Connecting to NBN HFC with a linux router

Update 2021-03-04: for a modern setup with dual-stack IPv4/IPv6 and systemd, see this post.

Internode recently migrated me from an ADSL connection to an NBN HFC connection. Here’s how I configured the connection using my own Debian GNU/Linux router instead of the TP-Link VR1600v internode supplies…

NBN Co supplies an Arris CM8200 NTD, which is a modem that bridges local ethernet to the ISP via DOCSIS over the coaxial cable.

Additionally, Internode’s configuration requires PPPoE encapsulation with 802.1q VLAN tagging.

I’m using physical interface eth1, so in /etc/network/interfaces I have:

# See interfaces(5)
auto eth1
iface eth1 inet static

# VLAN ID 2 for Internode's NBN HFC.
auto eth1.2
iface eth1.2 inet manual

auto nbn
iface nbn inet ppp
    pre-up /bin/ip link set eth1.2 up
    provider nbn

Then in /etc/ppp/peers/nbn I have:

# See pppd(8).
user ""
lcp-echo-interval 5
lcp-echo-failure 2
connect /bin/true

# Connect NBN using PPPoE over the eth1 interface with VLAN ID 2.
mtu 1492
plugin eth1.2

In /etc/ppp/pap-secrets, add a dummy password:

"" * "not used for NBN"

To bring it up:

sudo ifup ppp0=nbn

A note on the MTUs here. From a Mac OS X device on the local network, the largest IP datagram that you can send without fragmentation or errors is 1492 octets (tested via ping -D -s 1464 The ethernet frame arriving at the NTD can be broken down as:

  • 1464 octet ICMP echo data payload
  • + 8 octet ICMP header = 1472
  • + 20 octet IPv4 header = 1492. This is the IP datagram size enforced by the “MTU” settings I have on my local ethernet connections (e.g. wifi) and also in /etc/ppp/peers/nbn
  • + 2 octets PPP + 6 octets PPPoE = 1500. This is the size of the ethernet payload
  • + 4 bytes 802.1Q header for the VLAN tag, + 18 802.3 ethernet overhead = 1522. This is the ethernet frame size, and it’s the maximum layer 2 frame the NBN will accept.

Unlike ADSL (using ATM), there’s no need to worry about fragmentation with smaller frame sizes at layer 2; everything is ethernet, so choosing the maximum end-to-end MTU (1492) is the best strategy for minimizing overheads.

7 thoughts on “Connecting to NBN HFC with a linux router”

  1. Thanks for your post. The important information was that it was possible.

    For Tangerine Telecom I found some differences as follows:
    A password , being the first (numeric) part of the user id, was necessary.

    The peculiar effect of having a dummy password, is that I gained authentication and a
    dynamic IP with a 15 minute turnover. This was blocked to port 80 requests, but open
    for ssh etc.

    The installation proved in the end to be the same as the former installation with ADSL.

  2. How do you know (or figure out) the IP address of the Aris?
    I will be getting NBN from Exetel but I use CentOS, so my scripts are different.

  3. Thanks – this is useful. I’m about to switch on NBN tomorrow for my Ubuntu router via TPG. The TPG config looks fundamentally similar where it’s EWAN / VLAN 2 ( Though I wonder if auth will be different for TPG.

    Any reason for setting a static IP for the VLAN raw device?:

    auto eth1
    iface eth1 inet static

    Will try to report back tomorrow here with my experience.

  4. @Rob: I didn’t think there’s a particular need for setting the static IP on eth1 like I did

  5. For anyone on Aussie Broadband / HFC, the interface settings you need are much simpler:

    auto eth1
    iface eth1 inet dhcp

    It was confusingly simple.

Leave a Reply

Your email address will not be published. Required fields are marked *