Re: Comcast business IPv6 vs rbldnsd & PSBL

[Peter Losher]

That's true - I had one of the SMC routers for many years when I had static
Business HSI service, and switched earlier this year to using a off the
shelf Arris (ex Motorola) Surfboard modems and dynamic IP on my BHSI
service... my IPv6 service has never been better. :)

Unless you have a static IP configuration - As long as it's on Comcast's
approved modem list they don't care what modem you use even if it's on
their business class service.

Best Wishes - Peter

On Tue, Nov 29, 2016 at 1:18 PM,  wrote:

> To clarify, you cannot rent AND have static IP's.
>
> You can rent your own modem ofr business service when using dynamic IP's.
>
> Robert Webb
>
>
> On Tue, 29 Nov 2016 15:07:52 -0500
>  Jared Mauch  wrote:
>
>> Can't do that with the business service. Oh well, to have choices.
>> Jared Mauch
>>
>>> On Nov 29, 2016, at 2:40 PM, Randy Bush  wrote:
>>>
>>> i am running my own (why rent at silly costs) dpc3008 and wfm.
>>>
>>> randy
>>>
>>
>


-- 
[ http://blog.plosh.net ] - "Earth Halted: Please reboot to continue"

Re: Comcast business IPv6 vs rbldnsd & PSBL

[rwebb]

To clarify, you cannot rent AND have static IP's.

You can rent your own modem ofr business service when using dynamic IP's.

Robert Webb

On Tue, 29 Nov 2016 15:07:52 -0500
 Jared Mauch  wrote:
Can't do that with the business service. Oh well, to have choices. 


Jared Mauch

On Nov 29, 2016, at 2:40 PM, Randy Bush  wrote:

i am running my own (why rent at silly costs) dpc3008 and wfm.

randy

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Jared Mauch]

Can't do that with the business service. Oh well, to have choices. 

Jared Mauch

> On Nov 29, 2016, at 2:40 PM, Randy Bush  wrote:
> 
> i am running my own (why rent at silly costs) dpc3008 and wfm.
> 
> randy

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Bryan Holloway]

Not to mention that they "raised my rent" a few months ago by $5/mo, 
which is pretty ludicrous considering that a) it doesn't actually work 
as advertised, and b) it probably cost them $20-30 to purchase those 
SMCs wholesale in the first place. They've made their money on my CPE 
many many times over.


But that's just the way it is.


On 11/29/16 1:48 PM, Luke Guillory wrote:

Because if you want static IPs from them you must rent one of the following.

Cisco DPC3939B or DPC3941B
Netgear CG3000DCR
SMC Networks SMCD3G




Luke Guillory
Network Operations Manager

Tel:985.536.1212
Fax:985.536.0300
Email:  lguill...@reservetele.com

Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084

_

Disclaimer:
The information transmitted, including attachments, is intended only for the 
person(s) or entity to which it is addressed and may contain confidential 
and/or privileged material which should not disseminate, distribute or be 
copied. Please notify Luke Guillory immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
contain viruses. Luke Guillory therefore does not accept liability for any 
errors or omissions in the contents of this message, which arise as a result of 
e-mail transmission. .

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Randy Bush
Sent: Tuesday, November 29, 2016 1:41 PM
To: Rik van Riel
Cc: North American Network Operators' Group
Subject: Re: Comcast business IPv6 vs rbldnsd & PSBL

i am running my own (why rent at silly costs) dpc3008 and wfm.

randy

RE: Comcast business IPv6 vs rbldnsd & PSBL

[Luke Guillory]

Because if you want static IPs from them you must rent one of the following.

Cisco DPC3939B or DPC3941B
Netgear CG3000DCR
SMC Networks SMCD3G




Luke Guillory
Network Operations Manager

Tel:985.536.1212
Fax:985.536.0300
Email:  lguill...@reservetele.com

Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084

_

Disclaimer:
The information transmitted, including attachments, is intended only for the 
person(s) or entity to which it is addressed and may contain confidential 
and/or privileged material which should not disseminate, distribute or be 
copied. Please notify Luke Guillory immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
contain viruses. Luke Guillory therefore does not accept liability for any 
errors or omissions in the contents of this message, which arise as a result of 
e-mail transmission. .

