Hi folks.

I have recently successfully switched (manually – not via a so-called “One Touch Switch” service, which I don’t trust to work properly) to BT Full Fibre 500, from my prior and competing provider, Virgin Media.  Over the years, from a once reliable state of service provision, VM’s service, for me at least, had denigrated to one of unacceptably regular outages.  So, I made the switch to BT Full Fibre, which, from a canvas of opinion from trusted friends, appears to be one of the most reliable OpenReach providers.  I don’t need bragging-rights on top-line speeds.  What I do need is rock-solid reliability, and BT seemed to strongly tick that box.

Positives So Far

So far, I have been very impressed with quite a few aspects of the BT Full Fibre 500 solution.

In particular, I was impressed with the following:

1. All my call centre enquiries (initial contracting, plus 1 or 2 follow-ups) have been with BT colleagues based in UK-based call centres.  The benefits of BT’s approach are clear and undeniable.  It is a major competitive advantage for BT to have this.
2. The call centre colleagues I interacted with all appeared to have received good training, spoke clearly, and adhered to broad ethical rules.  The same cannot be said of all competing providers.  I have contracted, in the past, with companies who (and still do) rely on unscrupulously managed “out-sourced” call-centres, and avoiding that was another positive feature of contracting with BT.
3. On the day of installation, the sub-contracted OpenReach installers (from a company called Circet) were straightforward and plain-speaking in their advice on the best and most practicable position for the (1) the OpenReach ONT (Optical Network Terminator) (the “little white” wall-based connection unit), (2) the BT Smart Hub 2, and (3), the EE Hybrid Connect unit (essentially, a 4G SIM-based “mobile signal” redundancy unit).
4. Also, on the day of installation, the installers were quick and efficient in their work, and to the best of my knowledge and understanding, did a good job with all the practical aspects of the installation.  (i.e., they did the job right, first time.)
5. Last but not least, the quality of the full fibre internet connection has been rock-solid.  Web usage has been pleasingly quick and snappy since the day of installation.  In particular, the speed and responsiveness over my in-house wi-fi setup has been impressive.  I also ran a huge (at least, by my standards) online backup (upload) of my files (with a respected provider), and the upload speed and stability of the multi-hour upload was impressive.

All things considered, within our household, we feel that we have made the right decision to contract with BT for our broadband.  My impression, so far, is that the company appears to be “run right”, and that the underlying OpenReach network provides a solid broadband infrastructure.  Of course, I have read a few negative accounts on these community forums, but I am hopeful that these are outliers from the norm.

One Problem:  A ThinkBroadband “Broadband Quality Monitor” (“BQM”) Is Not Supported As Standard By The BT Smart Hub 2

I ran into one small problem, which many users on here will have no doubt encountered themselves with their BT Full Fibre setups.

The problem is that ThinkBroadband’s “Broadband Quality Monitor” (“BQM”) service, is not, as standard, supported by the BT Smart Hub 2.  This is confirmed on a ThinkBroadband page, here, under the heading called “Not Supported”.  For those who are not familiar with ThinkBroadband’s BQM service, it essentially provides a graphical representation (or “visual snapshot”) of your broadband connection quality.  I used it for many years with my prior provider (Virgin Media), given their propensity (at least, for me) for poor connection stability, quality and reliability.  It gave me a good visual representation of what was happening with the quality of my connection.

On my prior provider’s (Virgin Media’s) Hub 5 unit, the BQM service was supportable by going to Advanced Settings > Tools > then enabling “Respond to ICMP echo requests sent to WAN IP”.  Regrettably, no such setting exists in any menu of the BT Smart Hub 2 (accessible via the administration link, which is http://192.168.1.254).  I suspected it might be available via Home > Advanced Settings > Firewall, but alas, no such setting exists on that page.

Regrettably, I Cannot Implement a Third-Party Router Solution

Regrettably, I cannot implement a third-party router (many of which support interaction with ThinkBroadband’s BQM service) as a solution.  Rather, I must keep using the BT Smart Hub 2, as our household needs to use the new Digital Voice (“internet phone”) handsets.  The Digital Voice handsets are only compatible with the BT Smart Hub 2 unit.  So, regrettably, I cannot implement the often-recommended solution of using a third-party router in-place of the BT Smart Hub 2.

Current “Best-Known Workaround”:  Enable a DMZ (a “De Militarised Zone”) on a Single “Safe”/Low-Risk Device, and Have That Device Respond to the BQM Ping Requests

This brings me to what I believe is the “current best” solution to my BQM problem.

To the best of my current knowledge and understanding, the best known “work-around”, to get a working BQM for a BT Smart Hub 2, is to enable a DMZ (a so-called “De Militarised Zone”) on a single “safe” / “low risk” device, connected to the BT Smart Hub 2 via ethernet, which will, essentially, respond to the pings of the BQM service.

It looks like a number of other forum users report using this strategy.  Some of the best examples are here (probably the most authoritative link on how this is done) and here.  It involves implementing certain “DMZ” settings via the Smart Hub 2’s administration link.  (i.e., you go to http://192.168.1.254 > Home > Advanced Settings > Firewall to implement those settings.  The settings are described in the first forum post linked in this paragraph.)

The reason it is best to connect the selected/nominated device via ethernet, is that if a device was connected via a wi-fi connection, it would add “wi-fi latency” to the BQM results, thereby skewing them negatively (i.e., the BQM snapshots would show inaccurately higher latency).

The Notable Risks of “DMZ-ing” a Selected Device (Piece of Equipment)

Frankly, I am no expert when it comes to the finer details of secure networking.

That said, here is my rudimentary understanding of how this works, and the risks involved.  One device, with either a static or a private DHCP (Dynamic Host Configuration Protocol) address, can be placed into the “DMZ” (“De-Militarised Zone”).  The Smart Hub 2 will give it a private IP address and will forward all appropriate traffic to this device.

It is known that placing a device in the “DMZ” has significant implications for its security.  Although the device will still be behind the Smart Hub 2's firewall, all unsolicited traffic not rejected by the firewall will be sent to the device, meaning that it will have significantly increased vulnerability to online attack vectors.  (On the topic of “DMZ risks”, a range of articles and forum discussions are available under a simple Google Search of that term, here.)

My limited understanding is that it would be a very bad idea to place any of the following within the “DMZ”:

• Any of your actual computer systems (desktop computer(s), laptop(s), etc).
• Any mobile device(s) (i.e., any of your smartphones).
• Any working tablet.
• The Smart Hub 2 itself.
• Any BT-provided “disc” (wi-fi repeater) unit, if these are being used.
• Any mesh system unit, if these are being used.

So, to repeat, at time of writing, it is my limited understanding that nominating any of the above would pose significant security risks and open these key devices to a multitude of online attack vectors, leading them to become compromised quickly.  That could mean real risks to the security of your online and broader affairs.  In short, don’t risk doing that.

Mitigating the Risks:  Adopting a Lower-Risk Approach to “DMZ-ing” a Selected Device (Piece of Equipment)

On the flip-side, as far as I understand it, a good candidate for a “DMZ’d” device could be:

1. An extra wired router (general eBay search here) from an established networking company, connected by ethernet, to one of the available BT Smart Hub 2’s ethernet ports.  Nothing else would be connected to the extra wired router.  Examples, off the top of my head, could be from TP-Link (eBay search here), Linksys (eBay search here), NetGear (eBay search here), Mikrotik (eBay search here), DrayTek (ebay search here), or CISCO (eBay search here, albeit, generally speaking, presenting units that are quite large-sized and designed for enterprise applications).  Other buying platforms and brands are of course available.
2. Perhaps, some kind of “locked down” small-sized Raspberry Pi device, with ethernet connectivity, which would respond to the ThinkBroadband’s BQM ping requests only.  Sadly, I am no expert, at all, on Raspberry Pi devices, and so I am inclined to look past this option.  If anyone could advice on making that work, I would be open to suggestions and guidance however.
3. Some other kind of stand-alone “relatively safe” ethernet-connectable device that I have not considered.

My Practical Actions and Questions

In terms of practical actions, I have bought this low-cost second-hand TP-Link wired router, on eBay here.  I am hopeful that I have selected a good candidate device to place in the “DMZ”.

I intend to test-out connecting the wired router to my Smart Hub 2 (via ethernet cable) as a stand-alone device, placing it in a “DMZ”, and attempting to get the BQM to work in conjunction with the device.

All things considered, my questions are:

1. Am I on the right track with my approach?
2. Have I selected a good piece of equipment to place in the “DMZ”?
3. Are there any risks that I have not considered with my approach?

Thanks so much for reading my long post folks, and thanks in advance for any feedback that anyone may have to offer.

I am very pleased so far with my BT Full Fibre experience, and hope that this post might be useful for other users making a similar transition to BT, and who want to get a BQM working.