Community discussions

MikroTik App
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 8:29 am

I have configured DHCPv6 client on the upstream interface. It received address and prefix correctly.
I can use the given prefix pool for a LAN network properly, and the upstream interface address is correct.

It doesn't work though, because the routing table has the wrong default route.
I check 'Add default route' in the DHCP client, and it adds a default route: `::/0 -> fe80::b6fb:e4ff:fe29:3a53%bridge.30`

Why that address for the upstream router?
I check the DHCPv6 client, and it shows [Server: `fe80::b6fb:e4ff:fe29:3a53`], so that's obviously where it's getting the default route from, but why?
The upstream DHCP server is `2001:df6:5880:1000::1`, the default route should lead there.

I guess my question is; why would the DHCP client present the wrong server address? Where did it get it from?
/ipv6 dhcp-client
add add-default-route=yes interface=bridge.30 pool-name=isp_pool request=address,prefix


> /ipv6/dhcp-client> print detail 

Flags: D - dynamic; X - disabled, I - invalid 
 0    interface=bridge.30 status=bound duid="0x000300012cc81bff9ef7" 
      dhcp-server-v6=fe80::b6fb:e4ff:fe29:3a53 request=address,prefix       <<< !!! why this?
      add-default-route=yes default-route-distance=1 use-peer-dns=yes 
      dhcp-options="" pool-name="isp_pool" pool-prefix-length=64 
      prefix-hint=::/0 dhcp-options="" 
      prefix=2001:df6:5880:10fb::/64, 11h27m13s 
      address=2001:df6:5880:1000::ff00, 11h27m13s
      
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 8:49 am

DHCPv6 client is not supposed to add default route at all, it should come from RA. The add-default-route=yes is just weird hack. See e.g.:

viewtopic.php?t=181367
viewtopic.php?p=900035#p900035
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 8:58 am

I don't understand. If an entry doesn't go in the routing table to pass traffic upstream, how does the router know where to send traffic destined for upstream?
If I uncheck "add default route", the `Server` address is still wrong, and then the routing table has nothing... I can't see how it's meant to work? Where can I see that the router recognises the RA from the upstream router?
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 9:59 am

The dhcp-server-v6=fe80... is address of DHCPv6 server, that should be ok. Option add-default-route=yes simply assumes that dhcpv6 server is the same machine as default gateway, which is not necessarily true. Correct way is add-default-route=no and router should get gateway from RA. Which can be enabled using:
/ipv6 settings set accept-router-advertisements=yes
You won't see this default route anywhere in UI (that's either bug or unfinished thing, take your pick), but it will work. Well, that's if you have v6, in v7 it's currently broken and doesn't work at all.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 10:31 am

Oh... I'm on 7.1.1.

I tried adding a default route manually:
::/0 -> 2001:df6:5880:1000::1

But that didn't work. I can ping 2001:df6:5880:1000::1, reachable via the WAN interface, but I can't find a way to make it work as the gateway :/

Why do you say:
The dhcp-server-v6=fe80... is address of DHCPv6 server, that should be ok
Why would that be okay? fe80... is NOT the DHCP server or the gateway. The gateway (and DHCP server) is 2001:df6:5880:1000::1. It refuses to acknowledge the gateway afaict, and reports the wrong dhcp server address. That's my initial question here, where on earth did that fe80... server address come from? That's not an address anywhere in my network.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 10:44 am

Lol, okay so I initially added the default route manually using winbox UI, and it looked right but it didn't work. I deleted that and then added it using the command line... all the same parameters, and it worked that time. The router can reach upstream now with the static default route added.
Perhaps a UI/Winbox bug adding ip6 static routes...? Weird!
Last edited by ManuEvans on Tue Jan 25, 2022 11:22 am, edited 1 time in total.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 10:59 am

Aaaand, it's still broken.
By adding the default route manually, the router can reach the internet successfully, but now slaac clients on the LAN can't.
I gave the LAN interface an address from the prefix pool received by the dhcp client and specified `advertise`. The LAN interface address is a correct address from the pool, and I expect the advertise option to issue RA's to the LAN for clients to configure using this router as gateway.
My clients receive slaac addresses in the pool's proper address space, so the RA must be being received by the clients, but the clients have a gateway address which is another fe80... address, and NOT the address of this router, which should surely be taken as the gateway for the LAN clients... I don't get it, what gives?

