Comcast Residential /64 Delegation

johnpoz

@bearhntr said in Comcast Residential /64 Delegation:

but does not even show the DUID.

What exactly are you going to do with that exactly - has ZERO to do with comcast setting up PTR for you..

JKnott

@linuxtracker said in Comcast Residential /64 Delegation:

My ISP (Charter) assigns IPv6 hostnames, but not at first. The device has to be online for a while and there may be some additional trigger I'm not aware of (eg: reverse lookup).

Any device within your prefix gets a host name? Who assigns it? I'm on Rogers and they provide a host name for the WAN interface, but not for any of the 2^72 addresses within my /56 prefix.

bearhntr

@johnpoz

I realize that - it was a simple inquiry. More for finding the IAID of the LAN port in my pfSense box. As I am reading DHCPv6 uses both the IAID and DUID for assigning an address.

I know on my Windows servers when I make an RSVP for one of the devices in my network - I have to enter them both. I have some devices which I always want to be the same IPv4 and IPv6 address.

I have also posted a message to COMCAST to see if they have a document for setting up pfSense (or other product like it) to do IPv6. I keep losing my IPv6 connection (apparently) - as about every 3 days going to https://ipv6-test.com/ - the IPv6 fails. If I reboot my pfSense and my Domain Controller (where I am running the test) - it all comes back.

bearhntr

DAMMIT TO ALL BLOODY HELL!!!!!

I have rebooted the pfSense - 3 times now today and the DC 2x -- still not able to get IPv6 working.

I changed nothing!!!

This really should not be this difficult.

johnpoz

@bearhntr So nothing has changed from the years when I had comcast and tried to play with their ipv6 ;)

Do yourself a favor and just setup HE tunnel. Its static - you get your own /48 and you can set up PTRs

For what a couple of ms added latency maybe?

bmeeks

One cautionary note about using IPv6 via a Hurricane Electric tunnel. This is not a knock against HE at all, but just be aware that most all of the streaming providers such as Netflix and others block access from HE subnets. There are many ways to work around that problem, but just be aware it exists and some amount of admin-intervention will be required to work around it.

I had an HE tunnel setup myself for quite a while, but my cable ISP (the only one in town, and my best option unless I settle for 1.5 megabits/sec DSL or a congested local wireless ISP), recently moved me over to CGNAT. That killed my ability to use my HE tunnel as inbound traffic can't "find me" anymore behind the CGNAT IP. Also killed my VPN remote access.

johnpoz

What I don't get is why frustrate yourself at all with IPv6 at this point in time - if it doesn't work exactly how you want, and you fully understand all the differences that come with it - the simple solution is just turn it off.. There is ZERO actual "need" of it that this present time.

Unless you can name atleast 1 resource you need/want to access that requires ipv6 - just turn it off.. Problems solved..

I have IPv6 enabled on a few devices because I "want" too - and I have been doing this for 30+ years.. Its fun for me, etc. etc.. And I get how it works and don't have to think about it or lookup anything, etc. If I was a normal users - there is no freaking way in hell I would have IPv6 enabled at all.. Unless I was on a quest to understanding.. But there is zero reason to cause yourself grief with trying to get something to work that has currently zero value for your typical home user..

All the streaming resources sure and the F support ipv4, even ipv4 cgnat.. No shit they prob block HE ipv6, because I could just create a tunnel to some pop in a different region of the world and access a library that is not meant for where I actually am.. There is zero reason or benefit to try and leverage streaming services over IPv6.. Its not going to make your movie play better or clearer or better sound ;)

bmeeks

@johnpoz said in Comcast Residential /64 Delegation:

What I don't get is why frustrate yourself at all with IPv6 at this point in time - if it doesn't work exactly how you want, and you fully understand all the differences that come with it - the simple solution is just turn it off.. There is ZERO actual "need" of it that this present time.

