Hi guys,
I'm having my first contact with ipv6 and I'm studying about. I heard that in Brazil all ISP are expected to deliver IPv6 for all home users and my provider has already done. Now I have /64 ipv6 subnet with CGNAT to IPv4.
Well, I'd like to use my mikrotik to make my subnet and I'm facing problems to provide IPv6 addresses to my devices. I want to use my ISP ipv6 addrs on each device.
I used this config:
1) I created a ipv6 dhcp client
/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=Poolv6 request=prefix
/ipv6 dhcp-client print terse
0 interface=ether1 status=bound duid=0x000300014c5e0cde47de dhcp-server-v6=fe80::1 request=prefix add-default-route=yes use-peer-dns=yes pool-name=Poolv6 pool-prefix-length=64 prefix-hint=::/0 prefix=2001:1284:f00d:7bbc::/64, 23h55m9s
2) And now I create ipv6 addr
/ipv6 address add from-pool=Poolv6 interface=LAN advertise=yes
My devices can receive my ISP ipv6, but I'm not able to connect to internet!!
$ ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:cf:e9:51:6b:83
inet6 fe80::10f6:449d:486c:365%en0 prefixlen 64 secured scopeid 0x4
inet 10.20.40.254 netmask 0xffffff00 broadcast 10.20.40.255
inet6 2001:1284:f00d:7bbc:1494:b030:674c:6c67 prefixlen 64 autoconf secured
inet6 2001:1284:f00d:7bbc:bdb0:6149:5f36:a1d5 prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
$ traceroute6 http://www.google.com
traceroute6 to http://www.google.com (2800:3f0:4001:802::2004) from 2001:1284:f00d:7bbc:bdb0:6149:5f36:a1d5, 64 hops max, 12 byte packets
1 2001:1284:f00d:7bbc:: 4.966 ms 14.574 ms 0.670 ms
Could you help me to find the problem?
Regards
Re: Problem to advertise ISP IPv6
What does your route table look like?
Do you see the interface address and the default route?
Do you have firewall entries?
Do you see the interface address and the default route?
Do you have firewall entries?
Re: Problem to advertise ISP IPv6
To advertise correctly, you need to set a IPv6 address, not only the prefix.
Code: Select all
/ipv6 address add from-pool=Poolv6 interface=LAN advertise=yes eui-64=no address=::1/64Re: Problem to advertise ISP IPv6
No, it works fine with a eui64 address as he used.
Re: Problem to advertise ISP IPv6
ipv6 dhcp-client 0 set request=address,prefix
Also a print-out of your IPv6 address and routing tables before and after.
Also a print-out of your IPv6 address and routing tables before and after.
Re: Problem to advertise ISP IPv6
Code: Select all
/ipv6 firewall filter
add action=accept chain=input comment="(base)DHCPv6" dst-address=fe80::/10 dst-port=546 protocol=udp src-address=\
fe80::/10 src-port=547
add action=accept chain=input comment="(base)icmpv6 destination-unreachable" icmp-options=1 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 packet-too-big" icmp-options=2 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 time-exceeded" icmp-options=3 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 bad-header" icmp-options=4:0 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-request" icmp-options=128 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-reply" icmp-options=129 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-solicitation" icmp-options=133 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-advertisement" icmp-options=134 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-solicitation" icmp-options=135 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-advertisement" icmp-options=136 in-interface=eth1 limit=\
1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=input comment="(base)" in-interface=eth1
add action=accept chain=forward comment="(base)icmpv6 destination-unreachable" icmp-options=1 limit=1k,100:packet \
protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 packet-too-big" icmp-options=2 limit=1k,100:packet protocol=\
icmpv6
add action=accept chain=forward comment="(base)icmpv6 time-exceeded" icmp-options=3 limit=1k,100:packet protocol=\
icmpv6
add action=accept chain=forward comment="(base)icmpv6 bad-header" icmp-options=4:0 limit=1k,100:packet protocol=\
icmpv6
add action=accept chain=forward comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 limit=1k,100:packet \
protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-request" icmp-options=128 limit=1k,100:packet protocol=\
icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-reply" icmp-options=129 limit=1k,100:packet protocol=\
icmpv6
add action=accept chain=forward comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=forward comment="(base)drop invalid" connection-state=invalid
add action=drop chain=forward comment="(base)" in-interface=eth1
Re: Problem to advertise ISP IPv6
Thanks for all help, but I'm still facing problem. I know there aren't nat on ipv6, but making an analogy to ipv4, is the same symptom that a private network without nat. I'm receiving ip addr, but I can't have access to Internet.
