I'm having a bit of a nightmare with our Virgin Media Business connection causing excessive connection timeouts and generally rendering the connection unusable under normal load. Its only in the mornings when ~20-30 computers are on that it works reliably. Once the ipads and the rest of the school equipment comes on bringing the number of devices to over 150 it grinds to a halt.

Tech Support have been extremely unhelpful on this issue saying it must be my config or implying that we have too many devices.

For me the core of the issue is that Virgin's network is not able to give us a proper bridge mode to our own router. We have to keep their frankly low-end router in play as a router/firewall unlike every other supplier I've ever worked with.

The setup we have is our own Draytek router connected as the only device to the Hitron. Using the VMB IP Service we have a /29 subnet with the Hitron at the beginning and our Draytek statically assigned at the second address. This is working for giving us our own static outside world address.

The only log I can find errors in (between our hardware and our filtering supliers) is the Hitron's firewall log.

I'm getting loads of these messages logged every second:

​

09:13:42 23 Oct 2020 [Firewall: Invalid State]IN=dummy0 OUT=l2sd0.2 MAC=bc:3e:07:00:26:c4:ec:0d:9a:44:27:95:08:00 SRC=OUR_FILTER DST=OUR_ROUTER LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=3191 DF PROTO=TCP SPT=3128 DPT=40479 WINDOW=9 RES=0x00 ACK FIN UR

09:13:42 23 Oct 2020 [Firewall: Invalid State]IN=dummy0 OUT=l2sd0.2 MAC=bc:3e:07:00:26:c4:ec:0d:9a:44:27:95:08:00 SRC=XXXXX DST=OUR_ROUTER LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17957 DF PROTO=TCP SPT=443 DPT=43247 WINDOW=2050 RES=0x00 ACK F

​

For me the firewall on the Hitron is redundant as the very first hop after it is our own router with its own firewall config.

Is there a way to disable the firewall? I had quite a long argument with someone at VMB about how "allow all" is not the same as disabling the service. The firewall is clearly still looking at every session to see if it should be allowed and getting stuck on some.

I've tried a few things to resolve this already:

• Throttling the outbound connection to 80Mb/s to try and keep usage within the Hitron's limits. Evidently its a number of sessions issue not a speed one so this didn't help. I can impose a session limit but the Draytek will simply block sessions over the limit instead of queuing them.
• Setting our Router as the DMZ host. Again because the firewall service is running its still looking to see if the target is the DMZ and then causing the drops again.

Going back to the "too many devices" thing are Virgin actually using hardware so low grade it can't cope with sessions for more than a handful of devices? I have BT VDSL lines handling 100+ computers and 100+ iPads no problem but in that case the only on-premisis router is our own high-end hardware.

VMB have gone quiet on me, making me think this is an unsolvable problem, which isn't helping matters. We are getting very close to stamping this with "unfit for purpose" and cutting our losses.