Community discussions

MikroTik App
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

DHCPv6 for home installations?

Sun Apr 08, 2012 5:39 am

We had a problem with our cable modem today, and in the process of troubleshooting it, I noticed that my laptop was able to get an IPv6 address. This meshes well with what Comcast has announced so far - single hosts can perform a prefix solicitation and so on, but for networks, they will support DHCPv6 "later."

I have turned on the DHCPv6 client on my routerboard, and it's searching.

But what confuses me is that it seems to want to assign the prefix to a prefix pool. The Mikrotik wiki page talks about using prefix pools for PPP clients and the like. I have, in fact, used a /48 prefix pool to assign /64s to my VPN client, but that's another kettle of fish.

I assume (perhaps naively) that the prefix I'm going to get from DHCPv6 is going to be a /64. What I want to do is simply assign that prefix directly to the "inside" interface (in my case, it's a bridge that encompasses all of the Ethernet ports).

How is this sort of thing going to work? Does anyone have a similar configuration working presently?
 
biomesh
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Feb 10, 2012 8:25 pm

Re: DHCPv6 for home installations?

Sun Apr 08, 2012 6:26 pm

You won't need a dhcpv6 server for this - just a dhcpv6 client(the pool option is there in case you do get a larger allocation like a /48 and need to handle your own delegation). Your wan interface will get the /64 allocation then you will advertise that /64 using (RAs/ND) on your internal network. Autoconfig will do the rest.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Mon Apr 09, 2012 3:38 am

You won't need a dhcpv6 server for this - just a dhcpv6 client(the pool option is there in case you do get a larger allocation like a /48 and need to handle your own delegation). Your wan interface will get the /64 allocation then you will advertise that /64 using (RAs/ND) on your internal network. Autoconfig will do the rest.

Ok. So how do I configure this? /ipv6 dhcp-client requires a pool. A pool requires an initial assignment.

At the moment, I have

/ipv6 pool add name="ipv6-local" prefix="2001::/16" prefix-length=64
/ipv6 dhcp-client interface="ether1-gateway" pool-name="ipv6-local" pool-prefix-length=64

That just doesn't seem right to me.

Also, how do I get the prefix from the outside interface to the inside?

UPDATE...

I changed the above to /ipv6 dhcp-client interface="ether1-gateway" pool-name="none"

but it still begs the question - how does a prefix that the dhcp client obtains get put on the inside?
 
biomesh
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Feb 10, 2012 8:25 pm

Re: DHCPv6 for home installations?

Mon Apr 09, 2012 6:57 am

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui.

You can assign the default prefix to the wan address but set to not advertise. The internal address could then be set to $PREFIX::1/64 and also be set to advertise the prefix on the internal interface.

Without access to the pool via the cli, you cannot script the address and route assignment though.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Tue Apr 10, 2012 9:10 am

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui.

You can assign the default prefix to the wan address but set to not advertise. The internal address could then be set to $PREFIX::1/64 and also be set to advertise the prefix on the internal interface.

Without access to the pool via the cli, you cannot script the address and route assignment though.
Scripting it implies that you'll have to trigger a script on a DHCPv6 event (that is, make the script perform the prefix assignment whenever the DHCPv6 client obtains a new prefix. Is that correct?
 
biomesh
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Feb 10, 2012 8:25 pm

Re: DHCPv6 for home installations?

Tue Apr 10, 2012 5:18 pm

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui.

You can assign the default prefix to the wan address but set to not advertise. The internal address could then be set to $PREFIX::1/64 and also be set to advertise the prefix on the internal interface.

Without access to the pool via the cli, you cannot script the address and route assignment though.
Scripting it implies that you'll have to trigger a script on a DHCPv6 event (that is, make the script perform the prefix assignment whenever the DHCPv6 client obtains a new prefix. Is that correct?
The dhcpv6 client that is included with ROS only requests a prefix from a specific interface but does not do anything with the prefix automatically (other than create a pool with the prefix). In my lab I configured an external interface with the client to pull a prefix (/64). I then added an IPv6 address on the internal interface (/64) from the pool and set it to advertise. You will also need an IPv6 address on the external interface to handle routing(along with the default route/s being set - ::/0 and 2000::/3). I don't know how most ISPs will be using IPv6 PD so it is really hard to setup your device ahead of time to get everything working correctly.

If someone is a part of the comcast IPv6 deployment it would be great to hear how things are going to work.
 
biomesh
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Feb 10, 2012 8:25 pm

DHCPv6 for home installations?

