RFC 6666

RouterOS Forwarding Protocols
1

https://tools.ietf.org/html/rfc6666

If I try and distribute a IPv6 blocklist via BGP to a Mikrotik router using the next-hop of the RFC 6666 discard address the Mikrotik drops it:

Debug Log:
Martian global next hop: reserved address 100::1
invalid NEXTHOP

Mikrotik Wiki: Another small difference is that there are no blackhole or prohibit routes, only unreachable.

Is that due to current RouterOS limitation or Mikrotik not embracing blackhole routing for IPv6?


Typically with IPv4 I would specify a next-hop of 192.0.2.1 and use routing filter to set it to blackhole. I would think that utilizing the RFC 6666 0100::/64 would be perfect for this application.

1 Like
2

Mikrotik support responded with: Thank you for request. We will see what we can do for future versions.

Hopefully this will be addressed in a future update.

3

It’s a little bit of both IMHO.
IPv6 in MikroTik is generally very barebones compared to the features they have implemented for IPv4.

4

Yes sir I do believe you are correct. With the volume of IPv6 addresses I think blackhole or null routing will be needed as the malicious behavior shifts to the IPv6 addresses. I have a considerable amount of development in IPv4 BGP blocklist servers and this is really needed for the IPv6 blocklist servers to work in a proper and standardized way with Mikrotik.

1 Like