Introduction
Comcast and I have long had a strained relationship. I recognize that the service they’ve offered in the houses and apartments that I’ve lived in has been reliable. However, I’ve never been a big fan of their business and billing practices.
For example, I purchased my own DOCSIS 3.0 cable modem some years ago when I first got their internet service. Some months in, I noticed that they were charging me for a cable modem rental. When I contacted them about this, they were insistent that I prove to them that I bought my own cable modem before they would refund the fees. I might recall this incorrectly, but I believe they had requested that I fax my proof of purchase to a number as they did not have an email address setup for such things.
After that, it was smooth sailing until they charged me full freight for the service and refused to honor the deal they had agreed to. At the end, we put some reasonable deal in place for internet service for some years.
Two years ago, my wife and I bought a house and transferred our service there. As part of that, Comcast has an automatic contact renewal program on their website. I agreed to an additional two years at the rate I was paying – and after a month or two, my bill went up dramatically. Apparently I had exposed some glitch in their system which signed contracts on their behalf that they had no intention to honor. After weeks of wasted time, I ended up giving in and accepting crappier service for more money since I didn’t have any other option. Looking back, I should have filed a complaint with the Massachusetts Attorney General.
Finally, in November 2020 Comcast announced both a 1.2TB data caps and a rate hike. Coincidentally, our data usage somehow jumped up 20% the month after they announced the data cap enforcement. I hadn’t been keeping track of our data usage on our router at that time, so I can’t rule out that our usage did actually increase - but the timing is suspicious.
Figure 1: Comcast Data Usage
Although Comcast did backpedal on the data cap enforcement, this has led me to seek other options in earnest. In our city, you have two choices for “broadband”: Verizon’s DSL and Comcast. In today’s age, with the Website Obesity Crisis in full swing 1.5Mbps is not going to cut it for a multi-user household. There are some companies who service larger buildings like NetBlazr and Starry, but they’re not interested in working with single family homes.
Last December, I saw some news on Reddit about a new home ISP service from T-Mobile. They were targeting speeds of 50Mbps / 50Mbps upload and download without data caps for $50 / mo inclusive of taxes, fees and including the equipment. Our Comcast plan included ~100Mbps download with a paltry 5-7Mbps upload for over $100/mo. The Comcast plan included a cable package which is rarely used, but the bundle was cheaper than the standalone service.
In January, we decided to give the T-Mobile service a try. Although their eligibility webform said our address wasn’t eligible, the customer service agents said that we were.
Solution
The Nokia “trash can” looks like an extremely powerful device, but it’s crippled by locked down software. There aren’t many knobs that you can turn on the device – perfect for my parents, but not great for someone who already has a network setup. In my use, I found there were a few issues:
- No bridge mode, so it’s not exactly a 1:1 replacement for the cable modem. The Nokia device pulls down the IP address from T-Mobile. Using your own router connected to the Nokia router means you’re dealing with a double-NAT setup.
- The T-Mobile DNS servers are a bit flaky. Configuring my device to use another DNS server improved this by quite a bit.
- The Bufferbloat is pretty bad. When the connection starts to get saturated, the ping times grow substantially.
- No ability to setup isolated networks for untrusted devices.
- The 5G connection seems to have flaked out over time.
Setup
Network Overview
I already have a reasonably well setup home network using an OpenWRT Based Turris Omnia Router, with separate IP ranges and WiFI networks for trusted devices, guests and untrusted IoT devices. I also have a nice UniFi Access point which covers my entire home quite well. Due to this I decided to accept the potential headache from double-NAT and put the router behind the T-Mobile device.
T-Mobile doesn’t have enough IPv4 addresses available for all of its customers, so they run an IPv6-first network and use Carrier Grade NAT (CGNAT) to allow multiple users to share a single IPv4 address. This comes with a performance hit. Fortunately IPv6-enabled websites are becoming more and more common. As such, it is desirable for the devices on my network to be able to have a real IPv6 address.
I don’t pretend to understand IPv6 address allocation perfectly. There are multiple ways in which your device can get an IP address. XFinity supported “prefix delegation” which tells your router that it can feel free to hand out addresses in a given range to all of the devices connected to it using a DHCPv6 server. Unfortunately, the T-Mobile router doesn’t allow delegation to your router. Fortunately OpenWRT supports a “relay” mode for IPv6 address allocation. In order to enable this, a few settings need to be changed from the default settings:
OpenWRT / Omnia Configuration
I had to make some configuration changes to the OpenWRT-based Turris Omnia in order to improve the performance.
