Prefix Delegation w/ CGA4131COM working?

Thanks so much for reaching out about this, RobBanz. As a heads up, I removed the IP address et al in this public thread, but I have it noted on my side here. I can look into the prefix delegation issue and check a few things in our system if you want to send over a private message. To do that, you'll just click on my name and send it with your name, the business name, the complete service address (including city, state, ZIP, suite number, etc), and the phone or account number. 

Hi there, can you please send a private message with your name, the full address, and [hone number? 

Just a heads up that I worked with Comcast support and they were never able to get this working. We replaced the gateway with the DPC3941B business wireless gateway and everything started working right away. So if you're having issues with the Techniclor swap it out.

Thanks for that info. The tech should be reporting the issue to his supervisor and keeping a record of nonworking devices for that same scenario. I've seen that model work with Sonic walls with no issue and, other Edge routers to be honest so, I'm not too sure it's the model but, I appreciate the feedback and follow up on the recent service visit. If you need assistance in the future, feel free to reach out again. Thanks for choosing Comcast and have a great holiday weekend.

I sincerely appreciate the additional details and all the information you have provided us. I am sorry you are still having trouble with prefix delegation but I will be happy to do all I can to help. If you can send a private message, I can access your account and assist you further. If possible, can you please include your full-service address, account number, and your name as it appears on your account? 

I have a DPC3941B and I cannot get prefix delegation working with it. I first tried pfSense, but I have read countless posts that the only way to get prefix delegation working is to have Comcast replace my gateway with a Netgear CG3000DCR (I submitted a service request to Comcast to have the DCP3941B replaced with the CG3000DCR) or purchase an EdgeRouter. I went ahead and purchased an EdgeRouter.  I have spent hours and hours working on this. Any basic information you could provide on how you got prefix delegation working with the DPC3941B would be greatly appreciated. 

Once they brought the DPC3941B everything just started working with the same config as the CGA box. Here's my configuration:

Config Tree:

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > rapid-commit = disable

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > prefix-length = 59

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > host-address = ::1

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > prefix-id:1

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > service=slaac

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > host-address = ::1

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > prefix-id:2

interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > service=slaac

interfaces > ethernet > eth9 (this my internet port) > firewall > in > ipv6-name = WANv6_IN

interfaces > switch > switch0 > ipv6 > router-advert > prefix = ::/64

interfaces > ethernet > eth7 > ipv6 > router-advert > prefix = ::/64

Hope that helps.

Jason

Jason,

Thanks for spending the time posting your configuration. This will get me pointed in the right direction. I got an email from Comcast Business that they are sending out a technician tomorrow to replace the 3941B with a Netgear CG3000DCR as I requested from tech support last week. I already have Cisco Wi-Fi access points, so I do not need a Wi-Fi business gateway. I will follow up once I get the CG3000DCR and the router setup.

Richard

An update. After receiving the Netgear CG3000DCR, my problem was solved. Last month, I bumped my speed up from 150 mbps to 300 mbps and, of course, the Netgear gateway does not support anything higher than 150 mbps. A technician came out to swap out the Netgear gateway with a Technicolor CGA4131COM. Nice to have one gateway support Internet and voice. However, IPv6 DHCP-PD does not work with a firewall or router behind it unless it is placed in bridge mode, which I cannot do, since I have five static IPv4 addresses. So I am back in the same boat as when I had the CGA3941COM gateway and I have abandoned implementing IPv6 in my network. It is disappointing that the old CG3000DCR works great with IPv6 DHCP-PD with a firewall or router behind it and the new Techicolor gateways do not. Hopefully, there will be a firmware update in the future to fix this issue with the Technicolor gateways. 

ComcastBiz_Support / Comcast_Joseph -

This statement is completely unrelated to the post/request made by ITGrouch56 as well as multiple other posters/threads in your own forums (bordering on the same level of tone-deafness I’ve encountered).

The statements made by ITGrouch56 are 100% accurate. The CGA4131COM is broken at the firmware level. This escaped both your quality assurance testing as well as any limited scope testing performed before they were released to general availability.

I’ve spent the better part of the last month trying to resolve the exact same issue experienced by the individual who started this thread.

Back at the end of August, my CG3000DCR, which worked for 6+ years in a dual-stack (IPv4/IPv6) configuration behind two different Ubiquiti EdgeRouter firewalls, ceased to function and was slated for replacement.

I was provided a DPC3941B as an initial replacement, after a few days of testing/acclimation, I asked for a different device as latency/packet loss/skew is inconsistent/out-of-spec for even the internal address/static gateway assigned to the provided equipment, much less the outside world. (Google: Puma 6 chipset)

Made several emphatic requests with Tier-2/ECR to simply give me a new CG3000DCR. They were denied by local dispatch/maintenance no fewer than ~5 times, stating the device is EoL and will only cause more issues.

After nearly ~30 days of back and forth, daily emails and calls, local finally ‘caved’ and provided me a used CG3000DCR that was not only covered in white paint spatter, but scratched/gouged on all facets.

Not willing to stand in the way of progress, I accepted the obviously damaged device as the local representative stated it was the only device left, I wouldn’t be receiving another.

We brought it online and provisioned, immediately IPv6/dual-stack connectivity was restored without a single change to my equipment aside from deleting DUID, releasing/renewing the interface.

I was thrilled, sent emails to Executive Customer Relations stating that everything was once again functional, thanking them for the time/effort put into resolving this request.

Not more than literally ~15 minutes after the technician pulled away from the curb, the device hard-locked and refused to even accept ICMP to the inside interface/assigned IPv4-static gateway.

Notified ECR of the failure and was told that they’d have someone onsite the following day.

Less than ~24 hours later I had multiple technicians, including a local VP, respond to my premise (likely trying to find fault with my installation/implementation). I was informed that I wouldn’t be receiving another CG3000DCR, only the CGA4131COM.

To be frank, the CGA4131COM is a very capable device, one that I have zero issue keeping, if it were not for the the fact that it was shipped with broken firmware.

This isn’t conjecture, my opinion, a crazy person rattling nonsense, nor is it my configuration. A nearly ~100 billion dollar company, shipped a broken device. That’s it. It happens. This is a fact.

It took me the better part of a month to not only convince not only ECR/T2 of this fact, but local resources. I’m still not sure how much of them finally seeing the light was simply placation to get me to stop contacting them.

Here’s where we left off:

My last email to ECR and subsequent site-visit was on Sept 25/26th. I was informed that it was now a ‘known issue’ and a new firmware was in the pipeline, slated for testing/deployment within ~2 weeks. However, this wouldn’t apply to me because I’m a static customer that routes their block over RIPv2, which requires a different firmware. This firmware for static customers would be available ‘middle of November’

Needing to move on with life, I accepted this, adding additional cost to my monthly totals with Amazon Web Services to spin up a bastion/testing host for only IPv6. Not only is this inconvenient, but it doesn’t work for the majority of test-cases I’d generally leverage IPv6 for.

As a provider myself who works in the telecommunications space, my needs are significantly different than the average Xfinity/Comcast Business customer. But it cannot be overstated how much this has impacted my workflow.

I just wanted to type this up so that anyone else encountering this issue can rest assured, it’s not you. It’s the modem. I don’t care what response I receive to this, if any, your CGA4131COM has broken firmware. It needs to be escalated to the appropriate parties.

I’m not hopeful this is going to be resolved soon as even the NOC staff looked at this as a ‘dude, fix your configuration’-issue. But I can remain hopeful that this isn’t falling of deaf ears.

I await my boiler-plate/copy-pasta response about how Comcast supports IPv6 and I should real support/KB-document ‘XYZ’ as to how to configure my equipment.

Likely going to shamelessly necro-post any related threads I see with the term ‘CGA4131COM’ because I’ve seen a trend where you prefer to take these threads offline, which negates the entire purpose of a community forum like this.

If anyone within the organization is curious enough to follow up, I’d be happy to provide private details via DM, as long as we agree to continue the brunt of the discussion in an open forum as to benefit others like myself who have met the same brick wall.

For the .00001% of people who made it this far, thanks!

-fwp

Thanks for taking the time to reach out to us through our business forums regarding your static Ip routing concerns. I would love to assist you.  Can you please reach out through private message with your first and last name, full service address and account number or phone number and we will dig into this with you. -Comcast_Michelle

I've been fighting this exact issue for almost a year now and arrived at the results from OP, having the same CGA4131COM gateway, but using 3x different routers/firewalls with the exact same results (Ubiquiti USG, Sophos UTM and MikroTik RouterBoard).

The Prefix gets delegated when asked, from all 3 devices. No issues with PD and get /59's delegated from the CGA4131COM, but when doing a pcap between the gateway and my edge devices, i see Neighbor Solicitations coming out of the gateway, as if they're on the same L2 segment (but obviously are not). Gateway is just not routing to the device owning the source prefix, it just tries to send the packet directly and fails.

I'm glad i see the exact same behavior from others out there, and disappointed that Comcast hasn't addressed. Up until finding this I assumed my config was flawed. I'll be calling Comcast tomorrow and starting the uphill battle there.

I don't know if the firmware has been fixed since this thread was first started, but I realize this is a fairly old thread.  I upgraded my service back in December and as part of that, they swapped out the older modem with a CGA4131COM.   Prefix delegation wasn't initially working but I managed to convince that to work easily enough and set about assigning different /64s in the delegated /59 to my various VLANs and it all worked just fine until I had to reboot and ended up getting a different /59 (still in the same /56 assigned to me, but, for example x:x:x:160::/59 instead of x:x:x:1a0::/59).. and of course everything broke... it was easier to just reboot the cable modem a few times until it handed out the right prefix than it was to try and renumber everything again....  but that's obviously less than ideal.

After grinding my teeth and saying a lot of words that children shouldn't hear, I managed to figure out how to configure my OPNsense firewall to properly request a specific prefix from the CGA4131COM and so far, a couple weeks and several reboots later, it is getting the same prefix every time and all the routing out of my various VLANs is working consistently without putting the CGA4131COM into bridge mode..  I describe in this post in another thread how I accomplished that.  I acknowledge that my setup is just one of many many possible configurations, but the point is that this is working properly for me which means there should be a good possibility that it can work with other routers as well.

It has been "fixed" but the rotation you describe is a bug I detailed in another 3 part post on how to use these gateways with DHCP-PD