Thu Apr 12, 2012 4:01 am

I did some testing and the linksys/cisco consumer level device will request a prefix and an address. The address is assigned on the external interface and the prefix is assigned and advertises on the local network (with $PREFIX:: being the default lan gateway).
Right now the routeros dhcpv6 client implementation is fairly limited in that the external address will have to be manually assigned. Hopefully there will be an update to the dhcpv6 client to support obtaining an address and a prefix on an interface.

I have opened a ticket with support with basically the same information as this post to get some feedback on when/if the functionality will be added.

Sent from my BlackBerry 9800 using Tapatalk
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Thu Apr 12, 2012 8:52 am

If you want to delegate the pool to the inside, there is not necessary the need to assign a IPv6 to the outside interface - the link local address would do.

So if using DHCPv6 you should set it up with a pool name without initializing the pool...
/ipv6 dhcp-client add interface=ext-if pool-name=ipv6test

Then assign an address to the internal interface from that pool, but stating the address "::/64"
/ipv6 address
add address=::/64 advertise=yes disabled=no eui-64=no interface=int-if from-pool=ipv6test

and set up ND to advertise it on the internal interface (only /64 works with RA))
/ipv6 nd
add advertise-dns=yes advertise-mac-address=yes hop-limit=64 interface=int-if

Set the default ipv6 route to the ext-if interface
/ipv6 route
add dst-address=::/0 gateway=ext-if

Make sure to accept UDP port 546 and ICMPv6 on input chain for DHCPv6 to work and a forward rule to the internal network.
/ipv6 firewall filter
add action=accept chain=input comment=ICMPv6 protocol=icmpv6
add action=accept chain=input comment="DHCPv6 client" dst-port=546 in-interface=ext-if protocol=udp
add action=drop chain=input comment="Drop the rest"
add action=accept chain=forward comment="Accept forward" in-interface=int-if
add action=accept chain=forward comment="Accept forward" out-interface=int-if
add action=drop chain=forward comment="Accept forward"
add action=accept chain=output comment="Accept output"

Sorry for possible wrong console commands here but i'm not familiar with them and i use WinBox and got them from exports.

This works on my home setup...
Have fun.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
biomesh
Member Candidate
Member Candidate
Posts: 152
Joined: Fri Feb 10, 2012 8:25 pm

Re: DHCPv6 for home installations?

Thu Apr 12, 2012 6:17 pm

If you want to delegate the pool to the inside, there is not necessary the need to assign a IPv6 to the outside interface - the link local address would do.

So if using DHCPv6 you should set it up with a pool name without initializing the pool...
/ipv6 dhcp-client add interface=ext-if pool-name=ipv6test

Then assign an address to the internal interface from that pool, but stating the address "::/64"
/ipv6 address
add address=::/64 advertise=yes disabled=no eui-64=no interface=int-if from-pool=ipv6test

and set up ND to advertise it on the internal interface (only /64 works with RA))
/ipv6 nd
add advertise-dns=yes advertise-mac-address=yes hop-limit=64 interface=int-if

Set the default ipv6 route to the ext-if interface
/ipv6 route
add dst-address=::/0 gateway=ext-if

Make sure to accept UDP port 546 and ICMPv6 on input chain for DHCPv6 to work and a forward rule to the internal network.
/ipv6 firewall filter
add action=accept chain=input comment=ICMPv6 protocol=icmpv6
add action=accept chain=input comment="DHCPv6 client" dst-port=546 in-interface=ext-if protocol=udp
add action=drop chain=input comment="Drop the rest"
add action=accept chain=forward comment="Accept forward" in-interface=int-if
add action=accept chain=forward comment="Accept forward" out-interface=int-if
add action=drop chain=forward comment="Accept forward"
add action=accept chain=output comment="Accept output"

Sorry for possible wrong console commands here but i'm not familiar with them and i use WinBox and got them from exports.

This works on my home setup...
Have fun.
AFAIK, you cannot route across networks using Link Local addressing, so you need a global unicast address on your external interface. (This is how it worked in my testing)
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Fri Apr 13, 2012 8:50 am

In the above configuration, i don't use the local link address, i just forward traffic from assigned pool addresses on the inside network to the gateway via the outside interface, which does not have an assigned unicast address. Since there is no NAT in IPv6 this works (at least in my setup). But it probably also depends on the ISPs network setup.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
jadu
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Sat Feb 05, 2011 9:22 am
Location: Bucharest - Constanta

Re: DHCPv6 for home installations?

