First, I apologize if this question seems to be "all over the place". I've tried to sum it up as clearly as I could, but there are a lot of moving parts, so I've tried to be detailed with my explanation.
I handle a small network for the property management company I rent from, and over the past 5 weeks, we've had intermittent connection to the internet.
Specifically, we have a Comcast Business Class connection coming through a Cisco DPC3939B DOCSIS3 router that is supplied by Comcast. I have access to the customer admin panel, and everything I can see there, but nothing more.
On the LAN side, three of the four ethernet ports are connected to a Monoprice 10927 consumer-grade gigabit switch, and each switch runs Cat6 to one of four wall jacks on each floor (each floor is a 3 bedroom unit, plus a living room jack).
The fourth port is used as a direct connection, to eliminate a 'hop' and directly access the router's control panel.
I've changed this configuration up quite a bit, replacing those switches with Rosewill gigabit switches, attempted a few other consumer-grade routers using dd-wrt and OpenWRT, and directly connecting to the router with no other devices.
The internet connection issues are consistent regardless of the configuration, and speed tests indicate that none of these devices introduce a bottleneck to the WAN.
All of this leads me to believe the issue is between the Cisco device and "the internet."
Originally, this device was reporting frequent "T3 – Ranging Response Timeout" errors, but a level 2 technician corrected an issue on-site, and those errors have not appeared for the past 10 days or so.
Thinking it might be a DNS resolution issue, I've overridden the Comcast DNS servers with Dyn, OpenDNS, and Google's public servers, and none offer a resolution to the issue.
Further, running ping and traceroute tests from the Cisco device to public servers never indicate any amount of packet loss. Running the same tests from devices on the LAN also indicate no packet loss, suggesting to me that it's not a mere connectivity loss, but a specific type of transmission failure.
Still, we're getting intermittent connections and disconnects, and I'm stumped as to why this is happening.
The firewall settings on the Cisco device for both IPv4 and IPv6 are set to "disable firewall completely" and yet the following is appearing in the firewall log.
FW.LAN2WAN ACCEPT , 2510821 Attemps, 2015/4/21 Firewall Blocked
This may just be very poor description, but it reads to me as if 2.5 million outgoing requests have been blocked by the supposedly disabled firewall, and the device offers me no other information about them.
Am I misunderstanding the output of the very limited logs I have, or are the logs unclear? Is my logic sound in the changes I've made, or am I missing something glaring?
Best Answer
I've been having similar issues with the same Cisco DPC3939B modem. From other reports elsewhere:
http://us.battle.net/d3/en/forum/topic/16410601200
http://speedify.com/blog/hidden-cost-xfinity-router-2/
http://forums.businesshelp.comcast.com/t5/Connectivity/DPC3939B-Working-Properly/td-p/16752
It appears there is something severely wrong with the firmware of this model. I'm now at my wits end, and am going to purchase a Motorola Surfboard SB6183 to replace the faulty Cisco DPC3939B.
http://www.amazon.com/ARRIS-Motorola-SurfBoard-SB6183-DOCSIS/dp/B00MA5U1FW/
Just for reference, we have three cablemodems at our business, An Arris with a modem port for our alarm system, another Arris for our polycom VoIP phones, and the DPC3939B for our internet connection. The other two are totally stable, but they are (i believe) 2 and 4 channel cablemodems, while the DPC3939B is a 16 channel model.
The behaviors seen while behind a DPC3939B modem:
Long running TCP connections will be interrupted, in some cases in as little as 10 minutes. This will force the following protocols to periodically reconnect: SSH, IRC, MAPI (Microsoft Exchange), IMAP4, Games using TCP instead of UDP like Diablo III, Starcraft II, almost any MMORPG like World of Warcraft or EVE Online, microsoft remote fileshares, FTP, Remote Desktop, remote print jobs with large page counts...
As much as it pains me, it looks like replacing the unit is the only way. I've tried every possible configuration option the cablemodem provides, even resorting to using a linux PC to act as a router, setting DHCP and DNS servers up, and trying to force my local network to avoid using the Cisco DPC3939B services directly, but nothing seems to help.
It should also be noted, Comcast's IPv6 implimentation relies on Routing Advertisement messages. Microsoft Windows will honor IPv6 RAs containing DNS server above all others -- INCLUDING LOCAL ACTIVE DIRECTORY DNS SERVERS, and preventing Active Directory lookups. The only way I've found to get MS operating systems to ignore the comcast ipv6 dns server is by unchecking the IPv6 protocol binding on the adapter.
Apologies for posting this as an answer instead of a comment, but I don't have a very high reputation yet.