How to advertise dynamic ipv6 prefix recieved from dhcpv6

bossv6 · February 15, 2021, 10:40am

My provider is giving me /56 dynamic prefix (why? I also would like to know…).
I have managed to setup a dhcpv6 client which create a pool with received /56 subnet. Now I don’t know how to advertise prefix(s) to my network behind the router.
I’ve created a DHCPv6 server with this pool as a an option, I’ve created ND entry, but nothing happens…

[admin@MikroTik] /ipv6>> dhcp-server print  
Flags: D - dynamic, X - disabled, I - invalid 
 #    NAME                                                                      INTERFACE                                                                    ADDRESS-POOL                                                                    PREFERENCE LEASE-TIME 
 0    server1                                                                   bridge                                                                       internode                                                                              255 3d         


[admin@MikroTik] /ipv6>> pool print  
Flags: D - dynamic 
 #   NAME                                                                                                                                                                           PREFIX                                      PREFIX-LENGTH EXPIRES-AFTER        
 0 D internode                                                                                                                                                                      2001:4777:1e10:da50::/56                               56 1h50m15s             

[admin@MikroTik] /ipv6> nd print 

 1    interface=bridge ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=none hop-limit=unspecified advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no 

      other-configuration=yes

mkx · February 15, 2021, 5:30pm

Forget about DHCPv6 server on MT.

ND advertises prefix which corresponds to IPv6 address set to corresponding router interface. For example:

# let's assume you have two LANs connected to ether2 and ether3 respectively
/ipv6 address
add address=::1 from-pool=internode interface=ether2
add address=::1 from-pool=internode interface=ether3
/ipv6 nd
add interface=ether2
add interface=ether2

It’ll automatically select different prefixes from pool for both subnets so the construct above (which seems to assign same address to bith interfaces) is fine.

It is customary to use /64 subnets, there’s no need to use shorter prefix. Which means your ISP is sensible by giving you 256 prefixes with length of /64 so you can easily use multiple subnets in your LAN.

bossv6 · March 1, 2021, 2:35am

Thank you for this advice, it works!
But I still need DHCPv6, because I need to point LAN clients to my own DNS…
And also my clients are not setting default gateway (all OSes: Android, Linux, Win).
Here is the RA I am receiving:

Frame 11152: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface enp0s31f6, id 0
Ethernet II, Src: xxxxxxxxxxxx, Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: xxxxxxxxxxxx, Dst: ff02::1
    0110 .... = Version: 6
    .... 1100 0000 .... .... .... .... .... = Traffic Class: 0xc0 (DSCP: CS6, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 48
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source Address: xxxxxxxxxxx
    Destination Address: ff02::1
    [Source SA MAC: xxxxxxxxxxxx]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x9bd7 [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0x40, Other configuration, Prf (Default Router Preference): Medium
        0... .... = Managed address configuration: Not set
        .1.. .... = Other configuration: Set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2001:4479:a01:b100::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
            1... .... = On-link flag(L): Set
            .1.. .... = Autonomous address-configuration flag(A): Set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2001:4479:a01:b100::

mducharme · March 1, 2021, 3:10am

You can add DHCPv6 server on the interface with no pool set, it will provide DNS.

bossv6 · March 1, 2021, 3:20am

Yes I did it, and now I have found what was the problem. I have to uncheck “Advertise DNS” from RA as well.

mducharme · March 1, 2021, 6:31am

You can leave “Advertise DNS” checked in RA in most cases, but you have to enable “Other configuration”.

bossv6 · March 1, 2021, 8:25am

Well, with “Advertise DNS” checked my clients configure provider’s DNS. Even if my own comes along it is still not desirable. They should only get local DNS.
And also my clients are not setting default gateway (all OSes: Android, Linux, Win).
Here is the RA I am receiving:

Frame 11152: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on interface enp0s31f6, id 0
Ethernet II, Src: xxxxxxxxxxxx, Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: xxxxxxxxxxxx, Dst: ff02::1
    0110 .... = Version: 6
    .... 1100 0000 .... .... .... .... .... = Traffic Class: 0xc0 (DSCP: CS6, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 48
    Next Header: ICMPv6 (58)
    Hop Limit: 255
    Source Address: xxxxxxxxxxx
    Destination Address: ff02::1
    [Source SA MAC: xxxxxxxxxxxx]
Internet Control Message Protocol v6
    Type: Router Advertisement (134)
    Code: 0
    Checksum: 0x9bd7 [correct]
    [Checksum Status: Good]
    Cur hop limit: 0
    Flags: 0x40, Other configuration, Prf (Default Router Preference): Medium
        0... .... = Managed address configuration: Not set
        .1.. .... = Other configuration: Set
        ..0. .... = Home Agent: Not set
        ...0 0... = Prf (Default Router Preference): Medium (0)
        .... .0.. = Proxy: Not set
        .... ..0. = Reserved: 0
    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0
    ICMPv6 Option (Prefix information : 2001:4479:a01:b100::/64)
        Type: Prefix information (3)
        Length: 4 (32 bytes)
        Prefix Length: 64
        Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
            1... .... = On-link flag(L): Set
            .1.. .... = Autonomous address-configuration flag(A): Set
            ..0. .... = Router address flag(R): Not set
            ...0 0000 = Reserved: 0
        Valid Lifetime: 2592000
        Preferred Lifetime: 604800
        Reserved
        Prefix: 2001:4479:a01:b100::

mkx · March 1, 2021, 5:05pm

Seems quite right to me. What I see on my LAN:

router’s link-local address is passed as IPv6 src address (dst address is ff02::1 which means “all nodes” according to RFC4291) … and it seems that SLAAC clients take this address as proper default gateway.
setting “Router lifetime (s)” has value of 1800 (which is in agreement with setting ra-lifetime=30m in /ipv6 nd (which is default at least on ROS 6.47.9).
RA includes option type “Recursive DNS server” with IPv6 address … which I set in /ip dns (yeah, I know, one would expect only IPv4 stuff there, but I have 3 DNS server addresses there, one of them is IPv6, other two are IPv4)
RA includes option type “Prefix information” with proper IPv6 prefix for that LAN

Actually I have /ipv6 nd all left to default settings.

bossv6 · March 2, 2021, 12:32am

Still none of clients is setting default gateway to it. If I do it manually, then everything works

Dome · May 16, 2021, 4:35am

Hello,
I also using the DHCPv6-Client to get the ipv6 prefix (via PPPoE) from ISP, I would like to know that “Prefix Expires After x:x:x” was sent by ISP ?
But ISP told me that would not change the ipv6 prefix unless I have re-connected the PPPoE …
My case is that IPv6 prefix do NOT changed according to “Prefix Expires After x:x:x” and work fine for a couple days then IPv6 do not work anymore suddently… I need to to the Release from DHCPv6-Client to get the new IPv6 prefix then everything work fine again …
Do you have any idea or guide me to enable the detail Logging to check.

Thanks !

bossv6 · May 18, 2021, 4:15am

After reading 100 times this

and my wireshark log, I spotted the problem!

    Router lifetime (s): 0
    Reachable time (ms): 0
    Retrans timer (ms): 0

Router lifetime (s): 0

Checked the ND settings and found the column ra-lifetime empty. Setting this to the default 1800 has solved the problem.

dksoft · May 18, 2021, 8:19am

There is still a problem in ROS where RA advertises the upstream DNS server, e.g. your ISP, and not itself. So you can not advertise the ROS DNS server via IPv6.

A workaround is to disable DNS advertising in ND and enable “Other Configuration”.

/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=LAN other-configuration=yes
/ipv6 nd prefix default
set preferred-lifetime=6m15s valid-lifetime=10m

Then enable DHCPv6 for DNS with something like this:

/ipv6 dhcp-server option
add code=23 name=ROUTER_DNS value=0xfd000000000000000000000000000001
add code=24 name=DOMAIN_LIST value="'intra'"
add code=43 name=ANDROID_METERED value="s'ANDROID_METERED'"
add code=23 name=PIHOLE_DNS value=0xfd000000000000000000000000000006
/ipv6 dhcp-server
add address-pool=GUA-pool6 dhcp-option=ROUTER_DNS,DOMAIN_LIST interface=LAN lease-time=10m name=LAN-dhcp6

bossv6 · May 18, 2021, 10:12am

I have DHCP options as described here, but still not receiving DNS via DHCP.