IPv6 how to use it right

RouterOS Beginner Basics
1

I’ve 6to4 tunel /48 subnet

I’ve setup it without DHCPv6 server.
I’ve connect directly Windows or UNIX machine it works well … ip adress assign …
If we got CPE Router like TPLINK(ipv6 ready) between RouterOS and end user … we got problem router doesnt recive ipv6 declaration or dhcpv6 ip …

Network logic

ipv6 tunnel give me /48 subnet xxxxx:8105::/48
i’ve split it to several /64 subnet per vlan

xxxxx:8105:100::/64




xxxxx:8105:200::/64

etc
goal that router recive or one ip and do some routing from internal network
or declarate sub net from

xxxxx:8105:100::/64

Maybe that logic is right but im not shure
recive /48
/54 per vlan
/64 per user

2

If you need to connect other routers with additional networks behind them, you need DHCPv6 server to give them prefixes to use (the one in RouterOS can do this). Other way is to use static config for everything, manually configure subnets on routers and add routes to them on main one.

3

Hey. TP-Link router have to support IPv6 SLAAC with RFC4941, so your windows and Linux machine does. You dont need dhcpv6 server.

4

But how does TP-Link get prefix from upstream?

5

Router won’t receive the prefix, but he can route /48 with /64 static net that ISP have to provide.

6

That’s what I mentioned as second option. :slight_smile:

7

I thought you talk about TP-Link’s LAN, not uplink. Topic starter talked about his LAN.

8

Here is an overview of IPv6 in MikroTik and how it goes from the BGP edge to the last mile with a customer handoff…it might be helpful.

The configs for the entire network are in the article. :smiley:

https://www.stubarea51.net/2018/09/14/wisp-design-an-overview-of-adding-ipv6-to-your-wisp/

9

At many TP-link routers 1-2 year old with ipv6 support no SLAAC option just DHCPv6, PPPoE, Tunnel 6to4 and STATIC IP…
So as I’ve understand I have to declarate /56 for each end user router ?
As I don’t have SLAAC option at router I have to use Static V6 ip configuration

I’ve enter

IPv6 Address: I’ve Generate IP address from pool /64 or /56 at type it here
IPv6 Gateway: I’ve type there IPv6 address of Mikrotik Router from that vlan but it doesn’t accept it write error 51000 (default value ::slight_smile:
MTU 1500
IPv6 Primary DNS 2001:4860:4860::8888
IPv6 Secondary DNS 2001:4860:4860::8844

LAN Type SLAAC
Prefix i give prefix from vlan SLAAC Mikrotik Configuration and Subnet Mask /64

Result Router seen at Ipv6 Neighbor list with mac address for 1-2 min then disappear…
Cant ping it cannot ping LAN address that display TP-LINK ROUTER
Mikrotik replay address unreachable…


Any advice ?

10

If you have only /48 prefix, you can give to users /56 for their LANs and /64 seperatly to each user for connectivity with your router. /64 by static, /56 by SLAAC.

About IPv6 gateway: you need to write IPv6 address via colons like “:” or “::” depends of how you want to write IPv6 address.

You have to ping locally managed IPv6 address. You have to figure at this one out first of all.

11

I’ve setup that way but it doenst work …
static2.png
static.png
that configuration recived without router



  
  DHCP is on. . . . . . . . . . . : No
    Auto tuning is on. . . . . . : Yes
    IPv6 Address . . . . . . . . . . . : 2a01: xx: xxxx: 400: b413: fa26: d310: eaa3 (Basic)
    The local IPv6 address of the channel. . . : fe80 :: b413: fa26: d310: eaa3% 26 (main)
    IPv4 Address . . . . . . . . . . . : 192.xx.xx.xx (Basic)
    Subnet mask . . . . . . . . . . : 255.255.255.255
    Main gate. . . . . . . . . : fe80 :: f0: 25% 26
                                        0.0.0.0
    IAID DHCPv6. . . . . . . . . . . : 410308651
    DUID of the DHCPv6 client. . . . . . . : 00-01-00-01-24-8B-50-A5-74-D0-xx-xx-xx-xx
    DNS servers. . . . . . . . . . . : 8.8.8.8
                                        2001: 4860: 4860 :: 8888
                                        2606: 4700: 4700 :: 1111
                                        2a01: xx :: 1
    NetBios over TCP / IP. . . . . . . . : Enabled

And its work with it

12

It’s not really practical to give to users prefixes for static configuration. Try to find newest firmware for TP-Link routers with IPv6 SLAAC config.

13

It’s lattest firmare for not cheapest router Archer C7 v1 i’ve tryed for newer Archer C50v4 (more cheaper) its have same IPv6 setup page … (TP-LINK 940N V3 i think have same setup page)

Give me advices I will try to check it … i’ve no experience at v6 after router … i’ve use it as endpoint and its works well 50% traffic goes thrue V6.

14

IPv6 is native IP rpotocol for Windows OS, IPv4 is secondary one. My advice is this one for your clients: https://wiki.mikrotik.com/wiki/Manual:Hurricane_Electric_Tunnel_Broker_Example_for_Home

Otherwise - static routing which is pain in the ass…

15

Am I seeing it wrong, or do you really have 2a01:xx:xxxx:400:9ade::1 on TP-Link’s WAN and 2a01:xx:xxxx:400::/64 on LAN, i.e. same /64 subnet? That wouldn’t work well, you need different subnets.

For example, RB may have 2a01:xx:xxxx:400::1/64 on internal interface, connected TP-Link would have 2a01:xx:xxxx:400::401/64 on WAN and 2a01:xx:xxxx:401::1/64 on LAN. On RB you’d add:

/ipv6 route
add dst-address=2a01:xx:xxxx:401::/64 gateway=2a01:xx:xxxx:400::401

And it should work. Or you can configure DHCPv6 server on RB and let TP-Link get prefix from there.

16

And yeah, Ripper, if you will configure same /64 subnet on WAN and LAN sides, it’d be the same as 195.100.50.0/29 on WAN and 195.100.50.0/29 on LAN: your router won’t route your traffic to same network via different interfaces, so grab /64 subnet from /60 “special ptp prefix” and grab /56 except that /60 to your clients. Subnets must be different.

17

I’ve tryed to enable DHCPv6 that router recive nothing at all …

Structure

Main Router MT got 2a01:xx:xx:400::/64 at vlan interface that looks to clients TP-LINK Router I want that client recive something below 2a01:xx:xxxx:400:: to recognize it for example 2a01:xx:xxxx:400:1:: and LAN network from that router have to be 2a01:xx:xxxx:400:1:1:: 2a01:xx:xxxx:400:1:2:: 2a01:xx:xxxx:400:1:3:: i dont know how to declararete it right but LAN HAS to BE /64 (cant change lenght)

18

The smallest subnet is /64 (not entirely true, but in practice it is). It means that e.g. 2a01:xx:xxxx:400:1:1:: is beyond that limit (/64 is half of IPv6 address). If you got /48, then what you can work with is YYYY in 2a01:xxxx:xxxx:YYYY:zzzz:zzzz:zzzz:zzzz and it gives you up to 65k /64s.

If you want hierarchical config, you can have /56s for vlans:

2a01:xx:xxxx:00YY::/56
2a01:xx:xxxx:01YY::/56
2a01:xx:xxxx:02YY::/56

That will allow you to have 256 vlans. YY is space for clients. If you give them only /64, you can have 256 of them per vlan. But only one /64 is not good, because it can’t be divided further, so it’s not possible to make e.g. separate guest subnet. It’s generally good to give clients more to give them more freedom in what they can do with their networks. Other possibility is to have maximum 16 clients per vlan with /60 (so 16 /64s) for each. Or 32 clients with /61 (8 /64s), 64 clients with /62 (4 /64s), or 128 clients with /63 (2 /64s).

If you don’t need that many vlans and 16 would be enough for you, you can instead have:

2a01:xx:xxxx:0YYY::/52
2a01:xx:xxxx:1YYY::/52
2a01:xx:xxxx:2YYY::/52

And it would give you extra 4 bits you could use for clients. You don’t have to go by 4 bits (as you can see above), but it’s more clear, because 4 bits is one hexadecimal digit.

Let’s say you choose /56 for each vlan. For static config, RB will have for example:

/ip address
add address=2a01:xx:xxxx:100::1/64 interface=vlan1
add address=2a01:xx:xxxx:200::1/64 interface=vlan2
...
add address=2a01:xx:xxxx:ff00::1/64 interface=vlan256
/ip route
add dst-address=2a01:xx:xxxx:110::/60 gateway=2a01:xx:xxxx:100::110 comment="client1 / vlan1"
add dst-address=2a01:xx:xxxx:120::/60 gateway=2a01:xx:xxxx:100::120 comment="client2 / vlan1"
...
add dst-address=2a01:xx:xxxx:1F0::/60 gateway=2a01:xx:xxxx:100::1F0 comment="client16 / vlan1"
add dst-address=2a01:xx:xxxx:210::/60 gateway=2a01:xx:xxxx:200::210 comment="client1 / vlan2"
add dst-address=2a01:xx:xxxx:220::/60 gateway=2a01:xx:xxxx:200::220 comment="client2 / vlan2"
...
add dst-address=2a01:xx:xxxx:2F0::/60 gateway=2a01:xx:xxxx:200::2F0 comment="client16 / vlan2"
...

And config for clients will be:

WAN address: 2a01:xx:xxxx:100::110/64
Default gateway: 2a01:xx:xxxx:100::1
Available LAN subnets:
2a01:xx:xxxx:110::/64
2a01:xx:xxxx:111::/64

2a01:xx:xxxx:11f::/64

Or you can use DHCPv6 server on RB:

/ipv6 pool
add name=pool_vlan1 prefix=2a01:0:0:100::/56 prefix-length=60
add name=pool_vlan2 prefix=2a01:0:0:200::/56 prefix-length=60
...
add name=pool_vlan256 prefix=2a01:0:0:ff00::/56 prefix-length=60
/ipv6 dhcp-server
add address-pool=pool_vlan1 interface=vlan1 name=server1
add address-pool=pool_vlan2 interface=vlan2 name=server2
...
add address-pool=pool_vlan256 interface=vlan256 name=server256

And client can get everything automatically. Also in this case you don’t need to add any addresses to vlans on RB.

19

I’ve made pools

2a01:xx:xxxx:1000::/56 /vlan100
2a01:xx:xxxx:2000::/56 /vlan200
....

I’ve bind ipv6 adress on vlans

2a01:xx:xxxx:1000::1/64 -> vlan 100 from pool v6vlan100 (CANT BIND 2a01:xx:xxxx:100::1/64 ERR POOL PREFIX)
2a01:xx:xxxx:2000::1/64 -> vlan 200 from pool v6vlan200
....

I’ve made static route
2a01:xx:xxxx:1001::/64 → at vlan 100

Set static configuration to router

WAN 2a01:xx:xxxx:1001::
GATEWAY :: (WONT SAVE 2a01:xx:xxxx:1000::1 ERR 51000)
LAN 2a01:xx:xxxx:1002::/64

SEE it at ipv6 neighboor with mark R but cant ping anything …

Any advices ?

20

You seem to be mixing it up in a strange way. If you want static config, you don’t need to define any pools. Then you need to add routes to client’s /64, not to their WAN address, that one should exist automatically, because your router’s address and client’s WAN address should be in same subnet.

It’s pretty much the same as IPv4 would be. Let’s say you have 10.0.0.0/8 (instead of IPv6’s /48) and you want to give each client one /24 (instead of IPv6’s /64). With the same logic, you could have e.g.:

/ip address
add address=10.1.0.254/24 interface=vlan1
add address=10.2.0.254/24 interface=vlan2
...
/ip route
add dst-adress=10.1.1.0/24 gateway=10.1.0.1 comment="client1 / vlan1"
add dst-adress=10.1.2.0/24 gateway=10.1.0.2 comment="client2 / vlan1"
...
add dst-adress=10.2.1.0/24 gateway=10.2.0.1 comment="client1 / vlan2"
add dst-adress=10.2.2.0/24 gateway=10.2.0.2 comment="client2 / vlan2"
...

Client1/vlan1 would have WAN 10.1.0.1/24, gateway 10.1.0.254, LAN 10.1.1.0/24.
Client2/vlan1 would have WAN 10.1.0.2/24, gateway 10.1.0.254, LAN 10.1.2.0/24.
Client1/vlan2 would have WAN 10.2.0.1/24, gateway 10.2.0.254, LAN 10.2.1.0/24.

Subnets 10.X.0.0/24 are common connecting subnets between your router and client routers (it assumes that all clients are connected directly in each vlan).