Community discussions

Topic Author
Posts: 43
Joined: Thu Feb 06, 2014 8:49 pm

Suggestions for keeping a historical record of IPv6 Delegated prefixes

Sun Oct 09, 2016 10:47 pm

I work for a smallish ISP. We deliver our service with PPPoE. We currently manage the PPPoE sessions with RADIUS (our server is a Freeradius server). For IPv4, the WAN address is recorded by the freeradius server from the accounting packets sent from the Mikrotik PPPoE servers. If any abuse complaints come in, they are always for the IPv4 WAN address (because of NAT), and we can track down what username/account is responsible, and let them know.

We have IPv6 throughout our network and servers. We are ready to roll it out to customers, and have IPv6 deployed to real customers at a testing tower site with no issues so far. We are doing DHCPv6 Prefix delegation over the PPPoE link to hand out blocks of public IPv6 addresses for the customers to use on their LAN, along with the standard IP6CP and router advertisements for the WAN. We are literally ready to flip the switch and give our customers IPv6 (and check that off our list). It would literally take us half an hour to finish deploying IPv6 to our customers.

But, here's the problem: while the public IPv6 /64 for the WAN link is sent in radius accounting packets (and recorded by our Freeradius server), the IPv6 delegated prefix block (for the customer to use on their LAN) IS NOT. (See ... 4&p=428369 and The problem is that these are public addresses that will be used by customers on machines on their LAN, so abuse complaints will eventually end up coming in for addresses in those blocks, but we will have no way to correlate them to a specific user.

It seems that it may take Mikrotik a long time to add proper support for reporting the delegated prefix in the radius accounting packets. So in the mean time, I'm trying to come up with any other way to keep a record of who had what delegated prefix at what time. I've had a few ideas so far.

1.Is there any way to get the DHCPv6 server to log when a prefix is delegated and when it is released? I could then get the system log to go to a syslog server and grep that should any abuse come up.
2.Is there some way to write an event script that happens when a prefix is delegated? I could then log a message or even maybe do something to send some kind of indication to a server that could log it. (I'm not above writing a CGI script on some linux server to record this).
3.Is there some way to attach something to the event of a route being created when a prefix is delegated? Maybe then I could do something similar to point 2 above.

Who is online

Users browsing this forum: MSN [Bot] and 116 guests