Page 1 of 1

IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Mar 12, 2012 4:33 pm
by dominicbatty
Hi, does anyone know if there is a plan to implement the "action=mark-routing" and "new-connection-mark=<routing mark> in IPv6, firewall, mangle rules.

Our IP services are served by multiple links so we round robin packets up the links to the ISP who provide us with native IPv6 addresses. It's just a bit of a shame that I cannot implement IPv6 at the moment without foregoing the resilience provided by our multiple links as I cannot get the traffic balanced without using routing marks. I'm not sure if the routing marks are not in there as there is an alternative way of doing this in IPv6 or if it had been missed/is in progress.

If I implement IPv6 for our networks and then users become used to it all working fine but without resilience then if and when a link fails I'll be left with them all moaning at me, I'd prefer just to do it once I can make it resilient and mark the routes.

Any help or advice would be greatly appreciated.

Thanks, Dominic.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu May 03, 2012 1:55 am
by dominicbatty
any news .... this is a really important feature that gives us increased bandwidth and resilience over our ADSL circuits, was it just missed from the IPv6 implementation, is it removed for good reason or is it planned to be done in the future.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Jun 06, 2012 3:30 pm
by liquidcz
Hi, im looking for the same solution. Any idea how can i do this?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Jun 06, 2012 3:52 pm
by dominicbatty
no real way to achieve this without this functionality. I'm going to use an L2TP tunnel over my IPv4 bonded link to tunnel my IPv6 in for the time being until this can be sorted.

It's a shame, was hoping to be live for World IPv6 day today but alas, no joy.

Dominic.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Jun 06, 2012 4:19 pm
by liquidcz
Bad news at IPv6 Launch date. :-(

I had to figure out how can i make IPV6 DUAL WAN Mikrotik router. :-(

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Jun 06, 2012 4:23 pm
by dominicbatty
I actually per packet round robin my IPv4 traffic up my three ADSL lines to Andrew and Arnold, equally they per packet round robin the data down to me in the same way. To achieve this I have to use mangle to mark each packet per block of 3 with router1, route2 and route3 then the routing table picks up the right packet and sends it up the correct line.

I think if you just wanted to do per connection balancing it will support that by just specifying two gateways in the routing configuration for IPv6 but I've never tested this.

Cheers, Dominic.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Jun 07, 2012 8:29 pm
by liquidcz
Hmm.. i had to figure it out by Mikrotik Metarouter for the second IPV6 connection. Not so clean solution, but it do what i need.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Sep 18, 2012 3:12 pm
by gr0mit
bump.
I'm also having issues with the lack of ipv6 routing mark. any ideas please?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Sep 18, 2012 3:46 pm
by dominicbatty
Hi gr0mit,

When I trialled this I setup an L2TP tunnel to A&A over IPv4 so the tunnel IPv4 traffic was marked and thus round robin balanced up multiple lines then I routed my IPv6 traffic through this L2TP tunnel hence by the nature of going through the tunnel operated the same way and was load balanced. Obviously there is some overhead for the tunnel etc.

It's all such a shame given A&A support IPv6 so effectively and we're all scratching around trying to find a way to make RouterOS do something it's always done. Anyone with resilience/bonded lines on IPv4 using this method basically has to accept they cannot move to native IPv6 without a load of hassle.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Sep 18, 2012 7:22 pm
by gr0mit
So when are Mikrotik going to realise that IPv6 is not just an awkward bolt-on, but a wholesale replacement for IPv4? Coz I can't mass deploy IPv6 on Mikrotik routers at the moment....

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Sep 18, 2012 7:26 pm
by dominicbatty
bump, same problem, bit rubbish!

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Sep 19, 2012 12:31 am
by bazzer
I asked about route marking for IPv6 over 2 years ago and still no sign of it. http://forum.mikrotik.com/viewtopic.php ... 40#p225402 Fobbed off then and still being fobbed off now.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 28, 2012 12:55 pm
by nest
I can't move any of our clients that are currently using bonded ADSL lines over to IPv6 for this very reason, the lack of routing marks on IPv6 :-( Plus, time is running out.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 28, 2012 1:32 pm
by dominicbatty
Yeah, it's such a shame that something this important has been missed from IPv6 with no real acceptance or indication by Mikrotik of this being any sort of problem or issue they plan to address. Ignorance doesn't make problems go away, it just annoys people. They should indicate their plans and why they are not addressing this as an urgent issue.

1. We're not going to do it - we can buy something else or accept IPv6 isn't an option for us.
2. We're going to do it by X we can buy something else or choose to wait for X
3. Keep quiet and hope that this IPv6 thing is simply a fad which before too long will stop being so talked about and the problem might just go away ... is this even an option, it's certainly something that will reduce the customer base if nothing else.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 28, 2012 1:36 pm
by mrz
IPv6 policy routing requires rework of the routing so it will be possible to add this feature only after new routing comes out.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 28, 2012 1:55 pm
by dominicbatty
Your reply is gratefully received, this topic commenced in March 2012 and I think there are some earlier posts on the topic as well. There are obviously a lot of frustrated users left wondering how/what they were going to do to implement IPv6 but this now gives some clarity.

