dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2685
share rss forum feed

gibwar

join:2012-12-16
Evans, CO

[Business] Unexpected IPv6 address with Business Class static IP

I know IPv6 for Business Class customers is a hot topic so I'll start off with the facts:


  • I have Comcast Business Class internet 27/7.
  • I have a static IP block of 5 IPv4 addresses (a /29 netblock).
  • I use the SMC SMCD3G-CCR modem (rental).
  • I use Sophos UTM 9 as my router/firewall/gateway.
  • I use IPv6 though Hurricane Electric with a /48 IPv6 netblock.

With all that being said, I encountered something very interesting today. When doing some network reconfiguration and renewing my laptop's IPv6 address I ended up getting a "2001:558:" address. Now, I know Comcast has been rolling out IPv6 for quite a while, but I didn't think it would work with my current setup and tier. I can still access my modem's configuration page, so I don't think it is configured in bridge mode but I'm not sure how I was offered a Comcast IP address.

I've had to reconfigure my network recently, so my modem is directly connected to my network (so devices could talk directly to the modem, if configured) so I know why it's getting "past my firewall" but I didn't think the SMC could even forward IPv6 traffic? I've double checked my configuration and my Sophos setup hasn't changed and is still advertising its route and providing addresses from my assigned HE prefix. I've used both "ramond" to monitor router advertisements and "ndpmon" to monitor neighbor discovery. I've confirmed that there is only one router being advertised, which is the Sophos UTM router but all I've seen in ndpmon is the announcement of a new IP address. I haven't been able to see exactly where the "2001:558" address is coming from. I'm including two screenshots of my network adapter configuration, the one with "2001:470:bc6c" is my proper /48 netblock from Hurricane Electric and the other "2001:558" is from who knows where.

Sadly, this is breaking my network configuration as Sophos refuses to route the "2001:558" address out to the internet. I guess I'll need to get another network adapter so I can plug the modem directly in to the server so this doesn't leak out on to my network.

Normal:


Comcast:



I guess my questions are:

  • How is this happening? Since I know from this board that I am still a long way out from getting IPv6, I'm surprised to see this happening.
  • Can I take advantage of this? I'm going to need a /56 block at least for my network setup - a /48 is overkill but that's the smallest from HE that allows subnetting.

I won't lie, I'm a little excited to be getting closer to native IPv6 for my network. Having some of my speeds capped at the 3-6 Mbps that HE offers gets annoying as some of the services I use start preferring IPv6 over IPv4.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

1 recommendation

Re: [Business] Unexpected IPv6 address with Business Class stati

The 2001:558 address is a /128 single IPv6 address associated with a router WAN interface in the typical installation.

Depending on what your requirements are, you may or may not be happy with Comcast native IPv6. The routed subnet is /64 and from my experience with it so far, it is quite dynamic and the assigned IP addresses are always changing.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

2 edits

1 recommendation

reply to gibwar

Your connection is the first I have heard of that could get native IPv6 connectivity through an SMCD3G-CCR in gateway mode with a static IPv4 block.

What is the firmware version of your SMCD3G-CCR, and do you see any IPv6 information/options in its admin pages?

I have gotten native IPv6 to work through an SMCD3G-CCR, but only with that device in bridge mode and using DHCP in my router.

That "2001:558" prefix is definitely what Comcast assigns to a router's WAN interface, or to a standalone PC.

Here is the IPv6 status page from my D-Link DIR555 and as you can see in the status page below, I do not get a /56 assignment with my DHCP business class service.




Here is what I see from my Windows server which has dual NICs, with its WAN (which does not have the IPv6 stack enabled) connected "directly" to the modem and using DHCP from Comcast, and its LAN interface using local static IP assignment and the D-Link router for the IPv6 gateway.


