This is a tutorial I can pass out for friends to collect traces of applications’ web requests.
This story chronicles my recent frustration with Comcast Business Internet, primarily due to their lack of clarity on how they provide their service when included with Static IP Addresses.
I decided (probably foolishly, but I have no regrets) to lease my own office “for my company” on Massachusetts Ave in Cambridge as part of my plan to dominate the world and keep all my projects and geek toys in a separate location to my regular apartment. The space is two rooms, a front room and a rear closet, with power and HVAC included at $350/month. (Muahahaha)
So logically I decided to offer to a few of my friends to see if they were interested in sharing the space/hosting a server there. My friend Ross, of course, took the bait and soon I had leased a beautiful man cave, furnished it, and the time came to order business internet.
Nope. Not available. Tried begging. Not happening.
We even tossed in the possibility of running a microwave bridge from a location with FiOS to the office. Still a possibility but we’re in the basement. Will require more thought, and probably a location that costs more than $350/month.
It was to be, sadly, our only option. But I’ve had good results with Comcast in the past. I simply separate church and state: I buy my own modem, I use my own router and handle everything from the point that DOCSIS ends forward. I assumed I’d be able to do the same with the business class service…wrong. My one complaint has always been the terrible upload speed, and I knew I’d be running servers where upload is the more important side of the two.
So I filled out a quote and was shortly contacted by a rep from Comcast’s Business Sales Team or whatever who got me set up with an acceptable plan (75/10). I told him I wanted static IPs and he said that would be fine. He also managed to upsell me on a $5/month TV add on that would give me a few channels to the man cave but also give me a $300 prepaid incentive card. I took the bait (mostly because this is a tax free way to get equity out of the company).
The first signs of trouble
I got the whole 2 year contract I had to sign (which was scary, but he said both that we can scale the service down and stay within the terms or we can get out of the contract if we move to a place in which the service isn’t available). The grand total with the “Business Gateway” was $156/month.
The contract listed 5 Static IPs and “Business WiFi.” (!)
First of all, WiFi (as the term) has sort of been embraced by Comcast as a term that can be trumpeted and sold to customers. Everyone understands what WiFi is…at least sort of. They no longer sell you “Internet” or “IPv4 connectivity,” they sell you “WiFi.”
But WiFi is a bridge of layer 2 ethernet that allows computers to connect without cables. That term is used primarily when describing your services to technological idiots. It’s the same as selling a computer based upon heavy marketing of the peripherals. So why was it listed on a business contract as some service that they were rendering?
Any network technician can spot the confusion: where does the “WiFi” fit into 5 static IP addresses? Getting just Business Internet with Static IP addresses gives you this vision that your setup will be literally a bridge and a layer 2 subnet of IP addresses. No DHCP, no local router, no nothing. WRONG!
The “Business Private WiFi” basically tells you that a whole host of garbage that I thought I was going to take care of myself was included: the router, switch, access point. And from personal experience with the consumer equivalent, the “Comcast WiFi Gateways” are the network engineer’s worst nightmare. They suck, they crash, they perform intermittently so as to inspire the wrath of even the frat brothers who don’t understand that it’s causing the problem, they don’t support local DNS properly, and you can’t even disable the WiFi without calling customer support (just to name a few of the problems).
Basically “Nick’s principle of why you ought not to use DOCSIS Router McWiFi access points” is that any time you start combining devices like that, the performance suffers. The target market shifts lower in the technological IQ range, and they cut corners. For example, Ubiquiti makes a line of exceedingly high performance routers for under $100, and cheap wall-mountable WiFi APs for around $50 that can run on astandard but usable 24V PoE. That system runs like a tank, to the point that I will not install or service non-Ubiquiti systems for my family and other engagements. The amount of times various cheap Amazon ARM router + access points have given me inexplicable trouble is very high. I’ve never had a real dedicated router crap out (except when I misconfigure the firewall to not accept any TCP connections).
So I asked the sales rep and got a nonanswer: but I was told that once I had the service I could “work with the customer care representatives to transfer my static IP addresses onto my own hardware.”
That statement was patently false. I called up another support technician that likewise claimed the exact same thing. They’re both wrong. A Comcast Business customer desiring static IP addresses must lease this “Business Gateway,” because the only supported configuration is to locate the customer’s router within that gateway. They do not support a bridged configuration where you may bring your own router and connect it to a standard DOCSIS modem.
