IPv6 on second VLAN

Spixxy · February 3, 2019, 10:47am

Hello,

I have got IPv6 from my ISP and assigned it to my main VLAN bridge, but it’s not working on another VLANs. How can I do that?
My working config:

/ipv6 address
add address=::1 from-pool=general-pool6 interface=bridge_vlan10
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=general-pool6 request=address,prefix
/ipv6 nd
add hop-limit=64 interface=bridge_vlan10 ra-interval=20s-1m

This is what I tried for second VLAN, it didn’t work:

/ipv6 nd
add hop-limit=64 interface=bridge_vlan20 ra-interval=20s-1m
/ipv6 nd prefix
add interface=bridge_vlan20 prefix=2a02:768:8e13:d36::/64
/ipv6 route
add distance=0 dst-address=2a02:768:8e13:d36::/64 gateway=bridge_vlan20 scope=10

I think I just (somehow) need to point two VLANs to one pool. But how?

mozerd · February 3, 2019, 11:35am

Following is my config for ipv6 based on my ISP proving me with a prefix /56

/ipv6 address add from-pool=rogers-ipv6 interface=vlan10
/ipv6 address add from-pool=rogers-ipv6 interface=vlan20
/ipv6 address add from-pool=rogers-ipv6 interface=vlan40
/ipv6 dhcp-client add add-default-route=yes comment="delgate ISP-assigned prefix" interface=ether1 pool-name=rogers-ipv6 prefix-hint=::/56 request=address,prefix
/ipv6 nd set [ find default=yes ] advertise-dns=yes interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan10 reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan20 reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan40 reachable-time=5m
/ipv6 nd prefix default set preferred-lifetime=4h valid-lifetime=4h
/ipv6 settings set accept-router-advertisements=yes

Perhaps my code can help you …. change the relevant parts to match what your ISP provides you ….. so the important parts are the PREFIX, POOL and WAN INTERFACE, and VLAN INTERFACE
Your Pool is general-pool6
Your Prefix ??? your ISP needs to provide you with a Prefix Assignment … for most people its /64
Your VLAN Interface interface=bridge_vlan10
Your WAN interface ether1

Spixxy · February 3, 2019, 11:58am

Thank you! I’m getting /64 prefix via DHCP client.
I tried your config but second command gives me error “pool exhausted - no more addresses left”. Why?

mozerd · February 3, 2019, 12:19pm

I have no idea why.

Who is your ISP?

Can you please post your Config
/export hide-sensitive file=spixxyconfig terse

proximus · February 3, 2019, 1:01pm

Because your pool is a single /64 … once it is assigned to bridge_vlan10, the pool is exhausted. If your ISP is able to provide you with a /56 or /60, then you will have enough address space to assign more IPv6 interfaces (/64’s).

Spixxy · February 3, 2019, 1:28pm

Yeah, I thought it’s because of this. But how can I assign only half of that pool? If I want to assign only /65, it says that I have to disable advertise. But then my devices won’t get it’s IP, right?

Or is there any other solution? I don’t believe this is impossible

mkx · February 3, 2019, 1:41pm

The basic idea is to assign IP address with longer prefix as router’s address on interface in a subnet … ND should derive it’s settings from there …

/ipv6 address
add address=::1/72 from-pool=general-pool6 interface=bridge_vlan10
add address=::1/72 from-pool=general-pool6 interface=bridge_vlan20

Prefix length should generally be specified with IPv6 addresses, if it’s not then /64 is taken as default.

mozerd · February 3, 2019, 2:11pm

My ISP Rogers dishes out multiple /64 plus other options like /56 although that may have changed recently. for a long time I was using /64 and assigning to each subnet or vlan.

With Ubiguiti Routers its very easy to do that utilizing a commands like:

set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 2 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd rapid-commit 'enable'

I do not believe that the same can be done using RouterOS …. I could not find the ability to add an index like PD 0, PD 1,PD 2 etc

First you you have to find out from your ISP if they would dish out multiple /64 and if YES then some RouterOS GURU needs to confirm how to convert the above code to RouterOS speak
Ideally, check with your ISP if they will issue a /40 or /60 or /56 … many ISP are going with a /56 for their users — some are only providing that for their business class users and if not some ISP will dole out multiple /64

Spixxy · February 3, 2019, 2:35pm

I would like to assign ::1/72, but terminal forces it to /64 and Winbox shows this error

My ISP is small Czech local which apparently gives me one /64.
And my idea is to force multiple interfaces to take IPs from this pool

tdw · February 3, 2019, 3:34pm

SLAAC requires /64 as that is the size of an automatically generated address. It is possible to use smaller subnet sizes when using static addresses or DHCP, but AFAIK it is no longer recommended

proximus · February 3, 2019, 3:36pm

That error is because SLACC (IPv6 auto config) requires a /64, therefore the error.