Sat May 05, 2012 10:57 am

great docmarius, for me it's working, i think we have the same ISP here RDS tests for ipv6 are 10/10 and also ipv6.google.com it's working
------------------------
Don't give thanks, give karma instead!
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Sun May 06, 2012 4:27 pm

@jadu: if RCS/RDS would manage to assign the same pool on every PPPoE connect for a specific client, maybe we could also do some real firewalling and server setup :lol:
But this seems to have to wait. Still using tunnels for servers with native ipv6 available.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Thu Jul 19, 2012 6:53 am

This comes really close for me (with RouterOS 5.19 on Comcast), but

/ipv6 route add dst-address=::/0 gateway=ext-if

does not work. I was forced to use

/ipv6 route add dst-address=2000::/3 gateway=fe80::[EUI-64 of ISP router]%ext-if

What does setting gateway=[interface] supposed to do?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Thu Jul 19, 2012 8:53 am

/ipv6 route add dst-address=::/0 gateway=ext-if
...
What does setting gateway=[interface] supposed to do?
The above setting tells your router the default gateway for IPv6 packets and states the next hop for packet routing.
So in the above line, if there is no other route in place, the packet will be sent via the ext-if interface to your uplink provider using the settings of that particular interface, more exactly using link-local addresses predefined for local routing (fe80::1 if i remember correctly).
/ipv6 route add dst-address=2000::/3 gateway=fe80::[EUI-64 of ISP router]%ext-if
Your line applies only to 2000::/3 addresses and specifies an exact routing path overriding any interface defaults, so that your next hop is fe80::[EUI-64 of ISP router].

You could also try a more generic statement (default route which covers all destinations, not only 2000::/3):
/ipv6 route add dst-address=::/0 gateway=fe80::[EUI-64 of ISP router]%ext-if
This should cover basically all your needs.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Fri Jul 20, 2012 4:30 am

/ipv6 route add dst-address=::/0 gateway=ext-if
...
What does setting gateway=[interface] supposed to do?
The above setting tells your router the default gateway for IPv6 packets and states the next hop for packet routing.
So in the above line, if there is no other route in place, the packet will be sent via the ext-if interface to your uplink provider using the settings of that particular interface, more exactly using link-local addresses predefined for local routing (fe80::1 if i remember correctly).
/ipv6 route add dst-address=2000::/3 gateway=fe80::[EUI-64 of ISP router]%ext-if
Your line applies only to 2000::/3 addresses and specifies an exact routing path overriding any interface defaults, so that your next hop is fe80::[EUI-64 of ISP router].

You could also try a more generic statement (default route which covers all destinations, not only 2000::/3):
/ipv6 route add dst-address=::/0 gateway=fe80::[EUI-64 of ISP router]%ext-if
This should cover basically all your needs.
Well,

/ipv6 route add dst-address=::/0 gateway=fe80::[eui64 of ISP router]%ext-if

works just as well (so far as I can tell) as with dst-address=2000::/3.

But

/ipv6 route add dst-address=::/0 gateway=ext-if

does not work at all for me.

Is there anything I need to do to nd on the external interface for it to send router solicitations and obtain a router?

I'd prefer not to hard-code the MAC address of my ISP's router in my router config.

I'd think the thing to do would be to set the gateway to ff02::2%ext-if, but it says that's an invalid configuration.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Fri Jul 20, 2012 8:47 am

AFAIK, fe80::1 is usual the default routers link local address.
Now if your provider decides to use something else...
But it is not hardcoded to a specific MAC. Just a link local address.
They probably use more than 1 router for user access so they have to set it up that way.

What i don't get is why the dhcp client does not set a gateway address (I'm still digging on ipv6) or how to get that gateway to use it.
Shouldn't it provide a GW address also (like in IPv4)? Haven't found anything on that.
Maybe there is a missing "set default gateway" in the DVCPv6 setup like in v4 or something?
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6077
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: DHCPv6 for home installations?

