Summary of Comcast's support of IPv6 on their CPE for their copper cable network
Ted Mittelstaedt
tedm at ipinc.net
Sat Jun 20 00:23:56 CEST 2015
Hi All,
The following is a "state-of-the-union" overview of Comcast's IPv6
support on it's residential and business copper cable network. I would
appreciate any additions to this post!
PREFACE
Comcast provides Cable Internet service to subscribers running DOCSIS
2 and DOCSIS 3 Customer Premise Equipment (CPE) ie: "cable modems"
Comcast has run 2 IPv6 trials so far. The first trial was years ago
and was IPv6 tunneled over IPv4. That was eventually shut down.
The second trial was in 2014 and ended late 2014/early 2015. Comcast
has been rolling out IPv6 in production to endpoints since that time.
Comcast expected to offer static IPv6 early this year but CPE
problems have (apparently) delayed this.
Comcast offers 2 "tiers" of service, Residential-branded-Xfinity
service and "comcast business" service. NO static IPv4 addresses
are available on the Residential service. Furthermore, Comcast's
Terms of Service prohibits running public servers on it's Residential
service:
http://www.xfinity.com/Corporate/Customers/Policies/HighSpeedInternetAUP.html
"...use or run dedicated, stand-alone equipment or servers from the
Premises that provide network
content or any other services to anyone outside of your Premises local
area network (“Premises
LAN”), also commonly referred to as public services or servers.
Examples of prohibited
equipment and servers include, but are not limited to, email, web
hosting, file sharing, and proxy
services and servers;..."
Comcast enforces this with a list of Blocked Ports:
http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/
this list includes SMTP.
Because of this IPv6 connectivity on Comcast Residential can only be
considered in terms of "IPv6 clients access to the Internet's IPv6
Services"
Comcast's Business Service ToS permits public servers. In order for
public servers to be effectively used they must have static IP
addresses, and forward and reverse PTR records in DNS. Comcast sells
static IPv4 both single IP addresses and subnets and they will enter PTR
records for IPv4 they have statically assigned. Subscribers ARE
REQUIRED to "rent" Comcast-supplied Customer Premise Equipment (CPEs) in
order to have static IPv4 subnets.
These restrictions prompted this post, as having CORRECTLY FUNCTIONING
IPv6 ON COMCAST-SUPPLIED CABLE MODEMS is a REQUIREMENT for business
customers being able to use IPv6 in a "client mode" as well as offer
IPv6-enabled services to the Internet.
There is very little to gain for a business customer on Comcast to sign
up for a "Comcast Business" account and NOT use static IP addresses,
such customers would be well advised to subscribe for a Residential
account and save their money. Comcast routinely provisions "Residential
Xfinity" accounts into business street addresses.
Comcast is also rolling out 150Mb+ speeds that require more channel
support on the CPEs. Most existing CPEs DO NOT have this support.
So far Comcast has NOT officially offered static IPv6 on it's copper
cable network.
IPv6 OPERATIONS - RESIDENTIAL
Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices.
DUE TO VARIOUS PROBLEMS AND CPE BUGS AS WELL AS THE EXPENSE OF RENTAL,
RESIDENTIAL CUSTOMERS WANTING TO RUN IPv6 SHOULD PURCHASE THEIR OWN CPE
AND RUN AN IPv6-ENABLED ROUTER BEHIND A CABLE MODEM IN "BRIDGED" MODE.
A list of these is here:
http://mydeviceinfo.comcast.net/
A highly recommended and readily available CPE from the used market is
the Motorola SB6120. This is an older modem that cannot take advantage
of the higher 150Mbt+ speeds. A newer modem that can is the SB6141 but
those are still "teething" according to the forums so YMMV
Contact Comcast support with your modem and tell them you want it in
"bridged" mode and your running your own router. They will provision
everything and push the config to your modem.
You will have full "client access" support of the Internet via IPv6,
assuming the router you purchase properly supports IPv6. You router
must obtain IPv6 (and IPv4) via DHCP.
IPv6 OPERATIONS - BUSINESS
Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices
(or subscriber routers) for LAN side usage.
In the DOCSIS 3 class there are 3 major CPE's that are supplied to
Comcast Business customers that have been IPv6 enabled that "work" -
somewhat. These are the following:
SMC D3G
Netgear CG3000DCR
Cisco DPC3939B (known to Comcast support as the Cisco BWG)
Note that Comcast Support can (as of this date) only order EITHER the
SMC or the Cisco. However, they can specify a SMC and then put in the
notes to substitute a Netgear.
Note also that these CPE's all supply Comcast DNS IPv6 servers from
DHCPv6 broadcasting. If you run your own DNS servers you likely will
need to configure anything connected to the LAN port of these CPE
devices and using public IP addressing to overrride any IPv6 DNS server
IP addresses with your own DNS server's IPv6 address.
SMC D3G. This device does not support the higher speed 150Mbt+ Comcast
service that is being rolled out. Otherwise it is a solid, dependable
modem in IPv4 mode for 50MB/10 and below service. In particular this
device is recommended if you are using a SIP-based VoIP phone switch.
It's IPv6 support is spotty. By default it supports both auto
configuration and DHCP6 for LAN-connected IPv6 clients. However Prefix
Delegation (PD) is broken on the device. Comcast is aware
of that issue and filed a bug with SMC in December 2014. It's unlikely
that bug will ever be fixed, however, as SMC has shown no interest in
fixing it. When I pressed Tier-2 Comcast Support they refused to
confirm or deny that Comcast has abandoned pressure on SMC to fix this,
but they repeatedly said that it sounded like a low-profile bug and
suggested I get a different CPE.
Furthermore, the device has an "IPv6-specific" firewall enabled by
default which blocks incoming IPv6 from the Internet, so setting up
IPv6-enabled servers is not possible with one exception. However when
that exception is used the CPE becomes unstable and periodically reboots.
Cisco DPC3939B AKA Cisco BWG. This devices DOES support the 150MB+
speeds. It's identical to the DPC3939B used for Residential Xfinity
service with the exception of some firmware changes. It has an embedded
WiFi in it that will advertise Xfinity Public Wifi. Comcast support can
disable that Wifi on request but when the modem is rebooted the wifi
will turn back on. While Xfinity Residential customers can login to a
page on their account and disable this well, Business customers cannot.
This WiFi provides public access to anyone in the vicinity and cannot
be configured so that users are blocked from associating to it. In
addition the Wifi antennas are located internally.
IPv6 sub-prefix delegation is also broken on this device. By default
it supports both auto configuration and DHCP6 for LAN-connected IPv6
clients.
Netgear is CG3000DCR
This device does not support the higher speed 150Mbt+ Comcast service
that is being rolled out.
IPv6 sub-prefix delegation works on this device. The device will supply
a /60 on request of a router. However there is a bug that causes the
devices to periodically stop routing IPv6. This can be fixed with a
workaround on the LAN IPv6 Setup Page, change the "Valid Lifetime" to 3600.
There is also a second bug with this device that has to do with SIP ALG
packets and statically-assigned IPv4 subnets. The bug will cause the
device to get slower and slower over a day or two until it's rebooted.
The fix for this is to call into Comcast's Tier 2 support and request
that SIP ALG be disabled on the device. Supposedly, firmware version
v1.34.02 or later corrects this problem. However this device is NOT
recommended by Comcast Support for ANY VoIP use.
So the upshot is, some good, some bad.
Thanks!
Ted
More information about the ipv6-ops
mailing list