Same problems on both the WAN an the LAN side. On the LAN side, there's virtually nothing to configure... I just enable `advertise` on the LAN interface address. What could possibly go wrong there?
 
mkx
Forum Guru
Forum Guru
Posts: 7672
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 2:29 pm

Here I have a working setup on ROS 6.49.1 where IPv6 details are obtained via DHCPv6:
/ipv6 dhcp-client
add add-default-route=yes interface=eth1 pool-name=ipv6-pool request=prefix
/ipv6 address
add address=::0.1.0.0 from-pool=ipv6-pool interface=bridge
and IPv6 settings left at default
/ipv6> settings print 
                       forward: yes
              accept-redirects: yes-if-forwarding-disabled
  accept-router-advertisements: yes-if-forwarding-disabled
          max-neighbor-entries: 8192
so I guess no hidden default route in the game.

The above setup receives a prefix from DHCP server with IPv6 address fe80::e59:9cff:fe06:3885 and sets default route via gateway=fe80::e59:9cff:fe06:3885%eth1-WAN ... and it seems that ISP is happy about it.

N.b. the link-local address of upstream gateway doesn't show on any traceroutes I might do ... the first address shown is a global address. When doing traceroute from LAN linux host, the same global address is then shown as address of hop #2 (what I'd expect anyway).
I've another location where ISP provides service via PPPoE ... in that case IPv6 default route uses interface itself and the DHCP server link-local address is actually shown as the first hop after router if I perform traceroute on the router directly. If I run traceroute on a LAN linux machine, it doesn't show.
BR,
Metod
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 7:31 pm

IPv6 has few differences from IPv4, one of them is link-local addresses (fe80:...) that all interfaces have. It's perfectly fine for DHCPv6 server to have this address. Even default gateway is normally link-local address, if it's not manual config.

Can you post what exactly you configured?

@mkx: But you too use add-default-route=yes, which is the hack/shortcut that only works when DHCPv6 server is same machine as gateway, but it doesn't have to be, and then it doesn't work.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Tue Jan 25, 2022 7:45 pm

One way how to make it work with current v7 (until they fix it), assuming that you have the rest configured correctly and only default gateway is the problem, is to add it manually, only you need to find it first. It's not really good static config that can break, but slightly better than nothing. It can be done with the help of logging:
/system logging add topics=radvd
When you get line like this:
neighbor fe80::824d:48ff:fe46:a6b7 on interface <WAN> uses managed address configuration
You can add shown address as default gateway=fe80::824d:48ff:fe46:a6b7%<WAN>.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 1:29 am

Hmmm, okay, I see. I figured these link local addresses were just unconfigured interfaces which didn't get proper addresses from their router.
Why does everything have a link local address? They're gross and pollute every network graph I look at, and conceal basically everything I care about whether the network is configured correctly or not!
What's the go? Who thought that was a good idea? :/

I still get "no route to host" from my lan clients. It'd be really good if it used the ACTUAL address of the gateway and not a link-local address so I could easily diagnose address assignment issues.

So, is it bad I created an explicit default route for the router to reach up-stream? Is that not how it's supposed to work? Is that consequently why the LAN clients don't work at the next tier down?

@Sob: So, you're saying that the ros v7 stack is just totally broken? When you say "add as default gateway", you mean by adding a static route to ::/0 as I did, or some other way to add a default gateway?
Since I added the default route, the router works, but the LAN clients each don't work, presumably because they each have the wrong gateway. Again, the clients each have a fe80 address as the gateway, and not the address of the router's LAN interface... so how can I know if it's right or not?
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 1:42 am

It's not totally broken. If you have static config or if add-default-route=yes works for you and you don't have to get default gateway from RA, then it's fine. Also some 6to4 configs kill the router. But other than that, if you can live without some missing features, it's not bad and can be used. :)

Clients having fe80::... as gateway is ok, but it should be the one that router has on LAN interface. Do you see where this one came from?
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 3:07 am

My configuration is identical to what @mkx showed above, except I have `add-default-route=no`, and I created a static route for `::/0`.

