IPv6

Im a IPv6 dummy…

If I plug in my XP based computer to the cable modem, I automagically get fully configured for IPv6 and can reach IPv6 web sites. No need for registering for a tunnel or anything. Its plug and play. Of course I do have to install IPv6 in XP. But Vista and W7 need no config at all. They just plug in and work. No config at all.

So my cable company is supporting IPv6 and it works perfectly and completly automatically.

My computer works completly automatically.

However my Mikrotik router needs a large amout of config, a fixed IP from the cable company to support a tunnel and a account at HE.. Even then, I have been unable so far to get RouterOS 4.9 to work.

Why is this the case ? Can’t the router see the cable company config like my computers do ? Can’t the router see the computer and provide connectivity ?

In fact I dont know of a router that can just work on IPv6 without config, even though I thought one of the main things IPv6 offers is auto.

Ok ok… So then.. How do I get IPv6 working on my cable company’s setup. I do NOT want to rely on HE and a fixed tunnel. There must be some way to get connected to the cable company and get the info required to use thier tunnels and hook them to my computers.

This would be a very useful thing as I know that Cox Cable, Comcast and AT&T use the same setup for IPv6. So a config for this could be used by many people.

Ideally after some config, you should be able to plug the router into any Cox/Comcast/AT&T connection and it will discover all the right settings and any computer plugged into the router will end up connected up IPv6 correctly without any config.

Has anyone done this ? If not any ideas ? I could see this being a useful wiki entry on IPv6.

Autoconfiguration is primarily for client computers, not so much for routers.
Client computer needs just one address and autoconfiguration can provide it. Router in addition needs another whole subnet for computers connected behind it.
Even if ROS accepted router advertisements from ISP’s router and configured address for itself (currently it doesn’t seem to), it would not be very useful, because it’d be still missing the addresses for computers on internal network.
Ask your ISP, they know best what they can do for you.

Ok so the router cant obtain 1 IPv6 address from the ISP and then generate its own addresses from a maunally pre assigned pool then do some sort of NAT ?

This would solve many problems.

It would work just like a IPv4 router. This cant be impossible with IPv6 ?

IPv6 seem to want to assign EVERYTHING a externaly accessable address. I dont need or want that. I like NAT.

This MUST be possible ?

NAT was never meant to be used as a form of network security; it was hacked together to forestall every single machine in the world requiring a globally-unique IPv4 address.

The inability to make direct inbound connections to machines behind a NAT was not by design; merely a side-effect.

The whole point of IPv6 is that you don’t need to use specific private addressing behind a single globally-routable address like you do with IPv4; everything has its’ own globally unique address - if you want to emulate the security ‘features’ of NAT, simply ensure that no-one can connect to the machines behind your router by firewalling off all externally-initiated inbound traffic to your internal network.

It really is that easy.

Regards,
Terry Froy
Spilsby Internet Solutions

Well yes, of course. BUT again, we have a huge problem again. Having to assign all my computers a world reachable IPv6 address. This then requires a account at HE and then a tunnel setup and a fixed IP for a home modem. This prevents me and many others from going to IPv6.

So again, I would think that a IPv6 NAT with the router grabbing a single world accessible IPv6 address from the ISP and then assigning IPv6 addresses from a pool of pre configured addresses to my lan side devices and doing NAT would be the much needed solution to getting a huge chunk of people onto IPv6 ?

This cant be that hard ? The benefits seem worthwhile, suddenly IPv6 just works automagically with routers.

Im sorry if I am somehow being newbie stupid here. I just dont see why this cant be done ?

Ive posted a question over at DSLReports on my ISP’s forum about how to somehow get connected to my ISP IPv6.

http://www.dslreports.com/forum/r24247961-IPv6-help

But this is a separate issue from my question above..

who is your ISP? never heard of any giving out native v6 yet so im curious.

ask your ISP to give you a subnet for your WAN, and a subnet for your LAN. Have them route your LAN subnet thru your WAN subnet ip.

Well its not native. Your right I dont think anyone is doing that… Yet…

It hands me a automagically configured tunnel..

Here are my exact settings for a test. YES these are full IP’s but there is no longer a computer at them so its OK to disclose them.

On a XP machine I installed ipv6 ( cmd prompt > “ipv6 install” ) then plugged directly into the cable modem. Vista and W7 just work no need to install anything. No need to reboot XP either. You do have to restart your browser to go to IPv6 only sites. To test go to http://v6.testmyipv6.com/ and/or http://ipv6.google.com/ You can also use ping6 to ping stuff.

Doing a ipconfig, In my case the automagical numbers that got assigned are:

Ethernet Adapter Local Area Connection:

Connection-specific DNS suffix: ph.cox.net
IP address:68.106.249.47
subnet mask:255.255.248.0
IP Address:fe80::f200:8dff:fed1:783f%5
Default gateway:68.106.248.1

skipping Tunnel adapter Teredo as its not used.