I read some documentaries and videos on Youtube and did step by step without skipping steps.
Now I'm trying to use RB 3011 UiAS-RM with the last router board OS version.
Question: If I get a /64 network from my ISP can I also re-pass (advertise) as /64?
My config:
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/ip pool
add name=Poolv4-LAN ranges=172.20.254.100-172.20.254.200
/ip dhcp-server
add address-pool=Poolv4-LAN disabled=no interface=LAN name=dhcp-LAN
/interface bridge port
add bridge=LAN interface=ether6-master
add bridge=LAN interface=ether2
/ip address
add address=172.20.254.1/24 interface=LAN network=172.20.254.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=172.20.254.0/24 dns-server=172.20.254.1 gateway=172.20.254.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ipv6 address
add from-pool=Poolv6 interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=Poolv6 request=address,prefix
/ipv6 firewall filter
add action=accept chain=input
add action=accept chain=input comment="(base)DHCPv6" dst-address=fe80::/10 dst-port=546 protocol=udp src-address=fe80::/10 src-port=547
add action=accept chain=input comment="(base)icmpv6 destination-unreachable" icmp-options=1 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 packet-too-big" icmp-options=2 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 time-exceeded" icmp-options=3 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 bad-header" icmp-options=4:0 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-request" icmp-options=128 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-reply" icmp-options=129 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-solicitation" icmp-options=133 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-advertisement" icmp-options=134 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-solicitation" icmp-options=135 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-advertisement" icmp-options=136 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=input comment="(base)" in-interface=ether1
add action=accept chain=forward comment="(base)icmpv6 destination-unreachable" icmp-options=1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 packet-too-big" icmp-options=2 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 time-exceeded" icmp-options=3 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 bad-header" icmp-options=4:0 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-request" icmp-options=128 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-reply" icmp-options=129 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=forward comment="(base)drop invalid" connection-state=invalid
add action=drop chain=forward comment="(base)" in-interface=ether1
/system clock
set time-zone-name=America/Sao_Paulo
I'm receiving IPv6, m RB as set as default gateway, but I'm reaching internet.
Regards,
I read some documentaries and videos on Youtube and did step by step without skipping steps.
Now I'm trying to use RB 3011 UiAS-RM with the last router board OS version.
Question: If I get a /64 network from my ISP can I also re-pass (advertise) as /64?
My config:
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/ip pool
add name=Poolv4-LAN ranges=172.20.254.100-172.20.254.200
/ip dhcp-server
add address-pool=Poolv4-LAN disabled=no interface=LAN name=dhcp-LAN
/interface bridge port
add bridge=LAN interface=ether6-master
add bridge=LAN interface=ether2
/ip address
add address=172.20.254.1/24 interface=LAN network=172.20.254.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=172.20.254.0/24 dns-server=172.20.254.1 gateway=172.20.254.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ipv6 address
add from-pool=Poolv6 interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=Poolv6 request=address,prefix
/ipv6 firewall filter
add action=accept chain=input
add action=accept chain=input comment="(base)DHCPv6" dst-address=fe80::/10 dst-port=546 protocol=udp src-address=fe80::/10 src-port=547
add action=accept chain=input comment="(base)icmpv6 destination-unreachable" icmp-options=1 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 packet-too-big" icmp-options=2 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 time-exceeded" icmp-options=3 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 bad-header" icmp-options=4:0 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-request" icmp-options=128 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 echo-reply" icmp-options=129 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-solicitation" icmp-options=133 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 router-advertisement" icmp-options=134 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-solicitation" icmp-options=135 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)icmpv6 neighbor-advertisement" icmp-options=136 in-interface=ether1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=input comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=input comment="(base)" in-interface=ether1
add action=accept chain=forward comment="(base)icmpv6 destination-unreachable" icmp-options=1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 packet-too-big" icmp-options=2 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 time-exceeded" icmp-options=3 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 bad-header" icmp-options=4:0 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 unknown-header-type" icmp-options=4:1 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-request" icmp-options=128 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)icmpv6 echo-reply" icmp-options=129 limit=1k,100:packet protocol=icmpv6
add action=accept chain=forward comment="(base)allow any established or related" connection-state=established,related
add action=drop chain=forward comment="(base)drop invalid" connection-state=invalid
add action=drop chain=forward comment="(base)" in-interface=ether1
/system clock
set time-zone-name=America/Sao_Paulo
I'm receiving IPv6, m RB as set as default gateway, but I'm reaching internet.
Regards,
Re: Problem to advertise ISP IPv6
@idlemind:
My Ipv6:
> ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::6e3b:6bff:fefd:7eb7/64 LAN no
1 DL fe80::6e3b:6bff:fefd:7eb6/64 ether1 no
2 G 2001:1284:f00d:7bbc:172:20:254:1/64 Poolv6 LAN yes
3 DG 2001:1284:f00d:7bbc::1/64 ether1 no
My routing:
> ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADS dst-address=::/0 gateway=fe80::1%ether1 gateway-status=fe80::1%ether1 reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=2001:1284:f00d:7bbc::/64 gateway=ether1,LAN gateway-status=ether1 reachable,LAN reachable distance=0 scope=10
2 DSU dst-address=2001:1284:f00d:7bbc::/64 type=unreachable distance=1
I don't know why duplicated route and one of then is unreachable. Router OS has placed these routes automatically.
Ping from my router board:
> ping 2800:3f0:4001:806::2004
SEQ HOST SIZE TTL TIME STATUS
0 2800:3f0:4001:806::2004 56 56 19ms echo reply
1 2800:3f0:4001:806::2004 56 56 18ms echo reply
2 2800:3f0:4001:806::2004 56 56 18ms echo reply
3 2800:3f0:4001:806::2004 56 56 18ms echo reply
sent=4 received=4 packet-loss=0% min-rtt=18ms avg-rtt=18ms max-rtt=19ms
My desktop cannot ping ipv6.
Do you need more information?
Thanks for your help!
Regards,
My Ipv6:
> ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::6e3b:6bff:fefd:7eb7/64 LAN no
1 DL fe80::6e3b:6bff:fefd:7eb6/64 ether1 no
2 G 2001:1284:f00d:7bbc:172:20:254:1/64 Poolv6 LAN yes
3 DG 2001:1284:f00d:7bbc::1/64 ether1 no
My routing:
> ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADS dst-address=::/0 gateway=fe80::1%ether1 gateway-status=fe80::1%ether1 reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=2001:1284:f00d:7bbc::/64 gateway=ether1,LAN gateway-status=ether1 reachable,LAN reachable distance=0 scope=10
2 DSU dst-address=2001:1284:f00d:7bbc::/64 type=unreachable distance=1
I don't know why duplicated route and one of then is unreachable. Router OS has placed these routes automatically.
Ping from my router board:
> ping 2800:3f0:4001:806::2004
SEQ HOST SIZE TTL TIME STATUS
0 2800:3f0:4001:806::2004 56 56 19ms echo reply
1 2800:3f0:4001:806::2004 56 56 18ms echo reply
2 2800:3f0:4001:806::2004 56 56 18ms echo reply
3 2800:3f0:4001:806::2004 56 56 18ms echo reply
sent=4 received=4 packet-loss=0% min-rtt=18ms avg-rtt=18ms max-rtt=19ms
My desktop cannot ping ipv6.
Do you need more information?
Thanks for your help!
Regards,
Re: Problem to advertise ISP IPv6
Your ipv6 default gateway is strange (fe80::1).
Can you post the traceroute to 2001:12ff:0:4::9 (ipv6.br)?
Can you post the traceroute to 2001:12ff:0:4::9 (ipv6.br)?
Re: Problem to advertise ISP IPv6
Nothing wrong with that!Your ipv6 default gateway is strange (fe80::1).
Do you have any actual IPv6 knowledge and experience? This is the second misleading advise in this thread.
Re: Problem to advertise ISP IPv6
When you just receive the prefix - all the traffic to that prefix will go to your device that acquired the prefix. This route ensures that while you have not assigned address from the prefix in your network it properly responds that network is unavailable (as per flags at the route, specifically U flag)@idlemind:
> ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADS dst-address=::/0 gateway=fe80::1%ether1 gateway-status=fe80::1%ether1 reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=2001:1284:f00d:7bbc::/64 gateway=ether1,LAN gateway-status=ether1 reachable,LAN reachable distance=0 scope=10
2 DSU dst-address=2001:1284:f00d:7bbc::/64 type=unreachable distance=1
I don't know why duplicated route and one of then is unreachable. Router OS has placed these routes automatically.
