Community discussions

MikroTik App
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

IPv6 on second VLAN

Sun Feb 03, 2019 12:47 pm

Hello,

I have got IPv6 from my ISP and assigned it to my main VLAN bridge, but it's not working on another VLANs. How can I do that?
My working config:
/ipv6 address
add address=::1 from-pool=general-pool6 interface=bridge_vlan10
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=general-pool6 request=address,prefix
/ipv6 nd
add hop-limit=64 interface=bridge_vlan10 ra-interval=20s-1m
This is what I tried for second VLAN, it didn't work:
/ipv6 nd
add hop-limit=64 interface=bridge_vlan20 ra-interval=20s-1m
/ipv6 nd prefix
add interface=bridge_vlan20 prefix=2a02:768:8e13:d36::/64
/ipv6 route
add distance=0 dst-address=2a02:768:8e13:d36::/64 gateway=bridge_vlan20 scope=10
I think I just (somehow) need to point two VLANs to one pool. But how?
 
User avatar
mozerd
Member
Member
Posts: 408
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IPv6 on second VLAN

Sun Feb 03, 2019 1:35 pm

Following is my config for ipv6 based on my ISP proving me with a prefix /56
/ipv6 address add from-pool=rogers-ipv6 interface=vlan10
/ipv6 address add from-pool=rogers-ipv6 interface=vlan20
/ipv6 address add from-pool=rogers-ipv6 interface=vlan40
/ipv6 dhcp-client add add-default-route=yes comment="delgate ISP-assigned prefix" interface=ether1 pool-name=rogers-ipv6 prefix-hint=::/56 request=address,prefix
/ipv6 nd set [ find default=yes ] advertise-dns=yes interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan10 reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan20 reachable-time=5m
/ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan40 reachable-time=5m
/ipv6 nd prefix default set preferred-lifetime=4h valid-lifetime=4h
/ipv6 settings set accept-router-advertisements=yes
Perhaps my code can help you …. change the relevant parts to match what your ISP provides you ….. so the important parts are the PREFIX, POOL and WAN INTERFACE, and VLAN INTERFACE
Your Pool is general-pool6
Your Prefix ???? your ISP needs to provide you with a Prefix Assignment … for most people its /64
Your VLAN Interface interface=bridge_vlan10
Your WAN interface ether1
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 1:58 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?
 
User avatar
mozerd
Member
Member
Posts: 408
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IPv6 on second VLAN

Sun Feb 03, 2019 2:19 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?
I have no idea why.

Who is your ISP?

Can you please post your Config
/export hide-sensitive file=spixxyconfig terse
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 3:01 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?
Because your pool is a single /64 ... once it is assigned to bridge_vlan10, the pool is exhausted. If your ISP is able to provide you with a /56 or /60, then you will have enough address space to assign more IPv6 interfaces (/64's).
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 3:28 pm

Yeah, I thought it's because of this. But how can I assign only half of that pool? If I want to assign only /65, it says that I have to disable advertise. But then my devices won't get it's IP, right?

Or is there any other solution? I don't believe this is impossible
 
mkx
Forum Guru
Forum Guru
Posts: 4325
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 3:41 pm

The basic idea is to assign IP address with longer prefix as router's address on interface in a subnet ... ND should derive it's settings from there ...
/ipv6 address
add address=::1/72 from-pool=general-pool6 interface=bridge_vlan10
add address=::1/72 from-pool=general-pool6 interface=bridge_vlan20

Prefix length should generally be specified with IPv6 addresses, if it's not then /64 is taken as default.
BR,
Metod
 
User avatar
mozerd
Member
Member
Posts: 408
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IPv6 on second VLAN

Sun Feb 03, 2019 4:11 pm

My ISP Rogers dishes out multiple /64 plus other options like /56 although that may have changed recently. for a long time I was using /64 and assigning to each subnet or vlan.

With Ubiguiti Routers its very easy to do that utilizing a commands like:
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 host-address '::1'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 'no-dns'
set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 service 'slaac'
set interfaces ethernet eth0 dhcpv6-pd pd 2 prefix-length '64'
set interfaces ethernet eth0 dhcpv6-pd rapid-commit 'enable'
I do not believe that the same can be done using RouterOS …. I could not find the ability to add an index like PD 0, PD 1,PD 2 etc

First you you have to find out from your ISP if they would dish out multiple /64 and if YES then some RouterOS GURU needs to confirm how to convert the above code to RouterOS speak :-)
Ideally, check with your ISP if they will issue a /40 or /60 or /56 … many ISP are going with a /56 for their users --- some are only providing that for their business class users and if not some ISP will dole out multiple /64 :-)
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 4:35 pm

I would like to assign ::1/72, but terminal forces it to /64 and Winbox shows this error Image

My ISP is small Czech local which apparently gives me one /64.
And my idea is to force multiple interfaces to take IPs from this pool
 
tdw
Member
Member
Posts: 371
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 on second VLAN

Sun Feb 03, 2019 5:34 pm

SLAAC requires /64 as that is the size of an automatically generated address. It is possible to use smaller subnet sizes when using static addresses or DHCP, but AFAIK it is no longer recommended
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 5:36 pm

That error is because SLACC (IPv6 auto config) requires a /64, therefore the error.

