Recently I moved over to Virgin Media for Internet access, since I had reached the maximum speeds the old copper cabling from BT could offer me. Virgin, being built on the more modern Nynex network built in the south of England during the early 90’s allowed for much greater speeds. There’s just a couple of irregular checks I have to perform when it comes to switching ISP:
- Download limits (what exactly does Fair Use mean?)
- Can I bring my own router, or do I have to use theirs?
The answer to question one was straightforward. Almost all ISP’s have what’s called a ‘fair use policy’ (or Acceptable Use\Traffic Management policy), which covers them against customers who really abuse the truly unlimited downloads offer. Virgin are pretty relaxed with theirs, after listening to feedback from customers who suffered at the hands of their notoriously restricted traffic filtering. Now they offer a wide open service, with minimal traffic shaping\peak time slow-downs. To hit the Acceptable Use policy, you’d have to be running your own ISP at home for quite some time before they shut you down.
Question two is critical and yet usually problematic for many ISP’s. For Virgin however, it seemed easy – the new V3 Virgin Hub has an easy option to enable Modem Only mode, effectively disabling Wi-Fi and other routing features. Naturally the documentation is lacking for this feature, since Virgin would prefer you not to use it – so I decided to see exactly how it works, in the hopes of answering many support queries I’ve seen on the Virgin Community forums already.
Using Modem Only mode is actually very similar to a typical home router deployment. The router still acts as a DHCP server, and can even perform NAT for multiple routers, but it disables all other features such as Wi-Fi, content filtering, firewalls, DDNS etc. This means you need another router in your network to handle those basic features.
But how does the Virgin Hub behave in Modem Only Mode, and which ports should be used? These were questions I could not find simple answers to.
The Short Answer
If you’re looking for a quick solution to a problem you’re having, here are some fundamental truths I learnt with the help of a passive hub and Wireshark…
- Any port on the Virgin Hub can be used to connect to your router
- Your router needs to be configured for DHCP (automatic IP)
- The Virgin Hub only offers addresses once, shortly after boot – to repeat the process, you need to reboot the Virgin Hub. Ensure your external router is booted up first and ready to accept the DHCP offer.
- At first, the Virgin Hub issues a RFC1918 IP address to your router. Most routers will not accept this as a WAN address (e.g. ASUS) and therefore initially report a failure to connect
- The good news is, if the router rejects the first DHCP offer, the Virgin Hub tries again with the actual public IP. This should be accepted by your router (assuming it hasn’t given up)
The whole process takes a little longer than expected, after rebooting the Virgin Hub, the initial internal IP was offered after about 3 minutes, it then took another minute for the public IP to be offered.
Let’s look at each step in more detail. A little networking knowledge would be useful for this part.
The Long Answer
I did a lot of testing with the Virgin Hub, but the results were somewhat inconsistent. It’s possible the Virgin Hub only wants to use one external router at a time, but it also showed signs of supporting multiple routers using NAT. The testing was difficult to repeat consistently (and time consuming, considering I had to reboot the Virgin Hub after each change), so consider this an incomplete theory of how the thing works.
Any port on the Virgin Hub can be used to connect to your router
I tested this process on all 4 Ethernet ports on the Virgin hub, and the results were almost identical (I’ll caveat that later). When only one device was connected (my ASUS router), I observed that in all cases, the Virgin Hub first offered a DHCP address of 192.168.100.20 to my router, which was rejected because it’s an internal IP, and the router was expecting a public one.
After rejection, the Virgin Hub then offered the public IP assigned by Virgin.
Using Interface 4 gave me the most consistent results, with the internal IP being offered, first, then the public IP.
Your router needs to be configured for DHCP (automatic IP)
Quite straightforward, make sure your router is ready to accept an IP address from the Virgin Hub using DHCP. Note however that ASUS routers reject internal IP’s assigned to their WAN port. So at first, the DHCP process may fail (don’t worry, check out the next step).
The Virgin Hub issues a RFC1918 IP address to your router
The Virgin hub first issues the IP 192.168.100.20 to your external router.
My ASUS router rejected this, understandably because it received an internal RFC1918 IP address on its WAN interface. I have a theory why Virgin do this. I may be wrong, but it certainly seems to make sense to me.
Why offer an internal IP?
I wondered what would happen if I connected two routers to the Virgin Hub during boot. Would it offer the same public IP to both? Would only one get the IP, i.e. first come first served? So I connected the ASUS router to one interface, and a laptop to another – then rebooted.
To my surprise, the Virgin Hub stopped offering the external IP altogether, and only offered internal IP’s. The first client received 192.168.100.20 and the second received 192.168.100.21!
This actually makes sense when you think about it. The Virgin Hub cannot provide the same public IP to two clients, that would breach the RFC protocol for DHCP. So instead, it detects multiple clients are connected and resorts to NAT, using an RFC1918 IP range to allow multiple routers to access its modem.
In short, if you’re not getting the public IP on your router, make sure it’s the only device physically connected to the Virgin Hub.
Yet Another CaveatThis behaviour changed when I connected the Virgin TV box to the router. It seems the Virgin Hub recognises the TV box (maybe via MAC address) and behaves differently. Offering a second public IP to the TV box, ensuring it always gets online (albeit without a firewall!)
A public IP is then Offered
Finally, after issuing the private IP and having it rejected, the Virgin Hub provided the public IP to the router. It’s entirely possible your router accepts the initial RFC1918 address, in which case your router will report an external WAN IP of 192.168.100.20. Otherwise, it should accept the public IP.
The Virgin Hub seemed like an unpredictable cheap piece of networking kit when I first started setting it up, but under the covers, it actually behaves quite logically. I just wish there was better documentation about advanced configurations such as this. Virgin told me that customers are on their own when it comes to Modem Only mode, and support is cut off.
To summarise, and to use Modem only mode properly, ensure the following:
- Use DHCP mode on your own router
- Power on your external router first. The Virgin Hub will only offer a DHCP address once, shortly after start up (another caveat, it offered twice for the TV, suggesting they play favourites with their own kit)
- Ensure only your router is connected to the Virgin Hub, multiple connections cause it to fall back into NAT mode
After enough trial and error, I finally got the result I was looking for:
Lastly, when I had it all working, I wondered what the other interfaces could be used for. The short answer was nothing – they no longer receive DHCP leases, and cannot access the internal network. If you wanted to, you could connect multiple devices to the modem, and rely on the RFC1918 IP address range 192.168.100.x to connect to the internet, but those devices will have no protection against Internet based attacks, since the Virgin Hub is acting as a modem only, and wouldn’t offer any protection.
The other interfaces don’t mirror the Internet traffic, but they do still receive broadcast traffic sent from the Internet interface on the modem, therefore you can see all local ARP traffic within your public broadcast domain – nothing particularly exciting, but it could easily be used to determine which other Virgin IP’s are online in your local area.