Virgin say I can't have both Super Hub 2 and static IP

So it looks like we cannot get BT Fibre in our office (see post about it on the general Fibre forum) so our only hope is VM.

This is for a business connection serving 15-35 computers plus many smartphones on Wifi.

We have a few requirements:
* We'd like the max upload possible (e.g. 5-10MB)
* We'd like to connect our existing routers and Wifi APs to this internet connection.
* We'd like a static IP address.

We've had a few discussions with a Virgin salesperson but they claim they can only provide fixed IP with 50MB package at the moment, and a Super Hub 2 (which I understand from these forums may be necessary to connect to our previous routers using modem mode) is only available on 152MB, but not a static IP address!

Is the salesperson correct? Is there any way to get a static IP address from a third-party that will point to my (DMZ) server?

We do most of the network tech in-house although we're not that experienced. It's mainly used for internet access.

Here's the email conversation:

Question
> Apparently we need a "Super Hub 2" (not Super Hub 1) which allows "modem mode" and can be connected to our existing wifi - is it possible to receive that?

Reply:
The super hub 2 is for the 152Mb which can be used in modem only mode but cannot obtain static/fixed IP addressed � only the 50Mb can do so however this connection is best not used in modem only mode.

Qu:
> Just to confirm is it £30 for 50MB and £35 for 152MB without phone line? With the phone-line ( as a bundle) what was the cost ? (Please remind me )

Reply:
The £30 and £35 are without the phone line and are just for the broadband as a standalone product. With the phone line it is £40 for 50mb or £50 for 152Mb bundles. If you get a bundle you receive 2 months free.

Qu:
> Is there any way offer even a single fixed IP right for 152? It is very important for us and could be a decider if to take virgin altogether.

Reply:
The upgrade path is normally fairly simply and can be done within around 10 working days however we would provide you with a new router for the new connection. We are unsure when fixed IP will be available on the 152Mb and so would advise if you need fixed IP to go with the 50Mb service.

Qu:
> What guarantees do you provide that they won't raise your prices mid-contract? Apparently Virgin can and has done so in the past.

Reply:
When you are contracted your pricing is fixed throughout the contractual term and will not be increased even if our standard pricing is to increase for those products. When you are within a contractual period, your pricing cannot be amended unless you request to do so for example � upgrading or adding features.

Why not just request a small block such as suggested at http://www.virginmediabusiness.co.uk/Customer-area/H...

Then you can run your own business grade Ethernet firewall to provide NAT services, totally independent of the actual cable connection.

In reply to a post by MrSaffron:

Why not just request a small block such as suggested at http://www.virginmediabusiness.co.uk/Customer-area/H...

Then you can run your own business grade Ethernet firewall to provide NAT services, totally independent of the actual cable connection.

that page says:

In reference to www.virginmediabusiness.co.uk/Customer-area/Help-Support/Broadband-...:

We can supply static IP addressing but this can only be provided if requested at the time of ordering. The available options are 1 address, 5 addresses or 13 usable public IP addresses.

And that's exactly what Virgin salesperson is saying we can't order with the 152MB package ("superfast broadband"). For some reason that appears to escape logic, it is possible to order/arrange with the 50MB package.

I'm hoping they're wrong.

In reply to a post by mstrom:

In reply to a post by MrSaffron:

Why not just request a small block such as suggested at http://www.virginmediabusiness.co.uk/Customer-area/H...

Then you can run your own business grade Ethernet firewall to provide NAT services, totally independent of the actual cable connection.

that page says:

In reference to www.virginmediabusiness.co.uk/Customer-area/Help-Support/Broadband-...:

We can supply static IP addressing but this can only be provided if requested at the time of ordering. The available options are 1 address, 5 addresses or 13 usable public IP addresses.

And that's exactly what Virgin salesperson is saying we can't order with the 152MB package ("superfast broadband"). For some reason that appears to escape logic, it is possible to order/arrange with the 50MB package.

I'm hoping they're wrong.

You have been give the facts by Virgin; a fixed IP does restrict you 50Mbps down and 5Mbps up. To get more than that in a barren FTTC area you are looking at a leased line solution with an eye watering monthly fee.

Wickford, Essex - no FTTC available, ADSL abysmal so Virgin had to be used.. A single fixed IP, as per FTTC installations, was thought to be all that was required for incoming VPN connectivity. So that was ordered together with their 50/5 Business service. It seems for technical reasons on the Virgin network that's the best speed they call offer when a fixed IP is required.

Now the plan was to use the router provided, set it into modem mode and daisy chain into a Draytek 2830vN router and for that setup any help and advice from Virgin evaporates more quickly the water spilled in the Sarah Desert with the help desk at Draytek not faring much better.

To this day I don't understand why, but I was obliged to have a pool of IP address although only two were eventually used. There was no problem in providing this pool of IP address a week after the service went live using a so called Super Hub 2 which turned out to be loaded with Software Version BUS_V2.37.13.

Virgin provided detailed instructions of how to place their router into modem mode and the Draytek web site provided instructions of how to configure their router.to accept the service. So far so good. Getting our teleworkers connected in using different ISPs and their supplied router proved to be very stressful and in some cases was only possible by swapping out their router with a Draytek unit.

The built-in VPN client found in Windows7 and 8.1 was used for L2TP over IPsec with pre-shared key. OK we have only got 8 connected devices with three teleworkers, all accessing the document server with no issues at all.

The TBB speed test reveals that we have a straight line graph of 48.4Mbps down and minor blips giving an upload an speed of 5.3Mbps. Latency is 22ms. Maybe with 40 staff such a connection may struggle at times, but hey a few years ago you had to make do with a wet piece of string for your internet connection. Just because there are higher speeds out there, it doesn't mean you have to have, or need, the fastest.

In reply to a post by trolleybus:

To this day I don't understand why, but I was obliged to have a pool of IP address although only two were eventually used.

There was no problem in providing this pool of IP address a week after the service went live using a so called Super Hub 2 which turned out to be loaded with Software Version BUS_V2.37.13.

Virgin provided detailed instructions of how to place their router into modem mode and the Draytek web site provided instructions of how to configure their router.to accept the service. So far so good. Getting our teleworkers connected in using different ISPs and their supplied router proved to be very stressful and in some cases was only possible by swapping out their router with a Draytek unit.

How did you get a Super Hub 2 though? Did you just beg for it. They only want to give me a Home Hub 1 for the 50MB package which apparently doesn't have modem mode?

Is it true that a Home Hub 1 can't easily be connection to (say) a regular Draytek router?

In reply to a post by trolleybus:

The TBB speed test reveals that we have a straight line graph of 48.4Mbps down and minor blips giving an upload an speed of 5.3Mbps. Latency is 22ms. Maybe with 40 staff such a connection may struggle at times, but hey a few years ago you had to make do with a wet piece of string for your internet connection. Just because there are higher speeds out there, it doesn't mean you have to have, or need, the fastest.

We really do need the higher upload speed, it's essential to our internet-based high-data business.

In reply to a post by mstrom:

We really do need the higher upload speed, it's essential to our internet-based high-data business.

I don't suppose it'd be welcome to ask why you based yourself somewhere an essential resource wasn't available?

Anyway, if regular broadband connections aren't going to cut the mustard, and fibre isn't going to get to you, then you probably need to start considering a leased line. Not very expensive if it really is essential to the business...

I keep pointing at the Spitfire leased lines - not because I know anything about their business, but because they do put some prices up there.
Copper EFM at 10Mbps from £220pm, at 20Mbps from £320pm.
http://www.spitfire.co.uk/Ethernet_efm.shtml?headerb...

They also have prices for fibre leased lines, and the new GEA-based leased lines (though the latter won't work for you, if NGA fibre isn't coming to your cab).

You might even qualify for a BDUK connection voucher
http://www.spitfire.co.uk/BroadbandConnectionVoucher...

