 NetDog
Premium Member
join:2002-03-04
Hollywood, FL |
to voiptalk
Re: [IPv6] IPv6 - Unable to pull /60 after modem firmware upgrade.said by voiptalk:If have the WAN set to request a /64, I get a WAN address and a /64 PD for a LAN interface. PM me your /64 I will request it get deleted.. You will keep getting the /64 because it was assigned to you, so I need to have it deleted so that your next request for a /60 will be filled.. |
|
| |
UnhpyCustmer
Anon
2014-Oct-21 8:36 pm
Either do as NetDog says, or spoof the MAC on the pfSense WAN interface (be sure to power cycle the modem as well). This will generate a new DUID on the Comcast DHCP servers and allow you to pull the requested /60. Remember that once you have an IPv6 lease you will continue to get that requested prefix until lease timeout, so DO NOT request a /64 with this new DUID or you'll have the same problem and be forced to spoof yet another MAC. |
|
| |
to NetDog
I gotta question, how would one know if their router supports /128, /64, and /60 prefixes? |
|
MikroTik RB750G
Cisco DPC3941
1 edit |
said by Mike Wolf:I gotta question, how would one know if their router supports /128, /64, and /60 prefixes? It would show in the WAN configuration. As in this screenshot from pfSense ... For Comcast residential, /64 or /60 PD's are supported. The /128 is the WAN interface. |
|
NetDog
Premium Member
join:2002-03-04
Hollywood, FL |
NetDog
Premium Member
2014-Oct-22 11:30 am
said by voiptalk:For Comcast residential, /64 or /60 PD's are supported. The /128 is the WAN interface. Really this is /64-/60, so you can request a /64,/63,/62,/61 or a /60 if you would like.. |
|
 camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
camper
Premium Member
2014-Oct-22 12:58 pm
said by NetDog:Really this is /64-/60, so you can request a /64,/63,/62,/61 or a /60 if you would like.. Interesting....  |
|
|
 ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA |
to NetDog
Is the provisioning based on the Comcast router or the customer's router/firewall?
So for example, a customer has two connections off the Comcast provided modem, each to a different device, would each device get its own /60-64 or is only one handed out based on the single Comcast router? |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
camper
Premium Member
2014-Oct-22 3:41 pm
said by ropeguru:a customer has two connections off the Comcast provided modem, each to a different device I'm not familiar with Comcast provided modems. But presuming you mean something similar to my Motorola SB6120, then only one device can be connected to the modem. If that one device is a router (or firewall/router), then it would be up to that router to request the appropriate prefix delegation (i.e., /64 - /60) and allocate it into multiple sub-networks on your home LAN as needed. If more than one sub-network is needed in the home, then a /64 will not work, a /63 - /60 prefix delegation must be requested by the home router, and that home router has the task of allocating prefixes from the requested /63 - /60 prefix delegation to the various home networks. So to answer the question I think you are asking... Only one /60 - /64 prefix delegation would be handed out by Comcast's DHCP server to the DHCP client in your router. It would then be up to your router to allocate that prefix delegation on your home network. Clear as mud? |
|
ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA |
ropeguru
Premium Member
2014-Oct-22 3:45 pm
I am discussing more in the business side where there can be multiple devices and the Comcast provided device is typically NOT in bridge mode. |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
camper
Premium Member
2014-Oct-22 3:46 pm
said by ropeguru:I am discussing more in the business side OK. I've no experience in that arena with Comcast.  |
|
AVonGauss
Premium Member
join:2007-11-01
Boynton Beach, FL |
to camper
said by camper:I'm not familiar with Comcast provided modems. But presuming you mean something similar to my Motorola SB6120, then only one device can be connected to the modem. ropeguru I believe is asking about a business account, in his case with a Comcast provided gateway (i.e. SMCD3G). Though, I think the question would equally apply to a business customer who is using a customer owned modem such as a SB6120 since they would receive 5 dynamic addresses. |
|
NetDog
Premium Member
join:2002-03-04
Hollywood, FL |
to ropeguru
said by ropeguru:So for example, a customer has two connections off the Comcast provided modem, each to a different device, would each device get its own /60-64 or is only one handed out based on the single Comcast router? Lets put it this way.. I pay for 5 Dynamic IP Spaces.. so I can get 5 IPv4 address, 5 IPv6 WAN and 5 IPv6 Prefixes A normal account has 1 IP, so 1 IPv4, 1 IPv6 WAN and 1 IPv6 Prefix.. Does that help? |
|
| NetDog |
NetDog
Premium Member
2014-Oct-22 4:15 pm
oh and I have three routers off my connection, more for testing and playing then anything else..
Cisco 3845, Juniper SRX220, Asus router.. |
|
ropeguru
Premium Member
join:2001-01-25
Mechanicsville, VA |
to NetDog
said by NetDog:Lets put it this way.. I pay for 5 Dynamic IP Spaces.. so I can get 5 IPv4 address, 5 IPv6 WAN and 5 IPv6 Prefixes So for a standard business account, you pay for extra dynamic addresses and the normal business user gets one? I only ask as I have seen many mention here that they get 5 dynamic at no cost. |
|
 NetFixerFrom My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Pace 5268AC
TRENDnet TEW-829DRU
|
to camper
said by camper:I'm not familiar with Comcast provided modems. But presuming you mean something similar to my Motorola SB6120, then only one device can be connected to the modem.