Are you stating that the IPv6 implementation of the new routing does have routing marks included in it from the outset?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 28, 2012 6:12 pm
by nickshore
IPv6 policy routing requires rework of the routing so it will be possible to add this feature only after new routing comes out.
Yes but this "new routing" was promised for RouterOS version 6 and yet IPv6 policy routing
is not in the release candidate.

What is the timescale for "new routing" ?

Nick.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Oct 01, 2012 8:00 pm
by darthjysky
This is very needed feature! Is there any time scale on this?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Nov 05, 2012 7:54 pm
by omidkosari
This feature is a must

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Dec 21, 2012 5:46 pm
by NetTraptor
Yes Please! Not even in the 6RCx

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Jun 20, 2013 11:21 am
by THG
Look what I found in RouterOS v6.1. :)

ros code

ipv6 firewall mangle add new-routing-mark=

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Jun 20, 2013 11:33 am
by omidkosari
Don't tell to anyone . it seems mikrotik does not like to introduce it's features :lol:

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri May 09, 2014 4:38 pm
by AnBordSnip
Look what I found in RouterOS v6.1. :)

ros code

ipv6 firewall mangle add new-routing-mark=
I can see there is the ability to add routing mark, however there is no "action" to "mark-routing" so that it is used.

In addition there is no option for "routing-mark" under "ipv6 route add"

I'm using v6.12, am I missing something?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Aug 28, 2014 12:36 am
by warlord
I just ran into this today. I have multiple IPv6 tunnels that provide different networks, so I need to be about to route out the correct tunnel based on the source address. Running 6.18 and this action still doesn't exist under ipv6 firewall mangle. (Mostly posting a "me too" so I get emails in case this ever gets solved). Too bad, I was hoping that my move to RouterOS from dd-wrt would give me this functionality. :(

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Sep 04, 2014 1:28 pm
by bazzer
I asked about route marking for IPv6 over 2 years ago and still no sign of it. http://forum.mikrotik.com/viewtopic.php ... 40#p225402 Fobbed off then and still being fobbed off now.

4 years on... Would Mikrotik like to make a comment on the time scale now for this implementation?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Sep 24, 2014 7:15 pm
by bazzer
The silence is deafening!

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Feb 12, 2015 1:55 pm
by bazzer
Yep, me again...
...any sign of this making it into v6.xx or is now on hold till v7 or 8 or 9?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Thu Feb 12, 2015 2:12 pm
by dominicbatty
it's already a difficult push for people to move to IPv6, however, it's going to be impossible if the IPv6 facilities are not at the very most basic level equivalent to the IPv4 facilities, you would assume addressing this issue would be one of the most important things facing Mikrotik at the moment?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sun Apr 26, 2015 1:51 pm
by NAB
Just to add a 'me too', we've managed to avoid needing this for a while, but now we do. I'd be grateful if MT could provide the merest hint of a timescale. Please? Pretty please? Pretty please with sugar on?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sun Jul 26, 2015 4:16 pm
by Cha0s
v6.30.2 - still no routing-marks support :(

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Aug 17, 2015 1:13 pm
by AnBordSnip
Surely this will move things along:

http://www.internetsociety.org/deploy36 ... os-9-apps/

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Aug 17, 2015 2:23 pm
by nest
I doubt it.

It has been said many times by various MT staff. Once they stop using the routing engine embedded in the Linux kernel and rewrite all their own routing code, they can then add the code to support IPV6 Routing marks. Yes, we were first promised it was coming in v6. Now we're being told v7. Like all companies, they have constantly shifting priorities which are led from a number of external and internal factors. So it will be released when they're ready and they believe it's stable (ish!). :)

Sadly however it's not just the lack of routing mark functionality that is stopping us using IPV6 in our WISP. There is also missing support with the PPPoE Server and Radius which means we can only provide a IPV4 address to the CPE. Until full IPV6 Radius Attribute functionality is working, we are stuck with using just IPV4 at the moment. :(

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sat Sep 12, 2015 8:36 pm
by bazzer
Oops.. missed the 5th anniversary of requesting this option/feature.

Still no real indication of when this will happen and yet it was said to be included in the re-written route engine. Maybe developer resources need to be channelled towards this goal instead prolonging the arrival of this fabled version by over pimping old code base?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed May 18, 2016 11:37 am
by NAB
One year ago I requested:
I'd be grateful if MT could provide the merest hint of a timescale.
and still no sight or sound of what is fast becoming a deal-breaker for MT kit. We're now in the process of quoting for a rollout which must include IPv6 and are going to have to heavily caveat our proposal...

