Community discussions

MikroTik App
 
User avatar
Anastasia
newbie
Topic Author
Posts: 45
Joined: Wed Oct 28, 2015 7:12 pm

Getting IPv6 only through SLAAC (without DHCP)

Sat Mar 16, 2019 9:47 pm

My ISP provide IPv6 addresses only through SLAAC (without DHCP).

Does Mikrotik support getting an address and prefix only via SLAAC or not?

If support exist - how to set up address searching without DHCP?
Please give me any instructions, I can't found nothing useful. :(
 
nostromog
Member Candidate
Member Candidate
Posts: 207
Joined: Wed Jul 18, 2018 3:39 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Sat Mar 16, 2019 11:35 pm

My provider gives a /56 per client, using prefix delegation.

All I had to do is to add a
ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=mypool request=prefix
to get the /56. If it does not work with your provider, try "request=address"

After you get a prefix you can get your own address as:
/ipv6 address
add address=::1 from-pool=mypool interface=bridge
and by default it will advertise the prefix, so any SLAAC capable device in the network will get another address or permanent/temporary addresses from the same /64

Even if you use the dhcp-client, it is doing prefix delegation + SLAAC, not stateful DHCP.
 
User avatar
Anastasia
newbie
Topic Author
Posts: 45
Joined: Wed Oct 28, 2015 7:12 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Sun Mar 17, 2019 4:10 pm

My provider gives a /56 per client, using prefix delegation.

All I had to do is to add a
ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=mypool request=prefix
to get the /56. If it does not work with your provider, try "request=address"

After you get a prefix you can get your own address as:
/ipv6 address
add address=::1 from-pool=mypool interface=bridge
and by default it will advertise the prefix, so any SLAAC capable device in the network will get another address or permanent/temporary addresses from the same /64

Even if you use the dhcp-client, it is doing prefix delegation + SLAAC, not stateful DHCP.

It's not working. I tried every possible setting. "ipv6 dhcp-client" menu does not work at all, because there is no DHCP.
I don't see IPv6 address, but I can ping IPv6 address.
I don't know how to set it right.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Sun Mar 17, 2019 4:30 pm

There's nothing to support, SLAAC doesn't provide prefixes. If you want your own prefix (which is a sensible thing), you need to convince ISP to rethink their IPv6 strategy.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
idlemind
Forum Guru
Forum Guru
Posts: 1148
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Getting IPv6 only through SLAAC (without DHCP)

Sun Mar 17, 2019 10:25 pm

If the ISP uses SLAAC on the point to point link between you and them then there is a setting that allows the router to get an address that way. I believe it is global though. Makes your device behave like a client as in IPv6 those are the devices that should react to other routers RAs.

They "should" give you a usable prefix some other way like DHCPv6 prefix delegation. They may do SLAAC and DHCPv6 PD but that would be an odd combination at least here in the US.
 
nostromog
Member Candidate
Member Candidate
Posts: 207
Joined: Wed Jul 18, 2018 3:39 pm

Re: Getting IPv6 only through SLAAC (without DHCP)  [SOLVED]

Mon Mar 18, 2019 8:24 am

If the ISP uses SLAAC on the point to point link between you and them then there is a setting that allows the router to get an address that way. I believe it is global though. Makes your device behave like a client as in IPv6 those are the devices that should react to other routers RAs.

They "should" give you a usable prefix some other way like DHCPv6 prefix delegation. They may do SLAAC and DHCPv6 PD but that would be an odd combination at least here in the US.
It is probably
/ipv6 settings print 
                       forward: yes
              accept-redirects: yes-if-forwarding-disabled
  accept-router-advertisements: yes-if-forwarding-disabled
          max-neighbor-entries: 8192
The third one: change it to /ipv6 settings set accept-router-advertisements=yes. I guess then your router will accept the router advertisement from your gateway and get SLAAC to work. It will get you a /64, which I hope you can advertise again. You will have address(es) for one network segment. I have never tried it, though.
 
