My ISP (Google Fiber) gives me an IPv6 prefix via delegation that then enables my Mikrotik router to distribute IPv6 addresses within that prefix to clients on my network. I now have 3 IPv4 subnets, each on their own VLAN, all connected to my Mikrotik router. IPv6 addresses are available only on my main subnet/VLAN. I’d like to have IPv6 on my other two subnets/VLANs, but I’m struggling to figure out how to do that on my Mikrotik router, given that the IPv6 prefix is dynamically assigned by my ISP. Is it possible, and if so can you point me in the right direction? Thanks!
Generally you would start with your dhcp client to get the prefixes and add them to a pool:
/ipv6 dhcp-client
add add-default-route=yes interface=wan pool-name=comcast_ipv6 prefix-hint=::/60 request=address,prefix use-peer-dns=no
Then you just need to add an address to the the vlan interface that comes from the pool:
/ipv6 address
add from-pool=comcast_ipv6 interface=vlan10
add from-pool=comcast_ipv6 interface=vlan20
add from-pool=comcast_ipv6 interface=vlan30
You might need to modify the nd settings as well:
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes
add interface=vlan10 other-configuration=yes ra-delay=5s ra-interval=5s-30s
add interface=vlan20 other-configuration=yes ra-delay=5s ra-interval=5s-30s
add interface=vlan30 other-configuration=yes ra-delay=5s ra-interval=5s-30s
In addition to what @biomesh wrote … there’s a gotcha when dealing with IPv6 prefixes: many devices (Mikrotiks included) can only work with /64 prefixes on interfaces. If ISP gives out smaller prefixes (e.g. /60 or /56), then everything is fine and dandy. However, some ISPs only give out /64 prefixes and in this case it is not possible to create multiple IPv6 subnets. Even worse, some ISPs require that WAN interface of CPE uses address from given /64 prefix which makes whole prefix useless (it is not possible to use same prefix on two different routed interfaces).
I have an additional question here.
When the DHCP client lease expires, and I get a new IPv6 address (range) from the ISP.
How can (v)LAN clients know and update their IPv6 address “instantly” ?
Because currently, they still have the old IPv6 address (from old range, which expired) therefore their IPv6 connectivity is not working.
Should I play with intervals etc in ND ?
currently I have:
/ipv6 nd
set [ find default=yes ] other-configuration=yes ra-delay=5s ra-interval=5s-30s
/ipv6 nd prefix default
set preferred-lifetime=5m valid-lifetime=10m
Or should I implement RouterOS also as DHCPv6 server for my (v)LANs? but with what settings?
There are two things that happen when ISP changes your prefix:
- router changes prefixes on internal interfaces. MT doesn’t invalidate old prefix hence connected devices have no idea about old prefix being no longer valid.
That means that devices keep using old prefix until it expires (valid-lifetime setting). When devices receive RA with new prefix (that’s done every ra-interval), they add additional IPv6 addresses. - established connections between end devices and (internet) peers keep using old IP addresses. When ISP changes your prefix, those connections break because ISP no longer passes packets for old prefix towards your router.
So even if bullet #1 would happen instantly, bullet #2 would still break all the ongoing connections between all devices and internet. Delay in bullet #1 only means that connectivity of devices has a gap, but change of prefix can not happen seamlessly in any case.
MT’s DHCPv6 server can not serve IPv6 addresses, it can only serve prefixes. Some devices (most notably android devices) ignore DHCPv6 and only use SLAAC address acquisition mechanism.
Prefix changes should be handled by RouterOS (= would be good if it did it, but it currently doesn’t). It may be possible using lease script:
Changing ipv6 prefix (just related topic, no solution yet)
And DHCPv6 server probably wouldn’t help, I think it would still depend on RA, so on router’s config.
Ok, so what to do that RouterOS 7.1 starts working natively? as per RIPE explained to send packet to lan-devices (windows, android in my case) to invalidate old prefix?