I can say that multiple LAN clients both show the same link-local address as their gateway, so it must be some common foreign interface...
How can I see the link local addresses for the router? I can't find any record of any link local addresses on any interfaces in Winbox. Are these auto-generated interface addresses displayed anywhere?
[admin@cw-lot32] > ipv6/address/print
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
#    ADDRESS                                    FROM-POOL  INTERFACE  ADVERTISE
0  G 2001:df6:5880:10fb:2ec8:1bff:feff:9ef8/64  isp_pool   bridge     yes           [LAN - slaac advertise]
1 DG 2001:df6:5880:1000::fc/64                             bridge.30  no            [WAN - dhcp client]
You can see 2 addresses for the WAN and LAN interfaces... nothing else.

What I notice is that LAN clients CAN ping the LAN interface address (2001:df6:5880:10fb:2ec8:1bff:feff:9ef8), but they can NOT ping the WAN interface address (2001:df6:5880:1000::fc), and no route to any host outside the WAN. So, they can reach the router on L2, but the router doesn't seem to attempt to do any routing for the LAN clients, so I guess clients have the wrong gateway address. LAN clients do have a shared link local gateway address, and I don't know how to confirm if it's the router's LAN interface, or something else because the router doesn't show me anything :/

Can I force the router's RA's to include the proper interface address as the gateway address, rather than using a link-local address? I would ideally like to not propagate LL addresses anywhere because they're a massive hassle to debug. I'd really just like real proper addresses throughout the network if possible :/
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 4:10 am

What do you have in "/ipv6/settings/print"?
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 4:16 am

But that's probably nonsense. I thought that you could have disable-ipv6=yes, that would explain missing link-local addresses, but the rest would also behave differently.

Maybe you found another bug. But my 7.1.1 shows link-local addresses same way as others, they are in both IPv6->Addresses in WinBox and /ipv6/address/print in CLI.

Not being able to ping address on WAN (which is on same router) from clients is weird too. But it may be related to missing link-local addresses.

You could try to disable and then enable IPv6, perhaps that will bring link-local addresses back. And no, you can't get rid of them, IPv6 needs them.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 10:26 am

Regarding link-local addresses: they are not propagated nor the are “unconfigured”: they are self configured.

Having a link-local address as a gateway is totally fine, it even has a benefit of guaranteeing that the gateway is on the same link.

fe80::b6fb:e4ff:fe29:3a53 very likely points to the same interface of the same router as the known global address of your dhcpv6. You can verify this using the NDP table on your RouterOS.

Did you obfuscate the ipv6/address/print ? Lack of link-local addresses is unusual if not wrong.

If any of your clients are unix hosts, try the “ndp” to see whether clients see the router (by comparing the mac address). The “route” command can show IPv6 routes too. The “ping6” command can be used with the known multicast address for all link-local routers to assist in debugging: “ping6 ff02::2”.

Are you sure you did not misconfigure RouterOS and your other clients by trying to “fix” “unconfigured” link-local addresses, e.g. by purging them from ndp tables?
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 10:51 am

No obfuscation, that is the output. There is nothing in the list.
I'll try turning it off and on again when I'm home...
 
mkx
Forum Guru
Forum Guru
Posts: 7672
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 5:43 pm

@mkx: But you too use add-default-route=yes, which is the hack/shortcut that only works when DHCPv6 server is same machine as gateway, but it doesn't have to be, and then it doesn't work.

I've read some rumours about it and when time comes to install v7 on that router, I'll have to be careful.

Thanks for the logging command. It turns out that advertised router address is the same as added by DCHP client:
15:47:17 radvd,debug received Router Advertisement on  interface=eth1-WAN
15:47:17 radvd,debug neighbor fe80::e59:9cff:fe06:3885 on interface eth1-WAN uses managed address configuration
15:47:17 radvd,debug neighbor fe80::e59:9cff:fe06:3885 on interface eth1-WAN uses other stateful configuration
15:47:17 radvd,debug DNS server #1 2a01:260:1:2::3 valid: 1800
15:47:17 radvd,debug DNS server #2 2a01:260:1:3::3 valid: 1800

Will try without add-default-route option.
Last edited by mkx on Wed Jan 26, 2022 5:55 pm, edited 1 time in total.
BR,
Metod
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 5:47 pm

Try reaching https://help.mikrotik.com/servicedesk/servicedesk

They are quite responsive about bugs.
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
mkx
Forum Guru
Forum Guru
Posts: 7672
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 7:14 pm

@mkx: But you too use add-default-route=yes, which is the hack/shortcut that only works when DHCPv6 server is same machine as gateway, but it doesn't have to be, and then it doesn't work.
Will try without add-default-route option.

