Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,709,596

members

10

online now

1,872,896

discussions

Back to Top

Stunningly poor IPv6 tech support - Modem in Bridge Mode for IPv6 assignment

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 1 of 22
1,277 Views

I've been on the phone for over 3 hours (3 hours!) trying to get ANYONE who speaks IPv6.   Every "engineer" I speak with has no clue what it is - they all try to "fix" the problem by reseting the modem or taking it out of bridge mode.  The last one transferred me to wifi support.

 

I have a Cisco ASA-5515-x that I've configured the outside interface for IPv6 DHCP client and autoconfig.    If the modem is not in bridge mode, it assigns my IPv6 outside address correctly.  However, since that prefix is for my inside network, assigning it to my outside interface is of no help.   Once I put them modem in bridge mode, the ASA no longer receives its DHCP assignment presumabely from the upstream DHCPv6 server.

 

Any help would be appriciated.

21 REPLIES
Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 2 of 22
1,237 Views

I give up.  Comcast wins.

Tech support reset my modem no less than 10 times - twice while I was talking to them via WiFi and telling them NOT to reset the modem.

Not a single engineer understood why I needed to have bridge mode enabled.

Not a single engineer could speak to how IPv6 works.

Not a single engineer could transfer me to someone who could help.

So back to IPv4.

Posted by
Regular Visitor
  • Congratulations on receiving your first Kudos! Thank you for your meaningful contribution to the forum. May this be the first of many kudos.
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 3 of 22
1,217 Views

It sounds like bridge mode in your modem/router combination isn't as transparent as a should be.   Why not ditch it and buy a straight modem.   Lots of us with our own modems have no problem running over IPv6.   

Posted by
Connection Expert

Message 4 of 22
1,205 Views

Do you also have their phone service ?




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 5 of 22
1,188 Views
Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 6 of 22
1,187 Views

Because the package I have required their modem.  Package gave me phone service which I didn't use for MONTHS until my wife needed to send a large fax Smiley Happy.  Now its a fax line.

Posted by
Connection Expert

Message 7 of 22
1,182 Views

O/k so if you want to keep and use their phone service, and you want to "ditch" their device (as suggested by others) and purchase your own device, (it can't be a "straight cable modem" as others have suggested). Bear this in mind;

 

FWIW, there *may still* be one caveat to owning your own eMTA or gateway device that supports their phone service. YMMV. I always advise (until I'm told otherwise officially) that the first thing you should do is to call in or go to your local CC service center (the better choice) and inquire / confirm as to whether or not customer owned eMTA's (modems with phone support) are allowed to be used on the local system. Some local franchises still do not allow it and require you to rent one from CC. The personnel that work there seem to better know what the actual local franchise's policies really are than do support reps at the national 800 number.

If allowed, there are five devices available at retail that they will activate for service are the Arris TG862G, the Arris SVG2482AC, the Netgear C7100V, the Arris TM822G, and the Arris TM722G. The 862 is a combo cable modem / router / eMTA gateway device but it is a piece of junk. But it can be put in to bridge mode so that it acts only as a cable modem with phone support. You would the use your own high quality stand-alone router with it.

The SVG2482AC and the C7100V are much better performing combo gateway devices that offer 24 downstream channels. The 822 is an eMTA that offers only 8 downstream channels. The 722 is an older eMTA that offers only 4 downstream channel bonding capability so it won't be able deliver their fastest speed tiers like 150 and faster. They are hard to find as they are not being manufactured anymore.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Contributor

Message 8 of 22
1,164 Views
Does your ASA have setting for DHCPv6 with Prefix Delegation?
Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 9 of 22
1,008 Views

Found 1 issue after HOURS of support from Cisco - the Hop Limit field in the IPv6 header for DHCPv6 packets from Xfinity was set to 0 so all of the DHCPv6 advertisements were bing (correctly) dropped by the ASA.   More hours on the phone trying to find the right comcast "engineer" to fix it.   Finally receiving a /128 address on my outside interface.   However, I'm unable to assign any of my inside interfaces

!

interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address dhcp setroute
ipv6 address dhcp default
ipv6 enable
ipv6 nd suppress-ra
ipv6 dhcp client pd hint ::/56
ipv6 dhcp client pd prefix-from-Comcast
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 192.168.1.1 255.255.255.0
ipv6 address prefix-from-Comcast ::1:0:0:0:1/64
ipv6 address autoconfig
ipv6 enable
!

