I have a router.. 2 interfaces..

XXXX:f000:32:88::/127
XXXX:f000:32:89::1/127

I can route XXXX:f000:32:90::/127 → XXXX:f000:32:88:1 fine…
but
I cannot route XXXX:f000:32:90::/127 → XXXX:f000:32:89::

it says XXXX:f000:32:89:: unreachable

I’m actually trying to send ::/0 to the :0 address and says unreachable but if I send to a :1 on a /127 it works.

Below is some example I set up..

[admin@MikroTik] > ping XXXX:f000:32:89::
HOST SIZE TTL TIME STATUS
XXXX:f000:32:89:: 56 64 0ms echo reply
XXXX:f000:32:89:: 56 64 0ms echo reply
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable

DST-ADDRESS GATEWAY DISTANCE

0 S ::/0 XXXX:f000:32:89:: 1 <— it thinks is unreachable
1 ADC XXXX:f000:32:88::/127 ether2 0
2 ADC XXXX:f000:32:89::/127 ether1 0
3 A S XXXX:f000:100:1::/64 XXXX:f000:32:88::1 1

[admin@MikroTik] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local

ADDRESS FROM-POOL INTERFACE ADVERTISE

0 DL fe80::d6ca:6dff:fed3:2699/64 sfp1-gat… no
1 DL fe80::d6ca:6dff:fed3:269a/64 ether1 no
2 DL fe80::d6ca:6dff:fed3:269e/64 ether5 .. no
3 DL fe80::d6ca:6dff:fed3:269b/64 ether2 no
4 G XXXX:f000:32:88::/127 ether2-bras no
5 G XXXX:f000:32:89::1/127 ether1-core no

This works on ciscos/juniper/other routers fine.. but why not on Mikrotik? anyway I can do this?

Running v6.4

There have been multiple discussions on the forums on the use of /127s with MikroTik.

Its currently not supported, and as far as I remember, no support was promised.
/31s for IPv4 are not supported either.

Currently /64s should be used for PtP links.

first things first:

initially /127 addressing where considered harmful for IPv6.
http://tools.ietf.org/html/rfc3627
there are other RFC documents about IPv6 that will state that /127 address space should not be used.

now when this is stated, you can use other than the address that ends with 0.

for example, use of 2001:db8::0/127 will yield error as such route cannot be currently added (that is a problem we will work to resolve it)

but 2001:db8::2/127 can be used freely and will work correctly as main culprit - router anycast address is not used in RouterOS and at all is deprecated from IPv6.

Thanks..

So you are saying /127 work 100% fine but as long as you are not trying to router towards 2001:db8::0/127 but routing towards 2001:db8::1/127 will work fine (This is what I personally found)

yes RFC3627 (which says /127 are bad) has a link to RFC6547 which basically says RFC3627 is obsolete and to use read RFC6164 which says /127 are good. Thanks Miktotik.. I hope you fix the ::0/127 problem.

Yes /31’s not working as most other routers and standards say they should is a little annoying and having to waste ipv4 space for P2P Links IMHO is not good. I dunno the exact reason why mikrotik won’t/can’t support /31’s. It is very common practice to use them these days and most of P2P links I use are /31’s (except when a customer can’t and its usually as they have a miktotik).

the issue regarding /127.. well they work.. except for the ::0/127 one (you can route to the ::1 but not the ::0) and I can work around that at the moment.

adding a route to ::1/127 is weird, as the other end will not be able to set up route to point in the correct direction.

so skip the first 2 addresses and start using this form ::2/127

also, what is the main reason behind using /127 and instead of /128 that should be supported and is supported from IPv6 get-go.

IPv4 /31 and IPv6 /127 are not really the same thing

I’m also experiencing problems with /126 addresses … and /30 is definitely supported if you were to use that analogy

Using /64 is wasteful … but the major problem is the possibility of DDoS from all that additional ping-pong traffic

+1 for /127 support

/127 is exempt, /126 should work normally. If you see the need for /127 use /128 instead.

And that is correct /31 for ipv4 and /127 are completely different as /127 if mis-configured can cause more issues and open you to attacks that you can not control.

It’s not only ::/127, but also 10::/127, 20::/127, 30::/127, 40::/127, etc…

Quite annoying, to say the least.

Any address with /127 mask is not working. Also, there is no good reason to use that.

Shrugs. RFC3627 is old, outdated, and multiple erratas exists for it.

https://tools.ietf.org/html/rfc6164 for example, has clear definitive reasons as to why /127s ARE valid, and accepted. Quite a lot of ISPs doing IPv6 connectivity, supply /127s, not /126s.

This actually makes a lot of sense

Basically *::/64 in a pool won’t work but *::1/64 will work on the pppoe or dhcp?
Then again you can’t set a pool for pppoe with *::1/64

Any work around it?

+1 to the IPv6 /127 network support in IPv6. Harmful or not, adding a feature (that can be used or not) does not harm at all, it improves compatibility, flexibility and versatility. Many providers use /127 for serial (i.e., point-to-point) links.

Sorry for pop this thread up but…

+1.

Our Internet transit supplier just gives us a /127 to set up a BGP/AS session.

Is there any workarround or shall I purchase a router from another vendor?

This is a MUST for routers in https://tools.ietf.org/html/rfc6164.

Regards.

+1

IPv6 /126 is not working to me on CCR1036

[admin@4C:5E:CC:DD:9F:D8] > ping 2606:4700:4700::1111
SEQ HOST SIZE TTL TIME STATUS
0 2606:4700:4700::1111 timeout
1 2606:4700:4700::1111 timeout
2 2407:ff00:7::e 104 64 597ms address unreachable
3 2606:4700:4700::1111 timeout
sent=4 received=0 packet-loss=100%

[admin@4C:5E:CC:DD:9F:D8] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local

ADDRESS FROM-POOL INTERFACE ADVERTISE

0 G 2407:ff00:7::e/126 BondingWAN no
1 DL fe80::4e5e:cff:fed1:9fe1/64 vlan135 no
2 DL fe80::4e5e:cff:fed1:9fe1/64 vlan231 no
3 DL fe80::4e5e:cff:fed1:9fe1/64 vlan134 no
4 DL fe80::4e5e:cff:fed1:9fe1/64 vlan223 no
5 DL fe80::4e5e:cff:fed1:9fe1/64 vlan170 no
6 DL fe80::4e5e:cff:fed1:9fe1/64 vlan267 no
7 DL fe80::4e5e:cff:fed1:9fe1/64 vlan153 no
8 DL fe80::4e5e:cff:fed1:9fe1/64 vlan246 no
9 DL fe80::4e5e:cff:fed1:9fe1/64 vlan116 no
10 DL fe80::4e5e:cff:fed1:9fe1/64 vlan149 no
11 DL fe80::4e5e:cff:fed1:9fe1/64 vlan174 no
12 DL fe80::4e5e:cff:fed1:9fe1/64 vlan202 no
13 DL fe80::4e5e:cff:fed1:9fe1/64 vlan232 no
14 DL fe80::4e5e:cff:fed1:9fe1/64 vlan108 no
15 DL fe80::4e5e:cff:fed1:9fe1/64 vlan233 no
16 DL fe80::4e5e:cff:fed1:9fe1/64 vlan244 no
17 DL fe80::4e5e:cff:fed1:9fe1/64 vlan117 no
18 DL fe80::4e5e:cff:fed1:9fe1/64 vlan210 no
19 DL fe80::4e5e:cff:fed1:9fe1/64 vlan221 no
20 DL fe80::4e5e:cff:fed1:9fe1/64 vlan112 no
21 DL fe80::4e5e:cff:fed1:9fe1/64 vlan141 no
22 DL fe80::4e5e:cff:fed1:9fe1/64 vlan167 no
23 DL fe80::4e5e:cff:fed1:9fe1/64 LAN no
24 DL fe80::4e5e:cff:fed1:9fd8/64 BondingWAN no
25 DL fe80::4e5e:cff:fed1:9fe1/64 vlan148 no


[admin@4C:5E:CC:DD:9F:D8] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable

DST-ADDRESS GATEWAY DISTANCE

0 A S ::/0 BondingWAN 1
1 ADC 2407:ff00:7::c/126 BondingWAN 0

@danunjaya123: It’s two different things, /127 in IPv6 is like /31 in IPv4, let’s say a little unusual. Your /126 is normal configuration that works. Your problem is wrong gateway for default route, just use address 2407:ff00:7::d, instead of interface BondingWAN.

Thanks it worked issue is i have not added gateway in routes.

2 Sob:

Definitely, it isn’t valid due to the difference between IPv6 and IPv4. IPv6 /127 is like IPv4 /30 (not the /31). The IPv4 /31 provides 2 special addresses (1 network address and 1 broadcast address) and 0 node addresses. This is why IPv4 /31 is senseless, though, the /31 can be a valid route definition. The IPv4 /30 provides 2 the special addresses + 2 node addresses. The IPv6 /127 provides 0 special addresses and 2 node addresses so it is completely valid network definition.