This has been my experience so far with ipv6 on these different business class modems
SMC D3GCCR - modem doesn't route the sub-prefix delegation correctly breaking ipv6 connectivity
Cisco DPC3939B - ipv6 works properly for directly attached computers but the sub-prefix delegation isn't working
Netgear CG3000CDR - ipv6 for directly attached computers and sub-prefix delegation for router/firewall work correctly
So far only the Netgear is able to do what I needed for ipv6. Sorry I didn't record the firmware versions of the SMC or Cisco. The Netgear I have uses hardware version 1.04 and firmware version V3.01.04.
I'm not sure I am hitting the same issue mentioned in this thread or not...
I have a SMC D3GCCR here, and my Linux Firewall correctly gets a ipv6 address and sees a /64 prefix and all that works fine.
However, I don't seem to be able to get any other prefix from the router.
dhclient -v -6 -d gives me only:
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA_NA 21:40:e9:7c
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: Solicit on cable, interval 1080ms.
XMT: Forming Solicit, 1080 ms elapsed.
I can't seem to login to the SMC. I suppose I need to call to get them to reset the login on it?
(Side note: is there any email or web based way to submit requests to comcast business support? Calling all the time takes up a lot of time, especially when the request isn't urgent).
Thanks for any tips or pointers.
Yes, prefix delegation and v6 routing are both broken/MIA on the SMC. We've been waiting for a couple of months for a fix...so far no word on if it's coming or not.
My guess is that the SMC designers never intended the device to be deployed with both an RG and Dynamic configuration simultaneously. The decision to deploy statically or dynamically would seem to apply to both v4 and v6.
The SMC works fine if you don't delegate and just attach a v6 client to the LAN side of the gateway.
I wouldn't be surprised to see the SMC dropped off the compatibility list moving forward if this issue lags too far behind the curve.
Yeah, with the SMC only having 4-channels downstream (meaning it's not compatible with 150mbps+ speed tiers) I imagine the unit will be end-of-lifed soon, so the motivation to fix these v6 problems probably isn't high.
My hunch is that the vendors are waiting for full static v6 to roll out fixes for these numerous problems.
The only problem with that is Comcast cant move forward with the IPv6 upgrade while 2/3 of the modems (Smc and Cisco) in use are not compatible with the standard.
The only problem with that is Comcast cant move forward with the IPv6 upgrade while 2/3 of the modems (Smc and Cisco) in use are not compatible with the standard.
If SMC up-revs the model that BCI deploys, I'm sure they will notify people that they need to upgrade. Sometime the hardware just won't cut it any longer and you don't find out until the middle of a project. Murphy's law.
I would just wish that a timeline to resolution would be communicated. The BCI IPv6 rollout appears to be a very low priority to Comcast, but for us who need the service it has a high priority. For my needs, Sonic.net is not only cheaper, but has working v6 and fewer of the niggles that are present in BCI. Possibly time to make a move.
Well the change for Comcast is complicated.
The Comcast static IP works like this.
Head End assigns a DHCP address to your modem.
Your modem accepts the DHCP address
Your modem notifies the RIP server that the next hop to your static IP is your modem DHCP address.
It appears that the RIP that they are using is not IPv6 compatible so it's a complicated change.
Also your modem is not only natting (if you are using it) but routing the traffic from the DHCP address to your static IPs.
Add routing IPv6 on top of it (Prefix-Delegation) and that may be more than the modem can handle.
On the residential side it's simpler because there is no 'next hop' RIP routing table to deal with.
The modem gets a DHCP both IPv4 and IPv6 and you're off to the races.
As for moving... my business class internet was costing me so much I could move my exchange server to an Amazon EC2 platform and go to residential service and still save money. I get 25 MB for a year for $29.99 where I was getting 16 MB for $69.99 plus statics and equipment fees. Oh yeah I bought my own modem too!
I'm running into what appears to be the exact same issue with the SMC modem. I see the ipv6 traffic hitting a remote server(that has working native ipv6), but the return traffic for the delegated subnet is never making it to the LAN side of the modem(confirmed with a mirrored port switch).
Would changing to the Netgear modem cause any more issues? Or is there any progress/hope on an SMC firmware update?
