- Author: Pim van Pelt <pim@ipng.nl>
- Reviewed: Fredy Kuenzler <kuenzler@init7.net>
- Status: Draft - Review - Approved
Introduction
In a pilot of the Fiber7 product on the LiteXchange platform, the author took service to vet the product stability and quality. The pilot ran from 2016-09-25 to 2016-10-12, in which the Fiber7 connection was used exclusively by the author in their home internet connection, both for IPv4/IPv6 service as well as IP Television (via Init7) and IP Telephony (via a third party provider).
Executive Summary
Fiber7 via ‘direct connect’ on the LiteXchange platform works as expected and very satisfactory, including native IPv6, which was made available for this pilot. Throughput, latency and jitter are superior due to the direct fiber connection, and significantly better than existing connections, exceeding expectations compared to competing FTTH offerings that use customer premise equipment. IPTV worked correctly with multiple STB devices.
Detailed findings
Architecture
The author currently has a subscription via EasyZone, an Init7 subsidiary, with gigabit ethernet symmetric connectivity. The EasyZone product delivers service via the LiteXchange platform, which is an L2 broker, offering end users a choice of multiple internet providers [site]. An ONT is supplied, an ISP managed device that takes the fiber connection and exposes service via one of four gigabit ethernet copper ports. The Fiber7 product delivers via LiteXchange a direct fiber connection without the ONT. Fiber7 offers a range of termination options, including plugging the fiber into a provided CPE (AVM Fritz!Box [vendor] or alternatively MikroTik RB2011UiAS [vendor]), a media converter (TP-Link [vendor]), or simply an SFP (Flexoptix [vendor]) to use in customer provided switch/router infrastructure.
Architecture (details)
For this pilot, we chose a barebones connection type, consisting of a bidirectional SFP (Flexoptix [vendor]) directly terminating the FTTH connection from OTO position 1 into our own managed switch (Unifi US-24-500W [vendor]). The L3 routers used are a pair of PC routers (PC Engines APU2 [vendor]), running Linux. They are configured in CARP failover on egress (to Fiber7) and ingress (to local network).
Configuring IPv4 address on egress interface is done via DHCP - initially, DHCPv6 was not active on
LiteXchange, so a local tunnelbroker (SixXS, hosted at Init7) was used. Within one week, the
engineers at Init7 informed me that DHCPv6 was ready, and it worked spotlessly after configuring it
to request an NA and a /48 PD, and bumping accept_ra=2
on the egress interface (note: this allows
forwarding while at the same time accepting router advertisements).
Additional details of the L3 connection:
- The routers operate an L2VPN to a third party provider (IP-Max, AS25091) which routes
194.1.163.32/27
via eBGP using GRE. The MSS on this tunnel is clamped to 1436 (from 1460) to allow for encapsulating IPv4 and GRE. AS13030 and AS25091 meet at CIXP in Geneva, with a round trip time of 4.2ms. - The routers operate an IPv6 tunnel to a common tunnel provider (SixXS, AS13030), which routes
2001:1620:fb6::/48
via AICCU using SIT to the active router. The MTU is set to 1440 bytes to allow encapsulating IPv6 in IPv4. Note that the Fiber7 connection via LiteXchange provides native IPv6 as well, so this tunnel is used only via a secondary IPv4 uplink. - The routers operate native IPv6 – with DHCPv6, a /128 address and a /48 delegated prefix are obtained. This prefix is stable due to the use of DUID client identification. The default gateway is obtained via RS/RA. For IPv6, reversed DNS delegation for fixed DUID/PD delegation is provided.
It is worth pointing out the very low technical entry barrier to both IPv4 and IPv6. The termination is principally plug and play. An end user can use standard issue DHCP for IPv4 and RA/RS for IPv6. DHCPv6 is not widely used - but similarly the /48 prefix acquisition is hasslefree.
Failover between the routers is managed by a script that swaps the CARP [source] master to the standby PC router (automatically in case of CARP heartbeat timeouts; or manually in case of maintenance), ensuring the L2VPN, DHCP client, and IPv6 tunnels are running on the active machine.
Policy based routing [source] is used to separate Fiber7/SixXS and L2VPN/IP-Max routing domains. Routing tables are maintained with a popular open source routing platform called BiRD [source], OSPF between the PC routers, and eBGP with the third party provider.
IP Television
In this pilot the author was sent an IPTV device (Amino Aminet A140 [vendor]), which operates with IPv4. The device acquires video streams using IPv4 multicast. Setting this up was straightforward, using an IGMP Proxy [github] also used in commercial CPEs. The IGMP Proxy was configured on the PC routers.
