Skip to content
tmittelstaedt's profile

Problem solver

 • 

312 Messages

Sat, Apr 24, 2021 8:44 PM

Newbie guide to Copper business static IPv4/IPv6 offerings from Comcast

NOTE THAT DYNAMIC IPv4 MEANS DYNAMIC IPv6!!!!!!!   A REBOOT OF THE MODEM DOES NOT GUARANTEE YOU WILL COME BACK WITH THE SAME IPv4 OR IPv6!!!!!!  THIS POST IS ABOUT STATIC IPv6!!!

NOTE THAT TECHNICOLOR BOUGHT CISCO CABLE MODEMS IN 2015
Technicolor's manuals for former Cisco cable modems are here https://ciscodocs.technicolor.com/  However because Comcast had custom firmware written for their Cisco cable modems those manuals are not linked from there.  Instead see the links on this page:

Cisco Business Wireless Gateway devices  DPC3939B or DPC3941B
Current modems from https://www.xfinity.com/support/articles/broadband-gateways-userguides

Comcast Arris cable modems manuals are also at this link

Technicolor CGA4131
https://www.technicolor.com/sites/default/files/2018-03/CGA4131COM%20%28CBR%29%20v1.0%20OSS%20Publication.pdf

https://mediacomcc.custhelp.com/euf/assets/documents/modem%20user%20guides/CGA4131_user_guide.pdf

Netgear CG3000DCR
https://www.manualslib.com/manual/1030704/Netgear-Cg3000dcr.html

General Comcast overview of IPv6:

https://business.comcast.com/help-and-support/internet/using-a-static-ip/

(this has a link to the SMC8014 manual which uses the same layout as the Netgear cable modem however the SMC cable modem has a bug that causes a bootloop when it's IPv6 is enabled and was withdrawn by Comcast years ago)

How It Works:

Comcast uses OSPF with an MD5 authentication key to get the static IPv4 prefix on the cable modem to advertise to their internal network.  That static IP is written into the bootfile tied to the MAC address of the cable modem, when the modem boots the bootfile programs that into the modem then the modem advertises it back into Comcast's network.  At the same time a static IPv6 subnet with a /56 size is generated on the modem (likely using some formula involving a MAC address on the modem) and also advertised back into the Comcast network. This is why Comcast requires static IP holders to rent modems from them.  They do not want a user injecting bad routes into their internal network so they cannot let the user control the modem.  IFYOUR MODEM FAILS AND IS REPLACED YOUR STATIC IPv6 PREFIX WILL CHANGE

In practice what the cable modem is supposed to do is the following:

1) Generate an IPv6 prefix of /56
2) Allow customer devices using SLAAC or DHCPv6 to request /64 IP addresses from the cable modem
3) Allow customer routers on the LAN side to request via DHCPv6-PD subnets of that prefix  (on mine it requests /60 prefixes)
4) if a prefix is requested instead of an IPv6 address of /64, install a route to the requested prefix pointing to the device that
requested it.
5) The user may then have to install a default route to the local IPv6 address of the cable modem
6) Cable modems in general ignore Route Advertisements from the customer router.  They only pay attention to IPv6 Neighbor Discovery
and IPv4 arp traffic and DHCPv4 and DHCPv6 requests.

Note that if #4 is broken that a hack exists to do proxy NDP here (https://github.com/DanielAdolfsson/ndppd) that might be useful if you are running Open-WRT there's a French site that documents this on Open-wrt https://x0r.fr/blog/12

Devices are ONLY supposed to firewall off and block the "Netbios ports" as documented here:
https://www.xfinity.com/support/articles/list-of-blocked-ports

https://business.comcast.com/help-and-support/internet/ports-blocked-on-comcast-network/

Note that port 25 is blocked on the RESIDENTIAL accounts NOT the BUSINESS accounts.

One poster reports the CGA4131COM blocked protocol 41 (6in4)


BUGS:
CPE devices have firmware that Comcast can update whenever they feel like.  Sometimes the updates are good and sometimes they introduce bugs that will destroy IPv6 connectivity.  There can also be bugs in customer router firmware.  The Forum posts mention various bugs. Followups ARE RARE since people generally develop hacks or other workarounds then don't go back months later and see if the original bug was ever fixed.

Here's a list of the devices and bugs in their firmware from various postings:

Netgear CG3000DCR

Only (seems) to work with PD length requests of /60
Modem of choice for under 150Mbt service offerings that need good IPv6

Technicolor/Cisco  CBR-T (CGA4131COM)

Multiple posters report firmware updates broke different prefix size DHCPv6-PD requests.  Apparently /59 requests work
Apparently if the modem reboots when the router behind it requests a PD via DHCPv6 it may not get the same prefix even if the DUID sent is the same.  Continually resending PD requests without a DUID will eventually cycle around to the last prefix sent.
This modem is apparently the only one handed out with higher speed accounts above 300Mbt


Technicolor/Cisco BWG (DPC3941B)  AND  Technicolor/Cisco DPC3939

DHCPv6-PD works immediately after reboot then stops routing later on until power-cycled again.
Will work with the Proxy NDP hack

Responses

New problem solver

 • 

68 Messages

1 m ago

Love the post. Thanks!!!

Couple of observations from my end:

- The /56 assigned to the cable modem did not change after my cable modem was swapped recently. (Netgear for Technicolor)

- My modem will hand out /59s instead of /60s (it used to do /60s, but that changed with a random firmware update)

New problem solver

 • 

18 Messages

1 m ago

Finally some concise information.  Thank you

New problem solver

 • 

18 Messages

1 m ago

@tmittelstaedt  for the Technicolor/Cisco DPC3939, the PD changes from time to time as well.....