Gave up and had a tech replace the SMC for a netgear modem. Native ipv6 works out of the box now. For me the ipv6 DP size is 60(not 56 or 64), and the PFSense setup from here works great:
Here we are, ~ six months later, and still no working update for the SMC. Can we get information on the path forward?
If it's the Netgear, then let's hear it. Otherwise, when is the SMC going to function as intended? Comcast just upped the monthly fee for the gateway, so I'd like to see some return on that spend.
As I mentioned in my other thread the SMC reboots itself every 6 hours or so when you enable IPv6 routing on it for inbound IPv6 connections. Based on Comcast ignoring the issue here it seems as though the SMC is a dead end.
As the new routers they are deploying are coming from Cisco I would assume that SMC lost the contract to supply new devices, and so has instructred their programmers to stop work on any firmware corrections.
I am a NEWBIE....to the SERVER realm. : / Quite proficient in computer tech though.
Can someone, in VERY simple terms, tell me what Dual-Stack is? Is it something I need or really just don't need to bother with? What is the BENEFIT of using it? Small offive of 5 users or so. Windows Server 2012 R2 Essentials, DPC3939B, client workstations, everything connected to a 8 port Trendnet switch. Trying to keep as simple as possible.
"Dual-Stack" just means that your computers or devices have both IPv4 AND IPv6 connectivity. An "ipconfig" on Windows would show both v4 and v6 addresses. Windows (and most modern Apple/Android/etc devices) will prefer IPv6, but will switch back to v4 if v6 connectivity times out.
In terms of benefit..... you wouldn't really notice a performance increase/decrease by using one over the other. The future is obviously going IPv6, and eventually v4 will be obsolete. At that point, we will no longer have a need for "dual stack" connectivity. Right now, the priority is "low-to-medium" I would say.
wow...thank you for the easy explanation...much appreciated. : )
Yes, I have been reading a lot about all of this.... and the way you explained it made it easy for me to grasp.. so it lines up with what I ahve been reading that was in complex terms...but got the jist it was talking about IPv4 and IPv6 living together in this transistion phase.
Thank you train_wreck, I can tell you enjoy helping people with these things...and yes, it is quite archaic to me at times. Just like anything, once you learn something, it's no big deal...but sometimes professional help such as yours is the only thing that will help get a better understanding of the not so easy to understand. ; )
The Netgear is the only one that does proper delegation but it does not work with Voice over IP and it also does not support the highest 150Mbt/s and above speeds.
To exchange for it, call Comcast tech support, and explain you want the modem swapped because you need proper IPv6 prefix delegation. It is almost a sure bet the first level support person will not understand this. Just keep gently insisting you want the Netgear. 2nd level support will understand this but they will want to know if your running VoIP. Lastly, first level support will also have problems because the Netgear is no longer listed on their screens. Just tell them to select SMC and put an explanation in the notes to supply a Netgear not an SMC.
Lastly, if you do NOT have a static IP or Ips, you should NOT be bothering with the Comcast-supplied equipment. Just buy your own :dumb" cable modem from the approved list, like a Motorola, and use your own router.
I do not think there is a workable solution to have both IPv6 and a static address. I had the SMC and ran into the issues well explained elsewhere. I called to get the Netgear modem, but was informed that if I went with Netgear, I would not longer be able to host my mail internally as the Netgear blocks port 25. (So much for business class service.) As some posters on this forum seemed to report that the Cisco modem worked, I went with that modem. Unfortunately, it does not work at all for IPv6 either.
Even though this was a service call to replace a defective modem, and I had been assured I would not be charged, the next bill showed a service call. I had that pulled off the bill, but it looks like it was added back again in this month's bill.
So not only do I not have IPv6 service, I am now fighting a charge for a replacement for a defective modem.
At this point, I am wondering if I really need a static IP address at all. If I can get a good Dynamic DNS service that can accept updated via the Update DNS protocol to update my A, AAAA, and MX records, I might be able switch to a dynamic IP address. This would save me both the modem rental and static IP address charge. It looks to me that that is a win in the long run, as the dynamic DNS service seems to be free to about half of Comcast's modem and static IP charges.
