I have had "always on" Internet at home, via a cable modem, since August 2000 (literally "always on" -- the modem never gets turned off due to overnight backups, etc). The brand on the service has changed a few times over the years (TelstraSaturn, TelstraClear, and in recent years, Vodafone) but in that time I have had just two cable modems and two IPv4 IP addresses (static IPs -- one associated with each cable modem; it was rather a challenge when the forced cable modem upgrade forced a change of static IP; the first was 203.79.72.36 and the second was 203.167.144.68).

This past week I had my service upgraded to the latest Vodafone cable modem variant -- Vodafone FibreX.

DOCSIS 1.1/pre-DOCSIS

The first iteration of the cable modem network was provided via rented ($17/month!) Com 21 cable modems. The network was built by Saturn; but I did not sign on until after the TelstraSaturn buyout, ordering via Paradise Internet, who were bought by TelstraSaturn earlier in 2000. From the timeline (original deployments around 1998) I think the technology would have either been DOCSIS 1.0/1.1 or possibly a proprietary precursor to DOCSIS 1.1. As usually deployed it was expected that you would have a single computer, or your own NAT gateway (but from memory you could also get a routed subnet over the cable modem network for additional cost on a "business" plan).

I forget exactly what service I originally had (the first invoices just say "Paradise HighSpeed Internet" at $73.00/month plus cable modem rental of $17.00/month), but I think it might have been 256 kbps down, 128 kbps up (see also plans available in 2002) -- and it originally came with a 512MB monthly data quota, increased to 1GB per month by the end of 2000 (with the total price also going down by a few dollars). Additional data usage was charged at $0.20/MB outside New Zealand, and $0.02/MB within New Zealand -- for modern comparison, that is about $200/GB for overseas traffic, and $20/GB for New Zealand traffic. There was obviously both a big incentive to keep traffic within New Zealand, and also to track data usage fairly closely via the Paradise "Member Internet Usage" page.

From memory the final plan on that cable modem technology got to about 2Mbps down and 256kbps up, with around 1GB or so of data transfer included (and excess traffic at around $10 per 512MB, so $20/GB). Since I have worked from home for many years, I do remember wanting to double the upstream bandwidth to 512kbps but finding no such plan available.

DOCSIS 2.0

The second generation of cable modem technology, deployed in a forced rolling upgrade that moved everyone to a different subnet, used Motorola SB5100 SURFboard cable modems (Vodafone SB5100 troubleshooting guide) which is a DOCSIS 1.1/DOCSIS 2.0 cable modem. I believe the TelstraClear Cable Modem network at that point was using DOCSIS 2.0.

From memory my original plan was something like the HighSpeed 10G plan -- 4Mbps down, 2Mbps up, 10GB of data. Over time I switched to something like a LightSpeed 40G plan (which was 10Mbps down, 2Mbps up and 40GB of data) and other larger plans -- by the end my plan was 15Mbps down, 2Mbps up, and 100GB of data. Traffic usage beyond the bandwidth cap was still charged, at a flat rate for all usage with no overseas/New Zealand distinction, of $3/GB or $3/2GB on the higher datacap plans. (A few years back I even upgraded to the next higher datacap plan in order to get into the plan range that was entitled to $3/2GB overage charges, just to reduce the financial impact of excess usage.)

While it appears that the Motorola SB5100 could act as a NAT gateway in some deployments, I always used it in bridge mode with the static IP assigned to my NAT router. I think that was the most common home deployment -- a separate consumer supplied NAT/WiFi router connected to the SB5100 cable modem.

DOCSIS 3.0

Vodafone did roll out a third generation of cable modems a couple of years ago, using the TechniColor 7210D (Vodafone manual), which could operate either in "CM" (Cable Modem) mode or in "RG" (Residental Gateway) mode -- basically an all-in-one consumer NAT/firewall/WiFi router mode). I believe this was used on the 50Mbps down/2 Mbps up, and 100 Mbps down/ 10 Mbps up plans, intended to be used stand alone (ie without a separate NAT router/WiFi router). From the hardware and speeds available I believe this iteration of the network used DOCSIS 3.0.

I did consider upgrading when these plans came out, but originally there was a 2 year term contract, and I was reluctant to sign up to a 2 year term contract for a cable modem plan when the Government-funded UFB (Ultra Fast Broadband) fibre to the home (FTTH) rollout already well under way. As it turns out the UFB build did not make it to my street until late last year, so with hindsight I could have upgraded to this plan and completed the two year term before I had other options available. (I was also reluctant to lose the static IP that I had, because over years of working from home that static IP had ended up hard coded in several client's firewall rules.)

Vodafone FibreX / DOCSIS 3.1

Vodafone FibreX, like the previous TelstraSaturn/TelstraClear/Vodafone cable modem networks, is a Hybrid Fibre-Coaxial (HFC) network -- basically fibre to the node (FTTN). I suspect the original cable modem networks probably trunked further back towards the network core on coaxial cable than the current deployments do, since I imagine the cable length limitations for DOCSIS 3.1 are much shorter than the original DOCSIS 1.1 supported lengths; it appears the modern Vodafone HFC is GPON 2 to the cabinet, and DOCSIS 3.1 from there (this "GPON 2" appears to je 10G-PON, a 10Gbps Passive Optical Networking (PON) technology; there is also a NG-PON 2 technology now, which is a 4 * 10Gbps PON technology).

The FibreX rebranding appears to be trying to reflect this "mixed Fibre and Coax" network, in an age where UFB/Fibre to the Home (FTTH) is what people are talking about; and the upgrade to DOCSIS 3.1 makes it speed competitive with the common FTTH plans. However hiding the cable modem part of it in the marketing makes it less obvious that it is a direct upgrade from the previous cable modem plans rather than, eg, Vodafone's UFB offering over fibre to the home (which is what I originally assumed when I first saw the marketing); others were confused by the FibreX name too. It was not until I started discussing it with friends, and reading, eg, the Vodafone FibreX FAQ in detail that I realised that it a direct upgrade for what I had without any new cabling being required. (By contrast Chorus UFB cabling to the home has quite a bit of "new build" complexity -- but does support overhead install where the existing cabling is already overhead, which eliminates some of the complexity I was concerned about.)

Vodafone FibreX launched in October 2016, but it was only this past month that I finally had enough free time to research upgrading my old cable modem to something else and deal with the impact of changing static IP addresses. The final straw was my old (Motorola SB5100) cable modem taking four hours to reconnect to the cable network after a brief power cycle to plug it back into the UPS (after replacing the battery in the UPS) -- and then finding out that the tech callout would take several days. (Vodafone did load extra data usage onto my mobile, as per their "Always Connected" (FAQ) promise, but 3G data via through a single device, even with WiFi tethering, is no where near as convenient as "whole house" wired access, particularly for work use.)

I switched to the "FibreX 200" plan, with home phone, from my old (Motorola SB5100 based) "LightSpeed 100GB" plan -- and overall the monthly bill should drop by over $40/month, mostly due to the home phone component going from about $35/month to about $10/month. In addition to the cost savings the "FibreX 200" plan has brought:

  • 200Mbps down, 20 Mbps up peak speed (although as usual for "unlimited" consumer-grade plans, that marketing peak speed is available to the nearest speed test site, but not so much in the real world; it seems like people do reach those peak speeds in the middle of the night.)

  • "Unlimited" data transfer "for standard residential use only", so that I do not have to time shift larger data transfers to fit inside fixed monthly quotas (or "sneakernet" particularly large files). (The old Unlimited Broadband Data terms which appear still to be linked to from the FibreX product page but now just redirect to the residential terms, suggested that P2P traffic would be shaped in the face of any congestion and that 22:00-06:00 was the preferred time for such bulk data transfers; presumably that shaping, and probably more, still happens; eg better transfers overnight.)

  • Dynamic IPv4 addresses by default (although you can still request a static IPv4 address, apparently for an extra $5/month on Vodafone FibreX).

  • IPv6 addresses by default (the Vodafone and IPv6 "coming soon" for FibreX appears to have arrived at my location, as it was there as soon as the modem was installed; apparently the rollout is still under way throughout the network). The IPv6 addresses appear to be a dynamic /56 prefix; there is no option for a static address, but in theory the IPv6 prefix received should be fairly stable.

  • Both a cable modem (Vodafone badged TechniColor TC4400 DOCSIS 3.1 modem -- model TC4400VDFV4), and a residential gateway (Vodafone badged Huawei HG659) with gigabit ethernet and 802.11ac WiFi, are supplied as part of the monthly cost. (The Huawei HG659 seems to be supplied as part of several Vodafone Internet services, including DSL and fibre based ones.) The TechniColor TC4400VDF appears to be configured as a straight cable modem bridge, so it is possible to use your own NAT router/gateway if you want -- users on GeekZone report using Ubiquity EdgeRouters or Mikrotik RB750gr3 routers; the main trick is apparently DHCP on VLAN 10 on the WAN interface.

Vodafone FibreX installation

For a house with an existing cable modem install (so no new cabling is required) the installation seems to be typically a 10-15 minute procedure (at least both for me, and for a friend), consisting of a Downer technician:

  • Disconnecting the old cable modem

  • Checking the quality of the cable signal with a diagnostic tool to verify it is still good enough for DOCSIS 3.1 (in my case this particular cable install is 14 years old)

  • Connecting the TechniColor TC4400VDF cable modem up to the cable plant

  • Calling back to Downer/Vodafone with the MAC address of the cable modem to get service switched over to the new modem's MAC address

  • Powering on the TechniColor TC4400VDF and waiting for it to connect to the cable network

  • Connecting the Huawei HG659 to the TechniColor TC4400VDF with a Cat 6 ethernet cable, and powering on the Huawei HG659

  • Testing the Internet service with a Windows-based laptop connected via Cat 6 ethernet cable to the Huawei HG659 by going to the ACS Data Speed test site

Then providing the speed test show the expected speed (in my case 200Mbps down, 20 Mbps up), declaring success, and taking the old cable modem away (after giving me a receipt to prove it had been returned).

My installer was on his third call of the day (mine) by just after 09:30, and heading back out the door literally 15 minutes after arriving -- pretty good for a "morning install" window given as 09:30-12:30 :-)

As installed the Huawei HG659 provides IPv4 DHCP service on the 192.168.1.0/24 range, with the HG659 on 192.168.1.1 as the IPv4 default gateway, and IPv6 Neighbor Discovery (NDP) on one of the /64s from the /56 supplied to the router by DHCPv6 on the WAN interface. It also provides 802.11b/g/n WiFi on 2.4GHz and 802.11a/ac WiFi on 5GHz, with some default SSID and MACs based on the serial number (the installer pointed out the sticker with the default credentials on it).

Huawei HG659 customisation

After testing that the connection was working from a directly connected laptop, I moved on to customising the Huawei HG659 so that it could replace my existing NAT gateway (an old Linksys WRT54GS v1.1, with a custom OpenWRT install) -- since the Linksys WRT54GS v1.1 was never going to be capable of routing at anything like 200Mbps. (The WRT54GS v1.1 had done very well with ethernet routing even up to 15Mbps down, 2Mbps up; I turned off its WiFi function in favour of an Apple Airport with 802.11-pre-N functionality many years ago. It appears the WRT54GS v1.1 can run OpenWRT 15.05, so I may upgrade it to the last supported version at some point and use it for devices that can only do 802.11b/g, such as "IoT" devices, to keep them separated from my main WiFi for both security and performance reasons -- 802.11b in particular takes a lot of radio time for not much bandwidth. See also, more Linksys WRT54GS v1.1 information.)

Fortunately Vodafone document the default admin password for their HG659, and in recent models it is based on the serial number (username: Admin, password: @NNNNNNNN, where the user name is case sensitive and NNNNNNNN is the last 8 digits of the serial number), so it was easy to get into the web management interface by going to http://192.168.1.1 from the laptop directly connected to the HG659.

To work on my network I have changed:

  • the LAN interface address to match the internal /24 I have used on my home network for years (I learnt long, long, ago not to use 192.168.1.0/24 or similar common RFC1918 default ranges; it just causes too many conflicts later when you want to connect things together). The LAN address is changed in Home Network -> LAN Interface -> LAN Interface Settings, and the HG659 will reboot when the change is applied (which will result in a new external IP address too). The HG659 web interface attempts to redirect to the new IP, but in practice it took sufficiently long to reboot and re-DHCP the configuration client that the redirect timed out; going to the new IP after it finished booting worked fine.

  • disabled the IPv4 DHCP server for the LAN, so as to continue using my existing DHCP server (on one of my home Linux systems) which has all the static leases for my existing devices. This is done in Home Network -> LAN Interface -> DHCP Server, by unticking the box which it enables it; disabling it does not require a reboot. (I left the IPv6 router advertisement functionality enabled, as I did not have anything else doing non-link-local IPv6 allocation previously.) The main disadvantage of not using the internals DHCP server is that it then only recognises devices in the web view by their MAC address, rather than also being able to display the name used during DHCP.

  • at this point I could unplug my old gateway (Linksys WRT54GS) and connect the HG659 to the rest of my internal network, and verify that I could reach the Internet again.

  • I turned off the 2.4GHz radio, since for now I plan to continue using the Apple Airport Express 802.11n functionality for 2.4GHz-only devices, as it is better located in my house for good coverage. To turn off the 2.4GHz radio, untick Home Network -> WLAN Settings -> Basic Settings -> Enable WLAN 2.4 GHz.

