Monday, October 12, 2015

Google Fiber with a 3rd Party Router/Firewall

So you've had Google Fiber for a while and played with the advanced settings but you still can't do what you want?

Maybe you want to port forward to multiple devices that all listen on the same port, monitor bandwidth usage with SNMP, allow traffic to an IPv6 address in your home network, change DHCP server settings, use static routes, or even something far more advanced.

What options are available you might ask.

For non-power users, the easiest way to get the feature you want added is to create an idea or vote on an existing idea here on the Google Fiber Customer Ideas page. New features can take some time to get added to the product though and some features may never be added.

What if you are a power user and don't want to wait for the feature(s) you want?
In general there are two options that are popular so far. Replacing the Network Box with a computer running pfSense or replacing the Network box with a Ubiquiti EdgeRouter Lite.

pfSense has more features but will require more expensive hardware for gigabit throughput than the EdgeRouter Lite. I decided on the EdgeRouter Lite since I've never used Ubiquiti products before and wanted try one out.

If you decide to get an EdgeRouter, here's how to set it up.

After receiving your EdgeRouter you'll want to follow Ubiquiti's Guide to upgrading the firmware. The download link for EdgeRouter firmware is here.

A user named Atlantisman already has a great guide on setting up an EdgeRouter here.
Since he created that guide though, Ubiquiti has released EdgeOS 1.7, which offers many new features including full support for DHCPv6-PD (Prefix-Delegation, used by Google Fiber to assign IPv6 addresses). I've created an updated version of the script based off of the IPv6 config from a user named TK. I recommend following Atlantisman's guide but substituting the script linked below for his if you want IPv6.

GF-ERL-Commands - Update version of Edge-Setup-Interfacesv2
Note: I created this script off of the completed config, so it may need a little tweaking.

You'll probably want to change at least line 132 for the hostname and line 141 for the time zone.
Don't forget to change the password for the ubnt user (either through cli or the gui).

GF-ERL - Full Config - Easier to read if you only want to see how things are setup

Important Note:
When switching from the Network Box to the EdgeRouter you must wait for the DHCPv6 prefix the Network Box had to expire or the CPU on the EdgeRouter will be at 100% until it does. This is because of the way the EdgeRouter handles what are called unsolicited DHCPv6-PD advertisements. The EdgeRouter spawns a new DHCPv6-PD responder for every unsolicited advertisement but is never able to receive a prefix or address, this causes high CPU on the EdgeRouter which will cause slow throughput and no IPv6 connectivity.
What I did was unplug the Network Box before I went to bed and plugged in the EdgeRouter went I woke up. The lease time is one hour, so you don't really need to wait as long as I did.

Important Note about TV Service:
Since I don't have TV service I didn't create an updated version of the TV script yet. Do NOT run the TV script after running the updated one I linked, it won't work without changing a few things in the TV script. If you have gen 2 gear (e.g. GFRG2XX written on the bottom of your network box) then you have a combined Network and Storage box that can't just be removed or your TV service will stop working.

Powering the Fiber Jack with PoE (Power over Ethernet):
If you have a newer fiber jack (model GFLT110) you can power it with any 802.3af compliant power injector. I'm running mine with the TP-LINK TL-PoE150S.

Screenshots:
This is from a program named Cacti. It's monitoring the EdgeRouter via SNMP. Cacti is easy to setup on a Linux distribution like Ubuntu.

Monitoring CPU, interface discards/errors, and interface bandwidth. (There's an extra interface that's not in the script/config for guest WiFi - eth2.)







EdgeRouter WebUI:

Dashboard










The Config Tree view that can be used to configure anything that the CLI can.

Ubiquiti is still working on adding all the features in the main web UI but most of the basic stuff is there.






Update 10-13-2015: Added DHCPv6 lease time comment.

1 comment:

Unknown said...

Shoot the mods a message at reddit.com/r/googlefiber. We have some questions about your edgerouter setup and your dedication to this topic in general.