Verizon and ATT just rebrand nokia ONTs and roll some of their own software that is mostly enhanced or changed encryption at L1. Can’t speak for Comcast, I only know about the other two as I’m in a smaller ISP that competes with them.

They use have L2 onts that don’t have any gateway functions, just fiber to ethernet with some extra overhead to monitor the connection between the hose and shelf.

The ONT-on-a-stick units do the same thing, just a more compact and expensive interface that doesn’t have great support, unless comcast or running all home run fibers where they can just provide a straight SFP instead of doing any optical splitting.

No, you are likely looking at an ONT (optical network terminal), and it is not a router. Even with a port that accepts the fiber (sfp or sfp+ for 10g) on your equipment, the OLT (optical line terminal) likely will not provide you with service.

If you were to match the wavelengths the ISP is using you are likely to become a “rogue” on their PON that can knock out service for other customers that share the same passive network as you.

I make assumptions about you being on PON since you say AT&T, generally all I have ever seen from them are passive networks (one fiber with splitters for 1 port to many customers) unless you are paying extra for “dedicated” ($$$$$) internet.

If they are using a ONT with an “RG” (residential gateway) which is the typical “all in one” you can request the gateway service can be removed and replaced with a layer 2 bridge, where you’re router/firewall gets the “external” addressing and there is nothing being done by the ISP equipment other than sending you traffic and OAM (operations, administration, and maintenance; usually check or alert for light levels, software status, if a part of the ONT fails etc).

I work for an telco and I have seen a lot of times that a contract for using preexisting underground infrastructure that have lids like this has a section requiring that they are returned to the same location and orientation when the enclosure is sealed.

Whoever owns that, municipality or private, will probably take a complaint about it, and may pass it to whoever is responsible or owns the plant inside.

For indoor cameras, I use TP-Link tapo wireless cameras, and hikvision for outdoor. I put all of them on an isolated camera wlan and vlan without internet. the tapos work fine without internet access, but the status light will always be orange as it tries to reach some tplink aws IP to verify connectivity.

All the hikvision cameras and tapos support rtsp.

probably posted on mastodon as well

typically you only need one power supply to run it, once you move to redundant power you can use the second one in case the first one fails. when you plug both in it will just balance across both until one fails.

in my opinion, hardware should only be hypervisors that run virtual machines, then you can provision VMs, similar to using VPSs. going this route you will need a vga monitor for initial setup, eventually everything is done over the lan with a web ui or ssh.

i use proxmox which is Debian based for the hypervisor.

As far as what you do with it, is that you can in theory replace the VPSs or test software in your lan.

to compare, i have my router (vyos), homeassistant, a docker server for hosting small services, a network lab (gns3), windows and mac VMs, and more running on a cluster that is using similar hardware.

they should just say “government monitoring everyone”

it looks like there is a bedrock branch, but i personally have no experience with bedrock.

see this issue for more details: https://github.com/minekube/gate/issues/11

i have used gate for my internal and external, works very well and i do exactly what you are asking and separate different versions and modpacks by name https://github.com/minekube/gate

everything should be behind a firewall

the questions of can they spy, and will they spy are different questions. at some US ISPs (at least the one i am at) the modems usually are only monitoring performance, ie number of packets, errored and discarded packets for troubleshooting. as far as the modem which i will assume is just a layer 2 bridge to your provider, usually not a whole lot going on there due to costs of the hardware. where the privacy violations are going to occur in the access equipment or core. this is what your modem connects to, then your traffic crosses on the way to the “greater internet” if your not using a vpn to outside of your provider, there is no way around it, they can and probably do tap into what your doing. a lot of them it may not be overly nefarious, i know my company does not sell customer data, and we generally only access it for troubleshooting and bandwidth analysis for upgrades, or as ordered by a court for law enforcement.

if you use a router from your isp almost every manufacturer is trying to sell all these different analytics and dpi that basically tells us what websites customers are visiting and how much/type of traffic to those sites, but directly from the router. same, or greater level of privacy violation as that can see local traffic on your lan, as well as watching wifi connection strength and scanning to see air quality and neighbors for “troubleshooting” or to sell access points.

make sure it’s configured for clean shut downs before your battery runs out, auto power up on restoration, and hope it doesn’t happen. you will eventually have an outage that outlasts your batteries.

I have a large string of batteries from an old telco office, that runs my rack for 14hrs (calculated, I shut everything down around this time) and that did not last for the 2-3 day outage we had after a storm. Without a generator, you will inevitably have an outage, but if you are prepared, then you can mitigate any damage. use NUT if you need to shutdown or power multiple devices from one monitored UPS

This is possible, and exact directions will vary on distribution of the vm client. I personally do this but with split horizon dns and dnsmasq on a vm.

impossible to leak is where it gets tricky, and that will require an understanding of networking in your distribution. there will also be tutorials on this, but it’s very easy to mess up.

I would say the warranty is probably confidence that a percentage will last that long, and the amount they have to replace is cheaper than the business they lose not offering it.

edit: and no argument that companies are also working to make devices less repairable, i’m cynical that more often then not they are trying to design devices that last exactly as long as the warranty.

would be a good idea to test the backups on 7, and double check the release notes, they hold just about every caveats. The 7to8 upgrade was not horrible, if you have backups, you could always attempt the upgrade after taking backups, then if successful take new backups, test, then install new drives and restore. depends on how paranoid you feel.

If this was a production system, that is probably the change plan i would follow, but in production I would also be able to migrate VMs. I am not nearly as careful in the home environment.

what about that doesn’t work? just because you don’t know how doesn’t mean not possible.

https://developers.cloudflare.com/dns/manage-dns-records/how-to/managing-dynamic-ip-addresses/

https://github.com/ddclient/ddclient#using-ddclient-with-dhcpcd

https://openvpn.net/community-resources/configuring-openvpn-to-run-automatically-on-system-startup/

maybe a vpn provider that uses openvpn? advanced setup but you can have an openvpn client auto connect on boot and bind the mail and ddclient to the tunnel interface.

cloudflare has good support for ddclient, so when your IP changes updates are automatic.

from your router can you ping the AP behind that switch, while the issue is occurring? All L2 unmanaged switches, no tagging? POE from the switch or an injector? If from the switch maybe put an injector in between?

I work for an ISP in the network engineering dept, I personally have never seen an issue exactly like this before, but we generally do power calculations for switching and wifi, this sounds like a power issue to me.

one of the reasons you see these as separate is because of the amount of modularity you get with grafana, you don’t always use it with prometheus, sometimes with ELK sometimes Influx and Telegraf. If you intend to set it up outside of the “typical” you start to really appreciate one piece doing one thing, and doing it well.

i like it, i have been pretty happy with it, but i was also specifically looking for keeping notes in markdown, so ymmv depending on what you want/need. i run it on a docker server i already had, using compose and it has been very stable