In reply to a post by mstrom:

In reply to a post by trolleybus:

To this day I don't understand why, but I was obliged to have a pool of IP address although only two were eventually used.

There was no problem in providing this pool of IP address a week after the service went live using a so called Super Hub 2 which turned out to be loaded with Software Version BUS_V2.37.13.

Virgin provided detailed instructions of how to place their router into modem mode and the Draytek web site provided instructions of how to configure their router.to accept the service. So far so good. Getting our teleworkers connected in using different ISPs and their supplied router proved to be very stressful and in some cases was only possible by swapping out their router with a Draytek unit.

How did you get a Super Hub 2 though? Did you just beg for it. They only want to give me a Home Hub 1 for the 50MB package which apparently doesn't have modem mode?

Is it true that a Home Hub 1 can't easily be connection to (say) a regular Draytek router?

In reply to a post by trolleybus:

The TBB speed test reveals that we have a straight line graph of 48.4Mbps down and minor blips giving an upload an speed of 5.3Mbps. Latency is 22ms. Maybe with 40 staff such a connection may struggle at times, but hey a few years ago you had to make do with a wet piece of string for your internet connection. Just because there are higher speeds out there, it doesn't mean you have to have, or need, the fastest.

We really do need the higher upload speed, it's essential to our internet-based high-data business.

When I started off the process of ordering the Virgin service, I made it clear that I would be using my own router. I thought that they would have simply installed a modem, but no the superhub 2 just turned up. Of course I was dealing with the business division so maybe that is the key there for the hardware that is supplied.

Of course it is disappointing that the upload speed doesn't match what you can get with FTTC but unless you are very lucky it wouldn't be much more than 10Mbps anyway. At least with FTTC you can go for bonding, something that apparently is not possible with Virgin as I gather they won't provide duplicate services to the same address.

I am afraid you are stuck with that 5Mbps upload speed unless you have deep enough pockets to go for a leased line solution or win the lottery to pay for gap funding to have your local cabinet upgraded to FTTC.

I suppose you could opt for higher speeds and try and get DDNS to work reliably but I just have a gut feeling that you will be doomed to failure going down that route for a cable service.

I can't comment on whether a superhub 1 has or hasn't a modem mode feature but if Virgin won't supply a superhub 2 to you then the only way forward is to purchase a Virgin cable modem/router from the Draytek range; it might be easier to setup than having two pieces of hardware and opens up the prospect of only needing one fixed IP.

Do keep us posted on your trials and tribulations that gets you where you want to be as we can all learn here on this issue. All I can add to the speed issue where the fixed IP is required is that Virgin did think that by the middle of next year higher speeds, both up and down, would become available. Remarkably adding that it would be a free upgrade.

BTW, we were obliged to accept a three your minimum term with no discounted exit fees if we left their service before the term was up.

In reply to a post by WWWombat:

In reply to a post by mstrom:

We really do need the higher upload speed, it's essential to our internet-based high-data business.

I don't suppose it'd be welcome to ask why you based yourself somewhere an essential resource wasn't available?

We were promised by BT that fibre (FTTC) would be available within 12 months (so 2 years ago) and since they were upgrading cabinets all around the area at the time I had no reason to doubt them.

I didn't consider the possibility that they would leave a cabinet in a densely populated London area unconnected for "mere" logistical reasons.

As you say, when the need gets pressing enough, and we can afford it we might have to get a leased line. Perhaps though in the meanwhile VM will allow 152MB with static IP as trolleybus and I are hoping/expecting.

In reply to a post by trolleybus:

All I can add to the speed issue where the fixed IP is required is that Virgin did think that by the middle of next year higher speeds, both up and down, would become available. Remarkably adding that it would be a free upgrade.

Do you have in writing/email and if so, can you PM me pls?

In reply to a post by mstrom:

In reply to a post by trolleybus:

All I can add to the speed issue where the fixed IP is required is that Virgin did think that by the middle of next year higher speeds, both up and down, would become available. Remarkably adding that it would be a free upgrade.

