Skip to content
tmittelstaedt's profile

Problem solver

 • 

326 Messages

Saturday, April 24th, 2021 8:44 PM

Newbie guide to Copper business static IPv4/IPv6 offerings from Comcast

NOTE THAT DYNAMIC IPv4 MEANS DYNAMIC IPv6!!!!!!!   A REBOOT OF THE MODEM DOES NOT GUARANTEE YOU WILL COME BACK WITH THE SAME IPv4 OR IPv6!!!!!!  THIS POST IS ABOUT STATIC IPv6!!!

NOTE THAT TECHNICOLOR BOUGHT CISCO CABLE MODEMS IN 2015
Technicolor's manuals for former Cisco cable modems are here https://ciscodocs.technicolor.com/  However because Comcast had custom firmware written for their Cisco cable modems those manuals are not linked from there.  Instead see the links on this page:

Cisco Business Wireless Gateway devices  DPC3939B or DPC3941B
Current modems from https://www.xfinity.com/support/articles/broadband-gateways-userguides

Comcast Arris cable modems manuals are also at this link

Technicolor CGA4131
https://www.technicolor.com/sites/default/files/2018-03/CGA4131COM%20%28CBR%29%20v1.0%20OSS%20Publication.pdf

https://mediacomcc.custhelp.com/euf/assets/documents/modem%20user%20guides/CGA4131_user_guide.pdf

Netgear CG3000DCR
https://www.manualslib.com/manual/1030704/Netgear-Cg3000dcr.html

General Comcast overview of IPv6:

https://business.comcast.com/help-and-support/internet/using-a-static-ip/

(this has a link to the SMC8014 manual which uses the same layout as the Netgear cable modem however the SMC cable modem has a bug that causes a bootloop when it's IPv6 is enabled and was withdrawn by Comcast years ago)

How It Works:

Comcast uses OSPF with an MD5 authentication key to get the static IPv4 prefix on the cable modem to advertise to their internal network.  That static IP is written into the bootfile tied to the MAC address of the cable modem, when the modem boots the bootfile programs that into the modem then the modem advertises it back into Comcast's network.  At the same time a static IPv6 subnet with a /56 size is generated on the modem (likely using some formula involving a MAC address on the modem) and also advertised back into the Comcast network. This is why Comcast requires static IP holders to rent modems from them.  They do not want a user injecting bad routes into their internal network so they cannot let the user control the modem.  IFYOUR MODEM FAILS AND IS REPLACED YOUR STATIC IPv6 PREFIX WILL CHANGE

In practice what the cable modem is supposed to do is the following:

1) Generate an IPv6 prefix of /56
2) Allow customer devices using SLAAC or DHCPv6 to request /64 IP addresses from the cable modem
3) Allow customer routers on the LAN side to request via DHCPv6-PD subnets of that prefix  (on mine it requests /60 prefixes)
4) if a prefix is requested instead of an IPv6 address of /64, install a route to the requested prefix pointing to the device that
requested it.
5) The user may then have to install a default route to the local IPv6 address of the cable modem
6) Cable modems in general ignore Route Advertisements from the customer router.  They only pay attention to IPv6 Neighbor Discovery
and IPv4 arp traffic and DHCPv4 and DHCPv6 requests.

Note that if #4 is broken that a hack exists to do proxy NDP here (https://github.com/DanielAdolfsson/ndppd) that might be useful if you are running Open-WRT there's a French site that documents this on Open-wrt https://x0r.fr/blog/12

Devices are ONLY supposed to firewall off and block the "Netbios ports" as documented here:
https://www.xfinity.com/support/articles/list-of-blocked-ports

https://business.comcast.com/help-and-support/internet/ports-blocked-on-comcast-network/

Note that port 25 is blocked on the RESIDENTIAL accounts NOT the BUSINESS accounts.

One poster reports the CGA4131COM blocked protocol 41 (6in4)


BUGS:
CPE devices have firmware that Comcast can update whenever they feel like.  Sometimes the updates are good and sometimes they introduce bugs that will destroy IPv6 connectivity.  There can also be bugs in customer router firmware.  The Forum posts mention various bugs. Followups ARE RARE since people generally develop hacks or other workarounds then don't go back months later and see if the original bug was ever fixed.

Here's a list of the devices and bugs in their firmware from various postings:

Netgear CG3000DCR

Only (seems) to work with PD length requests of /60
Modem of choice for under 150Mbt service offerings that need good IPv6

Technicolor/Cisco  CBR-T (CGA4131COM)

Multiple posters report firmware updates broke different prefix size DHCPv6-PD requests.  Apparently /59 requests work
Apparently if the modem reboots when the router behind it requests a PD via DHCPv6 it may not get the same prefix even if the DUID sent is the same.  Continually resending PD requests without a DUID will eventually cycle around to the last prefix sent.
This modem is apparently the only one handed out with higher speed accounts above 300Mbt


Technicolor/Cisco BWG (DPC3941B)  AND  Technicolor/Cisco DPC3939

DHCPv6-PD works immediately after reboot then stops routing later on until power-cycled again.
Will work with the Proxy NDP hack

New problem solver

 • 

74 Messages

4 years ago

Love the post. Thanks!!!

Couple of observations from my end:

- The /56 assigned to the cable modem did not change after my cable modem was swapped recently. (Netgear for Technicolor)

- My modem will hand out /59s instead of /60s (it used to do /60s, but that changed with a random firmware update)

New problem solver

 • 

18 Messages

4 years ago

Finally some concise information.  Thank you

New problem solver

 • 

18 Messages

4 years ago

@tmittelstaedt  for the Technicolor/Cisco DPC3939, the PD changes from time to time as well.....

(edited)

Contributor

 • 

27 Messages

4 years ago

I've found the same in my experience.  With the CGA4131COM, I had to use ndppd when I was experimenting with this modem.  That was the only way to get it to "route" IPv6.  I mentioned it in a previous post.

The CGA4131COM definitely block 6in4 for me (version Prod_19.3_d31 & MTA Application - Prod_19.3, image CGA4131COM_4.4p6s2_PROD_sey).

So PD works on the CGA4131COM with /59 reqs?  Does it actually route them after the req. succeeds?  If not, might as well not even use it since you have to use proxy NDP.

New problem solver

 • 

18 Messages

4 years ago

Hi @jb_geek ,

I just received a CGA4131COM on Tuesday.  At first it would not issue a PD.  Not sure what changed, but it is now handing me /64 addresses for the two subnets I have setup.

I've rebooted it a couple of times and so far the PD's haven't changed.  I've switched my network back to a IPv4 only network for the time being, but will continue to beat on this modem to see if it will keep the same PDs.

If you want, PM me with your contact info, I'd be happy to see if I can help you get PDs out of the modem.  I have some time next week that I could spend with you on it.

Also, as a side note, I was contacted by a really nice gal at Comcast.  She has spoken with many other knowledgeable people there about IPv6 and these modems.  There is a resounding consensus there that the modems should allow us to manually set up our subnets and have traffic routed correctly (@tmittelstaedt you might be interested in this).  Since so many folks here on the forums are having issues, she is apparently able to escalate this to Engineering.  If she is able to do this, I hope I can get some insight into what should or should not be able to do.  I'll be happy to pass along anything I learn, if there are solutions in setting up our routers statically, I'll be happy to help anyone here who wants it.

BTW:  They think it is strange that some people are getting /59 PDs instead of /64s.  So that is currently also a topic.  My new modem is giving me /64s so I'm not seeing it.  What is your firmware version?

Mine is:

eMTA & DOCSIS Software Version: CM DOCSIS Application - Prod_20.2_d31 & MTA Application - Prod_20.2
Software Image Name:                      CGA4131COM_4.8p9s1_PROD_sey
Advanced Services:                           CGA4131COM
Packet Cable:                                     2.0

Contributor

 • 

27 Messages

4 years ago

@flyingrobots When I had mine, it was this:

eMTA & DOCSIS Software Version: CM DOCSIS Application - Prod_19.3_d31 & MTA Application - Prod_19.3
Software Image Name: CGA4131COM_4.4p6s2_PROD_sey

So yours has been updated since.  Could you test to see if 6in4 passes through it?  That's IP protocol 41.  You could test it pretty easily by setting up a HE 6in4 tunnel (https://tunnelbroker.he.net).

So your modem is handing you /64s?  Is that what your DHCPv6 is asking for in the hint?  That'd work fine.  Does the cable modem actually put in a route for your delegated /64s, or do you have to run a routing protocol, or something like that?