Confused? Read on.
The Comcast Setup
You’re going to laugh when you hear this.
They came in and set up this “Business Gateway.” A few fun facts:
- WiFi is already set up. Yipee.
- By default, you’re now running an Xfinity WiFi Hotspot. Surprise!
- Any computer plugged into the ethernet ports or connected to the WiFi gets DHCPed a RFC1918 “NAT” IP in the 10.1.10.0/24 subnet.
- There’s a firewall with lots of options. Which is confusing because NAT doesn’t need a firewall to begin with because it’s impossible to route into a NAT. The firewall also has settings which clearly refer to the real Static IPs.
- Setting reverse DNS requires contacting support, but is possible!
- Comcast refers to your real IPs as “true static IPs” because they assume nobody knows what RFC1918 is.
- The whole thing is basically undocumented, except for a PDF that refers to an old business gateway from 2006 with different configuration options.
Where are the static IPs? How do I connect to them?
What is the mysterious setup?
Basically, the Business Gateway acts as a router. It is the gateway for your static IP subnet, and is placed at the top of your static IP subnet. We have a /29 subnet, which means that we have 5 usable IPv4 addresses and a 6th that is assigned to our gateway. We can use this 6th address by setting up a IPv4 DMZ, the same disastrous setup that home server operators have been dealing with for eons. To use any static address (once the firewall is disabled in the Business Gateway for “true static IP addresses”), all one needs to do is manually set the IP, subnet, and gateway on your computer and it will route. Easy as that.
Now here’s where it gets funky: it is also a standard NAT router. The same layer 2 network also has a DHCP server which will issue NAT addresses. So by default, any computer connected with DHCP enabled gets a NAT address.
So the not-so-obvious pro of this situation is that you can have two addresses assigned to a computer:
- Primary public and static IP (configured as default gateway)
- Secondary internal static IP (just local traffic)
Both on the same interface. Both will route, allowing you to contact LAN devices and but maintain a primary external IP on the same computer.
To confuse you further, there’s a setting which allows you to “Map” external IP addresses to internal NAT addresses. That’s cool I guess, but it’s very unclear what’s going on or even that the aforementioned configuration is a possibility.
What’s the problem?
First, I’m stuck leasing a hellbox. They didn’t bother to even invent a more sane configuration.
Second, any yahoo who manages to get access to your WiFi network can just change their IP settings and start using your external IPs as their own.
Third, while this configuration may be advantageous to some, it’s not, by any standards, a standard networking setup. Nowhere is this clearly laid out in any of the documentation. And their technicians and phone support haven’t the faintest clue how to explain to you that you’re running a bastardized IP network (much less much else about networking…but they do seem to enjoy using tremendously untechnical terms and conflating the word modem and router constantly).
What’s the solution?
Comcast points out, and rightfully so, that if you disable the DHCP server and WiFi you basically have what they “sold you.” But you’re still stuck leasing the hellbox, and the hellbox is still running a NAT router underneath the hood. Maybe that’s fine, I still don’t like it.
Granted, I cannot compare this to business-class FiOS because I’ve never owned it.
I think what this basically means is that Comcast Business service should really be branded Comcast’s “really small business service for those without any technical expertise.” This setup pretty clearly implies that that’s what they were going for. And to an extent they probably succeeded.
Realistically, I would be a hell of a lot more satisfied if there existed “Comcast’s Technical Guide to Static IP for Business Service” which explained everything detailed in this article and was provided along with the literature when I originally signed the contract. I would prefer if their technicians were entirely educated about this more advanced service, because they clearly aren’t (basically every time I call I can get half a dozen false answers to these simple questions).
So there’s a reason (or several) why your house isn’t wired for DC electrical operation. But there are a variety of situations in which you may want to add DC capability to your house — for example, off grid situations or if you want a house-wide 12V UPS backup.
You may have wondered, how do I bridge DSL modems? I can’t be the only one…
When you go to your friendly neighborhood cable office or phone company to acquire DSL or DOCSIS services, the box that your ISP gives you is referred to in the industry as CPE or Customer Premises Equipment. Most Internet Service Provider technologies are asymmetric, which means that the upload and download rates are different (in addition to being on different frequencies).
Continue reading SDSL Bridging with the ZyXEL 782R G.SHDSL Router