Fri Jul 20, 2012 10:22 am

Maybe there is a missing "set default gateway" in the DVCPv6 setup like in v4 or something?
Starting from v5.18 there is an option add-default-route on the client.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Fri Jul 20, 2012 6:25 pm

Maybe there is a missing "set default gateway" in the DVCPv6 setup like in v4 or something?
Starting from v5.18 there is an option add-default-route on the client.
I see I did not have that turned on. I've turned it on, but the behavior is unchanged. With the gateway simply set to ext-if, it fails. With it set explicitly to the ISP router's LL, it works.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Fri Jul 20, 2012 7:20 pm

Starting from v5.18 there is an option add-default-route on the client.
I've checked again and again in 5.19... Is it missing in WinBox ?
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Sat Jul 21, 2012 12:44 am

This is a little odd looking. From /ipv6 route print get


2 ADC dst-address=2601:9:4980:52::/64 gateway=bridge1
gateway-status=bridge1 reachable distance=0 scope=10

3 DS dst-address=2601:9:4980:52::/64
gateway=fe80::201:5cff:fe3c:b241%ether1-gateway
gateway-status=fe80::201:5cff:fe3c:b241%ether1-gateway reachable
distance=1 scope=30 target-scope=10

(0 is the static route I've added to make it work. 1 is disabled. Both are omitted to save clutter).

2601:9:4980:52::/64 is the prefix obtained via DHCPv6. Route #2 looks sensible. Route #3... If the destination were ::/0, then it would be correct, but why is it the 2601 prefix?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Sat Jul 21, 2012 5:50 am

Addendum: Now the set default gateway command is there but not available in winbox, only in command line mode...

@nsayer: What ROS version are you using? /ipv6 route print looks different in 5.19...
[admin@MikroTik] /ipv6 route> /ipv6 route print     
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  ::/0                     RDS-PPPoE                       1
 ...
 5 ADC  2a02:2f02:1022:f0cb::/64 ether1                          0
[admin@MikroTik] /ipv6 route> 
Here rule 0 is the default route and i do not get any dynamic route to the provider, only to ether1 which is my internal network the prefix pool is delegated to.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Sat Jul 21, 2012 6:18 am

I am using 5.19. I have no explanation for any difference.

[edit]

Well... Except I did a "print detail" and the site might be reformatting it a bit.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Sat Jul 21, 2012 10:14 am

ok... i missed that "detail" parameter :?

so here are my settings (ether1 - internal, RDS-PPPoE - external interface)...
 0 A S  dst-address=::/0 gateway=RDS-PPPoE gateway-status=RDS-PPPoE reachable distance=1 scope=30
        target-scope=10
...
 5 ADC  dst-address=2a02:2f02:1022:f0cb::/64 gateway=ether1 gateway-status=ether1 reachable 
        distance=0 scope=10
Nothing else related to that interfaces.

DHCP client:
 0    interface=RDS-PPPoE pool-name="ipv6test" pool-prefix-length=64 status=bound 
      prefix=2a02:2f02:1022:f0cb::/64 duid="00030001000c42a0636c" add-default-route=no
Local IP assignement:
1  G address=2a02:2f02:1022:f0cb::1/64 interface=ether1 actual-interface=ether1 eui-64=no 
      advertise=yes
Assignement is dynamic form dhcp pool using address=::1/64 and there is NO PUBLIC IPv6 assigned to the external interface, only LL...

And on ND:
 0    interface=ether1 ra-interval=20s-1m ra-delay=3s mtu=unspecified reachable-time=unspecified 
      retransmit-interval=unspecified ra-lifetime=30m hop-limit=64 advertise-mac-address=yes 
      advertise-dns=yes managed-address-configuration=no other-configuration=no
Now why the difference... i don't know.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Sun Jul 22, 2012 7:51 pm

The biggest difference I see is that I have 3 routs showing instead of two:

 0 A S  dst-address=::/0 gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=1 scope=30 
        target-scope=10 

 1 X S  dst-address=::/0 gateway=fe80::201:5cff:fe3c:b241%ether1-gateway 
        gateway-status=fe80::201:5cff:fe3c:b241%ether1-gateway inactive 
        distance=1 scope=30 target-scope=10 

 2 ADC  dst-address=2601:9:4980:52::/64 gateway=bridge1 
        gateway-status=bridge1 reachable distance=0 scope=10 

 3  DS  dst-address=2601:9:4980:52::/64 
        gateway=fe80::201:5cff:fe3c:b241%ether1-gateway 
        gateway-status=fe80::201:5cff:fe3c:b241%ether1-gateway reachable 
        distance=1 scope=30 target-scope=10 
When route 0 is enabled and 1 disabled, it doesn't work. When it's the other way around, it does.

I'm testing by using /ping on IPv6 literals to public hosts. When that works, the inside hosts work fine as well.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Sun Jul 22, 2012 8:13 pm

I think i don't get your setup details...

