What ONT options - because Calix routers are garbage

[MagicDude4Eva]

I am currently running a Calix 813G and the device is absolute garbage. No diagnostics, hardly logs anything and to me it seems that the device performs worse on a 50Mbps fibre line compared to my Asus DSLN66U on a 20Mbps VDSL line. What I mean by "worse" is frequent disconnects, high latency and lots of packet drop. The final straw was last night when VPN connections kept on dropping and devices would somehow "magically" lose NAT capabilities - never seen this before.

Out of sheer desperation I then switched to my iPhone hotspot and I managed to get a stable connection. Perhaps all my issues are a combination of Calix and ISP (MetroFibre). One big challenge with the Calix firmware is that the firewall can not be configured to allow extra ports. So when you switch the firewall you will be forced into accepting blocks of a predefined list of services. There is no option to open custom ports - this is just shockingly bad (although not really an issue for the average user).

I know that some people basically turn the Calix into a "dumb" device and bridge another router to provide "proper" functionality. I would much rather prefer to cut out the Calix altogether and replace it with a device which is directly connected to the network as there is no way to monitor packet-drop / throughput on the Calix.

I did brief Google searches last night and just could not come up with a tangible replacement and hope that someone else here has tackled this issue.

Since I am not a network-engineer - shoutout to the experts: What would it take to connect a Mikrotek (i.e. https://scoop.co.za/download/routerboard/RB-HAPAC.pdf) to a local fibre-provider instead of a Calix? Is this even possible/feasbile?

 

[PBCool]

If you change ISP the Calix just becomes a fibre termination point, you can then use any router you like which then plugs into the Calix.

 

[MagicDude4Eva]

FWIW - I decided to first rework my home-network which consists of a mix of different products (Netgear and Linksys switches, Apple Airport Extremes etc) and will now:
- Make the Calix an absolute dumb device (switch everything off including WiFi)
- Place a Ubiquiti Unifi Security Appliance behind the Calix
- Replace all my switches with Ubiquiti Networks 8-Port UniFi Switches
- Eventually replace my WiFi APs with those: Ubiquiti Networks Unifi 802.11ac Dual-Radio PRO Access Point

The management of the whole thing looks fantastic (https://www.troyhunt.com/ubiquiti-all-the-things-how-i-finally-fixed-my-dodgy-wifi/) and will get rid of a ton of home-written stuff to overcome the shortcomings of the ONT (yep, I went a bit overboard).

 

[DominionZA]

Just replaced my AP's with Ubiquiti UniFi. Couldn't be happier.
Looked at the gateway, but don't see a need - yet. All good with Tomato USB.

 

[rorz0r]

Sounds good to me but I would do the WiFi before replacing the switches.

 

[Randy_The_Squirrel]

That Calix router is likely a cheap-as-all-hell piece of junk made in darkest China.

 

[MagicDude4Eva]

Sounds good to me but I would do the WiFi before replacing the switches.

All my critical kit is wired. So not much of an issue with wireless. I can't get the access point via Amazon and will have to source it locally - would have loved to get it sorted as well, but all suppliers don't have stock or want me to jump through hoops to get it within the next week.

 

[Sinbad]

All my critical kit is wired. So not much of an issue with wireless. I can't get the access point via Amazon and will have to source it locally - would have loved to get it sorted as well, but all suppliers don't have stock or want me to jump through hoops to get it within the next week.

Have you tried kernel? I got most of my unifi kit (and mikrotiks) from uniterm direct. Failing that, I get kit from euroDK. Comes in slightly cheaper...

 

[MagicDude4Eva]

Have you tried kernel? I got most of my unifi kit (and mikrotiks) from uniterm direct. Failing that, I get kit from euroDK. Comes in slightly cheaper...

Thanks - I will try them in the new year for the access points. The order via Amazon worked out much cheaper than any of the local reseller prices.

 

[Randy_The_Squirrel]

So I went and had a look at this product "Calix 813G"

First off, they want you to have a login, to even get the datasheet [FAIL 1]
So let's look at this American company.... sjoe... more bosses and bean counters than workers...
That explains it all, really.

 

[MagicDude4Eva]

So I went and had a look at this product "Calix 813G"

First off, they want you to have a login, to even get the datasheet [FAIL 1]
So let's look at this American company.... sjoe... more bosses and bean counters than workers...
That explains it all, really.