(edited)

Contributor

 • 

21 Messages

1 m ago

I've found the same in my experience.  With the CGA4131COM, I had to use ndppd when I was experimenting with this modem.  That was the only way to get it to "route" IPv6.  I mentioned it in a previous post.

The CGA4131COM definitely block 6in4 for me (version Prod_19.3_d31 & MTA Application - Prod_19.3, image CGA4131COM_4.4p6s2_PROD_sey).

So PD works on the CGA4131COM with /59 reqs?  Does it actually route them after the req. succeeds?  If not, might as well not even use it since you have to use proxy NDP.

New problem solver

 • 

18 Messages

1 m ago

Hi @jb_geek ,

I just received a CGA4131COM on Tuesday.  At first it would not issue a PD.  Not sure what changed, but it is now handing me /64 addresses for the two subnets I have setup.

I've rebooted it a couple of times and so far the PD's haven't changed.  I've switched my network back to a IPv4 only network for the time being, but will continue to beat on this modem to see if it will keep the same PDs.

If you want, PM me with your contact info, I'd be happy to see if I can help you get PDs out of the modem.  I have some time next week that I could spend with you on it.

Also, as a side note, I was contacted by a really nice gal at Comcast.  She has spoken with many other knowledgeable people there about IPv6 and these modems.  There is a resounding consensus there that the modems should allow us to manually set up our subnets and have traffic routed correctly (@tmittelstaedt you might be interested in this).  Since so many folks here on the forums are having issues, she is apparently able to escalate this to Engineering.  If she is able to do this, I hope I can get some insight into what should or should not be able to do.  I'll be happy to pass along anything I learn, if there are solutions in setting up our routers statically, I'll be happy to help anyone here who wants it.

BTW:  They think it is strange that some people are getting /59 PDs instead of /64s.  So that is currently also a topic.  My new modem is giving me /64s so I'm not seeing it.  What is your firmware version?

Mine is:

eMTA & DOCSIS Software Version: CM DOCSIS Application - Prod_20.2_d31 & MTA Application - Prod_20.2
Software Image Name:                      CGA4131COM_4.8p9s1_PROD_sey
Advanced Services:                           CGA4131COM
Packet Cable:                                     2.0

Contributor

 • 

21 Messages

1 m ago

@flyingrobots When I had mine, it was this:

eMTA & DOCSIS Software Version: CM DOCSIS Application - Prod_19.3_d31 & MTA Application - Prod_19.3
Software Image Name: CGA4131COM_4.4p6s2_PROD_sey

So yours has been updated since.  Could you test to see if 6in4 passes through it?  That's IP protocol 41.  You could test it pretty easily by setting up a HE 6in4 tunnel (https://tunnelbroker.he.net).

So your modem is handing you /64s?  Is that what your DHCPv6 is asking for in the hint?  That'd work fine.  Does the cable modem actually put in a route for your delegated /64s, or do you have to run a routing protocol, or something like that?

My assignment from Comcast is a /56.  Not sure how or why some modems, or firmware versions decided on /59s as a default for a PD.   But, if it hands out  /59s, it means you can get eight of them out of the /56, and each /59 is 32 /64s.  So that way, the cable modem only needs eight routes in its table for your whole assigned space, pointing each /59 to the router(s) you control.  Those routers can then PD those to other routers, etc, either as /64s or as larger chunks of net space, as you wish. For example:

2001:db8:1234::/56 (space assigned by Comcast)

2001:db8:1234::/59 (it wouldn't assign this because it's already using the /64 for inside interface)

2001:db8:1234:20::/59 (next available /59)

2001:db8:1234:40::/59

2001:db8:1234:60::/59

2001:db8:1234:80::/59

2001:db8:1234:a0::/59

2001:db8:1234:c0::/59

2001:db8:1234:e0::/59

2001:db8:1234:20::/59 (first avail PD assigned your router by cabmodem)

(your router can then assign all these 32 /64s to interfaces/other routers, and ask for another /59 when it is used up)
2001:db8:1234:20::/64
...
2001:db8:1234:3f::/64



That's the only real case I have for those shorter prefixes. You'd think they'd go for something like /60s, since that's "half the bits of your /56" to assign PDs, which would give you 16 /60s with 16 /64s each.  But they went for /59 <shrug>.

/64s make sense though, esp. considering that your cable modem's LAN interface is using the first /64 out of your /56.  It's possible that it delegates /64s until it gets to the next aggregatable boundary, then starts assigning larger chunks.  Who knows. 

That's one of the "mysteries" of how PD works/is implemented for me.  I believe the way it's supposed to work is that you can request a certain size prefix via the hint, and it will give it to you if it has it, otherwise it'll give you a smaller prefix, all depending on what it has available/what it's already leased out.  But I think the implementations in these devices are very simplified.

(edited)

New problem solver

 • 

18 Messages

22 d ago

@jb_geek I don't know anything about ip6 to ip4 translations and the link you provided doesn't seem to work.

Comcast also assignes a /56 to my cable modem.  The cable modem hands out /64's to my router.   The interface from the router to the cable modem is also a /64.

I have not tried to get a smaller PD, so I don't know.

I would get comcast to upgrade your modem and see what happens.  You may be able to do away with ip6 to ip4 translation all together....