Community discussions

MikroTik App
 
hci
Long time Member
Long time Member
Topic Author
Posts: 674
Joined: Fri May 28, 2004 5:10 pm

DHCPv6 Server

Thu Aug 20, 2020 7:19 pm

Is there a way with DHCPv6 to create a standard DHCPv6 server on mikrotik and delegate prefixes out of a pool etc? If so is there a how too?
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: DHCPv6 Server

Thu Aug 20, 2020 9:44 pm

IPv6 was intended to work with SLAAC and RAVD. What do you need DHCPv6 for?

Even Google is against DHCPv6: https://www.nullzero.co.uk/android-does ... -fix-that/
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Thu Aug 20, 2020 9:52 pm

Prefixes yes, single addresses no. Just add pool, then dhcp server where you select the pool, and that's pretty much it. Only it's possible that there's something wrong with current v7 beta, because quick test doesn't work for me, but same config in v6 does.
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: DHCPv6 Server

Tue Aug 25, 2020 4:47 pm

ipv6 is dead
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Tue Aug 25, 2020 6:07 pm

Well, there's still a lot of "true believers in IPv4", whose dream is ten NATs in a row, who stand in a way of progress. But it's slowly improving.
 
whatever
Member
Member
Posts: 348
Joined: Thu Jun 21, 2018 9:29 pm

Re: DHCPv6 Server

Wed Aug 26, 2020 10:32 am

ipv6 is dead
https://www.google.de/ipv6/statistics.html
One third of Google's users already use IPv6. Several minor countries like USA, India, Germany, France, etc. have already exceeded 40% adoption rate and are approaching 50%. So yes, IPv6 is very dead. We should ignore it and continue to use IPv4 with shitloads of NAT instead. Who wants proper Internet with direct connectivity anyway?
 
TonyJr
Member Candidate
Member Candidate
Posts: 207
Joined: Sat Nov 12, 2011 1:30 am
Location: UK
Contact:

Re: DHCPv6 Server

Wed Aug 26, 2020 10:49 am

Is there a way with DHCPv6 to create a standard DHCPv6 server on mikrotik and delegate prefixes out of a pool etc? If so is there a how too?
https://wiki.mikrotik.com/wiki/Manual:I ... delegation

Yes.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Wed Aug 26, 2020 11:20 am

... And if google and facebook say so, it is then right???
google will soon or a later implement dhcp v6-pd client in Android
and i was read somewhere that FB is use same at they internal network

so this approach resulting in reducing v6 space in half

This is a reason why i using other brands in my production LANs
MKT is good for guest network, i don't care what guest do there, what is they IP, they are filtered out :)
stateful DHCP v6 is a must in serious LAN
and i don't care what google say
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Thu Aug 27, 2020 2:37 am

This is a reason why i using other brands in my production LANs
MKT is good for guest network, i don't care what guest do there, what is they IP, they are filtered out :)
stateful DHCP v6 is a must in serious LAN
and i don't care what google say
You can use DHCPv6-PD, as others have said, but not use DHCPv6 to assign addresses. Why do you care about using DHCPv6 to assign individual IPv6 addresses anyway? What is the benefit vs SLAAC?

A lot of people seem to think using DHCPv6 to assign stateful IPv6 addresses to individual computers on a network is a benefit, but this is based only on experiences with DHCP in IPv4. Unfortunately in IPv6, DHCPv6 does not store the MAC or the Hostname of the client system, so it is really hobbled compared to IPv4 DHCP when it comes to the extra tracking and control it provides you with. There is unfortunately very little benefit to DHCPv6 - most people who think so seem to be assume it is more similar to DHCPv4 than it actually is.
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: DHCPv6 Server

Thu Aug 27, 2020 3:30 am

never seen anyone using ipv6
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Thu Aug 27, 2020 4:18 am

never seen anyone using ipv6
IPv6 is not dead, it is growing. IPv4 is dying. IPv4 NAT cannot handle what is coming in the future. Companies don't feel under any pressure to move, but cell providers are moving and home customers are getting IPv6 at an increasing rate.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Fri Aug 28, 2020 9:14 pm

DHCPv6 does not store the MAC or the Hostname of the client system
hmmm, last time i checked OpenWrt is was doing exactly this
Linux & Windows hosts have they hostnames and addresses was assigned through IPv6 server

as i stated before, production LAN
and Android does not belong to production / serious LAN.
Should i be happy with plug & play SLAAC??
wooow, i turned on the phone
wooow, MKT give the default GW
wooow, what a LAN engineer i am. SLAAC working for me ...

no, i have no further comment on this post
and there is no use of mentioning IPv6 dhcp snooping, or other method of controling your network
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Fri Aug 28, 2020 9:52 pm

DHCPv6 should use DUID to identify clients. It can be derived from MAC address, but it's only one of available options, and server is not supposed to interpret it in any way (i.e. read the MAC address from it), it should just take the whole DUID as unique identifier.