With two such Amino IPTV devices, tuning in to SRF1 and SRF2 (both HD channels), a stream of UDP
from multicast servers within the Init7 network was started. At the time of writing, SRF1 is on
multicast address 239.44.0.77
port 5000; SRF2 is on multicast address 239.44.0.78
port 5000;
both coming from source 109.202.223.18
port 5000. Average bandwidth was 13.0Mbit/s with a peak of
17.1Mbit/s per HD stream, and 4.2Mbit/s with a peak of 5.3Mbit/s per SD stream.
Multiple Amino IPTV devices in multiple backend VLANs can be used at the same time:
$ ip mroute | grep 239.44.0
(109.202.223.18, 239.44.0.77) Iif: eth0.9 Oifs: eth0
(109.202.223.18, 239.44.0.78) Iif: eth0.9 Oifs: eth0.2
A list of channels available on the EasyZone IPTV provider (a subsidiary of Init7) can be found on their website [source].
Netflix: IPv6
Worth noting during the pilot is that Netflix, a popular online television streaming service
[website], was served from within the Init7 network as well. Connections
were observed from host netflix-cache-1.init7.net
(AS13030) via IPv6, which is impressive.
UHD (4K) streaming is also available with Netflix - the device used to test this (Samsung JU7080
Series 7 [vendor]) has a native
client but it does not support IPv6, as such the traffic was observed from host
ipv4_1.cxl0.c117.ams001.ix.nflxvideo.net
in AS2906 located in the Netherlands.
In both cases (local within Init7 and remote to AS2906), Netflix streaming was free of interruptions and great quality.
Test Results
Throughput
A throughput test was started on September 27, lasting 12 hours, from the active PC router to a machine in the Init7 network [caveat]:
$ traceroute to chzrh02.sixxs.net (213.144.148.74), 30 hops max, 60 byte packets
1 77.109.172.1.easyzone.ch (77.109.172.1) 0.755 ms 0.813 ms 0.803 ms
2 r1zrh2.core.init7.net (77.109.183.61) 0.379 ms 0.373 ms 0.377 ms
3 r1zrh1.core.init7.net (77.109.128.241) 0.477 ms 0.429 ms 0.397 ms
4 r1zlz1.core.init7.net (77.109.128.210) 8.810 ms 8.783 ms 8.738 ms
5 chzrh02.sixxs.net (213.144.148.74) 0.545 ms 0.490 ms 0.469 ms
Using a popular network bandwidth tool (iperf [source]), IPv4 bandwidth was measured for 10 minutes each, both upstream (from the PC router to a machine in the init7 network: 891Mbit), and downstream (from the init7 machine to the PC router: 895Mbit). In IPv6, the results were similar (771Mbit upstream, and 831Mbit downstream).
A standard internet test was performed (Speedtest.net, using Init7) [link; results], yielding 925Mbit downstream and 893Mbit upstream. In addition to the direct link, the author’s L2VPN connection to a third party provider was tested (Speedtest.net, using Init7) [link; results], yielding 609Mbit downstream and 578Mbit upstream. The L2VPN throughput regression is explained by tunneling en/decapsulation.
Latency
Latency to Google was tested – Init7 AS13030 and Google AS15169 meet in Zurich, with very low latency. IPv6 was tested twice (once via SixXS tunnelbroker tunnel, and once natively when it was available). Tunneled IPv6 reports slightly elevated latency due tunneling to an on-net IPv6 tunnelbroker[caveat]. Native IPv6 reports equivalent latency to IPv4.
IPv4 google.com ping statistics:
10 packets transmitted, 10 received, 0% packet loss, time 9002ms
rtt min/avg/max/mdev = 0.566/0.579/0.594/0.025 ms
Native IPv6 google.com ping6 statistics:
10 packets transmitted, 10 received, 0% packet loss, time 9015ms
rtt min/avg/max/mdev = 0.705/0.771/0.828/0.043 ms
Tunneled IPv6 google.com ping6 statistics:
10 packets transmitted, 10 received, 0% packet loss, time 9011ms
rtt min/avg/max/mdev = 1.154/1.451/2.206/0.276 ms
Caveats
IPv6 was initially not natively available on this connection. IPv6 was tunneled via chzrh02.sixxs.net (on-net at AS13030). The IPv6 server endpoint runs on a virtualized platform, with slightly less than bare-bones throughput. Shortly thereafter, native IPv6 was configured on the Fiber7 product via the LiteXchange platform.
Each OTO delivered by the city of Wangen-Brüttisellen [site] holds four simplex single mode fibers. The first position of the OTO is typically used to connect the ONT and subsequently the enduser internet connection (in the author’s case an EasyZone connection). The other three positions on the OTO are reserved for future use. For some reason unknown to the author, the Fiber7 connection was installed on a second OTO, again with four simplex single mode fibers. The first position of the second OTO was used to provide the Fiber7 internet connection.