You have an interface called ether1-gateway which is your ISP connection.
Another one called bridge1 as your internal interface.

If this is correct, your route number 3 is wrong!

If 2601:9:4980:52::/64 is your delegated prefix, than there must be only 1 route to that prefix, via bridge1.
There are no addresses 2601:9:4980:52::/64 via ether1-gateway route, all are delegated to you and must be IPs of bridge1 or via bridge1.

Do you use a pool for prefix delegation?
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
bdbbdb
just joined
Posts: 2
Joined: Fri Jul 20, 2012 6:56 am

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 4:09 am

I'm able to reproduce the same behavior with from-pool and add-default-route. Details are in this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=63777

I think there are two separate bugs in 5.19:

1) add-default-route actually adds a route *for the prefix received via dhcpv6-pd*, not a default route. I can reproduce this and it looks like you can too.
2) /ipv6 address attribute from-pool does not seem to be effective.

I was able to get home IPv6 up and running, albeit in a hacky configuration, by:

1) disabling add-default-route, but manually adding a default route pointing to v6 LL address of the CMTS
2) manually addressing my internal interface with the prefix handed out by dhcpv6-pd

Can anyone else reproduce this behavior? If so, we should confirm as a bug and submit to mikrotik support.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 7:44 am

I think i don't get your setup details...

You have an interface called ether1-gateway which is your ISP connection.
Another one called bridge1 as your internal interface.

If this is correct, your route number 3 is wrong!
I agree that route 3 is wrong. It is, however, what showed up when I turned "add-default-route" on in the dhcpv6 client.
If 2601:9:4980:52::/64 is your delegated prefix, than there must be only 1 route to that prefix, via bridge1.
There are no addresses 2601:9:4980:52::/64 via ether1-gateway route, all are delegated to you and must be IPs of bridge1 or via bridge1.

Do you use a pool for prefix delegation?
Yes. That's what results in the creation of route #2.

I've sent a supout.rif to support.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6077
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 9:31 am

Contact support with attached supout files.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 11:24 pm

I'm able to reproduce the same behavior with from-pool and add-default-route. Details are in this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=63777

I think there are two separate bugs in 5.19:

2) /ipv6 address attribute from-pool does not seem to be effective.
That appears to be working for me.
I was able to get home IPv6 up and running, albeit in a hacky configuration, by:

2) manually addressing my internal interface with the prefix handed out by dhcpv6-pd
I didn't need to do that. I just added an address of ::/0, with from-pool, and turned off Use EUI64 and turned on advertising.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 11:43 pm

AFAIK you also need to enable RA in IPV6/ND (Neighbour discovery) and enable advertisement of MAC and DNS (if you need it - mikrotik's dns server supports IPv6 resolution) on your internal interface.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Mon Jul 23, 2012 11:47 pm

AFAIK you also need to enable RA in IPV6/ND (Neighbour discovery) and enable advertisement of MAC and DNS (if you need it - mikrotik's dns server supports IPv6 resolution) on your internal interface.
I don't advertise DNS. MacOS X machines appear to be allergic to that (at least, last time I tried it).
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Tue Jul 24, 2012 5:20 pm

Support responded to me saying there would be a fix in the next release. Huzzah!
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Tue Jul 24, 2012 10:11 pm

Good news!
And maybe we will get the "Use default gateway" checkbox in Winbox also :)
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
uebi
Member Candidate
Member Candidate
Posts: 117
Joined: Tue Sep 13, 2005 5:27 pm
Location: Austria
Contact:

Re: DHCPv6 for home installations?

Mon Jul 30, 2012 2:18 pm

Hi everyone!

Thanks for the great post!

I'm currently testing the PPPoE Server with RouterOS 5.19 and giving out /64 IPv6 prefixes to PPPoE Clients. This works fine with RouterOS Clients (in my case I'm manually configuring one IPv6 address out of the prefix on the PPPoE Clients LAN side). If I have a non-RouterOS client as many customers do (for example a D-Link DIR-600 or Linksys E900) which support IPv6, than I'm running into some troubles :-(

On both tested routers (D-Link DIR-600 and Linksys E900) they see the prefix on the WAN port if I'm giving it out via the PPPoE Secret (Remote IPv6 prefix). On the D-Link I can configure the LAN IPv6 address but it still doesn't work as the Router believes that the prefix is on the WAN (PPPoE out so to speak) interface.
If I'm using the RouterOS DHCP PD feature as explained in the Wiki it works like a charme with both Routers (the D-Link and the Linksys), BUT:
How can I be sure that a certain IPv6 PPPoE client always receives the same prefix?? DUID would help, but with the standard DHCP PD the client could change the end device and receive a different prefix. I could make some frewall rules which drop all not "officially" configured prefixes, but this would be some additional work as there is no automatic "add to address list" feature like with IPv4 PPPoE addresses. I also don't wanna configure a single profile for every single secret with a single pool for every single user *G*


Are there currently any BCPs for MikroTik+PPPoE+static IPv4 address+static IPv6 prefix??



