Here is an interesting problem, if you have a Virgin Media cable (Not fibre or leased line) connection (for business) and have requested the static IP service, initially their sales will try and put you off the static IP asking if you need it and saying there are some issues with the service, but won't really tell you why!
Well unfortunately I've now discovered the issue, so thought I'd post about it for others to be wary of this "business class" service. Firstly, we know how the VM cable network works, they have co-ax to the premises that take you back to their cabinet, from there they mux it back to their central exchange. Now the observant of you will note, no separate cabinet for home or business cable, no separate links to the exchange for home or business, so at all times you are sharing this portion of the network. Not a huge issue as capacity is normally good, but something to be weary of that during 'home' hours (after 5pm generally) the service will be noticeably slower.
So this now bring the interesting problem to light, you are connecting to a home service with business features (static IP, etc).
Virgin Media uses a DHCP-based cable network (DOCSIS) and so when your router connects it asks for an IP and is given it, from what I'm assuming is kit at the head end (not cabinet). This is where the problems start, they don't have the ability to add a static allocation from here (Probably how their pools of IPs are allocated to local exchanges/cabinets, and/or their DHCP servers).
Inside the street cabinet doesn't reveal much active equipment, the magnavox amplifier unit is line powered from the main co-ax uplinks (Big chunky cables coming in bottom left) and then split to the cable junctions to end users (bottom middle) and potentially legacy twin-core/pair copper to the right.
This setup of sharing the residential with business then causes them a headache when a business customer asks for a static IP, how to solve that with the DOCSIS implementation Virgin Media has used? What they do is create a GRE tunnel using the business hub (Hitron router) to their datacentre, where they allocate the public IP on that end of the tunnel and allow it to connect out from the datacentre. This also allows them to bypass any content control, filtering, etc, as it is then emerging from the tunnel at their datacentre rather than the regular pool.
Most of you are probably hearing the alarm bells ringing now. GRE tunnel to datacentre, so the tunnel is established using the Hitron router on your premises and breakout is somewhere in the VM datacentre network. This to me shows several potential problems, the first being MTU.
Over the GRE tunnel MTU can and will be reduced, my conversations with VM support suggest this is down to 1440 but I've not fully tested this.
The second is that I'm not not sure where/what is doing the NAT for our connection. Although the Hitron allows me to setup DMZ, port forwarding, etc, I'm not clear if this is working through the GRE tunnel or not! This also introduces a further complication, you CANNOT use the Hitron router in modem-only mode, so you HAVE to use the NAT functions on this router, again not good for a business class product aimed at people who would want to do their own NAT or control via their own server, etc. So you're stuck with the firewall and NAT functions on the Hitron, and whilst basic they seem to do what's needed.
That is until you start to use SIP/VOIP. This seems very problematic, as allocating the RTP data ports seems spotty, registration to a SIP gateway on udp/5060 also seems to be affected as sometimes it works, then stops and won't start again for a long period of time. This is regardless of if you setup your voip server as DMZ because some issues still remain.
Then you have the major showstopper I hit upon, after some arbitrary time the connection will drop (no surprise, they have to upgrade, have outages, etc) but when it comes back, SIP registrations will FAIL. For some reason packets don't make it out of the Virgin Media network. So from your originating server, you can tcpdump and see the traffic, but the receiving end doesn't see it. No matter what you do (reboot Hitron, reboot your server, re-recreate connections, etc) it won't recover, and this brings me to a theory. There is some sort of session being held on the remote end of that GRE tunnel for your static IP. And as such it is blocking/stopping new sessions to the same destination IP, causing your SIP registration to fail and your VOIP solution to stop working. My guess on this is because it depends on what is on the other end of that GRE tunnel, and what it's involvement is in your connection. It may be some type of firewall, in which case it's trying to keep state of UDP sessions and failing miserably. It may be a router, in which case I'd not be expecting the issues we have seen, but it's still possible.
So far Virgin Media have confirmed that there is a known issue with static IP addresses on their business cable solution, but before you buy they won't go into much detail, and after purchase unfortunately you're stuck in this solution where you can either live with the issues on static IP, or drop back to a dynamic DHCP allocated IP and not have the GRE tunnel.
I suspect the solution to this is to move to a dynamic IP on the service and then switch to modem-only mode so nothing is doing NAT on the connection. I'll post back on further diagnostics that I carry out to further explore what the issue is and if it can be worked around. So far no work-arounds I've tried have worked, other then connection out using an alternative UDP port for SIP (Which most SIP providers won't do).
After some conversations with VM they have switched the connection to a dynamic IP. Beware, as when they do this they reconfigure things their side, tell you to reboot the cable modem and it takes you offline. That's because the GRE tunnel information is still coded into your cable modem. Factory resets using the front button, rear pin press button and control panel interface for factory reset doesn't seem to work (Doesn't appear to factory reset at all as settings do not revert to when shipped) so this causes you outage. In this case Virgin Media had to send an engineer out to do another reset to the cable modem to resolve this. When they did that the modem connected up and got an IP from the dynamic local pool.
After this connection was restored, and sure enough the VOIP sessions re-established and maintained their connection to the VOIP provider. (Again the VOIP server was setup as DMZ target on the Virgin Media Hitron hub) So this has appeared to solve the issue with SIP registrations over the service.