As a side note in regards to Comcast and many other ISPs around the globe...
For those who are using the ipip mesh many ISPs prohibit in their router/modem firmware access to the various watchdog timer settings. This actually breaks ipencap because the watchdog timers will kill any encap sockets and prohibit incoming requests to your ipencap IPs.
I wrote a whitepaper on this issue which includes some tests one can run to see if they're (as I call it) bitten by the watchdog and it also offers ways around this. You can read the whitepaper here:
https://uronode.n1uro.com/linux/amprcable.html
I went through a 3 year battle with Comcast on this issue when they kept saying they don't filter ipencap/ip protocol 4 - and it's true they don't. What they don't tell you is that their supplied equipment does. I did get an engineer at Cisco (I had a cisco at the time supplied by Comcast) go through their specification sheet and he did verify that Comcast's specs call for omitting disabling/adjusting the socket watchdog timer in the menu.
Not all deployed Comcast modem/routers have this issue but in time when they do a firmware upgrade on you in the middle of the night you'll think things are broken so if you're not affected now, give it time.