Almost all ISPs use Serial and (optional) PLOAM to authenticate your ONU. Nokia GPON SFPs allow you to change almost everything that is exposed to the ISP for authentication. ITU standards mean that ISPs have to work according to the spec.
ISP ONUs are locked for easier management for them. They will give you 1/10th of the speed promised if it helps them deal with support calls remotely rather than visiting your place to fix it. Support calls where people complain for things like 'I forgot my wifi password' cost ISPs a lot of money. So they can basically just login to your ONU at any time remotely and change settings for you like your wifi password. They do remote firmware updates and what not remotely. This is the biggest reason why ISPs love such modem router combos. Support can be guaranteed with a phone call to fix your wifi for the average Joe.
You will not get ISP support if you use your own ONU but if you are using your own ONU then you are already at that point where you know what you are doing. As far as signal issues are concerned, like I said ITU specs mean they can see the signal strength remotely. Everything else they don't have access to but you don't need them to have that access. You can always swap out the ISP provided box to troubleshoot.
If you actually swap out the ONU to a better one, chances are you'll never need to call your ISP unless there is a fiber cut or some serious signal loss somewhere.
The core problem is that the Linux kernel uses interrupts for handling packets. This limits Linux networking performance in terms of packets per second. The limit is about a million packets per second per core.
For reference 10GE is about 16 million packets per second at line rate using small packets.
This is why you have to use kernel bypass software in user space to get linerate performance above 10G in Linux.
Popular software for this use case utilize DPDK, XDP or VPP.
You don't need an interrupt per packet, at least not with sensible NICs and OSes. Something like 10k interrupts per second is good enough, pick up a bunch of packets on each interrupt; you do lose out slightly on latency, but gain a lot of throughput. Look up 'interrupt moderation', it's not new, and most cards should support it.
Professionlly, I ran dual xeon 2690v1 or v2 to 9Gbps for https download on FreeBSD; http hit 10G (only had one 10G to the internet on those machines), but crypto took too much CPU. Dual Xeon 2690v4 ran to 20Gbps, no problem (2x 14 core broadwell, much better AES acceleration, faster ram, more cores, etc, had dual 10G to the internet).
Personally, I've just setup 10G between my two home servers, and can only manage about 5-8Gbps with iperf3, but that's with a pentium g2020 on one end (dual core Ivy Bridge, 10 years old at this point), and the network cards are configured for bridging, which means no tcp offloading.
Interrupt moderation only gives a modest improvement, as can be seen from the benchmarking done by Intel.
Intel would also not have gone through the effort to develop DPDK if all you had to do to achieve linerate performance would be to enable interrupt moderation.
Furthermore, quoting Gbps numbers is beside the point when the limiting factor is packets per second. It is trivial to improve Gbps numbers simply by using larger packets.
I'm quoting bulk transfer, with 1500 MTU. I could run jumbo packets for my internal network test and probably get better numbers, but jumbo packets are hard. When I was quoting https download on public internet, that pretty much means MTU 1500 as well, but was definitely the case.
If you're sending smaller packets, sure, that's harder. I guess that's a big deal if you're a DNS server, or voip (audio only); but if you're doing any sort of bulk transfer, you're getting large enough packets.
> Intel would also not have gone through the effort to develop DPDK if all you had to do to achieve linerate performance would be to enable interrupt moderation.
DPDK has uses, sure. But you don't need it for 10G on decent hardware, which includes 7 year old server chips, if you're just doing bulk transfer.
I did 5 years in federal prison and was a jailhouse lawyer, I know reality. Doesn't mean I need to volunteer to expand that. But you just give up and give in, that's your right.
Personally I relate to the American route of the last 200 years and believe in limited government power (you know, the same government power that abused it's authority when it gave out monopiles on communication infrastructure. I don't see how it's abusing power should result in...giving it more power?????). I posted above about how my house is denied US mail delivery because when my mother was dying of cancer she couldn't get to the mailbox in a timely manner and she dared appeal. Petty tyrants gonna tyrant and there are limited battles one person can fight.
Tell that to Google fiber who got stonewalled on multiple cities even after they offered to pay for everything, front to back. It’s regulation causing the monopoly.
> An ISP grows a large user base by doing aggressive price competition, then starts shaking down services, rate limiting their traffic if they don't pay up.
Yeah, we’ve already seen this in the Comcast/Netflix debacle and Deutche Telekom vs the world. In fact a lot of large incumbents do this.
> Meanwhile they use some of the shakedown money to lower prices and get more users.
If things were even so rosy. The shakedown money is used for larger profits and monopoly positions to get more users.
1. Not sure where you got 2tbps? I said 10gbps, but we use Alamai’s manages Prolexic ddos mitigation. At previous companies we would buy a half dozen of these, put them at different exchanges and buy transit from the biggest aggregators. This would cost about $4m to get started
2. I meant $50k per month, edited. This does not count loss of productivity.
Supposedly the traffic being blocked would have generated more outgoing traffic, costing more. Also, GP is managing their connections at the bgp level, meaning the requests don't ever hit their firewall, they just are unroutable from these countries ips.
GPON networks are often vendor locked. This means you cannot just buy any random SFP ONU and expect it work.
Even if you do get it to work, no ISP will offer you any kind of support if you do this. Some might even take to it poorly, if they find out.
Generally, the best option is to ask your ISP if they offer other ONU models and choose from those.