New Contributor
•
9 Messages
Comcast Internet Gateways Not Responding to ICMP Echo
I have a CBR-T CGA4131COM running in bridge mode. When my firewall (pfSense+) that is attached to that device sends out a DHCP request, I get a response from a DHCP server at [Edited: "Personal Information"] that gives me an address and sets the DHCP default gateway option as [Edited: "Personal Information"] . That gateway address does not respond to ICMP echo requests. This directly violates RFC 1009 Requirements for Internet Gateways Section 2.2.9. It's unclear to me if it's the CBR-T device that is dropping ICMP packets to that address or if it's actually the gateway that is refusing to respond. The gateway does respond to ARP requests with a MAC address of [Edited: "Personal Information"] , which tells me I'm connected to some sort of Arista router on the other side of my modem. This same Arista gateway does respond to pings on IPv6 with a link-local address of [Edited: "Personal Information"] .
The inability to ping the IPv4 gateway Comcast provides via DHCP options is not unique to my pfSense+ box; I get this same behavior with Linux and Windows laptops directly connected to the CBR-T in bridge mode.
Something odd here is that in the CBR-T web interface, in the Connection -> Comcast Network tab, the IPv4 WAN addresses are on a completely different subnet than the DHCP addresses I get issued on devices behind the CBR-T. The default gateway for the CBR-T is [Edited: "Personal Information"] , but the IPv6 default gateway remains the same [Edited: "Personal Information"] address.
The ping tool under Troubleshooting -> Diagnostic Tools -> Check for IPv4 Address Results can not ping [Edited: "Personal Information"] or [Edited: "Personal Information"] .
In summary: Comcast is advertising gateways that are not reachable for ICMP Echo requests, in direct violation of RFC 1009 Requirements for Internet Gateways. This causes devices that are connected to these gateways to not function correctly, as they depend on this functionality being implemented properly. I have provided 2 reproducible scenarios, one of which involves only Comcast equipment - the CBR-T getting a gateway advertisement via DHCP it cannot ping through its own connectivity tool. This is a regression that happened this week with the "upgrade" that happened in our area that resulted in 3 days of downtime and now improperly functioning networks. Comcast needs to figure out if this is the CRB-T devices behaving badly or the upstream Arista routers and fix it.
Comcast_Dena
Official Employee
•
81 Messages
2 years ago
Thank you for confirming this for me. Customers with xFi Advanced Gateways (XB6 or newer): Most of these Gateways have been upgraded with software that manages advanced WiFi settings automatically to help optimize your home network and provide the best performance possible. Advanced WiFi settings for Gateways with this software enhancement are not visible and cannot be managed from the Admin Tool or Xfinity xFi. This is why you are unable to make this change. I totally get how this is not the best answer or the most desirable and I am really sorry. -Dena
9
0