How to make the most of a 1.15Gbps (Gig1) Virgin Media ISP

Discussion in 'Networking' started by ChuckMountain, Nov 6, 2019.

  1. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    I have just upgraded my ISP to the latest Virgin Media (VM) offering which gives just over 1.1Gbps/50Mbps connection speeds.

    The supplied router comes with 4 x 1 gigabit ports as well as WiFi 5? It does not have a 10Gbe connection and it can be operated in Modem Only mode that would limit it to one port.

    A single connection direct to the router tops out at around the 930Mbps or so mark in line with expectations.

    I am the point where I am considering upgrading parts of my core network to 10Gbps and would ideally like to have the full bandwidth available from my ISP. I realise it might not be possible to do it for one client but across a number of them, I should not be losing 200+Mbps.

    Anybody solved a similar problem and got any advice to pass on, please?

    Initial thoughts are:

    1) Upgrade my current Dual WAN router to a different model capable of the desired throughput (my current one bottlenecks at around 700Mbps). Leave the VM in normal mode with 2 connections to it one to each WAN port. The Dual WAN router could then use link aggregation back to a main switch across 2 x 1 gigabit links
    2) Build a custom Pfsense firewall (or similar) with 2 x 1 gigabit connections and 1 x 10 gigabit connection, with the 2 x 1 gigabit connections connected to VM router and the 10 gigabit back to a 10gigabit core switch
    3) Don't think I can achieve more than 930Mbps in modem only mode?
    4) Segment the network up a bit more so that I have multiple smaller switches\VLANs to spread the load across the 4 x 1 gigabit ports on the VM router but then normal internal LAN traffic would be competing with Internet traffic - I lose control over my network that way.

    Any other options or ideas I should consider?
     
    #1
  2. altmind

    altmind Member

    Joined:
    Sep 23, 2018
    Messages:
    56
    Likes Received:
    11
    What is the type of internet connection that VM provides? If its docsis, I doubt it will run on the advertised rate.

    What do you use for a router? Do you need a router at all or single default gw on a switch may be enough?
     
    #2
  3. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    Thanks for the reply, it’s Docsis 3.1 which for VM is an upgrade on their previous one of 3.0. The previous ISP supplied router the super hub 3 would hit its limit of up to 550Mbps depending on the service you bought. VM usually run at 10% higher than their advertised speed.

    According to SamKnows which runs software directly on the modem upstream of the switch it hits 1.1Gbps so on the face of it appears to be working as advertised.

    Why do you think it wouldn’t run at the speed out of interest?

    The supplied Virgin Media Super Hub 4 as it is branded appears to be an Arris TG3492LG-VMB and unfortunately this cannot be replaced due to the restrictions from the ISP. Even I was able to obtain a suitable equivalent one they don’t let cloned MAC address modems on the network as far as I know.

    It is configured with a poor consumer orientated website so has very limited options available and most people that want more control put it in modem only mode and use a better router.

    My other router is a Linksys LRT224 which is ok but is not capable of the throughput of the speeds so definitely needs to be replaced if going down that route. It worked fine previously though when I was on the 350Mbps service.

    I am happy not to have a second router as that would prevent any issues around double NAT etc. but it was just an option that I was considering. At the moment my main switch won’t route between VLANs (Dlink DGS-1210-28P) so I do some routing capabailities. I have a guest VLAN and am considering some more. If I did drop the router I am still not convinced about the firewall features on the ISP router hence also considering that option.

    I am open to any ideas though really, hence the post :)
     
    #3
  4. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    I have the same service from Virgin and I don't think there is a easy way to do what you want.

    You would have to deal with the pain of double NAT plus the complexity of multi-wan where both the wan links are to the same IP address and MAC.

    Might be simplest to just throw some devices onto the Hub's wifi and accept that wired devices will have to cope with only 1 gigabit.

    If your guest VLAN doesn't need access to your LAN then connecting that to another port on the Virgin Hub is a option.
     
    #4
  5. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    I have a separate WiFi setup using UniFi AC Pros so don't want to enable the VM router.

    I tried the guest LAN via the Linksys router and only traffic through that so it could route correctly but then you end up being able to route back into the internal network via the VM router :( . I don't think the VM supports VLANs so wouldn't necessarily work if just plugged the guest network in directly.
     
    #5
  6. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    How is the VM router routing from the guest network to your internal network? You can't even add routes onto it can you?

    Are your internal and guest networks sharing a subnet?

    If you have something like:

    <Internal Network 192.168.2.1/24> <Your Router> (NAT to 192.168.0.2) <--> VM Router port

    <Guest Network 192.168.3.1/24> <Your Guest Router> (NAT to 192.168.0.3) <--> VM Router port

    Then there is no access between internal and guest.

    But you end up with double NAT between both networks and the Internet.

    You could work around that a little by placing your internal network router into the Virgin DMZ.
     
    #6
    Last edited: Nov 8, 2019
    ChuckMountain likes this.
  7. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    By VF Router did you mean the VM Router or the Linksys one?

    At the moment I have a default VLAN 1 on a 192.168.0.0/24 subnet and guest on VLAN 10 on a 192.168.10.0/24 subnet which gets guests from an SSID that's a guest network on Unifi. (No additional UniFi guest settings other than tagging as VLAN 10)

    The old way (which I have it currently configured as) is if I set it up with my UniFi connected to a tagged switch port on the DLink. The other tagged port goes out to the Linksys which happily routes both out to a WAN connection. DHCP is handled via DHCP relay with my server providing guest IPs for that subnet and that works fine. Routing between guest VLAN 10 and VLAN 1 is disabled on the Linksys and this works ok too.

