Re: Comcast Bussiness Class and GRE Tunnels

[Owen DeLong <owen () delong com>]

I needed fast reliable internet access at home, so, I have Comcast Business
Class for fast and Raw Bandwidth DSL for reliable. I have my own ARIN
direct assignments for my internal networks and I have routers in a couple
of colo's where I get my true upstream connectivity.

I run a Juniper router here at home and in one of the colo's. In the other
colo, I use the datacenter's router to terminate the tunnels. I use GRE
tunnels to both cool's across both Comcast and Raw Bandwidth and run
BGP to my house (small router) feeding default to the house and getting
the local prefixes (192.159.10.0/24, 192.124.40.0/23, 2620:0:930::/48)
advertised upstream to the colo routers.

The colo routers are full-feed BGP speakers.

My Comcast gateway is running in straight L2 bridge mode, so, there is
no issue there. When Comcast changes my IP address, things get very
slow until I can reconfigure the tunnel end-points. Raw Bandwidth provides
me with a static address.

I'm not doing any NAT and the GRE tunnels carry all of my actual traffic.
The Comcast and Raw Bandwidth internet feeds are used only to provide
L2 transport for the GRE tunnels.

This allows me to do convenient cost-effective multihoming without NAT
at home using commodity internet access.

Owen

On Jul 26, 2011, at 8:38 AM, PC wrote:

> I have GRE tunnels and l2tp tunnels over those comcast boxes.  l2tp is less
> hassle because it handles NAT, but you can do GRE instead -- just make sure
> you assign yourself a public static IP.
>
> First, go into the gateway and make sure all firewalls are disabled (it has
> a web GUI).
>
> Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the
> device is somewhat retarded.  You plug into the switch and pull DHCP, and
> you get a natted address and it routes.
>
> You can plug into the same switch and set a static IP on your device
> (internet public IP), and it will work without NAT, assuming your account
> has a static IP.
>
> Set said static IP on your microtik box and it should pass end-to-end
> without drops.
>
> On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <nate () blastcomm com> wrote:
>
> > Hello, I'm hoping that someone here might have run into a similar issue and
> > might be able to offer me some pointers.
> >
> > I have a customer that I am providing redundant paths to, one link over a
> > microwave connection, and a backup link over a Comcast Business Class
> > Connection.  Everything on the Microwave link is working fine.  On the
> > Comcast Connection, I have a Static IP from Comcast, and I want to setup a
> > vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast Static
> > IP Address.  It looks like the SPI Firewall inside the SMC Gateway required
> > by comcast is blocking the GRE packets, I'm basing this on the fact that
> > when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel
> > while the modem is booting up, then it stops again.  I have gotten to Tier2
> > support who swears that all Firewalls on the SMC Gateway are disabled.
> >
> > As a workaround, I was able to establish a PPTP tunnel to my NOC, however
> > it seems like the tunnel will only run for a few hours, then becomes slow to
> > the point of being unusable.  In my mind this would be no different than
> > setting up a permanent VPN back to a corporate office, which I would think
> > happens all the time, so I'm not sure why I'm running into issues with it.
> >
> > Anyone with Insights or comments would be appreciated.
> >
> > Thanks,
> > Nate Burke