Do you have in writing/email and if so, can you PM me pls?

It was a conversation topic during the ordering process, so nothing to back up the statements made. I knew that the 50Mbps down would be OK for the simultaneous use of the connection with a large download in progress and 5 VoIP phones in use but 5Mbps wasn't so great to have so obviously enquired when that might change for the better and was advised it was something Virgin were actively working on with a probable availability of the middle of next year, maybe sooner.

I read in another thread it was something to do with a new release of DOCIS [?] being trialled at the moment. Exactly what the improved upload speed would be is unknown but to make any sense would need to match what is possible with FTTC. If it isn't then where both services are available, punters would naturally go for FTTC.

In reply to a post by trolleybus:

When I started off the process of ordering the Virgin service, I made it clear that I would be using my own router. I thought that they would have simply installed a modem, but no the superhub 2 just turned up. Of course I was dealing with the business division so maybe that is the key there for the hardware that is supplied.

Spoke to the salesperson again and they only intend providing a Super Hub 1. Will it be impossible to connect it to my beefy office router.

In reply to a post by mstrom:

In reply to a post by trolleybus:

When I started off the process of ordering the Virgin service, I made it clear that I would be using my own router. I thought that they would have simply installed a modem, but no the superhub 2 just turned up. Of course I was dealing with the business division so maybe that is the key there for the hardware that is supplied.

Spoke to the salesperson again and they only intend providing a Super Hub 1. Will it be impossible to connect it to my beefy office router.

I note that is standard policy to provide the Super Hub 1 if your connected speed is sub 60Mbps but you can opt to have the Super Hub 2 on payment of £50. Perhaps I was lucky to get it for free or it was considered essential for me to have one. Having a fixed IP with Virgin is something you have to request and is far as I can determine where incoming VPN connections are required, then at least a block of 5 fixed IP addresses are required for which there is an extra £5 per month to pay.

My initial impression was that you logged onto the Virgin router, clicked on the Enable Modem Mode button and you had the equivalent of the Openreach Modem to which you daisy chained into your own router. But no it's not like that at all with a fair amount of configuration required within the Virgin router which on reboot automatically placed it into Modem Mode.

In my case it didn't help at all with the supply of a DOA router requiring it to be swapped out for a replacement and that took over a week to arrive.

The Virgin Super Hub 1 may have the ability to accept the required configuration necessary for incoming VPN connections but I somehow doubt it. I personally found that knowledgeable people within Virgin Media for anything other than a routine connections are few and far between but once you discover the lightly staffed Business Essentials Team it's like speaking to a different company.

The sales staff just don't deviate from the standard scripts and you need to get through that wall to get the hardware you need together with a modicum amount of assistance to help you achieve your goals.

The bottom line really is that if you are a business customer, Virgin Media may not be for you but they do have a captive market in areas where broadband speeds are otherwise dire. To escape their clutches then a decent broadband connection can only be provided through a leased line, but that option doesn't come cheap - in my case it would be £550 month for a symmetrical connection of 50/50MBps.

Then there is the business continuity question. A leased line is fully managed with faults most likely to be fixed the same day. I had a Virgin connection down for several days, but that did involve digging up quite a bit of the pavement to fix the fault.

A quick look across the internet shows that someone setup OpenVPN with a super hub 1.

I'm not sure if you're VPN needs are different, but from the threads online it does seem possible.

The super hub 1 was put in to modem mode and the person had their own router sat behind it.

Why do you need a static IP?

Beside we're a backend/web dev shop and we run a internal staging server with a subdomain of our corporate TLD pointing to it (it's well firewalled).

It also hosts our internal wiki also on a public domain which remote workers must be able to access.

Anyway, as I'm replying below they are are now saying static IP not possible on Super Hub 2!

This is getting from bad to worse. We've been trying to persuade the saleswoman to give us a Super Hub 2 (for modem mode) but now she's saying that the SH2 won't support static IP even on a 50MB package!

