Community discussions

MikroTik App
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 7:00 pm

Hi Mikrotik

it there any chance that IPv6 will be implemented fully on v7?

here i mean stateful DHCP
yes, i read it many times, that stateless is enough for home use, but...
is OSPF and BGP and L7 filter and EoIP and ... whatever, is they for home use? NO !
they are for routers
and stateful IPv6 DHCP is a must.
From my point of view, it is so annoying that you have XXX USD worth router, and you need plus some opensource OpenWRT or similar Linux distro to make IPv6 work
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 7:38 pm

I never required IPv6 dhcp to make IPv6 work... do you?
Sure, like you, I would hope that there are IPv6 improvements.
However, it is not likely. IPv6 is not a priority for MikroTik. Their clients do not ask for it.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 7:57 pm

I never required IPv6 dhcp to make IPv6 work... do you?
Well, if you look from this point, ...
there is always a manual method of assigning v6 address to some workstation or other network equipment

but, then, why Mikrotik does not ERASE/DELETE v4 DHCP?
what is the use of this anyway? only waste of space on NAND
if we could manualy setup v6 on workstations, so why not on v4?

p.s. i will rather drop dead than to enable SLAAC on network
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 8:10 pm

SLAAC is the standard method, almost nobody uses DHCPv6 to assign addresses
 
gsbiz
just joined
Posts: 20
Joined: Sat Nov 17, 2018 5:18 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 8:11 pm

I'm a client and I'm asking for it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 8:24 pm

I'm a client and I'm asking for it.
No, you are not a client of MikroTik. You buy your routers at some distributor or dealer, and THEY are the client of MikroTik.
So you need to convince them to ask to MikroTik for more IPv6 features. Apparently none of them do so right now.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 8:38 pm

SLAAC is the standard method, almost nobody uses DHCPv6 to assign addresses
don't get me wrong
i don't want to argue :)

but if someone explain me how to solve these questions, maybe i will consider using SLAAC

for example
ComputerA is going "out" on gateway1
ComputerB is not allowed to visit web pages which are pointing out of country
ComputerC is going "out" on gateway2
ComputerD is not allowed to go on internet from 14-20pm
etc

suppose they are on same LAN segment (dumb switch) so the only routing decision is possible on router itself, based on source address
which source address? from 10 temporary address assigned, which one should i use in filtering?

and, yes, there is security question. Why should i allow some device which is not handled by dhcp to make anything on network?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: IPv6 dhcp finally in v7 ?

Tue Apr 28, 2020 11:11 pm

suppose they are on same LAN segment (dumb switch) so the only routing decision is possible on router itself, based on source address
which source address? from 10 temporary address assigned, which one should i use in filtering?

and, yes, there is security question. Why should i allow some device which is not handled by dhcp to make anything on network?
I do agree that it would be nice if MikroTik were to develop IPv6 DHCP for handing out individual addresses, but for two specific purposes. One is from a service provider standpoint, that some third party home routers will not accept a prefix if they do not also get an address ffrom DHCP. They are obviously programmed with a poor implementation, but DHCPv6 stateful addressing would take care of this. The second reason is for IPv6 mode-config in IPsec roadwarrior VPN, where mode config is currently only possible using stateful addressing (I don't think mode-config supports giving a /64 to a client yet).

However, I think you may be overestimating what IPv6 DHCP can do, and its usefulness on a corporate network. Unlike IPv4 DHCP, it does not record the hostname of the client that gets the address, and it also does not record the MAC address. So all that you have is a DUID and a lease time. If you go around and record DUIDs for all your computers, this identification mechanism can still be useful, but is not as directly usable as IPv4 DHCP, where you know what the client's hostname is and what the MAC address is.

The other issue is that Android does not support DHCPv6 client to receive stateful addresses, and never will. Google has refused to ever support this. Those who have rolled out DHCPv6 client only and not SLAAC are preventing Android devices from connecting to their network. If you run both SLAAC and DHCPv6 client then your computers can also get addresses through SLAAC and the use of DHCPv6 server as an identification mechanism goes out the window, since the computer can decide to make the request via the SLAAC address instead.

Due to Google's refusal to ever support stateful DHCPv6 anytime in the future, new standards have been developed (ex. RFC8273) to work around this by giving each host a /64 subnet all to itself. This could be implemented on a corporate network by giving each computer a DHCPv6-PD client to request a /64 prefix of its own, and the computers will then essentially act as routers too. I have heard that Facebook does this internally, or something close to it at least.

Finally, please be aware that if your computers are connected to Active Directory, their SLAAC addresses will automatically be added as AAAA DNS records in active directory, along with corresponding PTRs in the reverse zones. This ends up being a much more useful way of telling which computer it is from its address than manually maintaining a list of DUIDs and which computer they go with. This could potentially be used in your case to allow for limitations or restrictions per computer.

Most firewalls have developed functionality for IPv6 that allows them to automatically match up v4 and v6 hosts based on various criteria, basically "host tracking". Currently MikroTik does not do any kind of host tracking, outside of Kid Control. I believe what you are really asking for (and don't realize it) is some kind of host tracking mechanism like "next-generation firewalls" often have.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 dhcp finally in v7 ?

Wed Apr 29, 2020 12:04 am

but if someone explain me how to solve these questions, maybe i will consider using SLAAC
I recommend doing your host filtering and classification based on MAC address, not on IPv6 address.
Then you do not need to have separate cases for IPv4 and IPv6 either (assuming you support dual-stack on your network).
And varying IPv6 address due to "privacy extensions" is not a problem.
You can write rules for your firewall based on MAC address.
(unfortunately there is no "MAC address list" in RouterOS firewall yet, but it could be added)
 
guipoletto
Member Candidate
Member Candidate
Posts: 195
Joined: Mon Sep 19, 2011 5:31 am

Re: IPv6 dhcp finally in v7 ?

Sun May 23, 2021 12:15 pm

I can confirm the need for address-delegation, along with prefix delegation, to make most CPE's work.

Any chance it ever makes into V7?

Who is online

Users browsing this forum: No registered users and 21 guests