Split IPv6 /56 obtained via the PPPoE

RouterOS General
1

Hi,
My ISP gave me IPv6 address spaces via the PPPoE:
IPv6 Prefix: 2a00:1234:5678:11::/64
IPv6 Delegated Prefix: 2a00:1234:567:b00::/56
I did manage to make it working but now all devices in local network are getting IPv6 addresses from first /64 subnet extracted from /56 pool. This is kind of fine but Iā€™d like to split /56 into smaller chunks and then assign it to specified devices both behind NAT and these having public IP (I have /29 IPv4 from my ISP too). At the moment if I add another /64 subnet then all devices are getting multiple ipv6 addresses.
How can I do this?

[admin@RB750Gr3] /ipv6/firewall> /ipv6 address print                                                                                                                           
Flags: I - INVALID, D - DYNAMIC; G - GLOBAL, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
#    ADDRESS                              FROM-POOL  INTERFACE               ADVERTISE
;;; Xxxxxx
0  G 2a00:1234:567:b01::1/64              Xxxxxx     bridge1                 yes      
1 DL fe80::50af:79df:51e4:4870/64                    wireguard-client-xxx    no       
2 DL fe80::41e7:9486:ed68:d9e2/64                    wg-server               no       
3 DL fe80::62c1:7efb:be81:9b95/64                    wireguard-client-xxxxx  no       
;;; interface must have mtu >= 1280 to support ipv6
4 IL fe80::f3d1:3d75:eb1f:1337/64                    wireguard-client-xxxxx  no       
5 DL fe80::e68d:8cff:feb1:59d/64                     bridge1                 no       
6 DL fe80::e68d:8cff:feb1:59c/64                     ether1                  no       
7 DL fe80::dc70:be60:0:6/64                          pppoe-out1              no       
8 DG 2a00:1234:5678:11:xx70:xx60:0:6/128             pppoe-out1              no
2

Assuming 2a00:1234:567:b01::/56 is your prefix from the ISP, that hopefully complies with BCOP-690.

2a00:1234:567:b01::1/64 will go to your ā€œbridgeā€ as is.

Then simply create new pools whereby you have a /60 per pool like say pool1: 2a00:1234:567:b02::/60 etc
Then run a DHCPv6 server for ia_pd on your router, your client device will then need to request for the /64 from the /60 pool via dhcpv6 client ia_pd request.

Or, just use static routing, or BGP with FRR if itā€™s a Linux host.

What you want is a routed prefix from the /56 to your individual host.

3

/56 can be split into 256 networks with /64 ,
minimum you may use for any interface is /64
Starting 2a00:1234:0567:0b00:
to 2a00:1234:0567:0bff:


Assign any of these /64 addresses to an interface and let SLAAC do the rest, ā€˜advertiseā€™, and route ::/0 to pppoe-out1

and you may use 2a00:1234:5678:11::/64 on WAN

Hope these arenā€™t your real IPv6 addresses otherwise you just published your public IP.

4

Why does this matter? Wasnā€™t the whole point of IPv6 was there being no NAT thus allowing direct peer to peer connectivity and making all sides aware of the globally routeable IP of every device? Come onā€¦


Edit: gonna bet these are NOT real. Pay attention to the address -2a00:1234:5678:11::/64

5

Public IPv6 or IPv4 doesnā€™t matter - People never heard of stateful firewall before, it seems.

@OP this may also interest you maybe:
http://forum.mikrotik.com/t/how-to-edge-router-and-bng-optimization-for-isps/150007/1

6

So here is my current config on screenshots. Should I remove 2a00:1234:567:b00::/56 from IPv6/DHCP Client (last position in the table) and from IPv6/Pool/Pools?
As you can see Iā€™ve already cut out one /64 from it and added to Addresses, IPv6/ND/Prefixes and IPv6/Pool/Used Prefixes however devices in the local network are getting addresses from 2a00:1234:567:b01, 2a00:1234:567:b02 and 2a00:1234:567:b03. b02and b03 are not configured so I am guessing they are obtained from b00::/56
If I configure DHCP server for IPv6, will only defined hosts get IPv6 address? What else should I change?
Screenshot 2024-02-19 at 08.43.39.png
Screenshot 2024-02-19 at 08.42.29.png
Screenshot 2024-02-19 at 08.41.38.png
Screenshot 2024-02-19 at 08.40.13.png
Screenshot 2024-02-19 at 08.37.03.png
Screenshot 2024-02-19 at 08.34.15.png

7

MikroTik does not support DHCPv6 to distribute individual addresses. So you cannot do that.
You can use DHCPv6 to distribute prefixes, e.g. when you have a down line router you want to pick a /64 from your /56 pool, you can setup a DCHP server with the pool you obtained from PPPoE and re-distribute parts of it.
But for local address assignment, SLAAC is your only option (at the moment), no DHCP.

8

Ok, so is it possible to exclude some network devices (Chromecasts) from obtaining IPv6? It is unfortunately not possible to disable it on Chromecast itself.

9

No, you only can attempt to filter their internet access and they will fall back to using IPv4.

10

Is there any WORKING instruction how to configure SLAAC on Mikrotik with PPPoE on WAN and Bridge on LAN?

11

It is easy.
How do you get the IPv6 space on PPPoE? Is it via DHCPv6 client?
Normally you would do something like this:

/ipv6 dhcp-client
add interface=pppoe1 pool-name=v6prefix request=prefix

/ipv6 address
add address=::1 from-pool=v6prefix interface=bridge

The bridge will get an IP address from the pool and start advertising it (SLAAC).
These are default parameters. Make sure you have not previously added other parameters that override this.
When in doubt, do a /export and see if there are no other options enabled in these commands.

12

PPPoE:
IPv6 Prefix: 2a00:1234:5678:11::/64
IPv6 Delegated Prefix: 2a00:1234:567:b00::/56
So which one should I add to Addresses, Prefix /64, delegated prefix /56 or both?
What about options in Settings like IPv6 forwarding, etc.?