Comcast has made a lot of progress on IPv6 and its quite useable. Here is a summary that might help others though it is from a fellow customer and not from Comcast support.
First some basics (as I've noticed a wide variety of experience on this forum - and sometimes with first level comcast techs). IPv4 addresses have a 32 bit address space and are in short supply. IPv6 has a 128 bit address space with an absurd /64 minimum subnet size yielding 40 quintillion addresses per subnet. IPv6 addresses are plentiful. CIDR address notation (Classless Inter-Domain Routing) puts the address first followed by "/" and a prefix length. IPv4 addresses are written as a "dotted quad" with the four 8 bit parts in decimal. For example 220.127.116.11 is an IPv4 address. Trailing .0 can be dropped so 192.168/16 can be expanded to 192.168.0.0/16. IPv6 is written as 16 bit hex values separated by ":". the longest string of zeros can be written as "::". For example 2001:558:feed::1 is a Comcast DNS server which expanding the "::" is 2001:558:feed:0:0:0:0:1. The prefix part such as the 24 in 192.168.1.0/24 is the number of bits that routers use to get packets where they are going. The remainder of bits are used by the subnet. For example, an IPv4 /29 allows 32-29 bits for the subnet and 3 bits represents 8 addresses, but one is used for the subnet (all 5 bits zero), one for subnet broadcast (all 5 bits 1), and one for the comcast router leaving 5 addresses for customer devices (not a lot). An IPv6 /56 prefix allows 128-56 bits for the subnet but is usually subdivided into /64 subnets, allowing 128-(56+64) bits to represent a /64 subnet, or 2 to the power of 8 subnets which is 256 /64 subnets. Because IPv4 address are in short supply (most comcast customers get exactly one address) an IPv4 NAT (Network Address Translator) is used. The NAT allows a non-routable address to be used on the customer side (as per the RFC1918 standard), typically 10/8, 172.16/12, or 192.168/16 and does a translation of IP address and UDP or TCP port number to get a routeable address. Most readers already know this but it doesn't hurt to explain it.
One more bit of basics. Hosts get addresses using DHCP (Dynamic Host Configuration Protocol). With IPv6 routers can also request one or more prefix delegations (PD) from an upstream router using DHCP. This is commonly abbreviated DHCP-PD.
The way comcast allocated IPv6 to customer devices used DHCP-PD and details may be non-obvious. The cable modem uses DHCP-PD to request a prefix for the customer side. If the CM is given a /56 IPv6 prefix it automatically creates a /64 using the lowest address in the /56. The customer equipment finds out about this /64 and gets an address using SLAAC (IPv6 Stateless Address Autoconfiguration). The CM then requires the customer equipment to make DHCP-PD requests to use other parts of the /56 address space.
How well IPv6 works or whether IPv6 works at depends on your cable modem (CM). The list of supported CM is at https://business.comcast.com/help-and-support/internet/comcast-business-cable-modem-device-compatibi... .
Residential subscribers get one dynamic IPv4 address (for use by the routeable side of the NAT) and an IPv6 addresses (/64?). Business customers can pay extra for a static IPv4 (/29, /28, or larger for higher service tiers) and when they do they also get a static IPv6 /56. Otherwise business customers get dynamic addresses (though I don't know the prefix size - I assume /32 and /64).
Business customers have to lease the CM from Comcast and use either SMC SMCD3G-CCR (use is being discontinued), or Netgear CG3000DCR, or one of three Cisco routers. IPv6 doesn't work at all on the SMC CM. The Netgear works well, allowing 16 /64 DHCP prefix delegations however there have been some reports that it tries to do something with VOIP (SIP) traffic that messes up VOIP (not confirmed by me, not discussed in a while so might be fixed?). The Cisco CM are DPC3008, DPC3939B, and DPC3941B. I'm not sure if IPv6 works at all on the DPC3008 since there has been no discussion of it on this forum. In discussions on this forum the DPC3939B does at least provide a useful /64. The thread http://forums.businesshelp.comcast.com/t5/IPV6/Got-IPv6-Working-on-Cisco-DPC3941B/td-p/34270 indicates that the DPC3941B is capable of allocating up to a /59 and that may or may not apply to the DPC3939B. If so, it is likely that a CM firmware update fixed this. The /59 limitation makes sense as with 4 Ethernet and wireless on PD of that size could be allocated on each interface. It would be nice if the whole /56 or at least the top /57 could be allocated, but a /59 is fine. Higher service tiers (ie: 250 Mb/s) are further restricted in CM choice.
Since DHCP-PD is used, if the CM reboot or loses the upstream, the PDs go away and there is no way for the customer equipment to know this. I've solved this with my CG3000DCR by using a periodic cron job that tries a ping and repeating the PD requests if the ping fails. The CM could send a FORCERENEW on reboot (as per RFC3203) if the CM was keeping up with 2001 standards or better yet remember the prior allocations or send a RECONFIGURE (in the DHCPv6 spec RFC3315). OTOH a lot of client DHCP software doesn't respond properly to FORCERENEW or RECONFIGURE (such is the nature of standards conformance).
There is no need to contact support to get IPv6 working unless you need to swap out a CM that doesn't support IPv6 (and are leasing the CM). The prefix allocated to the CM is automatically set up and you can log into the CM and see it. Setting up the DHCPv6-PD client software is your responsibility, not Comcast support.
If you need IPv6 rDNS you do need to contact Comcast support. If you have a very small number of hosts with fixed addresses, you can rely on Comcast DNS servers and provide that short list to support. If you have a lot of hosts with fixed address, then a better idea is asking Comcast support to set up IPv6 DNS delegation for the rDNS zone. If none of this makes sense to you then you should probably not be running rDNS. If you have name servers of your own (not a service that does forward DNS only) then it is up to you to set up your rDNS zones on those nameservers. You can do that ahead of requesting the rDNS delegation which then allows comcast to test. Making the request on this forum seems to be better than contacting support directly and starting at the bottom of the support hierarchy and getting someone that doesn't really understand what IPv6 is let alone what to do and is reluctant to admit that and escallate.
One thing to keep in mind is that if you also have another IPv6 address space, such as a tunnel (for example Hurricane Electric), then you need to be sure that you forward to either the tunnel or directly to the Comcast CM based on IPv6 source address on the packets. The CM will not forward packets with source addresses that it did not assign (an HE tunnel will which might not be a good thing). If you have trouble setting this up you can forward to the tunnel until you are ready to take down the tunnel and rely on Comcast IPv6.
In summary, Comcast IPv6 is now very useable. Congratulations to Comcast for finally putting all the pieces together. If I got anything wrong in this summary or missed any major points then please reply and correct my mistakes.
[Now if only Verizon and others would get a clue.]
Additional local data points
Here is a quote from an email dated January 17, 2013 mentioning Comcast IPv6 service: "Appointment window was 12-2 PM. The Comcast tech arrived about 12:30. Around 2 I was looking at ipv6-test.com via Comcast Business Internet."
This connection uses an SB6121 and an Apple Airport Extreme as described elsewhere in a pinned article. I see much of my Internet traffic using IPv6.
About a year ago, at a local school, Comcast swapped out the old SCM gateway for a DPC3941B. Again, IPv6 was immediately available to all clients.
Bottom line: IPv6 service is and has been robust and reliable here in Plymouth, Michigan.
Hi Networkdude and welcome to the forums! Since the IPv6 static is prefix delegation, it should be possible to configure the firewall although since that would be a network issue, I would definitely reach out for further assistance to the company IT person(s). If you have any other questions or concerns, please let us know!