Carl Johnson on 6 Oct 2009 06:55:51 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Comcast "CDV" device & firewalls

>>>Thanks for everyone's responses, especially Carl's, which were
enormously helpful.<<<

;-) glad i could help

>>>(cable "modems" aren't really "modems")<<<
can you elaborate?

from what i know of comcast's systems, they are modems in the sense that the downstream data gets modulated onto a 256QAM carrier (mostly by cisco uBR10k's) and sent to the device. the device then DEMODulates the RF carrier and pulls the data out of it and, spits it out the LAN port. on the return the device MODulates the data from the LAN port and puts in onto 16QAM/QPSK carrier and sends it back to the CMTS.

it may not be a "modem" in the sense of dial-up types where the digital data is transformed back and forth into analog signal; but there's still some demodulation/modulation being done. 

On Mon, Oct 5, 2009 at 5:52 PM, JP Vossen <> wrote:
Solved.  All it required was, in fact, a long-ish power off (sigh).  But...

The new "CDV" unit installed 1 week ago is an Arris Model TM602G/CT with
a battery.  We powered off the external firewall and CDV for about 5
minutes, *while talking on the phone routed through the device!*  We
kept talking, it did not disconnect us.

When the Comcast tech said he powered off and it did disconnect us, I
assume that 1) the battery hadn't charged enough to maintain the call
and 2) he didn't leave it off long enough to forget the MAC.

When we powered back up with the FW external/untrusted interface
connected to the CDV, everything Just Worked.

And, critically, what Carl said was right, the CDV is a simple DOCSIS
bridge (cable "modems" aren't really "modems").  It has zero security or
other features on it, which is perfect for what I want but I found
surprising for the other 99.99% of their customers.  I guess
historically Comcast provided a dumb cable modem and that was it, so
this is just the updated version of that and maybe I got too used to
FiOS coming with an all-in-one gadget that includes: TV, IP bridge,
wireless, FW/NAT.  I don't use the FiOS gadget, I use my own firewall,
but again for 99.99% of their customers that is actually useful.


Also, I really like Carl's idea of moving the CDV to the "side,"
re-provisioning it as phone only, re-adding the old cable modem, and
provisioning that for Internet only.  I didn't do it that way because I
wasn't on-site, and because it was late on a Sunday night and neither I
nor my cousin felt like doing the Comcast Tech Support hassle.  I may
still do it next time I am on-site, though also if it ain't (that) broke
I may not fix it...

Thanks for everyone's responses, especially Carl's, which were
enormously helpful.  Also, I hope this thread will use useful for other
folks using their own hardware and software (ideally F/OSS) on the
inside.  For example, and though it isn't actually Linux but FreeBSD: :-)

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --