IPv6 Comcast not working - overlapping v6 prefix delegation subnets?

AhnHEL

I'm losing everything, IPv4 and IPv6 addresses which requires a reboot to get back online.

entropywrench

Been playing with this all day until I found this thread.

Comcast Business and pfsense 2.2.5

I found a previous guide that suggested a /64 prefix int he Wan config for comcast.  I got an address for the WAN /64 and a similar prefixed address for the LAN but at a /60

All my workstations only registered the link local address.  Couldn't get them to route correctly save for the various link-local addresses

Once I set my prefix to /60 and rebooted everything seems to be working fine.  I am getting expected "real" IPv6 addresses to all the workstations that request the.

Just a reboot, didn't have to wait a week or reset the mac addresses on my WAN

Hope that helps someone.

neiltiffin

I can verify that in the Kansas City area that /56 prefix would not work.  I changed it to /60 and Comcast immediately served up IPv6 networks for LAN and DMZ without a reboot.

chamont

neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
Monty

MikeV7896

@chamont:

neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
Monty

Residential customers can request a prefix as small as /60… business customers can go down to /56. I have Comcast residential service and request a /60 with no problem.

A note though... if you have already requested a /64, you'll need to let that lease expire (or find someone at Comcast that can delete it for you) before you'll be able to request a /60. So turn off IPv6 for 7+ days, then change the prefix request to /60 and turn it back on.

entropywrench

I have some bad news on this.

Same problems, didn't get a /60 or /56, pfsense would drop the wan connection every few minutes, everything went unstable, reboots sometimes fixed.

At a different office in town I manage, the comcast business router there is a Netgear, and it got a /60 and works just fine and was easy to setup with pfSense 2.2.5.  Everyone is happy. 10/10 on the ipv6 tests. yay.

Eventually I broke down and called Comcast to see if they could release my Router's mac address and hopefully re-issue a range, they didn't and said they would not, and anything I read on the internet about Comcast techs doing so was wrong and those people were very naughty.

Helpfully, they suggested I google the problem and that the SMCDG3 router I have was probably setup wrong.  Then I was wished a nice day.

So I goggled and found this:

http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/SMCD3G-CCR-and-IPv6/td-p/11117

TL:DR you have the SMCDG3 Comcast Business router,  you are not going to get a /60,  you will only ever get a /64.

The ipv6 configuration pages of the SMCDG3 (not working /60) and the Netgear (Working with a /60) look very different.

For the other office I am at (SMCDG3), I gave up and installed a Hurricane Electric Tunnel.

Anyway, if you have a SMCDG3 and can get a /60 let me know how you did it.

If you have a different device let us know and disregard.

Good luck.

MikeV7896

@entropywrench:

TL:DR you have the SMCDG3 Comcast Business router,  you are not going to get a /60,  you will only ever get a /64.

The ipv6 configuration pages of the SMCDG3 (not working /60) and the Netgear (Working with a /60) look very different.

For the other office I am at (SMCDG3), I gave up and installed a Hurricane Electric Tunnel.

Anyway, if you have a SMCDG3 and can get a /60 let me know how you did it.

If you're using a Comcast-supplied gateway device (it's both a modem and router) because you have a static IPv4 address, then there's not much you'll be able to do, unless there's an advanced setting somewhere that allows DHCPv6 on the SMC to allocate a smaller prefix size.

But if you don't have a static IPv4 address, then you should be able to put the gateway (this should be possible with any of Comcast's gateway devices) into Bridge mode, so that it functions as a modem only, not a router. Then you can connect your pfSense box to one of the ports, and should be able to get up to a /56 with business-class service, as the DHCP response would be coming from Comcast's servers, not the gateway.

entropywrench

@virgiliomi:

But if you don't have a static IPv4 address, then you should be able to put the gateway (this should be possible with any of Comcast's gateway devices) into Bridge mode, so that it functions as a modem only, not a router. Then you can connect your pfSense box to one of the ports, and should be able to get up to a /56 with business-class service, as the DHCP response would be coming from Comcast's servers, not the gateway.

Good to know, but each location has a static block of ipv4.

I dug into the Netgear at the far office that is working wonderfully with ipv6, maybe the models will help with some others

IPV6 works with a /60 and supports a /56

Vendor Name	Netgear
Hardware Version	1.04
Serial Number	2B-----blah--------
Firmware Version	V3.01.05
Operating Mode	Residential Gateway
System Uptime	7 days 01h:40m:46s
Date	11 - 16 - 2015
Time	13:26:58

Where IPV6 doeesn't work with a /60

Vendor Name 	SMC Networks
Hardware Version 	1.01
Serial Number 	H----blah----
Firmware Version 	3.1.6.56
Operating Mode 	RG
System Uptime 	001 days 14h:57m:08s
Date 	Nov-16-2015
Time 	13:29:03

DownloadDeviant

Just thought I would add my experience here as reference for anyone -

I just swapped out older modem for newer model. I was lucky enough to get an Arris TG1682G. By default I tried a /64 setting and it worked. I asked Comcast to disable the built-in WiFi so as not to interfere with my separate AP. They "say" they put it in bridged mode but the external IPv4/v6 addresses are not the same as what shows on my WAN interface on pf. Not sure if it should be that way or not?

I could not get IPv6 to work on the previous junky Technicolor modem they had given me. The new Arris worked BUT only after I rebooted my pf box. Again, not sure if that is coincidence or something that must be done. The IPv6 waters are very murky ones still. lol

Anyway, I also put in more private DNS servers from DNSWATCH and OPENINCPROJECT. Personally, ever since Cisco bought OpenDNS, I don't trust it any more.

;DNow…just for laughs I'll share this -
When I initially had no IPv6 address being assigned to the old router I called into Comcast Cust. Svc.  and got past the robo Tier 0 automated help and got the typical Tier 1 brain dead human, I explained I just wanted confirmation that I could actually get an IPv6, etc. before I went through all the trouble of config, swapping modems, etc. The guy actually started READING about IPv6 to me while we were on the phone!!!!  :o He had no clue what I was talking about.

After I got the new modem and called in to have the WiFi shut off, a different brain dead Tier 1 'hooman' started telling me that the WiFi was built into the modem and there was no way to shut it off...and then I had to teach HER how she would have to transfer me to a higher tier so they could do their thing! I mean honestly Comcast! I shouldn't have to teach your people how to do their job. It was actually quite funny...but UGHH!! I cannot imagine the nightmare and hair-pulling the average tech illiterate customer must go through just to get help.

neiltiffin

@chamont:

neiltiffin, Do you have Comcast business or residential? I can't seem to find a straight answer (yet) on < /64 for residential customers (which I am).
Monty

Residential and it is hit and miss.  Checked it today an no IPv6.  Uptime 47 days.  Rebooted and IPv6 is back.