Yeah, I’ll drop them a message now and see if they can shed any light on it. I’ll be back here when I hear something.
It is pretty interesting, at this point I am quite invested in just figuring out why this is happening. I’ve done IPv6 from my own ASN on a cloud router (just BIRD2) before and I had some troubles with that but this is possibly something to do with me not having a good understanding of my ISP system.
Alright, I’ve heard back from my ISP.
Their network team cannot see the ONT (cryptic wall box) and the IP allocation is not coming through it anymore. They cannot see very much because of this.
My Mikrotik is plugged into the ONT and has working internet via it.
This isn’t exactly the smoking gun pointing at the problem I hoped for, but rather another weirdness.
Once again, I have checked that my ISP router is able to connect via IPv6 when it is plugged into the ONT.
you use pppoe or vlan?
the dhcpv4 is directly over ether1?
what is your LAN interface?
And another consideration is my ISP recently disconnected me from their CGNAT to give me a dedicated IP(v4) address. I’d assume this shouldn’t cause any problems, as I can see IPv6 works fine via the provided router, but it might cause some abnormal network conditions.
DHCPv4 is working over ether1 yes.
My LAN interface is bridge.
And I'm using PPoE currently as I didn't want to configure VLANs just yet.
you use pppoe???
problably is pppoe that provide you the IP connectivity, not the dhcp on ether1…
I can fail on this because I do not understand correctly how you have setup yout router…
The first user that reply you on this topic must ask first how is configured and attached your router…
put /ip route pri on terminal and post results on forum, obfuscating (not removing) real IPs (not the 192.x, 10.x, 172.x obviously…)
I’m fairly sure I’m using PPPoE, as I haven’t configured any VLANs.
/ip route pri
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 1.1.1.1 1
DAc 1.1.1.1/20 ether1 0
DAc 192.168.1.0/24 bridge 0
My public IP replaced with 1.1.1.1
I do not see any pppoe interface in routes…
also /int pri please?
while waiting for /interface print
test this:
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes max-neighbor-entries=32768
set multipath-hash-policy=l3 ; # this line do error if not used on v7.16.2 and up
/ipv6 dhcp-client
remove [find]
add add-default-route=no disabled=no interface=ether1 pool-name=dhcpv6-pool pool-prefix-length=64 prefix-hint=::/0
rapid-commit=no request=prefix use-peer-dns=yes
/ipv6 address
remove [find where dynamic=no]
add address=::/64 advertise=yes disabled=no eui-64=yes from-pool=dhcpv6-pool no-dad=no interface=bridge
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no hop-limit=64 managed-address-configuration=no
mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m reachable-time=unspecified
retransmit-interval=unspecified interface=bridge
set [ find default=yes ] ra-preference=medium ; # this line do error if not used on v7.16.2 and up
Routes:
/interface print
Flags: R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R ether1 ether 1500 1568 9214 F4:1E:57:2D:D4:5B
1 S ether2 ether 1500 1568 9214 F4:1E:57:2D:D4:5C
2 RS ether3 ether 1500 1568 9214 F4:1E:57:2D:D4:5D
3 RS ether4 ether 1500 1568 9214 F4:1E:57:2D:D4:5E
4 S ether5 ether 1500 1568 9214 F4:1E:57:2D:D4:5F
;;; defconf
5 R bridge bridge 1500 1560 F4:1E:57:2D:D4:5C
6 R lo loopback 65536 00:00:00:00:00:00
7 RS wifi1 wifi 1500 1560 1560 F4:1E:57:2D:D4:60
8 RS wifi2 wifi 1500 1560 1560 F4:1E:57:2D:D4:61
9 RS wifi3 wifi 1500 1560 1560 F6:1E:57:2D:D4:60
10 RS wifi4 wifi 1500 1560 1560 F6:1E:57:2D:D4:61
The test code doesn’t seem to have got it working, although I have not performed a restart of the router after making the changes, just run a release on the dhcp6 client.
Now is clear that you do not use pppoe or vlan, but just DHCPv4 client.
Restart is not needed.
try this:
/ipv6 address
remove [find where dynamic=no]
/ipv6 dhcp-client
remove [find]
add add-default-route=yes disabled=no interface=ether1 rapid-commit=no request=address use-peer-dns=yes
If you obtain an IPv6, put it here obfuscating it (but not the /xx part…)
also /ipv6 rou pri and /ipv6 address pri with results obfuscated.
Perfect, thank you for verifying for me.
I do obtain an IPv6 address correctly when running that code, in the range 2a10:bcc0::/29 (owned by my ISP)
This is correct for the allocation of a single address.
/ipv6 rou pri
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd ::/0 fe80::a05:e2ff:feb0:9e8f%ether1 1
DAc ::1/128 lo 0
DAc ISP_PROVIDED_IP/128 ether1 0
DAc fe80::%ether1/64 ether1 0
DAc fe80::%bridge/64 bridge 0
/ipv6 address pri
Flags: D - DYNAMIC; G - GLOBAL, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 D ::1/128 lo no
1 DL fe80::f61e:57ff:fe2d:d45c/64 bridge no
2 DL fe80::f61e:57ff:fe2d:d45b/64 ether1 no
3 DG ISP_PROVIDED_IP/128 ether1 no
Relevant outputs provided.
Ok, if you can only receive (correctly) one /128 and you can ping correctly 2606:4700:4700::1111 from your router,
is meaning that the “cryptic box” probably is just configured to do bridging,
and the Juniper router of your ISP provide public IPv4 on DHCP and single IPv6…
So you must ask your ISP for further checks, in meantime or if your ISP can’t help,
you can use NATv6 with true IPv6 provided for free from hurricane electrics (see other posts) to use internally on your own network…
http://forum.mikrotik.com/t/my-isp-gives-me-only-64-ipv6-prefix-how-do-i-create-multiple-subnets/180205/5
EDIT: some edits for add link, detail on device used from the ISP, etc. …
I suspect this means that your ISP has a secuirty lock on the mac address of their provided Router.
So you can try the following [assuming you are still using the config I provided you]
Find out the MAC Address of the ISP Router for the WAN connection THEN on the TIK Router change the MAC addy of ether1 to match that and see if that solves the problem.
Or you can ask them if their security protocal ties their provided Router MAC addy or serial number to your account — they can change that to your Tiks either1 MAC addy or Tiks serial number if that is the case …
Thanks for the suggestion, the ISP has confirmed that they do not use any MAC whitelisting and that the router “should” work fine.
I might give rextended’s HE idea a go as there is clearly something wrong between me and my ISP systems and we could be stuck trying to debug it for days. I’ll report back once I’ve had time to try Tunnelbroker.
added on previous post, if you not notice it:
“cryptic box” probably is just configured to do bridging,
and the Juniper router of your ISP provide public IPv4 on DHCP and single IPv6…
a05:e2 → 0a:05:e2 → 08:05:E2 Juniper https://hwaddress.com/oui-iab/08-05-E2/
f61e:57 → f6:1e:57 → F4:1E:57 MikroTik (as Routerboard.com) https://hwaddress.com/oui-iab/F4-1E-57/
This is wrong …. If the network team cannot see the ONT …. ESCALATE TO some one who can … do not give up … this is not rocket science … someone from the NOC should be able to help you to resolve this ….
+100
Another possibility (very common where optical network owner is different than ISP) is that ISP network team never saw ONT, they actually saw their own router. With their router out of the way, ISP can’t see much. And ONT will be managed (and seen) by ON owner’s network team (but you as ISP’s customer don’t have “right” to talk to them).
At least that’s the way I have on one of my locations (GPON, owned by open networks provider … their ONT … and ISP who could access only their router if I hadn’t replaced it with a Mikrotik 
so now they can’t see much).
Yeah, technically they MUST be able to see the ONT somewhere but this looks like it’ll be a more long term problem.
Tunnelbroker works amazingly well actually, it took about a minute to get it working and my whole network now has “IPv6”. I’m using 6to4, but I’m assuming there’s probably a way to switch it to 6to6 as I can get a single IP6 address and it’s probably going to be a little better?
I’m assuming my ISP are looking at some router management tool that Calix provided them, which would explain why they can’t see the ONT if the software relies on their router. If I can get internet through their network then they must be able to see the ONT, as it sits between my router and them.