Xfinity Forum Archive...
This is an archived section of the community.
Content in this area has been identified as outdated or irrelevant.
This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.
Post your questions in the Xfinity Community
I finally got to Tier 3 support and spoke to someone who initially replied that I am using a fancy router and they don't think they can fix the issue *he must have spoke to a middle manager who doesn't get the de[th of the problem). I tried to explain to him this violates the RFC 2460 in the following manner (from RFC 2460 - https://tools.ietf.org/html/rfc2460):
Section 3 (p. 4):
Hop Limit 8-bit unsigned integer. Decremented by 1 by each node that forwards the packet. The packet is discarded if Hop Limit is decremented to zero.
and Section 8.2 (p. 27):
8.2 Maximum Packet Lifetime Unlike IPv4, IPv6 nodes are not required to enforce maximum packet lifetime. That is the reason the IPv4 "Time to Live" field was renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4 implementations conform to the requirement that they limit packet lifetime, so this is not a change in practice. Any upper-layer protocol that relies on the internet layer (whether IPv4 or IPv6) to limit packet lifetime ought to be upgraded to provide its own mechanisms for detecting and discarding obsolete packets.
His final response is this needs to go to engineering and will get back to me. The thing is, its not looking good because Comcast is ok with the low/cheap routers that don't conform to spec. Comcast needs to support the spec and as per 8.2, eventually they will have no choice. Their best bet is to validate it's an issue, own it, and fix it. Its not that hard... fill in the Hop limit with 1 or more!
I guess a blog entry may be next :-(
Ok... this is a confirmed bug on Comcast's side. I just ran a capture from a laptop and sure enough... same thing:
Frame 39: 187 bytes on wire (1496 bits), 187 bytes captured (1496 bits) on interface 0 Ethernet II, Src: Cadant_62:a2:46 (00:01:5c:62:a2:46), Dst: Cisco_76:fa:57 (f4:0f:1b:76:fa:57) Destination: Cisco_76:fa:57 (f4:0f:1b:76:fa:57) Source: Cadant_62:a2:46 (00:01:5c:62:a2:46) Type: IPv6 (0x86dd) Internet Protocol Version 6, Src: fe80::201:5cff:fe62:a246, Dst: fe80::8c4:4700:22ad:bfd8 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000 Payload length: 133 Next header: UDP (17) Hop limit: 0 Source: fe80::201:5cff:fe62:a246 [Source SA MAC: Cadant_62:a2:46 (00:01:5c:62:a2:46)] Destination: fe80::8c4:4700:22ad:bfd8 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] User Datagram Protocol, Src Port: 547, Dst Port: 546 DHCPv6
Comcast is setting a hop limit of 0 for Advertise XIDs and Reply XIDs. This violates RFC 2460 and anyone using a router or firewall that conforms to the RFC will reject those packets.
Can we get this escalated to support? This is a serious bug.
Is the IPv6 Hop limit is getting set to 0 by Comcast for Advterisements during the DHCPv6 shaking. My firewall is dropping the DHCPv6 Advertise packets.
Further investigation shows the problem doesn't appear to be the firewall, but the Advertisement XIDs getting dropped when they hit the firewall. The reason is that the hop limit is 0 when Comcast sends the Advertisement XID. My syslog shows this:
7 Feb 20 2017 21:11:34 fe80::201:5cff:fe62:a246 547 fe80::f60f:1bff:fe76:fa57 546 UDP request discarded from fe80::201:5cff:fe62:a246/547 to outside:fe80::f60f:1bff:fe76:fa57/546
The asp-drop gives me the reason for the drop:
271: 22:27:48.672648 fe80::201:5cff:fe62:a246.547 > fe80::f60f:1bff:fe76:fa57.546: udp 121 [hlim 0] Drop-reason: (hop-limit-exceeded) hop-limit exceeded 272: 22:27:48.674983 fe80::201:5cff:fe62:a246.547 > fe80::f60f:1bff:fe76:fa57.546: udp 121 [hlim 0] Drop-reason: (hop-limit-exceeded) hop-limit exceeded
When doing a packet dump to see what is what, I find this in the Advertisement XID in the IPv6 Header:
Hop limit: 0As per RFC 2460 for IPv6, it states "The packet is discarded if Hop Limit is decremented to zero." Hence it appears that my firewall/router is doing exactly what it is supposed to do as per spec/RFC.