New problem solver
•
38 Messages
/59 prefix delegation block changed...
I have a /56 static on Comcast Business. Recently I had a cable modem issue (as determiend by comcast) and the cable modem was replaced. Everything is working, but I received a different /59 (still inside my /56) so I had to renumber several vlans! How do I keep this from changing?
Thank you,
Robert
Accepted Solution
DofTNet_Enterprises
New problem solver
•
25 Messages
3 years ago
Alright.. I realize this is an older post but I was having issues because of this exact situation - that is, I configured a bunch of vlans with subnets within the /59 that the comcast business gateway handed out, and it was all just lovely for a while... until at some point I restarted and all of my IPv6 systems that weren't on the same vlan as the gateway broke because I got a different /59. I believe I've managed to configure everything to request and actually get the same prefix each time.
For context, my gatway is the CGA4131COM and I'm using an OPNsense 22.1.1 box as my router/firewall. I have four vlans configured on OPNsense.
WAN - connected to the gateway, LAN for my private network for user devices, PUB for all of my public facing servers where my static IPv4 addresses live, and SRV for internal servers that don't need to face the internet at large and shouldn't necessarily be in the same network as the end user devices.
on the LAN, PUB, and SRV vlan interfaces, the IPv6 configuration type is set to "Track Interface" which pulls from the pool of subnets in the delegated prefix assigned to the WAN interface, and I gave each a prefix ID within that - there's 32 IDs to pick from 0x0 to 0x1f.
I initially set the WAN interface to use DHCPv6 as the configuration type, and under the details, had it set to Basic, provided a prefix length of 59, and got a a prefix xxxx:xxxx:xxxx:1a0::/59 the other vlans got a /64 in that range with the prefix ID added to the end (for example, the PUB vlan id was 0x0 so it got xxxx:xxxx:xxxx:1a0::/64. I gave the LAN vlan an id of 0xc so it's subnet was xxxx:xxxx:xxxx:1ac::/64, etc). Everything was good until I had to restart the gateway after which the prefix was xxxx:xxxx:xxxx:160::/59... which.. broke everything.
It turns out that in the /56, there are only 8 /59 subnets to delegate so I found that if I restarted the gateway a few times, it would eventually give me the 1a0 prefix again. Obviously this is a workaround that's less than ideal. On the WAN interface, there is an "Advanced" option, but the integrated help wasn't particularly helpful so I eventually dug into the innards of the behind-the-scenes configuration. It's FreeBSD and I was able to look up the manpage for dhcp6c.conf and also compare the file generated with the "Basic" mode with the one that was generated by the "Advanced" mode.
Here's what eventually worked:
Configuration Mode: Advanced
In the Interface Statement section
Send Options: ia-na 0, ia-pd 0
Request Options: domain-name-servers,domain-name
Script: /var/etc/dhcp6c_wan_script.sh
(this was in the basic configuration file, which is why I included it.. the naming may be different so you'll probably need to look at the basic script first)
In the Identity Association section
Check Non-Temporary Address Allocation
id-assoc na ID: 0 (or whatever number you put after id-na in Send Options above)
Address IPv6-address: leave blank or specify an address in the /64 that the business gateway is in
Preferred Lifetime: leave blank or infinity if an address is requested above.
Valid Time: leave blank
Check Prefix Delegation
id-assoc pd ID: 0 (or whatever number you put after id-pd in Send Options above)
Prefix IPv6-Prefix: xxxx:xxxx:xxxx:1a0::/59 (that is, the specific /59 prefix you want)
Preferred Lifetime: infinity
Valid Time: leave blank
In the Prefix Interface section
Prefix Interface Site-Level Aggregation Length: 5
(this appears to be the difference in bits between /59 and /64)
everything else can be left blank/default.
On the Gateway itself, under connection -> local IP network, in the IPv6 section:
Ensure that Stateful(Use Dhcp Server) is checked. Prefix delegation will not work otherwise. I set the lease time to Forever and saved those settings.
After restarting the gateway and OPNsense, it is now consistently giving me the 1a0 prefix that I have everything configured to use.
I know this is one specific setup with a particular gateway and firewall, but I know OPNsense is a fork of pfsense so it ought to be similar, and if you are able to dig into the weeds a bit on your router's configuration, you might be able to find where you can set it to request a specific prefix every time. This particular gateway appears to honor that.
(edited)
9
MikeAce
New problem solver
•
9 Messages
4 years ago
you got it easy. I just had my modem upgraded and I got an entirely different /56 assignment. To make matters worse, every time the modem reboots I get a different /59 assignment to my firewall. There is no way to statically assign anything IPv6 inside of the modem's web interface so ipv6 is pretty broken in terms of being able to set anything statically. At least my old modem kept the same /59 assigned to my firewall the entire time I had it.
0
Comcast_Dena
Official Employee
•
81 Messages
4 years ago
Hello and thank you for reaching out to us. I apologize for the delayed response time but thank you for sticking with us to address your questions and concerns! I am here to help! In order to get started can you please send me a private message with your full name and service address? To send a private message, click my name "ComcastDena", then click "send message".
0
0
rob__jr
New problem solver
•
38 Messages
4 years ago
I clicked your name but don't see a "send message" button. Please advise.
If I click the message button & type in your name, it doesn't work either:
(edited)
0
0
rob__jr
New problem solver
•
38 Messages
4 years ago
@MikeAce , do you have a static /56 assigned as well?
1
0
rob__jr
New problem solver
•
38 Messages
4 years ago
@Comcast_Dena , Yes I do have that, but as per my screenshot it can't find you to send a message to. If I type Comcast_D, it will show me 3 or 4 other people I can send a message to, but not to you. Maybe if you could send me a message I could just reply?
1
0
MikeAce
New problem solver
•
9 Messages
4 years ago
I've never actually received an official word from Comcast business that IPv6 assignments are truly static. When I got the new modem and I saw my delegated /56 had changed, the tier 3 tech had no idea about the intended behavior. It's very disappointing because I have a static IPv4 block that did transfer over
0
0
rob__jr
New problem solver
•
38 Messages
4 years ago
@MikeAce : My static IP block /56 shows under my static ips next to my static ipv4 ips. Do you have static ipv4 ips? If not it may not be static.
0
0
MikeAce
New problem solver
•
9 Messages
4 years ago
Yes I have a static /28 of IPv4
0
0
rob__jr
New problem solver
•
38 Messages
4 years ago
It should also show you a /56 next to your /28 in your account. If a /56 doesn't show up, that is the issue. You may have to ask them to assign you one so it stays static. Might be dynamic otherwise. Maybe @Comcast_Dena can assist if that is the case.
0
0
MikeAce
New problem solver
•
9 Messages
4 years ago
Yeah it says I have a /56 delegated prefix and it stays the same with the modem. as soon as the modem was changed out though I got a different /56 and Tier 3 didnt have an answer
0
0
rob__jr
New problem solver
•
38 Messages
4 years ago
Wow, so Tier3 couldn't figure out why your /56 wasn't matching up with what they assigned you? I'd hope they could fix that same as they fix static ipv4 blocks not routing to you...wow...
(edited)
0
0
packeteater
New Contributor
•
6 Messages
4 years ago
I'm having this same problem. We have a static /56.. our system is configured to request a /59 (largest block have been able to pull). This has been working for years with no issues. Just 3 days ago this delegated prefix changed (different bits within our /56) requiring us to renumber all our systems, software, DNS...etc.
The problem is now that since then traffic stops passing on the newly delegated prefixes after about a day of uptime... This has happened twice so far over the past two days and we've had to renumber each time. No idea how to wake up Comcast's systems to allow traffic to pass. Previously for residential when this would happen you could just kick the DHCP and it would update Comcasts filter to allow traffic to pass again but here nothing seems to work anymore.
We can receive IPv6 packets yet all outgoing IPv6 packets on the delegated prefix are dropped after it leaves our WAN port to Comcast. Ran a packet capture and can see the IPv6 packets going out of the WAN interface. The /64 on our WAN interface works fine and we can ping out from it but everything on our production LAN network using the delegated prefix has no working IPv6 after a days time it stops working. All of the packets are being dropped.
1
0
packeteater
New Contributor
•
6 Messages
4 years ago
Modem has not been replaced and there have been no hardware changes on our end. I don't know if firmware updates were recently pushed to the modem.
1
0
packeteater
New Contributor
•
6 Messages
4 years ago
Delegated /59 prefix we had been assigned for years was ...:43e0:: then it went to ...:4340:: and finally ...:4300::. First time it took a while to notice the LAN prefix had changed.
What I know is that after each change it works for about a day probably somewhat less. Unsure exactly how long. After this outgoing packets would be dropped. This happened both times from 43e0 to 4340 and 4340 to 4300. I don't know if both were exactly the same interval but it was about the same.
No idea what triggers changes. For all I know it could have been automatic or triggered by rebooting CM or system or fiddling with DHCP trying to poke whatever is blocking traffic. The last time it changed was on phone with a Comcast CSR.
0
0