If you run your own IPv6 DHCP server (or static addresses), you can set advertise=no and may be able to use the /72. Doing this requires settings in ND to advertise the Managed flag.

The basic config for not using SLACC and a LAN-based DHCPv6 server only would be like this:
/ipv6 address
add address=::1 advertise=no from-pool=comcast-ipv6 interface=ether2-lan
.. etc

/ipv6 dhcp-client
add add-default-route=yes comment="WAN Cable Modem" interface=ether1-gateway pool-name=comcast-ipv6 prefix-hint=::/60 request=address,prefix use-peer-dns=no

/ipv6 nd
add hop-limit=64 interface=ether2-lan managed-address-configuration=yes other-configuration=yes ra-interval=1m40s-5m

/ipv6 nd prefix
add autonomous=no interface=ether2-lan
Personally, I do not like SLACC. I want to see known addresses, not ever-changing random ones.
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 7:15 pm

Thank you, but I still cannot make it working :(

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough?

I have deleted all IPv6 related settings and started from scratch.
First step: set up DHCP client, it gets prefix and automatically creates pool.
Second: add address ::1/72
- it gets replaced by /64 and so I cannot add another.
 
User avatar
mozerd
Member
Member
Posts: 408
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IPv6 on second VLAN

Sun Feb 03, 2019 7:28 pm

Up until now most ISP’s that I am familure with will not provide a static ipv6 .... and if there are exceptions I am certainly not aware of those ISP.

So for the time being check with your isp and find out if they will allocate more than one /64 ... tell them that you run 2 subnets they may accomadete you.

You are at the mercy of your ISP in terms of which subnet(s) are assigned TO YOUR ISP MODEM. You cannot go and pick a subnet from your prefix delegation and assign it statically. The cable modem must do the assignment.
 
proximus
Member Candidate
Member Candidate
Posts: 113
Joined: Tue Oct 04, 2011 1:46 pm

Re: IPv6 on second VLAN

Sun Feb 03, 2019 7:35 pm

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough?
DHCPv6 server on another machine to provide host addresses. MT's DHCPv6 server does not do host addressing (wish it did!!!)

What I posted changes the flags in the Router Advertisement. That tells the hosts that they should request an IPv6 address via DHCP and not auto-configure.
--
I'm kind of doubting you can do what you want with a single /64 from a pool.
 
Spixxy
just joined
Topic Author
Posts: 17
Joined: Tue Sep 04, 2018 7:45 pm

Re: IPv6 on second VLAN

Thu Feb 07, 2019 10:13 am

Well, that's bad that simple things like VLANs relies on ISP.
Or maybe it's ok and I just don't understand it well :D
Anyway thank you very much!
 
mkx
Forum Guru
Forum Guru
Posts: 4325
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 on second VLAN

Thu Feb 07, 2019 12:21 pm

Well, that's bad that simple things like VLANs relies on ISP.

Your VLANs don't rely on ISP. What relies on ISPs is to offer you short enough IPv6 prefix (i.e. /63 or lower) so that you can allocate one /64 prefix to each of your VLANs.

BTW, it's not only VLANs, it also LAN subnets (in case you create physical subnets).
BR,
Metod
 
User avatar
mozerd
Member
Member
Posts: 408
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: IPv6 on second VLAN

Thu Feb 07, 2019 12:38 pm

Well, that's bad that simple things like VLANs relies on ISP.
Or maybe it's ok and I just don't understand it well :D
Anyway thank you very much!
99% of the general public do not have the ability to configure subnets [vlans are a form of subnets] ..... so most isp take the easy raod and jsut provide a /64. You should talk to you ISP and ask for an accommodation that would help you to accomplish your objective --- I'm sure others in your area are asking for same and the more people that ask the more are the chances they will comply --- .... My ISP originally only offered a /64 and also offered more than one /64 for those who knew how to index the address space THEN through a little [a lot of] coxing from its users a /56 was allowed .... one of these days [in a couple of years - maybe] they may dish out a statics and allow to have a dhcp6 server locally :-)
 
Sob
Forum Guru
Forum Guru
Posts: 5590
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPv6 on second VLAN

Thu Feb 07, 2019 3:46 pm

My ISP is small Czech local which apparently gives me one /64.
Did you try to ask them for bigger prefix? There could be some hope with small company. Maybe they are just new to this and /64 is their honest mistake without an ill intent. If they are open to discussion, there are enough even local resources about the subject, e.g. Cesnet seminars, articles on root.cz, etc. Like this one: pdf, video
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6667
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 on second VLAN

Thu Feb 07, 2019 4:24 pm

Indeed, the problem is often that the ISP is unfamiliar with IPv6.
The absolute minimum a home customer should get is a /60.
More considerate would be a /56.
I get a /48 on my home internet connection.
 
jonmansey
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sat Sep 18, 2004 3:43 am

Re: IPv6 on second VLAN

Mon Apr 22, 2019 6:45 am

For me it was as simple as setting the DHCPv6 client prefix hint to ::/62 and the ISP (TWC) gave me a /56 instead of the standard /64. Then I was able to simply add multiple ::1/64 to each vlan, and it all worked automatically. I think I could have used any prefix hint less than 64 and it would have given me a /56.

Who is online

Users browsing this forum: fposavec, MarcDE and 52 guests