(Last Updated On: )We have Comcast Xfinity cable internet. It is the only internet provider I can get. Because it is cable internet I am served my internet over a coaxial cable to an Arris modem, currently an under performing SBG7400AC2. This was a standard WiFi combo modem/router unit a long while ago. While it still functions it does not currently support the internet speeds we pay for. Nor the amount of wireless devices they have set upon it. The powers that be where I live refuse to upgrade, so they pay for speeds I cannot attain.
Well the router sucks as you would imagine, there is not much control over anything, and the wireless was severely lacking in performance. I have noticed that most household routers can only handle about 20 active clients before you start to really see an issue with speed and packet loss, pages timing out on you.
At work I occasionally deal with networking. I was able to get my hands on and install and play with some Ubiquiti gear in the past few months. I ended up getting a Ubiquiti Universal Dream Machine Pro and a pair of UniFi Flex 5 port switches for myself to tinker with at my house. The special edition was a tad too expensive but I should have gotten that one in hind sight. The SE version adds all PoE ports (but only two PoE+ ports) and a 2.5GB port WAN1 instead of a 1GB port WAN1. Both have two 10GB SFP+ ports. AND, it seems the SE gets all the damn software updates first! What the fuck Ubiquiti?? I was able to talk the “management” into letting me use my UDM-Pro vs their current crappy Arris stuff and they agreed. So I installed a UDM-Pro and an U6-Lite access point. It was fantastic, the wireless coverage was now covering the entire house and the basement as well as it being capable of handling up to 300 devices. Fanfuckingtastic! The UDM-Pro also was achieving higher speeds (by about 200MB) with the modem in bridge mode rather than it handling the overhead of router as well. This worked great for a while, until I started to notice lots of high latency periods and moments of lack of connection.
This lead to me having to pull out the UDM-Pro because it was causing issues for the “managements” Roku’s (fuck Roku, and their remotes, I’ve switched to Apple TV 4K and fucking loooove it!) and their printer along with constant internet drops. I have issues with them but that’s neither here nor there as they say. Tis another story… So I pulled my UniFi gear and installed it all in my room for my personal usage. I had to set up the Comcast Xfinity router in DMZ to a static LAN IP address for the UDM Pro vs bridge mode because they are all using the Arris for routing and WiFi. The speeds have dropped about 200MB because now the modem is also routing. But the connection to my UDM Pro WAN1 port is much much more stable. In the past 24hrs I have only had 4 times of high latency vs internet outages/packet loss & high latency constantly throughout the day. Dumb luck for me. DMZ mode also allows me to still host all of my websites and now funny enough my Xbox reports an open NAT type vs NAT1 or NAT2.
Oddly enough, at work I just installed a UDM-SE on a Comcast Business internet line, also served over coaxial cable to an Arris modem, or was it a Motorola? Anyway, same exact issues with loss of packets and high latency. So I started a Ubiquiti Community and Reddit search, and damn I found a shit load of people with the same problems. All have packet loss and high pings and reports of outages when using bridge mode with a Comcast cable modem (or cable internet in general it seems but mostly Comcast service). It seems that switching from bridge mode to DMZ might be the best solution at this time. I have also seen a few reports of people using an RJ45 SFP+ module for WAN2 vs WAN1 and that solved their Comcast issue. I have also read many reports of changing the WAN1 port from “Autonegotiating” to a fixed “1 Gbps FDX”. Many have had the most luck changing the echo server to a custom host. It seems the default ping.ubnt.com host just points to 1.1.1.1 and/or 8.8.8.8 – but something is amiss here because it is causing so many people issues vs manually selecting 1.1.1.1. Go to UniFi Devices > [UDM-SE/Pro] > Settings > Services > Echo Server. Select Custom and try 1.1.1.1, 1.0.0.1, 8.8.8.8 or 8.8.4.4. But this only works if you are receiving false positives.
specifying an ARP Cache timeout of 30s (try this too if you haven’t),
I’ have read the most successful long term fix is a cron job to delete the arp entries to the ISP modem, but this is lost on a reboot of the UDM.