Tunnel adapter 6to4:

Connection-specific DNS suffix: ph.cox.net
IP Address: 2002:446a:f92f::446a:f92f
default gateway: 2002:c050:6301::c050:6301

Tunnel adapter Automatic Tunneling Pseudo-Interface

Connection-specific DNS suffix: ph.cox.net
IP Address: fe80::5efe:68.106.249.47%2

AGAIN 100% automatic. On Vista and W7 it just works right out of the box. Auto configured tunnel.

I have posted a thread in a IPv6 forum…

http://www.dslreports.com/forum/r24249294-Newbie-help-Mikrotik-Router-Cox-cable

Everything starting with 2002: is 6to4, automatic tunelling over IPv4. Don’t thank your ISP for that, it works with any IPv4 public address.

If your public address is static, this should be enough:

/interface 6to4
add disabled=no local-address=aaa.bbb.ccc.ddd mtu=1480 name=6to4

/ipv6 address
add address=2002:AABB:CCDD:1::1/64 advertise=yes disabled=no eui-64=no interface=LAN
add address=2002:AABB:CCDD::1/16 advertise=no disabled=no eui-64=no interface=6to4

/ipv6 nd prefix default
set autonomous=yes

/ipv6 route
add disabled=no distance=1 dst-address=2000::/3 gateway=::192.88.99.1%6to4

Where aaa.bbb.ccc.ddd is your public address and AABB:CCDD is the same address converted to hexadecimal representation (68.106.249.47 and 446a:f92f in what you posted).
If your address is dynamic, then it must also be possible to set up, but I’m not exactly sure how, I never tried it before in ROS. You probably need some script to update the local address in 6to4 interface settings. Maybe somebody else knows.

Don’t know about the OP, but in the UK, Andrews and Arnold have been providing native IPv6 for around about 6 years. See http://aaisp.net.uk/kb-broadband-ipv6.html.

OoOooo Sob, that seems pretty close !

I don’t know enough script either. Maybe someone here can complete this quest ? It would be pretty awesome to have a script and some settings that would make a router just work automagically on any connection

I would think it would be a good thing to put in the wiki under the IPv6 section as a example.

Some script and settings to make RouterOS just automagically do tunneled IPv6 on any connection, Thats pretty awesome.

Updating the local address of 6to4 interface is easy, just take the script from wiki (http://wiki.mikrotik.com/wiki/Hurricane_Electric_IPv6_Tunnel_-_IPv4_Endpoint_updater) and cut the unneeded last part (the one with /tool fetch).

Unfortunately it won’t help you much. In this case you also have to change the IPv6 addresses and prefixes, because they’re derived from actual IPv4 address.

ROS can change the advertised prefix automatically (when you select 6to4 interface parameter in IPv6->ND->Prefixes), but it seems to be completely buggy (ROS 4.9 x86):

• It requires “6to4 interface” to be WAN interface instead of actual 6to4 interface. It doesn’t make sense, because there can be several 6to4 interfaces on the same WAN.
• It creates the address with reversed byte order. I tried it with 192.168.80.200 and instead of correct 2002:c0a8:50c8::/64 it generates 2002:c850:a8c0::/64.
• It is quite laggy. When the IPv4 address is changed it still keeps advertising the old prefix.

But it can be worked around, we have the script running anyway, so it’d be possible to change prefix manually. Also the IPv6 address of 6to4 interface must be changed.

And here I’m lost. It’d require to parse IPv4 address, convert numbers to hexadecimal representation and construct the address from them. But I can’t find any “int to hex” function in ROS scripting…

Hmmm…

Yes with DD-WRT and Open-WRT you have full access to the *nix enviroment so converting numbers to hex and everything else is easy. I do wish we had access to *nix. Ive run into that problem before.

Buggy is bad. Hard to overcome that one..

well that is discouraging.

Ok well… NO doubt it can be done. In our case we need Mikrotik to implement a solution however. Not sure if this has any application to the pro market, but for the 750G and 450G SOHO home user market this would be a great thing to implement.

I can imagine a single check box to enable this functionality. But it might just stay in my imagination…

Well awesome work on this Sob ! You need some Karma !

More about troubles with ROS and IPv6 can be found here: http://forum.mikrotik.com/t/rb-450g-ipv6-problem-partial-solution/34431/1

Well in all fairness ROS is not alone in IPv6 having some trouble. Open-WRT and DD-WRT also have issues.

I found some time before going to bed and decided to give it one more try. And it wasn’t really that hard.