 

vpn(config-if)# sh ipv6 int
Outside is up, line protocol is up

IPv6 is enabled, link-local address is fe80::206:f6ff:fe2b:2feb
Global unicast address(es):
2601:681:xxxx:xxxx::7356, subnet is 2601:681:xxxx:xxxx::7356/128
Joined group address(es):
ff02::1:ff00:7356
ff02::2
ff02::1:ff2b:2feb
ff02::1
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
Hosts use stateless autoconfig for addresses.


Inside is up, line protocol is up
IPv6 is enabled, link-local address is fe80::206:f6ff:fe2b:2fe8
No global unicast address is configured

Joined group address(es):
ff02::1:ff2b:2fe8
ff02::2
ff02::1
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 1000 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
vpn(config-if)#

 

 

Posted by
Frequent Visitor
  • You have posted 5 replies to the community. Thank you for keeping the conversations going!
  • Congrats on Posting your first topic!
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 10 of 22
900 Views

aaaaannddd we're back to not receiving an IPv6 address on the outside interface.

 

Gota love Comcast...  Briliant engineers there.

Posted by
Frequent Visitor

Message 11 of 22
798 Views

Hi Mickey,

 

I feel your pain as well.  I have had my cases closed here in the forums and ignored.  Read here:

 

http://forums.xfinity.com/t5/Your-Home-Network/IPv6-Hop-Limit-0-for-DHCPv6-Advertisement-XID-set-by-...

 

If you are interested in the real technical issue, it is here:

 

http://techsticles.blogspot.com/2017/03/why-your-fancy-routerfirewall-likely.html

 

The bottom line is yes, as you found, Comcast sends a hop limit of 0, which breaks the RFCs.  The crummy routers on the market (and those that Comcast give you) will accept the IPv6 packet.  Any "expensive" routers or firewalls (i.e. Cisco, Juniper, etc) will reject any packet with a hop limit set to 0. I had a tech over to upgrade me to Gigabit and I showed him the problem.  He was surprised and said he would escalate it, but of course, like with all the other tickets that I opened, I got nothing.

 

My frustrations are with you as I have attempted to speak with the bug kahuna (ComcastJohn) on Reddit, here, and via email with zero response.  You would think he would care.

 

The bottom line is Comcast does not care.  Period.  I run a Cisco 5512X, which is not too different from you and will be married to IPv4 on Comcast until they fix that bug and conform the to RFC 2460.

 

 

 

Posted by
Authorized Vendor

Message 12 of 22
724 Views

This is being looked at and has been escalated..

-------------------------------------
Network Engineer, IP Engineer, Docsis..; the views expressed on this post are mine and do not necessarily reflect the views of my employer..

Gamer.. Living the dream one catastrophe at a time Smiley Happy ..
Posted by
Frequent Visitor

Message 13 of 22
649 Views

Thank you ArrisTuska.  Now I am hopeful we can get this fixed.

Posted by
New Poster
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 14 of 22
572 Views

This is incredibly annoying. I have a Juniper SRX 210 and I couldn't obtain a prefix delegation from Comcast either. Some quick monitoring showed that DHCPv6-Advertise were being sent back with hlim = 0 and JunOS correctly dropped the packet and responsed with ICMPv6 hop-limit-exceeded.

 

Some JunOS devices can use no-ipv6-reject-zero-hop-limit to accept such apckets, unfortunately SRX products does not support it.

 

Comcast, please fix this.

Posted by
Authorized Vendor

Message 15 of 22
526 Views

dndx wrote:
 

Comcast, please fix this.


I am going to PM you I want to know what CMTS your on..  and check some things..