So I added a file on udmp in /etc/cron.d/ with only one line:
4 * * * * sudo /sbin/ip -s -s neigh flush all
After more reading it seems that the ARP cache timeout is the major factor here. It might not be the ISP modem losing packets or dropping out to their network. It is possible UDM is losing packets and pinging high to the ISP modem. The issue is between the ISP modem LAN to the UDM WAN. I have seen a lot of reports of level 2 ISP engineering support getting involved and they don’t see any packet loss from the modems, but the UDM reports and has it.
The other fix is adding an L2 switch in between the UDM and the ISP modem. That’s what Ubiquiti suggests with Comcast internet. Adjust ARP timeout, force 1GB over auto-negotiation and add an L2 switch in front of the UDM.
The UDM-Pro has a 1GB WAN1 port, the UDM-SE has a 2.5GB WAN1 port. Both have the same issue with Comcast cable internet. I have customers using UDM-Pros with Frontier Fiber internet (ethernet from the ONT to the WAN1 port) and their connection is rock fucking solid. It seems Comcast has issues with Ubiquiti Dream Machines. I’ve read that their edge routers and the USG don’t have this issue with Comcast at all.
Awesome.
So in conclusion/TL;DR:
Do not use bridge mode on xXfinity routers
Try a custom ping site of 8.8.8.8/1.1.1.1 over ping.ubnt.com
Adjust the ARP timeout, start at 30 seconds and go from there
You can try an RJ45 SFP+ module in WAN2
Add a L2 switch/USG or pfSense/OpnSense in front of the UDM
DMZ over bridge: factory reset your modem/router and place it in DMZ mode instead of bridge mode with only the UDM Pro on port 1, assign a static LAN address to the UDM Pro. Everything should work as normal except now your UDM Pro will have a local LAN address vs the public address, but all routeing should still be forwarded to the UDM Pro such as the public facing IP, websites and things. Hopefully this solves your issue. I doubt anyone from either company gives a shit that much, I see posts going back a few years.
May the odds forever be in your favor.
Update 5-5-2023: I have changed the modem/routers at two locations that have Comcast internet from bridge mode to DMZ mode instead and this has successfully solved our packet loss and high latency issues. We still get random high latency warnings at both sites but that’s a mere difference from 20ms to 53ms in ping latency. I am not worried about that. The red lines are gone and the internet works just fine!
Links
https://community.ui.com/questions/ARP-Timeout-on-UDM-Pro-Potential-fix-for-packet-loss-using-Xfinity-Gageway/1744ceb1-279e-4c88-86a9-133f9c6e792c#answer/768d0b2f-c7e9-4583-b27c-610bae5d7013
https://community.ui.com/questions/ARP-Timeout-on-UDM-Pro-Potential-fix-for-packet-loss-using-Xfinity-Gageway/1744ceb1-279e-4c88-86a9-133f9c6e792c#answer/d36ad8fe-26ec-4f83-84a3-1873dbfec58c
https://community.ui.com/questions/ARP-Timeout-on-UDM-Pro-Potential-fix-for-packet-loss-using-Xfinity-Gageway/1744ceb1-279e-4c88-86a9-133f9c6e792c?page=1
https://community.ui.com/questions/UDM-SE—Internet-Heath—Packet-loss-detected/bda82f16-de39-40a0-ac43-0fc2e60676bf#answer/c8c948c6-2c42-4371-92cd-df99dfc26430
https://community.ui.com/questions/UDM-SE—Internet-Heath—Packet-loss-detected/bda82f16-de39-40a0-ac43-0fc2e60676bf
https://community.ui.com/questions/UDM-Pro-Unstable-WAN-Connection/93ac2c9b-fd1e-45e1-a807-cd385394534a?page=1
Discover more from Its_All.Lost
Subscribe to get the latest posts to your email.