Regards,
Re: Problem to advertise ISP IPv6
I don't have experience from field and serious business. Only from my tests using HE tunnel and an config to get a prefix from ISP, nothing more. My theoretical knowledge isn't good.Nothing wrong with that!Your ipv6 default gateway is strange (fe80::1).
Do you have any actual IPv6 knowledge and experience? This is the second misleading advise in this thread.
Well, you helped me by saying that certain things i said were wrong. Thanks for this.
Now i know i need learn better about IPv6.
Re: Problem to advertise ISP IPv6
These two cases in particular:
- you can use a EUI-64 address and still advertise it. I have done that myself.
- you can have an default route that uses the fe80 address on a point-to-point link.
So those two things are not what is broken on his config.
Your idea to use traceroute was good, then at least you can find where the problem is occurring.
Torch or Packet Sniffer can be used as well.
- you can use a EUI-64 address and still advertise it. I have done that myself.
- you can have an default route that uses the fe80 address on a point-to-point link.
So those two things are not what is broken on his config.
Your idea to use traceroute was good, then at least you can find where the problem is occurring.
Torch or Packet Sniffer can be used as well.
Re: Problem to advertise ISP IPv6
Did you try changing it to address and prefix in the DHCPv6 client? If not change it and repost:
ipv6 dhcp-client print detail
ipv6 pool print
ipv6 route print
It looks like the /64 you are getting from your ISP being used on ether1 (wan) and you are trying to use the same prefix on LAN as well. This would explain why your router (via ether1) has connectivity (ping, traceroute) to other v6 and not your LAN.
ipv6 dhcp-client print detail
ipv6 pool print
ipv6 route print
It looks like the /64 you are getting from your ISP being used on ether1 (wan) and you are trying to use the same prefix on LAN as well. This would explain why your router (via ether1) has connectivity (ping, traceroute) to other v6 and not your LAN.
Re: Problem to advertise ISP IPv6
It looks like the /64 you are getting from your ISP being used on ether1 (wan) and you are trying to use the same prefix on LAN as well. This would explain why your router (via ether1) has connectivity (ping, traceroute) to other v6 and not your LAN.
Ding ding ding!
Un-check the "address" checkbox in your DHCPv6 client. You don't need any routable public IPv6 address on your WAN interface at all.
In fact, devices prefer to use the link-local (fe80::) addresses as their routing tables' next-hop addresses.
The ISP has simply configured their router's link-local address as fe80::1 - which is something I am planning to do on my own deployment. This way, you can always know that the default GW is fe80::1 no matter which router you're connected to.
If you run OSPF / BGP / etc - you'll find that the next-hop address of dynamically-learned routes is going to be the link-local address of the neighbor, and not the globally-unique unicast (a.k.a. "public") IPv6 address.
Re: Problem to advertise ISP IPv6
Thanks Zero!
I run w/address and prefix in my IPv6 DHCP client. I also request a /56 with prefix-hint. Everything works swell. I like having a GUA address on my WAN interface but like you said it's not required.
The thing that is a little odd to me after re-reading the thread is that rflovato is using both address and prefix in his IPv6 DHCP client statement. The router appears to be getting the /64 delegated to it and added to a pool which is then added to his LAN interface as we'd all expect. The catch is that his WAN interface is getting an IPv6 address from that same pool.
Is this a behavior within the IPv6 DHCP client that is likely not correct? Is the providers DHCPv6/DHCPv6-PD server setup incorrectly? Am I just being stupid?
If we could get a packet capture or some more detailed logging turned on we could probably verify what is going on in more depth.
I run w/address and prefix in my IPv6 DHCP client. I also request a /56 with prefix-hint. Everything works swell. I like having a GUA address on my WAN interface but like you said it's not required.
The thing that is a little odd to me after re-reading the thread is that rflovato is using both address and prefix in his IPv6 DHCP client statement. The router appears to be getting the /64 delegated to it and added to a pool which is then added to his LAN interface as we'd all expect. The catch is that his WAN interface is getting an IPv6 address from that same pool.
Is this a behavior within the IPv6 DHCP client that is likely not correct? Is the providers DHCPv6/DHCPv6-PD server setup incorrectly? Am I just being stupid?
If we could get a packet capture or some more detailed logging turned on we could probably verify what is going on in more depth.