  • because I wanted to use the 802.11ac 5GHz functionality, to get better WiFi performance on modern devices, I left the 5GHz radio on and instead configured the SSID and WPA2 password -- I set the SSID to the same as my Apple Airport, but with a "-5" suffix so I can recognise it, and the WPA2 password to the same long random password as my Apple Airport -- that way I can move laptops over to the new WiFi AP by just cut'n'pasting the password from the existing setup, instead of trying to type another long random password in by hand. These settings are changed in Home Network -> WLAN Settings -> WLAN Encryption -> 5GHz Frequency Band. (All my current laptops seem to support 802.11ac, which should reduce the need to run ethernet cables to them for larger transfers, as does my iPad Mini 4, but my now relatively old iPhone does not.)

  • I also changed the passwords of the user and "Admin" accounts, and changed the user name of the "user" account (default: vodafone) because the HG659 was prompting to change them on every log in (and because it is generally good security practice). These can be changed in Maintain -> Modify Login Password, by clicking on the "Edit" link next to each item; the username of the user account is editable, but the username of the "Admin" account is not. (I understand that Vodafone can remotely manage their supplied home gateway, but that appears to be via ACS/TR-069, as configured in the Maintain -> Remote Management section; in theory it can be turned off, but I do not know if that would break useful service functionality.)

  • ETA, 2017-05-03: Enable ping from the WAN side (so I can monitor my connection remotely), by adding a new ACL in Internet -> Network Security -> ACL, with the protocol "ICMP" and the source "WAN".

The HG659 appeared to come with the latest firmware (16V100R001C206B020 at present), so that did not need upgrading at this point.

I have switched some of my laptops over to the 802.11ac WiFi and that seems to work; the remainder of devices are either on wired ethernet or the existing Apple Airport Express 802.11b/g/n network, and also seem to work (just with some WiFi induced speed limitations). Fortunately I upgraded the last of my network switches to 1Gbps last year/early this year, so every device with a 1Gbps Ethernet port can be plugged in at 1Gbps.

Several of my devices just transparently started using IPv6 to access various services -- going to, eg, test-ipv6.com from one of my OS X 10.11 laptops showed a perfect score. The availability of IPv6 by default on my home Internet connection gives me some home that the Internet might manage to transition to "more IPv6 than IPv4" sometime in the next 10 years -- perhaps completing the IPv4 to IPv6 in a mere 2-3 decades. (IPv6 development started over 20 years ago, eventually standardising in RFC2460 from nearly 20 years ago; I remember doing IPv6 interop tests in a network user group around 15 years ago...)

The main issue I found is that there are still networks with much worse IPv6 connectivity than IPv4 connectivity, so following the IPv6 path can involve tromboning via another country and returning instead of a cross-town or cross-island connection in the case of IPv4. One of my clients is affected by this -- they are advertising IPv6 addresses for things I need to reach, but they effectively only have international IPv6 connectivity, and no "domestic" IPv6 connectivity outside of Internet Exchanges (and sadly while it seems that some bits of the Vodafone FibreX IP ranges are advertised onto some Internet Exchanges, none of the IPv6 space appears to be). I worked around that by adding config options for ssh (the main case where the extra latency is obvious) to force IPv4:

Host *.example.com
    AddressFamily inet

Some simple tests with IPv4 suggest that I can download from my Wellington based colo server at 100Mbps - 150 Mbps from an Ethernet connected device, at least some of the time, ie 10MB/s - 15 MB/s, which is roughly 10 times as fast as with the previous cable modem. The 802.11ac WiFi path appears to be capable of 50 Mbps - 70 Mbps for the same download, ie 5MB/s - 7MB/s, which is also still an improvement over the previous cable modem (topping out at 15Mbps -- 1.5MB/s). (I think in part that relies on the IPv4 routing going over the same Internet exchange as the ACS Data speed test server, so hopefully that direct routing is maintained as the IPv4 address changes around -- including to the IPv4 static IP pool.)