Renfrew
just joined
Posts: 4
Joined: Wed Sep 09, 2015 6:01 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Mon Mar 18, 2019 8:41 am

There is one further issue. The DHCPv6 client needs to be able to receive UDP packets on Port 546 through the relevant interface, and your firewall configured as necessary.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Mon Mar 18, 2019 2:50 pm

It will get you a /64, which I hope you can advertise again.
Not really. It will only allow router to configure address based on RA. But that's it, only one address (*), no prefix. It's not a RouterOS bug or missing feature, SLAAC simply doesn't provide prefixes by design.

(*) "Speciality" of current RouterOS is that you won't see the address anywhere in user interface.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
User avatar
Anastasia
newbie
Topic Author
Posts: 45
Joined: Wed Oct 28, 2015 7:12 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Fri Mar 22, 2019 7:37 pm

My ISP refused to support DHCP. I can't use IPv6 yet. I do not want to tune everything by hand without automatic. Addresses change constantly and I need to constantly change the settings, it is not convenient. I'll wait until the ISP turns on DHCP support for IPv6, it will probably be in a couple of years.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Fri Mar 22, 2019 10:09 pm

The problem is not lack of dhcp (personally I prefer manual static config, because unlike with dhcp, it's not so easy to change anytime ISP feels like it, so it's really static), but the lack of your own prefix. That's how it's supposed to work, connect router to ISP, get a prefix and have own separate subnet(s) behind your router. If you can get addresses only using SLAAC, there's no place for your router and your whole subnet is accessible for ISP. It's possible to solve that by using router with ND proxy (RouterOS doesn't have that) or perhaps something can be done with bridge and filters (I didn't test it with IPv6, only with IPv4 in the past), but it's still not good enough.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
Kurosudo
just joined
Posts: 21
Joined: Wed Aug 01, 2018 1:21 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Fri Mar 22, 2019 10:35 pm

Did you tried enable router advertisements?
/ipv6 settings set accept-router-advertisements=yes
 
User avatar
Anastasia
newbie
Topic Author
Posts: 45
Joined: Wed Oct 28, 2015 7:12 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Sun Mar 31, 2019 7:06 pm

Did you tried enable router advertisements?
/ipv6 settings set accept-router-advertisements=yes
yes, enable.
The problem is not lack of dhcp (personally I prefer manual static config, because unlike with dhcp, it's not so easy to change anytime ISP feels like it, so it's really static), but the lack of your own prefix. That's how it's supposed to work, connect router to ISP, get a prefix and have own separate subnet(s) behind your router. If you can get addresses only using SLAAC, there's no place for your router and your whole subnet is accessible for ISP. It's possible to solve that by using router with ND proxy (RouterOS doesn't have that) or perhaps something can be done with bridge and filters (I didn't test it with IPv6, only with IPv4 in the past), but it's still not good enough.
now I had to use manual settings. automatic settings do not work because your ISP does not support DHCP.
The problem is solved. but the solution is very inconvenient. you need to adjust your hands.
 
sindy
Forum Guru
Forum Guru
Posts: 6899
Joined: Mon Dec 04, 2017 9:19 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Sun Jul 12, 2020 11:31 pm

The problem is not lack of dhcp (personally I prefer manual static config, because unlike with dhcp, it's not so easy to change anytime ISP feels like it, so it's really static), but the lack of your own prefix. That's how it's supposed to work, connect router to ISP, get a prefix and have own separate subnet(s) behind your router. If you can get addresses only using SLAAC, there's no place for your router and your whole subnet is accessible for ISP. It's possible to solve that by using router with ND proxy (RouterOS doesn't have that) or perhaps something can be done with bridge and filters (I didn't test it with IPv6, only with IPv4 in the past), but it's still not good enough.
...
The problem is solved. but the solution is very inconvenient. you need to adjust your hands.
I do realize that it's more than a year after this was a hot topic, but as I got here googling while dealing with the same subject: it obviously depends on how the ISP has implemented it at their side, but normally SLAAC assumes that the prefix advertised by the upstream router is a /64 one, so the ISP should be able to send traffic for the whole /48 (or maybe just /56 depending on what they actually give out to customers) down this line to any neighbor which advertises itself as a router within that /64 (assuming there will be only one such neighbor). If this is the case, there is a way to learn the prefix and use it to update the configuration using a periodically scheduled script.

