FWIW I'm also on CenturyLink FTTH and just a week or two ago noticed latency spikes and packet loss which magically went away after 15 minutes. Good to read this analysis for future reference. I really wish end users had more control over ONT boxes similar to how we can use own modems for cable/DSL. A DOCSIS-like provisioning by ISP should be possible.<p>Off topic, but CenturyLink Fiber still uses PPPoE and 6rd instead of native dual stack in many markets and are unwilling to upgrade to more modern configurations.<p>EDIT: I do not use Tor at all.
I was never happy with the performance of Calix CPE. We used them heavily at my last job, and indeed customers would have all sorts of trouble that we could never reproduce when we sent a tech. My favorite little hack was that I wanted live stats from the OLTs to be in our own database so that it could show up in our support portal and internal CRM and be aggregated for general network health statistics. (i.e. when someone went out to repair a fiber, they could instantly see the customers come back online, or more often... know while they were still out in the field that they didn't fix it) I wrote a program to scrape it (by ssh-ing in, thanks golang.org/x/crypto/ssh!, because their SOAP API returned no useful details), and after running for many days... it caused the OLT to stop routing packets entirely. No Internet routing, no management interface, it just flat out died unrecoverably. Anyway, they blamed my app, so I built them a static binary of the scraper that could run on Windows (they didn't have any Linux boxes) and after much back and forth they traced it down to a race condition between the two redundant processor modules in the OLT. So much whining how it was my fault, when it was their fault.<p>At the ISP before that we made our own CPE. The leads on that project really understood the Internet and managed to get reasonable latency, even over WiFi. But the incumbents still seem to not know about fq_codel, or how to put more than 4MB of RAM in their devices, and the users suffer as a result. This article reminded me of how mad it makes me, sorry for the rant. (I switched to a different industry where less lasers are involved.)
I remember something about this from a few years back. Can't recall the link now though.<p>His ssh sessions were constantly timing out. It only happened when he left the SSH session to idle. It turns out his router was dropping the TCP sessions because it considered them dead. He got around it by implementing a "keep alive" packet, of sorts. Very interesting stuff. I don't really work at such a low level in the stack regularly, so it's quite fascinating to see the strange issues people encounter with these tools. Especially when ISP's meddle around with stable protocols.<p>Also reminds me of how some ISP DNS servers totally ignore TTL values from DNS records[0].<p>[0]: <a href="https://news.ycombinator.com/item?id=29568510" rel="nofollow">https://news.ycombinator.com/item?id=29568510</a>
Quoting the article, the cause is identified "The Calix 716GE-I ONT device is working as designed by activating Denial of Service (DOS) attack prevention when too many connections are established, which includes jumbo or small packets". Sounds like a reasonable feature for residental devices, even if it isn't compatible with the niche usecase of running a Tor relay.
So ISP delivers router that breaks your internet, and they won't replace it with a real ONT?
Then why not simply replace it yourself?
As long as it isn't PON, but just plain AON, that should be relatively straight forward.
> But what if a large number of TCP connections is intentional?<p>Sorry, that ship sailed long ago. Carriers have forever put restrictions on how their customers can use their internet connections, such as "no hosting servers" or even not getting a routable IP address. Traffic shaping is part of the deal too.<p>I think the only means we have to change the situation (in the face of a lack of competition) is to lobby for municipal internet. Or start a company.
Glad I didn't pick CenturyLink for fiber when I moved here, but Wave G's incredibly unreliable in its own way which makes me wonder if they're using the same hardware. Kinda wish I picked Google Fiber.
I’m not sympathetic to the author at all. You’re essentially using a home ISP for commercial purposes by hosting Tor relays. If you need resilience, then you really ought to colocate at a DC. 10 gbit is not that expensive these days, and you would provide your own switch like mikrotik.