Comcast and ipv6
-
@hescominsoon Thanks for the info - this is a classic example of the (lack of) information from Comcast on this. Years ago it was a /56 for everyone, then I heard /64 (as you have done it) and then a /60 (as I have it set up). Maybe I will go post something over in the comcast support channels on dslreports and get a networking person to respond and get the exact info.
Thank you again for sharing your config!
-
@slk2k I am a Comcast partner in my area of Maryland...i had to talk to lvl2 support to get this information. Ironically enough different Comcast regions sometimes do things a bit differently. Try my settings and let me know if it works in your area..:)
-
@hescominsoon said in Comcast and ipv6:
comdcast only supports /64 on residentials.
Why are they so stingy? There are enough global unique addresses available to give every single person on earth over 4000 /48s! Many other ISPs provide a /56 and some /48.
-
@jknott I have a client with Comcast in WA. They have residential service. I turned on the dhcp debug, and was able to see the prefix and /60. It has been consistent and stable. The hardest part is the lack of information on Comcast ipv6 in any of their forums. I get the best information from reading in this forum.
-
Even a /60 is d*mn cheap. I used to use a tunnel that provided a /56 which cost me nothing and Hurricane Electric provides a /48 tunnel, again for free.
-
@rdunkle said in Comcast and ipv6:
@jknott I have a client with Comcast in WA. They have residential service. I turned on the dhcp debug, and was able to see the prefix and /60. It has been consistent and stable. The hardest part is the lack of information on Comcast ipv6 in any of their forums. I get the best information from reading in this forum.
Same!
I do have a question that maybe you can answer - is the ipv6 gateway on the pfsense status "Unknown" and a Link Local Address? Just trying to compare configs to make sure I have it the way comcast needs it.
Thanks!
-
@slk2k my gateway on my machine is the link local gateway on the pfsense:
Default Gateway . . . . . . . . . : fe80::1:1%4Doing a trace however works fine..so I do not worry about digging deeper..:)
tracert etc-md.comTracing route to etc-md.com [2604:4100:2:7:223:aeff:fefd:f06c]
over a maximum of 30 hops:1 <1 ms <1 ms <1 ms 2601:142:8200:29c2:217:54ff:fe02:69bb
2 7 ms 7 ms 7 ms 2001:558:4061:8::1
3 9 ms 7 ms 18 ms 2001:558:2f2:122::1
4 18 ms 14 ms 10 ms 2001:558:340:203f::1
5 10 ms 9 ms 9 ms te-9-4-ur01.potomac.md.bad.comcast.net [2001:558:340:209::2]
6 14 ms 12 ms 13 ms 2001:558:340:449::2
7 15 ms 15 ms 14 ms 2001:558:340:802d::2
8 15 ms 15 ms 23 ms 2001:558:340:283d::2
9 15 ms 16 ms 22 ms 2001:559:7bd::b6
10 15 ms 17 ms 15 ms 2604:4100:2:7:223:aeff:fefd:f06cStatus
up
DHCP
up Relinquish Lease
MAC Address
00:17:54:02:69:b5
IPv4 Address
76.100.142.***
Subnet mask IPv4
255.255.252.0
Gateway IPv4
76.100.140.1
IPv6 Link Local
fe80::217:54ff:fe02:69b5%em0
IPv6 Address
2001:558:6003:8:94c0:2197:589b:****
Subnet mask IPv6
128
Gateway IPv6
fe80::201:5cff:fe86:a446
DNS servers
127.0.0.1
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
MTU
1500
Media
1000baseT <full-duplex>
In/out packets
274242494/112687333 (346.09 GiB/34.46 GiB)
In/out packets (pass)
274242494/112687333 (346.09 GiB/34.46 GiB)
In/out packets (block)
27401/2 (1.54 MiB/140 B)
In/out errors
0/0
CollisionsHere's my internal interface:
IPv4 Address
192.168.255.1
Subnet mask IPv4
255.255.255.0
IPv6 Link Local
fe80::1:1%em1.10
IPv6 Address
2601:142:8200:29c2:217:54ff:fe02:****
Subnet mask IPv6
64
MTU
1500
Media
1000baseT <full-duplex>
In/out packets
106112688/248294854 (33.64 GiB/314.61 GiB)
In/out packets (pass)
106112688/248294854 (33.64 GiB/314.61 GiB)
In/out packets (block)
8092/0 (839 KiB/0 B)
In/out errors
0/0
Collisions
0Then my computer addy on internal network:
Connection-specific DNS Suffix . : etc.local
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller #2
Physical Address. . . . . . . . . : 30-9C-23-AB-8A-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:142:8200:29c2:8d28:a236:7d38:**** (Preferred)
Temporary IPv6 Address. . . . . . : 2601:142:8200:29c2:d181:ed2b:4b0e:**** (Preferred)
Link-local IPv6 Address . . . . . : fe80::8d28:a236:7d38:**** (Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.255.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, December 14, 2020 8:02:23 AM
Lease Expires . . . . . . . . . . : Monday, December 14, 2020 3:02:23 PM
Default Gateway . . . . . . . . . : fe80::1:1%4
192.168.255.1
DHCP Server . . . . . . . . . . . : 192.168.255.1
DHCPv6 IAID . . . . . . . . . . . : 254843939
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-F3-51-93-30-9C-23-AB-8A-8E
DNS Servers . . . . . . . . . . . : 192.168.255.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
etc.local -
@slk2k said in Comcast and ipv6:
is the ipv6 gateway on the pfsense status "Unknown" and a Link Local Address?
I assume you're referring to the WAN address, when you say unknown. With IPv6, the link local address is often used and a routeable WAN address is actually not needed. Even when there is one, it's probably not being used for routing.
-
@jknott It is the WAN Gateway I was asking about. I understand how it's used. Just the OCD in me to see something not green on the status page! I know that pfsense will use the ipv4 interface to determine next hop vales for the monitoring stats.
-
I don't have monitoring enabled. Is there some reason you do? You could disable monitoring IPv6 if that status bothers you. Also, what are you using for the monitor IP? It has to be some working address.
-
@jknott Honestly, I don't think I ever intentionally set anything up for that (nor knew it was an option to disable it either). It's just something that's always been there on the dashboard. I assumed it was pfsense pinging the gateway address and getting the answer (since the gateway is usually given by dhcp on the WAN).
I just found the checkboxes to disable it - all good :-)