My assignment from Comcast is a /56.  Not sure how or why some modems, or firmware versions decided on /59s as a default for a PD.   But, if it hands out  /59s, it means you can get eight of them out of the /56, and each /59 is 32 /64s.  So that way, the cable modem only needs eight routes in its table for your whole assigned space, pointing each /59 to the router(s) you control.  Those routers can then PD those to other routers, etc, either as /64s or as larger chunks of net space, as you wish. For example:

2001:db8:1234::/56 (space assigned by Comcast)

2001:db8:1234::/59 (it wouldn't assign this because it's already using the /64 for inside interface)

2001:db8:1234:20::/59 (next available /59)

2001:db8:1234:40::/59

2001:db8:1234:60::/59

2001:db8:1234:80::/59

2001:db8:1234:a0::/59

2001:db8:1234:c0::/59

2001:db8:1234:e0::/59

2001:db8:1234:20::/59 (first avail PD assigned your router by cabmodem)

(your router can then assign all these 32 /64s to interfaces/other routers, and ask for another /59 when it is used up)
2001:db8:1234:20::/64
...
2001:db8:1234:3f::/64



That's the only real case I have for those shorter prefixes. You'd think they'd go for something like /60s, since that's "half the bits of your /56" to assign PDs, which would give you 16 /60s with 16 /64s each.  But they went for /59 <shrug>.

/64s make sense though, esp. considering that your cable modem's LAN interface is using the first /64 out of your /56.  It's possible that it delegates /64s until it gets to the next aggregatable boundary, then starts assigning larger chunks.  Who knows. 

That's one of the "mysteries" of how PD works/is implemented for me.  I believe the way it's supposed to work is that you can request a certain size prefix via the hint, and it will give it to you if it has it, otherwise it'll give you a smaller prefix, all depending on what it has available/what it's already leased out.  But I think the implementations in these devices are very simplified.

(edited)

New problem solver

 • 

18 Messages

3 years ago

@jb_geek I don't know anything about ip6 to ip4 translations and the link you provided doesn't seem to work.

Comcast also assignes a /56 to my cable modem.  The cable modem hands out /64's to my router.   The interface from the router to the cable modem is also a /64.

I have not tried to get a smaller PD, so I don't know.

I would get comcast to upgrade your modem and see what happens.  You may be able to do away with ip6 to ip4 translation all together....

Problem solver

 • 

326 Messages

3 years ago

Here are some more updates to the original post:

Hurricane Electric's Tunnelbroker service is now at https://tunnelbroker.net/

Comcast is now apparently handing out Arris modems as their new standard modems for the Xfinity residential service.  There's a picture of the older Technicolor modem (black pylon) at 0:06 on the video listed here on this webpage:

https://www.xfinity.com/support/articles/activate-internet-gateway-modem

The Arris modem is the identical pylon except it is white.

For the business customers using static IP addresses they are apparently NOT going to use the Arris modem but are going to stick with

the CBR-T.   The CBR-T being handed out now has 8 PoE ports on it and 8 telephone ports on it.  However there is a revision 2 of the

CBR-T in the works that deleted the PoE ports and replaced them with non-PoE ports.

The CBR-T appears as though it is going to be the "standard" business-class modem for people with static IPv4 addresses going forward.

The Netgear is NOT being handed out at all except under special request and even then they won't do it in heavily congested areas.  Probably because it can handle only 8 downstream TV channels while the CBT-T can handle 32.  Note that Comcast bonds together the

TV channels for downstream bandwidth so in urban areas they have to reserve 32 channels for data, and if they allowed older DOCSIS 3.0 modems they would end up with the lower 8 channels completely crowded while the upper 24 would be empty.

Note that in order to INITIALLY set the Arris modem up YOU MUST USE a Smartphone as per the video that can connect to the Internet over your cellular providers network.  You CANNOT use a web browser on a laptop plugged into the modem.   You connect your smartphone to the modem's wifi, and connect to the initial setup wizard on the modem with a web browser. The reason is that there is a point during the modem setup where the wizard hands you off to a custom URL on the Internet and this happens BEFORE the modem has Internet connectivity.  Stupid, isn't it!  (technically you could use a laptop if you immediately tether it to your cell phone and hit refresh on the webinterface when it errors out but that's kludgy)

For the Arris and CBR-T the "customer access password" for the modem is now set by default to "highspeed" BUT the first time you login to the webinterface of the modem it REQUIRES you to change it.  If you don't then you will only get an additional 9 more times to login to the modem before you will be locked out of it permanently until the modem is reset.  You can reset the modem by calling the Comcast 800 number and going through the voice response to send out a modem reset.

ALSO note that YOU CANNOT LOGIN TO THE CBR-T'S PUBLICALLY NUMBERED INTERFACE!

That is, if you get a static IP subnet as you know one of those is assigned to the "LAN" interface of the modem while you can use the remaining in the subnets for your router or servers, etc.  But accessing that number, even though it will get you the webinterface and a login prompt, WILL NOT allow you to login.  You MUST access this modem at the 10.1.10.1 address to login to it.

