Community discussions

MikroTik App
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

ipv6 /56

Mon Feb 22, 2016 6:01 pm

Hello i bought myself lastweek a 3011UiAS. I have a 1GB up/down connection and my old router wasn't able to use the whole bandwidth.

But the real question is, how can setup my ipv6 config. My isp has given me a /56 ipv6 subnet.

I have now a working ipv6 adress on my ether1-gateway and i can ping to external ipv6 adresses without problem.
but how do i config the client part.

[admin@MikroTik] /ipv6> address print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                     ADVERTISE
 0 DL fe80::e68d:8cff:fe0c:9a8/64                           bridge-local                  no       
 1 DL fe80::e68d:8cff:fe0c:9a7/64                           ether1-gateway                no       
 2  G 2a05:f080:0:100::254/56                               ether1-gateway                no       
 3  G 2a05:f080:0:102::1/64                       lan       bridge-local                  yes
 
[admin@MikroTik] /ipv6> route print 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, 
U - unreachable 
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  ::/0                     2a05:f080:0:100::1              1
 1 ADC  2a05:f080:0:100::/56     ether1-gateway                  0
 2 ADC  2a05:f080:0:102::/64     bridge-local                    0
Greetings,

Jan
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Mon Feb 22, 2016 6:11 pm

Probably you should use /64 on the wan interface, not /56.

Next, (optional - just good practice) make a black hole route for your /56
/ipv6 route add dst=2a05:f080:0:100::/56 type=blackhole

Then you can just assign subnets to interfaces as you need:
/ipv6 address add interface=bridge-local address=2a05:f080:0:101::1/64
/ipv6 address add interface=bridge-guest address=2a05:f080:0:102::1/64
etc...

Be sure that the IPv6 ND settings look good for your network - by default, the ND interface "all" should be good enough, just make sure not to check managed address configuration or other configuration, unless you set up a DHCPv6 server in your LANs. (Mikrotik's DHCPv6 server only does prefix delegation, so that won't solve the problem)

If you're setting up a Windows client, and you have IPv6 only on it for testing, then you'll need to manually assign an IPv6 DNS server because Mikrotik only advertises DNS in the RA packets for SLAAC, and Windows only supports learning DNS server addresses with DHCPv6.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

Re: ipv6 /56

Mon Feb 22, 2016 10:17 pm

Hello,

Thnx for your quick response.
/ipv6 route add dst=2a05:f080:0:100::/56 type=blackhole
When i try to blackhole i can only choose unicast or unreachable

i have change the adress on the wan interface to /64 and assignd a /64 on the bridge-local.
my ubuntu machine recieves a ipv6 adress but cannot ping to external adresses or the gateway from my isp.

here are the ND settings
[admin@MikroTik] /ipv6> /ipv6 nd print 
Flags: X - disabled, I - invalid, * - default 
 0  * interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m hop-limit=64 advertise-mac-address=yes advertise-dns=yes 
      managed-address-configuration=no other-configuration=no 
network linux machine:
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether c0:3f:d5:64:fd:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.107/24 brd 192.168.2.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 2a05:f080:0:102:c23f:d5ff:fe64:fde9/64 scope global noprefixroute dynamic 
       valid_lft 2591960sec preferred_lft 604760sec
    inet6 fe80::c23f:d5ff:fe64:fde9/64 scope link 
       valid_lft forever preferred_lft forever
ip neigh show
fe80::e68d:8cff:fe0c:9a8 dev eno1 lladdr e4:8d:8c:0c:09:a8 router REACHABLE
2a05:f080:0:102::1 dev eno1 lladdr e4:8d:8c:0c:09:a8 router STALE
 
patrick7
Member
Member
Posts: 302
Joined: Sat Jul 20, 2013 2:40 pm

Re: ipv6 /56

Mon Feb 22, 2016 10:27 pm

type=blackhole unfortunately does not exists with IPv6. Use unreachable instead.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Tue Feb 23, 2016 12:14 am

type=blackhole unfortunately does not exists with IPv6. Use unreachable instead.
I just noticed that dhcp-pd client automatically adds the unreachable route for the master prefix received. Kinda cool, actually. :)

And yeah, blackhole would be nice to have.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Tue Feb 23, 2016 12:20 am

my ubuntu machine recieves a ipv6 adress but cannot ping to external adresses or the gateway from my isp.
Double-check your IPv6 filter rules to make sure nothing's being blocked that shouldn't be.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

Re: ipv6 /56

Tue Feb 23, 2016 12:39 am

Double-check your IPv6 filter rules to make sure nothing's being blocked that shouldn't be.
No filters atm
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Tue Feb 23, 2016 12:48 am

Can you:
1) ping the wan interface of the Mikrotik from the Linux box?
2) ping the Mikrotik's default GW from the Linux box.

If 1 works but not 2, then I'd imagine that perhaps your WAN interface IP is configured differently than the ISP expects - double check with them what address they're routing your /56 to, and make sure that's the address on your WAN interface.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

Re: ipv6 /56

Tue Feb 23, 2016 12:51 am

Can you:
1) ping the wan interface of the Mikrotik from the Linux box?
2) ping the Mikrotik's default GW from the Linux box.

If 1 works but not 2, then I'd imagine that perhaps your WAN interface IP is configured differently than the ISP expects - double check with them what address they're routing your /56 to, and make sure that's the address on your WAN interface.
1 is working, 2 not. The only information i have is this:
GW IPv6: 2a05:f080:0:100::1/56 

Compressed Address:  2a05:f080:0:100::1/56

Expanded Address:    2a05:f080:0000:0100:0000:0000:0000:0001/56

Range:  2a05:f080:0:100:0:0:0:0 - 2a05:f080:0:1ff:ffff:ffff:ffff:ffff
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Tue Feb 23, 2016 1:01 am

Something about this just seems odd if the ISP is telling you to use /56 on the WAN interface....
If they're just dumping the entire /56 right out the interface without a specific address on your end as a routed destination, then I wonder how they expect you to break it up into LAN segments.

