Note: A new post is available for using the RB450G with Attitude Adjustment (12.09) which is altogether much easier than this.

FTTC is available in my neighbourhood and all that is required is a router that support PPPoE. Not difficult really, but most routers are also not powerful enough to cope at higher speeds.

The Netgear DG834 v3 I previously used with OpenWrt seems to be able to shift 16Mbit/s, but there is no CPU cycles left for userspace, and it seems it struggles to start new connections when it is running at that speed.

I searched around and eventually decided the the RouterBorad RB450G was the nicest option. It features two Gigabit NICs, the second goes onto a 4-port switch which can be used to dice it up into separate networks using VLANs. While the manufacturers OS (RouterOS) is capable of doing everything needed for FTTC, it doesn't seem to be completely happy with IPv6 yet, and the extent to which I can customise it is limited to the interfaces that they provide.

OpenWrt would be my choice for being able to get all the flexibility I enjoy, but the only problem is that none of the info I could find provided a complete picture of the level of support for the RB450G and many places reporting that it was not fully working.

The good news: It works for me, and this is what I did to get connected  via FTTC, complete with IPv6 from AAISP....

This may also work for the RB750G which appears to be almost identical to this board apart from having less RAM and Flash.

What is FTTC?

FTTC stands for Fibre To The Cabinet (or Curb). BT call it "Infinity".

With conventional ADSL2+ setups, the "last mile" connection is made between your nearest phone Exchange and your ADSL router by copper (or if you are unlucky, aluminium) cable. This is normal phone cable originally intended for carrying voice. The longer it is, the worse your data rate as it has losses and picks up noise between the exchange and your ADSL router.

FTTC dramatically reduces this (assuming you have a cabinet with FTTC nearby) as the fibre is run to your nearest green curbside box (cabinet) from where the "exchange side" of the connection is made to your line. This means that the line length can be dramatically shortened and hence much higher data rates are available.

In my case it goes from about a a mile down to about 100 meters with FTTC. BT's estimator says my line should achieve 38.5Mbit/s down and 9.1Mbit/s up. As my line is particularly good (the external cabling comes right in all the way to to the master socket with no joints), and BT are probably being conservative to avoid angry customers, more can often be achieved.

Be aware that the 10Mbit/s upstream is an option that currently costs extra with AAISP.

Building OpenWrt for RB450G

OpenWrt Backfire (10.3) is virtually ready to go as it comes. The only thing that needs changing is the hard-coded size for the kernel partition - this needs to be doubled else the kernel fails to write to Flash giving a load of strange errors from freezing the moment it boots to complaining about init not being found.

Checkout the latest source tree frm SVN (see the instructions on the OpenWrt Development pages). I have pasted the info out into a patch file to double the kernel partition size for convenience. Apply this patch:

$ patch -p1 </PATH/TO/rb450g-kernelpartition.patch

Prepare all the packages in OpenWrt:

$ make packages/symlinks

My config (builds initramfs for netbooting) includes useful utilities and snmpd for monitoring and may be used as a starting point for configuration.

Download: OpenWrt Netboot config for RB450G

Copy this to a .config file in the root of the source tree. If needed do any additional config:

$ make menuconfig

Then build the images:

$ make

Setting up the Hardware for netbooting

The RB450G I got had an old version of RouterOS on it, but the bootloader (RouterBoot) is very good and allows booting from NAND Flash as well as from the network with DHCP and TFTP.

It has a Serial (RS232) connector on the side and with a Null Modem cable and a USB-serial adaptor at 115.2K 8N1 access to the console and bootloader is easy.

To get the RB450G to boot from the network, press any key when prompted at boot, choose 'o' for boot device then 'e' for ethernet. This sets the router to boot off the network only.

Setting up Software for netbooting

Next we need to be able to serve the images we built for netbooting and installation. In total we will need the following on some machine(s) on the network, but it could all be on one laptop that is connected directly to the RB450G:

• DHCP to kick the whole process off
• TFTP to deliver the netboot images
• HTTP to deliver the final installation images

I already have dhcpd3 running on my network so I just added into my working config some options:

allow booting;
allow bootp;

If you don't have dhcpd3 running then you will need to configure that first. And then add a static address and options for the MAC address of the RB450G:

host rb450g {
    hardware ethernet MAC:OF:RB450G;
    fixed-address IP.OF.RB450G;
    next-server IP.OF.TFTP.SERVER;
    filename "openwrt-ar71xx-vmlinux-initramfs.elf";
}

Restart dhcpd and we are ready to move on.

I installed tftpd-hpa which requires nothing doing to it further under Ubuntu Lucid (my build Virtual Machine). I also installed Apache to deliver the installation images by HTTP, and again, nothing really needs doing to the default config.

Netbooting

Once you have the above configured, connect up the RB450G to the network with the DHCP and TFTP. Go into bin/ar71xx/ in your buld tree and copy openwrt-ar71xx-vmlinux-initramfs.elf to /var/lib/tftpboot on your TFTP server.

Press 'x' in the bootloader menu to exit and boot. You should see in your serial terminal something like:

trying bootp protocol... OK
Got IP address: IP.OF.RB450G
resolved mac address MAC.OF.TFTP.SERVER
Gateway: IP.OF.GATEWAY.ROUTER
transfer started ................................ transfer ok, time=1.66s
setting up elf image... OK
jumping to kernel code
Linux version 2.6..........

Eventually things should settle down - hit Enter a couple times and you should see a "root@OpenWrt" prompt.

Check everything is working nicely - run an ifconfig and check that your interfaces are there, if there are any conflicts in IP addresses then sort them and make sure that you can ping things on both interfaces, specifically the IP address of your HTTP server you are delivering the installation images off.

Once you are happy that your installation works then it's time to install it for real.

Installing to NAND Flash

We need to re-build the image without initramfs support in order to get a permanent install. This is simply a case of disabling ramdisk in the Target Images section of the config and building the image again. Run:

$ make menuconfig

Then go into Target Images and unset ramdisk, exit saving the config and build the additional images:

$ make

Once you have built the new images in bin/ar71xx/ copy openwrt-ar71xx-vmlinux.elf and openwrt-ar71xx-rootfs.tar.gz to /var/www/ and rename openwrt-ar71xx-rootfs.tar.gz to openwrt-ar71xx-rootfs.tgz

Now on the RB450G running the netboot, run the following to grab the images off the webserver and burn them onto NAND Flash:

# wget2nand http://address.of.webserver/

Once done you can tell the router to reboot:

# reboot

Then hit any key to stop it at the bootloader again. Once again press 'o' to go to the boot device menu and then press 'n' to boot NAND by default again, then 'x' to exit and boot.

Once it comes up then set the password with "passwd" and then you should be able to ssh into the RB450G:

At this point we have a working router which can boot on it's own and is accessible via ssh.

Config and other refinements

At this point the RB450G think's it's a plain Ethernet-to-Ethernet router, running on a default address and DHCP on the WAN interface. We now need to move it to the correct address, and get it fully configured for use for FTTC with AAISP.

Network

For FTTC BT supply a Huawei EchoLife HG612 for use as a PPPoE modem, hence the actual WAN (internet) connection is via PPPoE.

The main network config is in /etc/config/network and needs to look something like this:

config interface loopback
    option ifname    lo
    option proto    static
    option ipaddr    127.0.0.1
    option netmask    255.0.0.0

config interface lan
    option ifname    eth1
    option proto    static
    option ipaddr ROUTER.IP.ADDRESS
    option netmask 255.255.255.NETMASK
    option ip6addr ROUTER:IPv6::ADDRESS/PREFIX

config interface wan
    option ifname eth0
    option proto pppoe
    option username ISPUSERNAME
    option password ISPPASSWORD
    option keepalive 5,5
    option ipv6 1

config switch
        option name     eth1
        option reset    1
        option enable_vlan 1

config switch_vlan
        option device   eth1
        option vlan     1
        option ports    "0 1 2 3 4"

Obviously, if you don't do IPv6 or you need other config options then substitute those.  On the OpenWrt Wiki is a full list of network configuration options.