Unless you can name atleast 1 resource you need/want to access that requires ipv6 - just turn it off.. Problems solved..

I have IPv6 enabled on a few devices because I "want" too - and I have been doing this for 30+ years.. Its fun for me, etc. etc.. And I get how it works and don't have to think about it or lookup anything, etc. If I was a normal users - there is no freaking way in hell I would have IPv6 enabled at all.. Unless I was on a quest to understanding.. But there is zero reason to cause yourself grief with trying to get something to work that has currently zero value for your typical home user..

All the streaming resources sure and the F support ipv4, even ipv4 cgnat.. No shit they prob block HE ipv6, because I could just create a tunnel to some pop in a different region of the world and access a library that is not meant for where I actually am.. There is zero reason or benefit to try and leverage streaming services over IPv6.. Its not going to make your movie play better or clearer or better sound ;)

Yes, totally agree. Did not mean to imply I needed IPv6. I was doing the same as you, just experimenting a bit to learn the ropes. But it started getting in the way of the grandkids streaming cartoons and Disney off their Apple devices whenever their devices grabbed a local IPv6 address from my HE allotment. So rather than work through the small hassle of modifying DNS to return the equivalent of null IPv6 results for those streamer domains, I just turned off IPv6.

Now that my cable ISP was purchased by Vyve, I got stuck behind CGNAT. So my HE tunnel is useless for now anyway.

I only offered up the caution about HE nets being on the "proxy/VPN" bad list of Netflix and others in case the OP or anyone else seeing this thread in the future ran into that issue.

bearhntr

@bmeeks

I too was simply using to learn. It has now been more than a week - and nothing on my network (outside) works with IPv6. COMCAST has confirmed that they support IPv6 in my area (Metro Atlanta) for residential - and they are of NO HELP AT ALL in setting it up. Frustrating as hell.

I have tried resetting everything - and nothing I do will bring it back.

I will simply never understand that folks do not (especially COMCAST) create a document on "how" to do this. I know it is not "fully" supported (as I was advised) - but given that it's there, why not build your support pool by helping those that want to learn it, with solutions?

Curtis

JKnott

@bearhntr

My ISP, Rogers, has a community forum, where various issues are discussed and there are Rogers employees in it. Funny thing, one of my posts here has been quoted in it. Apparently, they consider me an IPv6 expert.

Actually, that may not be far off the mark. In dealing with their tech support, I found I had to educate them on the finer details of IPv6 and DHCPv6-PD.

johnpoz

@bearhntr said in Comcast Residential /64 Delegation:

I too was simply using to learn

Well all your going to learn from comcast IPv6 is how crappy a isp can deploy somethng ;)

Fire up a HE tunnel - if it takes you more than 2 minutes your doing something wrong. Now you can play with learn IPv6 on your network how you want. You can get a 48 to do with what you wish you can even play with delegation of prefix downstream to another pfsense install, etc.. Or other router.

You can play with dhcp6, you can play with slaac, etc. etc..

While your at it run through the HE ipv6 cert and get yourself a tshirt.. Way better than trying to get what comcast calls IPv6 working ;)

Bob.Dig

@johnpoz said in Comcast Residential /64 Delegation:

if it takes you more than 2 minutes your doing something wrong.

It took me way more than that but when it was running, there was nothing to complain and I wouldn't need the daily reboots via cron if I would still use it today.
But then, if you can have it "natively" it is kinda hard to use a tunnel (over IPv4) in my mind.

johnpoz

@bob-dig said in Comcast Residential /64 Delegation:

t took me way more than that but when it was running, t

Have had a tunnel up for like 10 years... Have never had to reboot, its just up and works.. I serve ntp to the public pool via the ipv6 connection.. Have never had a scenario where it went down that my isp wasn't down..

I get alerts from the ntp pool when my score falls below 10 on their monitoring system.

it is kinda hard to use a tunnel (over IPv4) in my mind.

Does your isp allow you to have a /48 that never changes? Do they allow you to set the PTR on your IPv6? I really see no advantage to native vs maybe a couple of ms that the tunnel might add to latency... I have way more more control and ability with IPv6 this way.. And my current isp doesnt even have ipv6 as an option.

JKnott

@bob-dig said in Comcast Residential /64 Delegation:

But then, if you can have it "natively" it is kinda hard to use a tunnel (over IPv4) in my mind.

I was using a tunnel (not he.net) for almost 6 years before my ISP provided native IPv6. Worked fine for me.

JKnott

@jknott

BTW, I have a new problem with that ISP. They're also my cell carrier. I recently bought a Google Pixel 6 and noticed that the hotspot doesn't provide IPv6 to connected devices, though the phone has IPv6 itself. At least this time it wasn't much effort to get them accept they have a problem. They're supposed to be providing IPv6 only to the phone and using 464XLAT to provide IPv4. They're clearly not doing that.

bearhntr

@johnpoz

I do not understand what you mean "get an HE tunnel".

Comcast appears to be be giving me an IPv6 address which starts - 2001:558:6011:

I found this site https://dnschecker.org/ipv6-whois-lookup.php

and put in my full address - and it gives me this info

%(#1100ff)[NetRange: 2001:558:: - 2001:55F:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR: 2001:558::/29
NetName: COMCAST6NET
NetHandle: NET6-2001-558-1
Parent: ARIN-001 (NET6-2001-400-0)
NetType: Direct Allocation
OriginAS: AS7922
Organization: Comcast Cable Communications, LLC (CCCS)
RegDate: 2003-01-06
Updated: 2021-06-07
Comment: CC1]

When I configured the WAN - the first time I chose /64 for the prefix delegation size. Lots more reading, and it appears that Comcast allows residential users /60.

I had read some place else - cannot find the posting now, that if you change this value after an initial address is assigned -- there is a file you must modify or reset to allow for the new prefix delegation to take hold. Anyone know what I need to change?

I am looking to a way to get an IPv6 address range for myself, a valid one that I did not make up. Still researching this at the http://www.ipv6actnow.org/faq/

I really would like to get this working and learn more about this. The constant barrage of "why do you want to do this messages" are "how should I put this? 'disparaging' to say the least" . I realize that everyone has an opinion and that not everyone here is on COMCAST or even in the USA - but I should be given some credit for trying to learn something on my own, rather than asking someone to do it for me. I have learned a lot already from these posts - and going to COMCAST to get information, I could probably get more out of the FBI (not that I am saying Comcast is secretive - they employ idiots who barely know how to answer the phone). I cannot change ISPs - as there are no others where I live, except AT&T - and I would not have them as an ISP if they paid me to be a customer.

I changed my LAN back to Track Interface and point to the WAN interface - it is not helping at all...and now the LAN interface shows no form of IPv6 address in the pfSense Status dashboard. So it appears that I am going backwards.

I started watching a couple video last night of just using the 2nd NIC in my Server 2019 DC to do all of this - and that is even more confusing than where I am now.

Once I finally get this all working - I plan on creating a document on every single setting in pfSense which must be set - and suggestions on someone repeating the procedure (or course after I can do the repeat process a few times myself). It just amazes me that when I was using the ORBI to be my Internet Gateway and Router - about 80% of this worked with no issues - I just wanted something more configurable and secure.

Ok - enough - back to working to figure more of this out.

johnpoz

@bearhntr What I mean is vs messing with your issues your having with comcast - just get a tunnel from Hurricane Electric...

I had comcast for many years - and sorry while they might have a large portion of their network with ipv6 support.. Its far from a robust deployment..

I couldn't keep a prefix for the life of me - the wind would change and would get a new prefix was my major issue with them. Nor do they allow you to edit any of the PTRs etc.. And using track interface is difficult to run dhcpv6 on your lan side, etc.

