Comcast business IPv6 vs rbldnsd & PSBL

Bryan Holloway bryan at
Tue Nov 29 18:28:44 UTC 2016

I concur with the kudos bit, but I'll also concur that the CPE support 
appears to be limited. Another example: IPv6 prefix delegation is broken 
on the SMCD3G-CCR, and according to the following threads: (scroll down to the 

... others have the same issue and there isn't much of an incentive to 
fix it.

When I asked if I could use my own CPE, I was told no, because I'm a 
"business customer", which is a requirement if you want static v4 IPs.

Anyone have any success with a different model CPE and Comcast v6? I 
love that they hand out a /56 by default, but it's not of much use if I 
can only use a single /64.

			- bryan

On 11/29/16 11:45 AM, Livingood, Jason wrote:
> I can send it along to folks here at Comcast.
> - Jason
> On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" <nanog-bounces at on behalf of riel at> wrote:
>     First of all, kudos to Comcast for trying to roll out IPv6 across
>     their entire network. Static IPv6 netblocks seem to be available
>     for Comcast business users, and IPv6 is enabled unconditionally
>     in the CPE routers used by Comcast business class internet.
>     Unfortunately, the software in the two available CPE routers
>     (SMC & Cisco) is horribly broken when it comes to IPv6.
>     The TL;DR summary: even when IPv6 firewalling is disabled in
>     the configuration, the router still tracks every IPv6 "connection",
>     which causes every single DNS lookup to fill up a slot in its
>     connection tracking table.
>     The router's logs say it blocks tens of thousands of IPv6
>     connections every day, despite firewalling being "disabled" on
>     the router.
>     Once the connection tracking table fills up, both IPv6 and IPv4
>     start having trouble, with packet loss on ICMP, high ping times
>     to the local router (and the internet), and new connections not
>     establishing. The router randomly crashes and reboots too,
>     sometimes multiple times a day.
>     This ends up breaking both IPv6 and IPv4.
>     It only takes about 300kbit/s of DNS traffic to trigger the bug,
>     in both the SMC and the Cisco routers.
>     Are there any Comcast NOC or other technical people present who
>     could help?
>     I am interested both in helping resolve the firmware issues in
>     the routers (there will no doubt be other customers who hit this
>     in the future, as IPv6 becomes ore common) or, if that is not an
>     option, finding some way to avoid the issue.
>     co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/30807
>     --
>     All Rights Reversed.

More information about the NANOG mailing list