IPV6 Relay
When I plugged the WAN port of the Turris Omnia into the LAN port on the Nokia router, the Omnia pulled down an IPv4 and IPv6 address. The Omnia proceeded to hand out private 192.168.1.0/24 IPv4 addresses to the clients connected to it, but did not assign any IPv6 addresses to the clients.
The /r/tmobileisp subreddit has some good advice on occasion. I ran into a comment from a user which provided some ideas on how to work around this. The following code blocks show the LAN and WAN6 blocks of my /etc/config/dhcp file.
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'relay'
option ra 'relay'
option ndp 'relay'
option ra_management '1'
list dhcp_option '6,192.168.1.1'config dhcp 'wan6'
option dhcpv6 'relay'
option ra 'relay'
option ndp 'relay'
option master '1'
option interface 'wan6'
option start '100'
option leasetime '12h'
option limit '150'After making these changes, the devices on my network were all able to pull IPv6 addresses down. I believe that they’re assigned by the Nokia gateway.
DNS Settings
The T-Mobile DNS servers are a source of many complaints on Reddit. It seems that they can be a bit overloaded at times. Due to this, I wanted to configure my router The Turris Omnia uses a non-standard DNS resolver called Knot. It’s written by the same folks who built the Omnia. Most OpenWRT devices seem to use DNSmasq, so most of the documentation online is based around this.
In the “Foris” simplified management interface on the Omnia, you can select the DNS server you would like your router to use.
I chose to use the Cloudflare DNS servers due to their reasonable privacy policy. Their IPv4 endpoints are 1.1.1.1 and 1.0.0.1. In addition, they provide IPv6 endpoints at 2606:4700:4700::1111 and 2606:4700:4700::1001. They also have end points which provide adult content and malware filtering.
I believe that I had to add in the IPv6 endpoints into the following file:
name="99_cloudflare.conf"
description="Cloudflare (TLS)"-0t5f4rdas9T4rewq
enable_tls="1"
port="853"
ipv4="1.1.1.1 1.0.0.1"
ipv6="2606:4700:4700::1111 2606:4700:4700::1001"
ca_file="/etc/ssl/certs/ca-certificates.crt"
hostname="cloudflare-dns.com"BufferBloat
Bufferbloat is a condition where the latency of a network connection increases dramatically under load. This can make applications which are time sensitive like video and voice chat malfunction when the network connection is loaded.
The Nokia router does not seem to have any mitigations in place for this, so I enabled Smart Queue Management (SQM) on the Omnia. In general, this trades off a bit of maximum throughput for more consistent latency performance.
I’m using the CAKE queueing algorithm, as described in this article on the OpenWRT website. This did make a notable improvement in the bufferbloat performace.
External Access
Unfortunately, the T-Mobile service does not provide a publicly routable address which means that remotely accessing local resources is a challenge. There are online services which can mitigate this. One option would have been to connect router to a server with a public IP address and use that host as a means of connecting to local servers. There are some other commercial solutions. I settled on one called Tailscale at the recommendation of tptacek on Hacker News. So far it works well on all of my devices. Occasionally I will need to open the app on my iOS devices to reconnect, but that’s all.
Concerns
Although T-Mobile has been reasonable enough to work with commercially, they have had a history of concerning privacy practices. In 2018, they were caught selling location data to data brokers who then resold to a number of unsavory parties including bounty hunters. Supposedly this practice has stopped, but they have not ever responded to my requests to confirm whom my location data was shared with.
In addition, they have recently launched an ad platform which leverages your browsing history to target ads. There is an opt-out which I suggest everyone take advantage of, but you shouldn’t need to opt-out to this kind of nonsense. It should simply be illegal.
With all of my complaints about Comcast, they were definitely better on this front. Depending on how things evolve with T-Mobile, this might end up being a reason to switch back.
Conclusion
We’ve been running the service for approximately a month, and it’s been fine. Good enough that we canceled our Comcast service. For whatever reason, we only pull a 5G signal sporadically so most of our data are transferring over LTE. Despite that, we get approximately 50Mpbs down / 50Mbps up rather consistently when connected directly to the Nokia “trash can” either via Wifi or plugged in. On the occasions when the device pulls a 5G connection, the download speed increases to around 200Mbps.
I’m looking forward to seeing what T-Mobile brings us with future network and software upgrades. I’m hoping that they will make positive steps to address the privacy considerations.
I think that our long term relationship with T-Mobile may hinge on their improving their privacy practices. Hopefully they will come to the light and start to protect customer data better.