Newbie guide to Copper business static IPv4/IPv6 offerings from Comcast
NOTE THAT DYNAMIC IPv4 MEANS DYNAMIC IPv6!!!!!!! A REBOOT OF THE MODEM DOES NOT GUARANTEE YOU WILL COME BACK WITH THE SAME IPv4 OR IPv6!!!!!! THIS POST IS ABOUT STATIC IPv6!!!
NOTE THAT TECHNICOLOR BOUGHT CISCO CABLE MODEMS IN 2015
Technicolor's manuals for former Cisco cable modems are here https://ciscodocs.technicolor.com/ However because Comcast had custom firmware written for their Cisco cable modems those manuals are not linked from there. Instead see the links on this page:
Cisco Business Wireless Gateway devices DPC3939B or DPC3941B
Current modems from https://www.xfinity.com/support/articles/broadband-gateways-userguides
Comcast Arris cable modems manuals are also at this link
General Comcast overview of IPv6:
(this has a link to the SMC8014 manual which uses the same layout as the Netgear cable modem however the SMC cable modem has a bug that causes a bootloop when it's IPv6 is enabled and was withdrawn by Comcast years ago)
How It Works:
Comcast uses OSPF with an MD5 authentication key to get the static IPv4 prefix on the cable modem to advertise to their internal network. That static IP is written into the bootfile tied to the MAC address of the cable modem, when the modem boots the bootfile programs that into the modem then the modem advertises it back into Comcast's network. At the same time a static IPv6 subnet with a /56 size is generated on the modem (likely using some formula involving a MAC address on the modem) and also advertised back into the Comcast network. This is why Comcast requires static IP holders to rent modems from them. They do not want a user injecting bad routes into their internal network so they cannot let the user control the modem. IFYOUR MODEM FAILS AND IS REPLACED YOUR STATIC IPv6 PREFIX WILL CHANGE
In practice what the cable modem is supposed to do is the following:
1) Generate an IPv6 prefix of /56
2) Allow customer devices using SLAAC or DHCPv6 to request /64 IP addresses from the cable modem
3) Allow customer routers on the LAN side to request via DHCPv6-PD subnets of that prefix (on mine it requests /60 prefixes)
4) if a prefix is requested instead of an IPv6 address of /64, install a route to the requested prefix pointing to the device that
5) The user may then have to install a default route to the local IPv6 address of the cable modem
6) Cable modems in general ignore Route Advertisements from the customer router. They only pay attention to IPv6 Neighbor Discovery
and IPv4 arp traffic and DHCPv4 and DHCPv6 requests.
Note that if #4 is broken that a hack exists to do proxy NDP here (https://github.com/DanielAdolfsson/ndppd) that might be useful if you are running Open-WRT there's a French site that documents this on Open-wrt https://x0r.fr/blog/12
Devices are ONLY supposed to firewall off and block the "Netbios ports" as documented here:
Note that port 25 is blocked on the RESIDENTIAL accounts NOT the BUSINESS accounts.
One poster reports the CGA4131COM blocked protocol 41 (6in4)
CPE devices have firmware that Comcast can update whenever they feel like. Sometimes the updates are good and sometimes they introduce bugs that will destroy IPv6 connectivity. There can also be bugs in customer router firmware. The Forum posts mention various bugs. Followups ARE RARE since people generally develop hacks or other workarounds then don't go back months later and see if the original bug was ever fixed.
Here's a list of the devices and bugs in their firmware from various postings:
Only (seems) to work with PD length requests of /60
Modem of choice for under 150Mbt service offerings that need good IPv6
Technicolor/Cisco CBR-T (CGA4131COM)
Multiple posters report firmware updates broke different prefix size DHCPv6-PD requests. Apparently /59 requests work
Apparently if the modem reboots when the router behind it requests a PD via DHCPv6 it may not get the same prefix even if the DUID sent is the same. Continually resending PD requests without a DUID will eventually cycle around to the last prefix sent.
This modem is apparently the only one handed out with higher speed accounts above 300Mbt
Technicolor/Cisco BWG (DPC3941B) AND Technicolor/Cisco DPC3939
DHCPv6-PD works immediately after reboot then stops routing later on until power-cycled again.
Will work with the Proxy NDP hack