Community discussions

MikroTik App
 
ChildOTK
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Sat Nov 25, 2006 7:40 am

IPv6 NAT T-Mobile Home Internet

Mon Feb 28, 2022 5:12 am

I have T-Mobile Home Internet and one of their 5G gateways which I am trying to get working nicely with my RB4011, specifically with IPv6.

I am able to turn on the IPv6 DHCP client which pulls an address, and from there ping Google's DNS, so there is connectivity.

T-Mobile Home Internet doesn't support PD so I can't pull a prefix from the DHCP client and use a pool internally.

What I have tried so far is setting up an internal IPv6 network, and then essentially NAT IPv6 traffic out, which I would expect behaves similarly to IPv4, sharing the same address.

However, although my devices get IPv6 IP addresses, IPv6 doesn't work and is just dead.

I am wondering if anyone here has T-Mobile Home Internet and is using IPv6. Since T-Mobile Home Internet is really IPv6 based, it's a necessity to maintain good performance.

With IPv6 latencies are anywhere from 17-22ms on average. Without it, latencies are more like 60-70ms on average, so quite a huge jump.

Would appreciate any help with this.

I upgraded to 7.1.3 today with hopes that I could get this working, I was on the most recent version of 6 earlier this morning but noticed there was no NAT available for IPv6.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 NAT T-Mobile Home Internet

Mon Feb 28, 2022 10:01 pm

Mobile/cellular carriers often only provide a single /64 and use the RFC7278 bodge. This is just about OK for a mobile with tethering, or a MiFi device with a single "LAN", but useless if it is in (or connected to) a router which requires a /64 per interface. Support for prefix delegation was introduced into the 3GPP specifications, but it can take years for changes to be implemented by carriers.

The huge address space in IPv6 was supposed to do away with NAT, specifically the one-to-many network address and port translation (NAPT) which is ubiquitous in IPv4. There is a case for stateless one-to-one network prefix translation, I believe Mikrotik added this in v7 but can't find any documentation to see if it would be suitable.
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Tue May 17, 2022 3:23 pm

I have the same setup and am running 7.2 of ROS. I haven't found any way to do this without getting a PD from T-Mobile. I also have business accounts with them and they don't provide PD for their business accounts either. :(
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 NAT T-Mobile Home Internet

Tue May 17, 2022 5:26 pm

RouterOS now seems to support NAT "masquerade", at least in the 7.3beta.
Maybe you can get it to work using that?
 
aglabs
newbie
Posts: 39
Joined: Mon Dec 28, 2020 1:05 am

Re: IPv6 NAT T-Mobile Home Internet

Wed May 18, 2022 7:21 am

Have TMobile 5g home internet myself. Only way I've found so far is as mentioned use fc00/7 inside my network and setup nat66 (/ipv6/firewall/nat).

My endpoints get a fc00/64 address which nats to public ipv6 address (must configure dhcpv6 on wan interface connected to TMobile router)

Only thing I've found so far is fc00/7 is treated as lower priority than ipv4 on windows endpoints so they will prefer ipv4 when it's available. But ping -4 Google.com and ping -6 Google.com both work. Linux doesn't seem to care and tries ipv6 first.
 
711brown
just joined
Posts: 1
Joined: Sat May 21, 2022 4:52 am

Re: IPv6 NAT T-Mobile Home Internet

Sat May 21, 2022 4:55 am

Can you expand on how you've set up the nat66 (/ipv6/firewall/nat) arrangement? I have the same situation -- TMHI, their box grants an address (no PD); set up my own addressing -- clients successfully get an IPV6 address, but without any internet access.

I tried setting up the IPV6 NAT rule similar to the ipv4 nat/masquerade settings, but wasn't able to gain internet access over ipv6.
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Thu May 26, 2022 12:50 am

I have the same issue. I've setup an IPV6 DHCP server on ROS 7.2.3 with a pool = FD01::/56 I see all the devices getting an IPV6 address but they can't get to the internet.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 NAT T-Mobile Home Internet

Thu May 26, 2022 11:33 am

So now you all have to wait on each other and maybe one of you will experiment with the NAT features and post a working solution...
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Thu May 26, 2022 3:58 pm

The IPV6 DHCP server doesn't seem to do anything. I setup a private pool fc00::/56 and then assigned IP addresses to each VLAN. I also setup NAT rules similar to what we do on IPV4. I see the IPV6 routes created. I can ping the IPV6 gateway but that's about where it all dies.

If I do prefix delegation from Spectrum I can get IPV6 to work. That's probably because I'm getting publicly routable IP addresses from Spectrum.

aglabs: If you can post what you have working I can try some more experiments.
 
Zoxc
just joined
Posts: 17
Joined: Fri Aug 13, 2021 4:01 pm

Re: IPv6 NAT T-Mobile Home Internet

Thu May 26, 2022 8:56 pm

@nsaldanh You'll want to use fd01::/64 with Advertise enabled as the address on the LAN side. Make sure your client devices gets an address in fd01::/64 by SLAAC. Also make sure you get a IPv6 address on the WAN side and that the router is able to ping IPv6 addresses.
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 5:20 am

RB4011-IPV6.rsc
Here is my configuration. I tried using fd01::/64 for each of the VLANS. All PCs get an IPV6 address from the pool, but they cant ping anything on the internet. I'd be very grateful for any help that someone much more knowledgeable about ROS 7 and IPV6 could provide.