Appendix
Appendix 1 - Terminology
Term | Description |
---|---|
ONT | optical network terminal - The ONT converts fiber-optic light signals to copper based electric signals, usually Ethernet. |
OTO | optical telecommunication outlet - The OTO is a fiber optic outlet that allows easy termination of cables in an office and home environment. Installed OTOs are referred to by their OTO-ID. |
CARP | common address redundancy protocol - Its purpose is to allow multiple hosts on the same network segment to share an IP address. CARP is a secure, free alternative to the Virtual Router Redundancy Protocol (VRRP) and the Hot Standby Router Protocol (HSRP). |
SIT | simple internet transition - Its purpose is to interconnect isolated IPv6 networks, located in global IPv4 Internet via tunnels. |
STB | set top box - a device that enables a television set to become a user interface to the Internet and also enables a television set to receive and decode digital television (DTV) broadcasts. |
GRE | generic routing encapsulation - a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network. |
L2VPN | layer2 virtual private network - a service that emulates a switched Ethernet (V)LAN across a pseudo-wire (typically an IP tunnel) |
DHCP | dynamic host configuration protocol - an IPv4 network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers. |
DHCP6 | Dynamic host configuration protocol: prefix delegation - an IPv6 network protocol that enables a server to automatically assign network prefixes to a customer from a defined range of numbers. |
NDP NS/NA | neighbor discovery protocol: neighbor solicitation / advertisement - an ipv6 specific protocol to discover and judge reachability of other nodes on a shared link. |
NDP RS/RA | neighbor discovery protocol: router solicitation / advertisement - an ipv6 specific protocol to discover and install local address and gateway information. |
Appendix 2 - Supporting data
Bandwidth with Speedtest
Directly on Fiber7: speedtest
GRE via IP-Max: speedtest
Bandwidth with Iperf upstream
(AS13030 IPv4) $ iperf -t 600 -P 4 -i 60 -l 1M -m -c chzrh02.sixxs.net
------------------------------------------------------------
Client connecting to chzrh02.sixxs.net, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 77.109.173.198 port 41199 connected with 213.144.148.74 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-60.0 sec 6.23 GBytes 892 Mbits/sec
[ 3] 60.0-120.0 sec 6.21 GBytes 889 Mbits/sec
[ 3] 120.0-180.0 sec 6.22 GBytes 891 Mbits/sec
[ 3] 180.0-240.0 sec 6.25 GBytes 894 Mbits/sec
[ 3] 240.0-300.0 sec 6.25 GBytes 894 Mbits/sec
[ 3] 300.0-360.0 sec 6.23 GBytes 892 Mbits/sec
[ 3] 360.0-420.0 sec 6.22 GBytes 890 Mbits/sec
[ 3] 420.0-480.0 sec 6.20 GBytes 888 Mbits/sec
[ 3] 480.0-540.0 sec 6.21 GBytes 889 Mbits/sec
[ 3] 540.0-600.0 sec 6.18 GBytes 885 Mbits/sec
[ 3] 0.0-600.0 sec 62.2 GBytes 891 Mbits/sec
[ 3] MSS size 1448 bytes (MTU 1500 bytes, ethernet)
(AS25091 IPv6) $ iperf -V -t 600 -P 4 -i 60 -l 1M -m -c charb02.paphosting.net
------------------------------------------------------------
Client connecting to charb02.paphosting.net, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 2a02:168:2000:4b:469:a025:5293:84ad port 45044 connected with 2a02:2528:503:1::83 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-60.0 sec 5.22 GBytes 748 Mbits/sec
[ 3] 60.0-120.0 sec 5.52 GBytes 791 Mbits/sec
[ 3] 120.0-180.0 sec 5.67 GBytes 811 Mbits/sec
[ 3] 180.0-240.0 sec 4.86 GBytes 696 Mbits/sec
[ 3] 240.0-300.0 sec 4.85 GBytes 695 Mbits/sec
[ 3] 300.0-360.0 sec 5.44 GBytes 779 Mbits/sec
[ 3] 360.0-420.0 sec 5.97 GBytes 855 Mbits/sec
[ 3] 420.0-480.0 sec 5.54 GBytes 792 Mbits/sec
[ 3] 480.0-540.0 sec 5.17 GBytes 739 Mbits/sec
[ 3] 540.0-600.0 sec 5.63 GBytes 806 Mbits/sec
