to expand on my comment, I am OK with renting equipment from Comcast, and letting them own/manage everything up to the egress of the the modem/bridge, DCE. Once the formatted signal leaves the DCE, I should be able to take that signal and associated sservices into the ingress of my own router, CPE. I'm paying for signal and services, and I should be able to manage those on my side as I see fit for my business, within the Acceptable Use clauses of course...This is no different than buying T1, PRI signal/services, you usually get a DCE CSU/DSU from the provider, then you transmit the signal and associated services into your own router, there is no requirement for static IP's to reside on the CSU/DSU
Welcome Kwisatz. Thank you for the post. Comcast does offer that functionality at the Enterprise Level of service. However we will update the Product Team with your concerns.
I don't work for Comcast, but I believe the root of the issue is this: The Comcast-supplied routers for the DOCSIS business service first acquire an IP address from DHCP, then use RIPv2 to announce your static IP block via that address into Comcast's local/regional network.
The RIPv2 announcement is authenticated by an md5 secret that is shared between your Comcast-supplied router and the routers in Comcast's network. This prevents you from announcing arbitrary IP blocks (which you aren't paying for, and which might conflict with other subscribers) into Comcast's network. Because of this, Comcast is unwilling to let you (the subscriber) know your account's md5 secret.
If you *did* know the RIPv2 md5 secret for your Comcast account, you could use a layer 2 bridge (i.e. a residential type cable modem such as the Motorola SB6141) to interface with Comcast's layer 1/2 network, then plug the Ethernet side of that bridge into a router of your choice. You would set your router to obtain an IP address via DHCP on its WAN interface (the interface plugged into the cable modem), and then announce your static IP block over that interface using RIPv2.
At that point, your router would be in full control of every aspect of your connection except for your package's speed limits, which would still be enforced by the DOCSIS modem. Your router could be just about anything you might want; be it Cisco/Juniper/etc equipment, a Linux box running Quagga, etc...
Personally, I would *really, really* like it if Comcast would allow this type of setup, although from a security and support standpoint, I think I understand why they don't.
They could switch to OSPF and do route announcement filtering on their side. This way you can announce whatever you want but only the range actually allocated to you could be properly announced.