Recently I posted this guide to the IPv6 mailing list: I am repeating the information in this post. It is long, sorry! The IPv6 mailing list is quite useful, I recommend it. Here's the link to the message I posted:
Summary of Comcast's support of IPv6 on their Cable Modems:
This is the most current up to date info I have been able to gather and my reccomendations.
I have had direct experience with all 3 of the Comcast business rental devices, the Cisco DPC3939B AKA Cisco BWG, the Netgear CG3000DCR, and the SMC D3G.
If you want IPv6 support you must select the proper cable modem and/or router for your network environment. All 3 devices have IPv6 bugs and limitations, and work well in some environments, and poorly in others.
It has been 6 months since the last go-around with Comcast to address IPv6 firmware bugs. I have no reason to believe that there will be further firmware fixes for the Netgear or SMC gateways. The Cisco 3939B may eventually get more fixes but Cisco is notoriously slow to release bug fixes.
Hopefully this will assist business customers who wish to get IPv6 access going on their network. If your a residential customer I would suggest your best bet is to buy a simple DOCSIS 3 cable modem off of the Supported Devices list here, http://mydeviceinfo.comcast.net/, have Xfinity/Comcast configure it for bridging, then run a modern 802.11n 5Ghz router as your gateway. The savings on device rental will pay for itself in 7 months.
Note that I do not work for Comcast and am only speaking as a Comcast customer.
SOME THINGS TO KNOW:
Comcast has run 2 IPv6 trials so far. The first trial was years ago and was IPv6 tunneled over IPv4. That was eventually shut down. The second trial was in 2014 and ended late 2014/early 2015. Comcast has been rolling out IPv6 in production to endpoints since that time. Comcast expected to offer static IPv6 early this year but CPE problems have (apparently) delayed this. Despite this, you can treat the DHCP-assigned IPv6 as static, (if you have a UPS and don't allow your cable modem to go offline for periods of time) This will allow you to serve out anything that does not require PTR records. (like email)
Comcast offers 2 "tiers" of service, Residential-branded-Xfinity service and "comcast business" service. NO static IPv4 addresses are available on the Residential service. Furthermore, Comcast's Terms of Service prohibits running public servers on it's Residential service: http://www.xfinity.com/Corporate/Customers/Policies/HighSpeedInternetAUP.html
"...use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers;..."
Comcast enforces this with a list of Blocked Ports: http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports/
this list includes SMTP. Because of this IPv6 connectivity on Comcast Residential can only be considered in terms of "IPv6 clients access to the Internet's IPv6 Services"
Comcast's Business Service ToS permits public servers. In order for public servers to be effectively used they must have static IP addresses, and forward and reverse PTR records in DNS. Comcast sells static IPv4 both single IP addresses and subnets and they will enter PTR records for IPv4 they have statically assigned. Subscribers ARE REQUIRED to "rent" Comcast-supplied Customer Premise Equipment (CPEs) in order to have static IPv4 subnets. These restrictions prompted this post, as having CORRECTLY FUNCTIONING IPv6 ON COMCAST-SUPPLIED CABLE MODEMS is a REQUIREMENT for business customers being able to use IPv6 in a "client mode" as well as offer IPv6-enabled services to the Internet.
There is very little to gain for a business customer on Comcast to sign up for a "Comcast Business" account and NOT use static IP addresses, such customers would be well advised to subscribe for a Residential account and save their money.
Comcast is also rolling out 150Mb+ speeds that require more channel support on the CPEs. Most existing CPEs in service DO NOT have this support.
IPv6 OPERATIONS - RESIDENTIAL
Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices.
DUE TO VARIOUS PROBLEMS AND CPE BUGS AS WELL AS THE EXPENSE OF RENTAL, RESIDENTIAL CUSTOMERS WANTING TO RUN IPv6 SHOULD PURCHASE THEIR OWN CPE AND RUN AN IPv6-ENABLED ROUTER BEHIND A CABLE MODEM IN "BRIDGED" MODE.
A list of these is here: http://mydeviceinfo.comcast.net/
A highly recommended and readily available CPE from the used market is the Motorola SB6120. This is an older modem that cannot take advantage of the higher 150Mbt+ speeds. A newer modem that can is the SB6141 but those are still "teething" according to the forums so YMMV
Contact Comcast support with your modem and tell them you want it in "bridged" mode and your running your own router. They will provision everything and push the config to your modem. You will have full "client access" support of the Internet via IPv6, assuming the router you purchase properly supports IPv6. You router must obtain IPv6 (and IPv4) via DHCP.
IPv6 OPERATIONS - BUSINESS
Comcast supplies a /56 of IPv6 via DHCPv6 to subscriber CPE devices (or subscriber routers) for LAN side usage.