Next, check if the DHCP options in /etc/config/dhcp match what you need for your network. In my case I only have 2 dhcp addresses for testing an experimentation as the rest of my network is statically routed, so I changed "option start" and "option limit" appropriately.

The only other thing is to enable IPv6 forwarding in /etc/sysctl.conf by uncommenting the line net.ipv6.conf.all.forwarding=1

Firewall

I am using an almost identical firewall config to those in my article on the DG834, but the interface names have changed: eth0 changes to eth1 and ppp0 changes to pppoe-wan.

I use /etc/firewall.user and comment out most of /etc/config/firewall, but the choice is yours.

Download: an example of my /etc/firewall.user

QoS

This need not be much more than updating the up and down speeds in /etc/config/qos to match your connection.

NTP

If you want to use your ISP's NTP server rather then update the config as needed in /etc/config/ntpclient

For AAISP just comment out or remove all the "config ntpserver" sections and add one:

config ntpserver
        option hostname 'time.aaisp.net.uk'
        option port     '123'

Backups

It's always a good idea to have a backup. Like previously I am using dirvish so all that is needed is to put the authorised key in /etc/dropbear/authorized_keys to allow ssh connections by dirvish.

The same config used in my article on the DG834 can be used.

Monitoring with Cacti

Previously I could monitor the ADSL signal statistics which is no longer possible when running PPPoE, however there is still plenty to monitor. Where possible, I have kept things as close as possibel to what I did for the DG834 including using the busybox http server.

The only catch seems to be that there is non init script for the http server any more so I simply used the one off my last DG834 which you can download: httpd init script

This time I have produced a tarball which you can extract in /www/cgi-bin on the router. All the files will extract into a new directory monitor/

Download: router monitoring script for RB450G

On the Cacti server I have another tarball of updated Python scripts to extract in /usr/local/share/cacti/scripts (or that's what I use on Debian anyway). This extracts directly to that directory so be aware it will overwrite any scripts with the same names.

Download: Cacti server input scripts for RB450G

Lastly there is a bundle of Cacti templates. Note that many of these are the same or minor updates of templates used for the DG834 routers. If you have the previous templates installed then you may want to clear them out to avoid problems.

Download: Cacti templates for RB450G

This is what you can expect in the way of graphs:

MTU Problems

This caused me a lot of grief. Ethernet has a standard MTU (Maximum Transfer Unit) of 1500. When we run PPPoE, we add an 8-byte overhead making the MTU of the PPPoE connection 1492.

OpenWrt and pppd will figure that out for you, but at the ISP end it may need setting on the control pages - tick the MTU1492 option, and kill the PPP to bring that setting in.

Technically that does the job and any node sending larger packets gets ICMP type 3 code 4 (can't fragment) sent back to it. The catch is that many smaller sites (includes many advertising services) don't seem to pay attention to it and send larger packets anyway which get thrown and the connection stalls.

AAISP also provide a MSS fix titled "TCPFix" which I found also needs to be ticked for compatibility with all sites.

Once you have saved those options then kill the PPP connection with the "Kill (LNS)" button and when your router re-connects then everything should be fine.

Conclusion & thoughts

It's been a bit fiddly getting the RB450G up with AAISP, but not as bad as getting OpenWrt running on the DG834v3. Everything seems to work as expected and I have not come across anything that is broken save the kernel space problem patched above.

The nice thing about the RB450G is that is has loads of spare processing power. It never seems to break into a sweat or freeze userspace when shifting data at full speed over my internet connection, and I'm sure it can go much faster. Likewise, I am currently only using 2% of the NAND Flash capacity. This board is capable of much more than I am using it for here.

The RB450G is so good with OpenWrt that I am tempted to use it for another project where I need to monitor and switch between multiple WAN interfaces automatically. Off the shelf routers can't do this but with OpenWrt I can easily script it up.