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Sep 16, 2016 1:02 pm
by bazzer
Happy 6th anniversary :-)

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Oct 07, 2016 10:31 pm
by mbeauverd
Any news about that ???

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sat Oct 22, 2016 11:04 am
by bazzer
Any news about that ???
I don't think you'd appreciate a repeat of the standard reply. Something about v7?

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sat Oct 22, 2016 12:02 pm
by mbeauverd
Not very much support on this forum indeed...

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Dec 20, 2016 9:36 pm
by hacknix
I just found out I can't do this, :-(

I have had a lot of this recently. It's a shame, I've been a fan of Mikrotik for a while, but I might just have to move back to what I did before: building my own linux-based routers.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Tue Aug 15, 2017 8:45 pm
by bazzer
7th anniversary is fast approaching (3rd September)! :lol:

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Aug 16, 2017 1:02 am
by ZeroByte
Well, FWIW, the OP's concern really wouldn't be fixing what he thinks it's fixing by having policy-based routing on IPv6 because it would on;y handle the egress forwarding - i.e. he can load balance the outbound traffic all day long, but his ISP is the one responsible for load-balancing the return traffic. In fact, if the ISP will do that for inbound, and you're like most ISPs where inbound is like 6x the outbound anyway, the chances are that a simple floating static backup route would take care of everything the OP wanted to do.

For those not understanding why - it's because ROS can't do NAT on IPv6 so simply forwarding packets out one connection won't cause the replies to come back in the same interface.

That doesn't mean that PBR isn't a very useful tool that should be implemented anyway despite the lack of NAT. . . .

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Aug 16, 2017 1:26 am
by bazzer
OP wanted uplink Round Robin packet balancing. I can not see where NAT was ever mentioned. The concept of what the OP was to utiise all available bandwidth by (if need be) a single data stream and not ECMP. OP stated they had native IPv6.
I am aware of the method the OP is reqesting as i constructed the original IPv4 config for said ISP and it was based on PBR.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Aug 16, 2017 4:16 pm
by ZeroByte
OP wanted uplink Round Robin packet balancing.
Yes, but my impression was that the goal was to balance the inbound traffic. The only way that would happen based on outbound load balancing is if the src address is natted to the egress interface. The other concern was redundancy, which can be handled in straightforward ways w/o PBR.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Wed Aug 16, 2017 5:39 pm
by bazzer
The ISP handles the downlink aggregation, again using RR. As for fail over or redundancy, simple, what ever link is left carries the lot. I ran this method of link aggregation combining 4 ADSL circuits for over 4 years until VDSL came along. Again I did 2 aggregated VDSL circuits using this method with a successful 150mbit down link and 38mbits uplink . Both circuits rated at 80/20. No NAT required. I gather the ISP has updated the end user wiki to now include a NAT'd config but alas IPV6 will still not be possible using the PBR method without running through a 6to4

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Dec 11, 2017 12:20 am
by HellKern
Hi guys, i had same issue - two ISP's, routing marks and ipv6 via 6in4 tunnel, so what i made - IP > Routes > Rules > added rule for dst. address=%hurracane electric 6in4 gateway%, action=lookup, table=%routing mark for corresponding ISP% and tunnel is start to work.
Hope it will be helpful =)

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Dec 11, 2017 9:43 pm
by bazzer
Hope it will be helpful =)
Indeed it is but not for the OT. You are only route marking IPv4 in this instance. IPv6 route marking is still not available.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Mon Sep 10, 2018 3:20 am
by _saik0
Still nothing? Same with v6 NAT. transparent proxy and IPS/IDS implementation depend on this.
Iptables has that feature for a long time, i don't understand why exactly ROS7 is necessary.

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Sun Sep 30, 2018 5:52 pm
by bazzer
7th anniversary is fast approaching (3rd September)! :lol:
8th anniversary!
Meaning 8 BUMP BUMP BUMP BUMP BUMP BUMP BUMP BUMP - and one for luck - *BUMP*!

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Aug 30, 2019 1:47 pm
by candlerb
Having had IPv6 via a tunnel broker for a long time, I now have another ISP connection with native IPv6.

It would be *sooooo* helpful if I could policy-route packets with the old IPv6 source range down the tunnel, and packets with the new source range down the native connection. It would allow me to deploy the new addresses incrementally onto each server. Indeed, the servers could keep both old and new addresses and I'd have redundancy for inbound connections (with the tunnel bound to the old ISP connection).

The other issue is lack of fasttrack on IPv6. I can happily fill the new link on IPv4, but IPv6 maxes out the CPU :-(

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Posted: Fri Aug 30, 2019 1:49 pm
by bazzer
Happy 9th anniversary in 4 days time!
:lol: :lol: :lol: