IPv6 /64 subnet behind a P2P link, routing?

RouterOS General
1

Hello!

I’ve reached the end of my wits, probably.

I got assigned a /64 IPv6 subnet, routed behind a P2P link. All the relevant bits are there:

Ptp IP 2a01:XXXX:2:6:0:0:0:19/127
Ptp GW 2a01:XXXX:2:6:0:0:0:18/127

2a01:XXXX:2:9:0:0:0:0/64 is routed to 2a01:XXXX:2:6:0:0:0:19.

I can ping the :18 address from the router. I can ping the :18 address from anywhere outside. I can even ping it from the inside. What I cannot, however, is ping :19 or anything on the /64 subnet from the outside world. There is nothing blocking it in the firewall. When I set up a rule to explicitly accept any icmpv6 on the input chain (similar to the IPv4 rule), logs showed that the packets reach Mikrotik and then they just disappear.

Anybody tell me if there’s anything wrong with my routing or anything else? Yes, I know about the XXXX::0/127 Point-to-Point issues in ROS 6, but we’re dealing with a :18 and :19 here, that should not be an issue.

[XXXX@MikroTik] > ipv6 address print detail
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 0  G address=2a01:XXXX:2:6::19/127 from-pool="" interface=ether1-gateway actual-interface=ether1-gateway eui-64=no advertise=no 
 1  G address=2a01:XXXX:2:9::1/64 from-pool="" interface=bridge-local actual-interface=bridge-local eui-64=no advertise=yes 
 2 DL address=fe80::d6ca:XXXX:fe61:d897/64 from-pool="" interface=bridge-local actual-interface=bridge-local eui-64=no advertise=no 
 3 DL address=fe80::d6ca:XXXX:fe61:d896/64 from-pool="" interface=ether1-gateway actual-interface=ether1-gateway eui-64=no advertise=no 

[XXXX@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 0 A S  dst-address=::/0 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=1 scope=30 target-scope=10 
 1 ADC  dst-address=2a01:XXXX:2:6::18/127 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10 
 2 ADC  dst-address=2a01:XXXX:2:9::/64 gateway=bridge-local gateway-status=bridge-local reachable distance=0 scope=10

If I set the default route GW to 2a01:XXXX:2:6::18/127, it’s immediately marked as unreachable, even though it can be pinged at the same time.

What am I missing?

2

Current RouterOS doesn’t like /127.

3

I did say I am aware of the /127 issue, but it seems to be limited to ::/127 routes, whereas :19/127 should be OK.

From http://forum.mikrotik.com/t/ipv6-127/71778/1 (quoth janisk from MT support):

there are other RFC documents about IPv6 that will state that /127 address space should not be used.

now when this is stated, > you can use other than the address that ends with 0.

for example, > use of 2001:db8::0/127 will yield error > as such route cannot be currently added (that is a problem we will work to resolve it)

but > 2001:db8::2/127 can be used freely and will work correctly > as main culprit - router anycast address is not used in RouterOS and at all is deprecated from IPv6.

4

The issue is the /127.

Whom ever assigned you a /64, and even worse a /127, doesn’t know how IPv6 works.

5

if the /64 is dynamic then get address and /64 on master and pass the /64 via dhcp6 to slave. at slave get the /64 to a pool and set lan interface address to pool with eui64 enabled. (then maybe ospf but can work fine without if u set routes via fe80 addresses)

Sent from my SM-N910C using Tapatalk

6

Nah, that’s where you’re wrong. They know it very well. It’s quite common to assign a /64 that’s routed behind a /127 point-to-point link, that’s not the question here.

7

OK :slight_smile:

8

Solved it. Apparently somebody at the ISP side had miscommunicated something or whatever it was, but /127 just plain did not work. When I experimented a bit and changed the mask of the PTP interface from /127 to /64, everything started working right away. The default route sprang to life, packets started flowing to and fro etc. I had tried playing around with the mask, changed it to /126 and other figures, but nothing happened, so I had kind of just discarded the idea. Damn the ISP for their communication, thank the ISP for the IPv6.

Thank you all for pitching in.

9

As quite a few said yes… :laughing: