Community discussions

MikroTik App
 
User avatar
Xymox
Member
Member
Topic Author
Posts: 416
Joined: Thu Jan 21, 2010 5:04 pm
Location: Phoenix, Arizona US
Contact:

IPv6 for home

Tue Jul 27, 2021 6:34 am

OMG... I feel stupid...

So how do i enable IPv6 to be provided by the ISP. I tried out all the examples but these setup a DHCP Client and server. i don't want all that. I just need IPv6 to pass thru to computers on the network. Any amazon/store bought home router will do it.

Maybe a copy paste from the IPv6 section so i can make sure i have the right settings.

I can setup a IPv6 DHCP Client and I can get a address or a prefix.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 for home

Tue Jul 27, 2021 9:07 am

Mikrotik doesn't actually implement DHCPv6 server. So you have to use SLAAC. Let's assume you're getting IPv6 prefix from ISP via DHCPv6. So you need:

/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=ipv6-pool request=prefix
/ipv6 address
add address=::1 eui-64=yes from-pool=ipv6-pool interface=LANbridge

The config for DHCPv6 client is requiring IPv6 prefix from ISP and stores it into address pool.
The IPv6 address setup sets LAN IPv6 address to be the first address from pool. E.g. if you receive prefix 2000:aaaa:200::/60 from ISP, then router LAN will (most likely) get address 2000:aaaa:200::1/64. By default, Mikrotik runs routing advertisements via all interfaces, hence it will send RAs to LAN. Connected devices will pick it up and invent SLAAC addresses (using correct prefix and adding random bits to the right).
If you want to have deterministic addresses on LAN devices, then you'll have some work to do ... either you'll have to set addresses statically on end devices or you'll have to install a proper DHCPv6 server in LAN (ISC DHCP server, as shipped standard on modern linux distros, will do) and configure static leases there. in any case, if ISP gives you different prefix, you'll have to change many settings :-(

On WAN interface router doesn't need any global address, link-local address is probably enough (at least it's enough in my case, my ISP is using PPPoE ... in case of IPv6oE might be different).

If your ISP is giving out prefixes with length 64 (mostly good enough for single IPv6 subnet) and you have to use one of addresses for WAN interface (yes, that's also possibility), then you're out of luck, it is not possible to divide /64 prefix to two subnets (one used on WAN interface and another one used on LAN interface).

Could be that you have to configure DHCPv6 client to actually request=address,prefix if ISP requires global IPv6 address on your router's WAN address.
 
User avatar
Xymox
Member
Member
Topic Author
Posts: 416
Joined: Thu Jan 21, 2010 5:04 pm
Location: Phoenix, Arizona US
Contact:

Re: IPv6 for home

Tue Jul 27, 2021 9:32 am

Great reply :)

"So you have to use SLAAC. "

Ohhhh... Its a tad too late here tonight to try it out. Makes sense tho and your explanation was killer and spot on.

I shall play more.

THANK YOU :)
 
kalamaja
Member Candidate
Member Candidate
Posts: 112
Joined: Wed May 23, 2018 3:13 pm

Re: IPv6 for home

Tue Jul 27, 2021 12:00 pm

Biggest brain-pains for starting with IPv6 are:
1) in IPv4 you mostly share IP-addresses, in IPv6 you mostly split and share prefixes(=first half of IPv6 full address)
2) there IS DHCPv6 that is somewhat similar to DHCPv4, but it's mostly used for prefix sharing, not end-client addresses sharing
3) in IPv4 routers dictate the addresses to clients, it IPv6 client dictates how many IPv6 addresses it takes, how often it recycles them, does it use address similar to MAC-address or not. Yes, big headache for network administrators.
4) there's two ways to share IPv6 addresses to end-devices: 1) DHCPv6, which is not supported by Mikrotik 2) SLAAC - fully automatic and supported
5) you cannot disable SLAAC, because there are many types of devices that support *ONLY* SLAAC scheme, for example everything Android. That's why you cannot do prefixes smaller than /64.
6) IPv4 and IPv6 are two SEPARATE IP-stack, so it's double work, also firewall rules etc. By default in Mikrotik, ipv6 module is disabled and even if you enable it, you don't get default configuration (firewall default rules etc) before making reset configuration or copying these rules from somewhere.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: IPv6 for home

Tue Jul 27, 2021 4:10 pm

Here is a simple ipv6 config(very simplified from my config). This works for comcast, and requests a /60 prefix (the max for residential comcast service). If there are /60 prefixes available, it should work (I have seen times where there are none available). The following uses WAN as your external interface name and LAN as your internal interface name.
/ipv6 dhcp-client
add add-default-route=yes interface=WAN pool-name=comcast_ipv6 \
    prefix-hint=::/60 request=address,prefix use-peer-dns=no
/ipv6 address
add from-pool=comcast_ipv6 interface=LAN
/ipv6 firewall filter
add action=accept chain=input protocol=icmpv6
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=546 in-interface=WAN protocol=\
    udp src-port=547
add action=drop chain=input connection-state=invalid
add action=drop chain=input in-interface=WAN
add action=drop chain=forward hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward connection-state=new in-interface=!WAN
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward in-interface=WAN
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes
add interface=LAN ra-delay=5s ra-interval=5s-30s
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 for home