C:\>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : dcs-srv
   Primary Dns Suffix  . . . . . . . : dcs-net
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dcs-net
                                       dcs-net.net
                                       dyndns-ip.com
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   Description . . . . . . . . . . . : Intel 21143-Based PCI Fast Ethernet Adapter (Generic)
   Physical Address. . . . . . . . . : 00-40-F4-12-34-56
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 174.49.12.155
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Default Gateway . . . . . . . . . : 174.49.8.1
   DHCP Server . . . . . . . . . . . : 69.252.196.197
   DNS Servers . . . . . . . . . . . : 192.168.9.2
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Disabled
   Lease Obtained. . . . . . . . . . : Saturday, December 15, 2012 00:49:27
   Lease Expires . . . . . . . . . . : Wednesday, December 19, 2012 00:49:27
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : dcs-net
   Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
   Physical Address. . . . . . . . . : E0-91-F5-95-BE-AC
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.9.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : 2601:5:c80:91:e291:f5ff:fe95:beac
   IP Address. . . . . . . . . . . . : fe80::e291:f5ff:fe95:beac%4
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe4c:e6ff%4
   DNS Servers . . . . . . . . . . . : 192.168.9.2
                                       75.75.76.76
                                       fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
 


In order to have a router pass IPv6 traffic when using DHCP, the router has to use DHCP-PD as shown in the D-Link setup page below.




I don't know what is required if Comcast is now supplying IPv6 to IPv4 static IP customers. Perhaps whfsdude See Profile might be able to provide some advice since his 305/65 connection has an IPv4 static IP block. Also, NetDog See Profile seems to be the Comcast IPv6 guy working with this forum, so perhaps he can offer some insight.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:77
Reviews:
·Comcast
reply to graysonf

said by graysonf:

The 2001:558 address is a /128 single IPv6 address associated with a router WAN interface in the typical installation.

Correct..
said by graysonf:

Depending on what your requirements are, you may or may not be happy with Comcast native IPv6. The routed subnet is /64 and from my experience with it so far, it is quite dynamic and the assigned IP addresses are always changing.

I dont know why your PD would change all the time, I have had the same PD like my IPv4 for about 9 months now. I am going to PM you my email address please send me your data so I can take a look. Some other people have reported the same issue.


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:77
Reviews:
·Comcast
reply to NetFixer

said by NetFixer:

I don't know what is required if Comcast is now supplying IPv6 to IPv4 static IP customers. Perhaps whfsdude See Profile might be able to provide some advice since his 305/65 connection has an IPv4 static IP block. Also, NetDog See Profile seems to be the Comcast IPv6 guy working with this forum, so perhaps he can offer some insight.

We are going to start trailing the CCR's here shortly, when I can make it public I will.

gibwar

join:2012-12-16
Evans, CO
reply to NetFixer

Yeah, I was doing some reading and saw that you had it working when in bridge mode, and mentioned that you couldn't access the control panel when it was enabled. I am able to log in to the router just fine and retrieve the following:


  • Firmware Version 1.4.0.49.7-CCR
  • Operating Mode RG
  • System Uptime 002 days 01h:36m:10s

I'm hoping that a /56 will be an option since you can't use auto configuration if you try to subnet a /64. I really only need three IPv6 subnets and since I have a static block, I'm hoping they'll be able to accomodate.

Since everything is configured manually (statically) on my Sophos UTM, as far as I can tell, it has never seen "2001:558" nor tried to configure itself.


NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to NetDog

said by NetDog:

said by graysonf:

Depending on what your requirements are, you may or may not be happy with Comcast native IPv6. The routed subnet is /64 and from my experience with it so far, it is quite dynamic and the assigned IP addresses are always changing.

I dont know why your PD would change all the time, I have had the same PD like my IPv4 for about 9 months now. I am going to PM you my email address please send me your data so I can take a look. Some other people have reported the same issue.

Sounds like my Comcast/Netgear WNR1002v2-VC. Its WAN IPv6 address would randomly change, but the prefix portion of the IPv6 address (and the WAN IPv4 address) did not change. When the WAN IPv6 address changed, then the DHCP-PD LAN prefix would change (but not the local part of the IPv6 address). That is why I have retired that router to a guest router status, and replaced it with a D-Link DIR655 (which so far has not exhibited that anomaly).

I had attributed that odd behavior to it getting a /64 for its WAN IPv6 address, but if graysonf See Profile is getting a normal /128 and is also seeing changing IPv6 addresses, then there must be another cause.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

I am getting a /128 on WAN.

Also, when I use an online whatis my IPv6 tool, it reports my IP as the Temporary IPv6 Address that ipconfig shows:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2601:3:1180:af:50c2:3129:f346:92ee
Temporary IPv6 Address. . . . . . : 2601:3:1180:af:1d07:33e2:85b4:a041
Link-local IPv6 Address . . . . . : fe80::50c2:3129:f346:92ee%11
IPv4 Address. . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::2d0:68ff:fe00:1e74%11
192.168.1.1

I don't see a Temporary IPv6 Address in your post. Do you not get one or did you not include it?


gibwar

join:2012-12-16
Evans, CO

I'm using DHCPv6 (stateful configuration) at this time so I can see which devices are registering IPv6. When I switch to stateless configuration the temporary address shows up and changes as expected.

As to why I didn't get one with the Comcast 2001:558 address, I'm guessing it doesn't work with the /128 prefix (which makes total sense as I type this, no room for a privacy address, duh).



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to graysonf

said by graysonf:

I am getting a /128 on WAN.

Also, when I use an online whatis my IPv6 tool, it reports my IP as the Temporary IPv6 Address that ipconfig shows:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2601:3:1180:af:50c2:3129:f346:92ee
Temporary IPv6 Address. . . . . . : 2601:3:1180:af:1d07:33e2:85b4:a041
Link-local IPv6 Address . . . . . : fe80::50c2:3129:f346:92ee%11
IPv4 Address. . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::2d0:68ff:fe00:1e74%11
192.168.1.1

I don't see a Temporary IPv6 Address in your post. Do you not get one or did you not include it?

In my previous post, I was showing the ipconfig information for my Windows 2003 server which uses static IP assignment on its LAN interface, so no "Temporary" IPv6 address is present (also the ipconfig command in Windows Server 2003 and Windows XP does not explicitly identify the different IPv6 addresess; that has to be done using the netsh command). Shown below is the "netsh int ipv6 show addr" command for that server which does identify the different IPv6 addresses (but there is no "Temporary" address because static IP assignment is used).


C:\>netsh int ipv6 show addr
Querying active state...
 
Interface 4: Local Area Connection
 
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ -----------------------------
Public     Preferred     3d8h4m35s    3d8h4m35s 2601:5:c80:91:e291:f5ff:fe95:beac
Link       Preferred      infinite     infinite fe80::e291:f5ff:fe95:beac
 


Shown below is the ipconfig and netsh information from a Windows XP workstation (using DHCP) that does show multiple (unnamed) IPv6 addresses in the ipconfig results, and properly identified IPv6 addresses in the netsh results.


C:\>ipconfig /all
 
Windows IP Configuration
 
        Host Name . . . . . . . . . . . . : rws-wks
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : dcs-net
 
Ethernet adapter Local Area Connection 2:
 
        Connection-specific DNS Suffix  . : dcs-net
        Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC
        Physical Address. . . . . . . . . : E0-91-F5-95-B6-9D
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.9.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : 2601:5:c80:91:44c9:6147:74a6:bef9
        IP Address. . . . . . . . . . . . : 2601:5:c80:91:e291:f5ff:fe95:b69d
        IP Address. . . . . . . . . . . . : fe80::e291:f5ff:fe95:b69d%4
        Default Gateway . . . . . . . . . : 192.168.9.254
                                            fe80::1e7e:e5ff:fe4c:e6ff%4
        DHCP Server . . . . . . . . . . . : 192.168.9.254
        DNS Servers . . . . . . . . . . . : 192.168.9.2
                                            75.75.75.75
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Sunday, December 16, 2012 21:00:58
        Lease Expires . . . . . . . . . . : Sunday, December 23, 2012 21:00:58
 
C:\>netsh int ipv6 show addr
Querying active state...
 
Interface 4: Local Area Connection 2
 
Addr Type  DAD State  Valid Life   Pref. Life   Address
---------  ---------- ------------ ------------ -----------------------------
Temporary  Preferred    3d8h10m57s    23h49m25s 2601:5:c80:91:44c9:6147:74a6:bef9
Public     Preferred    3d8h10m57s   3d8h10m57s 2601:5:c80:91:e291:f5ff:fe95:b69d
Link       Preferred      infinite     infinite fe80::e291:f5ff:fe95:b69d
 



Shown below is the ipconfig information from a Windows Vista notebook using DHCP (which does identify the different IPv6 addresses).