So if she's right (I bet she isn't) we're stuck with either:
* 50MB on SH1 with static IP and presumably no way to easily connect it to our existing managed switch
* 152MB with dynamic IP but SH2 but manage without the static IP (impossible).

VM clearly aren't taking business customers clearly but we're stuck as we can't get BT Fibre (as explained elsewhere).

I'm almost tempted to stick with BT ADSL2+ at 16MB just to keep the existing setup that works with our switch and has static IP! Shame.

In reply to a post by bowdon:

A quick look across the internet shows that someone setup OpenVPN with a super hub 1.

I'm not sure if you're VPN needs are different, but from the threads online it does seem possible.

The super hub 1 was put in to modem mode and the person had their own router sat behind it.

What I found is that end users don't usually have inbound VPN connections looking more to connect to the office or wherever. So when someone says that VPN is possible through the router they have, it is necessary to discover whether they mean out, in or both.

My coal face experience is that all things are possible with a Draytek router connected to either a Openreach modem or a Virgin Super Hub 2 in modem modern mode, in the latter case though more than one fixed IP address is necessary and currently the best speeds available are 50/5. That very limiting factor makes FTTC the better choice if the service is available.

Maybe DDNS may mean you could opt for the higher speeds available from Virgin but I have no first hand experience of doing this.

In reply to a post by mstrom:

This is getting from bad to worse. We've been trying to persuade the saleswoman to give us a Super Hub 2 (for modem mode) but now she's saying that the SH2 won't support static IP even on a 50MB package!

So if she's right (I bet she isn't) we're stuck with either:
* 50MB on SH1 with static IP and presumably no way to easily connect it to our existing managed switch
* 152MB with dynamic IP but SH2 but manage without the static IP (impossible).

VM clearly aren't taking business customers clearly but we're stuck as we can't get BT Fibre (as explained elsewhere).

I'm almost tempted to stick with BT ADSL2+ at 16MB just to keep the existing setup that works with our switch and has static IP! Shame.

The sales person is WRONG! I am using the Super Hub 2 with static IP on their 50/5 service. It is loaded with software version BUS_V2.37.13. It uses compliant EU DOCSIS 3.0 - Once a later version is released ,higher speeds with fixed IP becomes possible; what that might give you, I don't know.

As said previously, the Super Hub 2 can be purchased for £50 from Virgin.

Thinking out of the box, why not use Virgin for downloads at 50Mbps with fixed IP and ADSL2 for uploads at presumably around 17Mbps. Exactly how you would do this I don't know but believe it is within the bounds of possibility.

I've not read the entire thread but these comments might help.

I have a Superhub 1 which definitely does modem mode. (I use it)

I run 2 OpenVPN tunnels constantly which are out (but I can't see why in would be a problem). My router can run these tunnels at 120Mb/s + out 10Mb/s in.

My IP address is nominally dynamic but never changes (year+), unless I want it to force a change by changing my router mac code.

I serve websites externally using dynamic dns without problem.

Hopefully this information helps.

You can't have the 150Mbps service with a fixed IP until sometime this year. You need a SuperHub 2 for that speed, and the SuperHub 2 is not capable of doing fixed IP`s at the moment. Firmware upgrade expected I think.

I have a SuperHub 1 with the 50Mbps service, and I couldn't get it to work with Modem Mode, but I did do the next best thing and get a block of 5 IP`s (which I ordered after I had had the service activated and installed), and it now works in a similar fashion as modem mode, and I have our Draytek 3900 handling all of the Firewalling and routing.

I don't want to say that Trolleybus is wrong, but the Firmware code that has been posted is the same as mine and I am on a SuperHub 1. I think SuperHub 2`s are still on V1.0 something or other.

Also, ADSL is asynchronous, so upload speeds are going to be a maximum of 1.5Mbps I would imagine.

Edited by fguk (Mon 02-Mar-15 12:29:52)

In reply to a post by trolleybus:

Thinking out of the box, why not use Virgin for downloads at 50Mbps with fixed IP and ADSL2 for uploads at presumably around 17Mbps. Exactly how you would do this I don't know but believe it is within the bounds of possibility.

