Archive for the ‘Tech’ Category


Google Fiber – Gigabit Speeds, Your Router Part 2: QoS

25 February 2014 – 22:06 CDT

This is a continuation of Google Fiber – Gigabit Speeds, Your Router.  Part 1 covered the required VLAN configuration.  Here, we walk through the QoS settings you’ll need to get your upload speed over 10Mb/s using a Netgear GS108Tv2 switch.

Part 2: QoS

The QoS settings are tricky, and how to set them up varies widely from switch to switch.  The GS108T is probably a little worse than most.  It isn’t a Cisco 2800.  It also doesn’t cost what a 2800 does.  First, ignore the first section under QoS called “CoS”.  For our purposes, it is useless.  Skip it and go to the DiffServ section.

For review, the QoS settings we need are:

  • DHCP traffic should have 802.1p bit = 2
  • IGMP traffic should have 802.1p bit = 6
  • All other internet traffic 802.1p bit = 3

Technically, we only need the settings for “all other internet traffic” but to play nicely, make it less likely for Google to have a problem with our router, and completeness here, we’ll set it up as above.

The 108′s QoS is configured in three parts: class, policy, and service.  They must be configured in this order, and unconfigured (if you choose to do so) in reverse order.  The class sets up the matching rules, the policy modifies the packets to include the proper QoS bits, and the service applies the rules to a switch port.

Choose Advanced > DiffServ Configuration

Class Configuration

Add the three classes, but don’t configure them yet.  Enter DHCP into the Class Name box, select All from the Class Type. (All is the only choice.)  Click the Add button from the bottom right.  Do the same for IGMP and Default.

GS108T: Classes

Click on the class you created for DHCP.  Enter the following settings, leave the rest blank.

  • VLAN = 2
  • Source L4 Port = Other 68
  • Destination L4 Port = Other 67

GS108T: QoS: Class: DHCP

Click the apply button in the lower right.

Go back to the Class Configuration screen, and configure the IGMP class.  Leave the other settings blank.

  • VLAN = 2
  • Protocol Type = IGMP (Ignore the box, it will fill itself)

GS108T: QoS: Policy: IGMP

Click the apply button in the lower right.

Go back to the Class Configuration screen, and configure the Default class.  Leave the empty settings blank.

  • VLAN = 2

GS108T: QoS: Class: Default

Click the apply button in the lower right.

Policy Configuration

Basically, the policy is where you’re going to tell the switch what to do with the packets that match the classes you set up.  This is also one of the nasty places in the UI where it is easy to think you’re stuck.

Go to Policy Configuration.  Please read the next couple of paragraphs carefully before continuing.  The way you create the policies is a little confusing.

Enter a policy name of GF and select DHCP as the member class.  Click the Add button in the lower right.

Now, to add the IGMP policy, check the box next to the row you just created for the DHCP policy, and select IGMP as the member class.  Click the Apply button in the lower right.  The reason it works this way is because you need to group all of your classes under one policy.  The Add button will add a new policy, which is not what you want.  You want to add a class to the policy you already created.  Confusing until you understand what the UI is doing.

To add the Default policy, check the box next to the row you just created for the IGMP policy, select Default as the member class.  Click the Apply button in the lower right.  Your screen should look like so:

GS108T: Policies: Assigning the classes

Note: If you need to remove a class from the policy, you have to do so from the bottom up.  Make sure you re-add any in the way and order described above.  Once you set a policy’s configuration (next section), you will have to delete the policy to change it.  This means that if you need to change the policy for the DHCP class, you will have to remove both the Default and IGMP policies from the class first.

To set the policy for the DHCP class, click on GF on the first row where DHCP is the member class.

Select the Policy Attribute > Mark COS and set the value to 2.  Make sure you mark the radio button for Mark COS.

GS108T: QoS: Policy: DHCP

Click the apply button in the lower right.

Go back to the Policy Configuration.

To set the policy for the IGMP class, click on GF on the second row where IGMP is the member class.

Select the Policy Attribute > Mark COS and set the value to 6.  Make sure you mark the radio button for Mark COS.

GS108T: QoS: Policy: IGMP

Go back to the Policy Configuration.

To set the policy for the Default class, click on GF on the third row where Default is the member class.

Select the Policy Attribute > Mark COS and set the value to 3.  Make sure you mark the radio button for Mark COS.

GS108T: Qos: Policy: Default

Click the apply button in the lower right.

Service Configuration

Almost there.  Go to the Service Configuration.

Mark the box next to g2 and choose the policy GF.

GS108T: QoS: Service Configuration

Note: g2 is not a typo.  This isn’t true of all switches, but here make sure to choose your router WAN port for the service configuration.  The GS108T QoS only acts on packets coming into a switch port, not packets leaving a port.  You need to mark the packets for QoS as they’re leaving the router coming into switch port 2, then outbound on switch port 1 to the OTN.

Click the apply button in the lower right.

Conclusion

That’s it.  Go back and run your speed test and compare it with your baseline to make sure everything is working properly.

If you need to make adjustments to the QoS, you’re going to have to walk backwards through the configuration.  That means first removing the policy in the Service Configuration.

If you have questions, come find us on the Google Fiber thread, or the pfSense thread, or leave them in the comments below.

Google Fiber – Gigabit Speeds, Your Router Part 1: VLANs

25 February 2014 – 22:03 CDT

Google Fiber is great.  True symmetric gigabit speeds — both downstream and upstream — for $70/month.  ComcastTimeWarner should be shaking in their market monopoly boots.

Background

However, the Google Fiber “Network Box” (GFNB) is, to put it plainly, a piece of junk.  This device is what we know as a router.  Any advanced feature such as port forwarding is allowed in the advanced interface, but may or may not work.  Not much else is supported.  Unlike any other $20 router there is no bridge mode, no way to turn off the DHCP server, no DMZ, etc.  At one point while I was trying to troubleshoot a port forwarding issue, the GFNB created a hidden (read: could-not-be-deleted-because-it-wasn’t-visible) access rule that prevented my main computer from getting online at all.  A factory reset was required to fix this.  A group of us on the Google Fiber product forums decided to pool our knowledge and figure out how to use our own router, despite the insistence from Google that this was either not possible, or only with a double NAT — their router had to remain between you and the Interwebs.

Following a tip which set us on the right path, Atlantisman did most of the hard work to figure out how to get pfSense set up, so all due credit to him and JeffV in the GF product forum and the pfSense forums.  Atlantisman wrote up how to to set up pfSense, and gave some general guidance about the switch.  This post will focus on the setting up the Netgear GS108Tv2.  The switch configuration falls into two main parts: setting up the VLANs, and the QoS.  pfSense is not required, most any modern router will do, but a VLAN + QoS capable switch is required.  The VLAN configuration is required to get your router online.  Without the proper QoS, uploads are limited to 10Mb/s.

This following assumes that you’re following Atlantisman’s guide.  Specifically, you have port 1 plugged into your OTN and port 2 plugged into the WAN port for your router of choice.

One more note: I’ve had a bunch of trouble with the Google Fiber speed test lately  I recommend running an initial test with the GFNB before you make any modifications to the network to get a baseline.  You may wish to also get some baseline numbers from speedtest.net.

Optional: UI Session Timeout

The default idle timeout for the 108′s UI is 5 minutes.  I find this annoying when I’m trying to comprehend their manual and change settings.  If you want to change this, go to Security > Access > HTTP Configuration > Soft Session Timeout and set it to something more reasonable.  I have mine at 30 minutes.

Part 1: The VLANs

The traffic in and out of the OTN (the Fiber Jack) must be tagged with VLAN2.  The easiest way to do this is to put the OTN and your router on VLAN2, and everything else on VLAN1.  In the GS108T, you must set up the VLAN in two different places.

First, to avoid any troubles, disable the Voice VLAN in Switching > Voice VLAN > Properties.  You won’t be able to dedicate VOIP applications to VLAN2 with this switch because the OTN already uses it.GS108T: Voice VLAN

Port Grouping

Next, configure the port grouping.  Go to Switching > VLAN.  From the menu on the left, choose Advanced > VLAN Membership.  Don’t bother trying to rename the first 3 VLANs.  It won’t let you.

Ensure that VLAN ID 1 is selected, click the annoyingly small triangle next to the word PORT, and then click each port (3 – 8) until they all say ‘U’.

GS108T: VLAN1 - Grouping

Note: I have port 3 ungrouped in the screenshot here because I am using it for other purposes.

Click the apply button in the lower right.

Select VLAN ID 2 from the drop down, click the annoyingly small triangle next to the word PORT, and then click port 1 to make it say ‘T’.  Click port 2 to make it say ‘U’.

GS108T: VLAN2 - Grouping

Click the apply button in the lower right.

Port Assignment

Choose Port PVID Configuration from the menu on the left.  Mark the boxes for g1 and g2, enter a value of 2 into the box PVID Configured.  Click the apply button in the lower right.

GS108T: Port Assignment

Note: I have port g3 assigned to VLAN3 in the screenshot here because I am using it for other purposes.

That all there is to the VLAN configuration.  Your router, pfSense or otherwise, should now be able to obtain a public address from the Google DHCP server, and you can get online.  At this point, you should stop and make sure your router is functioning correctly, and that you’re able to run a speed test.

Upload speeds are limited to 10Mb/s until you get QoS configured, but it is better to get the VLAN configuration settled and confirmed working before moving on.

 

Update 15 Aug 2014: Atlantisman’s guide is back on dropbox, and has a few updates so I’ve changed the links in the post back directly to his guide.  The archived guide is still available if needed.

Next – Part 2: QoS

If you have questions, come find us on the Google Fiber thread, or the pfSense thread, or leave them in the comments below.

 

Franklin County BOE Screws Up

11 November 2011 – 16:14 CDT

Without suggesting any malice or intent, it looks like the Franklin County Ohio Board of Elections really screwed up the electronic voting machines this time around.  I used to be a polling official for Franklin County, and there was some nonsense that went on, and some that I never wrote about involving election observers who were acting as election officials, etc.

A friend of mine who still does the type of work I did in Franklin County forwarded me the following email laying out what a disaster last week’s election was.  One has to wonder not necessarily about whether the county-wide mistake was intentional but a) did anyone have an opportunity to take advantage of it and b) how much worse was it, really?  I know from working at a major university when an electronic theft of personal information happened that the official story isn’t even close to what actually happened.

From: Precinct Election Officials <PEO@xxx.franklincountyohio.gov>
Subject: Election Night Results Tapes
To: “xxxxx@xxx.xxx”
Date: Friday, November 11, 2011, 9:20 AM

Read the rest of this entry »

TiVo cablecard woes

17 August 2008 – 13:47 CDT

Ever since shortly after getting cable cards for my S3, it “loses” channels seemingly randomly. It was a pretty rare thing at first, once a month or so a channel would just be black. Not all channels, and usually not more than one. The problem has gotten progressively worse over the last 10 months or so – happening more and more often. I’ve noticed that changing the channel seems to cause the behavior. That is, switch to a channel and it will show the programming for about 1 – 1.5 seconds and then go black. This is happening every day or so now. A couple of days ago I was at home and the TiVo switched both tuners to record shows and both stopped working – just a black screen.

I’ve changed from 2 single-stream cards to 2 multi-stream cards as per TiVo support’s direction, but it didn’t help. Within the last week or so, I’ve had the box itself replaced, but that hasn’t helped either. I can’t get a straight answer from TiVo as to where the problem is. Some say it is an issue with the cablecards not being properly authorized, others say it is a software issue that is my fault because I have 9.x on the box. (Too bad it wasn’t my choice, and the replacement box has 8.0, with the same problems). Still another says it is a problem with Scientific Atlanta cablecards. I’m trying to figure out if Timewarner has Motorola cable cards, but I’m seriously doubting it. One suggestion from TiVo was to just power down and reboot when the channel stops working. That is annoying – there goes 10 minutes of the show I was trying to watch while waiting for the TiVo to reboot. This is also not useful if I’m not home — because this happens both when I change the channel manually and when the TiVo does so to record something.

While on the phone with TiVo the other night, one of the “missing” channels came back on its own. From black screen to clear picture with no prompting. Other times, it will go for the entire length of a show it should be recording and not actually record anything – because the TiVo doesn’t think it has anything to record.

Except – the “signal strength” meter for the channel looks normal – 95-97%. Really, really frustrated that such an expensive piece of equipment has such an incomprehensible problem.