If that one device is a router (or firewall/router), then it would be up to that router to request the appropriate prefix delegation (i.e., /64 - /60) and allocate it into multiple sub-networks on your home LAN as needed...
Only one /60 - /64 prefix delegation would be handed out by Comcast's DHCP server to the DHCP client in your router. It would then be up to your router to allocate that prefix delegation on your home network. Only one physical device can be directly attached to a standard cable modem such as your SB6120 -- but if that one physical device is a switch, more than one device can make a connection through the SB6120. Doing so however would require having a business class account or paying for a multiple IP address account. I currently only use two routers behind my SB6121, but I have at times used all of the five allowed dynamic IP addresses that I pay for (as shown below in the SB6121 Addresses page screen grab): 
At this time, only my D-Link DIR655 has the capability of asking for and receiving a /60 PD prefix (my other routers can only get the standard /64 PD prefix). However, if I were to attach five /60 PD prefix capable routers, I am pretty sure that all five of those router could be assigned a /60 PD prefix. Comcast's DHCP server does not know how many routers I have connected -- it only responds to the DUID/MAC addresses of the CPE -- it is the modem that restricts the number of CPE devices based on its config file. If you are interested, you can view a diagram of my current network at: » www.dcs-net.net/image/DC ··· gram.gif |
|
| NetFixer |
to ropeguru
said by ropeguru:said by NetDog:Lets put it this way.. I pay for 5 Dynamic IP Spaces.. so I can get 5 IPv4 address, 5 IPv6 WAN and 5 IPv6 Prefixes So for a standard business account, you pay for extra dynamic addresses and the normal business user gets one? I only ask as I have seen many mention here that they get 5 dynamic at no cost. All business class customers are allowed up to five simultaneous dynamic IP addresses at no additional charge; but if you are using one of Comcast's gateway boxes, you can't access them unless the gateway is in bridge mode. A residential HSI customer can also pay for up to five simultaneous dynamic IP addresses in some (but not all) franchise areas. I have not tried it, but you could possibly keep the leased gateway box in RG mode, and attach a standard cable modem with a coax splitter and also access up to five dynamic IP addresses by splitting the load between the two "modems". I have done something similar using two standard cable modems (with no leased gateway involved), and I had no problems doing it. However, if you were to exceed five dynamic IP addresses by using multiple modems, Comcast might object to that (if an audit caught you doing it). |
|
| |
to voiptalk
Not seeing any prefix indication on my router. I do notice something on my HP printer though. Which reminds me, anyone know when we will start to get IPv6 domain or host names? |
|
NetFixerFrom My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU
1 edit |
NetFixer
Premium Member
2014-Oct-22 6:35 pm
said by Mike Wolf:Not seeing any prefix indication on my router...
Which reminds me, anyone know when we will start to get IPv6 domain or host names? So, you are saying that the "Prefix Address" on what I assume is your router's IP status page is actually blank, and is not blank because you masked it? If there is actually a PD prefix address showing there, and it is not otherwise identified with a prefix length, it would be safe to assume that it is a standard /64 prefix. Domain and hostnames (IPv4 and/or IPv6) for any publicly visible devices you have on your network would be up to you to provide, not to Comcast. C:\>dig -ta www.dcs-net.net
; <<>> DiG 9.9.2 <<>> -ta www.dcs-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62327
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.dcs-net.net. IN A
;; ANSWER SECTION:
www.dcs-net.net. 180 IN A 107.3.233.242
;; Query time: 46 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Wed Oct 22 17:21:45 2014
;; MSG SIZE rcvd: 60
C:\>dig -taaaa www6.dcs-net.net
; <<>> DiG 9.9.2 <<>> -taaaa www6.dcs-net.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49991
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www6.dcs-net.net. IN AAAA
;; ANSWER SECTION:
www6.dcs-net.net. 1800 IN CNAME webhost.dyndns-ip.com.
webhost.dyndns-ip.com. 60 IN AAAA 2601:5:1f00:f7:e291:f5ff:fe95:a879
;; Query time: 312 msec
;; SERVER: 192.168.9.2#53(192.168.9.2)
;; WHEN: Wed Oct 22 17:22:01 2014
;; MSG SIZE rcvd: 108
If you are asking about rDNS for a customer dynamic IPv6 address, I rather doubt that you will ever see Comcast go to the trouble to generate PTR records for every possibly customer dynamic IPv6 address (they don't even do that for some of their own public servers -- although to be fair to Comcast, a lot of those are Edgesuite/Akamai IP addresses). |
|
1 edit |
Yes Prefix is blank. Only thing I hid was the local MAC address. Are you saying that if I request a different prefix like /63 that it would show up there?
