Community discussions

MikroTik App
 
Altare
just joined
Topic Author
Posts: 10
Joined: Wed Jun 22, 2016 1:11 pm

IPv6 testing, some help required

Fri Sep 16, 2016 5:35 pm

I'm after some opinions/advice on IPv6 rollout from an ISP perspective. First a general question: what's the general approach to assigning v6 to customers? Static vs dynamic, PD, WAN interface addressing?

I've been reading that most seem to dish out a /64 for the CPE WAN interface plus a /56 (for example) using DHCP-PD for their internal use. I've been testing the same and I'm running into problems with the former. I have no trouble assigning CPEs different PD prefixes using RADIUS and Mikrotik-Delegated-IPv6-Pool, but the WAN interface is where I'm struggling. I've tried SLAAC, DHCPv6 and Framed-IPv6-Address/Framed-IPv6-Prefix, but nothing seems to work. I got close with Framed-IPv6-Prefix - the Mikrotik created a static /64 route to the PPP interface, but the CPE didn't have a clue about it. It's not affecting routing, but is it OK to leave the WAN interface as a link-local address? Or is it simply fine to request the user use one of the /64 in their delegated pool for their WAN?

Configuring a DHCPv6 server on the PE didn't work for addresses as it seems to only give out prefixes. The DHCPv6 client though can request both prefixes and addresses - how does that work?

What's the recommended way of assigning static prefix pools (to avoid phone calls when the home user can no longer connect to their printer) without all the admin overhead every time a new customer connection is made? While ULA is one solution, we can't really expect most residential customers to understand what that is, let alone configure it.
 
mbrandl
just joined
Posts: 8
Joined: Tue Nov 04, 2014 4:10 pm

Re: IPv6 testing, some help required

Thu Sep 22, 2016 1:42 am

I would also like some input on this as I've got to a very similar stage in our rollout process.

Thanks

Mike
 
mbeauverd
just joined
Posts: 18
Joined: Mon Oct 03, 2016 10:46 am

Re: IPv6 testing, some help required

Fri Oct 07, 2016 9:00 pm

. It's not affecting routing, but is it OK to leave the WAN interface as a link-local address? Or is it simply fine to request the user use one of the /64 in their delegated pool for their WAN?
.
I would love to know too !
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 testing, some help required

Fri Oct 07, 2016 9:20 pm

My ISP uses PPPoE. I dislike it, but at least it solves the problem of assigning a link address.
Of course you can use the link-local address as well. It is no problem to route over that, but it may confuse some users.

My ISP uses DHCPv6-PD and I can simply assign addresses from the pool to internal interfaces, but unfortunately
MikroTik has no option to lock a certain subnet to a certain interface. When configuration is changed or software
behaviour changes, the addresses move around at random, which is not nice when you have externally accessible
servers on IPv6.

So it would be nice to have the option to statically set addresses, but my ISP only routes the prefixes requested by PD
so it is not an option to just set a static address and ignore the PD stuff.

Please don't use dynamic addresses as it is very inconvenient for users who have local devices on their networks
they want to access locally (printer, nas etc) and don't want to see changing address all the time.
People have even requested IPv6 NAT features in MikroTik routers to work around that problem (static LAN address
being translated to dynamic internet address)....
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: IPv6 testing, some help required

Fri Oct 07, 2016 10:21 pm

My ISP uses DHCPv6-PD and I can simply assign addresses from the pool to internal interfaces, but unfortunately
MikroTik has no option to lock a certain subnet to a certain interface. When configuration is changed or software
behaviour changes, the addresses move around at random, which is not nice when you have externally accessible
servers on IPv6.
That is a shortcoming in MT. Other platforms I have worked with allow you to assign the pool prefix by "index" number.
Example: eth1 is assigned pool prefix 0, eth2 is assigned pool prefix 1, etc.

A major PITA how MT will randomly reassign when you make an interface change, as you stated.
 
Sob
Forum Guru
Forum Guru
Posts: 5594
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 testing, some help required

Fri Oct 07, 2016 11:39 pm

Not that this sort-of-static per-interface assignment would save the day. While better than being completely random, when the main prefix comes from DHCPv6, addresses can still change any time. What I want to hear from ISP is "welcome dear customer, here's your static 2001:db8::/48 prefix, it's all yours for as long as you're with us, use it any way you like and enjoy". :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: IPv6 testing, some help required

Sat Oct 08, 2016 1:33 am

I agree that ISPs should use static allocations for customers. However, semi-static definitely has a perk or two as for the "from pool" mode - it would allow very rapid renumbering of your network if you were to change ISPs - so long as the new ISP gave you the same amount of prefixes to work with, it would be a one step change as far as the network infrastructure was concerned....

I've asked for the ability to specify sub-prefixes from pool, but never saw any response on here about the feature being planned in the future.