The 16MB we're currently getting from ADSL2+ is the download! Upload is 500K or something!

Virgin salesperson still saying it's "impossible" but passed on query to Business Essentials team. Apparently since we're not current customers we can't talk to them direct.

I'm wondering if they really want my business.

Not sure if you missed my post because of the forum thread system.

You can do what you want, just not in quite the way you expect to.

Edited by fguk (Mon 02-Mar-15 13:19:39)

In reply to a post by fguk:

You can't have the 150Mbps service with a fixed IP until sometime this year. You need a SuperHub 2 for that speed, and the SuperHub 2 is not capable of doing fixed IP`s at the moment. Firmware upgrade expected I think.

Do you know why it's not possible?

In reply to a post by fguk:

I have a SuperHub 1 with the 50Mbps service, and I couldn't get it to work with Modem Mode, but I did do the next best thing and get a block of 5 IP`s (which I ordered after I had had the service activated and installed), and it now works in a similar fashion as modem mode, and I have our Draytek 3900 handling all of the Firewalling and routing.

How does ordering static IP (or a block of 5 IPs which presumably is pretty much the same thing) make the Superhub 1 work better with other routers or managed switches? Aren't they two different things?

What features or configuration prevents or enables it working with our existing managed switch? Is it the configuration required to get the static IPs to work that somehow makes it work "in a similar fashion" to modem mode? Care to share details?

(Out of interest as the static IPs assigned by DHCP?)

Note that fguk posted above that he also thinks SH2 doesn't work with static IP addresses.

In reply to a post by NickSpam:

I have a Superhub 1 which definitely does modem mode. (I use it)

Mind pointing me to instructions for this?

In reply to a post by NickSpam:

I run 2 OpenVPN tunnels constantly which are out (but I can't see why in would be a problem). My router can run these tunnels at 120Mb/s + out 10Mb/s in.

My IP address is nominally dynamic but never changes (year+), unless I want it to force a change by changing my router mac code.

I serve websites externally using dynamic dns without problem.

In our case we need real fixed ones without them changing even only once a year. It's business-critical.

I do not know why the SuperHub 2 on 152Mbps does not do static IP`s, I just know that it doesn't and a firmware update is scheduled to allow this. There are rumours about why it doesn't work on the cableforum website.

So with the 5 static IP`s, the superhub has one of them, and your router/firewall will have another of them, and it then uses the superhubs IP as its gateway address. In this configuration (it only works with 5 or 13 static IP`s), the SuperHub doesn't firewall or do anything to the traffic so far as I can see. This is why it works in a similar way to modem mode, because in effect there is no other device to configure to pass traffic once that is done.

Edit: this applies to your reply on NickSpams message

You will note that he doesn't have a fixed IP, but a DHCP one that changes only very infrequently. This is ok if you can cope with that as he does, but it is not a true fixed IP. Edit : I see you noticed that already.

None fixed IP`s and modem mode are fine. I don't want to speak for him, but he probably isn't on a business connection with the business firmware applied to the superhub1 either (which specific configuration I was told was not supported/didn't work)

Edited by fguk (Mon 02-Mar-15 15:10:22)

In reply to a post by mstrom:

Note that fguk posted above that he also thinks SH2 doesn't work with static IP addresses.

That's not what fguk says; he just reaffirms my experience that with Virgin the way you achieve a result is different to what you expect.

Actually I was trying to say that I don't think you have a superhub 2.

Edited by fguk (Mon 02-Mar-15 15:59:48)

If that's all it is then just have a process that pings out to find external IP every x minutes and updates your DNS programatically and have the internal dev server TLD on a low TTL on the DNS record.

Considering my IP on VM home changed probably 3 times in 2 years, and all of those were after outages, it won't be a problem. I don't see why you need a static IP.

If it's really that essential then keep the ADSL2+ line for your internal server and use the virgin media for everything else.

In reply to a post by fguk:

None fixed IP`s and modem mode are fine

Presumably a typo. What id you mean to say? It should or shouldn't work?