I don't know if that means the Netgear equipment isn't available in the Atlanta area (possible), nobody in support knows (also possible), or they're just plain lying to me (wouldn't be the first time Comcast did. Third or fourth I think).
As far as I've known, all gateways right now will hand out 2601:: addresses to any directly connected device, and the Netgear CG3000DCR will also provide sub-delegation for connected routers.
It has to do with Comcast's static IP implementation. The idea is, the rented Comcast gateway's announce your static subnet to the various back-end (CRAN) servers using a secured routing protocol implementation (RIPv2, I believe) that they manage from their end. All you as the customer have to do is configure your end devices with the provisioned subnet values, and plug them into the 4-port switch. I suppose the intention is to make it super-simple for the customer; no knowledge of routing protocols required.
Though I agree with you somewhat; I don't see a technical reason why an off-the-shelf retail cable modem couldn't have this functionality.
Well heck, that's downright helpful! I'm in the process of trying to get them to swap the Cisco for the Netgear now.
That is also helpful! Well, more informative really, but still good.
Interestingly, Comcast lists the DPC3008 cable modem as available, non-retail (custom built for Comcast) and IPv6 capable, but according to the tech I've been annoying it isn't actually available (and if it was, it would be a pain in their butts). He said it was part of an interim solution for business wifi before they got the gateways with builtin wifi. I looked up the specs for it and some other DOCSIS3 cable modems, and none offered RIP (v1 or v2) management, so it may not have been statically addressable unless Comcast (also) used SNMPv3 for secure management.
Regardless, "super-simple for the customer" may make sense for home or SOHO customers, but not so much for an enterprise with in-house IT. Bit of a scaleability issue.
I would very much agree
My guess is that the vast majority of customers who purchase "Comcast Business" in the HFC (coaxial-based) form are likely home businesses/small businesses, often with no dedicated IT staff (or a rather small one). Customers who want advanced control over routing functions, etc. generally tend to be larger corporations or enterprises that end up ordering either the Comcast fiber-based services ("Metro ethernet"), or other more specialized ISP connections.
That said, there are many small business IT personnel that would love more control over more features (I am one of them!)
Well, I work for a fairly large subsidiary of a very, very large (top 10 globally) corporation, but our branch offices face limited options for connectivity. For two of the twenty-some-odd offices, comcast is both the fastest and most cost-effective option available. Much better than the bundle of T1's we had been stuck with. IPv6 isn't even available at most of the rest.
It just happens that one of those two offices is where our one networking guy (me) is starting to build out AD, using a Win Server router instead of linux for the first time and pulling some hair out.
Anyhow, Comcast brought me a netgear, which claims to be handing out a /56 prefix, but advertises /64 even with the "Customer defined prefix" set to the same (seems to do exactly nothing).
RA sends - 2601:xx:xxxx:xx00::/64
Even if custom prefix set to 2601:xx:xxxx:xx00::/56
It also sets its link-local address as the gateway to route 2601:xx:xxxx:xx00::/56, which I'm pretty sure is also wrong.
You have one of these, right? Any advice?
EDIT: Also tried with /60 custom prefix (2601:xx:xxxx:xx30::/60). Still advertised as /64, still makes itself the gateway for the /60
I have one of these and in fact http://www.portlandiacloudservices.com has an IPv6 address that is assigned from it. I also have it setup to hand out additonal IPv6 subnets. I also run a /28 of static IPv4.
I can walk you through my config if you like, in this forum. But, before you get started you have to understand that you will NEVER get it to work properly using a Windows Server as your router to the rest of the world. I use a Cisco 1800 router, you MIGHT get a VERY CURRENT version of dd-wrt running on a NV64k or later like a recent Linksys or Netgear with a 400Mhz CPU to do it - and you can get Ubuntu 14 to work out of the box as a router - Ubuntu 12 has some bugs but can be knocked into submission - but forget using Windows Server as a router.
Here's the overview:
The situation with IPv6 is as follows:
Comcast is currently NOT handing out IPv6 static IP addresses. The problem is that
most (if not all) of their CPE modem devices are badly busted with IPv6. The
biggest problem is assignment of local smaller networks is broken on all of them
except the Netgear - and that device has problems with SIP ALG.