Tue Jul 27, 2021 5:13 pm

2) there IS DHCPv6 that is somewhat similar to DHCPv4, but it's mostly used for prefix sharing, not end-client addresses sharing
Not true. As I wrote in my post above, full implementation of DHCPv6 server will send to end device almost same set of settings as DHCPv4, including IPv6 address to be directly used by end device. However DHCPv6 server in ROS v6 implements only a fraction of functionality (which doesn't include neither prefix distribution nor end device IPv6 address) and is used only for distributing IPv6 addresses of DNS servers (and perhaps some other minor stuff). Prefix sharing is done through different mechanism, namely RA (Routing Advertisements) and address acquisition process is called SLAAC (StateLess Address Auto Configuration) which is similar to APIPA (Automatic Private IP address) in IPv4 which yields addresses 169.254.0.0/16.
3) in IPv4 routers dictate the addresses to clients, it IPv6 client dictates how many IPv6 addresses it takes, how often it recycles them, does it use address similar to MAC-address or not. Yes, big headache for network administrators.
Again you're describing SLAAC which has nothing to do with DHCPv6. And one of SLAAC addresses usually do come deterministic, incorporating MAC address of device's network interface. With proper DHCPv6 server running in the network, it is possible to assign IPv6 addresses to end devices (similarly to well known DHCPv4) if end devices support that (as you mentioned in bullet 5) not all do).
 
Emil66
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Aug 28, 2018 2:09 am

Re: IPv6 for home

Tue Jul 27, 2021 5:53 pm

DHCPv6 server in ROS v6 implements only a fraction of functionality (which doesn't include neither prefix distribution nor end device IPv6 address) and is used only for distributing IPv6 addresses of DNS servers (and perhaps some other minor stuff). Prefix sharing is done through different mechanism, namely RA (Routing Advertisements)
No, that is wrong. The RouterOS DHCPv6 server supports prefix delegation (PD). It does not support assigning individual IPv6 addresses. RAs are no substitute for PD.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: IPv6 for home

Tue Jul 27, 2021 6:50 pm

mkx did say "proper DHCPv6 server"... The mikrotik DHCPv6 server is not fully featured, so I would not consider it proper either.
 
Emil66
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Aug 28, 2018 2:09 am

Re: IPv6 for home

Tue Jul 27, 2021 6:56 pm

mkx may be dissatisfied with the features supported by the RouterOS DHCPv6 server, but claiming that it can't distribute prefixes is factually incorrect. In a SOHO environment, DHCPv6 is really only needed for prefix delegation and RouterOS can do that.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 for home

Tue Jul 27, 2021 11:26 pm

No, ROS does prefix delegation through RAs (Router Advertisements). RAs are completely different function than DHCPv6. Android doesn't support DHCPv6 (as a whole) and yet android devices do receive prefixes ... through RAs.
 
Emil66
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Aug 28, 2018 2:09 am

Re: IPv6 for home

Wed Jul 28, 2021 12:17 am

There is no mechanism for prefix delegation in RAs. RAs advertise the router's prefix(es). They are not and indeed cannot be used to delegate prefixes. Conversely there is no mechanism for advertising prefixes in the DHCPv6 standard, just for delegating them. Delegating means assigning an entire prefix to be used by the device, typically another router. Mikrotik couldn't implement these two functions differently even if they wanted to: The DHCPv6 server's inability to advertise prefixes is not a deficiency. It's how it's meant to be.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: IPv6 for home

Wed Jul 28, 2021 1:38 am

Thank god I dont need ipv6. Hopefully you will guys will have it sorted out before I do LOL. Lots of turkey squabbling ;-P

Seriously what is planned in RoS 7?
 
Emil66
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Aug 28, 2018 2:09 am

Re: IPv6 for home

Wed Jul 28, 2021 10:36 am

Some things are easier with IPv6, because there is no NAT. Some things are more difficult with IPv6, because there is no NAT.
 
Zorb
just joined
Posts: 20
Joined: Fri Oct 09, 2020 1:41 am

Re: IPv6 for home

Mon Aug 23, 2021 6:15 am

I can't get any of this to work either.. /ipv6 commands listed are - compact - file - hide-sensitive - terse - and verbose.. I cant get any of the other commands to show up as anything other than bad command name
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 for home

Mon Aug 23, 2021 7:53 am

Did you install package ipv6? It isn't installed by default on ROS v6 ...

After you install this package, it's highly recommended to reset router to factory defaults to get default IPv6 firewall & co. Don't forget to create text export of current configuration beforehand and move it to your management PC so you can use it as reminder when you get to reconfigure device after factory reset.
 
BuddyCash
just joined
Posts: 1
Joined: Tue Aug 10, 2021 2:30 pm

Re: IPv6 for home

Wed Sep 01, 2021 3:09 am

I am having no luck getting my new MikroTik CCR1009-7G-1C-1S+ to pass ipv6 tests. I'm on Comcast . After months of working on this I finally set my old Netgear Rax120 on top of my basement rack and am using it as wired router only. So easy to setup ipv6 just choose auto detect and you are finished. For wireless Aruba Enterprise system with 7010 controller running 4 555ap.
I am successful setting up the MikroTik CCR1009-7G-1C-1S+ all except passing the ipv6 tests that the Netgear Rax120 seems to pass with ease.
My area Comcast has /64 . I'm going to try the setup in this post, but I've already tried a number of these I've found online. Maybe someone is in the Georgia area on Comcast gb service and could share their setup for ipv6 that actually fully works. Seems like an auto detect script to compete with the ease of Netgear should be added to the MikroTik ipv6 package. Thanks in advance.
Last edited by BuddyCash on Wed Sep 01, 2021 11:21 am, edited 1 time in total.

Who is online

Users browsing this forum: jaclaz, Uqbar and 43 guests