New Member
•
1 Message
Request for IPv6 Routing Support and Prefix Delegation Configuration on CGA4332COM
I am currently experiencing issues with IPv6 routing on the CGA4332COM modem/router and would appreciate your assistance in resolving them.
Current Setup:
- Modem: Technicolor CGA4332COM (Comcast Business)
- IPv6 Prefix Delegation: Assigned prefix is
2603:3024:156c:a900::/56 - Firewall: Cisco ASA configured as the only direct client of the modem
- ASA receives address via autoconfig:
2603:3024:156c:a900:1a8b:9dff:fe1e:cd2a - ASA routes:
ipv6 route inside 2603:3024:156c:a900::/56 2603:3024:156c:a900::2ipv6 route out ::/0 2603:3024:156c:a900:2cb:7aff:fe71:7a9
- ASA receives address via autoconfig:
- ASA successfully communicates with external IPv6 addresses (e.g., Google DNS
2001:4860:4860::8888). - However, devices behind the ASA (in subnets other than
2603:3024:156c:a900::/64) cannot send or receive IPv6 traffic.
Problem Description:
- Issue: IPv6 packets destined for subnets within the delegated
/56(e.g.,2603:3024:156c:a9ff::/64) do not reach the ASA. - Capture Results: No packets are received by ASA from these subnets, indicating the CGA4332COM is not forwarding traffic beyond the initial
/64. - Expected Behavior: The modem should route IPv6 traffic for the entire delegated
/56to the ASA, which then distributes it internally.
Troubleshooting Steps Taken:
- Verified ASA routing and packet captures.
- Confirmed that the modem does not forward packets to subnets other than the initial
/64. - Attempted to locate IPv6 static routing options in the modem interface — only IPv4 static routes are configurable.
- Reviewed community threads indicating similar issues with DHCPv6-PD and lack of Router Advertisements (RA) from CGA4332COM. [forums.bus...omcast.com]
Questions and Requests:
- How can I enable full IPv6 routing for the entire delegated
/56prefix on the CGA4332COM? - Is there a way to configure static IPv6 routes or enable prefix delegation beyond
/64? - Can the CGA4332COM be configured to support OSPFv3 or another dynamic routing protocol for IPv6?
- Is there a firmware or configuration limitation that prevents routing to subnets other than the initial
/64? - Would enabling Bridge Mode or requesting a modem with more advanced routing capabilities resolve this issue?
Additional Context:
- This setup is part of a global infrastructure where the ASA acts as a gateway to a core router that further segments the
/56into multiple/64subnets. - The inability to route IPv6 traffic to these subnets is currently blocking full IPv6 deployment.
I would appreciate detailed guidance or escalation to a technical team familiar with advanced IPv6 configurations on Comcast Business equipment.
Thank you in advance for your support.
Comcast_Dena
Official Employee
•
95 Messages
2 months ago
Thank you for reaching out @user_d3e5f1 Have you spoken with our direct business team at (800) 391-3000? If not we can assist by putting in a ticket. Please send us a direct message with your full name, business name, full address, and phone number.
• Click "Sign In" if necessary
• Click the "Direct Messaging" icon in the top right corner
• Click the "New message" (pencil and paper) icon
• The "To:" line prompts you to "Type the name of a person". Instead, type "Comcast Business"
• - As you are typing a drop-down list appears. Select “Comcast Business" from that list
• - A “Comcast_Business" graphic replaces the "To:" line
• Type your message in the text area near the bottom of the window
• Press Enter to send it
0
0
flyingrobots
New problem solver
•
37 Messages
2 months ago
Hi @user_d3e5f1,
The problem is that Comcast wants you to use DHCPv6-PD to get routable subnets working on your network. This is a problem if you have servers with static IP addresses because over time, the prefix delegation will change. I have been round and round with Comcast tech support and they basically say it is beyond the line of demarcation and therefore not their problem.
There is a solution however. That is to use FreeBSD's NDP Proxy. When you setup a static IPv6 and have an interface on the same physical network as your cable modem, when you have outgoing packets and subsequent replies, the Comcast modem, instead of just routing those replies to your router, will use Neighbor Discovery (ND) to try to find a destination for the packet.
If you are using NDP Proxy, the Neighbor solicitation requests will be answered by the proxy, telling the modem to send packets to your router's interface. Then they will be routed appropriately.
I am using a pfSense router, where I can install the ndproxy.ko directly on the router. If the Cisco ASA doesn't have a similar feature, you can setup a FreeBSD machine (or virtual machine) on that same network segment as your Cisco and cable modem (you don't even need to give an IPv6 address to that machine) and it will respond to NS requests with an NA that will cause the modem to send packets to your cable modem.
Not the greatest solution, it would be better if Comcast would actually do this properly, but since they are steadfast in being deaf to our requests, this is one way to fix this.
See the man page for NDP Proxy for more information and probably a better description....(https://man.freebsd.org/cgi/man.cgi?query=ndproxy&%3Bapropos=0&%3Bsektion=4&%3Bmanpath=FreeBSD%25252B11-current&%3Bformat=html)
(edited)
1
rob__jr
New problem solver
•
48 Messages
1 month ago
The only way the modem knows next hope for a subnet behind the /56 is by using ipv6-pd. The ASA will need to request a /59 block (not sure if other sizes work) and once it is requested and received, you'll typically get a 3-4 day lease.
Traffice generally stops forwarding after a day, so you need to (manually or via script) renew the release.
If you a prefix hint of a ::/59 you will get a seemingly random ::/59 from your static ::/56 block.
You can also specify an entire ::/59 and the cable mode will (sometimes) honor it. I haven't had luck with this lately.
0
0