chapel (south of Chapel Hill) we have FTTP GigaPower as of this week (!!! completely incidental to Google Fiber coming to town !!!)

We're expecting the NVG-599 which has an ONT connection and 802.11ac. I wonder if that doesn't have the same NAT table limit...

ortizdr
The One the Only
join:2014-01-15
North Richland Hills, TX

ortizdr

Member

The 599 has the same NAT table limit as the 589.

Total sessions available
2560

waldo22
join:2015-07-13
Chapel Hill, NC

waldo22 to cookiesowns

Member

to cookiesowns
OK, so is there a way to get the 802.1x certificate from these things?

How about an Ethernet hub (as in broadcast hub) between the NVG and ONT with a packet sniffer?

mackey
Premium Member
join:2007-08-20

mackey

Premium Member

802.1x was designed to prevent that.

AFAIK the only way to get it is to pull the chip off the circuit board and read it manually. I've never actually done it so I don't know if you need anything besides the cert (such as clone the MAC address).

Gigatech
@mycingular.net

Gigatech

Anon

They consider it business class but it is designed for small business. If your using more than 2500 they should be setting you up for metro-e. Uverse business is great for home businesses and small mom and pops. A stable connection with good speeds. But not designed for high traffic users
Jimil
join:2015-10-06
South San Francisco, CA

Jimil

Member

It's been awhile since AT&T rolled this service out. Unfortunately I didn't do my research before cutting over from Comcast. We had their 120/20Mbps Business Class internet service and none of the issues we are having now with our NVG595.

Is there any solution to this yet other than dropping them altogether which would be a pain, however, I'd rather deal with switching back, than dealing with the bad service.

I'm about to send a nasty gram to my account manager.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

2 recommendations

cramer

Premium Member

Dropping their stupid "not even remotely business" crap is the only real solution. Until they learn that it's a crap solution, they'll keep selling it.

(If you could get root access, it can be put into a pure bridge mode. But even there, in a business setting, I don't want their piece of trash in the middle.)

mackey
Premium Member
join:2007-08-20

1 recommendation

mackey

Premium Member

said by cramer:

Dropping their stupid "not even remotely business" crap is the only real solution. Until they learn that it's a crap solution, they'll keep selling it.

(If you could get root access, it can be put into a pure bridge mode. But even there, in a business setting, I don't want their piece of trash in the middle.)

^ This.

I switched to Sonic and haven't looked back.
Jimil
join:2015-10-06
South San Francisco, CA

1 recommendation

Jimil to cramer

Member

to cramer
Looks like we'll be switching to something else. AT&T's SLA fiber solution is pretty solid from my past experiences in larger environments but the pricing takes it out my current company's budget. Comcast has a similar offering but again, not cost effective for our requirements.

I wonder if any of you guys tried using multiple Comcast Business class cable internet accounts (their 120/20Mbps solution) and landed them on a device capable of aggregating the bandwidth. Is this a possible solution for my situation? In my area, a 120/20 circuit from Comcast is just under $300.

mackey
Premium Member
join:2007-08-20

1 recommendation

mackey

Premium Member

Have you given Sonic a call? »www.sonic.com I know they have a lot of fiber in the bay area.
Jimil
join:2015-10-06
South San Francisco, CA

1 recommendation

Jimil

Member

said by mackey:

Have you given Sonic a call? »www.sonic.com I know they have a lot of fiber in the bay area.

I have not, but it looks like they are more residential. I need a business solution. Looks like I'll have to look into MetroE.

BTW, here is the response from my AT&T rep. Shows how much they care

I previously emailed him expressing my dissatisfaction with the service (300/300).

Hi Jimil,
Regret to hear that. Not until we resolve or replace the router, this issue will persists then. Feel free to switch back to Comcast due to similar pricing. I would also suggest the SLA Fiber since this is truly an enterprise grade circuit.