Re: Problem to advertise ISP IPv6
Zerobyte and idlemind, I've already tried without getting addr on my wan interface selecting only advertise and the effect is the same. I think the problem is because my provider offers only one /64 subnet and I'm trying to routing the same subnet. I'm right? :/
I'm very newbie in IPv6 and I thanks your help!
See my config now:
I'm getting ipv6, but not routing to Internet again.
My OS X:
Mikrotik:
I'm very newbie in IPv6 and I thanks your help!
See my config now:
Code: Select all
/interface bridge
add name=LAN
/interface ethernet
set [ find default-name=ether6 ] name=ether6-master
set [ find default-name=ether7 ] master-port=ether6-master
set [ find default-name=ether8 ] master-port=ether6-master
set [ find default-name=ether9 ] master-port=ether6-master
set [ find default-name=ether10 ] master-port=ether6-master
/ip pool
add name=Poolv4-LAN ranges=172.20.254.100-172.20.254.200
/ip dhcp-server
add address-pool=Poolv4-LAN disabled=no interface=LAN name=dhcp-LAN
/interface bridge port
add bridge=LAN interface=ether6-master
add bridge=LAN interface=ether2
/ip address
add address=172.20.254.1/24 interface=LAN network=172.20.254.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=172.20.254.0/24 dns-server=172.20.254.1 gateway=172.20.254.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ipv6 address
add from-pool=Copel interface=LAN
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=Copel request=prefix use-peer-dns=no
/ipv6 nd
set [ find default=yes ] hop-limit=64
/system clock
set time-zone-name=America/Sao_Paulo
My OS X:
Code: Select all
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 28:cf:e9:51:6b:83
inet6 fe80::10f6:449d:486c:365%en0 prefixlen 64 secured scopeid 0x4
inet6 2001:1284:f00d:7bbc:1494:b030:674c:6c67 prefixlen 64 autoconf secured
inet6 2001:1284:f00d:7bbc:69e0:9c0c:dd39:82dd prefixlen 64 autoconf temporary
inet 172.20.254.197 netmask 0xffffff00 broadcast 172.20.254.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
Code: Select all
Internet6:
Destination Gateway Flags Netif Expire
default fe80::6e3b:6bff:fefd:7ebc%en0 UGc en0
default fe80::%utun0 UGcI utun0
::1 ::1 UHL lo0
2001:1284:f00d:7bbc::/64 link#4 UC en0
2001:1284:f00d:7bbc:1494:b030:674c:6c67 28:cf:e9:51:6b:83 UHL lo0
2001:1284:f00d:7bbc:69e0:9c0c:dd39:82dd 28:cf:e9:51:6b:83 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en0/64 link#4 UCI en0
fe80::10f6:449d:486c:365%en0 28:cf:e9:51:6b:83 UHLI lo0
fe80::6e3b:6bff:fefd:7ebc%en0 6c:3b:6b:fd:7e:bc UHLWIir en0
fe80::a03e:ec4:99e6:f46e%en0 0:c:29:71:ec:db UHLWI en0
fe80::%awdl0/64 link#7 UCI awdl0
fe80::28d0:c9ff:fe08:6fe1%awdl0 2a:d0:c9:8:6f:e1 UHLI lo0
fe80::%utun0/64 fe80::930e:2573:1275:7453%utun0 UcI utun0
fe80::930e:2573:1275:7453%utun0 link#9 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en0/32 link#4 UmCI en0
ff01::%awdl0/32 link#7 UmCI awdl0
ff01::%utun0/32 fe80::930e:2573:1275:7453%utun0 UmCI utun0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en0/32 link#4 UmCI en0
ff02::%awdl0/32 link#7 UmCI awdl0
ff02::%utun0/32 fe80::930e:2573:1275:7453%utun0 UmCI utun0
Code: Select all
[admin@MikroTik] /ipv6 nd> print
Flags: X - disabled, I - invalid, * - default
0 * interface=all ra-interval=3m20s-10m ra-delay=3s mtu=unspecified reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m hop-limit=64
advertise-mac-address=yes advertise-dns=no managed-address-configuration=no other-configuration=no
Code: Select all
[admin@MikroTik] /ipv6> neighbor print
Flags: R - router
0 R address=fe80::1 interface=ether1 mac-address=C8:8D:83:70:D1:EA status="stale"
1 address=fe80::10f6:449d:486c:365 interface=LAN mac-address=28:CF:E9:51:6B:83 status="stale"
Code: Select all
[admin@MikroTik] /ipv6 route> print terse