The script first determines the link local address of the ISP's router using /ipv6 neighbor get [find router interface=wan] address and updates the IPv6 default route with that address if it differs from the currently configured one. Then, it pings any public IPv6 address (it is even not necessary that it respons), and lets a rule in /ipv6 firewall mangle capture the source address of the ping echo request to an address-list:
action=add-src-to-address-list address-list=myIpv6Addr address-list-timeout=10s chain=output out-interface=etherX-WAN src-address=2000::/3. What makes this method possible is that the router prefers the global address assigned to the output interface if it is available.

Then, the script cuts the prefix of a required length from the captured address, and uses it as a base to update the /ipv6 pool row (or multiple rows) with possibly longer prefixes. As the prefix may change, the global addresses assigned to router's own interfaces must be configured using the from-pool parameter; to change the prefix of the /ipv6 pool row(s), it is necessary to disable those addresses and re-enable them after the change. The same may be required for DHCP servers using those pools to delegate prefixes to other routers within your internal network.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Mon Jul 13, 2020 10:20 pm

I'm slightly confused, did you just invent your own non-standard way for assigning prefixes? Not that it couldn't work if both ISP and client agreed on it, but it looks like reinventing the wheel. And critics say that IPv6 is already complicated enough. ;)
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
sindy
Forum Guru
Forum Guru
Posts: 6899
Joined: Mon Dec 04, 2017 9:19 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Mon Jul 13, 2020 10:39 pm

I hesitate to call workarounds inventions. The subject of the OP was that the ISP requests the client to use SLAAC and doesn't support DHCP, and the last update stated that it works the suggested way but the configuration needs to be updated manually whenever the assigned IPv6 prefix changes. This means to me that there is something else connected to the router on IPv6, as otherwise there would be no need to update any configuration (if everything was bridged with WAN, everything would be using SLAAC in the single /64).

So my workaround just covers the part of finding out the complete address generated by SLAAC (which ROS hides from the administrator) and using its prefix.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Sob
Forum Guru
Forum Guru
Posts: 6517
Joined: Mon Apr 20, 2009 9:11 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Mon Jul 13, 2020 11:17 pm

I don't remember if I initially missed OP's last response, but it doesn't make much sense. If ISP has router with SLAAC, then all you get is one directly connected /64. If you connect router's WAN there, then you have nothing to assign to LAN behind it. Not without ND proxy. It could work with something like you described, but I'm not aware of any such standard, so what would ISP configure anything like that when no standard router would support it? I know, people do crazy things, but it's still weird.
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
linGeRvanTAt
just joined
Posts: 4
Joined: Sun Feb 21, 2021 2:31 pm

Re: Getting IPv6 only through SLAAC (without DHCP)

Tue Feb 23, 2021 11:02 am

A bit late but just my experience:
it doesn't make much sense
You are right about WAN/LAN and the then required DHCPv6 prefix delegation. However, just to add another scenario for SLAAC-only, because my ISP behaves the same way: I am the ISP. I want to access my MikroTik (which is configured with the QuickSet ‘WISP AP’ / bridge) via IPv6 ULA. My network does not have a stateful DHCPv6 server because I do not have a static but a dynamic IPv6 prefix. And finally, my MikroTik bridge, which does not do any routing, does not need a whole prefix delegated. Consequently, I went for nostromog‘s trick. Thanks!

Who is online

Users browsing this forum: Baidu [Spider], hpet, mkx and 125 guests