Big thanks and kind regards,
uebi
"They have the Internet on computers now?" - Homer Simpson
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Tue Jul 31, 2012 8:21 am

Hi,
Why do you need one of the IP6 assigned to the PPoE LAN side?
As long as you don't need router access on that interface/IP combination it has no use.
All IPv6 enabled interfaces have a LL address assigned automatically for data transport purposes, and only forwarding has to be done for "inside" addresses.
IPv4 needed that interface address mainly for NAT purposes which is not available in IPv6.

On the other hand, RA is intended to assign addresses to one single broadcast domain (speak 1 LAN) and uses a single /64 prefix and assigns individual addresses to interfaces (in fact the addresses are locally generated, and the RA server has no exact idea how, it just advertizes the prefix, the router and optionally the DNS). It is not intended for PD nor is it capable to do such thing.
So, to do PD on a subsequent router, you have to assign a address range to it (at least /64), using e.g. DHCP, or by hand, so it can create a pool from which to delegate individual addresses (not prefix ranges) to its LAN.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
uebi
Member Candidate
Member Candidate
Posts: 117
Joined: Tue Sep 13, 2005 5:27 pm
Location: Austria
Contact:

Re: DHCPv6 for home installations?

Tue Jul 31, 2012 10:24 am

Why do you need one of the IP6 assigned to the PPoE LAN side?
As long as you don't need router access on that interface/IP combination it has no use.
All IPv6 enabled interfaces have a LL address assigned automatically for data transport purposes, and only forwarding has to be done for "inside" addresses.
IPv4 needed that interface address mainly for NAT purposes which is not available in IPv6.

On the other hand, RA is intended to assign addresses to one single broadcast domain (speak 1 LAN) and uses a single /64 prefix and assigns individual addresses to interfaces (in fact the addresses are locally generated, and the RA server has no exact idea how, it just advertizes the prefix, the router and optionally the DNS). It is not intended for PD nor is it capable to do such thing.
So, to do PD on a subsequent router, you have to assign a address range to it (at least /64), using e.g. DHCP, or by hand, so it can create a pool from which to delegate individual addresses (not prefix ranges) to its LAN.
Well, that's what I actually meant.
I want to assign one /64 prefix to the customer's/end user's LAN. The customer's/end user's WAN port just has a LL (PPPoE) address. The only problem is that I don't know how to do that with a MikroTik (RouterOS) as PPPoE Server as long as the client isn't RouterOS, too (what can be the case of course). Well, in fact I know how it could work (Wiki's DHCP PD over PPP), but I want the customer/end user to have the same prefix all the time, what can't be guranteed with this solution afaik. The sweetest solution would be the "Remote IPv6 prefix" option in the PPP secrets. That works great with RouterOS clients, but not with others (D-Link and Linksys at least). So I'm wondering if this feature is not 100% conform to some standards or how it can be implemented to be compatible with other vendor's end devices.


KR,
uebi
"They have the Internet on computers now?" - Homer Simpson
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1225
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: DHCPv6 for home installations?

Tue Jul 31, 2012 9:27 pm

...
I want the customer/end user to have the same prefix all the time, what can't be guranteed with this solution afaik.
...
Why don't you simply assign static IPs/64 from your pool? Do you really want/need an DHCP server?

And regarding the DHCP server... There is something called "bindings" which i think is ment to do exactly this: assign a ip/prefix to an DUID.
This DUID afaik is an unique machine identifier of the client. How exactly it is formed i don't know.
Never played with it so some digging is needed.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
nsayer
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Jun 02, 2011 5:32 pm
Location: Santa Clara, CA, US

Re: DHCPv6 for home installations?

Wed Aug 15, 2012 11:04 pm

The default route issue is, indeed, fixed in 5.20.

Who is online

Users browsing this forum: aeichhorn, sindy, Sob, wassy83 and 132 guests