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Randy Bush
Sent: Tuesday, November 29, 2016 1:41 PM
To: Rik van Riel
Cc: North American Network Operators' Group
Subject: Re: Comcast business IPv6 vs rbldnsd & PSBL

i am running my own (why rent at silly costs) dpc3008 and wfm.

randy

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Mikael Abrahamsson]

On Tue, 29 Nov 2016, Rik van Riel wrote:


Not a symptom I ever expected to see...


It's pretty obvious that the CPEs being sold for this "business service" 
isn't meant for the kind of service you run.


They're probably doing connection tracking for ACK optimization, this 
should not be done for UDP but it's still being done. They probably have a 
connection limit of a few thousand connections (not uncommon for these 
kinds of devices) and it's not possible to turn off what you need to turn 
off to make them work correctly.


Do you have any other options in your area for other ISPs that can offer a 
better service for you?


Otherwise you might hack around it by running an IPSEC/UDP tunnel to 
somewhere else where there isn't this kind of connection limit.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Randy Bush]

i am running my own (why rent at silly costs) dpc3008 and wfm.

randy

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Rik van Riel]

On Tue, 2016-11-29 at 13:34 -0500, Jared Mauch wrote:
> Folks at Comcast have told me to ask for the SMC gateway to be
> replaced with either the netgear or Cisco to solve that issue. 

Over the past year and a bit, I have had all three
of the Comcast business routers in my network.

The Netgear only stayed for one day - after about
10-15 minutes of "heavy" (~300kbit/s) DNS lookups
coming in from the outside, it was almost impossible
to make new TCP connections across the router, either
IPv4 or IPv6.

The SMC D3G-CCR mostly worked, except at some point
during the year, the fraction of traffic going over
IPv6 went high enough to wreck the D3G, causing it to
crash and reboot several times a day, without having
enough diagnostics for me to figure out what was going
on.

The Cisco DPC3941B seems to fail in pretty much the
same way as the SMC D3G-CCR, but it has enough
diagnostics that I could finally figure out what was
happening. With "Gateway Smart Packet Detection" disabled,
and the "Firewall completely disabled", the logs are
still showing tens of thousands of dropped IPv6 connections
every day.

In other words, the config options that supposedly disable
the firewall completely, do not in fact disable the firewall
code, and I am still hitting connection tracking limits.

DNS lookups coming from randomized port numbers (to avoid
spoofing issues) mean every DNS query takes up another slot
in the connection tracking table.

Once the table is full, the router will search for a
re-usable slot before routing a packet. This can cause
ping times to 10.1.10.1 (the router) to go as high as
800ms. This is from a system sitting 5ft from the router.

If the router does not find any re-usable slot in the
connection tracking table, packets can get lost.

This leads to the "fun" scenario where pinging the router
from a system directly connected to it shows 30% packet
loss, while streaming video over an already established
TCP stream continues at full speed!

Not a symptom I ever expected to see...

-- 
All rights reversed


signature.asc
Description: This is a digitally signed message part

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Jared Mauch]

Folks at Comcast have told me to ask for the SMC gateway to be replaced with 
either the netgear or Cisco to solve that issue. 