The Calix (besides the SFP/GPON module) is a very basic device. Here is my take:
- The device is basic. Wifi configuration is limited
- The firewall can either be turned on or off. When turning it on you have various "strictness" modes, but you can not configure custom rules. For example if you wanted to enable VNC, you will need to accept their predefined rule "VNC-Remote Management, inbound ports: 5500, 5800, 5801, 5900, 5901". You can not restrict it to one port.
- There is no logging, no SNMP, no stats

In short, a basic device for a family home with non-tech savvy users. If you do a Shodan scan you will amazed what you find (not that anyone should do). The QoS does not work - it does not honor settings.

Their support is horrible as they operate like a "distributor" and pass support issues on to ISP. As the end-user you will need to log a ticket with the ISP and then hope that they will pass it on to Calix. I have 3 tickets open - and still no answer. One ticket is 4 weeks old and as basic as "My current firmware is xxx, what is the latest firmware and what are the release notes".

FWIW: I also explored the whole Mikrotik HAPAC route and it seems to be indeed possible to make this work as the Mikrotik does have a GPON module. The big challenge seems to be that local providers do not want to talk to "non compatible" modules, hence you will find FTTx installations with ONT and OLT being of the same make.

 

[Randy_The_Squirrel]

There is only one router I use, and that's MikroTik.
Once I got over the learning curve of the way their stuff worked, I found I could do anything.

 

[MagicDude4Eva]

There is only one router I use, and that's MikroTik.
Once I got over the learning curve of the way their stuff worked, I found I could do anything.

I thought about that, but then decided that I will rework my home-network using Ubiquiti as it will then allow me to centrally manage all switches and access-points. The configuration options are insane and super-user-friendly. In the past none of this was really an issue, as with 20Mbps VDSL you could not really do much, but now with FTTH my household is just doing much more (more streaming, more Twitch etc) and it has become very visible that network management and QoS is not working well anymore.

If anyone is interested in the Calix firmware screenshots and my salty comments - here it is: https://www.naschenweng.info/2016/12/23/calix-813g-ftth-ont-router-complete-rubbish/

 

[MagicDude4Eva]

Just an update (I still need to write a blog-post about it, but here is a screenshot: https://twitter.com/gerdnaschenweng/status/815207171117944832). I bought a ton of Ubiquiti kit - https://twitter.com/gerdnaschenweng/status/815207932677783554 which consists of 2 8-port managed switches, the universal security gateway and the Cloudkey (which provides the awesome web-interface).

The Calix ONT is complete rubbish as I also learned that it can not turn into bridge-mode. I finally managed to get it working by using two different IP-ranges (10.0.0.1/24 for the Calix and 192.168.1.1/24 for the home network). Management of all hardware connected is simply superb. (The whole setup is overkill for a regular house-hold, especially since I am still adding 2-3 PoE APs).

 

[Sinbad]

I love my unifi kit. I need some of those Poe switches...

 

[MagicDude4Eva]

I love my unifi kit. I need some of those Poe switches...

Awesome equipment. Because of the crap Calix it took me from yesterday 11am until 1am this morning and then again from 8am till 4pm to get the configuration working. With a stock-standard ADSL/VDSL router and bridge-mode the config would have been done in 2-3 hours.

 

[MagicDude4Eva]

I finally managed to put up a blog post about the UniFi kit - https://www.naschenweng.info/2017/01/05/ubiquiti-replacing-home-network-making-fibre-work-unifi/

I really struggled for a good two days making the Calix work with the UniFi equipment. Thanks to a "clear mind" (amazing what a trip to the Beerhouse can achieve) I placed the Calix on a different subnet and all of a sudden everything just worked. Despite all features on the Calix being switched off it still somehow managed to "poison" the rest of the network with DHCP- and other broadcasts - since there was nothing more to switch off (I turned off DHCP, firewall, NAT, QoS, WiFi) placing it in a separate subnet and then placing the UniFi Gateway into the DMZ made everything else work.

I am amazed at how sh*t those Calix are and how poor their technical support is (especially considering that most local fibre providers use them as ONTs).

BTW: Amazon somehow screwed up my original delivery by a few days and could not source stock (despite them saying they had stock) and they eventually waved shipping costs, import duties and further awarded a USD50 voucher. Net-cost for the kit was just short of 8K (best local quote was 10,5K).

 

[bill226]

I am trying to do something similar, I have the Calix 844G and it's just as bad.

How did you manage to turn NAT off, I am unable to find the setting on the UI?

 

[MagicDude4Eva]

I am trying to do something similar, I have the Calix 844G and it's just as bad.

How did you manage to turn NAT off, I am unable to find the setting on the UI?

It was under one of the settings in the "Advanced" section - it might have been under "Security" but somehow I think it was in some completely arbitrary section. I just went through every option under Advanced and switched off as much as I could.

 

[bill226]

Great, thanks will have a look. Hopefully I find it.