However they ARE handing out dynamically assigned IPv6 subnets to their routers and
their routers will pick up one /56 from Comcast. Because these are dynamically
assigned Comcast will not create PTR records for them so it is not possible to use
them for outgoing email.
The Netgear firmware works after a fashion with IPv6. For SLAAC it works perfectly if
all devices are plugged directly into it. However for subnetting IPv6, you cannot
enter a static IPv6 route into it. So you cannot manually subnet using a combination of
SLAAC and static routes.
You can use Prefix Delegation with IPv6 on the Netgear. You must turn on DHCPv6
then your router behind it must make a DHCP PD request.
With IPv6 it does not hand out default gateway IP addresses using DHCP. Your host must listen
to route advertisements. If you have a router the router must have a default IPv6 gateway
hard coded into it because routers don't pay attention to IPv6 default GW route advertisements
If you don't want to go here and you want to stick with Windows Server, then your going to have to
figure it out by yourself. I am not going to assist in helping someone beat their head against a
Well, I know there would be problems if the prefix changes (though the gateway does allow me to set a /56, I don't know how static it is), but now I'm determined to make it work.
Windows is getting the default routes from the gateway's RA, including the /56 from Comcast. And the ICMPv6 packets that the gateway responds with to tell me it won't accept a packet I send route back the sending client just fine. So I'm able to route to and from the gateway.
As I understand it (admittedly limited), packets with source prefix matching the assigned /56 should be sent to the gateway's link-local as it is the next hop for said prefix on the way out. But the gateway kicks them back even when the originating interface is directly connected to it. So I don't think it's a routing issue at all, the gateway just won't accept the packets.
I've even tried assigning my external interface addresses with /56 and /60 prefixes with and without the 64th bit set (my math could be off - last hex digit of prefix set to 0 or 1. gateway has 0). No matter what the prefix length, the gateway kicks it back if that last bit is flipped. What I gather from the IETF's docs (before they put me to sleep) tells me this is not how it's supposed to work. So all I can come up with is that the filters are set to match all 64 bits instead of 56.
Oh, and thank you. You have already provided several orders of magnitude more information than anyone at comcast has. Hell, they never even once mentioned routing tables, even when I asked. They did offer to send me another Cisco, which as you pointed out won't do smaller networks at all. Thank god we don't need SIP or PTR records!
I'd just order a working modem if we didn't need static IP4. I can't believe Comcast has gone years without providing equipment that works.
No, I can. After all, they are the company that swore to me there was no data cap, then told me it was being increased to 300gb/month six months later. (sorry to vent, I'm very annoyed with them)
"..Well, I know there would be problems if the prefix changes (though the gateway does allow me to set a /56, I don't know how static it is),.."
The gateway will not work at all if you do anything to statically set any IPv6 parameter in the gateway
"..Windows is getting the default routes from the gateway's RA, including the /56 from Comcast..."
Please print your route table. At the Windows command line type
and copy and paste the IPv6 Route Table to a post here. (you can change the IP addresses if you want in a
trivial manner, change an a to a b or some such if your afraid of posting real IPs)
"...And the ICMPv6 packets that the gateway responds with to tell me it won't accept a packet I send route back the sending client just fine. So I'm able to route to and from the gateway.
As I understand it (admittedly limited), packets with source prefix matching the assigned /56 should be sent to the gateway's link-local as it is the next hop for said prefix on the way out.
"..But the gateway kicks them back even when the originating interface is directly connected to it. So I don't think it's a routing issue at all, the gateway just won't accept the packets..."
What is the gateway - the comcast netgear? Or the comcast cisco? What is the comcast router model?
Do a print screen of the settings and post here.
"..I've even tried assigning my external interface addresses with /56 and /60 prefixes with and without the 64th bit set (my math could be off - last hex digit of prefix set to 0 or 1. gateway has 0). No matter what the prefix length, the gateway kicks it back if that last bit is flipped. What I gather from the IETF's docs (before they put me to sleep) tells me this is not how it's supposed to work. So all I can come up with is that the filters are set to match all 64 bits instead of 56..."