Sorry, for clarification

My information from VM Business support team is that the Superhub 1 with their business firmware loaded does NOT support Modem Mode. The button is there in the management pages to make it do the switch to modem mode, but it doesn't work once in that configuration. VM business support told me it was not supported once I enquired into why it wasn't working.

So I was incorrect in my previous post, I don't think the problem is about fixed IP`s, its about modem mode and the SuperHub with business firmware.

Yep sorry I wasn't paying attention, I don't have a VM business line. So different firmware.

Also for clarity I didn't mean that the dynamic IP changes infrequently, I meant it had never changed unless I had purposefully forced it to and that I have had the same IP for periods of more than a year.

So IP is pretty much static but without guarantees obviously this would be a risk.

Not doubting the need but I'm kind of curious why static is so important. Naively I would have prioritized multiple connections as more important.

Thanks for the suggestions but neither of those are option for technical and business reasons that are too complex to enumerate.

In reply to a post by mstrom:

How does ordering static IP (or a block of 5 IPs which presumably is pretty much the same thing) make the Superhub 1 work better with other routers or managed switches? Aren't they two different things?

If you can get a block of 5 IP addresses (actually a /29 subnet with one address permanently allocated to the Virgin device), you should have no problem setting up any router you choose on the Virgin service. You set the router's WAN port to one of the unused IP addresses in the block, subnet 255.255.255.248 (which corresponds to a /29) and the gateway is the Virgin device's IP address.

As you are using a static configuration on the WAN port you will need to configure DNS on the router. It's up to you whether you use Virgin's DNS service, another DNS provider (such as Google 8.8.8.8 and 8.8.4.4), a mixture of DNS providers for resilience or run your own recursive DNS server in house.

Your router will need to run NAT on its own WAN IP address and be a firewall.


The bonus is that you have four public IP addresses you can dedicate to your devices, either using 1:1 NAT or a "no NAT" configuration. These days there is little bar to using the "network" and "broadcast" addresses from your public subnet, which gives you two further public IP addresses to use.


This probably sounds pretty complex but it's a standard configuration for multiple public IP addresses (sometimes called a "routed IP" configuration). There's many possible routers you can use if you want to take advantage of multiple public IP addresses - on my Zen connection with a /28 subnet I use a device running the pfSense open source firewall.

Thanks David_W, that's particularly useful.

So i can happily use Super Hub 1 with my existing (Zyxel) router or any other equipment as long as is does the stuff you state (NAT on WAN interface etc.) - great!

Custom DNS server was another requirement so good to know Virgin isn't BT which tries to make it difficult to set your own DNS.

We don't really need >1 IP address because we have a nice little proxy internally that routes based on subdomain, port or URL pattern anyway.

After all the comments here, we are evaluating the absolute need for a static IP address, or using another line just for that!

After all the comments here, we are evaluating the absolute need for a static IP address, or using another line just for that!

The scenarios where I could, possibly, envision static IP to be essential are:

i) even a few seconds of lost connectivity following an address change is unacceptable (but then it will be on top of the restoration of disconnection that led to the IP change in the first place, as I've yet to come across a provider that changes a dynamic IP address on an active connection)

ii) Persistent connections that take a while to re-query the DNS (but see (i) above). OpenVPN can be a bit like that. But see (i) above. Again

iii) Security policies that require IP address rather than DNS query - but that brings about its own set of maintainability issues that could bring the security policy into question. And will never be as secure as other techniques (Could potentially be resolved through use of IPv6 tunnel)

iv) MX records direct into your network - MX records can't be CNAMEs (see solution below)

Other than that, I would (and do) use a DNS entry in my zone CNAME'd to a dyndns entry.

For situations where the CNAME isn't acceptable (see MX records), get the lowest-spec Linode VPS, VPN it into your network, and forward required ports (only!!) from the Linode static address via iptables or stunnel or anything else you fancy. Use the Linode machine IP as the DNS entry for those services (obviously).