    I haven't tried both directly to the VM as I wasn't sure it would support the VLAN 10 one. I will try but I am not sure it would route it anyway.

    If I try going direct to the switch with one VLANs and the other via the internal router then the VM router kindly routes between the two subnets :( I did try restricting the subnet of the WAN but it then took an extra hop via the router to route. Also placed in the DMZ and that seemed to allow access still which was a bit concerning. I didn't try the latter much.
     
    #7
  8. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    oops yes VM router not VF router.

    I don't understand how the VM router is routing between the two subnets for you. Can you explain the network a little more?

    The VM router only knows about a single subnet and doesn't appear to have any way of adding routes to other networks that I can see.

    What subnet is configured on the VM router?
     
    #8
  9. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    The VM Router is configured as the default gateway on my VLAN 1 network on 192.168.0.1 (it's own DHCP and WiFi is disabled).

    Other than the DMZ setting there is very little you can change on it.

    Before the upgrade, I had the Super Hub 3 set up in modem only mode. In that case the modem assigns itself 192.168.100.1 address. It's the same with the SH4.

    If I plumb a device directly into the SH4 with a IP address on a different subnet it will not afaik route out to the Internet.

    So I need to plumb another router if both VLANs go through it and they are on different subnets then it shouldn't route.

    However, if I have guest VLAN 10 192.168.10.0/24 on my Linksys router, and request a 192.168.0.x address, its default Internet gateway is 192.168.0.1 so will route to that the VM SH4. When it gets to the switch element of the SH4 that will route directly to the device in question which is the problem.
     
    #9
  10. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    If the guest VLAN is on 192.168.10.0/24 then what is assigning it a address from 192.168.0.0/24?

    You don't appear to have any separation between your internal and guest VLANs.

    The VM router only knows about 192.168.0.0/24 so any device talking to it would either need to be in that range or NATted into that range.

    The VM router doesn't support:
    • Link Aggregation
    • 10Gig or Multigig
    • VLANs or subnets
    • Static routes
    So your options are:
    1. Router mode with the VM wifi enabled. (The default they expect you to use)
    2. Modem mode and whatever network config you want but limit of 1 gig.
    3. Router mode with multiple devices plugged into the VM router on a flat network. (Gets you the full speed spread over multiple devices but could be a bottleneck for your lan as you said)
    4. Router mode with multiple routers behind it each plugged into their own port on the VM router and NATting onto the VM router network. (kind of horrible)
     
    #10
  11. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    The DHCP server is a Windows 2019 server with a scope defined for that subnet 192.168.10.0/24 (as well as the main one 192.168.0.0/24) the Linksys router is permitting DHCP relay to the server from the 192.168.10.0/24

    Yes I do there are no routes defined in the old provisioning way. Unless you mean something else?

    Yes the Linksys router will be natting the guest into the VM router

    Yes agree, but thinking an option 5 with dual (or more) wans will work. I suspect though I won't be able to route to the VM super hub config pages in this manner. It does appear to work ok with the Linksys in this configuration although it cannot handle the throughput. On the hunt for something that will and doesn't mind the MAC address being the same on each WAN port...
     
    #11
  12. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    How does traffic from a 192.168.0.0/24 address in the guest VLAN reach the internal VLAN?
     
    #12
  13. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    The guest LAN isn't 192.168.0.0/24 it is 192.68.10.0/24. The only traffic that is allowed is DHCP requests from the guest VLAN to the internal VLAN but even that is relayed from the Linksys to the DHCP server.
     
    #13
  14. ppiixx

    ppiixx New Member

    Joined:
    May 8, 2017
    Messages:
    9
    Likes Received:
    1
    ok, but earlier you said "if I have guest VLAN 10 192.168.10.0/24 on my Linksys router, and request a 192.168.0.x address, its default Internet gateway is 192.168.0.1" so it sounded like your guest VLAN was getting assigned addresses on your internal VLAN.

    Back to option 5.

    You could probably do something really horrible with virtual machines so that you have:

    a Main router with the (10gig?) lan interface
    2 or more 'external' virtual routers which have 1gig physical interfaces wired directly to ports on the Virgin router.

    Virtual links between the main router and the 'external' routers.

    That gets around the duplicate MAC problem.

    You still have the double NAT problem. You could DMZ one of the external routers and fiddle with things so machines that need inbound connections always go via that router.

    But this is getting pretty damn weird and a machine that could do this and route over a gig isn't going to be cheap :)

    How much do you want to spend?
     
    #14
  15. ChuckMountain

    ChuckMountain New Member

    Joined:
    Nov 6, 2019
    Messages:
    8
    Likes Received:
    0
    By “its default gateway” I meant the Linksys router wan gateway is 192.168.0.1, not the guest device. In the absence of another defined static route the guest device’s request would end up at the VM router which would know how to route to 192.168.0.0/24

    I was thinking along a similar line but maybe bundling a pfsense vm and running on my server. Might be easier to do as a proof of concept even if I then need to build out to a dedicated box.

    Incidentally the Linksys would allow me to run two connections to the VM SH4 and load balance it.
     
    #15

Share This Page