hello everyone … I have set up a 6to4 tunnel from a CHR to a remote RB … the tunnel is registered … I have assigned two IPs of a ULA subnet to the sides of the tunnel and the two IPs ping each other … on the CHR I have 10 IPv6 single public IPs assigned … one I have attested to the CHR and by inserting the default route it works … the other 9 I would like to take them up to the RB passing through the tunnel … I have done various tests but not I can navigate the RB in ipv6 … how should this be done?
Have you got 10 /64 subnets or seriously 10 /128 individual addresses? In either case, same question like in the IPv4 case - how does the neighbor (the router in the datacenter) know that traffic for these 10 addresses or subnets should be sent to the CHR, does it have routes for them via the CHR’s link-local address on ether1? Or, maybe an easier way to learn that - if you sniff for one of the addresses that is not assigned to the CHR itself and ping it from outside, can you see the ping requests to come to the CHR?
/tool sniffer quick ipv6-address=2xxx::xxxx
I don’t have 10 subnets, but 10 single ip … I have attested a single one in / 64 to chr and so it navigates in ipv6 … in theory the CHR ISP announces the IPv6 on the ether port of the CHR .. .if I try the ip manually on the CHR it seems to work … if you run the sniffer command I don’t get any results
you say you see the sniffer command while at the same time a ping is performed from the outside to the same ip?
Yes, exactly.
from the sniffer I would tell you that the ip from ether1 arrives at the chr and it is even encapsulated in the tunnel … but in the RB if I smell I don’t see anything
That sounds weird to me. So you can see the ping request at two interfaces, coming in via ether1 and leaving via the 6to4 one, at CHR1, but you cannot see it at the RB at all?
If I understand it correctly that addresses are not routed, but they simply belong to one common /64, which is shared by CHR and ISP’s router, you’ll have problem routing them further. If it was IPv4, you’d use proxy ARP. But I don’t think RouterOS has anything like that for IPv6.
yes, but looking carefully at the photo, I do not understand if then from the tunnel it succeeds towards ether1 .. I imagine that being bidirectional is normal ..
Photos
The sniffer output shows that the remote RB even responds to the ping - the arrows show the request came in via ether1, got forwarded out from 6to4-tunnel1, then 44 ms later the response came in via 6to4-tunnel1, and got sent out from ether1.
Did the responses reach the machine from which you were pinging?
Is the actual issue that you can ping the address at the RB but cannot log in to the RB using that address?
the problem is that from the remote RB I don’t pin the banal ipv6 2600 :: and I don’t even pin other ipv6 addresses, I haven’t tried to access
So you can ping the RB from outside and from the CHR, but you cannot ping anything on a global address from the RB?
I did some tests … so if I certify the public ip not working on the CHR, it is working … if after having made it surf the internet I re-link it to the remote rb … magic, it surfs … too bad it lasts little … maybe 15 minutes and then it times out … there seems to be something on the machine that announces the ip, which recognizes the mac of the chr … I don’t understand how to solve
Do you mean that you assign the address to CHR for a while, use it to access internet, then you remove it, and after that you can use this address from other device over tunnel? If so, it would suggest that you need NDP proxy, which RouterOS currently doesn’t have.
that’s right, you have grasped the concept
since there is no ndp proxy available on routerOS, if i tunnel eoip v6 and encapsulate it in tunnel 6to4, could i carry ip with tunnel layer2?
Yes. But you can also use EoIPv4 instead (single tunnel).
I’ll try tomorrow …
If you have v7, something could be done using netmap or undocumented dnpt/snpt, but… yikes. Not really something you want to use.