in the current stable version (and probably also in v7.1beta) RouterOS is missing some rather important IPv6 features. I’m trying to keep track of the missing features here, in hopes that the might be resolved in the near future.
IPv6 prefix pools do not allow static assignment
When using dynamic prefixes with DHCPv6-PD, prefixes can be assigned to interfaces using the “/ ipv6 pool” configuration. However, this assignment is not configurable at all, RouterOS assignes a random subnet of the given prefix. To allow dynamic-dns services to work well, a prefix-id has to be configurable per interface. For example:
Code: Select all
2001:db8:1234:5600::/56 (assigned by ISP via dhcp)
64 bit prefix-length (so /64 subnets are assigned to interfaces)
=> bits 57-64 of the address should be static and user-selectable
IPv6 address-based firewall using netmask
To do address-based firewalling with dynamic prefixes, it is necessary to create firewall rules which ignore the prefix and only match the suffix.
In linux iptables it is possible to create rules with a mask. For example:
Code: Select all
::3456:789a:bcde:f012/::ffff:ffff:ffff:ffff
As RouterOS is based on linux and its firewall capabilites, this feature probably only requires adjusted format validation for IPv6 rules in the RouterOS configuration.
System package updates via IPv6
When trying to update the system packages on an IPv6-only network, the updater complains about “no internet connection”, even with DNS64/NAT64 available. The package update process probably only resolves IPv4 domain names. This problem was already reported multiple times and I’m not the only one having this issue. [1]
Bandwidth test only resolves A records
This issue might be related to the last one: “/ tool bandwidth-test” only resolves the IPv4 A records when a domain-name is given as target. IPv6-only targets (only AAAA record) result in “invalid value for argument ip/address”. The bandwidth-test does seem to support IPv6 literals without an issue (even link local addresses), so this is only an issue with domain name resolution. “/ tool speed-test” has the same issue.
Addresses assigned via SLAAC are not visible anywhere
IPv6 addresses assigned to a RouterOS device via SLAAC are not visible anywhere. “/ ipv6 address print” only lists Link-Local addresses in this case, while the device is properly reachable via the global address assigned via SLAAC. The default route isn’t visible either.
Update: Since RouterOS 7.3 addresses are displayed. However, routes are still missing.
RDNSS not supported
RouterOS is unable to use dns resolvers announced via the RDNSS option of router advertisements (see RFC8106).
All of these missing features make RouterOS pretty much unusable for all modern setups, so I hope they can be fixed soon.
Best regards,
Fabian
[1] https://twitter.com/NicoSchottelius/sta ... 8499807232