I just tried to ping the public address earlier in your post:
2a05:f080:0:102::254

no dice.

I can ping 2a05:f080:0:102::1 though....

Do you see 2a05:f080:0:102::1 in IPv6 Neighbors list on the Mikrotik?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

Re: ipv6 /56

Tue Feb 23, 2016 2:05 pm

Something about this just seems odd if the ISP is telling you to use /56 on the WAN interface....
If they're just dumping the entire /56 right out the interface without a specific address on your end as a routed destination, then I wonder how they expect you to break it up into LAN segments.

I just tried to ping the public address earlier in your post:
2a05:f080:0:102::254

no dice.

I can ping 2a05:f080:0:102::1 though....

Do you see 2a05:f080:0:102::1 in IPv6 Neighbors list on the Mikrotik?
I have cleared the whole config.

ISP GW = 2a05:f080:0:100::1
Mikrotik WAN = 2a05:f080:0:100::2
Mikrotik LAN = 2a05:f080:0:102::1

And i can see 2a05:f080:0:100::1 and from the Mikrotik i can ping the gateway, but i dont see the clients i only see the fe80 adresses
[admin@MikroTik] > /ipv6 neighbor print 
Flags: R - router 
 0 R address=2a05:f080:0:100::1 interface=ether1-gateway mac-address=CC:4E:24:0C:F2:00 status="stale" 

 1 R address=fe80::ce4e:24ff:fe0c:f200 interface=ether1-gateway mac-address=CC:4E:24:0C:F2:00 status="stale" 

 2   address=fe80::ea50:8bff:fef2:5423 interface=bridge-local mac-address=E8:50:8B:F2:54:23 status="failed" 

 3   address=fe80::cfc:cf92:5616:fefc interface=bridge-local mac-address=A0:ED:CD:E8:B9:23 status="stale" 

 4   address=fe80::c23f:d5ff:fe64:fde9 interface=bridge-local mac-address=C0:3F:D5:64:FD:E9 status="stale"
[admin@MikroTik] > /ipv6 address print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                        ADVERTISE
 0 DL fe80::e68d:8cff:fe0c:9a8/64                           bridge-local                     no       
 1 DL fe80::e68d:8cff:fe0c:9a7/64                           ether1-gateway                   no       
 2  G 2a05:f080:0:100::2/64                                 ether1-gateway                   no       
 3  G 2a05:f080:0:102::1/64                       lan       bridge-local                     yes   
on my ubuntu machine:
# ip -6 neigh show
fe80::e68d:8cff:fe0c:9a8 dev eno1 lladdr e4:8d:8c:0c:09:a8 router DELAY
2a05:f080:0:102::1 dev eno1 lladdr e4:8d:8c:0c:09:a8 router DELAY
when i ping from http://www.subnetonline.com/pages/ipv6- ... 6-ping.php i got a response
IPv6 Ping Output:
PING 2a05:f080:0:100::2(2a05:f080:0:100::2) 32 data bytes
40 bytes from 2a05:f080:0:100::2: icmp_seq=0 ttl=61 time=3.36 ms
40 bytes from 2a05:f080:0:100::2: icmp_seq=1 ttl=61 time=2.00 ms
40 bytes from 2a05:f080:0:100::2: icmp_seq=2 ttl=61 time=2.03 ms
40 bytes from 2a05:f080:0:100::2: icmp_seq=3 ttl=61 time=2.23 ms
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: ipv6 /56

Tue Feb 23, 2016 4:13 pm

Why would you need an IPv6 address on your WAN port?
You can use the whole /56 space for your address pools to be assigned to LAN clients and let the router just route.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Tue Feb 23, 2016 5:45 pm

Why would you need an IPv6 address on your WAN port?
You can use the whole /56 space for your address pools to be assigned to LAN clients and let the router just route.
True - and I'm the same way - I didn't bother to put a /64 on the WAN interface, but in this particular case, it's helpful.

From on the Internet, I can ping the wan address 2a05:f080:0:100::2
However, I cannot ping the 2a05:f080:0:102::1 address of the same router.

If there are no filter rules in the IPv6 firewall of the Mikrotik, then this leads me to believe that there's a routing issue from the ISP to the customer equipment - i.e. it doesn't have proper next hop information for the entire /56. It really feels like they're dropping it off on their router's LAN interface and saying "enjoy your /56"
I have cleared the whole config.
Have you tried putting IPv6 DHCP-PD client on your WAN interface, and putting a prefix hint = ::/56 ?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
kappert
just joined
Topic Author
Posts: 6
Joined: Mon Feb 22, 2016 5:21 pm

Re: ipv6 /56

Wed Feb 24, 2016 4:28 pm

Have you tried putting IPv6 DHCP-PD client on your WAN interface, and putting a prefix hint = ::/56 ?
yes but dont get an ip addres, and when i dont place a adress on the wan interface i cant communicate with the ISP gateway.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: ipv6 /56

Wed Feb 24, 2016 4:31 pm

My gut tells me that either the ISP is just putting a /56 directly on their LAN interface with you, or else they're expecting some kind of behavior from the customer router that Mikrotik just isn't doing.

I'd say call their customer support and try to get them to shed some light on how they expect you to break up the /56.
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: afuchs, eworm and 117 guests