I have not been able to determine how to configure a firewall for IPv6 with Comcast Ethernet Dedicated Internet. I can't seem to find a useful guide. How does this normally work?
I've been told by tech support that I should have a /126 for a point-to-point subnet and a /48 for my own use, which would be similar to the IPv4 setup. My sales rep believes Comcast should be providing me a subnet, and that I don't have to go to ARIN to get my own. But neither tech support nor my account reps seem to be able to find out what my /126 or my /48 should be, if this is the case.
I'm not sure at this point what to ask. Is IPv6 even available with EDI?
Solved! Go to Solution.
Good afternoon, jmbwell. I appreciate you reaching on your internet questions.
All new EDI customers are provided with both an IPv4 and IPv6. I'll want to verify if you are subscribed to an IPv6 address first. May I please have you private message me your full name, the name of your business, the full address of your business location and the phone number associated with your business account?
Solved, thanks to the forums team and support team.
Here, for future reference, is how it appears to work.
First, make sure IPv6 has been ordered for your circuit. We had done this, but apparently it is not done by default.
Comcast will provision a subnet for your use (/48), and a subnet for a point-to-point (PTP) link between your gateway/firewall and Comcast (/126). Ideally, your project manager will provide this information to you when your circuit is turned up, but if not, someone with tech support should be able to get it for you, hopefully without escalation.
Configuration mirrors IPv4 for EDI: a PTP link on the WAN side and a routed subnet for you to use as needed. Everything on the WAN side is static. Assign your designated PTP IPv6 address to your EDI interface, use the provided PTP gateway address as the upstream gateway, set the subnet size as provided, in our case /126 as expected. You should be able to ping hosts on the public internet from the EDI interface at this point. Then, assign your routed /48 as you see fit… /64s on your various LAN subnets, presumably. Once assigned, you should be able to then ping from addresses in that block on their respective interfaces to the public internet.
If you have to ask, the information you need is:
- Point-to-point subnet and prefix length (ex: 2001:559:xxxx:yyyy::zzz8/126)
- Point-to-point gateway address (ex: 2001:559:xxxx:yyyy::zzz9)
- Point-to-point local address for your EDI interface (ex: 2001:559:xxxx:yyyy::zzza)
- /48 subnet, which won't be in the same block as your PTP subnet. (ex: 2001:559:aabb::/48)
So all I needed, it turns out, was the PTP addresses, and now we're all set. Thanks again.