The Horror That Is Comcast Business Internet With Static IPs

This story chronicles my recent frustration with Comcast Business Internet, primarily due to their lack of clarity on how they provide their service when included with Static IP Addresses.

I decided (probably foolishly, but I have no regrets) to lease my own office “for my company” on Massachusetts Ave in Cambridge as part of my plan to dominate the world and keep all my projects and geek toys in a separate location to my regular apartment. The space is two rooms, a front room and a rear closet, with power and HVAC included at $350/month. (Muahahaha)

So logically I decided to offer to a few of my friends to see if they were interested in sharing the space/hosting a server there. My friend Ross, of course, took the bait and soon I had leased a beautiful man cave, furnished it, and the time came to order business internet.

Fios!

Nope. Not available. Tried begging. Not happening.

We even tossed in the possibility of running a microwave bridge from a location with FiOS to the office. Still a possibility but we’re in the basement. Will require more thought, and probably a location that costs more than $350/month.

Comcast Business

It was to be, sadly, our only option. But I’ve had good results with Comcast in the past. I simply separate church and state: I buy my own modem, I use my own router and handle everything from the point that DOCSIS ends forward. I assumed I’d be able to do the same with the business class service…wrong. My one complaint has always been the terrible upload speed, and I knew I’d be running servers where upload is the more important side of the two.

So I filled out a quote and was shortly contacted by a rep from Comcast’s Business Sales Team or whatever who got me set up with an acceptable plan (75/10). I told him I wanted static IPs and he said that would be fine. He also managed to upsell me on a $5/month TV add on that would give me a few channels to the man cave but also give me a $300 prepaid incentive card. I took the bait (mostly because this is a tax free way to get equity out of the company).

The first signs of trouble

I got the whole 2 year contract I had to sign (which was scary, but he said both that we can scale the service down and stay within the terms or we can get out of the contract if we move to a place in which the service isn’t available). The grand total with the “Business Gateway” was $156/month.

The contract listed 5 Static IPs and “Business WiFi.” (!)

Business WiFi

First of all, WiFi (as the term) has sort of been embraced by Comcast as a term that can be trumpeted and sold to customers. Everyone understands what WiFi is…at least sort of. They no longer sell you “Internet” or “IPv4 connectivity,” they sell you “WiFi.”

But WiFi is a bridge of layer 2 ethernet that allows computers to connect without cables. That term is used primarily when describing your services to technological idiots. It’s the same as selling a computer based upon heavy marketing of the peripherals. So why was it listed on a business contract as some service that they were rendering?

Any network technician can spot the confusion: where does the “WiFi” fit into 5 static IP addresses? Getting just Business Internet with Static IP addresses gives you this vision that your setup will be literally a bridge and a layer 2 subnet of IP addresses. No DHCP, no local router, no nothing. WRONG!

The “Business Private WiFi” basically tells you that a whole host of garbage that I thought I was going to take care of myself was included: the router, switch, access point. And from personal experience with the consumer equivalent, the “Comcast WiFi Gateways” are the network engineer’s worst nightmare. They suck, they crash, they perform intermittently so as to inspire the wrath of even the frat brothers who don’t understand that it’s causing the problem, they don’t support local DNS properly, and you can’t even disable the WiFi without calling customer support (just to name a few of the problems).

Basically “Nick’s principle of why you ought not to use DOCSIS Router McWiFi access points” is that any time you start combining devices like that, the performance suffers. The target market shifts lower in the technological IQ range, and they cut corners. For example, Ubiquiti makes a line of exceedingly high performance routers for under $100, and cheap wall-mountable WiFi APs for around $50 that can run on astandard but usable 24V PoE. That system runs like a tank, to the point that I will not install or service non-Ubiquiti systems for my family and other engagements. The amount of times various cheap Amazon ARM router + access points have given me inexplicable trouble is very high. I’ve never had a real dedicated router crap out (except when I misconfigure the firewall to not accept any TCP connections).

So I asked the sales rep and got a nonanswer: but I was told that once I had the service I could “work with the customer care representatives to transfer my static IP addresses onto my own hardware.”

That statement was patently false. I called up another support technician that likewise claimed the exact same thing. They’re both wrong. A Comcast Business customer desiring static IP addresses must lease this “Business Gateway,” because the only supported configuration is to locate the customer’s router within that gateway. They do not support a bridged configuration where you may bring your own router and connect it to a standard DOCSIS modem.

Confused? Read on.

The Comcast Setup

You’re going to laugh when you hear this.

They came in and set up this “Business Gateway.” A few fun facts:

  1. WiFi is already set up. Yipee.
  2. By default, you’re now running an Xfinity WiFi Hotspot. Surprise!
  3. Any computer plugged into the ethernet ports or connected to the WiFi gets DHCPed a RFC1918 “NAT” IP in the 10.1.10.0/24 subnet.
  4. There’s a firewall with lots of options. Which is confusing because NAT doesn’t need a firewall to begin with because it’s impossible to route into a NAT. The firewall also has settings which clearly refer to the real Static IPs.
  5. Setting reverse DNS requires contacting support, but is possible!
  6. Comcast refers to your real IPs as “true static IPs” because they assume nobody knows what RFC1918 is.
  7. The whole thing is basically undocumented, except for a PDF that refers to an old business gateway from 2006 with different configuration options.

Where are the static IPs? How do I connect to them?

What is the mysterious setup?

Basically, the Business Gateway acts as a router. It is the gateway for your static IP subnet, and is placed at the top of your static IP subnet. We have a /29 subnet, which means that we have 5 usable IPv4 addresses and a 6th that is assigned to our gateway. We can use this 6th address by setting up a IPv4 DMZ, the same disastrous setup that home server operators have been dealing with for eons. To use any static address (once the firewall is disabled in the Business Gateway for “true static IP addresses”), all one needs to do is manually set the IP, subnet, and gateway on your computer and it will route. Easy as that.

Now here’s where it gets funky: it is also a standard NAT router. The same layer 2 network also has a DHCP server which will issue NAT addresses. So by default, any computer connected with DHCP enabled gets a NAT address.

So the not-so-obvious pro of this situation is that you can have two addresses assigned to a computer:

  1. Primary public and static IP (configured as default gateway)
  2. Secondary internal static IP (just local traffic)

Both on the same interface. Both will route, allowing you to contact LAN devices and but maintain a primary external IP on the same computer.

To confuse you further, there’s a setting which allows you to “Map” external IP addresses to internal NAT addresses. That’s cool I guess, but it’s very unclear what’s going on or even that the aforementioned configuration is a possibility.

What’s the problem?

First, I’m stuck leasing a hellbox. They didn’t bother to even invent a more sane configuration.

Second, any yahoo who manages to get access to your WiFi network can just change their IP settings and start using your external IPs as their own.

Third, while this configuration may be advantageous to some, it’s not, by any standards, a standard networking setup. Nowhere is this clearly laid out in any of the documentation. And their technicians and phone support haven’t the faintest clue how to explain to you that you’re running a bastardized IP network (much less much else about networking…but they do seem to enjoy using tremendously untechnical terms and conflating the word modem and router constantly).

What’s the solution?

Comcast points out, and rightfully so, that if you disable the DHCP server and WiFi you basically have what they “sold you.” But you’re still stuck leasing the hellbox, and the hellbox is still running a NAT router underneath the hood. Maybe that’s fine, I still don’t like it.

Granted, I cannot compare this to business-class FiOS because I’ve never owned it.

I think what this basically means is that Comcast Business service should really be branded Comcast’s “really small business service for those without any technical expertise.” This setup pretty clearly implies that that’s what they were going for. And to an extent they probably succeeded.

Realistically, I would be a hell of a lot more satisfied if there existed “Comcast’s Technical Guide to Static IP for Business Service” which explained everything detailed in this article and was provided along with the literature when I originally signed the contract. I would prefer if their technicians were entirely educated about this more advanced service, because they clearly aren’t (basically every time I call I can get half a dozen false answers to these simple questions).

World, meet Fergus! My 2013 Nissan Leaf SV

Earlier this summer while I was toiling away in Seattle, I asked my dad a crazy question:

What would you say to car sharing a Nissan Leaf and your Passat?

Needless to say that was the beginning of a very slippery slope. By mid-August when I returned we had visited a used car dealership in southern MA to take a look at our options. We decided that this was to be a year long experiment. Continue reading World, meet Fergus! My 2013 Nissan Leaf SV

Nick’s List of Nutritional Fallacies

Anyone who has started to read into some of the controversies of nutrition will quickly find that there’s a lot we don’t know. Answering questions that appear to be trivial can end up taking 40 years and costing billions of dollars… and somehow we still don’t have an answer. Why?

A trivial example: If you take fat out of your diet by cutting out one hamburger, you may have added extra veggies or chicken or candy to your diet. Suddenly, simply determining what happens when you remove one serving of red meat from your diet becomes a multivariate matrix of macronutrients, micronutrients, fiber, and other strange considerations. And then you can repeat this for every feasible item in the grocery store and realize how futile your quest to answer simple dietary questions has become.

Beyond the universal understanding that “less processed is more better” we are left without a lot of understanding about nutrition, and for good reason: it is impossible to say definitively whether a vegan diet is more healthful overall than a ketogenic diet or vice versa.

Nevertheless, there are some basic considerations to which we can apply fairly straightforward logic. What follows are just a few of the examples of false nutritional hypotheses and general stupidity that I will address in kind. Continue reading Nick’s List of Nutritional Fallacies

What do I eat today? A discussion of food.

I’m going to take a brief detour from my usual rants and raves to blast an opinionated rant and rave about a another non-technical subject that I am under-qualified to discuss 🙂

The topic of food and dieting is very big in the old USA (no pun intended). There’s an epidemic of epic proportions, with the percentage of overweight population in the US reaching 75%, and a lot of interesting research about the causes, effects, and issues at hand.

I’m going to share a summary of my research and thoughts on the subject as part of my plan to “get fit” this semester. I’ve switched to a low carb, high fat diet over the past 5 weeks or so and I’d like to share my findings. Take it with a grain of salt (hah) but definitely read on. Continue reading What do I eat today? A discussion of food.

My DIY Security System

A while back (during construction of my new house), I wrote an article about the capabilities of the DSC 1832 alarm panel. Well, time got the better of us and I wasn’t able to wire the house myself. Instead, we had a third party alarm company provide “a la carte” wiring service. This included (all 22/4):

  • Phone line to the outside utility area
  • Front + Side door
  • 4 motion detectors
  • “Basement” wire (which I used for freeze)
  • Siren Wire
  • Keypad

Continue reading My DIY Security System

24 Bit Audio

Take a look at this article on the myths and truths of 16 vs 24 bit audio:

http://www.head-fi.org/t/415361/24bit-vs-16bit-the-myth-exploded

So yes, I am justified in running my console in 24 bit. 24 bit or higher is important when mixing because if the audio comes in only up to a quarter of the usable dynamic range, you still have 22 bits of range to work with. In addition, when summing, it’s important to have greater latitude (but that’s mostly within the effects processors themselves). If you tried to do the same stuff with CDs, you could end up with less than 16 bits of range especially if you begin applying effects. Using additional bits in mixing allows you to ensure that you maintain an even level of quality in the final product despite variations in source levels and processing. But all ye enjoy ye CDs.

Particularly interesting is the point about dither. When you put the dither in the frequencies that humans don’t hear as well (15-20k), the randomization of the quantization errors still achieves the same effect but it’s less noticeable.

Definitely worth sharing to the audio nerds though. Of course, sampling rate is not covered here and that’s a different discussion 😉

The Shannon-Nyquist theorem guarantees complete reproduction of the input signal given a sampling rate at greater than twice the maximum frequency. This is true for a discrete signal, however that doesn’t account for quantization and in the digital world would require infinite precision of the ADC. Obviously that’s not possible. Hence the dither.

Why you should care about The Beatles’ mono mixes

My mono box set with cute little insert describing this mono tom foolery
My mono box set with cute little insert describing this mono tom foolery

Well the precondition to your reading this article is that you think that the Beatles are pretty cool. Why are they cool? Well, that’s a different article. This one is going to focus on the availability of their music and a little bit of a timeline here.

The year is 1963 and a bunch of yahoos named Paul, John, George, and Ringo are sitting in this studio with another man named George Martin and they’re recording some of the crap they like to sing. Continue reading Why you should care about The Beatles’ mono mixes

Fastest Ways to Break Linux: chown of death

Have you ever wondered how to break Linux real fast? Here is a great example:

I mounted an external drive where you usually do (actually just /mnt … I was lazy). Also, I had previously used that EXT4 volume with my ParagonEXTFS driver on OSX (which, by the way, is terrible). To rectify the permissions, I wanted to do a recursive chown because naturally, everything on the drive should be owned by me. Continue reading Fastest Ways to Break Linux: chown of death

Research on the DSC 1832 Series Alarm System

3/11 – Updated the smoke detector wiring per HSC tech support.

The DIY alarm system is not a new idea, and there are plenty of wireless “ready to go” systems where you just plunk the old thing down and it’s ready to go.

But that’s no fun. Meet the DSC 1832 PowerSeries alarm panel:

A simple kit for the 1832 from the homesecuritystore.com website
A simple kit for the 1832 from the homesecuritystore.com website

Continue reading Research on the DSC 1832 Series Alarm System