Comcast Bussiness Class and GRE Tunnels

Tue Jul 26 18:55:28 UTC 2011

I also have pretty much the exact same setup and it works very well for me

On Tue, Jul 26, 2011 at 1:14 PM, Owen DeLong <owen at delong.com> wrote:

> I needed fast reliable internet access at home, so, I have Comcast Business
> Class for fast and Raw Bandwidth DSL for reliable. I have my own ARIN
> direct assignments for my internal networks and I have routers in a couple
> of colo's where I get my true upstream connectivity.
>
> I run a Juniper router here at home and in one of the colo's. In the other
> colo, I use the datacenter's router to terminate the tunnels. I use GRE
> tunnels to both cool's across both Comcast and Raw Bandwidth and run
> BGP to my house (small router) feeding default to the house and getting
> the local prefixes (192.159.10.0/24, 192.124.40.0/23, 2620:0:930::/48)
> advertised upstream to the colo routers.
>
> The colo routers are full-feed BGP speakers.
>
> My Comcast gateway is running in straight L2 bridge mode, so, there is
> no issue there. When Comcast changes my IP address, things get very
> slow until I can reconfigure the tunnel end-points. Raw Bandwidth provides
> me with a static address.
>
> I'm not doing any NAT and the GRE tunnels carry all of my actual traffic.
> The Comcast and Raw Bandwidth internet feeds are used only to provide
> L2 transport for the GRE tunnels.
>
> This allows me to do convenient cost-effective multihoming without NAT
> at home using commodity internet access.
>
> Owen
>
> On Jul 26, 2011, at 8:38 AM, PC wrote:
>
> > I have GRE tunnels and l2tp tunnels over those comcast boxes.  l2tp is
> less
> > hassle because it handles NAT, but you can do GRE instead -- just make
> sure
> > you assign yourself a public static IP.
> >
> > First, go into the gateway and make sure all firewalls are disabled (it
> has
> > a web GUI).
> >
> > Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the
> > device is somewhat retarded.  You plug into the switch and pull DHCP, and
> > you get a natted address and it routes.
> >
> > You can plug into the same switch and set a static IP on your device
> > (internet public IP), and it will work without NAT, assuming your account
> > has a static IP.
> >
> > Set said static IP on your microtik box and it should pass end-to-end
> > without drops.
> >
> > On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <nate at blastcomm.com> wrote:
> >
> >> Hello, I'm hoping that someone here might have run into a similar issue
> and
> >> might be able to offer me some pointers.
> >>
> >> I have a customer that I am providing redundant paths to, one link over
> a
> >> microwave connection, and a backup link over a Comcast Business Class
> >> Connection.  Everything on the Microwave link is working fine.  On the
> >> Comcast Connection, I have a Static IP from Comcast, and I want to setup
> a
> >> vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast
> Static
> >> IP Address.  It looks like the SPI Firewall inside the SMC Gateway
> required
> >> by comcast is blocking the GRE packets, I'm basing this on the fact that
> >> when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel
> >> while the modem is booting up, then it stops again.  I have gotten to
> Tier2
> >> support who swears that all Firewalls on the SMC Gateway are disabled.
> >>
> >> As a workaround, I was able to establish a PPTP tunnel to my NOC,
> however
> >> it seems like the tunnel will only run for a few hours, then becomes
> slow to
> >> the point of being unusable.  In my mind this would be no different than
> >> setting up a permanent VPN back to a corporate office, which I would
> think
> >> happens all the time, so I'm not sure why I'm running into issues with
> it.
> >>
> >> Anyone with Insights or comments would be appreciated.
> >>
> >> Thanks,
> >> Nate Burke
> >>
> >>
>
>
>