Sample initial configuration:

/interface 6to4
add disabled=no local-address=192.0.2.1 name=6to4 remote-address=unspecified
/ipv6 address
add address=2002:c000:201::1/16 advertise=no comment=6to4public disabled=no \
    eui-64=no interface=6to4
add address=2002:c000:201:dead::1/64 advertise=yes comment=6to4subnet \
    disabled=no eui-64=no interface=LAN1
add address=2002:c000:201:beef::1/64 advertise=yes comment=6to4subnet \
    disabled=no eui-64=no interface=LAN2
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=2m valid-lifetime=5m
/ipv6 route
add disabled=no distance=1 dst-address=2000::/3 gateway=::192.88.99.1%6to4

The addresses must be created and properly labeled by comments.

And following is the update script:

# settings begin:

:local WANinterface "WAN"
:local 6to4interface "6to4"
:local PubAddrComment "6to4public"
:local SubnetAddrComment "6to4subnet"
:local LogPrefix "6to4update: "

#settings end.

:local WANaddress

:set WANaddress [/ip address get [/ip address find interface=$WANinterface] address]
:set WANaddress [:pick [:tostr $WANaddress] 0 [:find [:tostr $WANaddress] "/"]]

:if ([:len $WANaddress] = 0) do={
  :log error ($LogPrefix . "Could not get IP for interface " . $WANinterface)
  :error ("Could not get IP for interface " . $WANinterface)
}

:if ([/interface 6to4 get ($6to4interface) local-address] != $WANaddress) do={
  :log info ($LogPrefix . "Updating " . $6to4interface . " local-address with new IP " . $WANaddress . "...")
  /interface 6to4 set ($6to4interface) local-address=$WANaddress
   
  :set WANaddress ($WANaddress . ".")
  :local IP6prefix "2002:"
  :local num
  :local tn
  :local hi
  :local lo
  :local ar
  :local pos
  :local IP6part

  :for i from=0 to=1 do={
    :set IP6part ""  
    :for j from=0 to=1 do={
      :set pos [:find $WANaddress "."]
      :set num [:pick $WANaddress 0 $pos]
      :set WANaddress [:pick $WANaddress ($pos + 1) 99]
      :set tn [:tonum $num]
      :set hi ($tn / 16)
      :set lo ($tn - ($hi * 16))
      :set ar [:toarray ($hi . "," . $lo)]
      :foreach val in=$ar do={
        :if ($val < 10) do={
          :set IP6part ($IP6part . $val)
        } else={
          :if ($val = 10) do={ :set IP6part ($IP6part . "a") }
          :if ($val = 11) do={ :set IP6part ($IP6part . "b") }
          :if ($val = 12) do={ :set IP6part ($IP6part . "c") }
          :if ($val = 13) do={ :set IP6part ($IP6part . "d") }
          :if ($val = 14) do={ :set IP6part ($IP6part . "e") }
          :if ($val = 15) do={ :set IP6part ($IP6part . "f") }
        }
      }
    }
    :set IP6prefix ($IP6prefix . $IP6part . ":")
  }
  
  :foreach i in=[/ipv6 address find] do={
    :local addr [/ipv6 address get $i address]
    :local cmnt [/ipv6 address get $i comment]
    :local name [/ipv6 address get $i interface]
    :if ($cmnt = $PubAddrComment) do={
      :local newaddr ($IP6prefix . ":1/16")
      /ipv6 address set $i address=$newaddr
      :log info ($LogPrefix . "Changed address of interface " . $name . " from " . $addr . " to " . $newaddr)
    }
    :if ($cmnt = $SubnetAddrComment) do={
      :local tmp $addr
      :for j from=0 to=2 do={
        :set pos [:find $tmp ":"]
        :set tmp [:pick $tmp ($pos + 1) 99]
        :if ($j = 2) do={
          :set pos [:find $tmp ":"]
          :local newaddr ($IP6prefix . [:pick $tmp 0 $pos] . "::1/64")
          /ipv6 address set $i address=$newaddr
          :log info ($LogPrefix . "Changed address of interface " . $name . " from " . $addr . " to " . $newaddr)
        }
      }
    }
  }
  :log info ($LogPrefix . "Finished successfully.")
}
#EOF

Name it “update6to4” and add it to scheduler:

/system scheduler
add comment="" disabled=no interval=5m name="Update 6to4" on-event=\
    update6to4 policy=read,write start-date=jan/01/1970 start-time=00:00:00

Excellent and informative post.

I think I’ll expand on this to create an auto-setup-6to4 script
Do you mind if I use the original script in a blog post if it is attributed back to you?

Use it, improve it, sell it, … anything you want.

Of note, this config works fine in v4.11 but not properly in v5.0beta6

Edit: scrap that, got it working in 5.0beta6 I think I might have been doing something dumb