Summary of Comcast's support of IPv6 on their CPE for their copper cable network

Ted Mittelstaedt tedm at ipinc.net
Sat Jun 20 00:23:56 CEST 2015


Hi All,

   The following is a "state-of-the-union" overview of Comcast's IPv6
support on it's residential and business copper cable network.  I would 
appreciate any additions to this post!

PREFACE

   Comcast provides Cable Internet service to subscribers running DOCSIS 
2 and DOCSIS 3 Customer Premise Equipment (CPE) ie: "cable modems"

   Comcast has run 2 IPv6 trials so far.  The first trial was years ago
and was IPv6 tunneled over IPv4.  That was eventually shut down.

   The second trial was in 2014 and ended late 2014/early 2015.  Comcast 
has been rolling out IPv6 in production to endpoints since that time.

   Comcast expected to offer static IPv6 early this year but CPE 
problems have (apparently) delayed this.

   Comcast offers 2 "tiers" of service, Residential-branded-Xfinity
service and "comcast business" service.  NO static IPv4 addresses
are available on the Residential service.  Furthermore, Comcast's
Terms of Service prohibits running public servers on it's Residential
service:

http://www.xfinity.com/Corporate/Customers/Policies/HighSpeedInternetAUP.html

"...use or run dedicated, stand-alone equipment or servers from the 
Premises that provide network
  content or any other services to anyone outside of your Premises local 
area network (“Premises
  LAN”), also commonly referred to as public services or servers. 
Examples of prohibited
  equipment and servers include, but are not limited to, email, web 
hosting, file sharing, and proxy
  services and servers;..."

Comcast enforces this with a list of Blocked Ports:

http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/

this list includes SMTP.

Because of this IPv6 connectivity on Comcast Residential can only be 
considered in terms of "IPv6 clients access to the Internet's IPv6 
Services"

Comcast's Business Service ToS permits public servers.  In order for 
public servers to be effectively used they must have static IP 
addresses, and forward and reverse PTR records in DNS.  Comcast sells 
static IPv4 both single IP addresses and subnets and they will enter PTR 
records for IPv4 they have statically assigned.  Subscribers ARE 
REQUIRED to "rent" Comcast-supplied Customer Premise Equipment (CPEs) in 
order to have static IPv4 subnets.

These restrictions prompted this post, as having CORRECTLY FUNCTIONING 
IPv6 ON COMCAST-SUPPLIED CABLE MODEMS is a REQUIREMENT for business 
customers being able to use IPv6 in a "client mode" as well as offer 
IPv6-enabled services to the Internet.

There is very little to gain for a business customer on Comcast to sign 
up for a "Comcast Business" account and NOT use static IP addresses,
such customers would be well advised to subscribe for a Residential 
account and save their money.  Comcast routinely provisions "Residential 
Xfinity" accounts into business street addresses.

Comcast is also rolling out 150Mb+ speeds that require more channel 
support on the CPEs.  Most existing CPEs DO NOT have this support.

So far Comcast has NOT officially offered static IPv6 on it's copper 
cable network.

IPv6 OPERATIONS - RESIDENTIAL

Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices. 
DUE TO VARIOUS PROBLEMS AND CPE BUGS AS WELL AS THE EXPENSE OF RENTAL, 
RESIDENTIAL CUSTOMERS WANTING TO RUN IPv6 SHOULD PURCHASE THEIR OWN CPE 
AND RUN AN IPv6-ENABLED ROUTER BEHIND A CABLE MODEM IN "BRIDGED" MODE.

A list of these is here:

http://mydeviceinfo.comcast.net/

A highly recommended and readily available CPE from the used market is 
the Motorola SB6120.  This is an older modem that cannot take advantage 
of the higher 150Mbt+ speeds.  A newer modem that can is the SB6141 but 
those are still "teething" according to the forums so YMMV

Contact Comcast support with your modem and tell them you want it in 
"bridged" mode and your running your own router.  They will provision 
everything and push the config to your modem.

You will have full "client access" support of the Internet via IPv6, 
assuming the router you purchase properly supports IPv6.  You router 
must obtain IPv6 (and IPv4) via DHCP.

IPv6 OPERATIONS - BUSINESS

Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices
(or subscriber routers) for LAN side usage.

In the DOCSIS 3 class there are 3 major CPE's that are supplied to
Comcast Business customers that have been IPv6 enabled that "work" - 
somewhat.  These are the following:

SMC D3G
Netgear CG3000DCR
Cisco  DPC3939B  (known to Comcast support as the Cisco BWG)

Note that Comcast Support can (as of this date) only order EITHER the
SMC or the Cisco.  However, they can specify a SMC and then put in the 
notes to substitute a Netgear.

Note also that these CPE's all supply Comcast DNS IPv6 servers from 
DHCPv6 broadcasting.  If you run your own DNS servers you likely will 
need to configure anything connected to the LAN port of these CPE 
devices and using public IP addressing to overrride any IPv6 DNS server 
IP addresses with your own DNS server's IPv6 address.


SMC D3G.  This device does not support the higher speed 150Mbt+ Comcast 
service that is being rolled out.  Otherwise it is a solid, dependable 
modem in IPv4 mode for 50MB/10 and below service.  In particular this 
device is recommended if you are using a SIP-based VoIP phone switch.

It's IPv6 support is spotty.  By default it supports both auto 
configuration and DHCP6 for LAN-connected IPv6 clients.  However Prefix 
Delegation (PD) is broken on the device.  Comcast is aware
of that issue and filed a bug with SMC in December 2014.  It's unlikely 
that bug will ever be fixed, however, as SMC has shown no interest in
fixing it.  When I pressed Tier-2 Comcast Support they refused to 
confirm or deny that Comcast has abandoned pressure on SMC to fix this, 
but they repeatedly said that it sounded like a low-profile bug and 
suggested I get a different CPE.

   Furthermore, the device has an "IPv6-specific" firewall enabled by 
default which blocks incoming IPv6 from the Internet, so setting up 
IPv6-enabled servers is not possible with one exception.  However when 
that exception is used the CPE becomes unstable and periodically reboots.


Cisco DPC3939B AKA Cisco BWG. This devices DOES support the 150MB+ 
speeds.  It's identical to the DPC3939B used for Residential Xfinity 
service with the exception of some firmware changes.  It has an embedded 
WiFi in it that will advertise Xfinity Public Wifi.  Comcast support can 
disable that Wifi on request but when the modem is rebooted the wifi 
will turn back on.  While Xfinity Residential customers can login to a 
page on their account and disable this well, Business customers cannot. 
  This WiFi provides public access to anyone in the vicinity and cannot 
be configured so that users are blocked from associating to it.   In 
addition the Wifi antennas are located internally.

IPv6 sub-prefix delegation is also broken on this device.   By default 
it supports both auto configuration and DHCP6 for LAN-connected IPv6 
clients.

Netgear  is CG3000DCR
This device does not support the higher speed 150Mbt+ Comcast service 
that is being rolled out.

IPv6 sub-prefix delegation works on this device.  The device will supply 
a /60 on request of a router.  However there is a bug that causes the 
devices to periodically stop routing IPv6.  This can be fixed with a 
workaround on the LAN IPv6 Setup Page, change the "Valid Lifetime" to 3600.

There is also a second bug with this device that has to do with SIP ALG 
packets and statically-assigned IPv4 subnets.  The bug will cause the 
device to get slower and slower over a day or two until it's rebooted. 
The fix for this is to call into Comcast's Tier 2 support and request 
that SIP ALG be disabled on the device.  Supposedly, firmware version 
v1.34.02 or later corrects this problem.  However this device is NOT 
recommended by Comcast Support for ANY VoIP use.

So the upshot is, some good, some bad.

Thanks!

Ted








More information about the ipv6-ops mailing list