US Cable Support > Comcast HSI > [Business] ARP Packets from Comcast are Flooding My LOCAL Networ

[Business] ARP Packets from Comcast are Flooding My LOCAL Networ

Re: [Business] ARP Packets from Comcast are Flooding My LOCAL Ne

Thanks for the reply -- my market is Walnut Creek, CA (east SF Bay Area).

Well, it's 10:30 at night, the Comcast tech just left my house...

I called tech support shortly after posting earlier to get a definitive answer as to what all the packets were about, and could they stop it. I was told it related to a new firmware they had released for the SMC D3G and they could force the new firmware to my modem and it would all be fine. I see my modem reset itself, and I no longer have internet connectivity. I wait. After a couple of hours - and the support tech calling me back 3 times (all on my cell phone as my VOIP PBX system is obviously down as well) - he tells me that now he and his supervisor can't get into my modem, it must be damaged from the attempt to load the new firmware and they will send a tech between 5 and 9 pm. Shortly before 9pm I get a call from a 'scheduling supervisor' wanting to know if this is something they could deal with tomorrow? I didn't tell her what I really thought, but politely replied that I had service when I first called, and since I was a business class customer and THEY had taken me offline, that yes, it WOULD need to be addressed tonight!

The tech finally gets here (just after 9), finds my modem is actually online, but in DHCP mode, the earlier 'update' having blasted out my static IP settings. He tells me he can't get static IP support at this hour at night, so I can call in the morning to get that resolved. He leaves me surfing with a DHCP address (I of course had to completely re-configure my router), but this renders my PBX system useless. I decide to call support myself to see if they can fix the issue tonight....

Now on MULTIPLE pages of the Comcast Business Class website it PLAINLY states "24/7 Business Class Support" (and I've utilized it in the past), but the phone tree tells me that the office hours for support are now 8am to 7pm Monday -Friday, 8am to 4pm Sat. and Sun.

So, Comcast has saved themselves 13 hours of support costs every weekday, 16 hours each weekend day, but.....
Having been in the advertising business for almost 35 years, this is the most blatant case of false advertising I've ever seen. They should have changed that website AND informed their existing customers, because those savings could get VERY costly!! I'm thinking Class Action on behalf of all Comcast Business class customers who signed long term contracts based upon the 'promise' of 24/7 support.

Am I pissed off? - Yes I am! I went from perfectly usable internet with an annoying anomaly, to no service for almost 8 hours and close to an hour total time on the phone, waiting on a tech visit for over 5 hours, plus having a tech in my home from 9pm to after 10pm (I have young children trying to sleep), all because some phone support guy hosed my static IP address'. I then find out that "Business Class" apparently means 'normal business hours' ONLY! What the hey am I paying extra for? Oh yea, so Comcast can throw off over a billion dollars in PROFIT every quarter!

The phone tech screwing up - that didn't make me this angry - mistakes happen, even though they should have seen the static IP's noted in my customer records.

The on-site tech not getting there until just after 9 - that didn't make me this angry - he did show up and sincerely tried to fix the issues (and did in a sense).

The 'scheduling supervisor' calling to see if it could wait until tomorrow - that didn't make me this angry - though it was a step over the line!

Comcast deciding that paying a few folks (barely over minimum wage I'm sure) to man the support phones for BUSINESS CUSTOMERS during the night time hours was too much expense to justify (heaven forbid Brian Roberts should have to give up any of his annual bonus) - THAT MAKES ME EXTREMELY ANGRY - because you claimed when I signed a 3 year contract, and CONTINUE TO CLAIM TODAY, that you have "24/7 Business Class Support"!!

And the packets from the Comcast IP address? - still flowing briskly!
If I ran my company this well I'd be homeless and hungry...
ah, the joys of a duopoly.

Wow! What a nightmare. I was hoping to read a happy ending -- that the pain of dealing with Comcast's customer service would at least result in the same performance that you had before all this started. As for the diagnosis that it is a firmware issue: that totally makes sense. My network has performed flawlessly for the last 18 months that I have had service. Given that my internal network topology is unchanged, I attributed the ARP packet flood to a change in Comcast's system.

Over the years, I have grudgingly come to accept that Comcast support only happens between business hours (other than tier 1 tech support which has me reboot my modem and computer). I always cringe when problems crop up on nights and weekends.

Please let us all know how this works out, as I will be reaching out to Comcast to resolve this, as well.

255.255.255.255 is going to be a broadcast address and is likely not ARP related. Although it is possible proxy arp got enabled somehow.

Can you provide some output of tcpdump or a pcap file. None of us are going to be able to provide any assistance without any information.

This is also not something a dispatched tech is going to be able to figure out.

It's the CMTS. Don't worry about it. It's a function of a shared cable system. A cable segment is basically one big LAN.

reply to EG
While I understand that I am part of "one big LAN", I disagree that this is trivial. First, in the past dozen or so years that I have had cable service provided Internet, those packets have never made their way past my router. I believe that their presence is not normal activity, but rather an error in my router's configuration. Second, I have devices, such as my wireless access point (WAP), on whose activity lights I rely, to detect traffic. This new behavior means that I will have to monitor them differently.

What is the firmware version in your SMCD3G-CCR?
         
Perhaps you have gotten a new IPv6 compatible firmware pushed to your SMCD3G-CCR, and this is an unintended new "feature" of that firmware?
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.

reply to EG

Cloudsharked pcap for anyone else who wants to chime in.

»www.cloudshark.org/captures/c82d94f8fe8c

Thank you for converting that to the Cloudshark version.

reply to whfsdude

Let me put it this way,

If the modem is acting a router, then he should contact Comcast (probably best bet is via twitter) and ask that they disable proxy arp on the LAN interface.

reply to whfsdude

reply to whfsdude
whfsdude: I'm happy to clarify. The SMC D3G-CCR provided to me by Comcast is a combined modem/router, which Comcast told me that they would not be able to set to "bridge mode". So, I used the 10.10.10.1 address as the router's local address, and plugged three switches into the SMC's LAN ports. Other than turning on DHCP for a range of 50 IP addresses, on the SMC, none of the firewall's functions are disabled or modified. From there, many of my computers are statically assigned 10.10.10.X addresses, and I use 255.255.255.0 for the subnet. I have about 15 computers, network attached servers, and printers. I have probably about 10 wireless devices that get their IP addresses from the DHCP pool.