Comcast business IPv6 vs rbldnsd & PSBL
Jason_Livingood at comcast.com
Tue Nov 29 17:45:39 UTC 2016
I can send it along to folks here at Comcast.
On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" <nanog-bounces at nanog.org on behalf of riel at surriel.com> wrote:
First of all, kudos to Comcast for trying to roll out IPv6 across
their entire network. Static IPv6 netblocks seem to be available
for Comcast business users, and IPv6 is enabled unconditionally
in the CPE routers used by Comcast business class internet.
Unfortunately, the software in the two available CPE routers
(SMC & Cisco) is horribly broken when it comes to IPv6.
The TL;DR summary: even when IPv6 firewalling is disabled in
the configuration, the router still tracks every IPv6 "connection",
which causes every single DNS lookup to fill up a slot in its
connection tracking table.
The router's logs say it blocks tens of thousands of IPv6
connections every day, despite firewalling being "disabled" on
Once the connection tracking table fills up, both IPv6 and IPv4
start having trouble, with packet loss on ICMP, high ping times
to the local router (and the internet), and new connections not
establishing. The router randomly crashes and reboots too,
sometimes multiple times a day.
This ends up breaking both IPv6 and IPv4.
It only takes about 300kbit/s of DNS traffic to trigger the bug,
in both the SMC and the Cisco routers.
Are there any Comcast NOC or other technical people present who
I am interested both in helping resolve the firmware issues in
the routers (there will no doubt be other customers who hit this
in the future, as IPv6 becomes ore common) or, if that is not an
option, finding some way to avoid the issue.
All Rights Reversed.
More information about the NANOG