Comcast residential IPv6 works without a hiccup

With all my servers and services IPv6 enabled remotely, it was time to check out how well Comcast is doing with their residential IPv6 rollout. First thing I did was check out their listed compatible DOCSIS 3.x modems that had IPv6 support. Saw the Motorola SB6120 listed, and having used their ISDN products in mid-90s, figured it would be a good investment. Hunted around and found that the nearby Fry’s Electronics had the SB6121. Picked it up for $100. They also had Zoom modems that stated they supported IPv6. But after dealing with their Rockwell chipset modems in the early 90s, I’ll pass.

Got home, swapped out the old RCA rental from Comcast, and plugged in the new one. Called them up, got them the HFC MAC and had them provision it. Took them a bit to do, but finally my laptop was getting a Comcast IP, and that was a good start. Plugged in the D-Link DIR-825, it got its old IP back (since its MAC hadn’t changed). Went into the IPv6 WAN Configuration, and initially picked “Autoconfiguration (SLAAC/DHCPv6)”, but decided that since we live in the FUTURE, I’d let the D-Link try “Auto” and sort it out. Well it worked, and I had IPv6 on the D-Link’s WAN interface, and my laptop was autoconfiguring out of Comcast space.

But there was one last hurdle: Comcast. While IPs had configured fine, I couldn’t reach anywhere. I spent roughly 30 minutes reviewing all configuration settings, making sure I had routes, and rebooting everything a few times to no avail. Finally gave in, called back Comcast, and the tech was like “oh, let me disable the firewall on our side.” POOF! Everything worked. So Comcast residential IPv6 is definitely live in my area, and just needed a new shiny DOCSIS 3.x modem.

12 thoughts on “Comcast residential IPv6 works without a hiccup

  1. Very cool news. I’ve found I”ve got IPv6 in my neighborhood as well. CentOS6 doesn’t appear to work properly with dhcpv6. However, with sniffing the Comcast network I can see other /64s in use. I just bound an IPv6 address in the /64, set the default gateway to the ::1 address, and I was off and running.

    Further, I found that my ddwrt can bind this address manually and route traffic. Interestingly enough, Comcast is not doing IPv6 source address filtering. This means my /48 from HE can route out through Comcast and back in via my HE tunnel.

    Now if I can just hack a dhcpv6-pd /64 assignment for my network so I can go all native, without having to replace my ddwrt router.

    I’d be curious if your /64 is somehow associated with your /128.

  2. I just emailed someone over at Comcast about this, so hopefully they are aware of it if they weren’t already. Thanks for noticing, and good luck getting it all working!

  3. I did a similar thing, bought a Moto 6121, installed it, got my FC13 firewall to request an IP6 address with this in ifcfg-eth0:

    DEVICE=eth0
    BOOTPROTO=dhcp
    HWADDR=XX:XX:XX:XX:XX:XX
    ONBOOT=yes
    IPV6INIT=”yes”
    IPV6_AUTOCONF=”yes”
    DHCPV6C=”yes”
    #DHCPV6C_OPTIONS=”-P”
    #IPV6FORWARDING=”yes”

    All works… but I can’t yet figure out how to do prefix delegation.

  4. I’ve got an identical hardware setup, and have confirmed that IPv6 is enabled for my modem, but when I reach your last step (my network appears to have fully autoconfigured including DHCP to the individual client devices, but no web access from LAN side), I call comcast and they tell me there’s no such thing as a firewall on their end, and that all they can control is my speed limit. What gives?

    I’ve tried disabling my own firewalls both on the DIR-655 and on my OS, but no change.

    The person I spoke with was very polite and friendly, and gave me the impression that they understood how the network works, but seemed convinced that we only get 1 single DHCP IPv6 address and the rest is up to our local network configuration to assign IPs just like IPv4 NAT.

    Know of any way to get directly in touch with a person capable of helping me, or what specific information to cite to put them on the right track?

      • Forums indicated that a common issue is that routers/modems have incompatible asynchronous boot up sequences, e.g. IPv6 is ready on one before the other and they establish DHCP improperly as a result.

        What (I think) eventually worked for me was turning off both, allowing the router to fully boot and wait a FULL couple of minutes, then boot up the modem, which will then realize it needs IPv6 for a whole network not just one client. My interpretation of what happened, at least.

        I happen to also have turned on IPv6 ULA when I did this, but that does not appear to be getting utilized from what I can tell. I’m not even clear what that does.

  5. Curious if this affects the other dlink routers (security vulnerability exists on dir657 and dlink wont even humor me with an email response about it)..

    See if your router’s web interface is publicly accessible via the lan ipv6 address (also local ipv6 if using he’s 6in4). The remote management setting only applies to wan ipv4, and the ipv6 firewall does nothing for lan/local ipv6 for the router itself.

  6. I’ve got an IPv6 address from Comcast and set my IPv6 setup like your DIR-825 but for whatever the reason my DIR-645 not getting an IPv6 address fromComcast DOCSIS 3 cable modem. No web access from LAN side, and have turned off all the firewalls…

    • How did you verify you got an IPv6 address from Comcast? If it wasn’t on the DIR-645, and the DIR-645 doesn’t appear to have IPv6 controls, make certain your particular hardware revision (not firmware) has IPv6 support. I noticed with the DIR-615 series that by the time hardware revision C or D came out, they lost IPv6 support in the firmware.

Leave a Reply