Ipv6 DHCP server static leases

cyayon · December 24, 2022, 1:48pm

Hello,

Do you know if it possible to define statically ipv6 static address using dhcp server on ROS (7.6 on CCR2004) ?
I would like to attribute a fixed ipv6 address to some device from their MAC address (like ipv4 dhcp server leases).

Thanks

mrz · December 27, 2022, 11:42am

IPv6 DHCP doesn’t bind to mac address, but to IAID and DUID

cyayon · December 30, 2022, 8:23am

Hi,

In dhcp-server v4, i have some device (identified via mac-address) which have specific DNS server for parental control or ad-block.

In dhcp-server v6, i would like to do the same. I know that it is not possible with stateless / slaac config. I need statefull config.
Today i do it with dnsmasq and have no issue.

Now i would like to disable dnsmasq and use dhcp-server v6 from the mikrotik (CCR 2004). Currently i tested successfully ND on ROS and it works has expected.
But when i enable dhcp-server v6, no prefix/address are defined and i get no binding at all.
I have tried to enable/disable ND options Managed Address Configuration and/or Other Configuration, but i does not work.

Could you please help ?

thanks.

mrz · December 30, 2022, 9:40am

RouterOS DHCPv6 server can delegate only prefixes, for your setup, you will need to continue to use dnsmasq
https://help.mikrotik.com/docs/display/ROS/DHCP#DHCP-DHCPv6Server

cyayon · December 30, 2022, 9:57am

Thanks

But how to mix the two ?
Using Ros to do stateless ND and use dnsmasq for statefull ?

mkx · December 30, 2022, 10:20am

Where’s the problem with using SLAAC and dnsmasq? As far as I can see the only problem could be changing prefixes … so you have to inform dnsmasq if prefix changes. But that’s up to dnsmasq config and (lots of) magic …

cyayon · December 30, 2022, 11:44am

When i enable only ND on ROS (no dhcp-server), and enable dnsmasq, client devoces, never get anything from dnsmasq. Only ND seems to configure devices.

mkx · December 30, 2022, 12:51pm

There’s difference: RAs are sent by every router device (configured so) periodically. They include prefix and some other data (e.g. DNSv6 servers addresses). Those RAs are picked up by devices and devices (autonomously) perform SLAAC to (self)configure IPv6 parameters. I’m not sure, but I guess a client device can send out ND request and routers then respond with (unicast?) RA.
DHCPv6 (I suppose that’s what dnsmasq is) server, OTOH, waits for requests from clients and responds to those. If clients don’t request DHCPv6 leases, then DHCPv6 server can’t do anything about it. I’m not sure if DHCPv6 lease includes router’s address, if it doesn’t then DHCPv6 client would have to listen to RAs anyway.

Now, when it comes to behaviour of clients, there are a few differences. Most clients (e.g. windows 10 do) ask for DHCPv6 lease and gladly also accept RAs, so they end up with rather complicated setup (leased address as well as set of SLAAC addresses). Some (notably Android devices) don’t use DHCPv6 at all, if RAs are not seen then IPv6 doesn’t exist for those devices.
I can imagine that some devices might only send out DHCPv6 requests if they don’t see RAs … and no router replies to ND requests. That would seem odd to me, but SW developers are sometimes very odd as well

cyayon · December 30, 2022, 1:48pm

Thanks,

i understand.

instead of using dhcpv6 statefull, i will try to use firewall dstnat based on mac address to redirect traffic to the good DNS.