C:\>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TOSH-NB
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dcs-net
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-1B-9E-29-90-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.tn.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1B-38-11-79-98
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:5:c80:91:487c:ecd5:45a4:2620(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:5:c80:91:1851:f728:5e00:ba94(Preferred)
   Link-local IPv6 Address . . . . . : fe80::487c:ecd5:45a4:2620%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.9.17(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 11, 2012 4:36:16 PM
   Lease Expires . . . . . . . . . . : Saturday, December 22, 2012 4:36:15 AM
   Default Gateway . . . . . . . . . : fe80::1e7e:e5ff:fe4c:e6ff%8
                                       192.168.9.254
   DHCP Server . . . . . . . . . . . : 192.168.9.254
   DHCPv6 IAID . . . . . . . . . . . : 201332436
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-E4-8A-44-00-1B-38-11-79-98
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       192.168.9.2
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       dcs-net
 



FWIW, I use "SLAAC + Stateless DHCPv6" for the LAN in my D-Link router because I have a mixture of static IP, Windows XP, and Windows Vista boxes connecting, and using "Stateful DHCPv6" would not work for me at this time. Someday, I may fully migrate into the 21st Century, but for now just getting IPv6 implemented is more than enough of a change.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

What I posted was from a Win 7 box.

The only choice in my m0n0wall router that will work with Comcast IPv6 is to configure the LAN for DHCP-PD.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by graysonf:

What I posted was from a Win 7 box.

The only choice in my m0n0wall router that will work with Comcast IPv6 is to configure the LAN for DHCP-PD.

I also use DHCP-PD, but in my D-Link router that is a separate configuration option from "Stateful" and "Stateless".




If I select the "Stateful DHCPv6" option, my Windows XP and static IP boxes don't get native IPv6 addresses (the dual NIC server boxes do however revert to using Comcast's 6to4 tunnel).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
reply to gibwar

said by gibwar:

I'm using DHCPv6 (stateful configuration) at this time so I can see which devices are registering IPv6. When I switch to stateless configuration the temporary address shows up and changes as expected.

As to why I didn't get one with the Comcast 2001:558 address, I'm guessing it doesn't work with the /128 prefix (which makes total sense as I type this, no room for a privacy address, duh).

Based on the information posted previously, I am assuming that the device getting the Comcast 2001:558 address is a device connected to the SMC gateway's LAN using DHCP. Since that IP address prefix is used by Comcast for router WAN interfaces and/or standalone PC type devices that are not behind a router, it really is a strange anomaly.

When I was using my SMCD3G with a static IPv4 block, the only Comcast IPv6 implementation I could get was using Comcast's 6to4 tunnel with devices that had a public static IPv4 address and were either directly connected to the SMC gateway, or were behind my Netgear router that had a static IPv4 WAN address and was setup to be a 6to4 relay through Comcast's tunnel. Those devices however, received an IPv6 address beginning with the expected "2002" prefix.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
reply to NetFixer

If I needed static IPv6, I'd go back to my HE tunnel. Never had any problems with it.

For some reason my m0n0wall system log is being flooded with something to do with that DHCP-PD configuration:

rtadvd[4649]: received RA from fe80::201:5cff:fe22:c9c1 on non-advertising interface(fxp1)



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

Alright, I have this sorted. I disabled the generation of Temporary IPv6 Address generation.


gibwar

join:2012-12-16
Evans, CO
reply to NetFixer

I agree completely, that's why I posted. I don't see how this could be happening, yet it is! Very, very odd indeed.

My clients are set to autoconfigure IPv6 using whatever means is the default for Windows and Mac OS X. Observing this is quite interesting because they seem to flip flop back and forth between the HE address and a Comcast address.

My servers are all configured using static IPv4 and IPv6 address with autoconfiguration and router discovery turned off.

Again, going by what I've read and what I know about IPv6 and SMC's, this shouldn't be possible... yet it is!



whfsdude
Premium
join:2003-04-05
Washington, DC
Reviews:
·Comcast
reply to NetFixer

said by NetFixer:

Perhaps whfsdude See Profile might be able to provide some advice since his 305/65 connection has an IPv4 static IP block.

Nope Everything I have (including v6) is a static allocation. I'm closer to a Metro E (appears I'm on my own VLAN for now) setup than I am a business cable setup.