0 ADS dst-address=::/0 gateway=fe80::1%ether1 gateway-status=fe80::1%ether1 reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=2001:1284:f00d:7bbc::/64 gateway=LAN gateway-status=LAN reachable distance=0 scope=10
2 DSU dst-address=2001:1284:f00d:7bbc::/64 type=unreachable distance=1
Code: Select all
[admin@MikroTik] /ipv6 dhcp-client> print terse
0 interface=ether1 status=bound duid=0x000300016c3b6bfd7eb6 dhcp-server-v6=fe80::1 request=prefix add-default-route=yes use-peer-dns=no pool-name=Copel pool
-prefix-length=64 prefix-hint=::/0 prefix=2001:1284:f00d:7bbc::/64, 18h27m58s
Code: Select all
[admin@MikroTik] /ipv6 address> print terse
0 DL address=fe80::6e3b:6bff:fefd:7ebc/64 from-pool="" interface=LAN actual-interface=LAN eui-64=no advertise=no no-dad=no
1 DL address=fe80::6e3b:6bff:fefd:7eb6/64 from-pool="" interface=ether1 actual-interface=ether1 eui-64=no advertise=no no-dad=no
2 G address=2001:1284:f00d:7bbc::1/64 from-pool=Copel interface=LAN actual-interface=LAN eui-64=no advertise=yes no-dad=no
Code: Select all
$ traceroute6 www.google.com
traceroute6 to www.google.com (2800:3f0:4001:816::2004) from 2001:1284:f00d:7bbc:69e0:9c0c:dd39:82dd, 64 hops max, 12 byte packets
1 2001:1284:f00d:7bbc::1 1.549 ms 0.949 ms 0.823 ms
2 *
Re: Problem to advertise ISP IPv6
Did you try changing it to address and prefix in the DHCPv6 client? If not change it and repost:
ipv6 dhcp-client print detail
ipv6 pool print
ipv6 route print
It looks like the /64 you are getting from your ISP being used on ether1 (wan) and you are trying to use the same prefix on LAN as well. This would explain why your router (via ether1) has connectivity (ping, traceroute) to other v6 and not your LAN.
Code: Select all
[admin@MikroTik] > ipv6 dhcp-client print detail
Flags: D - dynamic, X - disabled, I - invalid
0 interface=ether1 status=bound duid="0x000300016c3b6bfd7eb6" dhcp-server-v6=fe80::1 request=prefix add-default-route=yes use-peer-dns=no
pool-name="Copel" pool-prefix-length=64 prefix-hint=::/0 prefix=2001:1284:f00d:7bbc::/64, 18h3m54s
Code: Select all
[admin@MikroTik] > ipv6 pool print
Flags: D - dynamic
# NAME PREFIX PREFIX-LENGTH EXPIRES-AFTER
0 D Copel 2001:1284:f00d:7bbc::/64 64 18h3m31s
Code: Select all
[admin@MikroTik] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 ADS ::/0 fe80::1%ether1 1
1 ADC 2001:1284:f00d:7bbc::/64 LAN 0
2 DSU 2001:1284:f00d:7bbc::/64 1
Re: Problem to advertise ISP IPv6
rflovato, Thanks for posting all the detailed configurations and show commands! It really helps. Running a traceroute from my v6 I pass through Hurricane Electric into Núcleo de Inf. e Coord. do Ponto BR and then into Copel. I only get 1 hop into Copel, 2001:1284:ffff::92:106:1.
I think the configuration you have should work just fine, requesting just a prefix and using link-local on the WAN side. At this point I am guessing there is something with how your Service Provider has IPv6 configured at the moment. This isn't uncommon and hopefully something they are willing to work with you on. It sounds like the route for the issued prefix isn't passing around their IGP correctly to route over link local back to you.
A last ditch effort. Have you tried requesting more than a /64?
I think the configuration you have should work just fine, requesting just a prefix and using link-local on the WAN side. At this point I am guessing there is something with how your Service Provider has IPv6 configured at the moment. This isn't uncommon and hopefully something they are willing to work with you on. It sounds like the route for the issued prefix isn't passing around their IGP correctly to route over link local back to you.
A last ditch effort. Have you tried requesting more than a /64?