I was referring to either the c-xx-xx-xx-xxx.hsd1.nj.comcast.net host name or the hsd1.nj.comcast.net domain name. Someone I spoke to mentioned something about RFC 4702 ? |
|
NetFixerFrom My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2014-Oct-22 6:58 pm
said by Mike Wolf:Yes Prefix is blank. Only thing I hid was the local MAC address. That sounds like a router firmware bug. You obviously have a Comcast PD prefix assigned to your LAN (as evidenced by the HP printer IP status you posted). said by Mike Wolf:I was referring to either the c-xx-xx-xx-xxx.hsd1.nj.comcast.net host name or the hsd1.nj.comcast.net domain name. Someone I spoke to mentioned something about RFC 4702 ? That would be a reference to the rDNS/PTR records I already mentioned. The A record usage of that RFC is not used by Comcast even for business class customers (the customer is responsible for setting up A records -- although BCI customers can use Comcast's DNS hosting service for doing so if they wish). |
|
1 edit |
I also came across this » ipv6-test.com/ which gives me a 19/20 with the IPv6 host name missing and says "There is no reverse DNS record to associate your IPv6 address with a host name. Reverse DNS records are required by some Internet protocols and are usually managed at the ISP level." Also does Comcast use ICMP? That website says that "IPv6 relies heavily on ICMP, a control protocol that Internet hosts use to signal error conditions." In order for the website to say it's reachable, I had to turn off Filter anonymous Internet requests on my router. That safe? Regarding the HP printer IP status I posted, which one is the Comcast PD, the self or the stateless? So I'm guessing that if I have the prefix changed it still wouldn't show? |
|
NetDog
Premium Member
join:2002-03-04
Hollywood, FL |
NetDog
Premium Member
2014-Oct-22 7:56 pm
said by Mike Wolf:Regarding the HP printer IP status I posted, which one is the Comcast PD, the self or the stateless? The FE80 is the Link-Local Address The 2601 is the Comcast Global Customer Prefix Range |
|
NetFixerFrom My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU
|
to Mike Wolf
said by Mike Wolf:I also came across this »ipv6-test.com/ which gives me a 19/20 with the IPv6 host name missing and says "There is no reverse DNS record to associate your IPv6 address with a host name. Reverse DNS records are required by some Internet protocols and are usually managed at the ISP level." Yes, the IP address owner (Comcast) is responsible for setting up rDNS/PTR records, and yes, some applications do require that your local IP address have a rDNS/PTR record (and in some cases that the rDNS/PTR record match the domain name of the associated A record). However, that should not be a problem for most residential Comcast HSI customers (and IPv6 is still not officially supported for BCI customers except for "IPv6 trial" customers who are warned not to use the IPv6 trial addresses for production work). Probably the most common application that requires a valid rDNS/PTR record is SMTP, and a residential HSI customer can not do this anyway because of Comcast's port 25 block. said by Mike Wolf:Also does Comcast use ICMP? That website says that "IPv6 relies heavily on ICMP, a control protocol that Internet hosts use to signal error conditions." In order for the website to say it's reachable, I had to turn off Filter anonymous Internet requests on my router. That safe? IPv6 uses ICMP, it is irrelevant to ask if Comcast uses it -- they have to use it for full IPv6 implementation. Whether or not turning off "Filter anonymous Internet requests" is safe on your router would depend on exactly what that setting does (consult your router's documentation). I have no problem with keeping full SPI firewall protection active on my D-Link DIR655 -- I do allow the WAN interface to be "pinged", but that is a personal preference to allow that interface to work with the site's Line Monitoring application rather than anything that is required for IPv6 functionality. I did have to allow ICMP in the software firewalls in all of my IPv6 enabled Windows PC boxes in order to get full IPv6 functionality (but that requirement may vary with the OS version being used): 
I also had to implement an inbound ICMPv6 rule in my D-Link DIR655 in order to have full IPv6 implementation (but I suspect that your current router does not have that specific configuration capability -- and probably uses the disabling of "Filter anonymous Internet requests" to accomplish the same thing): 
said by Mike Wolf:Regarding the HP printer IP status I posted, which one is the Comcast PD, the self or the stateless? So I'm guessing that if I have the prefix changed it still wouldn't show? The Comcast PD prefix in your HP printer is the IPv6 address 2601:C:1B80:42C::/64. |
|
| |
Thanks NetDog and NetFixer for your lessions on IPv6 and answering my questions. Yeah disabling the Filter ping requests allowed my router to accept ICMP and yeah I had to create an exception in all my Windows 7/8 computers firewalls to allow ICMPv6 Echo. |
|
camperjust visiting this planet
Premium Member
join:2010-03-21
Bethel, CT |
to NetDog
said by NetDog:Really this is /64-/60, so you can request a /64,/63,/62,/61 or a /60 if you would like.. I just switched from requesting a /60 to requesting a /62, as I need only 4 subnets at this time. I received the /62, no problem (I deleted the old /60 lease file before requesting the /62). I had to modify my scripts, as they were hard-coded for processing the /60. But now they're more flexible, and I can change from one PD length to another on the fly. |
|
