Re: [44net] Comcast Xfinity Routing - 44net

12 Jul 2019


      Hello Nate,
...
Even in bridge mode I wasn't getting any traffic from AMPRGW. Tomorrow I
will try bridge mode again, it is possible that I may have set up the
firewall rules on my edgerouter incorrectly.
I have Comcast Business here to get static IPv4 addresses and it's worth noting that with these cablemodems (a rebadged Cisco DPC3941B), it doesn't support static IPs in bridging.  You *must* leave the modem in "Bridge: Off" aka.. NAT mode.  In this mode, the inside Ethernet ports or Wifi connections offer both 10.1.0.x NATed address space but also offer my static IP subnet.  I infer that for my static addresses, the Comcast box is doing some sort of 1:1 NATing but it does seem to support protocol 4.  Externally initiated proto-4 traffic comes in ok so the NATing isn't screwing anything up.
A few more things I recently became aware of from a Comcast support rep if it's helpful to you:
- When enabling or disabling bridging mode, my external IP would get assigned to vastly different subnets.  I have no idea why putting the cablemodem into L2 mode would do this but it does.  Something worth considering.
- Pseudo mode:  It seems that Comcast silently pushes new firmware and does reboots on you.  No notifications or release notes are offered up as far as I can tell  I noticed the other day that under the bridging configuration area of the cablemodem, it nows shows OFF, Pseudo, ON.  I have no idea what this new Pseudo means but it does sound similar to what I described above.
- Uptime:  I've been having my cablemodem just stop forwarding traffic after about 70 days of uptime.  Working fine and fast one minute, zero packet forwarding after that.  The front facing LEDs still look happy, web interface still works, but zero forwarding.  According to Comcast, they recommend to their users to reboot the cablemodem every 60 days to avoid issues with memory fragmentation.  This is pretty lame if you ask me but this is what they told me and it's something I'm looking to automate if I can find a decent way to automate their web interface (no CLI or API interfaces offered).
--David
KI6ZHD