I’m lost in what I need to configure to get my router to talk to the IPv6.
Is there someone out there who can give me the needed steps I have to walk thru?
I’m Running RouterOS 7.9.1 on a RB4011 thats connected to the ISP via a sfp.
After a short while, LAN clients should start receiving RAs and construct their own IPv6 addresses inside same IPv6 /64 subnet.
You can affect a bit more the selection of prefix (and address) for each individual LAN interface, with property address you essentially set the least significant bits of address (so it has to start with : while the most significant bits are filled automatically by router by pulling prefixes from pool. Make sure that pool has prefix-length set to 64 (and nothing else), because this governs then the size of prefixes pulled out of pool (and has nothing to do with pool size). Using /64 subnets is more or less standard and one has to know their stuff to go for anything else.
Remember that your IPv4 firewalls have no effect on IPv6 traffic. You need to create IPv6 firewall rules separately. By default there are zero IPv6 firewall rules so you are wide open.
I have not looked at ROS 7 yet, but on my RB4011, with 6.49.6, when I enabled IPv6, there were absolutely no IPv6 firewall rules. I rather quickly built a few rules to essentially firewall everything (I’m not really using IPv6, but I do get addresses from both ISPs).
Nice to see that ROS 7 defaults with at least something…
The reason for missing IPv6 firewall rules in ROS v6 is that default config gets only applied when device is reset to default config when the involved package is already installed and enabled. In ROS v6 IPv6 is optional package and since it’s mostly installed after device is already set up, nobody performs reset to default after installing IPv6 package. And default config is not applied simply by installing optional package.
In ROS v7, IPv6 is part of base package and thus related default config is applied along with the rest of default config. Unless one resets/netinstalls to no config - in which case the rest of config is missing as well.
One can always consult default config by executing /system default-configuration print as user with administrative permissions. Make sure terminal window is as wide as possible, long lines are not wrapped, they’re truncated. Then one can simply copy-paste of ipv6 configuration subtree.
That’s the next step. In te meantime I have disabled IPv6 until I have time to configure the IPv6 firewall
Good plan!
The reason for missing IPv6 firewall rules in ROS v6 is that default config gets only applied when device is reset to default config when the involved package is already installed and enabled. In ROS v6 IPv6 is optional package and since it’s mostly installed after device is already set up, nobody performs reset to default after installing IPv6 package. And default config is not applied simply by installing optional package.
Good point. Note that at least in later ROS 6 versions, IPv6 is “bundled” and can not be uninstalled. It of course can be disabled.
while the most significant bits are filled automatically by router by pulling prefixes from pool. Make sure that pool has prefix-length set to 64 (and nothing else), because this governs then the size of prefixes pulled out of pool (and has nothing to do with pool size). Using /64 subnets is more or less standard and one has to know their stuff to go for anything else.