Community discussions

MikroTik App
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Mon Dec 26, 2022 10:32 am

Hi there,

I am currently attempting to connect my OpenWRT router with my modem with a CSS610-8G-2S+ Switch running SwitchOS Lite v2.14 in between.
The even numbers of the GbE ports are configured to be VLAN 1 in access mode (2, 4, 6).
The odd numbers of the GbE ports are configured to be VLAN62 in access mode (1, 3, 5, 7).
Port 8 is configured to have VLAN1 without VLAN tags and VLAN 62 accessible tagged.
mikrotik-config.png
mikrotik-config_vlan_members.png
My router configuration:
WAN-Interfaces: eth2 and eth1.62 (eth1 with VLAN 62 tagged)
LAN-Interfaces: eth0 and eth1 (no tagging)

Scenario 1 (works without problems):
An ethernet connection between the modem and the eth2 WAN-interface on the router.
plus
An ethernet connection between the router's eth1 and the switch's port 8.

Scenario 2 (Causes problems):
An ethernet connection between the modem and port 1 of the Switch
plus
An ethernet connection between the switch's port 8 and the router's eth1.

Scenario 3 (Causes problems too):
An ethernet connection between the modem and port 1 of the Switch.
plus
An ethernet connection between the router and port 3 of the Switch.
plus
An ethernet connection between the router's eth1 and the switch's port 8.

What works, what doesn't in scenario 2 and 3:
The router is able to receive an IPv4 address via DHCP from the modem and also an IPv6 address.
Clients connected to the router are able to receive an IPv4 address via DHCP, but are not able to receive an IPv6 address using SLAAC when the router is connected to the modem with the switch in between. I tested this with a switch from Netgear that is configured the equivalently and it works without any issues.
What intrigues me here is that IPv4 just works perfectly but just the prefix delegation doesnt work here.
I triple-checked and really cannot find any indicator that the router is causing the problem here, this means that the Switch must somehow interfere with the prefix-delegation in IPv6.
Also, when coming from scenario 2, when I disconnect the cable from Switchport 1 and plug it in eth2 instead prefix delegation starts working and will keep working even when I connect the cables back into the scenario 2 setup. This will work just fine until the router is rebooted, even for new devices that are added after the cable is plugged back.

Is that a bug? Did I configure my switchos incorrectly? I'm really out of ideas here.

Best regards
Sellerie
You do not have the required permissions to view the files attached to this post.
 
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Dec 27, 2022 11:46 am

Thanks to you, my first interaction with this community is someone just effortlessly RTFM-ing me. A very warm welcome to the community for an MT-newbie who's trying to set up their home network with new hardware. It's okay we can be rude again, Christmas is over.

I've read the manual as thoroughly as my brain let me and could not find any references to IPv6-specifics except the Multicast flood control feature, which has the check-box enabled and, as far as I understand the manual, means that it allows all multicast traffic to go through. As far as I understand this means that it shouldn't get in the way.

I seem to not see something that apparently is just obvious to you. Please enlighten me then?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Dec 27, 2022 12:27 pm

Your VLAN setup looks wrong, there's an example in there with Trunk and Access ports that might help you setup your VLANS properly.
The part about you having all ports with VLAN Mode "disabled" in particular.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Dec 27, 2022 1:12 pm

Thanks for your input.

I found this page on the Mikrotik Wiki: https://wiki.mikrotik.com/wiki/SwOS/CSS ... _and_VLANs
From this I interpret that packets will be discarded if they would exit the switch with a VLAN-tag when this is set to disabled?
This would mean that no traffic from the WAN-network would reach the router whatsover, is that right?
Interestingly IPv4 traffic works just fine with that setup nonetheless.
Just to try out what happens I set Port 1 to "strict" instead of "disable", but V6 prefix delegation is still not working here when the device is behind the switch while IPv4 DHCP works flawlessly just as before.
From what I take here either IPv6 should work just fine OR no traffic should have gone through successfully at all. Am I on the right track here?

In case that helps I visualized the scenario 1 and 2 configurations real quick:
mikrotik_problem_scenario1.png
mikrotik_problem_scenario2.png
You do not have the required permissions to view the files attached to this post.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Dec 27, 2022 4:13 pm

The router does receive an IP-address most of the time when connected to the modem/fritzbox through the switch, no matter if its connected via a vlan through a trunk or an access port.
What does NOT work is SLAAC for clients behind the firewall.
This does only work when the router is directly connected to the modem/fritzbox via ethernet, with no switch in any configuration inbetween.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Dec 27, 2022 6:19 pm

Acording to schematics above (which is inconsistent in showing port2 being used for two distinct connections), port2 should be untagged member of VLAN 62, according to screenshots it's part of VLAN 1. And I agree with @Znevna, VLAN mode disabled doesn't seem to be the right one on port where switch should be performing any kind of VLAN operations (such as tagging ingress frames with PVID and untagging egress frames).