Yup, it works as advertised. After router receives RA advertisement (and with accept-router-advertisements=yes) router routes IPv6 packets just fine. Surely the default route doesn't appear on the list of routes.

Thanks Sob!
BR,
Metod
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 8:02 pm

Turns out that disable/re-enable ipv6 did cause the link-local addresses to appear. The address list is populated with one for every interface.
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 8:10 pm

That's good news.

Can you clients reach WAN via IPv6 now?
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 8:22 pm

Surely the default route doesn't appear on the list of routes.

FWIW: I just submitted a bug request regarding this issue SUP-72698
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 8:44 pm

@mkx: But it's still not great, because accept-router-advertisements is global, but you don't want to accept it on all interfaces, only on WAN.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 9:16 pm

@mkx: But it's still not great, because accept-router-advertisements is global, but you don't want to accept it on all interfaces, only on WAN.
I think that's a firewall territory (ICMPv6 type 134), IIRC the RFC does not forbid multiple sources of RAs on the link. RFC 6104 discusses it in some detail. TLDR: you want SEND but RouterOS (and SOHO ISPs) does not support it.
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Wed Jan 26, 2022 9:31 pm

Linux, which RouterOS is built on, has per-interface config. Yes, firewall should be also possible solution, but I'd much rather turn it on only where I need it, than have it turned on everywhere and have to do something extra to block some sources.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 6:08 am

That's good news.

Can you clients reach WAN via IPv6 now?
No... still more problems.

Okay, so here's the steps:
1. Initially, the router itself did receive a DHCP assignment and prefix delegation from the upstream gateway on the WAN interface, but it could not reach the internet.
2. It seemed the router was unable to reach the internet because there was no default route. When I added:
ipv6/route/add gateway=2001:df6:5880:1000::1 dst-address=::/0
add a static default route to the upstream gateway, the router was able to reach the internet, but LAN clients couldn't.
3. LAN clients couldn't reach the internet, apparently because the gateway address issued to the LAN clients was a link-local address, not the LAN interface's actual given address. The router seemed to have no link-local addresses on any interfaces though.
4. I disabled/reenabled ipv6, and the link-local addresses reappeared for all interfaces. NOTE: it is THE SAME LINK-LOCAL ADDRESS ON ALL INTERFACES... should each interface have its own address?
5. LAN clients can now reach the router, but they can still not reach the internet...
6. The router can no longer reach the internet "no route to host" again... I checked the default route again, and noticed that disable/reenable ipv6 caused my static `::/0` route to disappear.
7. I re-add the default route (same command as above), and the router can reach the internet again.
8. LAN clients can still not reach the internet; but instead of 'no route to host', they now get 'request timed out' when trying to ping the upstream router (the very next hop) or google DNS, which the router can ping itself.
C:\Users\Manu>tracert 2001:4860:4860::8888

Tracing route to dns.google [2001:4860:4860::8888]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  2001:df6:5880:10fb:2ec8:1bff:feff:9ef8
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  
I'm really feeling like like something has gone terribly wrong somewhere.
Should all interfaces have the same link-local address, or is that a configuration fault?
[admin@cw-lot32] > ipv6/address/print
Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
#    ADDRESS                                    FROM-POOL  INTERFACE   ADVERTISE
0  G 2001:df6:5880:10fb:2ec8:1bff:feff:9ef8/64  isp_pool   bridge      yes      
1 DG 2001:df6:5880:1000::fc/64                             bridge.30   no       
2 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge.30   no       
3 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge.102  no       
4 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge.2    no       
5 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge      no       
6 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge.666  no       
7 DL fe80::2ec8:1bff:feff:9ef8/64                          bridge.3    no   


[admin@cw-lot32] > ipv6/route/print
Flags: D - DYNAMIC; A - ACTIVE; c, s, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS              GATEWAY                DISTANCE
0  As ::/0                     2001:df6:5880:1000::1         1
  DAc 2001:df6:5880:1000::/64  bridge.30                     0
  DAc 2001:df6:5880:10fb::/64  bridge                        0
  DAc fe80::%bridge/64         bridge                        0
  DAc fe80::%bridge.2/64       bridge.2                      0
  DAc fe80::%bridge.30/64      bridge.30                     0
  DAc fe80::%bridge.666/64     bridge.666                    0
  DAc fe80::%bridge.102/64     bridge.102                    0
  DAc fe80::%bridge.3/64       bridge.3                      0
Can I influence the router to include proper interface addresses as the gateway address, rather than the link local address? I don't want link-local addresses in the RA's to LAN clients, they make the whole thing really hard to understand and debug.
 
mkx
Forum Guru
Forum Guru
Posts: 7672
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 9:01 am

In my working example, router sends out RAs on every interface with global IPv6 address set. However, clients do receive link-local addresses as gateway addresses and they seem to be happy with it. Here's what my Android tablet uses right now:
IPv6 addresses: fe80::aebd:70ff:fe97:9454
                <prefix>:385e:cd15:445e:e315
                <prefix>:aebd:70ff:fe97:9454
                <prefix>:bda9:67bd:3fa6:491e
                <prefix>:d42c:8261:2e41:2a93
Default Gateway IPv6: fe80::b869:f4ff:fe20:a549

Router's IPv6 address on LAN interface is <prefix>::1:0 and router doesn't have global IPv6 address on WAN interface. The shown default gateway IPv6 address is the very same link-local address as used by router's LAN interface.

And: link-local addresses on router's interfaces resemble MAC address of corresponding interface. Physical interfaces used separately should show different IPv6 addresses while bridged ports belong to bridge obviously and share bridge's MAC address (but those ports can't have separate IP or IPv6 addresses anyway). VLAN interfaces inherit MAC addresses from underlying interface and thus have same link-local IPv6 address ... it doesn't seem to bother my router.


My take on the latest observed non-working case: you really should request prefix from ISP's DHCP server, it's likely adding routing information to default gateway. Since routers use link-local addresses to talk to each other, upstream router needs information about which downstream router is using certain prefix from a different source. DHCPv6 server can provide that if your device asks for prefix.
And don't bother asking for global address for router's WAN address, it doesn't need it.

However, we are all just guessing since you didn't show actual configuration of your router.
BR,
Metod
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 9:20 am

As long as these interfaces are different L2 (e.g. vlans) same link-local ipv6 is fine.

If you uncheck “add default route” in dhcpv6 client and set “accept router advertisements” to yes, then disable/enable ipv6 will the router be able to reach internet without any other additions such as custom routes? What is listed in router’s ipv6 neighbors list?
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 2:56 pm

Don't waste time fighting link-local addresses, unless you're going to reform whole IPv6, they are going to stay. :) They may look weird and unpleasant for you, but they work.
If you uncheck “add default route” in dhcpv6 client and set “accept router advertisements” to yes, then disable/enable ipv6 will the router be able to reach internet without any other additions such as custom routes?
Not with current v7, it's broken. Router can get gateway from RA if there's disabled forwarding (forward=no accept-router-advertisements=yes), but that's obviously useless if you want it to act as router. The right config (forward=yes accept-router-advertisements=yes) currently doesn't work.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
mkx
Forum Guru
Forum Guru
Posts: 7672
Joined: Thu Mar 03, 2016 10:23 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 3:02 pm

The right config ...

The right config would be to have accept-routing-advertisements per interface (either physical or vlan or ...), but you already said that :wink:
BR,
Metod
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Thu Jan 27, 2022 3:14 pm

That would be even more right, but now I meant what's currectly available (but doesn't work in v7).
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Sun Jan 30, 2022 3:22 am

I am getting more and more confused with each post.

@Sob, you say "fighting link-local addresses"... what is the 'fight' exactly? Why can't I just put the proper address in the RA and not the link local address... what difference would that make to clients within that L2, other than make it possible for an operator to understand and debug the network?

Can anyone refer me to some good resources in this matter? Why link-local addresses? Why obfuscate the routing table/traffic flow paths that way?

I have to say, I have my suspicions that the complexity exposed in this thread might have something to do with the general lack of adoption of ipv6 to date. It's confusing at best, and this link-local thing feels just plain BAD... it makes networking harder for an administrator. I'm following the trail of link-local addresses to gateways and it's very tedious and time consuming. If it just used the addresses I assigned to things, then I'd instantly know whether communication paths are correct or not. The prefixes I issue to clients are deliberate, and have some identifying material so I can easily tell who is who, and what comes from/goes to where.

Are there performance advantages? Is the point that LAN clients can bypass their local router and go directly upstream? That doesn't make sense, because the local router still needs to run a firewall for security, so that can't be the reason...
 
User avatar
Kentzo
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Jan 27, 2014 3:35 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Sun Jan 30, 2022 11:00 am

RFC 4862 will tell you about IPv6 Stateless Address Autoconfiguration. You will be able to navigate freely within IPv6 terminology related to your current problem and will understand how your nodes compute their IPv6 addresses. RFC 4291 is a good reference about addressing in IPv6. RFC 3633 will tell you about prefix delegation via DHCPv6.

It's hard to give a specific advice without knowing your RouterOS and client settings.

might have something to do with the general lack of adoption of ipv6 to date
In my humble home network IPv6 to IPv4 ratio is 2:1, modern devices do prefer IPv6 over IPv4 and it just works.
Syntax highlighting and completions for the Mikrotik scripting language in Sublime Text.
Available via Package Control.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Sun Jan 30, 2022 9:00 pm

@Sob, you say "fighting link-local addresses"... what is the 'fight' exactly? Why can't I just put the proper address in the RA and not the link local address... what difference would that make to clients within that L2, other than make it possible for an operator to understand and debug the network?
I meant you not liking them and wishing they would go away. They won't, they are integral part of IPv6. Just accept them. I didn't invent them myself, but I guess the idea was to always have some addresses that devices can use to communicate with other directly connected devices, even when they don't have any "real" address yet. It goes together with the idea to have things simpler and more automated, e.g. this whole SLAAC (stateless autoconfiguration), where instead of DHCP server there's just router advertising "hey, I'm here, here's the prefix for this subnet, choose address and have fun". And there can be more routers, advertising same or different prefixes, have different priorities, etc.

I can understand why someone may think "But why? Couldn't we just get longer addresses without touching anything else?" Well, too late, I'm not excited by all aspects of IPv6 myself, but it already happened. Some changes would be needed anyway, e.g. some mechanism to delegate prefix to client (IPv4 DHCP provided only single addresses). And no, I don't think this is slowing down adoption too much. It's not that much complex. Main problem was that almost everyone thought that there's still enough time, and why they should start doing anything before everyone else does.
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.
 
ManuEvans
just joined
Topic Author
Posts: 16
Joined: Sun Sep 26, 2021 2:21 am

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Mon Jan 31, 2022 12:10 am

@Sob, I mean, most of it makes good sense. SLAAC is a good idea, and makes sense for leaf clients. It also makes sense for boot-straping a network.
The bit that annoys me is that these link local addresses persist even after an interface is assigned a real address and also seems to be preferred; for instance, it's in the RA.
I think the only thing I want to change, is that the RA's include the link's given address. I just want to influence the router to put the proper address in the RA, and then everything is fine. I can look at client gateway records and routing tables and easily see the flow.
This isn't even an ipv6 issue, it's just a router behaviour issue. The router should prefer the given address if the interface was assigned one rather than the LL address. And if that's not standard practise (why would anybody prefer an obfuscated routing table?), then there should be a checkbox to enable it.
 
Sob
Forum Guru
Forum Guru
Posts: 8179
Joined: Mon Apr 20, 2009 9:11 pm

Re: DHCPv6 client gets wrong 'server' adress; default route is consequently wrong

Mon Jan 31, 2022 6:20 am

Standard says no:
A node MUST silently discard any received Router Advertisement messages that do not satisfy all of the following validity checks:

- IP Source Address is a link-local address. Routers must use their link-local address as the source for Router Advertisement and Redirect messages so that hosts can uniquely identify routers.

...
And if you think it's weird, remember that even DHCPv6 has no means to provide default gateway (as was already mentioned in this thread), that's even more unexpected.

How about your config, is there any development?
Come on people, do you really have to quote full posts? It's annoying and in most cases useless.

Who is online

Users browsing this forum: aalmenar, biomesh, eworm, mrigi and 23 guests