Community discussions

MikroTik App
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

IPv6 on RB4011 via AT&T Fiber

Sun Mar 15, 2020 12:50 am

I am pretty new to ipv6, I think I did it wrong.

Basically I made a dhcp-client on my ether1, it pulls /64 prefix and address (pool prefix length 64) and creates general-pool6. If I tried pulling 60 it wouldn't work, but oddly it assigned me a 2600:1700 address on a /60.

Image

Then I added VLAN20, VLAN50, and VLAN100 to ipv6 address list using ::64 it pulled basically 2600:1700 blah blah :1871,1870,and1872 endings all on a /64. 2001:506 ipv6 was assigned via DHCP to my ether1. I don't seem to have a 2600:1700 for ether1, but I assume that's fine? There is also a link local fe80: for ether1 and all VLAN interfaces, but ether1 is fe80:a67a:blahblah while the others are fe80:c6ad:blahblah.

IPv6 shows working, but I feel like I did this wrong. Also I am not using peer DNS since I hate AT&T DNS.

Image
Last edited by archerious on Mon Mar 16, 2020 11:38 am, edited 1 time in total.
UDM-Pro Former: RB4011, CCR2004, hEX, ER4
Aruba 2930F, CSS326, CRS309, CRS112-PoE Former: Ubiquiti XG-16 & ES-10X
Wireless Wire
AT&T Fiber 1000/1000
http://tlopez.cc/images/hex_is_a_beast.PNG
http://tlopez.cc/images/ccr2004_speedtest.png
 
mkx
Forum Guru
Forum Guru
Posts: 4330
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 on RB4011 via AT&T Fiber

Sun Mar 15, 2020 12:24 pm

I suggest you to post full IPv6 config. Get output of the following commands (obfuscate public IP addresses, but hide most significant octets, not the least significant ones as they show relevant information):
/ipv6 export
/ipv6 dhcp-client print detail
/ipv6 pool print detail
/ipv6 address print detail
BR,
Metod
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: IPv6 on RB4011 via AT&T Fiber

Mon Mar 16, 2020 11:29 am

I suggest you to post full IPv6 config. Get output of the following commands (obfuscate public IP addresses, but hide most significant octets, not the least significant ones as they show relevant information):
/ipv6 export
/ipv6 dhcp-client print detail
/ipv6 pool print detail
/ipv6 address print detail
Thank you, here is the info requested:

/ipv6 export
MikroTik-RB4011] > /ipv6 export
# mar/16/2020 04:24:29 by RouterOS 6.46.4
# software id = 86CU-YT4V
#
# model = RB4011iGS+
# serial number = XXXXXXXXXXXXXXXX
/ipv6 dhcp-server
add address-pool=general-pool6 interface=VLAN50 name="VLAN50 DHCP"
add address-pool=general-pool6 interface=VLAN100 name="vlan100 ipv6"
add address-pool=general-pool6 interface=VLAN20 name=vlan20
/ipv6 address
add from-pool=general-pool6 interface=VLAN100
add from-pool=general-pool6 interface=VLAN50
add from-pool=general-pool6 interface=VLAN20
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=general-pool6 request=\
    address,prefix use-peer-dns=no
/ipv6 firewall filter
add action=drop chain=forward in-interface=VLAN70 in-interface-list=WAN
add action=drop chain=input comment="Drop (invalid)" connection-state=invalid
add action=accept chain=input comment="Accept (established, related)" \
    connection-state=established,related
add action=accept chain=input comment="Accept DHCP (10/sec)" in-interface=\
    ether1 limit=10,20:packet protocol=udp src-port=547
add action=drop chain=input comment="Drop DHCP (>10/sec)" in-interface=ether1 \
    protocol=udp src-port=547
add action=accept chain=input comment="Accept external ICMP (10/sec)" \
    in-interface=ether1 limit=10,20:packet protocol=icmpv6
add action=drop chain=input comment="Drop external ICMP (>10/sec)" \
    in-interface=ether1 protocol=icmpv6
add action=accept chain=input comment="Accept internal ICMP" in-interface=\
    !ether1 protocol=icmpv6
add action=drop chain=input comment="Drop external" in-interface=ether1
add action=reject chain=input comment="Reject everything else"
add action=accept chain=output comment="Accept all"
add action=drop chain=forward comment="Drop (invalid)" connection-state=invalid
add action=accept chain=forward comment="Accept (established, related)" \
    connection-state=established,related
add action=accept chain=forward comment="Accept external ICMP (20/sec)" \
    in-interface=ether1 limit=20,50:packet protocol=icmpv6
add action=drop chain=forward comment="Drop external ICMP (>20/sec)" \
    in-interface=ether1 protocol=icmpv6
add action=accept chain=forward comment="Accept internal" in-interface=!ether1
add action=accept chain=forward comment="Accept outgoing" out-interface=ether1
add action=drop chain=forward comment="Drop external" in-interface=ether1
add action=reject chain=forward comment="Reject everything else"
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=VLAN100 ra-interval=20s-1m
add interface=VLAN50 ra-interval=20s-1m
add interface=VLAN20 ra-interval=20s-1m
/ipv6 dhcp-client print detail
MikroTik-RB4011] > /ipv6 dhcp-client print detail
Flags: D - dynamic, X - disabled, I - invalid 
 0    interface=ether1 status=bound duid="0x000xxxxxxxxxxxx" 
      dhcp-server-v6=fe80::2d0:xxxx:xxxx:xxxxrequest=address,prefix 
      add-default-route=yes default-route-distance=1 use-peer-dns=no 
      pool-name="general-pool6" pool-prefix-length=64 prefix-hint=::/0 
      dhcp-options="" prefix=2600:1700:xxxx:xxxx::/60, 51m2s 
      address=2001:506:xxxx:xxxx::1, 51m2s 
/ipv6 pool print detail
MikroTik-RB4011] > /ipv6 pool print detail
Flags: D - dynamic 
 0 D name="general-pool6" prefix=2600:1700:xxxx:xxxx::/60 prefix-length=64 
     expires-after=49m22s 
/ipv6 address print detail
MikroTik-RB4011] > /ipv6 address print detail
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 0 DL address=fe80::a67a:xxxx:xxxx:xxx/64 from-pool="" interface=ether1 
      actual-interface=ether1 eui-64=no advertise=no no-dad=no 

 1 DL address=fe80::c6ad:xxxx:xxxx:xxxx/64 from-pool="" interface=sfp-sfpplus1 
      actual-interface=sfp-sfpplus1 eui-64=no advertise=no no-dad=no 

 2 DL address=fe80::c6ad:xxxx:xxxx:xxxx/64 from-pool="" interface=VLAN20 
      actual-interface=VLAN20 eui-64=no advertise=no no-dad=no 

 3 DL address=fe80::c6ad:xxx:xxxx:xxxx/64 from-pool="" interface=VLAN100 
      actual-interface=VLAN100 eui-64=no advertise=no no-dad=no 

 4 DL address=fe80::c6ad:xxxx:xxxx:xxxx/64 from-pool="" interface=VLAN50 
      actual-interface=VLAN50 eui-64=no advertise=no no-dad=no 

 5  G address=2600:1700:xxxx:xxxx::/64 from-pool=general-pool6 interface=VLAN100 
      actual-interface=VLAN100 eui-64=no advertise=yes no-dad=no 

 6  G address=2600:1700:xxxx:xxxx::/64 from-pool=general-pool6 interface=VLAN50 
      actual-interface=VLAN50 eui-64=no advertise=yes no-dad=no 

 7  G address=2600:1700:xxxx:xxxx::/64 from-pool=general-pool6 interface=VLAN20 
      actual-interface=VLAN20 eui-64=no advertise=yes no-dad=no 

 8 DG address=2001:506:xxxx:xxxx::1/64 from-pool="" interface=ether1 
      actual-interface=ether1 eui-64=no advertise=no no-dad=no 
I censored with X's on anything sensitive.
UDM-Pro Former: RB4011, CCR2004, hEX, ER4
Aruba 2930F, CSS326, CRS309, CRS112-PoE Former: Ubiquiti XG-16 & ES-10X
Wireless Wire
AT&T Fiber 1000/1000
http://tlopez.cc/images/hex_is_a_beast.PNG
http://tlopez.cc/images/ccr2004_speedtest.png
 
User avatar
archerious
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: IPv6 on RB4011 via AT&T Fiber

Thu Mar 19, 2020 2:15 am

If any other info is needed please let me know.
UDM-Pro Former: RB4011, CCR2004, hEX, ER4
Aruba 2930F, CSS326, CRS309, CRS112-PoE Former: Ubiquiti XG-16 & ES-10X
Wireless Wire
AT&T Fiber 1000/1000
http://tlopez.cc/images/hex_is_a_beast.PNG
http://tlopez.cc/images/ccr2004_speedtest.png
 
mkx
Forum Guru
Forum Guru
Posts: 4330
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 on RB4011 via AT&T Fiber

Thu Mar 19, 2020 9:13 pm

Sorry I overlooked you posted lots of information.

Disclaimer: I'm by no means an expert for IPv6 in ROS, so my analysis likely missed something.

Anyways, I don't see anything much wrong in your setup. The only thing I'm doing differently (and I have a few VLANs with IPv6 addresses from pool which are not the same) is the way of assigning addresses ... here's my config:
add address=::b869:f4ff:fe20:a549 eui-64=yes from-pool=general-pool6 interface=VLAN50
Note the double-colon at the beginning of address, it actually instructs ROS to take one of /64 prefixes from pool and append the rest of cofigured address and then assign tgat address to the interface. And the address I used is the LSB part of link-local address on the same interface. You can use anything else, e.g. "address=::1" ...

In my case, ISP is giving out /56 prefixes and I have 3 VLANs. And similar construct assigns addresses from different prefixes to each of interfaces.

The other difference between your and my setup is that I don't try to run DHCPv6 server ... it's very incomplete in ROS. Instead I rely on Router Advertisements to make their magic (and they do for all different devices I have: Windows and Linux PCs, Android phones). But this difference should not cause the weirdness about same IPv6 address being assigned to multiple interfaces.
BR,
Metod

Who is online

Users browsing this forum: No registered users and 39 guests