I needed fast reliable internet access at home, so, I have Comcast Business Class for fast and Raw Bandwidth DSL for reliable. I have my own ARIN direct assignments for my internal networks and I have routers in a couple of colo's where I get my true upstream connectivity. I run a Juniper router here at home and in one of the colo's. In the other colo, I use the datacenter's router to terminate the tunnels. I use GRE tunnels to both cool's across both Comcast and Raw Bandwidth and run BGP to my house (small router) feeding default to the house and getting the local prefixes (192.159.10.0/24, 192.124.40.0/23, 2620:0:930::/48) advertised upstream to the colo routers. The colo routers are full-feed BGP speakers. My Comcast gateway is running in straight L2 bridge mode, so, there is no issue there. When Comcast changes my IP address, things get very slow until I can reconfigure the tunnel end-points. Raw Bandwidth provides me with a static address. I'm not doing any NAT and the GRE tunnels carry all of my actual traffic. The Comcast and Raw Bandwidth internet feeds are used only to provide L2 transport for the GRE tunnels. This allows me to do convenient cost-effective multihoming without NAT at home using commodity internet access. Owen On Jul 26, 2011, at 8:38 AM, PC wrote:
I have GRE tunnels and l2tp tunnels over those comcast boxes. l2tp is less hassle because it handles NAT, but you can do GRE instead -- just make sure you assign yourself a public static IP.
First, go into the gateway and make sure all firewalls are disabled (it has a web GUI).
Second, if it's the comcast SMC 4 port "gateway" thing I think it is, the device is somewhat retarded. You plug into the switch and pull DHCP, and you get a natted address and it routes.
You can plug into the same switch and set a static IP on your device (internet public IP), and it will work without NAT, assuming your account has a static IP.
Set said static IP on your microtik box and it should pass end-to-end without drops.
On Tue, Jul 26, 2011 at 9:07 AM, Nate Burke <nate@blastcomm.com> wrote:
Hello, I'm hoping that someone here might have run into a similar issue and might be able to offer me some pointers.
I have a customer that I am providing redundant paths to, one link over a microwave connection, and a backup link over a Comcast Business Class Connection. Everything on the Microwave link is working fine. On the Comcast Connection, I have a Static IP from Comcast, and I want to setup a vendor specific GRE tunnel (Mikrotik EoIP) from my NOC to the Comcast Static IP Address. It looks like the SPI Firewall inside the SMC Gateway required by comcast is blocking the GRE packets, I'm basing this on the fact that when I power cycle the modem, I get 1 ICMP Packet through the GRE Tunnel while the modem is booting up, then it stops again. I have gotten to Tier2 support who swears that all Firewalls on the SMC Gateway are disabled.
As a workaround, I was able to establish a PPTP tunnel to my NOC, however it seems like the tunnel will only run for a few hours, then becomes slow to the point of being unusable. In my mind this would be no different than setting up a permanent VPN back to a corporate office, which I would think happens all the time, so I'm not sure why I'm running into issues with it.
Anyone with Insights or comments would be appreciated.
Thanks, Nate Burke