My most-wanted IPv6 features:
Ability to send AAAA records in dyndns updates
Stateless DHCPv6 server
Stateless NAT64 (CLAT function of 464XLAT deployment, a very useful feature for ISPs - they can make their network work with v6-only on the access and distribution layers, with a centralized stateful NAT64 for IPv4 connectivity to work)
DHCP server -> static DNS entry auto-generation (so hosts can be accessed by name on your local network)
Fixed routing bugs in IPv6: /128 loopbacks advertised from Cisco routers are ignored in OSPFv3, recursive next-hop lookup issues with iBGP, especially with link-local next hop
Stateful DHCPv6 server (for those who want to have more central control over hosts being able to join the network)
Stateless NAT66-PT (prefix translation for working around those pesky dynamic ISPs... but on the other hand, if this feature doesn't exist, then more pressure will be placed on ISPs to go static)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: IPv6 testing, some help required

Sat Oct 08, 2016 2:28 am

Depends on your configuration. We use /64s and /60s for residential users. Nobody has used a /60 yet. And a single IP for the wan interface. In reality you don't need the single IP in the wan. It's not used for anything in 99% of situations.

Source guarded ports so users can't egress traffic with unassigned ips.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 testing, some help required

Sat Oct 08, 2016 11:25 am

What I want to hear from ISP is "welcome dear customer, here's your static 2001:db8::/48 prefix, it's all yours for as long as you're with us, use it any way you like and enjoy". :)
My ISP does just that! I get a static /48 prefix that will only change when there are technical reasons, not at random moments.
But I need to fetch prefixes using DHCPv6-PD! When I don't do that it won't be routed at their end.

So what I want is to specify the subnet (16-bit in my case) for each network that I assign an IPv6 address, or at least specify
the sequence in which addresses will be assigned to interfaces at boot time. So I can at least decide which interface gets
the 0, the 1, etc subnet. And I can put those host addresses in DNS and keep them after router reboots or reconfigs.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 testing, some help required

Sat Oct 08, 2016 11:28 am

Depends on your configuration. We use /64s and /60s for residential users. Nobody has used a /60 yet.
Strange... I used a Draytek router for a while and it requests a /64 for its WAN and one for its LAN.
In my MikroTik config I have a separate guest WiFi network and it has its own /64 plus the /64 for my LAN (ether+WiFi bridged).
The AVM Fritzbox my ISP provides does the same thing.
So needing more than one /64 should not be that uncommon.
 
Sob
Forum Guru
Forum Guru
Posts: 5594
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 testing, some help required

Sun Oct 09, 2016 2:08 am

But I need to fetch prefixes using DHCPv6-PD!
My ideal config would be real static, i.e. numbers on the paper, no DHCPv6. But it doesn't look like it will be a common thing.
So what I want is to specify the subnet (16-bit in my case) for each network that I assign an IPv6 address, ...
When you add address with from-pool=<dhcpv6 pool>, RouterOS already keeps the last 64 bits. So all they need to do is to extend it to keep last 128 - <received prefix length> bits and it would be perfect for this case, as long as the prefix length would stay the same.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
mbeauverd
just joined
Posts: 18
Joined: Mon Oct 03, 2016 10:46 am

Re: IPv6 testing, some help required

Sun Oct 09, 2016 9:40 am

My most-wanted IPv6 features:
Ability to send AAAA records in dyndns updates
Stateless DHCPv6 server
Stateless NAT64 (CLAT function of 464XLAT deployment, a very useful feature for ISPs - they can make their network work with v6-only on the access and distribution layers, with a centralized stateful NAT64 for IPv4 connectivity to work)
DHCP server -> static DNS entry auto-generation (so hosts can be accessed by name on your local network)
Fixed routing bugs in IPv6: /128 loopbacks advertised from Cisco routers are ignored in OSPFv3, recursive next-hop lookup issues with iBGP, especially with link-local next hop
Stateful DHCPv6 server (for those who want to have more central control over hosts being able to join the network)
Stateless NAT66-PT (prefix translation for working around those pesky dynamic ISPs... but on the other hand, if this feature doesn't exist, then more pressure will be placed on ISPs to go static)
I will add "set priority" in Mangle Rule of IPv6 Firewall, I am not able to do prioritize packets and doing QOS on IPv6 :(
 
mbeauverd
just joined
Posts: 18
Joined: Mon Oct 03, 2016 10:46 am

Re: IPv6 testing, some help required

Sun Oct 09, 2016 9:44 am

Strange... I used a Draytek router for a while and it requests a /64 for its WAN and one for its LAN.
In my MikroTik config I have a separate guest WiFi network and it has its own /64 plus the /64 for my LAN (ether+WiFi bridged).
The AVM Fritzbox my ISP provides does the same thing.
So needing more than one /64 should not be that uncommon.
Zywall do the same as well !
 
pe1chl
Forum Guru
Forum Guru
Posts: 6673
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 testing, some help required

Sun Oct 09, 2016 11:40 am

My ideal config would be real static, i.e. numbers on the paper, no DHCPv6. But it doesn't look like it will be a common thing.
I don't agree... at work we have a different ISP and it uses only static addresses, but it is a drag and error-prone to have to
configure those addresses before being able to use the router.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: IPv6 testing, some help required

Sun Oct 09, 2016 5:08 pm

It doesn't request a /64 for the WAN. It requests a NA address and derives the prefix of the subnet fro router advertisements. Dhcpv6 from a single client standpoint (i.e.: not a PD request) has no concept of a subnet mask.

Who is online

Users browsing this forum: ctlo, dhiaahmed, hamster922, morf, quackyo and 61 guests