[192850] in North American Network Operators' Group
Re: Comcast business IPv6 vs rbldnsd & PSBL
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Nov 29 13:34:42 2016
X-Original-To: nanog@nanog.org
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <8add43a6-d0e5-def3-1d24-dae08aeeab6f@shout.net>
Date: Tue, 29 Nov 2016 13:34:32 -0500
To: Bryan Holloway <bryan@shout.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Folks at Comcast have told me to ask for the SMC gateway to be replaced with=
either the netgear or Cisco to solve that issue.=20
Jared Mauch
> On Nov 29, 2016, at 1:28 PM, Bryan Holloway <bryan@shout.net> wrote:
>=20
> I concur with the kudos bit, but I'll also concur that the CPE support app=
ears to be limited. Another example: IPv6 prefix delegation is broken on the=
SMCD3G-CCR, and according to the following threads:
>=20
> http://www.gossamer-threads.com/lists/nsp/ipv6/54761 (scroll down to the I=
Pv6 OPERATIONS - BUSINESS section)
>=20
> http://forums.businesshelp.comcast.com/t5/IPV6/Dual-Stack-on-SMC-D3GCCR-an=
d-Cisco-DPC3939B/td-p/20504
>=20
> ... others have the same issue and there isn't much of an incentive to fix=
it.
>=20
> When I asked if I could use my own CPE, I was told no, because I'm a "busi=
ness customer", which is a requirement if you want static v4 IPs.
>=20
> Anyone have any success with a different model CPE and Comcast v6? I love t=
hat they hand out a /56 by default, but it's not of much use if I can only u=
se a single /64.
>=20
> - bryan
>=20
>=20
>> On 11/29/16 11:45 AM, Livingood, Jason wrote:
>> I can send it along to folks here at Comcast.
>>=20
>> - Jason
>>=20
>> On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" <nanog-bounces@na=
nog.org on behalf of riel@surriel.com> wrote:
>>=20
>> First of all, kudos to Comcast for trying to roll out IPv6 across
>> their entire network. Static IPv6 netblocks seem to be available
>> for Comcast business users, and IPv6 is enabled unconditionally
>> in the CPE routers used by Comcast business class internet.
>>=20
>> Unfortunately, the software in the two available CPE routers
>> (SMC & Cisco) is horribly broken when it comes to IPv6.
>>=20
>> The TL;DR summary: even when IPv6 firewalling is disabled in
>> the configuration, the router still tracks every IPv6 "connection",
>> which causes every single DNS lookup to fill up a slot in its
>> connection tracking table.
>>=20
>> The router's logs say it blocks tens of thousands of IPv6
>> connections every day, despite firewalling being "disabled" on
>> the router.
>>=20
>> Once the connection tracking table fills up, both IPv6 and IPv4
>> start having trouble, with packet loss on ICMP, high ping times
>> to the local router (and the internet), and new connections not
>> establishing. The router randomly crashes and reboots too,
>> sometimes multiple times a day.
>>=20
>> This ends up breaking both IPv6 and IPv4.
>>=20
>> It only takes about 300kbit/s of DNS traffic to trigger the bug,
>> in both the SMC and the Cisco routers.
>>=20
>> Are there any Comcast NOC or other technical people present who
>> could help?
>>=20
>> I am interested both in helping resolve the firmware issues in
>> the routers (there will no doubt be other customers who hit this
>> in the future, as IPv6 becomes ore common) or, if that is not an
>> option, finding some way to avoid the issue.
>>=20
>>=20
>> http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/Ci=
s
>> co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/3080=
7
>>=20
>> --
>> All Rights Reversed.
>>=20
