Comcast business IPv6 vs rbldnsd & PSBL
bryan at shout.net
Tue Nov 29 18:28:44 UTC 2016
I concur with the kudos bit, but I'll also concur that the CPE support
appears to be limited. Another example: IPv6 prefix delegation is broken
on the SMCD3G-CCR, and according to the following threads:
http://www.gossamer-threads.com/lists/nsp/ipv6/54761 (scroll down to the
IPv6 OPERATIONS - BUSINESS section)
... others have the same issue and there isn't much of an incentive to
When I asked if I could use my own CPE, I was told no, because I'm a
"business customer", which is a requirement if you want static v4 IPs.
Anyone have any success with a different model CPE and Comcast v6? I
love that they hand out a /56 by default, but it's not of much use if I
can only use a single /64.
On 11/29/16 11:45 AM, Livingood, Jason wrote:
> I can send it along to folks here at Comcast.
> - Jason
> On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" <nanog-bounces at nanog.org on behalf of riel at surriel.com> wrote:
> First of all, kudos to Comcast for trying to roll out IPv6 across
> their entire network. Static IPv6 netblocks seem to be available
> for Comcast business users, and IPv6 is enabled unconditionally
> in the CPE routers used by Comcast business class internet.
> Unfortunately, the software in the two available CPE routers
> (SMC & Cisco) is horribly broken when it comes to IPv6.
> The TL;DR summary: even when IPv6 firewalling is disabled in
> the configuration, the router still tracks every IPv6 "connection",
> which causes every single DNS lookup to fill up a slot in its
> connection tracking table.
> The router's logs say it blocks tens of thousands of IPv6
> connections every day, despite firewalling being "disabled" on
> the router.
> Once the connection tracking table fills up, both IPv6 and IPv4
> start having trouble, with packet loss on ICMP, high ping times
> to the local router (and the internet), and new connections not
> establishing. The router randomly crashes and reboots too,
> sometimes multiple times a day.
> This ends up breaking both IPv6 and IPv4.
> It only takes about 300kbit/s of DNS traffic to trigger the bug,
> in both the SMC and the Cisco routers.
> Are there any Comcast NOC or other technical people present who
> could help?
> I am interested both in helping resolve the firmware issues in
> the routers (there will no doubt be other customers who hit this
> in the future, as IPv6 becomes ore common) or, if that is not an
> option, finding some way to avoid the issue.
> All Rights Reversed.
More information about the NANOG