Community discussions

 
orfest
just joined
Topic Author
Posts: 5
Joined: Thu Sep 12, 2019 12:38 am

IPv6 not working with a static /48 prefix

Thu Sep 12, 2019 12:55 am

Hi,

Need help with IPv6 setup.

My ISP provides IPv6 support. I configured it, everything worked fine, but I wanted a static /48 prefix.
I asked the ISP for a static /48 prefix, the ISP obliged, and I no longer can make it work.
The ISP gave me a fixed IPv6 prefix via Prefix Delegation.

I checked tens of tutorials online and I'm following them very close, but I still can't get this to work.
If in DHCP-client I ask not for a prefix but for an address, I get a non-trivial /128 address. Using that /128 address the router can ping the internet, but there are no addresses available to be assigned to other computers in my home.

Any troubleshooting advice will be greatly appreciated.
[user@MyRouter] > /ipv6 dhcp-client print terse
 0    interface=sfp1 status=bound duid=0x0003000xxxxxxxxxxxxx dhcp-server-v6=fe80::ca9c:1dff:fe93:343f request=prefix add-default-route=yes default-route-distance=1 use-peer-dns=yes pool-name=A pool-prefix-length=64 prefix-hint=::/0 dhcp-options="" prefix=2aaa:bbbb:cccc::/48, 23h54m11s 

[user@MyRouter] > /ipv6 pool print terse
 0 D name=A prefix=2aaa:bbbb:cccc::/48 prefix-length=64 expires-after=23h54m28s 

[user@MyRouter] > /ipv6 address print terse       
 0 DL address=fe80::e68d:8cff:fe26:3c6/64 from-pool="" interface=bridge actual-interface=bridge eui-64=no advertise=no no-dad=no 
 1 DL address=fe80::e68d:8cff:fe26:3c4/64 from-pool="" interface=sfp1 actual-interface=sfp1 eui-64=no advertise=no no-dad=no 
 2  G address=2aaa:bbbb:cccc::1/64 from-pool=A interface=bridge actual-interface=bridge eui-64=no advertise=yes no-dad=no 

[user@MyRouter] > /ipv6 firewall raw print terse

[user@MyRouter] > /ipv6 nd print terse
 0 X* interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes advertise-dns=no managed-address-configuration=no other-configuration=no 
 1    interface=bridge ra-interval=20s-1m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes advertise-dns=no managed-address-configuration=no other-configuration=no 

[user@MyRouter] > /ipv6 route print terse 
 0 ADS  dst-address=::/0 gateway=fe80::ca9c:1dff:fe93:343f%sfp1 gateway-status=fe80::ca9c:1dff:fe93:343f%sfp1 reachable distance=1 scope=30 target-scope=10 
 1 ADSU dst-address=2aaa:bbbb:cccc::/48 type=unreachable distance=1 
 2 ADC  dst-address=2aaa:bbbb:cccc::/64 gateway=bridge gateway-status=bridge reachable distance=0 scope=10 

[user@MyRouter] > ping 2001:4860:4860::8888     
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                               
    0 2001:4860:4860::8888                                    timeout                                                                                                                                                              
    1 2001:4860:4860::8888                                    timeout                                                                                                                                                              
    2 2001:4860:4860::8888                                    timeout                                                                                                                                                              
    3 2001:4860:4860::8888                                    timeout                                                                                                                                                              
    sent=4 received=0 packet-loss=100% 
 
User avatar
Anumrak
Forum Veteran
Forum Veteran
Posts: 993
Joined: Fri Jul 28, 2017 2:53 pm

Re: IPv6 not working with a static /48 prefix

Thu Sep 12, 2019 4:09 pm

Hey. You should set your default route to ISP's global address, not link-local.

And yeah, you better obtain static /48 prefix from them. Not by dhcpv6.
 
tdw
Member Candidate
Member Candidate
Posts: 178
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 not working with a static /48 prefix

Thu Sep 12, 2019 4:47 pm

It is difficult to tell from a printing the state of a few items, /export hide-sensitive (in this case /ipv6 export hide-sensitive is probably sufficient) and sanitise any public IPs.

That said, as your ISP is not using link-local addresses for the WAN connection you should configure the DHCP client to ask for both a prefix AND an address.
/ipv6 dhcp-client
add add-default-route=yes interface=sfp1 pool-name=A pool-prefix-length=64 request=address,prefix use-peer-dns=yes
 
orfest
just joined
Topic Author
Posts: 5
Joined: Thu Sep 12, 2019 12:38 am

Re: IPv6 not working with a static /48 prefix

Fri Sep 13, 2019 1:45 pm

Thank you for the responses.
Changing gateway to the public ISP address makes a lot of sense, I will try that.

However, I can no longer get address or prefix from the ISP O_o Let me escalate that to the ISP.
/ipv6 export hide-sensitive  
# sep/13/2019 12:42:52 by RouterOS 6.45.3
# software id = JTPI-66FA
#
# model = 2011UiAS-2HnD
# serial number = 614A05574D69
/ipv6 pool
add name=B prefix=2000:xxxx:yyyy::/48 prefix-length=64
/ipv6 address
add address=::1 from-pool=B interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=sfp1 pool-name=B request=address,prefix
 
orfest
just joined
Topic Author
Posts: 5
Joined: Thu Sep 12, 2019 12:38 am

Re: IPv6 not working with a 2a02:168:2000:9::/6static /48 prefix

Sat Sep 14, 2019 3:47 am

  • DHCP-Client on the router now gets both a prefix: 2000:1111:3333::/48 and an address outside of that prefix: 2000:1111:2000:9:aaaa:bbbb:cccc:dddd.
  • The router can ping any external address, for example
    ping 2001:4860:4860::8888
    works.
  • I assign an address from the pool on the router bridge interface. The router has two global address: 2000:1111:2000:9:aaaa:bbbb:cccc:dddd on sfp1 and 2000:1111:3333::1 on bridge.
  • A laptop connected to the router can ping both router addresses, but can't ping any external addresses, such as 2001:4860:4860::8888.
  • From the outside (using http://nl.traceroute6.net) I can ping the sfp1 router address: 2000:1111:2000:9:aaaa:bbbb:cccc:dddd, but not the 2000:1111:3333::1 address of bridge. Some ISP server is rejecting the ping as "Administratively prohibited" (denoted as X! in the traceroute output).
  • I tried using local or global address of the ISP gateway as the default route, but none of them works.
I'm completely lost, please help.
The fact that router can't relay my laptop pings to the outside probably means its routing is wrong. But the router can ping anything, which means its routing is correct.
[user@MyRouter] > /ipv6 export hide-sensitive 
# sep/14/2019 02:40:31 by RouterOS 6.45.6
# software id = JTPI-66FA
#
# model = 2011UiAS-2HnD
# serial number = 614A05574D69
/ipv6 address
add address=::1 from-pool=D interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=sfp1 pool-name=D request=address,prefix
/ipv6 nd
set [ find default=yes ] advertise-dns=yes other-configuration=yes
[user@MyRouter] > /ipv6 route print terse 
 0 ADS  dst-address=::/0 gateway=2000:1111:2000:9::1%sfp1 gateway-status=2000:1111:2000:9::1%sfp1 reachable distance=1 scope=30 target-scope=10 
 1 ADC  dst-address=2000:1111:2000:9::/64 gateway=sfp1 gateway-status=sfp1 reachable distance=0 scope=10 
 2 ADSU dst-address=2000:1111:3333::/48 type=unreachable distance=1 
 3 ADC  dst-address=2000:1111:3333::/64 gateway=bridge gateway-status=bridge reachable distance=0 scope=10 

[user@MyRouter] > /ipv6 firewall raw print terse

[user@MyRouter] > /ipv6 address print terse
 0  G address=2000:1111:3333::1/64 from-pool=D interface=bridge actual-interface=bridge eui-64=no advertise=yes no-dad=no 
 1 DL address=fe80::e68d:8cff:fe26:3c6/64 from-pool="" interface=bridge actual-interface=bridge eui-64=no advertise=no no-dad=no 
 2 DL address=fe80::e68d:8cff:fe26:3c4/64 from-pool="" interface=sfp1 actual-interface=sfp1 eui-64=no advertise=no no-dad=no 
 3 DG address=2000:1111:2000:9:aaaa:bbbb:cccc:dddd/64 from-pool="" interface=sfp1 actual-interface=sfp1 eui-64=no advertise=no no-dad=no 
Last edited by orfest on Sat Sep 14, 2019 12:16 pm, edited 1 time in total.
 
orfest
just joined
Topic Author
Posts: 5
Joined: Thu Sep 12, 2019 12:38 am

Re: IPv6 not working with a static /48 prefix

Sat Sep 14, 2019 3:58 am

My understanding is that a firewall on the ISP server blocks all traffic to my prefix. But why? Should my router somehow tell the ISP server that, the ISP server can send traffic to my prefix through the router?
 
tdw
Member Candidate
Member Candidate
Posts: 178
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 not working with a 2a02:168:2000:9::/6static /48 prefix

Sat Sep 14, 2019 11:49 am

I assign an address from the pool on the router wlan1 interface. The router has two global address: 2000:1111:2000:9:aaaa:bbbb:cccc:dddd on sfp1 and 2000:1111:3333::1 on wlan1
There is no mention of wlan1 in anything you have posted so far, all of the IPv6 configuration you have provided references sfp1 for 'WAN' and bridge for 'LAN'

As you haven't provided the traceroute output we can't see where the traffic is being rejected - if your ISP is blocking incoming traffic ask them to permit it.
 
orfest
just joined
Topic Author
Posts: 5
Joined: Thu Sep 12, 2019 12:38 am

Re: IPv6 not working with a static /48 prefix

Sat Sep 14, 2019 12:23 pm

And it just started working!
Thanks everyone!

PS. Updated the previous comment
s/wlan0/bridge/

Who is online

Users browsing this forum: No registered users and 25 guests