Jared Mauch

> On Nov 29, 2016, at 1:28 PM, Bryan Holloway  wrote:
> 
> I concur with the kudos bit, but I'll also concur that the CPE support 
> appears to be limited. Another example: IPv6 prefix delegation is broken on 
> the SMCD3G-CCR, and according to the following threads:
> 
> http://www.gossamer-threads.com/lists/nsp/ipv6/54761 (scroll down to the IPv6 
> OPERATIONS - BUSINESS section)
> 
> http://forums.businesshelp.comcast.com/t5/IPV6/Dual-Stack-on-SMC-D3GCCR-and-Cisco-DPC3939B/td-p/20504
> 
> ... others have the same issue and there isn't much of an incentive to fix it.
> 
> When I asked if I could use my own CPE, I was told no, because I'm a 
> "business customer", which is a requirement if you want static v4 IPs.
> 
> Anyone have any success with a different model CPE and Comcast v6? I love 
> that they hand out a /56 by default, but it's not of much use if I can only 
> use a single /64.
> 
>- bryan
> 
> 
>> On 11/29/16 11:45 AM, Livingood, Jason wrote:
>> I can send it along to folks here at Comcast.
>> 
>> - Jason
>> 
>> On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" 
>>  wrote:
>> 
>>First of all, kudos to Comcast for trying to roll out IPv6 across
>>their entire network. Static IPv6 netblocks seem to be available
>>for Comcast business users, and IPv6 is enabled unconditionally
>>in the CPE routers used by Comcast business class internet.
>> 
>>Unfortunately, the software in the two available CPE routers
>>(SMC & Cisco) is horribly broken when it comes to IPv6.
>> 
>>The TL;DR summary: even when IPv6 firewalling is disabled in
>>the configuration, the router still tracks every IPv6 "connection",
>>which causes every single DNS lookup to fill up a slot in its
>>connection tracking table.
>> 
>>The router's logs say it blocks tens of thousands of IPv6
>>connections every day, despite firewalling being "disabled" on
>>the router.
>> 
>>Once the connection tracking table fills up, both IPv6 and IPv4
>>start having trouble, with packet loss on ICMP, high ping times
>>to the local router (and the internet), and new connections not
>>establishing. The router randomly crashes and reboots too,
>>sometimes multiple times a day.
>> 
>>This ends up breaking both IPv6 and IPv4.
>> 
>>It only takes about 300kbit/s of DNS traffic to trigger the bug,
>>in both the SMC and the Cisco routers.
>> 
>>Are there any Comcast NOC or other technical people present who
>>could help?
>> 
>>I am interested both in helping resolve the firmware issues in
>>the routers (there will no doubt be other customers who hit this
>>in the future, as IPv6 becomes ore common) or, if that is not an
>>option, finding some way to avoid the issue.
>> 
>> 
>>http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/Cis
>>co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/30807
>> 
>>--
>>All Rights Reversed.
>> 

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Bryan Holloway]

I concur with the kudos bit, but I'll also concur that the CPE support 
appears to be limited. Another example: IPv6 prefix delegation is broken 
on the SMCD3G-CCR, and according to the following threads:


http://www.gossamer-threads.com/lists/nsp/ipv6/54761 (scroll down to the 
IPv6 OPERATIONS - BUSINESS section)


http://forums.businesshelp.comcast.com/t5/IPV6/Dual-Stack-on-SMC-D3GCCR-and-Cisco-DPC3939B/td-p/20504

... others have the same issue and there isn't much of an incentive to 
fix it.


When I asked if I could use my own CPE, I was told no, because I'm a 
"business customer", which is a requirement if you want static v4 IPs.


Anyone have any success with a different model CPE and Comcast v6? I 
love that they hand out a /56 by default, but it's not of much use if I 
can only use a single /64.


- bryan


On 11/29/16 11:45 AM, Livingood, Jason wrote:

I can send it along to folks here at Comcast.

- Jason

On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel"  wrote:

First of all, kudos to Comcast for trying to roll out IPv6 across
their entire network. Static IPv6 netblocks seem to be available
for Comcast business users, and IPv6 is enabled unconditionally
in the CPE routers used by Comcast business class internet.

Unfortunately, the software in the two available CPE routers
(SMC & Cisco) is horribly broken when it comes to IPv6.

The TL;DR summary: even when IPv6 firewalling is disabled in
the configuration, the router still tracks every IPv6 "connection",
which causes every single DNS lookup to fill up a slot in its
connection tracking table.

The router's logs say it blocks tens of thousands of IPv6
connections every day, despite firewalling being "disabled" on
the router.

Once the connection tracking table fills up, both IPv6 and IPv4
start having trouble, with packet loss on ICMP, high ping times
to the local router (and the internet), and new connections not
establishing. The router randomly crashes and reboots too,
sometimes multiple times a day.

This ends up breaking both IPv6 and IPv4.

It only takes about 300kbit/s of DNS traffic to trigger the bug,
in both the SMC and the Cisco routers.

Are there any Comcast NOC or other technical people present who
could help?

I am interested both in helping resolve the firmware issues in
the routers (there will no doubt be other customers who hit this
in the future, as IPv6 becomes ore common) or, if that is not an
option, finding some way to avoid the issue.


http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/Cis
co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/30807

--
All Rights Reversed.

Re: Comcast business IPv6 vs rbldnsd & PSBL

[Livingood, Jason]

I can send it along to folks here at Comcast.

- Jason

On 11/28/16, 1:46 PM, "NANOG on behalf of Rik van Riel" 
 wrote:

First of all, kudos to Comcast for trying to roll out IPv6 across
their entire network. Static IPv6 netblocks seem to be available
for Comcast business users, and IPv6 is enabled unconditionally
in the CPE routers used by Comcast business class internet.

Unfortunately, the software in the two available CPE routers
(SMC & Cisco) is horribly broken when it comes to IPv6.

The TL;DR summary: even when IPv6 firewalling is disabled in
the configuration, the router still tracks every IPv6 "connection",
which causes every single DNS lookup to fill up a slot in its
connection tracking table.

The router's logs say it blocks tens of thousands of IPv6
connections every day, despite firewalling being "disabled" on
the router.

Once the connection tracking table fills up, both IPv6 and IPv4
start having trouble, with packet loss on ICMP, high ping times
to the local router (and the internet), and new connections not
establishing. The router randomly crashes and reboots too,
sometimes multiple times a day.

This ends up breaking both IPv6 and IPv4.

It only takes about 300kbit/s of DNS traffic to trigger the bug,
in both the SMC and the Cisco routers.

Are there any Comcast NOC or other technical people present who
could help?

I am interested both in helping resolve the firmware issues in
the routers (there will no doubt be other customers who hit this
in the future, as IPv6 becomes ore common) or, if that is not an
option, finding some way to avoid the issue.


http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/Cis
co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/30807

-- 
All Rights Reversed.

Comcast business IPv6 vs rbldnsd & PSBL

[Rik van Riel]

First of all, kudos to Comcast for trying to roll out IPv6 across
their entire network. Static IPv6 netblocks seem to be available
for Comcast business users, and IPv6 is enabled unconditionally
in the CPE routers used by Comcast business class internet.

Unfortunately, the software in the two available CPE routers
(SMC & Cisco) is horribly broken when it comes to IPv6.

The TL;DR summary: even when IPv6 firewalling is disabled in
the configuration, the router still tracks every IPv6 "connection",
which causes every single DNS lookup to fill up a slot in its
connection tracking table.

The router's logs say it blocks tens of thousands of IPv6
connections every day, despite firewalling being "disabled" on
the router.

Once the connection tracking table fills up, both IPv6 and IPv4
start having trouble, with packet loss on ICMP, high ping times
to the local router (and the internet), and new connections not
establishing. The router randomly crashes and reboots too,
sometimes multiple times a day.

This ends up breaking both IPv6 and IPv4.

It only takes about 300kbit/s of DNS traffic to trigger the bug,
in both the SMC and the Cisco routers.

Are there any Comcast NOC or other technical people present who
could help?

I am interested both in helping resolve the firmware issues in
the routers (there will no doubt be other customers who hit this
in the future, as IPv6 becomes ore common) or, if that is not an
option, finding some way to avoid the issue.


http://forums.businesshelp.comcast.com/t5/Equipment-Modems-Gateways/Cis
co-DPC3941B-slows-to-a-crawl-and-crashes-several-times-a-day/td-p/30807

-- 
All Rights Reversed.

signature.asc
Description: This is a digitally signed message part