Recent Network Management News:
- Published on Thursday, July 03, 2014
At Comcast, we periodically review and revise our website to ensure that customers have the latest information about our services. We have revised our Internet service performance webpage to give customers the latest information to help them make informed choices. You can read more about the performance of our Internet service here.
- Published on Wednesday, July 02, 2014
The Internet Society (ISOC) published a so-called Routing Resilience Manifesto. Comcast joins ISOC and other network operators in calling for community action on this subject, and joining us to support this Manifesto.
Primarily, adoption of the Routing Resilience Manifesto requires that Internet Service Providers (ISPs) filter routing announcements received from their customer networks explicitly at the “prefix” level. Comcast has been employing this method for at least the past several years and expects neighboring networks to do the same.
Additionally, the Routing Resilience Manifesto calls for networks to take steps to prevent network spoofing, which is central to curtailing many amplification and/or distributed denial of service (DDoS) attacks. These attacks take advantage of the fact that some networks have not taken steps to prevent network address spoofing. Comcast takes several steps to prevent network spoofing, and a list of FAQs on subject can be found here.
Finally, the Manifesto asks that ISPs maintain usable contact information and coordination capability for real-time troubleshooting between network operators, to which Comcast is also committed. We hope that other ISPs will adopt the guidance in the Routing Resilience Manifesto in order that we may improve the stability and reliability of the Internet upon which we all depend.
- Published on Friday, May 30, 2014
NetForecast's independent assessment of Comcast's data usage meter confirms it to be accurate within +/-1% with an APDEX score of .98, which is described as excellent. The report provides an overview of how our usage management platform works, NetForecast's validation methodology, and the overall performance rating. We recently contracted with them to conduct the comprehensive study, and the results have been published on their web site.
- Published on Tuesday, April 08, 2014
On May 20, 2011, we first posted about these rules. Those rules have now been updated to reflect that IPv6 is now required, that DOCSIS 1.1 and 2.0 modems are now or soon will be in end-of-life status, and that we are preparing for DOCSIS 3.1 modems.
These rules pertain to the attachment of devices to our High-Speed Internet network by customers. You can find information concerning the devices approved for use on the network, and the tiers of our service that they are appropriate for at http://mydeviceinfo.comcast.net. In order for a cable modem device to be approved for use on the network, it must pass CableLabs certification, UL certification, FCC certification, and Comcast DOCSIS certification testing. Comcast's current DOCSIS device testing requirements and the test scheduling process are described here.
Please also note that customers may purchase their own cable modem for use on the Comcast network. However, Comcast does not support all possible modems on its network because there may be compatibility issues with some devices. The Comcast Agreement for Residential Services (Sections 6(b)(1)–(3)) makes clear that a device must meet Comcast’s minimum technical specifications in order to successfully install, access, operate or use a particular service. In addition to our full list of approved devices, a list of recommended retail devices can be found at http://mynewmodem.comcast.net.
- Published on Thursday, March 13, 2014
Recently, the Internet community has taken notice of NTP amplification attacks, as well as other attacks leveraging DNS, SNMP, and other protocols. These attacks take advantage of the fact that some networks have not taken steps to prevent network address spoofing. Since we have been asked what steps Comcast takes to prevent network spoofing, we have put together an FAQ on the subject.
In short, we use one of two techniques: Unicast Reverse Path Forwarding (uRPF) verification and DOCSIS Source Address Verification (SAV). Using these techniques our customers are prevented from sending traffic with spoofed IP addresses through their cable modems.
Read more about this topic here in these FAQs on preventing network spoofing.
- Published on Wednesday, August 01, 2012
We've announced some changes our policies on Simple Network Management Protocol (SNMP) and Simple Mail Transport Protocol (SMTP), which will affect a very small portion of our customers. You can find more information in two blog posts. One is a general post about both issues, and the other is specific to SMTP. While the policy change was announced today, implementation will occur gradually.
- Published on Thursday, May 17, 2012
- Published on Tuesday, January 10, 2012
As noted here on our blog, we have signed all of our domain names and all customers are now using DNSSEC-validating resolvers. Comcast is the first large ISP in the North America to have fully implemented DNSSEC, as part of ongoing efforts to protect our customers with Constant Guard™ from Xfinity. In addition, Comcast Domain Helper has been turned off, as we noted here.