A while back it (finally!) became possible to upgrade my Internet uplink to a FttH connection.
100 years or so ago I angrily promised Ziggo (back then Casema) I would never, ever again become a customer of theirs and I held word..but until the arrival of fiber I was stuck on using a ~115Mbps Internet VDSL+ connection of XS4All/KPN, which actually is not bad at all.
Open Dutch Fiber (T-Mobile/Odido) passed my home first but I waited for KPN who were also planning a fiber network. XS4all merged into KPN and because of several reasons I did not want to switch to a different provider.
The network stuff used here at home was quite ancient, so this summer I decided to upgrade. For WiFi I had still been using a 2013 (!!) Netgear R7000 Nighthawk running open source OS FreshTomato, and the provider ‘modem router’. In the VDSL days this was a Fritz!Box 7581 which for FttH was later replaced with a KPN Box 12B which is a rebranded OEM Sagemcom F5359. Both are ‘all in one’ router, switch, firewall, modem/PPPoE bridge and WiFi AP.
Wired networking wise I used switches by Buffalo, D-Link, Uptone Audio (Etherregen, yes, an audiophile switch for my sound system! :D) and the built-in switches of the provider equipment. Cables used were of several brands, types and colors, whatever I had at hand.
Being in IT and actually networking/network security this of course was like “the painters house needs a paint job most”.. 😀
Anyway, fast forwarding, there’s now a nice 10Gbit/s “backbone” using OM3 multi mode fiber or CAT6A. Access is all 2.5Gbps using new CAT6A cables and WiFi is upgraded to WiFi 7. Active gear is by Ubiquiti. This is a ‘prosumer’ brand I heard many good things about. Not quite the enterprise gear I work with daily but after some frustrating issues (documentation really is not Ubiquiti’s strong suit!) it’s all working nicely now.
The KPN FttH network is a 10G-PON network (also called XG- or XGS-PON) and I’ve chosen to replace the Box12 KPN router which connects to the KPN ONT (by Genexis which functions as a fiber media converter so connects the fiber to your home copper ethernet network). Its replacement became a Ubiquiti Gateway Fiber also called the ‘UXG-Fiber’. This device now serves as a router, firewall, IDS/IPS and backbone switch. Ubiquiti claims a 5Gbps IDS/IPS throughput.
It’s a really nice device as it has four 2.5GbE ports and three 10Gbps ports, two for WAN but all ports can be re-assigned to do other things as well. I’ve actually set-up port 1 as a WAN uplink (to the Genexis ONT) and use the SFP+ ports as fiber uplink ports to the other switches at home.
In the EU providers have to support customers who choose to use their own chosen equipment. One could also use a SFP+ module supporting KPN’s XGS-PON to connect the 10G FttH fiber directly into the UXG-Fiber but I’ve chosen not to do that since there’s little benefit apart from not needing the ONT device.
I deliberately chose the “non Cloud” version BTW (so not the Cloud Gateway Fiber) since I don’t plan on using other Ubiquiti devices like camera’s, sensors etc.. Since I already have a 24/7 up machine active, running both VMWare Workstation Pro and Docker/Portainer I’ve just hosted the Unifi Network Server software used to manage the network there. Works great!
One of the ports on the XGS is also a PoE+ capable port (up to 30W) which I’ve used to connect and power a WiFi accesspoint. For that I have chosen the use the Ubiquiti Unifi U7 Pro XG which is a three-band (2.4/5 and 6GHz) 6 spatial stream WiFi 7 AP with all the bells and whistles that come with it. It has a 10Gbps PoE ethernet port.
A second U7 Pro XG would have been serious overkill so on the second floor I use a Unifi 7 Lite which is a really affordable dual band, 4 stream WiFi 7 Access Point. It’s without the 6GHz band, so 2.4/5GHz only!
For switching I’ve chosen the Flex 2.5 (USW-Flex-2.5G-8) and Flex 2.5G PoE (USW-Flex-2.5G-8-PoE) switches. Both switches are equal except for the PoE’s 8 PoE++ capable ports. Both are 8-port 2.5Gbps and have a 10Gbps ‘combo’ port 9 which is either the SFP+ port or the copper 10GbE port. So both cannot be active at the same time.
KPN provides a high quality TV service called TV+ but to enjoy the best quality (bit rate wise) you need to use their multicast streams which are offered on a separate VLAN. Since multicast is basically designed to leave all switch ports one would need a router that supports IGMP proxy functionality and switches that support IGMP v2/v3 snooping. Using IGMP, only the ports that have connected devices which ‘subscribed’ to a certain multicast IP receive that multicast traffic. Not using this would flood the continuous ~15-16 Mbps IPTV stream, which is of course not very efficient.
For some to me unknown reason Ubiquiti has chosen to not support IGMP snooping on their Flex switches so I’ve chosen to keep using a D-Link switch for the TV+ Box which connects to a TV. I’m just not willing to buy an old ‘Unifi Lite’ (1Gbps) switch which strangely does support it. Or, for 10/2.5Gbps support, the also older and not fanless Enterprise 8 PoE or switches with more than 8 ports.
BTW I did try two 2.5GbE access+10G SFP+ uplink Chinese ‘web smart’ switches which are offered for crazy low prices and claimed to support IGMP snooping. But these did not work so I sent these back. I guess these are just fine for ‘switching’ and L2 VLAN’s but that’s it.
Servethehome.com has a great buying guide for these very affordable switches they continuously update, you can check it here.
As said the XGS/Gateway Fiber should be configured as a IGMP proxy. Fortunately others had all that figured out already so I could use an existing (open source) installer by ‘Fabianishere’ for that. After some re-configuring this works nicely and this takes care of distributing the multicast streams inside KPN’s VLAN 4 (IPTV) into a custom home network VLAN in which only the TV+ Box is connected.
His Wiki draws it like this:
