Is it possible for a Mikrotik router to receive a public IPv6 IP with SLAAC?
Yes - in Winbox, you have to go into IPv6->Settings and change the “Accept Router Advertisements” setting from “Yes, if forwarding disabled” to “Yes”.
However, it will not show you the address it receives. You have to determine this address by taking the second half of the link-local (following the fe80::), copy and pasting it into a text editor, and manually copy and pasting the /64 network address just before that address in the text editor, i.e. replacing the fe80:: part of the link-local. You should be able to ping that address and it will work for all functions, but it will never show it as a bound address.
It also will not show the default route it receives, even though it will use it.
I have requested a few times that they look at improving this behaviour but apparently there is some major technical issue preventing it from showing the SLAAC address and any routes received through ND.
I use SLAAC with the following settings that may be helpful for you:
/ipv6 dhcp-client
add add-default-route=yes comment="delgate ISP-assigned prefix" interface=\
ether1 pool-name=ipv6 prefix-hint=::/56 request=address,prefix \
use-peer-dns=no
/ipv6 nd
set [ find default=yes ] interface=ether1 mtu=1500 ra-lifetime=none \
reachable-time=5m
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h
/ipv6 settings
set accept-router-advertisements=yes
I use vlans and my ISP gives me a /56 … so if your ISP gives you a /64 you will need to adjust the script above to omit prefix-hint=::/56
Perhaps you could help me out with my IPv6 issue: http://forum.mikrotik.com/t/ipv6-configuration-on-pppoe-interface/140890/1
DHCPv6 is not SLAAC.
This worked fine on MikroTik v6.x but now on v7.x it does not seem to get ipv6 this way. Any ideas?
I wouldn’t use the term “fine” for how it works in 6.x, my choice would be “better than nothing”. But you’re right, in 7.1 it doesn’t work at all. Hopefully, when they make it work again, it will be in some more usable form. So at least visible address and gateway. And per-interface config would be nice too.
Running 7.1.1 I also notice it does not pick up an address through SLAAC
Script to get SLACC address, calculate PREFIX and generate new address from this pool.
WHY: I have an RB 750GR3 at home. My ISP uses a router that doesn’t do DHCPv6, except in “bridge” mode. The prefixes are dynamic (if you reboot the ISP’s router, the prefix changes, so it can’t be fixed in the RB). I need a way to access the SLACC address of the RB and use it if necessary.
# RouterOS dont show SLACC address.
# Workaround: create a firewall roule to capture and generate an address-list with this SLACC address.
# After create this rule, force traffic (ping any external IPv6 address, in this case a DNS root server) - this traffic populate the address-list above.
# With SLACC Address, calculate the POOL PREFIX and generate a new ipv6 address using it.
# https://github.com/brasil-iot/mikrotik
#ipv6 config for SLACC (without DHCPv6)
#/ipv6 nd set [ find default=yes ] disabled=yes interface=ether1 ra-lifetime=none
#/ipv6 nd prefix default set preferred-lifetime=4h valid-lifetime=4h
#/ipv6 settings set accept-redirects=no accept-router-advertisements=yes forward=no
#remove any previus SLACC address from list
/ipv6 firewall address-list remove [ /ipv6 firewall address-list find list="ipv6slacc" ];
#/ipv6 firewall address-list print;
#remove any previus SLACC pool
/ipv6 pool remove [ /ipv6 pool find name="ipv6-virtua" ]
#/ipv6 pool print;
#remove any previus SLACC calculated address
/ipv6 address remove [ /ipv6 address find from-pool="ipv6-virtua" ];
#/ipv6 address print;
#if firewall raw rule to get SLACC not exists, create
:if ([/ipv6 firewall raw find address-list="ipv6slacc" ] = "") do={
/ipv6 firewall raw add action=add-src-to-address-list address-list=ipv6slacc address-list-timeout=0s chain=output out-interface-list=WAN src-address=!fe80::/10
}
#make a generic (in this case, DNS root) ping to force ipv6 traffic and populate address-list ipv6slacc (firewall raw)
:execute script="{ ping address=2001:503:ba3e::2:30 count=1 ttl=1 }";
:local QT
:do {
#wait .5s to populate address-list ipv6slacc
:delay .5;
#:put "...ping wait";
:set ($QT+1);
#after 120 interactions (60s) without data in address-list ipv6slacc, abort
:if ($QT > 120) do={
:error "SLACC Address not found";
}
#if address-list ipv6slacc has data, end loop, else wait more .5s
} while=( [ /ipv6 firewall address-list find list="ipv6slacc" ] = "" );
#get ipv6 SLACC address from address-list ipv6slacc
:local CIDR ([ /ipv6 firewall address-list get [ /ipv6 firewall address-list find list="ipv6slacc" ] address ]);
#calculate PREFIX from SLACC address
:local PREFIX ([ :toip6 [ :pick $CIDR 0 [ :find $CIDR "/" ] ] ] & ffff:ffff:ffff:ffff::);
#if no PREFIX found, abort
:if ( ([:len $PREFIX] = 0) || ($PREFIX = "::") ) do={
:error "No PREFIX found";
}
#create default route
:local GATEWAY ([ /ipv6 neighbor get [ /ipv6 neighbor find interface="ether1" ] address ]);
/ipv6 route add gateway="$GATEWAY%ether1" distance=1
#create new pool with SLACC calculated PREFIX
/ipv6 pool add name="ipv6-virtua" prefix="$PREFIX/64" prefix-length=64;
#create new address using SLACC pool
/ipv6 address add advertise=no eui-64=yes from-pool="ipv6-virtua" interface=ether1
I thought I’d comment with something I’ve found with RouterOS 7.x and that is SLAAC does work but there is a bug here preventing it from working fully. On my Mikrotik RB4011 running 7.x I find it inserts garbage IPv6 routes in which when removed IPv6 actually does work - until it renews the address pool breaking IPv6 again due to the garbage routes being re-added. On RouterOS 6.48 IPv6 works as expected. Some posts suggest this may be a RB4011 specific problem but will be interesting to see if this is the behavior others are seeing as I personally don’t have another Mikrotik hanging around to test with.
