My ISP recently started to assign a /64 IPV6 range. This range is dynamic, meaning that once I reset their modem, I get another range.
My main issue is that their router is very limited and doesn’t offer any type of firewall. Instead of installing a firewall on every machine in my home network, I was planning about getting a Routerboard Rb2011uias-in to act as my main router/firewall.
Something like this ISP Modem → MikroTik router → Internal network
How would ipv6 assignment work in this situation? Since the /64 block that I get is dynamic, how would the MikroTik router know which /64 it should assign with its dhcp server?
The issue is that I need to assign the public IPV6 addresses using the MicroTik DHCP server as it seems to be the recommended way for IPV6 since NAT isn’t supported.
What I don’t understand is how MikroTik will know which IPV6 addresses it should assign since these addresses are dynamic. I can’t keep reconfiguring the dhcp server anytime the ISP modem is restarted.
In the setups I’ve seen, the ISP assigns a prefix to the CPE. This can be done through DHCPv6 or through router advertisement messages.
Once your router has a prefix, all it needs to do is advertise that prefix to the local broadcast domain. Any IPv6 enabled systems will use stateless autoconfiguration to figure out their global IP address. No need for DHCP servers anymore.
One of the goals of IPv6 was to do away with DHCP entirely by hard-wiring the process of assigning IP addresses directly into the IPv6 protocol. DHCPv6 mainly exists for environments where control over the automatic assignment of IP addresses is required.
The issue is that my configuration will look like this:
ISP Modem → MikroTik router → Internal network
I can confirm that the ISP Modem/router gets the advertised prefix and runs a dhcpv6 server. IPV6 addresses are assigned correctly if you’re connected directly to the ISP router.
But if you’re connected in the internal network, the dhcp packets generated by the ISP router won’t reach your machine since the MikroTik router won’t “route” then.
So I need to configure a dhcpv6 server in MicroTik, which should be easy. The only issue is that I don’t know which /64 range I should assign to it since it’s dynamic. I can configure one now but 3 hours later my ISP might change the assigned range and MicroTik dhcpv6 will keep using the old range.
I find it very peculiar that your ISP is assigning you a different prefix every time your modem refreshes it’s DHCP lease. In addition, I find it very peculiar that the CPE (ISP modem) runs a DHCPv6 server. Could you provide some information on the router? I’d be curious to learn more as this is the first time I hear about an ISP modem with DHCPv6, it’s very unusual.
First, forget about DHCPv6 server in RouterOS, if you want to use it to assign IP addresses for clients. It does not support it (just yet, I hope), only Prefix Delegation. You’re limited to simple Router Advertisements (autoconfig).
The problem is, if you really have only one /64, you can’t do anything (*), because it’s used between ISP Modem and your router. You don’t have another /64 for your LAN.
One chance would be if ISP Modem actually got bigger prefix from ISP, used one /64 from it for LAN and held the rest of if for further PD. If that was a case, you could add DHCPv6 client to your router’s WAN, get another /64 (or more) from ISP Modem and everything would work just fine (it would be pretty much standard setup).
(*) You could turn your RB into transparent firewall, i.e. bridge the interfaces and set “/interface bridge settings set use-ip-firewall=yes”. It would be slightly different, but probably usable.
