1 cable modem, 2 routers, 2 unconnected networks

[sfx2000]

In the US on residential service you get 1 device/1 ip address, unless you have some small local ISP, and even then it would be unlikely.

Funny thing - my Cable ISP issues me a public IPv4 address with a /24, it's dynamic, but it's still a /24 - which means that with a proper router and switch setup, I can subnet that address out, giving all my nodes public IP's - when the address updates, obviously the subnet addresses also need to make that shift.

IPv6 on the other hand - they issue on residential a /64 Prefix Delegation - so they're all public (and firewall at the edge of my network), but no subnetting in IPv6.

 

[drinkingbird]

Funny thing - my Cable ISP issues me a public IPv4 address with a /24, it's dynamic, but it's still a /24 - which means that with a proper router and switch setup, I can subnet that address out, giving all my nodes public IP's - when the address updates, obviously the subnet addresses also need to make that shift.

IPv6 on the other hand - they issue on residential a /64 Prefix Delegation - so they're all public (and firewall at the edge of my network), but no subnetting in IPv6.

That is normal. Unless your ISP is totally incompetent, the other IPs won't work, others in your area are on those IPs. They use access control to block all traffic except for your assigned IP. Yes I've tried it

I think with Comcast it was actually a /22.

 

[sfx2000]

That is normal. Unless your ISP is totally incompetent, the other IPs won't work, others in your area are on those IPs. They use access control to block all traffic except for your assigned IP. Yes I've tried it

What is the normal/default is the assumption that the residence has a NAT router at the demarc of their network - CoxHSI is clueful, and they don't stop it - they don't encourage the practice, and definitely will not provide any kind of tech support on how to configure/troubleshoot connectivity issues...

I'm lazy these days, but in the past - put a switch between the CM and the Router/AP, and yes, you can connect other devices to the switch and get assigned public IP's

CoxHSI does not require that the account terminates on a NAT gateway - however, they do configure the CM to only allow 3 MAC addresses to be known to the CM - so realistically, while getting a /24...

But that would not stop me from having a proper router on the CM, and subnetting out - because the limitation is on MAC addr, as mentioned, as known devices on the CM itself...

Think about that one...

 

[drinkingbird]

What is the normal/default is the assumption that the residence has a NAT router at the demarc of their network - CoxHSI is clueful, and they don't stop it - they don't encourage the practice, and definitely will not provide any kind of tech support on how to configure/troubleshoot connectivity issues...

I'm lazy these days, but in the past - put a switch between the CM and the Router/AP, and yes, you can connect other devices to the switch and get assigned public IP's

CoxHSI does not require that the account terminates on a NAT gateway - however, they do configure the CM to only allow 3 MAC addresses to be known to the CM - so realistically, while getting a /24...

But that would not stop me from having a proper router on the CM, and subnetting out - because the limitation is on MAC addr, as mentioned, as known devices on the CM itself...

Think about that one...

That's nice of them, must not be feeling the IP crunch as much as other ISPs. I don't see why they wouldn't support it if the modem has a 3 device limit. But I'm sure only the 3 IPs dynamically assigned will work, they would filter all traffic/ARPs for any other IPs, otherwise people would end up causing duplicate IPs all over the place, I'm sure they're not reserving a whole /24 per customer. Whether directly connected or routed I can't imagine they'd just let the small percentage of users who know enough to wreak havoc.

Could test it pretty easily, toss a loopback with one of the other IPs and try pinging the gateway sourcing from the loopback. Or even a second router and change the dynamic IP to some static IP in the same range. My guess is it will just black hole at the modem or possibly their edge router.

 

[sfx2000]

The one caveat - CM's like mine - Moto/Arrsis SB8200 - have two ethernet ports - only one is primary, whichever one is connected first - the other port is secondary and intended for Link Aggo - which they do support if the customer's router supports it.

So one has to toss a switch in for most folks using consumer router/ap's and wanting to explore...

 

[sfx2000]

That's nice of them, must not be feeling the IP crunch as much as other ISPs. I don't see why they wouldn't support it if the modem has a 3 device limit.

Probably because they provision consumer accounts at the CMTS headend for 3 MAC addresses for triple play - Data/DialTone/TV - for dial tone, they're still using TDM, not VoIP, and TV is SDV - for SDV remote units inside the home, they're using link-local addressing for internal networking between the STB and the remotes...

They've recently completed DOCSIS 3.1 upgrades on my loop, so things could always change...

It;s obvious that they not seeing a crunch on IPv4 public addresses, otherwise they would not hand out /24's...

 

[Tech9]

Here in Canada I have 2x residential ISP connections with 2x dynamic public IPv4 addresses each. Two routers plugged in the same modem both get different external IPv4 addresses. This is how I test Asus routers without disturbing my main system. IPv6 is also available to both connections.

 

[drinkingbird]

Probably because they provision consumer accounts at the CMTS headend for 3 MAC addresses for triple play - Data/DialTone/TV - for dial tone, they're still using TDM, not VoIP, and TV is SDV - for SDV remote units inside the home, they're using link-local addressing for internal networking between the STB and the remotes...

They've recently completed DOCSIS 3.1 upgrades on my loop, so things could always change...

It;s obvious that they not seeing a crunch on IPv4 public addresses, otherwise they would not hand out /24's...

That's the thing, they're not handing out a /24. Your neighbors are in that same subnet. Just like a LAN basically. With comcast, the modem itself blocks ARP and traffic for any IPs not handed out dynamically and assigned to it. With FIOS it seems to be done upstream at their router, but same idea either way. Each cable provider probably does it a bit different but they aren't giving a /24 for you only.

Basically you'll only see ARPs for your 3 IPs even though there could be 200 other people in the same subnet, and any traffic you try to send outbound from any other IP in that range will black hole. Essentially like AP isolation for wired (private VLAN is another example, can communicate to/from egress port but cannot communicate with any other ingress port, quite possible some of them are using that very feature).

Here with Comcast, the TV and phone pull totally separate IPv6 IPs, I don't think they'd let the modem hand out 3 public IPs to any device if they didn't intend for you to be able to use them for your own stuff. Guess they just assume most people have a wireless router and if a few need to use more than 1, they're ok.

 

[drinkingbird]

The one caveat - CM's like mine - Moto/Arrsis SB8200 - have two ethernet ports - only one is primary, whichever one is connected first - the other port is secondary and intended for Link Aggo - which they do support if the customer's router supports it.

So one has to toss a switch in for most folks using consumer router/ap's and wanting to explore...

Ah so I think you found a glitch in the matrix then, they figure nobody is going to try plugging in a switch so no big deal to allow 3, they probably do it to reduce the support calls when someone plugs in a new router and can't get an IP as they don't know they have to reboot the modem. But in your case you should be able to unplug one router and plug in another and get a different public IP (since you seem to be allowed 3 MACs) without rebooting. All the ones around here you need to reboot the modem (cable) or release your WAN IP (FIOS) in order to plug in a different device, as they have a limit of 1.

 

[tgl]

That's the thing, they're not handing out a /24.

Yeah, that. There is nobody who is that flush with IPv4 addresses. The addressing might look like you are in a /24, but that doesn't mean that the whole block of addresses will actually route to you.

Data point on the real-world situation: the 5-static-IP business FiOS service I just signed up for comes with a contractual obligation to make active use of at least 4 of those addresses. And yeah, the addressing is in a /24 ... but I'm quite sure the rest of the /24 is assigned to other people.

 

[drinkingbird]

Yeah, that. There is nobody who is that flush with IPv4 addresses. The addressing might look like you are in a /24, but that doesn't mean that the whole block of addresses will actually route to you.

Data point on the real-world situation: the 5-static-IP business FiOS service I just signed up for comes with a contractual obligation to make active use of at least 4 of those addresses. And yeah, the addressing is in a /24 ... but I'm quite sure the rest of the /24 is assigned to other people.

Yep every company that owns public IPs is required to justify their use. I actually had to list out what I was using each one for, but you can BS it easily (as we do at work every year).

With FiOS I only had one static and it was part of a /24 just like my dynamic is now. With Comcast I had two and they assigned me a /30 but I had to use their router with mine behind it but NAT was disabled so I could put the IPs directly on my router.