Do not statically assign anything on windows in IPv6 leave everything on windows set to automatic or it will NOT work at all!!!!!!! This is true EVEN IF you are running your own router and your windows system is behind it!!! Can you explain your network setup a bit better - is this a single cable modem with a single windows system running internet sharing? Do you have a single static IPv4 IP or multiple ones?
Here's the routing table as it is right now. There are artifacts from my last round of attempts, but the routes from the gateway are there.
Interface 12 is WAN, 13 is LAN, 14 and up are VPN, 6-to-4 and direct access interfaces that aren't doing anything at the moment. I've had them on and off.
You'll also see a mix of manual and autoconf'd addresses. I think these are the routes that allowed me to ping (but get the ingress/egress reply) the gateway from the LAN, but I'm not advertising them internally, so I can't double check.
12 ff00::/8 ::
13 ff00::/8 ::
1 ff00::/8 ::
12 fe80::rout:er:wan:ifce/128 ::
13 fe80::rout:er:lan:ifce/128 ::
15 fe80::200:5efe:my.stat.ici.p4/128 ::
14 fe80::ffff:ffff:fffe/128 ::
16 fe80::5efe:int.lan.ip.4/128 ::
14 fe80::/64 ::
12 fe80::/64 ::
13 fe80::/64 ::
13 2601:xx:xxxx:xx37::1/128 ::
13 2601:xx:xxxx:xx37::/128 ::
13 2601:xx:xxxx:xx37::/64 ::
12 2601:xx:xxxx:xx01::/64 :: <-testing
12 2601:xx:xxxx:xx00:rout:er:wan:ifce/128 ::
12 2601:xx:xxxx:xx00::beef/128 :: <-testing
13 2601:xx:xxxx:xx00::abcd/128 :: <-testing
12 2601:xx:xxxx:xx00::/64 ::
12 2601:xx:xxxx:xx00::/60 :: <-testing
12 2601:xx:xxxx:xx00::/56 fe80::gate:way:link:local <-From RA
13 2601:xx:xxxx:xx00::/56 ::
14 2001::/32 ::
1 ::1/128 ::
12 ::/0 fe80::gate:way:link:local <- From RA
I've tried with the prefix and DHCP unchecked as well, this is how it is right now.
From the Gateway's Status page:
|Operating Mode||Residential Gateway|
|System Uptime||4 days 01h:41m:33s|
|Date||12 - 21 - 2015|
I have one static IP4 address.
The layout is like this:
Gateway - <WAN iface>Server 2012r2 RRAS<LAN iface> - LAN (managed switch)
When I have router and route advertising enabled on the LAN, everything can ping the gateway but only the WAN interface can ping through it.
I do not have "enable unicast" turned on on my Netgear but I do not think it matters much either way.
As for your route tables, they are not showing that a DHCP PD request was made or received
Please set your LAN and WAN IPv6 interfaces to obtain automatically. Remove all static IPv6 anything.
Turn on DHCP client logging - read this:
Copy the System Delegated Prefix from your Netgear interface screen to
Select IPv6 and click calculate. There should be a link to 16 /60s click it
The highest /60 in the list is the one the Netgear will hand out in response to a proper PD request. Note down that
Plug in the WAN interface of the Windows box to the Netgear. Look at the DHCP client log on the Windows sytem. Did it request a prefix from the Netgear? Did it get one back? The prefix should have been on that list you got from gestioip.net was it?
Turn on RA logging in Windows. Look here:
Does the RA service show it's advertising the correct prefix?
In summary - here is the problem in a nutshell - the Netgear is a black box - you don't have access to it's router logs - so you cannot see what it's getting from the Windows box - you can't see if it's installing the correct static routes in it's IPv6 route table - you can only guess.
If you have your OWN router that has a complete set of logs - then your problem is like a sighted person leaving a blind man around. It can be done but it's not easy.
If your own router is a Windows box that issues no logging at all - then it also is just a black box - so now you have 2 black boxes you have zero visibility into that your trying to get working - it's like the blind leading the blind.
One last thing - you can always use an actual router - like a cisco, or even a linux box with better logging on it - to establish the netgear is working - then put the windows box in as a router and see if you can get it working.
Does the RA service show it's advertising the correct prefix?
