Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,665,823

members

70

online now

1,837,410

discussions

Back to Top

IPv6 Hop Limit 0 for DHCPv6 Advertisement XID set by Comcast?: Take 2

Highlighted
Posted by
Frequent Visitor

Message 1 of 3
393 Views

Is the IPv6 Hop limit is getting set to 0 by Comcast for Advterisements during the DHCPv6 shaking.  My firewall is dropping the DHCPv6 Advertise packets.

 

Further investigation shows the problem doesn't appear to be the firewall, but the Advertisement XIDs getting dropped when they hit the firewall.  The reason is that the hop limit is 0 when Comcast sends the Advertisement XID.  My syslog shows this:

 

7 Feb 20 2017 21:11:34	 fe80::201:5cff:fe62:a246 547 fe80::f60f:1bff:fe76:fa57 546 UDP request discarded from fe80::201:5cff:fe62:a246/547 to outside:fe80::f60f:1bff:fe76:fa57/546

The asp-drop gives me the reason for the drop:
 

 271: 22:27:48.672648  fe80::201:5cff:fe62:a246.547 > fe80::f60f:1bff:fe76:fa57.546:  udp 121 [hlim 0] Drop-reason: (hop-limit-exceeded) hop-limit exceeded
 272: 22:27:48.674983  fe80::201:5cff:fe62:a246.547 > fe80::f60f:1bff:fe76:fa57.546:  udp 121 [hlim 0] Drop-reason: (hop-limit-exceeded) hop-limit exceeded

When doing a packet dump to see what is what, I find this in the Advertisement XID in the IPv6 Header:

 

Hop limit: 0
As per RFC 2460 for IPv6, it states "The packet is discarded if Hop Limit is decremented to zero."   Hence it appears that my firewall/router is doing exactly what it is supposed to do as per spec/RFC.
Comcast appears to be sending Advterisment XIDs via DHCPv6 with hop limit = 0.  Other dumps of other ISPs around the net, etc shows a hop limit set at 10 to 64.
I have contacted the telephone support to no avail (they all think resetting your modem is the magic bullet) and getting to tier 3 support (or beyond) is nearly impossible.  I have reached out directly to John Brzozowski and also one of the Comcast representatives who had frequented this forum.  No response.  I miss the days of Comcast/Arris/NetDog/Tuska.
If anyone else has seen this or if someone from Comcast can verify if perhaps its just my account or whatever, this would be very helpful.  I really want to get IPv6 going, but it has been difficult at best.
Thanks in advance for help or input.
2 REPLIES
Posted by
Frequent Visitor

Message 2 of 3
360 Views

Ok... this is a confirmed bug on Comcast's side.  I just ran a capture from a laptop and sure enough... same thing:

 

Frame 39: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) on interface 0
Ethernet II, Src: Cadant_62:a2:46 (00:01:5c:62:a2:46), Dst: Cisco_76:fa:57 (f4:0f:1b:76:fa:57)
    Destination: Cisco_76:fa:57 (f4:0f:1b:76:fa:57)
    Source: Cadant_62:a2:46 (00:01:5c:62:a2:46)
    Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: fe80::201:5cff:fe62:a246, Dst: fe80::8c4:4700:22ad:bfd8
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000
    Payload length: 133
    Next header: UDP (17)
    Hop limit: 0
    Source: fe80::201:5cff:fe62:a246
    [Source SA MAC: Cadant_62:a2:46 (00:01:5c:62:a2:46)]
    Destination: fe80::8c4:4700:22ad:bfd8
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 547, Dst Port: 546
DHCPv6

Comcast is setting a hop limit of 0 for Advertise XIDs and Reply XIDs.  This violates RFC 2460  and anyone using a router or firewall that conforms to the RFC will reject those packets.

 

Can we get this escalated to support? This is a serious bug.

Posted by
Frequent Visitor

Message 3 of 3
255 Views

I finally got to Tier 3 support and spoke to someone who initially replied that I am using a fancy router and they don't think they can fix the issue *he must have spoke to a middle manager who doesn't get the de[th of the problem).  I tried to explain to him this violates the RFC 2460 in the following manner (from RFC 2460 - https://tools.ietf.org/html/rfc2460):

 

Section 3 (p. 4):

Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. The packet is discarded if Hop Limit is decremented to zero.

and Section 8.2 (p. 27):

8.2 Maximum Packet Lifetime Unlike IPv4, IPv6 nodes are not required to enforce maximum packet lifetime. That is the reason the IPv4 "Time to Live" field was renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4 implementations conform to the requirement that they limit packet lifetime, so this is not a change in practice. Any upper-layer protocol that relies on the internet layer (whether IPv4 or IPv6) to limit packet lifetime ought to be upgraded to provide its own mechanisms for detecting and discarding obsolete packets.

His final response is this needs to go to engineering and will get back to me.  The thing is, its not looking good because Comcast is ok with the low/cheap routers that don't conform to spec.  Comcast needs to support the spec and as per 8.2, eventually they will have no choice.  Their best bet is to validate it's an issue, own it, and fix it.  Its not that hard... fill in the Hop limit with 1 or more!

 

I guess a blog entry may be next :-(