Community discussions

MikroTik App
 
fbl
just joined
Topic Author
Posts: 17
Joined: Fri Jul 20, 2018 5:39 pm

RouterOS is missing important IPv6 features

Mon Aug 16, 2021 12:29 pm

Hi,

in the current stable version (and probably also in v7.1beta) RouterOS is missing some rather important IPv6 features. I’m trying to keep track of the missing features here, in hopes that the might be resolved in the near future.

IPv6 prefix pools do not allow static assignment
When using dynamic prefixes with DHCPv6-PD, prefixes can be assigned to interfaces using the “/ ipv6 pool” configuration. However, this assignment is not configurable at all, RouterOS assignes a random subnet of the given prefix. To allow dynamic-dns services to work well, a prefix-id has to be configurable per interface. For example:
2001:db8:1234:5600::/56 (assigned by ISP via dhcp)
64 bit prefix-length (so /64 subnets are assigned to interfaces)
=> bits 57-64 of the address should be static and user-selectable

IPv6 address-based firewall using netmask
To do address-based firewalling with dynamic prefixes, it is necessary to create firewall rules which ignore the prefix and only match the suffix.
In linux iptables it is possible to create rules with a mask. For example:
::3456:789a:bcde:f012/::ffff:ffff:ffff:ffff
matches only the interface-identifier (the 64 least significant bits) of the given address.

As RouterOS is based on linux and its firewall capabilites, this feature probably only requires adjusted format validation for IPv6 rules in the RouterOS configuration.

System package updates via IPv6
When trying to update the system packages on an IPv6-only network, the updater complains about “no internet connection”, even with DNS64/NAT64 available. The package update process probably only resolves IPv4 domain names. This problem was already reported multiple times and I’m not the only one having this issue. [1]

Bandwidth test only resolves A records
This issue might be related to the last one: “/ tool bandwidth-test” only resolves the IPv4 A records when a domain-name is given as target. IPv6-only targets (only AAAA record) result in “invalid value for argument ip/address”. The bandwidth-test does seem to support IPv6 literals without an issue (even link local addresses), so this is only an issue with domain name resolution. “/ tool speed-test” has the same issue.

Addresses assigned via SLAAC are not visible anywhere
IPv6 addresses assigned to a RouterOS device via SLAAC are not visible anywhere. “/ ipv6 address print” only lists Link-Local addresses in this case, while the device is properly reachable via the global address assigned via SLAAC. The default route isn’t visible either.

Update: Since RouterOS 7.3 addresses are displayed. However, routes are still missing.

RDNSS not supported
RouterOS is unable to use dns resolvers announced via the RDNSS option of router advertisements (see RFC8106).

All of these missing features make RouterOS pretty much unusable for all modern setups, so I hope they can be fixed soon.

Best regards,
Fabian

[1] https://twitter.com/NicoSchottelius/sta ... 8499807232
Last edited by fbl on Wed Jun 08, 2022 9:06 pm, edited 1 time in total.
 
ihipop
just joined
Posts: 8
Joined: Tue Oct 05, 2021 6:36 pm

Re: RouterOS is missing important IPv6 features

Sun Nov 28, 2021 9:39 am

I‘ve posted a similar issue viewtopic.php?t=179161 with no reply

Who is online

Users browsing this forum: Maggiore81, mkx and 100 guests