My previous gateway was just swapped out due to connectivity issues, and I can't seem to get prefix delegation working quite right on the new box.
I'm running pfsense as my router. I seem to be getting correctly delegated prefixes from the gateway via dhcp6. Digging around with tcpdump I see the CGA4131COM isn't routing those delegated prefixes back through the IP they were delegated to, but is sending out neighbor solicitations looking for
[removed customer-specific IP information in public forum thread]
Thanks so much for reaching out about this, RobBanz. As a heads up, I removed the IP address et al in this public thread, but I have it noted on my side here. I can look into the prefix delegation issue and check a few things in our system if you want to send over a private message. To do that, you'll just click on my name and send it with your name, the business name, the complete service address (including city, state, ZIP, suite number, etc), and the phone or account number.
Just a heads up that I worked with Comcast support and they were never able to get this working. We replaced the gateway with the DPC3941B business wireless gateway and everything started working right away. So if you're having issues with the Techniclor swap it out.
Thanks for that info. The tech should be reporting the issue to his supervisor and keeping a record of nonworking devices for that same scenario. I've seen that model work with Sonic walls with no issue and, other Edge routers to be honest so, I'm not too sure it's the model but, I appreciate the feedback and follow up on the recent service visit. If you need assistance in the future, feel free to reach out again. Thanks for choosing Comcast and have a great holiday weekend.
I have a DPC3941B and I cannot get prefix delegation working with it. I first tried pfSense, but I have read countless posts that the only way to get prefix delegation working is to have Comcast replace my gateway with a Netgear CG3000DCR (I submitted a service request to Comcast to have the DCP3941B replaced with the CG3000DCR) or purchase an EdgeRouter. I went ahead and purchased an EdgeRouter. I have spent hours and hours working on this. Any basic information you could provide on how you got prefix delegation working with the DPC3941B would be greatly appreciated.
I sincerely appreciate the additional details and all the information you have provided us. I am sorry you are still having trouble with prefix delegation but I will be happy to do all I can to help. If you can send a private message, I can access your account and assist you further. If possible, can you please include your full-service address, account number, and your name as it appears on your account?
Once they brought the DPC3941B everything just started working with the same config as the CGA box. Here's my configuration:
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > rapid-commit = disable
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > prefix-length = 59
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > host-address = ::1
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > prefix-id:1
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > switch0 (one of my LAN nets) > service=slaac
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > host-address = ::1
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > prefix-id:2
interfaces > ethernet > eth9 (this my internet port) > dhcpv6-pd > pd > 0 > interface > eth7 (one of my WIFI nets) > service=slaac
interfaces > ethernet > eth9 (this my internet port) > firewall > in > ipv6-name = WANv6_IN
interfaces > switch > switch0 > ipv6 > router-advert > prefix = ::/64
interfaces > ethernet > eth7 > ipv6 > router-advert > prefix = ::/64
Hope that helps.
Thanks for spending the time posting your configuration. This will get me pointed in the right direction. I got an email from Comcast Business that they are sending out a technician tomorrow to replace the 3941B with a Netgear CG3000DCR as I requested from tech support last week. I already have Cisco Wi-Fi access points, so I do not need a Wi-Fi business gateway. I will follow up once I get the CG3000DCR and the router setup.
An update. After receiving the Netgear CG3000DCR, my problem was solved. Last month, I bumped my speed up from 150 mbps to 300 mbps and, of course, the Netgear gateway does not support anything higher than 150 mbps. A technician came out to swap out the Netgear gateway with a Technicolor CGA4131COM. Nice to have one gateway support Internet and voice. However, IPv6 DHCP-PD does not work with a firewall or router behind it unless it is placed in bridge mode, which I cannot do, since I have five static IPv4 addresses. So I am back in the same boat as when I had the CGA3941COM gateway and I have abandoned implementing IPv6 in my network. It is disappointing that the old CG3000DCR works great with IPv6 DHCP-PD with a firewall or router behind it and the new Techicolor gateways do not. Hopefully, there will be a firmware update in the future to fix this issue with the Technicolor gateways.
ComcastBiz_Support / Comcast_Joseph -
This statement is completely unrelated to the post/request made by ITGrouch56 as well as multiple other posters/threads in your own forums (bordering on the same level of tone-deafness I’ve encountered).
The statements made by ITGrouch56 are 100% accurate. The CGA4131COM is broken at the firmware level. This escaped both your quality assurance testing as well as any limited scope testing performed before they were released to general availability.
I’ve spent the better part of the last month trying to resolve the exact same issue experienced by the individual who started this thread.
Back at the end of August, my CG3000DCR, which worked for 6+ years in a dual-stack (IPv4/IPv6) configuration behind two different Ubiquiti EdgeRouter firewalls, ceased to function and was slated for replacement.