I can do one better - Here's an RA packet I capped with wireshark:
Frame 2: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface 0
Ethernet II, Src: Netgear_ed:1d:32 (xx:xx:xx:xx:1d:32), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::xxxx:xxxx:feed:1d32, Dst: ff02::1
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Checksum: 0xebb6 [correct]
Cur hop limit: 64
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : xx:xx:xx:xx:1d:32)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: Netgear_ed:1d:32 (xx:xx:xx:xx:1d:32)
ICMPv6 Option (Prefix information : 2601:xx:xxxx:XX00::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Valid Lifetime: 345600
Preferred Lifetime: 345600
ICMPv6 Option (Route Information : Medium 2601:xx:xxxx:XX00::/56)
Type: Route Information (24)
Length: 3 (24 bytes)
Prefix Length: 56
Route Lifetime: 3600
ICMPv6 Option (Recursive DNS Server 2001:558:feed::1 2001:558:feed::2)
Type: Recursive DNS Server (25)
Length: 5 (40 bytes)
Recursive DNS Servers: 2001:558:feed::1
Recursive DNS Servers: 2001:558:feed::2
I have yet to find a way to get windows to actually request a PD. All I've found on the subject is that Vista needs ICS turned on for it (I'm wary of doing so on a server, especially since... vista. Don't know enough about ICS really. I'll rectify that).
DHCP6 Client event log is just a series of these:
Router Advertisement settings have been changed on the network adapter 12. The current M - Managed Address Configuration flag is false and the O - Other Stateful Configuration flag is true. User Action: If you are seeing this event frequently, then it could be due to frequent change in M and O flag settings on the router in the network. Please contact your network administrator to have it resolved.
Though I have to go back weeks to find any where the settings actually changed. Except for just now when I changed the interface settings again. The cmdlets are strange, had to set advertising, M, O, and dhcp on, then O on again, then turn off advertising (which sets O back off) in order to get ND and DHCP traffic going.
Right now, Server's neighbor ads have router and override flags set.
Option: Option Request (6)
Requested Option code: Domain Search List (24)
Requested Option code: DNS recursive name server (23)
Requested Option code: Vendor-specific Information (17)
Requested Option code: Lifetime (32)
Gateway replies with the values for those 4 options.
Just in case, Here's the interface config (get-netipinterface | fl).
InterfaceIndex : 12
InterfaceAlias : WAN
AddressFamily : IPv6
Forwarding : Enabled
Advertising : Disabled
NlMtu(Bytes) : 1500
AutomaticMetric : Enabled
InterfaceMetric : 10
NeighborDiscoverySupported : Yes
NeighborUnreachabilityDetection : Enabled
BaseReachableTime(ms) : 30000
ReachableTime(ms) : 35500
RetransmitTime(ms) : 1000
DadTransmits : 1
DadRetransmitTime(ms) : 1000
RouterDiscovery : Enabled
ManagedAddressConfiguration : Disabled
OtherStatefulConfiguration : Enabled
WeakHostSend : Disabled
WeakHostReceive : Disabled
IgnoreDefaultRoutes : Disabled
AdvertisedRouterLifetime : 00:30:00
AdvertiseDefaultRoute : Disabled
CurrentHopLimit : 64
ForceArpNdWolPattern : Disabled
DirectedMacWolPattern : Disabled
EcnMarking : AppDecide
Dhcp : Enabled
ConnectionState : Connected
PolicyStore : ActiveStore
CompartmentId : 1
If I can, I'll give it a shot.
Things like removing any static addresses will have to wait till I can reboot without causing trouble for the office.
Until you can get a PD request packet issued you are dead in the water. No amount of mucking around with RAs is going to do anything.
The fundamental problem here is that the Comcast router/modem MUST enter an IPv6 route in it's route table for one of those /60s pointing that /60 to your Windows box.. It can only do that by delegating a /60 to a router that uses DHCPv6 to request a PD. The Comcast router is not at all interested in what you are sending it via RA. It pays no attention to RAs. And I believe it also pays no attention to static route entries made into the static route customer interface and I am not sure that interface will even take IPv6 static route entries.
