Community discussions

MikroTik App
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

MT as IPv6 DHCP Server to non MT routers?

Fri Jun 30, 2017 7:02 pm

Should this work? I have our MT router setup as an IPv6 DHCP server and handing out prefixes that I own and route through BGP. If I use an MT router as a client everything works fine, but when using generic routers (I've tried a Linksys and a Netgear at this point) I cannot get this to work. In both cases the computer that connects to the generic router will get a valid IPv6 IP address with the prefix that I assigned, but does not get an IPv6 gateway and therefore is not routable.

These generic routers are so limited on diagnostics and configurations that I cannot really look at much to see whats going on. The only option really is manual or autosetup on these things. Has anyone gotten this work? Is it MT's lack of a full DHCPv6 server thats causing this perhaps?
You do not have the required permissions to view the files attached to this post.
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Mon Jul 03, 2017 6:23 pm

Has anyone gotten this to work? I just need to know if I'm doing something wrong or if I should give up this quest and delay it for the future.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Mon Jul 03, 2017 7:14 pm

I could be wrong about this, but it seems that default GW is not an option that goes into a DHCPv6-PD message.
For instance, ROS has a workaround where in the DHCPv6-PD client, you can check a checkbox to instruct the router to use the DHCP server as the default GW.

Apparently the paradigm for DHCPv6-PD is for the DHCP to hand out blocks of addresses and cause routing updates on the serving router's side, and the client router should use RA messages from the upstream routers in order to find the proper default GW. This is problematic for Mikrotik users because ROS does not listen to RA / does not support assigning interface addresses with SLAAC.

Make sure that your Mikrotik router is sending RA messages on whatever interface your client routers are connecting to - perhaps those vendors chose to use RA for default GW determination.

If you're sending RA on those interfaces (by the way, this is configured in IPv6 ND) then the next quick thing to try is to set the default GW manually on the routers to be the link-local address of the Mikrotik router's interface where they're connecting. If this works, then you need to find a sustainable dynamic way for the clients to learn default GW which the Mikrotik is capable of sending.

Currently, this list includes RA and dynamic routing protocols RIPng, OSPFv3, and BGP.
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Thu Jul 06, 2017 8:00 pm

I got it working! Well, at least on the netgear, but not on the linksys yet.

I think testing with MT first led me down the wrong path. I found out that for the Netgear to work I needed to add another IPV6 address from another subnet on my MT DHCP server router, on it's customer facing port. This allowed the Netgear to get a /64 address on it's WAN port and then use another /64 prefix on its lan port to give to my computers and it works.

Does this sound like a proper setup? I'm guessing that these store bought routers cannot route using link locals like the MT can.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Thu Jul 06, 2017 9:27 pm

Does this sound like a proper setup? I'm guessing that these store bought routers cannot route using link locals like the MT can.
I would suspect that this is very much the case for these consumer-grade devices. At this moment, IPv6 is too 'new' to truly say where the industry is going to settle into its groove. Having to put a /64 on each access circuit would annoy me, as we use a dedicated vlan for each customer, and burning an extra /64 in addition to each customer block would force me to re-think my entire allocation scheme. I wonder if it would work using "private" IPv6 blocks for the WAN links (i.e. randomly-chosen /48s from the fd00:/8 block on the WAN links to customers whose gear requires a routable WAN-side /64)

I'm a bit surprised that it requires a public block for the client router to learn the default GW address from RA messages. Perhaps you could sniff the link under both public and link-local-only scenarios to see if RAs are in fact being sent in both cases. It wouldn't shock me to learn that ROS isn't sending RAs on link-local-only interfaces by default. It also wouldn't shock me to learn that a Netgear won't accept an RA from a link-local-only interface....

(Guess I'm about to pull out GNS3 to see what's going on on the wire)
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Thu Jul 06, 2017 10:09 pm

Since I posted last, this configuration fixes both the netgear and the linksys routers. With nothing but a linklocal on my dhcp MT router they do not work. Per your suggestion I changed the customer facing router IP to fd00:a::/64 and it still works. So it doesn't appear to matter what IP is there as long as it's something.

Heres 2 screen shots of the netgear router, the one with link local only gets no wan ip, then when I add an IP facing that router, it matches it and all works.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Thu Jul 06, 2017 10:26 pm

It wouldn't shock me to learn that ROS isn't sending RAs on link-local-only interfaces by default.
I've never really thought about it much before, but it looks like there has to be some prefix, otherwise there will be no RAs:
21:18:32 radvd,debug skip Router Advertisement sending on bridge1: no prefixes to send
I will have to browse through some RFCs to find out where this requirements comes from.