[ 3] 0.0-600.0 sec 53.9 GBytes 771 Mbits/sec
[ 3] MSS size 1428 bytes (MTU 1500 bytes, ethernet)
Bandwidth with Iperf downstream
(AS13030 IPv4) $ iperf -t 600 -P 4 -i 60 -l 1M -m -c 77.109.173.198
------------------------------------------------------------
Client connecting to 77.109.173.198, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 213.144.148.74 port 56642 connected with 77.109.173.198 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-60.0 sec 6.22 GBytes 891 Mbits/sec
[ 3] 60.0-120.0 sec 6.25 GBytes 895 Mbits/sec
[ 3] 120.0-180.0 sec 6.24 GBytes 894 Mbits/sec
[ 3] 180.0-240.0 sec 6.23 GBytes 891 Mbits/sec
[ 3] 240.0-300.0 sec 6.21 GBytes 889 Mbits/sec
[ 3] 300.0-360.0 sec 6.23 GBytes 892 Mbits/sec
[ 3] 360.0-420.0 sec 6.27 GBytes 898 Mbits/sec
[ 3] 420.0-480.0 sec 6.25 GBytes 895 Mbits/sec
[ 3] 480.0-540.0 sec 6.27 GBytes 897 Mbits/sec
[ 3] 540.0-600.0 sec 6.26 GBytes 896 Mbits/sec
[ 3] 0.0-600.0 sec 62.4 GBytes 894 Mbits/sec
[ 3] MSS size 1448 bytes (MTU 1500 bytes, ethernet)
(AS25091 IPv6) $ iperf -V -t 600 -P 4 -i 60 -l 1M -m -c 2a02:168:2000:4b:20d:b9ff:fe41:94c
------------------------------------------------------------
Client connecting to 2a02:168:2000:4b:20d:b9ff:fe41:94c, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local 2a02:2528:503:1::83 port 43499 connected with 2a02:168:2000:4b:20d:b9ff:fe41:94c port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-60.0 sec 5.68 GBytes 813 Mbits/sec
[ 3] 60.0-120.0 sec 5.50 GBytes 787 Mbits/sec
[ 3] 120.0-180.0 sec 5.75 GBytes 823 Mbits/sec
[ 3] 180.0-240.0 sec 6.06 GBytes 868 Mbits/sec
[ 3] 240.0-300.0 sec 5.96 GBytes 853 Mbits/sec
[ 3] 300.0-360.0 sec 5.95 GBytes 852 Mbits/sec
[ 3] 360.0-420.0 sec 5.99 GBytes 858 Mbits/sec
[ 3] 420.0-480.0 sec 5.56 GBytes 796 Mbits/sec
[ 3] 480.0-540.0 sec 6.10 GBytes 874 Mbits/sec
[ 3] 540.0-600.0 sec 6.21 GBytes 889 Mbits/sec
[ 3] 0.0-600.0 sec 58.8 GBytes 841 Mbits/sec
[ 3] MSS size 1428 bytes (MTU 1500 bytes, ethernet)
Appendix 3 - Configuration files
DHCPv6 Configuration
Two IPv6 access mechanisms were used. Firstly, IPv6 was acquired via SixXS [site] who are present at Init7. After it was made available (approximately one week into the pilot), standard issue WIDE DHCPv6 client was used with the following configuration file:
$ cat /etc/wide-dhcpv6/dhcpc.conf
interface eth0.9 { # interface VLAN9 - Fiber7
send ia-na 1;
send ia-pd 1;
script "/etc/wide-dhcpv6/dhcp6c-script";
};
id-assoc pd 1 {
prefix ::/48 infinity;
prefix-interface lo {
sla-id 0;
ifid 1;
sla-len 16;
};
# Test interface
prefix-interface eth1 {
sla-id 4096;
ifid 1;
sla-len 16;
};
};
id-assoc na 1 {
# id-assoc for eth0.9
};
IGMP Proxy Configuration
Taking IGMPProxy from github and the following configuration file, IPTV worked reliably throughout the pilot:
$ cat /etc/igmpproxy.conf
##------------------------------------------------------
## Enable Quickleave mode (Sends Leave instantly)
##------------------------------------------------------
quickleave
##------------------------------------------------------
## Configuration for Upstream Interface
##------------------------------------------------------
phyint eth0.9 upstream ratelimit 0 threshold 1
altnet 109.202.223.0/24
altnet 192.168.2.0/23
altnet 239.44.0.0/16
##------------------------------------------------------
## Configuration for Downstream Interface
##------------------------------------------------------
phyint eth0 downstream ratelimit 0 threshold 1
phyint eth0.2 downstream ratelimit 0 threshold 1
##------------------------------------------------------
## Configuration for Disabled Interface
##------------------------------------------------------
phyint eth0.3 disabled # Guest
phyint eth0.4 disabled # IPCam
phyint eth0.5 disabled # BIT
phyint eth0.6 disabled # IP-Max