Thanks!
You do not have the required permissions to view the files attached to this post.
 
Zoxc
just joined
Posts: 17
Joined: Fri Aug 13, 2021 4:01 pm

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 5:02 pm

I'd use managed-address-configuration=no and other-configuration=no for /ipv6 nd as you're not running a DHCPv6 server. Not sure if that is sufficient to get things working, but I didn't spot other errors.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 5:15 pm

Show us the IPv6 routing table (/ipv6 route print) on the router and on the PC (route print) while everything is active.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 6:26 pm

And don't use all-zeros for the host part of the address, it is reserved. Use add address=::1/64 from-pool=private-pool interface=... or add eui-64=yes from-pool=private-pool interface=...
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 7:08 pm

Thank you for all your suggestions. I am also running IPV4 in a dual wan configuration. ether1 goes to Spectrum and ether 2 goes to T-Mobile. Load balancing works under IPV4. I'm trying NAT to see if I can get dual wan loadbalancing to work under IPV6. I don't have the mangle rules for IPV6 as yet. I'll do that once I can actually connect to the internet using IPV6. If I just use prefix delegation from Spectrum, IPV6 will work as long as the Spectrum circuit is up and running.

I've changed what you suggested. Here is the output as requested:

[admin@MikroTik] > /ipv6 route print
Flags: D - DYNAMIC; I, A - ACTIVE; c, d, y - COPY; H - HW-OFFLOADED; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd + ::/0 fe80::26c:bcff:feb8:c819%ether1-WAN1 1
DAd + ::/0 fe80::26c:bcff:feb8:c819%ether1-WAN1 1
DIdH ::/0 ::%ether2-WAN2 1
DAd 2603:XXXX:XXXX:XXXX::/56 1
DAc 2603:XXXX:ff00:XX::/64 ether1-WAN1 0
DAc 2607:XXXX:XX:d163::/64 ether2-WAN2 0
DAc fd01:0:0:4::/64 BR1 0
DAc fd01:0:0:5::/64 MGMT_VLAN 0
DAc fd01:0:0:6::/64 VLAN_110 0
DAc fe80::%ether1-WAN1/64 ether1-WAN1 0
DAc fe80::%ether2-WAN2/64 ether2-WAN2 0
DAc fe80::%BR1/64 BR1 0
DAc fe80::%VLAN_130/64 VLAN_130 0
DAc fe80::%MGMT_VLAN/64 MGMT_VLAN 0
DAc fe80::%VLAN_110/64 VLAN_110 0
DAc fe80::%VLAN_120/64 VLAN_120 0
DAc fe80::%cap8/64 cap8 0
DAc fe80::%cap1/64 cap1 0
[admin@MikroTik] >


and on the Windows 11 PC:

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 291 ::/0 fe80::764d:28ff:fed5:81bc
1 331 ::1/128 On-link
20 291 fd01:0:0:1::/64 On-link
20 291 fd01::1:5ca8:8b97:8561:380/128
On-link
20 291 fd01::1:708c:d761:e9bb:3b9f/128
On-link
20 291 fd01:0:0:5::/64 On-link
20 291 fd01::5:5ca8:8b97:8561:380/128
On-link
20 291 fd01::5:708c:d761:e9bb:3b9f/128
On-link
20 291 fe80::/64 On-link
20 291 fe80::708c:d761:e9bb:3b9f/128
On-link
1 331 ff00::/8 On-link
20 291 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Last edited by nsaldanh on Sun May 29, 2022 2:26 am, edited 1 time in total.
 
nsaldanh
just joined
Posts: 14
Joined: Mon Aug 13, 2018 1:27 am

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 7:50 pm

Update: I can now ping Google's IPV6 address. I could not in the past. However whatismyipaddress.com does not detect IPV6

also test-ipv6.com gives me this message: Your browser has a real working IPV6 address but is avoiding using it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 7:56 pm

It can be that this is due to earlier failures and it will try using it later (maybe after a restart).
The routing tables look OK. But as mentioned, it is better to put ::1 in the requested address fields (together with from pool).
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: IPv6 NAT T-Mobile Home Internet

Fri May 27, 2022 9:21 pm

also test-ipv6.com gives me this message: Your browser has a real working IPV6 address but is avoiding using it.
If you are using Windows then IPv4 is favoured over IPv6 ULA
C:\>netsh interface ipv6 show prefixpolicies
Querying active state...
Precedence  Label  Prefix
----------  -----  --------------------------------
        50      0  ::1/128        localhost
        40      1  ::/0           IPv6 (except for better matches)
        35      4  ::ffff:0:0/96  IPv4 mapped
        30      2  2002::/16      6to4 (deprecated)
         5      5  2001::/32      Teredo (deprecated)
         3     13  fc00::/7       ULA
         1     11  fec0::/10      site-local (deprecated)
         1     12  3ffe::/16      6bone (deprecated)
         1      3  ::/96          IPv4 compat
You can use netsh to temporarily or permanently change the precedence.

Who is online

Users browsing this forum: DanMos79, lurker888, mickeymouse690 and 80 guests