Need to upgrade cable modem and avoid Puma 6 problems
I will have to upgrade my Comcast broadband soon in order to lock in a new 2 year deal. My service will upgrade to either 600mb or 1gb, depending on the deals. I need to go to at least 600mb down to get 10mb upload speed. Anything slower gets a 5mb upload speed, which is useless to me.
I will need to buy a better cable modem for this. The Puma 6 problems limit the choices available. Before going into my question, if anyone can recommend a reliable replacement, Docsis 3.0 or Docsis 3.1, I will appreciate it.
The question: I have my eye on the Motorola MT7711, A 24x8 Docsis 3.0 cable modem router with voice. PfSense is installed on a Shuttle 68u, with a Passmark of about 1700. The only packages installed are pfBlockerNG and OpenVPN (3 different VPNs for different purposes, VPN speed is not an issue as long as it is at least 10mb). Voice is not being used now but may someday if Comcast ever improves call blocking to the level of Ooma.
If I installed the Motorola MT7711 and port forwarded the OpenVPN ports to pfSense, keeping pfSense on a different subnet, what's the downside other than complexity? To the good, The modem/router would be the one hammered from the internet. OpenVPN is protected with user certificates that must match the user id being used and each device uses a different user certificate, so it's not an issue either way.
With the Puma 6 problem, decent cable modems are hard to find and this one has very good reviews.
Over-complicated - yes. Suggestions welcome.
The puma 6 problem to be honest might of been blown a bit out of proportion, and there were some software updates.. I have a SB6190, which has the puma 6 and have had zero issues with it..
If I was in the market for a new modem, I would go with the SB8200 most likely..
NollipfSense last edited by
Never heard of the puma6 issue however, I had been using the Cisco DCP3010 since 2015, no issues.
chpalmer last edited by chpalmer
We deploy the Motorola MB8600 anywhere we have cable. It runs quite a bit cooler than the Arris model and has been very reliable even under constant high bandwidth use.
The Motorola also has a better "front end" and surge protection.
provels last edited by provels
I use a Netgear CM600 DOCSIS 3.0 24x8 on my Comcast (nominal) 300/20 line. Broadcom chipset. No voice, but don't want. I've learned I can use my cell phone at home, but not my home phone in the car... Has a nice frontend with status and error counters for all channels. Replaced my Motorola SB6120 3.0 when they started giving me robocalls on it being unsupported. I've seen as high as 360/25. https://www.speedtest.net/my-result/d/20a67303-b9dc-4f22-bf61-53732f9890f5
I'm surprised you have to go so high in DL to get even 10Mb UL. I don't think you'd want to double-NAT pfSense.
That is nice choice - I checked with my isp, and it is on their list of approved... It would for sure be a toss up between.. The SB8200 does have more ram.. But only 2 ports, while the MB has 4.. This is future proofing, but only in the sense do you believe your ISP is going to provide more the 2GBps packages that you would switch to in the life of the modem??
Either would good choice.. They both support AQM, etc.. I do like the power button on the MB - helps vs having to pull the plug if you need to reboot it, etc.
While cooler is better - the thing is quite large compared to the arris..
I will take a look at the Motorola MB8600. I also found a couple of Netgear modems that have good reviews, especially the CM1000. Also the Arris model. I have a few months to figure it out.
I found one downside that might be a showstopper. DDNS in pfSense has more granular control than most other routers. DDNS on an inside router won't work. The router facing the internet must do the work and I have no idea how well the one I mentioned above can do the job. Also, I have no great desire to modify all my OpenVPN configuration files on all my devices.
@johnpoz Yesterday I read that some Arris models have an associated number that start with a T and some start with something else. The 'T' models are ok. The others have the Puma 6 concern. Other than a T25 model, I found no other Arris models with a T anywhere in any associated number, although I was looking on the Internet and not at boxes at Best Buy. I have no idea if that snippet I read is factual.
chpalmer last edited by
Replaced my Motorola SB6120 3.0 when they started giving me robocalls on it being unsupported.
The Motorola name is nothing more than that when it comes to cable modems.
The SB models were made by Arris.
The MB models are made by Zoom.
The link to badmodems given already will list all models that have the puma6 chip set.. But again my sb6190 has puma6 - and have never seen any issues with it..
I get my full speed on downloads 500+ MBps down - quite often higher I pay for 500/50.. Never any issues downloading anything, nor streaming to the many friends and family that share my plex..
Have not noticed any sort of issues at all.. Like I said it think it was a bit blown out of proportion.. And they did release some firmware to help mitigate the problem.. But to be honest I doubt normal use would find it a show stopper or even see the issue, some response times might be higher then they should be..
But your typical use you would prob never notice it.. When I switched out my old docsis 2 modem, and when with 3.0 - the sb6190 was the only one on the approved list.. So I had to go with it... I could switch it out now with the 8200 or the MB8600 - but at this time not going to spend $150 for something I don't notice.
But since your in the market for new - then yeah for sure I would get something does not have the issue.. Neither of the SB8200 or MB8600 are listed to have the problem.. Check out the badmodem site for all the info you would ever want on the issue.
chpalmer last edited by chpalmer
I had a Linksys CM3024 which became the star of a youtube video where we torched it. Way to flammable but I digress.. That was my first experience with the problems with the Puma6. I blamed the ISP for all our VOIP problems.
The original problem with traffic flow exhibited itself with UDP traffic. DNS suffered greatly. VOIP traffic also suffered as well as VPN connections over UDP. Many ISP's have pushed out updated firmware which has fixed those issues. But the other security issues still exist.
"It is a unpatched 0-day exploit that has no current mitigation with published code anyone can download and target other users."
"In addition to the DoS mentioned above, there's also a memory corruption DoS which causes a full modem reboot. The details of this attack have not yet been published while a patch is being worked on."
Yep. YMMV. :)