Interesting part is that DUID belongs to whole system, not just to one interface. So e.g. notebook can connect once using ethernet, next time using wifi, and server will still know that it's the same client and can give it same address. Even if network adapter is replaced, DUID should stay the same, because system should remember the originally created one.

Downside is that when you as admin see client DUIDs on server, you have no idea what is what. So if server records also MAC address (from which it got requests), it definitely makes sense. But it should be only for information purposes (unless I missed some newer RFC).
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: DHCPv6 Server

Fri Aug 28, 2020 10:38 pm

never seen anyone using ipv6
It might be that you have not looked closely. I surprised my boss and some other people from my company, who travels a lot, when I show them that they had unknowingly logged in in our Google domains using IPv6. Typically from mobile connections or wifi in places such as Thailand, the US or Canada. Look into your logs if you are a sysadmin managing a reasonably globalized company.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Fri Aug 28, 2020 10:52 pm

Now i am realy don't understand this

everytime when topic came to V6 dhcp, there is bunch of forum guru/veteran who say: noooo, you actualy don't need that

please, is stateful dhcp v6 part of RFC?
yes !
does MKT implement full dhcp v6?
no !
does i asked for help how to build v6 net?
no !

if i make a request for full implementation, or i say my oppinion that MKT should implement what is in RFC, why there is no answer from MKT?
Only few forum users who said, noooo, you don't need it
Why some forum users think that i don't know what i need?
i need something what is clearly defined in RFC

It is not a general question does RB need to be painted in green, or blue or maybe in gray color and then we discuss our oppinions which color is more suitable for it
it is request, long time request, and as i say, part of RFC

do i use it wrong? maybe
do i need it ? maybe
does MKT implemented it?
no
Other vendors is implemented stateful dhcp v6?
yes
does MKT staff say anything about it?
no
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 12:35 am

I'm sure they will add it eventually. Unfortunately, so far IPv6 wasn't the biggest priority for them. They added some stuff, but it's not like they are pushing things forward very much. And they only respond here in forum when they feel like it, and that's not very often.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 7:46 am

I'm sure they will add it eventually. Unfortunately, so far IPv6 wasn't the biggest priority for them. They added some stuff, but it's not like they are pushing things forward very much. And they only respond here in forum when they feel like it, and that's not very often.
Nope, they won't
As OpenVPN was never finished, same will be with IPv6
why?
because MKT try to fit same features in 16MB spi flash and 128MB nand
Same OS on cheap home router and multicore cloud router?
no way
so MKT decided to implement only a half of things
do we have IPv6 ? yes, we have
do we have OpenVPN? yes yes
do we have ... whatever, yeees

cheap marketing tricks
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Sat Aug 29, 2020 7:58 am

There is only one good reason for implementing stateful DHCPv6 - a lot of home routers when asking for a prefix will also request an address, and if not given both a prefix and an address, they will not accept either.

Other than to work around that bug, stateful DHCPv6 addressing is a waste of time for MikroTik to implement. There is no point otherwise.

There is zero point in having stateful DHCPv6 on a corporate network.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Sat Aug 29, 2020 8:02 am

hmmm, last time i checked OpenWrt is was doing exactly this
Linux & Windows hosts have they hostnames and addresses was assigned through IPv6 server
I'm not talking about "assigning" hostnames through DHCPv6 server. I'm talking about DHCPv6 server collecting existing hostnames. DHCPv4 server does - when it hands out a lease, it records the hostname that the system has assigned to it. DHCPv6 server does not.

DHCPv4 server collects MAC addresses of existing systems. DHCPv6 server does not.

It is impossible for OpenWrt to do exactly that because the functionality does not exist in DHCPv6 server.

DHCPv6 stateful addressing server is basically useless. It would be a huge waste of time for MikroTik to implement this feature at the expense of other crucial features. If they have spare time later, sure, but the only point is to work around bugs in home routers.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 8:24 am

It would be a huge waste of time for MikroTik to implement this feature at the expense of other crucial features. If they have spare time later, sure,
So now i see how things works in MKT
I see many posts where forum veterans/trainers say, noooo, you don't need this
no, the LZO is silly stuff, no, v6 is good as it is in current state... and similar things

Actualy, trainers = MKT staff?
If user try to ask something from MKT, some trainer will say: no nooo,
user stop asking, and things are done :)

Why we implement something when nobody ask? Things done

So dear forum users, everybody who think that MKT should NOT implement things, please write a letters to Cisco,Juniper, or creators of RFC's
and say they are silly, they don't know what they are doing, and you, as MKT staff, know better

enough from this conversation. Bye
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Sat Aug 29, 2020 8:38 am

Actualy, trainers = MKT staff?
If user try to ask something from MKT, some trainer will say: no nooo,
user stop asking, and things are done :)
I am not MikroTik staff. But Google has said that stateful DHCPv6 is worthless, there is no point to it, and they will never support it in their products because it is a waste of time. We are missing so many other crucial features for IPv6, such as RADIUS accounting for prefixes, network prefix translation, that the last thing we need is for MikroTik to focus on implementing a feature that Google refuses to implement and says is a stupid feature that should not even exist, vs a feature that most users actually want and need.

MikroTik's IPv6 support is really incomplete right now. We desperately need for certain features to be improved. Stateful DHCPv6 is not one of those.
 
hci
Long time Member
Long time Member
Topic Author
Posts: 674
Joined: Fri May 28, 2004 5:10 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 6:13 pm

Ironic, if a MikroTik router obtains an IPv6 address by SLAAC, RADV it has no way to display it. Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 9:00 pm

As OpenVPN was never finished, same will be with IPv6
That's different. There was demand for OpenVPN, so they started with it, but then realized that it won't be so easy. They apparently found some more hardened developers since then, so there's now udp support in v7. As as whole, the implementation is still lacking, but also demand may be lower, because everyone loves WireGuard now.

With IPv6 it's not just MikroTik. Half of the world still believes that it's not needed. MikroTik keeps adding new stuff, but you can say that they are playing it safe and don't venture too far into something that could become dead end in future. And with some things they are simply slow.
So now i see how things works in MKT
I see many posts where forum veterans/trainers say, noooo, you don't need this
I can assure you that MikroTik ignores my wishes like anybody else's. I can't say if it's better for trainers, probably not. Officially they listen to distributors, because those are their customers who buy stuff from them. We as the end users can request something here on the forum, but I can understand why they may not listen to it, because no matter how many people it would be, relatively speaking it's always just few.
DHCPv6 stateful addressing server is basically useless. It would be a huge waste of time for MikroTik to implement this feature at the expense of other crucial features.
I wouldn't be huge waste of time in any case, since most of the DHCPv6 already exist. So small waste of time at most. And not even that, address assignment by DHCPv6 exists, operating systems support it, and if someone likes to use it for any reason (and doesn't care about Android), what's wrong with that?
Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD?
Windows 10 added support for this few years ago. So if you don't have anything older, then yes. But there's a problem with current RouterOS, which does not have any good configuration for this, it only takes what's in IP->DNS and gives it to clients. So if you want to use router as resolver (or anything else than what's in router's IP->DNS), you can't do that with just RA, you have to add stateless DHCPv6 (RouterOS can do that).
Last edited by Sob on Sat Aug 29, 2020 9:06 pm, edited 1 time in total.
 
whatever
Member
Member
Posts: 348
Joined: Thu Jun 21, 2018 9:29 pm

Re: DHCPv6 Server

Sat Aug 29, 2020 9:05 pm

Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD?
Yes, Windows 10 supports this since version 1703.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Sat Aug 29, 2020 11:31 pm

Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD?
Yes, Windows 10 supports this since version 1703.
There is a gotcha surrounding this support though - Windows prefers DNS servers received through any kind of DHCP to DNS servers advertised via SLAAC. So if you run dual stack IPv4 and IPv6 and use DHCP on IPv4 and only receive DNS servers through SLAAC, Windows will basically never use IPv6 for DNS and will only use IPv4. If you run IPv6-only on Windows then it will use the IPv6 DNS servers, but that generally isn't an option now. So what I usually do is I still advertise DNS via DHCPv6 to the Windows 10 computers, then it will treat them as equal priority or higher to the IPv4 DNS servers and will actually use them instead of avoiding them.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Sun Aug 30, 2020 12:34 am

Not that it matters too much, because whether DNS server uses IPv4 or IPv6 for transport, it can answer all queries. So if you have IPv6 connectivity but no IPv6 DNS resolvers, it's no problem, because even IPv4 DNS resolver will give you AAAA records needed for IPv6.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: DHCPv6 Server

Sun Aug 30, 2020 1:25 am

Not that it matters too much, because whether DNS server uses IPv4 or IPv6 for transport, it can answer all queries. So if you have IPv6 connectivity but no IPv6 DNS resolvers, it's no problem, because even IPv4 DNS resolver will give you AAAA records needed for IPv6.
Yes, of course, either an IPv4 DNS or IPv6 DNS will work fine for resolving names for either protocols - but at the ISP level I do prefer for as much of our traffic to be on IPv6 as possible. It helps us to make informed decisions as to when it makes sense to move to CG-NAT for most IPv4 purposes. Once IPv6 hits 70-80% of our network traffic it becomes reasonable for us to stop renting so much IPv4 space and the associated monthly fees without having to worry about the CG-NAT box becoming overloaded.

I have a personal experience rolling out DHCPv6 stateful server on our office network. Both me and the systems admin thought it would be better to have stateful DHCPv6 than using SLAAC. So we deployed stateful DHCPv6 server on ISC-DHCPv6 thinking it would give us nice auditing like DHCPv4 server. Unfortunately we were very disappointed when we saw what we got - it gave the leases and worked, but when we looked in the leases file, we saw that all it was really storing for each lease was the DUID and the leased IP and the lease time, and nothing else. No MAC address, no hostname.

With DHCPv4 server if someone brings an unauthorized outside device onto the network, we can see the hostname in DHCP and the MAC address and can do a vendor lookup to see what type of device it is. What do you get with DHCPv6 server if someone brings an unauthorized outside device onto the network? You get a DUID. Great. What can you do what that? How do you know whose device it is or what vendor? You don't - you know the DUID and that is it. I'm sure this was designed to protect users privacy, so that you could no longer identify whose device it was (via hints suggested by the hostname) and what type of device it was. But in a controlled network as a system administrator, it makes it basically useless. As it stood, we would need to run around from system to system recording the DUID of each one so that we could actually match them up to leases in the ISC DHCPv6 server.

And then of course we had some people on our network running Android devices and wanting to connect on v6 as we are an ISP and have lots of tech people. So we had to set up SLAAC as well. Now every computer gets both SLAAC and Stateful DHCPv6 addresses. So what extra does DHCPv6 really do for us? Nothing, we might as well not even run it. Our Active Directory server can track the v4 and v6 addresses automatically for all domain joined computers regardless of whether they use DHCPv4 or DHCPv6.

In my experience, most people who want to deploy stateful DHCPv6 (like me previously) expect that it does more than it actually does. In reality because they were seemingly so concerned about protecting users privacy when it comes to identity and what kind of device the user has, you get basically no extra information or control with DHCPv6 than you do with SLAAC. Stateful DHCPv6 is determined to hide everything about the user's identity from you, which, to me, basically destroys its usefulness.

A few home router implementations are seemingly able to display the MAC and hostname for DHCPv6, but that is only because they cross reference with the DHCPv4 tables. What happens when we eventually go IPv6 only and IPv4 is shut off? That information will become blank - then a lot of people, who thought DHCPv6 did more than it actually does, will suddenly wonder what the point of it is. It is a valid question.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 Server

Sun Aug 30, 2020 3:50 am

It may not be so hopeless. DHCPv6 has FQDN option (RFC 4704) and at least Windows clients with default config use it to send their hostname to server. For MAC address there's surely a way how server can get it (after all, it's communicating with the client) and record it for information purposes. There's even option for it that can be used by relays to send it to server (RFC 6939).
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: DHCPv6 Server

Sun Aug 30, 2020 11:43 pm

Here is an article I did with a basic overview of DHCPv6-PD config on MikroTik

https://stubarea51.net/2018/09/14/wisp- ... your-wisp/


Image
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: DHCPv6 Server

Sun Sep 06, 2020 6:09 am

In my experience, most people who want to deploy stateful DHCPv6 (like me previously) expect that it does more than it actually does
Ok, one single question
In your SLAAC environment, how you would decide which device will be routed to linkA, linkB, which device have acces to LanA, which device have SQM/Queue ... etc

no, answer is clear. There is no way

From my point of view:
Corporate network with DHCPv6
If device support statuful v6, then it get v6 address and routing/blocking decision was made according to v6 address
If device want only SLAAC ... well, there is a guest network based on Mikrotik :D

Who is online

Users browsing this forum: No registered users and 12 guests