I was provided a DPC3941B as an initial replacement, after a few days of testing/acclimation, I asked for a different device as latency/packet loss/skew is inconsistent/out-of-spec for even the internal address/static gateway assigned to the provided equipment, much less the outside world. (Google: Puma 6 chipset)
Made several emphatic requests with Tier-2/ECR to simply give me a new CG3000DCR. They were denied by local dispatch/maintenance no fewer than ~5 times, stating the device is EoL and will only cause more issues.
After nearly ~30 days of back and forth, daily emails and calls, local finally ‘caved’ and provided me a used CG3000DCR that was not only covered in white paint spatter, but scratched/gouged on all facets.
Not willing to stand in the way of progress, I accepted the obviously damaged device as the local representative stated it was the only device left, I wouldn’t be receiving another.
We brought it online and provisioned, immediately IPv6/dual-stack connectivity was restored without a single change to my equipment aside from deleting DUID, releasing/renewing the interface.
I was thrilled, sent emails to Executive Customer Relations stating that everything was once again functional, thanking them for the time/effort put into resolving this request.
Not more than literally ~15 minutes after the technician pulled away from the curb, the device hard-locked and refused to even accept ICMP to the inside interface/assigned IPv4-static gateway.
Notified ECR of the failure and was told that they’d have someone onsite the following day.
Less than ~24 hours later I had multiple technicians, including a local VP, respond to my premise (likely trying to find fault with my installation/implementation). I was informed that I wouldn’t be receiving another CG3000DCR, only the CGA4131COM.
To be frank, the CGA4131COM is a very capable device, one that I have zero issue keeping, if it were not for the the fact that it was shipped with broken firmware.
This isn’t conjecture, my opinion, a crazy person rattling nonsense, nor is it my configuration. A nearly ~100 billion dollar company, shipped a broken device. That’s it. It happens. This is a fact.
It took me the better part of a month to not only convince not only ECR/T2 of this fact, but local resources. I’m still not sure how much of them finally seeing the light was simply placation to get me to stop contacting them.
Here’s where we left off:
My last email to ECR and subsequent site-visit was on Sept 25/26th. I was informed that it was now a ‘known issue’ and a new firmware was in the pipeline, slated for testing/deployment within ~2 weeks. However, this wouldn’t apply to me because I’m a static customer that routes their block over RIPv2, which requires a different firmware. This firmware for static customers would be available ‘middle of November’
Needing to move on with life, I accepted this, adding additional cost to my monthly totals with Amazon Web Services to spin up a bastion/testing host for only IPv6. Not only is this inconvenient, but it doesn’t work for the majority of test-cases I’d generally leverage IPv6 for.
As a provider myself who works in the telecommunications space, my needs are significantly different than the average Xfinity/Comcast Business customer. But it cannot be overstated how much this has impacted my workflow.
I just wanted to type this up so that anyone else encountering this issue can rest assured, it’s not you. It’s the modem. I don’t care what response I receive to this, if any, your CGA4131COM has broken firmware. It needs to be escalated to the appropriate parties.
I’m not hopeful this is going to be resolved soon as even the NOC staff looked at this as a ‘dude, fix your configuration’-issue. But I can remain hopeful that this isn’t falling of deaf ears.
I await my boiler-plate/copy-pasta response about how Comcast supports IPv6 and I should real support/KB-document ‘XYZ’ as to how to configure my equipment.
Likely going to shamelessly necro-post any related threads I see with the term ‘CGA4131COM’ because I’ve seen a trend where you prefer to take these threads offline, which negates the entire purpose of a community forum like this.
If anyone within the organization is curious enough to follow up, I’d be happy to provide private details via DM, as long as we agree to continue the brunt of the discussion in an open forum as to benefit others like myself who have met the same brick wall.
For the .00001% of people who made it this far, thanks!
I've been fighting this exact issue for almost a year now and arrived at the results from OP, having the same CGA4131COM gateway, but using 3x different routers/firewalls with the exact same results (Ubiquiti USG, Sophos UTM and MikroTik RouterBoard).
The Prefix gets delegated when asked, from all 3 devices. No issues with PD and get /59's delegated from the CGA4131COM, but when doing a pcap between the gateway and my edge devices, i see Neighbor Solicitations coming out of the gateway, as if they're on the same L2 segment (but obviously are not). Gateway is just not routing to the device owning the source prefix, it just tries to send the packet directly and fails.
I'm glad i see the exact same behavior from others out there, and disappointed that Comcast hasn't addressed. Up until finding this I assumed my config was flawed. I'll be calling Comcast tomorrow and starting the uphill battle there.
Thanks for taking the time to reach out to us through our business forums regarding your static Ip routing concerns. I would love to assist you. Can you please reach out through private message with your first and last name, full service address and account number or phone number and we will dig into this with you. -Comcast_Michelle