IPv6 Prefixes

PrimeYeti · July 5, 2023, 8:13pm

Hopefully a quick one; I got a /48 from my ISP and want to create a /64 prefix pool on my router specifically for the LAN. Everytime I do this I get an error stating that two prefixes cannot overlap.

Is it actually possible two have multiple separate pools for this situation? Or do I just need to give out addresses and smaller prefixes from the /48?

I can give out 64 prefixes and more to a downstream router so isn’t a massive issue just curious.

karhill · July 6, 2023, 7:05am

[I’m using a /60 prefix in this example just for ease of computation/display. A /48 prefix should be just the same. Also, I’m not sure why my IPv6 address examples are displayed with an icon in the middle…ignore the icon.]

Assuming you create a dynamic pool from a DHCPv6 client request to your ISP like the followiing:

/ipv6 dhcp-client /add interface = WAN add-default-route=yes pool-name=ipv6_on_wan request=address,prefix prefix-hint=::/60

Then, assuming the DHCPv6 request from the ISP succeeds, a dynamic IPv6 pool will be created. Suppose the prefix received from the ISP is
2601:601:1100:5e70::/60. Then the pool prefix will be 2601:601:1100:5e70::/60 and the pool’s prefix length parameter will be set to 64 by default. The pool will look like this:

/ipv6/pool/print
Flags: D - DYNAMIC
Columns: NAME, PREFIX, PREFIX-LENGTH, EXPIRES-AFTER
#   NAME         PREFIX                   PREFIX-LENGTH  EXPIRES-AFTER
0 D ipv6_on_wan  2601:601:1100:5e70::/60             64  2d22h29m2s

Now, every time you assign an IPv6 address from the pool, the prefix will increment by 1. So

/ipv6 address add interface=ether1 from-pool=ipv6_on_wan address=::1/64
/ipv6 address add interface=ether2 from-pool=ipv6_on_wan address=::1/64
/ipv6 address add interface=ether3 from-pool=ipv6_on_wan address=::1/64

will assign address
2601:601:1100:5e70::1/64 to ether1 and
2601:601:1100:5e71::1/64 to ether2 and
2601:601:1100:5e72::1/64 to ether3
The prefix part of the address comes from the pool (which is configured to hand out /64 prefixes) and the host part of the address comes from the address= parameter.
You can keep handing out new addresses (and new subnets) in this manner until the pool is exhausted, which in this case of a /60 prefix from the ISP would be 16 /64 subnets. With a /48 from your ISP you could hand out…well a lot more subnets.

Alternatively, if you wanted to hand out /62 subnets rather than /64 subnets, you could create the pool with the parameter “pool-prefix-length=62”. In this example, with a /60 allocation from your ISP, you would only be able to hand out 4 /62 subnets.

Now, every time you assign an IPv6 address from the pool, the prefix will increment by 4. So

/ipv6 address add interface=ether1 from-pool=ipv6_on_wan address=::1/62
/ipv6 address add interface=ether2 from-pool=ipv6_on_wan address=::1/62
/ipv6 address add interface=ether3 from-pool=ipv6_on_wan address=::1/62

will assign address
2601:601:1100:5e70::1/62 to ether1 and
2601:601:1100:5e74::1/62 to ether2 and
2601:601:1100:5e78::1/62 to ether3

PrimeYeti · July 6, 2023, 9:00am

That is very helpful thank you. I understand the use of the From Pool feature in addresses now

Maybe you could enlighten me as to why the pools in the below config overlap? They’ve got different prefixes so I’m not sure what I’m missing…

My WAN pool has been assigned by my ISP via DHCPv6 as (for example) 2a00:0:0::/48. If I then try to create a second pool statically called LAN as 2a00:0:0:0::/64 I get the error mentioned in my original post stating “Prefix of two pools cannot overlap”

I know I don’t necessarily need multiple pools since I can get /64s from the WAN pool but it would be useful to know.

biomesh · July 6, 2023, 11:20am

The pool is just an address allocation. You already have the range with the /48, so you can’t add it a second time.