-------------------------------------
Network Engineer, IP Engineer, Docsis..; the views expressed on this post are mine and do not necessarily reflect the views of my employer..

Gamer.. Living the dream one catastrophe at a time Smiley Happy ..
Posted by
Frequent Visitor

Message 16 of 22
399 Views

Hi ArrisTuska,

 

I had sent you some items a couple of weeks ago... do you have any update to this problem?

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 17 of 22
368 Views

I too have this issue.  Hop Limit 0 DHCPv6 Advertise responses from Comcast.  Using an ASA 5506-X running 9.8(2) with a Motorola MB8600.  I'm in the Atlanta area.

 

I'm not sure why the outside interface is not doing SLAAC.  The firewall is receiving RAs, but it is not assigning an address.  The RAs contain 4 ::/64 prefixes.

 

fw1(config)# show ipv6 routers
Router fe80::201:5cff:fe67:6846 on outside, last update 0 min, CONFLICT
  Hops 0, Lifetime 1800 sec, AddrFlag=1, OtherFlag=1
  Reachable time 3600000 msec, Retransmit time 1000 msec
  Prefix 2001:558:xxxx:xxxx::/64
    Valid lifetime 604800, preferred lifetime 302400
  Prefix 2001:558:xxxx:xxxx::/64
    Valid lifetime 604800, preferred lifetime 302400
  Prefix 2001:558:xxxx:xxxx::/64
    Valid lifetime 604800, preferred lifetime 302400
  Prefix 2001:558:xxxx:xxxx::/64
    Valid lifetime 604800, preferred lifetime 302400

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 18 of 22
343 Views

ipv6bob wrote:

I too have this issue.  Hop Limit 0 DHCPv6 Advertise responses from Comcast.  Using an ASA 5506-X running 9.8(2) with a Motorola MB8600.  I'm in the Atlanta area.

 

I'm not sure why the outside interface is not doing SLAAC.  The firewall is receiving RAs, but it is not assigning an address.  The RAs contain 4 ::/64 prefixes.



Replying to myself, it's correctly not doing SLAAC because the RAs tell it not to.

Posted by
Frequent Visitor

Message 19 of 22
289 Views

Those are Comcast routers.  They are publicly known (no need to XX out their addresses).  Your IP addresses will come in the ADVERTISE XID.  Thats the packet that your Cisco is correctly dropping (as well as your REPLY XID if you were to get that far) due to the hop limit = 0.

 

You can fix your CONFLICT on the routers with this on your interface:

 

ipv6 nd reachable-time 3600000

 

But that CONFLICT has no issue or impact.  Its the hop limit = 0 that is causing your problems.

Posted by
Authorized Vendor

Message 20 of 22
222 Views

M0untainman wrote:

Hi ArrisTuska,

 

I had sent you some items a couple of weeks ago... do you have any update to this problem?


I will ping the DHCP OPS again about this..

-------------------------------------
Network Engineer, IP Engineer, Docsis..; the views expressed on this post are mine and do not necessarily reflect the views of my employer..

Gamer.. Living the dream one catastrophe at a time Smiley Happy ..
Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 21 of 22
149 Views


I will ping the DHCP OPS again about this..


Thank you.  I've been working through escalations with support trying to get resolution or acknowledgement.  The last answer I got in residential was that they couldn't gaurantee IPv6 addressing.  When I spoke with business a potential work-around is using a static assignment, and they assign a /56.

 

I just switched to xfinity for speed and price, but I've since realized IPv6 is a requirement as well.

 

Thanks

Posted by
New Poster
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 22 of 22
97 Views

ArrisTuska wrote:

M0untainman wrote:

Hi ArrisTuska,

 

I had sent you some items a couple of weeks ago... do you have any update to this problem?


I will ping the DHCP OPS again about this..


ArrisTuska:

 

I am a Comcast user and own a Cisco ASA 5508-X and am having the same problem obtaining an ipv6 prefix due to the hop limit exceeded. How can I get in touch with you with info needed to resolve this?

 

Thanks.