So vs dealing with all of those sorts of issues - I just got a free /48 that I have kept with multiple ISP changes.. And allows me really to do anything I could want with IPv6 vs having to do with a problematic isp deployment of ipv6.

bmeeks

@bearhntr:
To add to what @johnpoz is saying ...

Comcast and similar ISPs are not really wanting their residential users to have or utilize "static IP addresses" of any type (IPv4 or IPv6). While a select few may offer that as a premium-priced upgrade, most do not. They want to be able to change their network configurations on the fly. And they do not want, as a general rule, their residential customers hosting things for the Internet on their networks. So those two goals (the desire to be really flexible with network changes, and to discourage/disrupt service hosting by customers) lead to more advanced users having problems implementing something like you desire.

Comcast is likely to not always give you the same IPv6 prefix each time your cable modem reboots (or even if pfSense drops and then re-establishes its connection). A change in your IPv6 prefix leads to the problems you were describing (not able to have a consistent IPv6 address, and not able to create consistent IPv6 PTR records for LAN hosts). So while it is true Comcast and many other cable ISPs give you an IPv6 address, it really is not any more useful or beneficial than the IPv4 address they give you. You can't really treat it like a static IP block assignment that is just for you.

Tunnel service providers like Hurricane Electric are much more flexible and accomodating. They will permanently assign a /48 IPv6 netblock to just you personally. It is static and will never change so long as you have their service. They also allow you access to their DNS backend so that you can create any IPv6 PTR records you need. So that's why they may be the best choice for you.

The one small downside of a HE tunnel is the fact most of the major streaming networks block them. That means a device on your network using an IPv6 address that comes from a Hurricane Electric block is likely going to be blocked from using Netflix and similar services. There are ways to work around that which basically entail having your streaming devices use only your native IPv4 address for streaming.

Wanting to experiment with IPv6 is fine, and actually a good thing to get prepared for the future. Today, it is a technology that many ISPs seem to not fully understand. At least that is the impression you can get from looking at the hamfisted ways some of them deploy it to customers. But just understand that in pretty much every case for residential users, your ISP's implementation of IPv6 is going to be bumpy. A few folks get lucky with ISPs that are intelligent about how they deploy IPv6. But those are much more the exception than the rule. If you want some stability and predictability (along with the flexibility to fully utilize DNS records) for your IPv6 LAN, then a tunnel provider is probably the best solution. If you just want to play around with IPv6 and are not worried about stablity of addresses on your LAN, then using your ISP's IPv6 offering works (usually ... ).

johnpoz

@bmeeks great post - and to add to what ISPs could do - if they actually cared.. Is what HE is going and provide the users a way to get a specific sized prefix.. Doesn't have to be a /48

Many a colo or cloud hosts provide the ability to assign IPv6 networks to your machines or vms you host with them.

Your modem is registered with them - I should just be able to get a /X prefix assigned to me, and the ability to edit the PTR, etc. on that.. Its not freaking rocket science that is for sure - HE is doing it, and doing it for free!!

Comcast has one of the largest IPv6 delegation given - I believe a /9... They have enough space to freaking give their users some in a useable way if they so desired..

You for sure going to hinder your actual learning experience of how and what IPv6 is and how works dealing with how they have chosen to deploy it and roll it out.. Your over all learning experience would be way better with having a /48 of your own to play around with.. And use it in different ways on your local network.

You do understand you could actually use both the native IPv6 comcast gives you and the tunnel you create and then your /48

JKnott

@bearhntr said in Comcast Residential /64 Delegation:

When I configured the WAN - the first time I chose /64 for the prefix delegation size. Lots more reading, and it appears that Comcast allows residential users /60.
I had read some place else - cannot find the posting now, that if you change this value after an initial address is assigned -- there is a file you must modify or reset to allow for the new prefix delegation to take hold. Anyone know what I need to change?

Use /60 for delegation size. No, you do not have to modify a file.