If you run your own IPv6 DHCP server (or static addresses), you can set advertise=no and may be able to use the /72. Doing this requires settings in ND to advertise the Managed flag.

The basic config for not using SLACC and a LAN-based DHCPv6 server only would be like this:

/ipv6 address
add address=::1 advertise=no from-pool=comcast-ipv6 interface=ether2-lan
.. etc

/ipv6 dhcp-client
add add-default-route=yes comment="WAN Cable Modem" interface=ether1-gateway pool-name=comcast-ipv6 prefix-hint=::/60 request=address,prefix use-peer-dns=no

/ipv6 nd
add hop-limit=64 interface=ether2-lan managed-address-configuration=yes other-configuration=yes ra-interval=1m40s-5m

/ipv6 nd prefix
add autonomous=no interface=ether2-lan

Personally, I do not like SLACC. I want to see known addresses, not ever-changing random ones.

Spixxy · February 3, 2019, 5:15pm

Thank you, but I still cannot make it working

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough?

I have deleted all IPv6 related settings and started from scratch.
First step: set up DHCP client, it gets prefix and automatically creates pool.
Second: add address ::1/72

it gets replaced by /64 and so I cannot add another.

mozerd · February 3, 2019, 5:28pm

Up until now most ISP’s that I am familure with will not provide a static ipv6 … and if there are exceptions I am certainly not aware of those ISP.

So for the time being check with your isp and find out if they will allocate more than one /64 … tell them that you run 2 subnets they may accomadete you.

You are at the mercy of your ISP in terms of which subnet(s) are assigned TO YOUR ISP MODEM. You cannot go and pick a subnet from your prefix delegation and assign it statically. The cable modem must do the assignment.

proximus · February 3, 2019, 5:35pm

DHCPv6 server on another machine to provide host addresses. MT’s DHCPv6 server does not do host addressing (wish it did!!!)

What I posted changes the flags in the Router Advertisement. That tells the hosts that they should request an IPv6 address via DHCP and not auto-configure.

I’m kind of doubting you can do what you want with a single /64 from a pool.

Spixxy · February 7, 2019, 8:13am

Well, that’s bad that simple things like VLANs relies on ISP.
Or maybe it’s ok and I just don’t understand it well
Anyway thank you very much!

mkx · February 7, 2019, 10:21am

Your VLANs don’t rely on ISP. What relies on ISPs is to offer you short enough IPv6 prefix (i.e. /63 or lower) so that you can allocate one /64 prefix to each of your VLANs.

BTW, it’s not only VLANs, it also LAN subnets (in case you create physical subnets).

mozerd · February 7, 2019, 10:38am

99% of the general public do not have the ability to configure subnets [vlans are a form of subnets] … so most isp take the easy raod and jsut provide a /64. You should talk to you ISP and ask for an accommodation that would help you to accomplish your objective — I’m sure others in your area are asking for same and the more people that ask the more are the chances they will comply — … My ISP originally only offered a /64 and also offered more than one /64 for those who knew how to index the address space THEN through a little [a lot of] coxing from its users a /56 was allowed … one of these days [in a couple of years - maybe] they may dish out a statics and allow to have a dhcp6 server locally

Sob · February 7, 2019, 1:46pm

Did you try to ask them for bigger prefix? There could be some hope with small company. Maybe they are just new to this and /64 is their honest mistake without an ill intent. If they are open to discussion, there are enough even local resources about the subject, e.g. Cesnet seminars, articles on root.cz, etc. Like this one: pdf, video

pe1chl · February 7, 2019, 2:24pm

Indeed, the problem is often that the ISP is unfamiliar with IPv6.
The absolute minimum a home customer should get is a /60.
More considerate would be a /56.
I get a /48 on my home internet connection.

jonmansey · April 22, 2019, 3:45am

For me it was as simple as setting the DHCPv6 client prefix hint to ::/62 and the ISP (TWC) gave me a /56 instead of the standard /64. Then I was able to simply add multiple ::1/64 to each vlan, and it all worked automatically. I think I could have used any prefix hint less than 64 and it would have given me a /56.