I have also read the same thing that Windows will not issue a DHCPv6-PD request unless ICS is turned on. The problem here of course is that when you turn ICS on you turn the Windows box into an address translator. So, IPv4 subnet routing is out of the question. And who knows if the Windows box, when acting as an ICS system, will attempt to "translate" the IPv6 or not. Personally I believe that Microsoft is probably not even testing ICS code anymore since you can get a brand new wireless N router for under $200 that will make a better address translator and a faster router than any Windows system ever could.
I have several customers with remote offices, some with many remote offices. In all of those cases I've deployed the Cisco RV320's (I used to deploy the RVD4000s but those are obsolete) It almost always requires a renumber out of the 192.168.1 subnet at the remote office and I've gotten some squawking in the past over it. That allows me to setup a gateway2gateway IPSec VPN from the remote site and then the remotes can join the domain like normal regular folks. In some of those setups the larger remote offices do have Windows servers which of course are also joined to the domain. The RV320's a stable, their IPSec VPN's are highly stable, and they will readily establish a VPN to a Cisco ASA firewall. For the largest customers I have I use ASA's at the main office and the largest one has over 70 remote offices, all with dedicated IPSec ZVPNs coming into an ASA.
Does anyone know if the Cisco 3941 prefix delegation issues have been corrected at this time? We're curently using the Netgear with success, but it periodically freezes requiring a power cycle. The Cisco 3941 seems to be the only replacement available through Comcast, but we want to be sure that PD support is working properly before making the change.
No, it doesn't work.
The DCP3941 is worthless when it comes to IPv6. The issues:
1) IPv6 prefix delegation doesn't work.
2) The firewall code randomly drops TCP connections. You can disable the firewalling for IPv4, but even though the GUI gives you options to do this for IPv6, it doesn't actually completely turn off the firewall. The consequences is that Google and other IPv6 services tend to hang while the browser tries to use what it thinks is a currently open connection.
From what I can tell, Comcast is likely not serious about fixing either issue, so my suggestion is to turn off IPv6 unless you have an actual business need for it. I know that's lousy, and it absolutely pains me to say that since I am as big of an IPv6 advocate as anyone - but I need my internet connection to work.
GSFL, freezing isn't a known issue with those Netgears. It is, however, a known issue with cable lines that have signaling issues. And it is also a known issue with some AC power adapters particularly as they age.
I would not write off the Netgear just yet. Call support and make sure that you are getting good signal and that they are seeing good signal. Maybe an attenuator or a splitter is failing. And find an AC adapter that is the same voltage and current and polarity as the Netgear one and try swapping it for a few days.
Hello jhodge and welcome to forums,
I would like to send a factory rest to your modem to try and get your interface to work properly. This process can take up to 40 minutes to complete. Would you please send a private message with the best time of day to move forward with this trouble shooting?
Comcast_Michael, I've opened almost 20 requests with phone support with tier 2 ignoring me on this same issue. I have a /56 and a Cisco modem, and I can't get any of the subnets assigned to my internal network. What is the point of a /56 when only the first /64 is available, and only on the external interface?
This thread has gone on for 3 months and no resolution. That's a bad sign. I can't imaging what this is costing Comcast in support costs so getting information out to Comcast level 2 and customers seems to me to be something Comcast should be doing.
Here is what I know as a fellow lowly customer. The SMC D3GCCR IPv6 is hopeless. From what I've read (on this thread and elsewhere) the Cisco CMs provided by Comcast won't get you anything but a /64. The Netgear will get you a /60 at this point but has some limitations, a few flat out bugs, and some quirks.
You could try getting the Cisco swapped out for a Netgear as long as you can live with the Netgear limitations. I hear that SIP doesn't work but haven't confirmed that. The Netgear won't support 150 Mb/s service. The Netgear will get you a /60. I struggled with my Netgear CM for a bit and got the /60 allocation working. The thread "Netgear CG3000DCR IPv6 bugs and quirks" at http://forums.businesshelp.comcast.com/t5/IPV6/Netgear-CG3000DCR-IPv6-bugs-and-quirks/m-p/31290 will help if you get the CM swapped out.
Hope this helps.
There isn't going to be a resolution for the SMC. Comcast previously announced that they are withdrawing support for IPv6 on the device: