Community discussions

MikroTik App
 
daigennki
just joined
Topic Author
Posts: 3
Joined: Sat Apr 17, 2021 5:29 am

Feature request: ND Proxy (RFC 4389)

Tue May 11, 2021 5:26 am

Hi. I use an ISP that advertises a /64 IPv6 prefix to my router (hEX S), so to get devices connected to the internet, bridging the WAN interface with the LAN interfaces is needed, with "Use IP Firewall" enabled for the bridge to protect the network. Also, IPv6 DNS info is advertised through DHCPv6 from the ISP's router, and allowed through the firewall. While this configuration isn't a problem for most devices, Android (still) doesn't support DHCPv6, but it does support RDNSS, which leads me to suggest implementing ND Proxy (RFC 4389). This would allow sending out Router Advertisements, allowing RDNSS to work, which in turn allows devices like Android which don't support DHCPv6 to use IPv6 DNS servers. I understand this technically wouldn't be the ideal IPv6 configuration, but neither is my current network configuration.
Your consideration is much appreciated!
 
hatta0713
just joined
Posts: 9
Joined: Sun May 21, 2017 2:40 am

Re: Feature request: ND Proxy (RFC 4389)

Thu Apr 07, 2022 12:26 am

+1 !!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature request: ND Proxy (RFC 4389)

Thu Apr 07, 2022 1:22 am

advertise-dns=yes option on IPv6 ND is already present from years...
 
User avatar
NathanA
Forum Veteran
Forum Veteran
Posts: 829
Joined: Tue Aug 03, 2004 9:01 am

Re: Feature request: ND Proxy (RFC 4389)

Mon Aug 15, 2022 12:08 pm

advertise-dns=yes option on IPv6 ND is already present from years...
`
You don't understand the original question.

User's ISP only gives out /64, via SLAAC. But ISP RAs do not contain DNS information. Instead, ISP offers DNS information via DHCPv6 info.

Since RouterOS does not have ND-Proxy, user is forced to bridge all IPv6 frames from WAN to LAN. This means user is at the mercy of the ISP's router, which as previously mentioned does not send RAs with DNS info. Setting "advertise-dns=yes" on user's own router won't fix anything, since the MikroTik router is not the device generating the RAs for the /64 on the user's LAN to begin with!!!

The problem could be solved if RouterOS had ND-Proxy support. Then user's router wouldn't have to bridge WAN and LAN together. Instead, user could add matching /64 on LAN that exists on WAN, run DHCPv6 client on RouterOS to get DNS information from ISP, then pass it on to his Android SLAAC hosts using the "advertise-dns=yes" option that you mentioned. And ND-Proxy would take care of sending neighbor discovery responses for hosts on user's network back to ISP's router.

Without ND-Proxy, only option is to bridge. Which is an absurd thing to ask a "router" to do. At that point, why have a router to begin with? Just replace it with a cheap switch.

You might argue that user's ISP is "doing it wrong", but there are always going to be ISPs that do things less than optimally. It should be the job of MikroTik to include as many tools in RouterOS as possible to allow the user to be able to creatively work around issues like this. A perfect example of a very common situation that could lead to a similar problem is if you wanted to use a mobile (3GPP / LTE / 5G) hotspot, but have a MikroTik router sit in between your mobile and your hosts for whatever reason. And the particular mobile will only present itself as an ethernet interface. Virtually all 3GPP operators only do /64 allocations (though they would advertise DNS in RAs so the ugly bridging hack wouldn't be a problem; however this would still mean that you couldn't use your router AS A ROUTER when it came to IPv6).

RouterOS IPv6 implementation and feature-set is still frustratingly immature, in A.D. 2022.

Who is online

Users browsing this forum: No registered users and 28 guests