If you create an ipv6 dhcp server to hand out /60 prefixes to another router in your network you could, and then have it hand out /64 prefixes from the /60 it obtained from the /48 prefix.

Since the pool is just an allocation, you don’t need to break it up unless you have a very large network. Normally you would just add an ipv6 address from the pool with a /64 prefix hint and set it to advertise.

karhill · July 6, 2023, 5:23pm

Well, they overlap because 2a00:b847:36:1::/64 resides in the same space as 2a00:b847:36::/48. If your ISP gave you 2a00:b847:36::/48 and gave someone else 2a00:b847:36:1::/64, their routing system would be messed up.

In RouterOS, pools are an address allocation/bookkeeping mechanism. The RouterOS code behind the “new pool creation” mechanism is detecting that you are double-allocating an address range and trying to protect you from a configuration that is not something it can reasonably keep track of.

As Biomesh says,

A common configuration is that routers get a subnet from the pool, and other hosts on that LAN auto-configure from stateless advertisements from the router (wherein they pick up the prefix).

[An aside: I think the forum software is putting odd icons in my IPv6 address examples because it sees “601:” in an address and somehow that is getting conflated with a http 601 error code (invalid character). ]

own3r1138 · July 6, 2023, 7:03pm

Example:

PrimeYeti · July 17, 2023, 3:54pm

So is it possible to have multiple prefixes on my main router in that case? Or can I only have my /48 on my breakout router and then other smaller subnets on routers downstream? Seems wrong to me but I’m new to IPv6!

Kentzo · July 17, 2023, 5:25pm

IPv6 doesn’t limit the number of IPv6 addresses an interface can have. You can configure DHCPv6 Server to do prefix delegation, so routers downstream will be able to request subnets.

cyayon · July 17, 2023, 9:44pm

Hi,

Is it possible to assign a specific subnet from the pool ?
Instead of increment +1 I would like to assign directly the 42th subnet from the pool.
Is there a trick ?

Thanks

Kentzo · July 17, 2023, 9:51pm

You can make a static binding in /ipv6/dhcp-server/binding and then update whenever your delegated prefix changes. Although it needs to be tested whether RouterOS will tell clients to Reconfigure upon change.

Also DHCPv6 protocol allows the requesting client to specify a prefix hint. See if your DHCPv6 client has an option for that. Perhaps RouterOS will respect it.

cyayon · July 17, 2023, 10:16pm

Thanks, but majority of clients use stateless configuration. In this case, there is no specific option to define on the client side.

Kentzo · July 17, 2023, 10:28pm

Then instead of using the “from-pool” option you may set the address directly and update it whenever necessary. Whether RouterOS considers manual allocations and excludes them from dynamic ones needs to be tested.

cyayon · July 17, 2023, 11:34pm

Ok, need a script to find addresses to use from DHCP client (used to authenticate to ISP).
Thanks.

neos14 · March 18, 2024, 12:36pm

@karhill: You are using

prefix-hint=::/60

in your example. What is that? I thought that we need to use Pool-Prefix-Length in DHCPv6 client.

mkx · March 18, 2024, 9:48pm

Two things:

prefix-hint= hints to DHCPv6 server sbout what kind of prefix fo we want to receive. It is possible to set it to prefix we already received in hope that we’ll get the same prefix every time hence forth (pseudo static prefix). And it’s possible to set preferred prefix length - in example quoted above we “kindky ask” for /60 sized prefix (we could ask for /56 as well).
Note that it’s “hint” and DHCPv6 server is more than welcome to ignore it entirely.
pool-prefix-length= defines size of prefixes which pool will later hand out. Generally it should be set to 64, that’s the prefix size which is handled correctly by most (if not all) IPv6-aware OSes.
Using other prefix sizes is possible, but one has to know what he’s doing.