Skip to content
rcgoodfellow's profile

New Contributor

 • 

9 Messages

Thursday, September 15th, 2022 3:08 AM

Comcast Internet Gateways Not Responding to ICMP Echo

I have a CBR-T CGA4131COM running in bridge mode. When my firewall (pfSense+) that is attached to that device sends out a DHCP request, I get a response from a DHCP server at [Edited: "Personal Information"] that gives me an address and sets the DHCP default gateway option as [Edited: "Personal Information"] . That gateway address does not respond to ICMP echo requests. This directly violates RFC 1009 Requirements for Internet Gateways Section 2.2.9. It's unclear to me if it's the CBR-T device that is dropping ICMP packets to that address or if it's actually the gateway that is refusing to respond. The gateway does respond to ARP requests with a MAC address of [Edited: "Personal Information"] , which tells me I'm connected to some sort of Arista router on the other side of my modem. This same Arista gateway does respond to pings on IPv6 with a link-local address of [Edited: "Personal Information"] .

The inability to ping the IPv4 gateway Comcast provides via DHCP options is not unique to my pfSense+ box; I get this same behavior with Linux and Windows laptops directly connected to the CBR-T in bridge mode.

Something odd here is that in the CBR-T web interface, in the Connection -> Comcast Network tab, the IPv4 WAN addresses are on a completely different subnet than the DHCP addresses I get issued on devices behind the CBR-T. The default gateway for the CBR-T is [Edited: "Personal Information"] , but the IPv6 default gateway remains the same [Edited: "Personal Information"] address.

The ping tool under Troubleshooting -> Diagnostic Tools -> Check for IPv4 Address Results can not ping [Edited: "Personal Information"] or [Edited: "Personal Information"] .

In summary: Comcast is advertising gateways that are not reachable for ICMP Echo requests, in direct violation of RFC 1009 Requirements for Internet Gateways. This causes devices that are connected to these gateways to not function correctly, as they depend on this functionality being implemented properly. I have provided 2 reproducible scenarios, one of which involves only Comcast equipment - the CBR-T getting a gateway advertisement via DHCP it cannot ping through its own connectivity tool. This is a regression that happened this week with the "upgrade" that happened in our area that resulted in 3 days of downtime and now improperly functioning networks. Comcast needs to figure out if this is the CRB-T devices behaving badly or the upstream Arista routers and fix it.

Official Employee

 • 

81 Messages

2 years ago

Thank you for confirming this for me. Customers with xFi Advanced Gateways (XB6 or newer): Most of these Gateways have been upgraded with software that manages advanced WiFi settings automatically to help optimize your home network and provide the best performance possible. Advanced WiFi settings for Gateways with this software enhancement are not visible and cannot be managed from the Admin Tool or Xfinity xFi. This is why you are unable to make this change. I totally get how this is not the best answer or the most desirable and I am really sorry. -Dena  

New Contributor

 • 

9 Messages

@Comcast_Dena​ WiFi has absolutely nothing to do with my issue.

Also: why is my post marked as "Private"?

Official Employee

 • 

526 Messages

Thanks for taking the time to reach out regarding your connection pro services. The connection pro cradle point device is meant as a backup and does have automatic failover. Here are a few things to remember about the connection pro services:

  • The Cradlepoint is a router with a firewall
  • This is the device that delivers Internet connectivity via the 4G LTE wireless cellular service during service interruptions
  • Complex Customer Network configurations are not supported
  • Static IP Addresses are not supported
  • WiFi is not supported on version 1
  • The Cradlepoint does not provide port forwarding support
  • The device only allows for traffic requested by the customer and blocks traffic requests from outside.

I hope that these details help to address your concerns. I will forward your feedback regarding a specific manual regarding the cradlepoint. Please remember that these devices are made to provide you emergency back up and are not made to support an entire business network. This service is made to assist your business support systems in the event of the services being down and are very limited and temporary. Please let me know if you have any further questions or concerns. 

I no longer work for Comcast.

New Contributor

 • 

9 Messages

I think you meant to post this at the link below. This has nothing to do with the issue here.

- https://forums.businesshelp.comcast.com/conversations/equipment/accessing-the-cradlepoint-management-interface/62a4f5d1382dc22d0f773957

Official Employee

 • 

526 Messages

I understand your confusion over this message. We did advise that message was sent out in error. we are human over here and make mistakes I do greatly apologize for any confusion this message may have caused you. Please let us know if you have any further questions or concerns. 

I no longer work for Comcast.

New Contributor

 • 

9 Messages

You all seem to be the ones confused, not me. And yes, I have further questions. I would like my original post titled "Comcast Internet Gateways Not Responding to ICMP Echo" (this one, the one on this page) to be addressed. And I would like to know why it is marked as private. The intent is for it to be public.

If you would like to continue the conversation about the Cradlepoint - repost your message above to that thread, and we can continue the discussion there.

(edited)