Btw, I've already posted this link (pdf) in some other thread before and it's not exatly RFC or anything, but anyway:
Using a global /64 prefix for the WAN connection is the recommended choice.
Besides being a safe choice, using a /64 is sometimes required when there are more devices than the two endpoints on a WAN link (e.g. intermediary bridges or repeaters) that require management, or if there is the need for redundancy (e.g. VRRPv3 or multiple routers at the customer premises).
When choosing which /64 to use, the recommended option is to dedicate a separate pool of prefixes for the WAN links. While the addressing plan and administration might be easier when selecting the /64 from the prefix delegated to the customer, this is technically “stealing” because the customer’s CPE has been informed that whole prefix will be delegated to it, so it should not also be used on the WAN link unless it is known that all CPEs will support RFC6603 to negotiate this.
Using ULA addresses on the WAN link is very strongly discouraged.
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Thu Jul 06, 2017 10:39 pm

Even stranger. Once the 2 routers have linked up, I can delete the one IPv6 from the MT router and the Netgear continues to work just fine using what should be an invalid WAN IP at that point. Once I reboot the Netgear router though, it loses internet again.

I need a stiff drink! :D
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Fri Jul 07, 2017 12:18 am

Update: I've verified in GNS3 that RouterOS does not send RA advertisements unless there is a global-scope address (non-link-local) applied to the interface.
(I used ROS 6.38.5 as my testbed - if this has changed in more recent versions, I cannot say, but I am fairly certain it wouldn't be as my eyes go STRAIGHT to IPv6 features in every release notes list and don't recall seeing such a change)

I've also verified that Cisco will send RA messages on a link-local-only interface, so I would suppose that it is not a violation of RFC to do so.
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Fri Jul 07, 2017 12:37 am

Ok, well that makes sense based on what I'm seeing. I'm curious though, how does an MT as a client receive the PD when using link local? What's the difference? With my network a customer facing IP is very doable so I could use that as a solution if I had to. Seems like a waste of IP's, but I suppose I have to stop thinking about wasting IP's.

None the less I am past hurdle one! Thank you for the help on this!

Related question, you say you use a vlan to every customer. Do you keep your CPE's bridged? With IPv4 we have all the CPE's natted to protect the network and only bridge when customers request static IP's. Since none of my CPEs support prefix delegation yet as far as I can tell, my only option would be to bridge everyone and send IP's to their own routers which scares the crap out of me. Also, if customers are bridged and not getting IP's statically assigned how in the world would we track down an IP to a customer using IPv6? Sometimes the cops ask us for customer information during their investigations for various internet crimes.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Fri Jul 07, 2017 12:49 am

Even stranger. Once the 2 routers have linked up, I can delete the one IPv6 from the MT router and the Netgear continues to work just fine using what should be an invalid WAN IP at that point. Once I reboot the Netgear router though, it loses internet again.

I need a stiff drink! :D
That's because SLAAC works in some ways like DHCP does... Basically, if you delete a host's lease from a DHCP server, that host isn't going to suddenly stop working - it's going to continue using the information until the lease expires. There's a lifetime associated with the RA messages that SLAAC uses. Any host performing SLAAC will not bother checking the interface again until the lifetime has expired. If it hears a new RA from the same router with different info, then I'm pretty sure that the host will update its settings accordingly at that moment as well.

After a bit of reflection, I would warn against using any "private" IPv6 addresses on the WAN links if Netgears use RA on their WAN interfaces - because those routers will send/receive packets towards the Internet using their WAN interfaces (almost certainly) and thus if the user clicks the "update firmware automatically" button, and the Netgear tries to use IPv6 to do so, it will fail as the source address would be fdxx::/8 private space... (devices BEHIND the Netgear would have no such issue of course)

EDIT: As for the PD working for Mikrotik issue - notice that they have a checkbox in the IPv6 DHCP-PD Client configuration: "add default route"
This is a workaround added by Mikrotik, as I don't think there's any option in DHCPv6-PD that actually passes a default GW to the client. It's just expected that the client will also be listening for RA messages. So in a nutshell, the Mikrotik client just makes the assumption that whatever host (link-local address, BTW) sent the DHCP response, that host must be the default GW. Netgear apparently has no such behavior (unless it's there and you haven't noticed it yet).
 
jmay
Member
Member
Topic Author
Posts: 336
Joined: Tue Jun 23, 2009 8:26 pm

Re: MT as IPv6 DHCP Server to non MT routers?

Fri Jul 07, 2017 5:51 pm

That makes perfect sense about the dhcp lease. I'll likely just use routable IP's for this, I mean a /32 should be enough for me. :)Thanks again for your help.

Who is online

Users browsing this forum: aarntesla, Bing [Bot], gigabyte091, hanzaw and 56 guests