In the DOCSIS 3 class there are 3 major CPE's that are supplied to Comcast Business customers that have been IPv6 enabled that "work" - somewhat. These are the following:
Cisco DPC3939B (known to Comcast support as the Cisco BWG)
Note that Comcast Support can (as of this date) only order EITHER the SMC or the Cisco. However, they can specify a SMC and then put in the notes to substitute a Netgear. Note also that these CPE's all supply Comcast DNS IPv6 servers from DHCPv6 broadcasting. If you run your own IPv6 DNS servers you likely will need to configure anything connected to the LAN port of these CPE devices and using public IP addressing to overrride any IPv6 DNS server IP addresses with your own DNS server's IPv6 address.
This device does not support the higher speed 150Mbt+ Comcast service that is being rolled out. Otherwise it is a solid, dependable modem in IPv4 mode for 50MB/10 and below service. In particular this device is recommended if you are using a SIP-based VoIP phone switch. It's IPv6 support is spotty. By default it supports both auto configuration and DHCP6 for LAN-connected IPv6 clients. However Prefix Delegation (PD) is broken on the device. Comcast is aware of that issue and filed a bug with SMC in December 2014. It's unlikely that bug will ever be fixed, however, as SMC has shown no interest in
fixing it. When I pressed Tier-2 Comcast Support they refused to confirm or deny that Comcast has abandoned pressure on SMC to fix this, but they repeatedly said that it sounded like a low-profile bug and suggested I get a different CPE.
Furthermore, the device has an "IPv6-specific" firewall enabled by default which blocks incoming IPv6 from the Internet, even when you select to disable the IPv6 firewall, so setting up IPv6-enabled servers is not possible with one exception. However when that exception is used the CPE becomes unstable and periodically reboots.
Cisco DPC3939B AKA Cisco BWG:
This devices DOES support the 150MB+ speeds. It's identical to the DPC3939B used for Residential Xfinity service with the exception of some firmware changes. It has an embedded WiFi in it that will advertise Xfinity Public Wifi. Comcast support can disable that Wifi on request but when the modem is rebooted the wifi will turn back on. While Xfinity Residential customers can login to a page on their account and disable this well, Business customers cannot. This WiFi provides public access to anyone in the vicinity and cannot be configured so that users are blocked from associating to it. In addition the Wifi antennas are located internally.
IPv6 sub-prefix delegation is also broken on this device. By default it supports both auto configuration and DHCP6 for LAN-connected IPv6 clients.
Netgear is CG3000DCR:
This device does not support the higher speed 150Mbt+ Comcast service that is being rolled out.
IPv6 sub-prefix delegation works on this device. The device will supply a /60 PD on request of a router. However there is a bug that causes the devices to periodically stop routing IPv6. This can be fixed with a workaround on the LAN IPv6 Setup Page, change the "Valid Lifetime" to 3600.
This device CAN have it's internal IPv6 firewall disabled so that you can have servers behind it with IPv6 that serve out to clients on the Internet.
There is also a second bug with this device that has to do with SIP ALG packets and statically-assigned IPv4 subnets. The bug will cause the device to get slower and slower over a day or two until it's rebooted. The fix for this is to call into Comcast's Tier 2 support and request that SIP ALG be disabled on the device. Supposedly, firmware version v1.34.02 or later corrects this problem. However this device is NOT recommended by Comcast Support for ANY VoIP use.
I believe that Comcast is in process of moving to obsolete all of them and replace them with the Cisco DPC3941B which I understand they are trialing in some areas of California. BOTH the Cisco DPC3939B and the DPC3941B are referred to as "The BWG" by Comcast support. Unlike the Netgear or SMC the "BWG" contains an integrated wifi, and it contains 2 telephone VoIP ports. Comcast is on a big push internally to entice business customers to move voiceline support to Comcast. They are selling SIP trunks which can be connected over the network directly to a PC running Asterisk or to a PBX like a Panasonic that has a SIP trunk card in it. For smaller businesses a 2-line POTS phone can be connected directly to the BWG. On the Residential side the BWG is also used and the hardware is identical and Xfinity has a variety of packages for voiceline support. The BWG also has a spot for a 10.8v Lithium-ion battery which is very important for 911 continuation of service in a power outage.
I would assume the firmware for the Cisco 3939B and the 3941B is almost identical so the IPv6 PD bug present in the 3939B would also be present in the 3941B. If that is the case and Cisco is enjoined by Comcast to fix that IPv6 bug then there's a good chance that both the 3939B and the 3941B will get the same IPv6 fix.
Do you happen to know if the Cisco 3941 does properly support prefix delegation, or if there are bugs?
We're currengly using a Netgear because of it's PD support, but it freezes frequently and this Cisco 3941 looks like our only replacement option through Comcast. But we are trying to determine if PD works properly before making the change.
I know this is late but thank you very much for this post.
I have two netgear boxes & both act the same -- /56 doesn't work. /60 or /64 work. It's driving me crazy. /60 with PD works. /56 doesn't. The web GUI of the netgears shows /56 assigned but if I actually send a PD hint for /56 it doesn't work.
I just wish Comcast would supply us with some hints or information about known bugs or limitations in the eqiupment.