Code: Select all
ipv6 dhcp-client set 0 prefix-hint=::/60Re: Problem to advertise ISP IPv6
I also think that is the way my ISP works with IPv6 and this is frustrating.
I set ipv6 dhcp-client to prefix hint ::/60 and still not working.
Thanks for your help.
I set ipv6 dhcp-client to prefix hint ::/60 and still not working.
Thanks for your help.
Re: Problem to advertise ISP IPv6
No worries, I'd engage with the ISP and see if they can help you get it resolved. I know it wouldn't be the first time I've talked to an ISP and they've found an issue in their IGP or some other component. Some ISPs are learning right along with us.
Let us know how it goes.
In the meantime I'd encourage you to grab a tunnel from a tunnel broker like Hurricane Electric. This will give you IPv6 access and if necessary you can segment off onto a VLAN that is only used for testing / playing so it doesn't mess up with any geographical blocking for streaming services and what not. While you have the tunnel you can get more comfortable with IPv6 and how it works.
Good luck!
Let us know how it goes.
In the meantime I'd encourage you to grab a tunnel from a tunnel broker like Hurricane Electric. This will give you IPv6 access and if necessary you can segment off onto a VLAN that is only used for testing / playing so it doesn't mess up with any geographical blocking for streaming services and what not. While you have the tunnel you can get more comfortable with IPv6 and how it works.
Good luck!
Re: Problem to advertise ISP IPv6
When you just receive the prefix - all the traffic to that prefix will go to your device that acquired the prefix. This route ensures that while you have not assigned address from the prefix in your network it properly responds that network is unavailable (as per flags at the route, specifically U flag)@idlemind:
> ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADS dst-address=::/0 gateway=fe80::1%ether1 gateway-status=fe80::1%ether1 reachable distance=1 scope=30 target-scope=10
1 ADC dst-address=2001:1284:f00d:7bbc::/64 gateway=ether1,LAN gateway-status=ether1 reachable,LAN reachable distance=0 scope=10
2 DSU dst-address=2001:1284:f00d:7bbc::/64 type=unreachable distance=1
I don't know why duplicated route and one of then is unreachable. Router OS has placed these routes automatically.
Regards,
Re: Problem to advertise ISP IPv6
hi, I understood that. I think my problem is because I receive from my ISP a /64 network and I cannot use the same prefix to my subnet and route that to Internet. I'm newbie in IPv6, but each day this is obviously to me or my comment is wrong?When you just receive the prefix - all the traffic to that prefix will go to your device that acquired the prefix. This route ensures that while you have not assigned address from the prefix in your network it properly responds that network is unavailable (as per flags at the route, specifically U flag)
Re: Problem to advertise ISP IPv6
ISPs who give only a single /64 network to their clients are a bit clueless, but it would work when you can
put that /64 on the LAN and use a local address on the link to the provider.
When they don't allow that either, that basically means you can't use a router.
Ask them to give you a /60 or more... I get a /48 from my provider.
put that /64 on the LAN and use a local address on the link to the provider.
When they don't allow that either, that basically means you can't use a router.
Ask them to give you a /60 or more... I get a /48 from my provider.
Re: Problem to advertise ISP IPv6
When I first learned that my ISP (Comcast) offers native IPv6, I configured my router with it, and by default, Comcast only gives a single /64.
(I later learned that you can use prefix-hint to obtain a /60 but that's another story)
With a single /64, it works just fine. You apply this /64 prefix to the LAN interface. The router does not need any public IPv6 address on the WAN interface at all.
When the router only has a single /64 public interface, it will use that interface's address to interact with the world just fine. The WAN interface is more than happy operating with just a link-local interface, since its only function is forwarding packets to/from your LAN. In IPv6, devices only need public routable addresses if they communicate directly with the world.
I'll go read your config now to see if anything jumps off the page at me....
(I later learned that you can use prefix-hint to obtain a /60 but that's another story)
With a single /64, it works just fine. You apply this /64 prefix to the LAN interface. The router does not need any public IPv6 address on the WAN interface at all.
When the router only has a single /64 public interface, it will use that interface's address to interact with the world just fine. The WAN interface is more than happy operating with just a link-local interface, since its only function is forwarding packets to/from your LAN. In IPv6, devices only need public routable addresses if they communicate directly with the world.
I'll go read your config now to see if anything jumps off the page at me....