If you forget the password you have set for cusadmin on this modem you can reset it by calling Comcast support and they will reset your modem.  Supposedly Xfinity customers are able to change this from an interface in their Xfinity account.  Business customers have to have Comcast do it.

You can turn off the main and guest wifi networks on the CBR-T from this interface.  You can also turn off the "firewall" on this modem.

The "free wifi" channel is still present on the residential modems and you still must contact Comcast and tell them to turn if off if you are a business customer providing your own wifi and you don't want people accessing that.   The CBR-T appears to let you turn it off.

Note that self-setup only applies to dynamic IPs where you get the modem shipped to you and you set it up yourself.  With static IP orders Comcast will always send out a tech to setup the modem.  Note that by default the line 2 port on the Arris modem is disabled and you will need to call into Comcast and have them turn it on.  Self-setup seems to be standard on Xfinity residential accounts while tech-on-site seems to be standard for business accounts.

The rest of this post concerns Voice on the Comcast service.  I am going to make a separate post on IPv6 setup of the CBR-T.

Voice on Comcast's service:

There are FOUR ways you can order voice from Comcast:

You can add it to an Xfinity Residential order.  In that case the ports will be turned on, on the modem. RESIDENTIAL ACCOUNTS CAN ONLY GET A MAX OF 2 VOICE LINES.  In addition, COMCAST HAS DISABLED BUSY-FORWARD ON RESIDENTIAL VOICE.  More about this later.

You can add it to a Comcast Business order.  If you get more than 2 lines Comcast will install a separate Voice mux that will hand off via POTS.  If needed they can install a converter that will hand off to you via PRI if for example you have a PBX.

You can order it as SIP trunks from Comcast Business.  This may require a dedicated circuit.

You can order it as a "virtual Cloud PBX" from Comcast Business.  This may also require a dedicated circuit.  Comcast sells you Polycom phones or you can bring your own (although they will push back on this)  Polycom's are one of the standards-based phones that you can wipe Comcast-supplied firmware off of and install generic VoIP firmware so they are great long term investments.

For Small Businesses trying to save money by using a Residential account:

To be honest I hate it when customers try doing this.  Dynamic DNS is fragile, and it's a nuisance to setup an inbound SMTP relay that will pick up incoming SMTP to port 25 then relay it forward to port 2525 to the customer to get around the Comcast block in their network if the customer is hosting their own mailserver.  With that said, a small business that doesn't self-host anything, not even a fileserver, and does everything in the cloud can fit into the data restrictions of a residential account.

But voice is a different animal.

A Residential account has a max limit of 2 phone lines from Comcast.  PERIOD.

A Residential account DOES NOT permit busy-call-forwarding.   So you cannot take the first phone line number and use it as your businesses primary number and have a second call that comes in to that be busy-forwarded to the second phone number on the line 2 phone port.  It's always going to go to voicemail.

If you decide to try outsmarting Comcast and use a 3rd party provider like NUSO to get your SIP trunks from, then you will NOT get QoS on the incoming phone calls.  So they likely will sound like a bad cell phone connection going through a tunnel.

For the Arris modem, I have NOT found a Message Waiting indicator phone or device that works properly on it's ports, if you are using Comcast's voicemail you will have to depend on the Stutter Tone to know there's a voicemail message.  CallerID name and number DOES work properly on these ports.

Basically a Residential (Xfinity) account is pretty much useless for a business of a small number of people.  About all you can do is put 2 line phones in for every employee and tell people to select whatever line is open with the line buttons on their phone when they go to make a call.

For a Small Business that uses Comcast Business that is OK if you want to use POTS handoffs.  Such as if you have an older phone system that will take the incoming calls via POTS trunk ports.

If you want to run a modern "soft" phone system and use VoIP phones then you will need to take the trunks as POTS handoffs from Comcast and feed them into a TA such as the Grandstream HandyTone HT813s then configure your soft PBX to register trunks into those.   Faxing must be T.38 compliant but call quality will be better since all the VoIP traffic will be retained in your LAN.  It's kind of a pity that the price of VoIP gear has come down so far these days and we have free PBXes like 3C and FreePBX right during the time that cell phone use has exploded.  If this had happened with VoIP stuff 30 years ago every phone in every house would be VoIP.

For a Small Business that wants to use 3rd party SIP trunks or a "cloud PBX" along with static IP addresses over copper (coax) you are SOL.  The reason is that according to all the reports I can find there is no way to turn off SIP-ALG on the Comcast-provided modems.  The Arris firmware DOES allow it to be turned off - but apparently Comcast disabled this.  You will have to move up to a large company fiber circuit to Comcast and run your own real router.

(edited)