[SOLVED] Native IPv6 allocation not useable by LAN devices?

rackerhacker · January 9, 2012, 1:54pm

TL;DR: I can’t figure out how to get my LAN devices on a native IPv6 allocation assigned to the WAN interface.

I’ve been a user and big fan of Mikrotik devices for a while, but I’ve stumbled upon a situation that is new to me and I can’t quite figure it out.

I have a RB493G in a colo facility sitting in front of some servers. My network looks like this:

|-- My RB493G -----------|          |-- My provider's equipment ---|
/-----------\     /-----\           /-------------\     /----------\
| lanbridge |-----| wan |-----------| Cisco 12000 |-----| Internet |
\-----------/     \-----/           \-------------/     \----------/

[/size]

All of my devices sit on ether2-9 on the RB493G (which are bridged into a bridge called ‘lanbridge’) and the ether1 port is my WAN connection.

My provider has allocated a /64 IPv6 allocation to me and their Cisco 12000 is currently using the ::1/64 address on my allocation as a gateway. I can configure an IPv6 address on my Mikrotik’s WAN interface without a problem and I can reach their gateway. I can also traceroute to and ping many other IPv6 sites without issues.

However, I’m unable to figure out how to share or route any of this /64 with my devices on the LAN. The devices on my LAN see the RA’s from the Mikrotik and they’re doing the stateless auto-configuration just fine. I can ping between devices on my LAN using their public IPv6 addresses and their link local IPv6 addresses.

It seems almost like the Mikrotik thinks anything on my /64 allocation is on the WAN interface and it ignores communication from the LAN bridge.

Here are my current IPv6 configs:

/ipv6 address
add address=2606:f200::5:0:0:0:2/64 advertise=yes disabled=no eui-64=no interface=wan

/ipv6 nd
add advertise-dns=no advertise-mac-address=yes disabled=no hop-limit=64 interface=all managed-address-configuration=no mtu=unspecified \
    other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=unspecified

/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d

/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=2606:f200::5:0:0:0:1 scope=30 target-scope=10
add disabled=yes distance=1 dst-address=::/0 gateway=fe80::210:1fff:fe40:5154%wan scope=30 target-scope=10

[/size]

mrz · January 9, 2012, 2:10pm

ISP should allocate another /64 or /48 for your local devices. And route it to you via 2606:f200::5:0:0:0:2

nickshore · January 9, 2012, 3:08pm

Can’t you put the /64 on your LAN side and ask the ISP to route via the link local addresses ?

Nick.

rackerhacker · January 9, 2012, 10:15pm

Thanks for the tips. I asked my ISP for an additional /64 for the LAN side of the network and they routed it down to my RB493 using the ::2/64 IP of my original IPv6 allocation. Everything is working as expected now and I can get traffic from the lan to wan (and back again).

Once they gave me the new /64, I added this configuration:

/ipv6 address
add address=2606:f200::5:0:0:0:2/64 advertise=yes disabled=no eui-64=no interface=wan
add address=2606:f200::7:0:0:0:1/64 advertise=yes disabled=no eui-64=no interface=lanbridge

[/size]