-
-
awesomefishguy
just joined
- Posts: 22
- Joined:
Re: Problem to advertise ISP IPv6
Hi Guys...
In need of help.... I'm going to throw my laptop!!!
My Provider has given me a /48 address
2b02:29a0:8004/48 (Changed for security)
I have added this to ether12 ::2 , set a route to the default gateway ::1 via ether 12. ---> I can ping WWW no problem....
However, I have many Mikrotik Routers across my network. Many CCRs acting as PPPOE servers, using OSPF. Anyway... If i set the following on say VLAN Interface between the two routers (2b02:29a0:8004:3::8/64 & 2b02:29a0:8004:3::9/64) I can ping each other. But i cannot ping the outside world. Why can't they ping the world! I have turned off the firewall to test!
I have also set some of the clients on the main router to obtain IPv6 via PPPOE, the clients routers grabs it no problem. Set up a basic DHCP Client and Server. But I cannot get their devices to route properly, but I can sometimes get the clients router to PING the outside world.
Could someone please advise me on what i'm doing wrong.... FYI, I don't have much confidence in my providers setup. As they told me they have only 3 customers with IPv6!!!!!
Thanks Guys....
In need of help.... I'm going to throw my laptop!!!
My Provider has given me a /48 address
2b02:29a0:8004/48 (Changed for security)
I have added this to ether12 ::2 , set a route to the default gateway ::1 via ether 12. ---> I can ping WWW no problem....
However, I have many Mikrotik Routers across my network. Many CCRs acting as PPPOE servers, using OSPF. Anyway... If i set the following on say VLAN Interface between the two routers (2b02:29a0:8004:3::8/64 & 2b02:29a0:8004:3::9/64) I can ping each other. But i cannot ping the outside world. Why can't they ping the world! I have turned off the firewall to test!
I have also set some of the clients on the main router to obtain IPv6 via PPPOE, the clients routers grabs it no problem. Set up a basic DHCP Client and Server. But I cannot get their devices to route properly, but I can sometimes get the clients router to PING the outside world.
Could someone please advise me on what i'm doing wrong.... FYI, I don't have much confidence in my providers setup. As they told me they have only 3 customers with IPv6!!!!!
Thanks Guys....
Re: Problem to advertise ISP IPv6
You should not set the /48 address on your local ethernet interface, but only a /64 out of it. (you could just change the /48 to /64).My Provider has given me a /48 address
2b02:29a0:8004/48 (Changed for security)
I have added this to ether12 ::2 , set a route to the default gateway ::1 via ether 12. ---> I can ping WWW no problem....
Then, you can use the 65535 other subnets you got on other interfaces.
2b02:29a0:8004:1::/64 2b02:29a0:8004:2::/64 etc
Of course you need the routes in the route tables of all your own routers pointing the right way... on leaf nodes this can be only
a default route but at least on your central router you need routes for the /64s you assigned on the leaf nodes to point to the right place.
-
-
awesomefishguy
just joined
- Posts: 22
- Joined:
Re: Problem to advertise ISP IPv6
Thanks for tip. i've got that sorted.
I was kinda hoping for OSPF to take over the route side of things. Lots of routers connected and crossing each other.
In short, I've put an IPV6 address on each interface that connects say three routers
A --> B --> C
3::9 --> 3::8 / 4::8 --> 4::10
A can to talk to B and B can talk to C, but C can't talk to A!!
I switched on OSPF, NBMA, set each neighbor. Instances set to TYPE1 (If Installed) But they refuse to negotiate any routes of LSA....
Any tips... I 've created Loopbacks and put ADMIN MACS in. All routers are upto date.
Does it matter some links are on VLANS??
Be really greatful for any advice.
I was kinda hoping for OSPF to take over the route side of things. Lots of routers connected and crossing each other.
In short, I've put an IPV6 address on each interface that connects say three routers
A --> B --> C
3::9 --> 3::8 / 4::8 --> 4::10
A can to talk to B and B can talk to C, but C can't talk to A!!
I switched on OSPF, NBMA, set each neighbor. Instances set to TYPE1 (If Installed) But they refuse to negotiate any routes of LSA....
Any tips... I 've created Loopbacks and put ADMIN MACS in. All routers are upto date.
Does it matter some links are on VLANS??
Be really greatful for any advice.
Who is online
Users browsing this forum: Amazon [Bot], Bing [Bot], gigabyte091, majestic, rootbodnar and 223 guests