We have been using a workaround for now, although I'm not sure whether it will work for everybody, if it does help someone I can post the script. We have a script that runs that turns any dynamic DHCPv6 PPPoE bindings into static bindings, so that if the customer disconnects and reconnects, they get the same lease. It also copies the pppoe interface name to the comment so that we know which user the binding is for.
Here it is - we run this every 5 minutes using the scheduler:Dear friend, I could post the script.
/ipv6 dhcp-server binding;
:foreach i in=[find server~"pppoe"] do={
make-static $i;
set $i comment=[get $i server];
set $i server=all;
}
Okay, thanks for the tip.Here it is - we run this every 5 minutes using the scheduler:Dear friend, I could post the script.
It works well and users always get the same prefix after disconnecting and reconnecting. It is really just a temporary solution for us until the better solution of Delegated-IPv6-Prefix becomes available.Code: Select all/ipv6 dhcp-server binding; :foreach i in=[find server~"pppoe"] do={ make-static $i; set $i comment=[get $i server]; set $i server=all; }
Because static bindings will be backed up with the router configuration backup by Oxidized, we can look in there to see what user has what binding.
I was also toying with the idea of writing a parser that would look through the backed up config from RouterOS and update RADIUS mysql accounting table with the Delegated-IPv6-Prefix, as though it were being given by RouterOS itself, as a workaround for the lack of accounting. However it wasn't a big deal for us because we only have a few PPPoE concentrators and we tunnel all customers back to these concentrators.
@saaremaa and @marekm is this workaround useful for you at all?
Code: Select all
/ipv6 dhcp-server export verbose file=IPv6LOG-PD
:log info message="enviando LOGIPV6PD por email"
:delay 5s
:global data [/system clock get date]
:global hora [/system clock get time]
:global nome [/system identity get name]
/tool e-mail send to="noc@empresa.com.br" subject="IPV6LOGPD $nome - $data às $hora" body="IPV6LGPD $nome realizado às $hora de $data." file=IPv6LOG-PD.rsc start-tls=yes
:log info message="backup do log PD enviado!"
In my case, this method will not help. It is required that the binding of the prefix to the client's account be in the billing and issued by the Radius attribute. This is a requirement of Roskomnadzor (Russia).@saaremaa and @marekm is this workaround useful for you at all?
Hang on. .. 2014 ?Unfortunately the team has not yet deployed the Delegated-IPv6-Prefix.
It is by these and others that people have been abandoning mikrotik.
I hope you're ashamed in the face.
We have been expecting this since 2014.
5 years waiting.
it's ridiculous!
Hello,Dear support, please tell me when the company MikroTik plans to implement the support of "Delegated-IPv6-Prefix" radius attribute for PPP services?
saaremaa - What is the question here actually? Delegated-IPv6-Prefix is already working for DHCP service (RADIUS). Such parameter is not available yet for PPP service. If you make PPPoE server which then distributes addresses by using DHCP service, then this will not work since users are authenticated by using PPP service, not DHCP;
saaremaa - Sorry about that. I mixed both services together. We do support Delegated-IPv6-Prefix for DHCP service but not for PPP yet. It is in our plans to add support for this in the future;
Everyone coming out of RouterOS exactly because they have not yet deployed Delegated-IPv6-Prefix with PPPoE. This update of you is useless to the vast majority.viewtopic.php?f=21&t=145793&p=717609#p717667
saaremaa - What is the question here actually? Delegated-IPv6-Prefix is already working for DHCP service (RADIUS). Such parameter is not available yet for PPP service. If you make PPPoE server which then distributes addresses by using DHCP service, then this will not work since users are authenticated by using PPP service, not DHCP;
Nah. Requests for Delegated-IPv6-Prefix on PPPoE go back to ROS 3.x
And thats a decade ago.
It is just disregard of Mikrotiks customers.
/M
vyos not support VPLS .... or documentation is poorFor anyone looking for alternatives (on x86 hardware), VyOS now includes accel-ppp which supports Delegated-IPv6-Prefix.
For anyone looking for alternatives (on x86 hardware), VyOS now includes accel-ppp which supports Delegated-IPv6-Prefix.
Hi Pietro, glad to see you.Anyone tested on 6.45.x ?
15FR is on the site.Similar pattern as with CRS318 netPower reverse-PoE switches - still vapourware 10 months after first announced. Again, need to decide - wait for MT, or roll our own?
Thank you for your initiative...Hi guys, I was fighting with IPv6 deployment for few weeks. The authentication is PPPoE as in many other networks.
The main issue is that when customer got IPv6 delegated prefix from Mikrotik, we don't have control and information about the prefix that is assigned to end user. This is because Mikrotik doesn't support Radius based IPv6 assignment on PPPoE. In IPv4 it's fine, because there are Framed-IP-Address and Framed-Route attributes.
But in PPPoE with Radius, Delegated-Ipv6-Prefix is not accepted by Mikrotik, even if we send it from Radius. In accounting messages Mikrotik sends back to Radius Delegated-IPv6-Prefix attribute, so, we have extended our Radius and grab and save this information. But it's a sort of "hack" and regular FreeRadius doesn't support it.
I've created a petition, please vote for a proper Delegated-IPv6-Prefix support in Radius + PPPoE Mikrotik here - http://chng.it/v7Xjm42GsG
#OnUp
:delay 1000ms
:local interfaceName [/interface get $interface name]
#:log info [/interface get $interface name]
:local ipv6pd [/ipv6 route get [find gateway=$interfaceName] dst-address]
#:log info [/ipv6 route get [find gateway=$interfaceName] dst-address]
/ipv6 pool add name=$ipv6pd prefix=$ipv6pd prefix-length=56 comment=$interfaceName
/ipv6 dhcp-server add address-pool=$ipv6pd interface=$interface lease-time=52w name=$interfaceName comment=$interfaceName
#OnDown
:local interfaceName [/interface get $interface name]
/ipv6 dhcp-server remove [find interface=$interface]
/ipv6 pool remove [find comment=$interfaceName]
#IPv6Up
:delay 1000ms
:local interfaceName [/interface get $interface name]
:log info [/interface get $interface name]
:local ipv6pd [/ipv6 route get [find gateway=$interfaceName] dst-address]
:log info [/ipv6 route get [find gateway=$interfaceName] dst-address]
/ipv6 pool add name=$ipv6pd prefix=$ipv6pd prefix-length=63 comment=$user
/ipv6 dhcp-server add address-pool=$ipv6pd interface=$interface lease-time=52w name=$interfaceName comment=$user
#IPv6Down
/ipv6 dhcp-server remove numbers=[find comment=$user]
/ipv6 pool remove numbers=[find comment=$user]
I was using the dynamic interface name as a way of tracking as it is unique even if the same user authenticated twice eg. "<user>" and "<user-1>" as opposed to "user"I made little change, which works better for me .
With previous script, i have problem with deleting after disconnect
Code: Select all#IPv6Up :delay 1000ms :local interfaceName [/interface get $interface name] :log info [/interface get $interface name] :local ipv6pd [/ipv6 route get [find gateway=$interfaceName] dst-address] :log info [/ipv6 route get [find gateway=$interfaceName] dst-address] /ipv6 pool add name=$ipv6pd prefix=$ipv6pd prefix-length=63 comment=$user /ipv6 dhcp-server add address-pool=$ipv6pd interface=$interface lease-time=52w name=$interfaceName comment=$user #IPv6Down /ipv6 dhcp-server remove numbers=[find comment=$user] /ipv6 pool remove numbers=[find comment=$user]
Unreleted to this thread,this is only temporary solution.
Now i trying, how to put on ppp tunnel public adress , in past i have problems with some web pages in case when i use MTU 1480
Very nice but still not "Delegated-IPv6-Prefix" attribute... Or I'm wrong?What's new in 6.48beta12 (2020-Jul-06 13:33):
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
Hello Fellow "IPv6 / PPPoE / DHCPv6-PD / Delegated-IPv6-Prefix" waiters,
PD is still not an option with Mikrotik in combination with PPPoE. But, there is a But . the Framed-IPv6-Route attribute allows you to forward a delegated prefix to be forwarded to the customer site, only bad thing the customer or IT engineer needs to configure IPv6 manually.
This is something I can live with, but, 80% of my customers wants IPv6, but doesn't even know how to connect the UTP cable on the WAN port. So for them I am still waiting for PD .
@Mikrotik, please, all of your ISP Customers which endorse your product because of the simplicity and pricing of course. Please add DHCPv6-PD to PPPoE
Kind regards,
Ex Cisco BRAS user which loves Mikrotik when its support PD
By passing with Radius the Prefix, in more than one customer?The "Delegated-IPv6-Prefix" is now working on 6.48.1! Prefixes are being delegated to the clients, apparently.
In case of accounting, I got it ( using the Pool defined in mikrotik, or the one by Radius ( just ONE!!!) but with the MAC address intead of the username:But, the accounting packet (Router -> RADIUS) doesn't contains "Delegated-IPv6-Prefix" attribute. Do anyone managed to have this working?
Ah... understoodI
By passing with Radius the Prefix, in more than one customer?
Because I did test it an got duplicated pool error, as I stated above in red.
How did you make it?
This happens only if you use "dhcp" on RADIUS client configuration. Keep only "ppp" option and the MAC Address accounting is never sent.In case of accounting, I got it ( using the Pool defined in mikrotik, or the one by Radius ( just ONE!!!) but with the MAC address intead of the username:
# username, callingstationid, framedipaddress, framedipv6prefix, delegatedipv6prefix
'64:D1:54:76:20:F0', '64d1547620f0', '', '', '2803:2300:c000::/48'
'adsl-agallo', '64:D1:54:76:20:F0', '172.32.1.245', '2803:2300:7000::/64', ''
We are waiting from years for this feature!!!Ah... understoodI
By passing with Radius the Prefix, in more than one customer?
Because I did test it an got duplicated pool error, as I stated above in red.
How did you make it?
I've tested with only one "user". I'll test again later.
This happens only if you use "dhcp" on RADIUS client configuration. Keep only "ppp" option and the MAC Address accounting is never sent.In case of accounting, I got it ( using the Pool defined in mikrotik, or the one by Radius ( just ONE!!!) but with the MAC address intead of the username:
# username, callingstationid, framedipaddress, framedipv6prefix, delegatedipv6prefix
'64:D1:54:76:20:F0', '64d1547620f0', '', '', '2803:2300:c000::/48'
'adsl-agallo', '64:D1:54:76:20:F0', '172.32.1.245', '2803:2300:7000::/64', ''
When MikroTik get this to work (send Delegated-IPv6-Prefix related to username from "ppp"), this problem will be resolved.
Thanks, give us your results pls!Ah... understoodI
By passing with Radius the Prefix, in more than one customer?
Because I did test it an got duplicated pool error, as I stated above in red.
How did you make it?
I've tested with only one "user". I'll test again later.
It's Ok this way, so you can get the 'link' address of the CPE (just as IPv4) and the Pool of the 'internal network' but with the MAC.This happens only if you use "dhcp" on RADIUS client configuration. Keep only "ppp" option and the MAC Address accounting is never sent.In case of accounting, I got it ( using the Pool defined in mikrotik, or the one by Radius ( just ONE!!!) but with the MAC address intead of the username:
# username, callingstationid, framedipaddress, framedipv6prefix, delegatedipv6prefix
'64:D1:54:76:20:F0', '64d1547620f0', '', '', '2803:2300:c000::/48'
'adsl-agallo', '64:D1:54:76:20:F0', '172.32.1.245', '2803:2300:7000::/64', ''
When MikroTik get this to work (send Delegated-IPv6-Prefix related to username from "ppp"), this problem will be resolved.
Hi ntmanxp, It doesnt work for me.Hi there. Yeah 6.48.1 Works, BUT you can't have 2 customers with this attribute, as far I tested.
Using:
adsl-3333 Delegated-Ipv6-Prefix =2103:2003:c000::/48
adsl-3333 Framed-IPv6-Prefix =2103:2003:7000::/64
adsl-4444 Delegated-Ipv6-Prefix =2103:2003:c001::/48
adsl-4444 Framed-IPv6-Prefix =2103:2003:7001::/64
First user get the DHCP-Server like:
/ipv6 dhcp-server print
Flags: D - dynamic, X - disabled, I - invalid
# NAME INTERFACE ADDRESS-POOL PREFERENCE LEASE-TIME
0 D <pppoe-adsl-pruebausuario4> <pppoe-adsl-pruebausuario4> IPV6_pool_Delegado 255 3d
1 D <pppoe-adsl-3333> static-only 255 1m
BUT the second customer is refused to connect with this message:
"pppoe,ppp,error could not add dhcpv6 server with pool : server with such name already exists (7)"
Any Ideas?
Hi ntmanxp, It doesnt work for me.Hi there. Yeah 6.48.1 Works, BUT you can't have 2 customers with this attribute, as far I tested.
Using:
adsl-3333 Delegated-Ipv6-Prefix =2103c000::/48
adsl-3333 Framed-IPv6-Prefix =21037000::/64
adsl-4444 Delegated-Ipv6-Prefix =2103c001::/48
adsl-4444 Framed-IPv6-Prefix =21037001::/64
First user get the DHCP-Server like:
/ipv6 dhcp-server print
Flags: D - dynamic, X - disabled, I - invalid
# NAME INTERFACE ADDRESS-POOL PREFERENCE LEASE-TIME
0 D <pppoe-adsl-pruebausuario4> <pppoe-adsl-pruebausuario4> IPV6_pool_Delegado 255 3d
1 D <pppoe-adsl-3333> static-only 255 1m
BUT the second customer is refused to connect with this message:
"pppoe,ppp,error could not add dhcpv6 server with pool : server with such name already exists (7)"
Any Ideas?
If i use the Delegated-Ipv6-Prefix radius parameter, the DHCPv6 server stay in waiting mode and never assign the prefix to the customer.
If I remove the Delegated-Ipv6-Prefix the customer get one prefix from the pool and it works!
Could you tell me how you configure it?
Thanks in advance!
username Cleartext-Password := "********"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Delegated-IPv6-Prefix = 2001:db8:27b::/56,
Framed-IPv6-Prefix = 2001:db8:27b:100::/64,
Framed-IP-Address = 192.0.2.123
Even ROSv7 is not supporting...I'm not brave enough to try ROS v7 yet - or should I?
`Even ROSv7 is not supporting...Delegated-IPv6-Prefix RADIUS attribute support for PPPoE server still not working in 6.49.6?
[...]
I'm not brave enough to try ROS v7 yet - or should I?
`Hi there. Yeah 6.48.1 Works, BUT you can't have 2 customers with this attribute, as far I tested.
[...]
BUT the second customer is refused to connect with this message:
"pppoe,ppp,error could not add dhcpv6 server with pool : server with such name already exists (7)"
`I'm having the same problem here, i get ipv6 and ipv6-pd but the valid_lft is 60 seconds.I'm fine with this feature except "Expire Time" which is one minute and I don't know how to prolong it... I tried RADIUS attributes, pppoe profile, but no effect...
`I see the same thing: lease time is only 60 seconds long. It would be nice to be able to adjust it, but in practice it doesn't seem to be causing any problems. Client has to renew every 30 seconds, but oh well...
username Cleartext-Password := "passw0rd"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Delegated-IPv6-Prefix = 2001:db8:abcd::/56,
Framed-IPv6-Prefix = 2001:db8:abcd:100::/64,
Framed-IP-Address = 192.0.2.100
`While I agree that is bad behavior, there is a case to be made against using dynamic pools for PD: https://www.ripe.net/publications/docs/ripe-690
`What is the current status of this long-requested feature in latest ROS 7?
`So, I see now after testing a bit more that there is a problem. It's actually not a problem with the 60 seconds, though. The problem is that, 10 seconds after lease renewal happens, the IP addresses assigned from the pool briefly go "invalid" and then back to "valid" again. At the same time, "IPv6 address changed" is logged, even if the addresses didn't change at all. During this brief blip (1-2 seconds), forwarding of v6 traffic for those IPs on those interfaces is briefly interrupted.
This is Bad(tm). But it doesn't just happen with the IPs that have 60 second lease time. It happens with any DHCPv6-assigned IPs, right after they are renewed. So even when you have 3 day lease times for PD prefixes, after 36 hours pass, there will be brief 1-2 second outage.
Stupid.