Skip to main content

    Support

    Offers

UN
ub-net
1st Topic
1st Reply
1st Accepted Solution

Visitor

 • 

3 Messages

Thursday, May 12th, 2022 9:09 AM

Closed

No longer getting IPv6 address after Xfinity work in my neighborhood

I had a well working setup with IPv4 and IPv6. But there was some big work in my neighborhood today (got email about service interruption and saw several crews working on the street), and now that the work is completed, I now longer get an IPv6 address assigned. I didn't change any config on my side, and of course tried rebooting modem and router, still no IPv6.

Thanks,

Uwe

Question

 • 

Updated 

3 years ago

1.6K

3

0

ub-net

Visitor

 • 

3 Messages

3 years ago

Found the solution in another post: my router's firewall expects dhcpv6 to have a source address of fe80::/10. But after today's service changes in my neighborhood, that seems no longer true. If I allow arbitrary dhcpv6 source addresses, everything is working fine now :)

This was the post that sent me on the right track: https://forums.xfinity.com/conversations/your-home-network/ipv6-not-available-after-service-outage/626c8692ee0ef23e5262bcbb?commentId=626c8c88ff19c3627da4bb09&replyId=626c926dee0ef23e5262bd5c

Cheers,

Uwe

0

0

BruceW

Gold Problem Solver

 • 

26.3K Messages

3 years ago

... my router's firewall expects dhcpv6 to have a source address of fe80::/10 ...

Note that IPv6 addresses assigned by Comcast would never fall in that range, as it is reserved for link-local addresses, usually self-assigned. See https://en.wikipedia.org/wiki/Link-local_address. IPv6 interfaces normally have two addresses: a link-local address only used for communication on the local network, and a public address used for communication with devices on other networks, like the Internet.

0

ub-net

Visitor

 • 

3 Messages

3 years ago

Hi Bruce,

we are talking about different things here. You are talking about the leased address. The one that Comcast hands out to its customers. That one is indeed never link-local.

But I'm talking about the address of Comcast's dhcp server itself. You see, some routers seem to expect that the dhcp server replies from a source address in the fe80 subnet. That means those routers have default firewall rules to allow an inbound dhcp package only if its source address is in the fe80 range. Please note that the source address of the dhcp package is different from the leased address that is transported inside the package.

And it was the case until recently that Comcast's dhcp replies had a source address in the fe80 range, but that seems no longer true now. The problem can be fixed by loosening firewall rules to allow arbitrary dhcp servers. But I don't know whether this may introduce security concerns, if I basically allow anybody on the internet to send me a dhcp package.

Cheers,

Uwe

1

0

gumby71

Visitor

 • 

2 Messages

@ub-net​ I'm having this issue as well.  Currently have a FreeBSD box config'd as a firewall gateway w/that exact same firewall rule (restricting DHCPv6 traffic from/to my box to link local addresses).  My question is this: if Comcast's new DHCPv6 server is now on a global IPv6 address, then doesn't my external (WAN) interface need to have an existing global address before it can even send/receive info from the DHCPv6 server?  But how would it get that public address, if all it had initially is a link local address?

Do I need to have an address assigned by SLAAC from Comcast to my external interface before even making the DHCPv6 call?

3 years ago

0

forum icon

New to the Community?

Start Here