Future changes

As deployed the Vodafone FibreX service has a dynamic IP -- changing every time the modem is rebooted. Because I want to update the ACLs on client firewalls with my new IP I attempted to request a static IP once the new modem was installed (I also tried asking when I ordered the upgrade but that just caused a lot of confusion, and resulted in three people handling my call instead of one, so by the third person I kept my request simple!). When I called the afternoon of my morning install, I was told that not enough of the FibreX upgrade had processed for them to run the script that enabled a static IP -- apparently it takes up to 24 hours for the billing database to update, and then another 24-48 hours for the static IP allocation to take effect. In theory the "Vodafone Ninja" who took my call was going to follow up once the billing database updated, and process my static IP request then -- but I will probably have to check in a week whether or not it took effect. (So far my IP has not changed since I have not rebooted the HG659 after the initial LAN address change...; ETA, 2017-05-03: I got a call that the static IP had been applied, and I should reboot my modem; it took a couple of power cycle/reboots of the Technicolor TC4400VDF and the Huwaei HG659 before the IP changed from a 27.252.0.0/16 address to a 203.118.0.0/16 address, including one where the HG659 had the old IPv4 IP address but IPv4 Internet acesss no longer worked -- only IPv6 Internet access did. After those first few reboots everything seems to be working and stable on the new IP address even over more reboots/power cycling of everything. FWIW, AFAICT my IP address did not change in the previous week due to never rebooting the HG659, so if you can live with your IP changing occassionally you may not need to pay for a static IP; in my case the IP ends up in too many ACLs to want it changing even every few weeks. It also appears that the IPv6 prefix I've been assigned has been consistent over the past week, including the multiple reboots to get the IPv4 address to change.)

Currently I am undecided whether I will stick to using the supplied HG659 as my Internet gateway and/or WiFi device. I would prefer to be using a device that I could secure and customise completely myself, rather than something at the edge of my network which I cannot completely verify is secure. But as an interim step the supplied HG659 avoided me having to immediately find a suitably fast NAT router, and a 802.11ac WiFi bridge.

I am also undecided whether I will still get UFB installed to my house, so as to have a redundant Internet connection. The UFB-based Internet plans appear to cost roughly the same amount, so in total it would roughly double my Internet access costs (that list appear to be out of date; there are other providers available now, and other plan combinations). Because I work from home a lot of the time I could probably justify the extra monthly cost (having just reduced my cable modem/phone bill substantially), but I am unsure whether it is worth the install costs or install complexity. (UFB residental installs used to be free, and it appears this may be renewed until 2019, so it might make sense to arrange the UFB install sooner rather than later. But at minimum I will need a 1Gbps capable router that can make policy routing decisions.)

ETA 2017-07-23: This morning, mid morning, the packet loss on my home Internet connection (at least on IPv4) went to about 65%-80% and stayed there for at least an hour. The loss appeared to be on the path around the outside cable modem interface or HG659 facing the cable modem -- there was no loss in my home network, including as far as the inside of the HG659, and a traceroute from outside showed the loss starting at the last hop to the HG659.

I tried manually power cycling the cable modem itself (TechniColor TC4400) and it restarted cleanly, but then the packet loss went to 100%, even as visible from the Huawei HG659 web interface (Maintain -> Tools will allow ping for instance). Assuming that the TechniColor TC4400 was no longer learning the IP/MAC address of the HG659 that it should allow, I then rebooted to the Huawei HG659 through the web interface (Maintain -> Device Management -> Reboot). When the Huawei HG659 finished rebooting normal (no packet loss) Internet service was restored.

It is not clear if just rebooting the HG659 would have been sufficient, but I have seen in passing suggestions that the "device needs rebooting periodically" which implies there is, eg, a memory leak. (The assumption seems to be that people will power it off every day, but that is certainly not something that I do.) Next time this happens I will have to try to remember to restart the HG659 through the web interface first, since that does turn out to be sufficient it is something that could be scripted.

Uptime on my HG659 (as shown in the web interface) was 80 days 17 hours, so a bit over 1900 hours. It had basically just worked perfectly in that time, other than a couple of instances of Internet loss around area-wide brownouts (which I assume took out the roadside gateway until it finished restarting).

Also of note, the OpenWRT page for the Huawei HG659 has some technical details on what is inside it -- a Broadcom based MIPS CPU, with Broadcom WiFi and Ethernet chips. (It is not currently supported by OpenWRT, but they have found serial console and there are some tear down photos. See also 2014 forum thread and Spark Huawei HG659/HG659b information. Apparently the hardware inside is also similar to the Huawei HG658C.)

ETA, 2017-08-20: After investigation of the Huawei HG659 functionality I have turned off the IPv6 DHCP Server on the Huawei HG659 (Home Network -> Lan Interface -> IPv6 DHCP Server -> IPv6 DHCP Server should be unticked), just relying on IPv6 Stateless Adress Auto-Configuration (SLAAC) which actually seems to work. This means, eg, DNS servers will only be provided via IPv4.