So you're saying that when you set IPv6 address to eth1 interface (untagged part) of OpenWRT box, and set it to send out RAs, LAN client on the right side of switch doesn't see RAs even though OpenWRT does send them out? And that without any change on CSS when you move WAN connection from OpenWRT's VLAN interface to standalone interface (ether2), RAs start to arrive at LAN client?
What kind of LAN client is it? Some OSes, if NICs are not explicitly configured for VLANs, strip off VLAN headers on ingress. And things may work somehow until connection peer (switch) doesn't care about VLAN tags on ingress.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Wed Dec 28, 2022 12:28 am

To boil it down:
Putting the switch between the router's WAN interface, however the configuration might be, and the fritzbox/modem makes the clients behind the router unable to get IPv6 addresses via SLAAC.
What I imply from this is that some kind of communication between the router's WAN interface and the fritzbox is not properly transmitted between, but I lack the knowledge to understand what exactly happens there to be able to say more about the situation.

Edit: I did a full factory reset before the last check, but even in factory-default mode it apparently loses some IPv6 packets that would be relevant for that.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Wed Dec 28, 2022 12:55 pm

It seems to me that you somehow don't understand how SLAAC works and what are the bounds governing it. If you actually do understand SLAAC, then I'm sorry.

However, it's correct that Fritz's RAs don't reach LAN computers, OpenWRT is supposed to be between (RAs are L2 broadcasts and those don't pass routers for a reason). And switch does it's job correctly when it isolates Fritz' LAN/OpenWRT WAN from your LAN. It's up to OpenWRT to send out appropriate RAs to its LAN but depending on configuration it might not be able to (SLAAC can not be used to configure a cascade of routers, proper DHCPv6 clients are needed to delegate prefixes downstream).
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Wed Dec 28, 2022 2:05 pm

I checked the traffic yesterday and re-checked how I originally configured the IPv6 setup on my Fritzbox and my OpenWRT router so that it worked for the last 12 months, I'm deeply sorry for the confusion and the inconsistencies. It's been a full day I've sat in front of this thing and I tried so many things attempting to find out whats going on and I wasn't really going at it systematically anymore after multiple hours and getting frustrated trying to chase something that seems like a ghost to me.

Please forget all the stuff I wrote above, I'll try to set a clean table here:

Setup 1:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6. It is configured to have a DHCPv6 server running on it's internal network aswell.
The OpenWRT router receives an IPv6 address with /64 prefix from the Fritzbox.
Also OpenWRT says that it has a /62 prefix for delegation

When the OpenWRT router is directly connected to the Fritzbox in this drawing here:
fritzbox-v6-no-problem-no-mikrotik.jpg
The drawn clients are able to configure an IPv6 address from that /64 respective that /59 net using SLAAC from the OpenWRT router and are able to access the internet using IPv6 using the auto-configured address.


Setup 2:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6. It is configured to have a DHCPv6 server running on it's internal network as well just like in Setup 1.
The OpenWRT router receives an IPv6 address with /64 prefix.
OpenWRT's overview now doesnt mention anything about a network or prefix for delegation on the IPv6 tab.

When the OpenWRT router is connected to the Fritzbox via the Switch like in this drawing here, the only thing configured right after I clicked "Reset configuration" is the password to the web-interface, the fallback IP and the hostname. Tabula rasa otherwise:
mikrotik-config-system.jpg
Firmware version v2.14.
All ports set to their VLAN mode to optional, VLAN receive to "any", Default VLAN ID to 1.
Limit Unknown Unicast unchecked, Flood Unknown Multicast checked on all.
LAG on all ports set to "passive". Port isolation set to standard settings, all ports can access all ports except themselves. No flow control configured.
Standard settings really.
I am using Port 1 for the Fritzbox and Port 2 for the OpenWRT router:
fritzbox-v6-problem-mikrotik.jpg
In this setup the clients behind the OpenWRT router are not able to configure an IP-address via SLAAC, for whatever reason that might be.
Having a "dumb" switch instead of the MikroTik Switch does not break it. Also using a managed Netgear switch at complete default settings works just fine.
Only the MikroTik switch seems to interfere here and I unfortunately cannot see why it would do that in that state configuration.


Edit: Fixed some inaccuracies regarding my general assumptions on IPv6.
You do not have the required permissions to view the files attached to this post.
Last edited by Sellerie on Thu Dec 29, 2022 4:11 pm, edited 1 time in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 11:19 am

I can not see why CSS would interfere with SLAAC between Router and LAN clients, it's not on the way at all.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 2:23 pm

Well I know this shouldn't be happening. Yet it definitely does right in front of my eyes and I have no idea why.

That's why I've been trying to debug, check different configurations back and forth for an entire day and more at this point.

It just doesn't make sense to me either, that's why I opened this thread in hopes someone could help me shed some light to this.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 2:32 pm

If the chart represents actual topology and configuration (there are not cross-connections that might bleed traffic here or there, configuration of OpenWRT and Fritz is correct, etc.) then I don't see how it can be CSS' fault if it's not in the way of traffic at all. And I doubt you'l get to the bottom of it without some dilligent troubleshooting, e.g. taking wireshark traces to see where RAs get blocked. And which interfaces emit them in the first place. Etc. I have feeling that you're "barking at wrong moon" (and I hope you don't get offended by this last sentence).
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 3:32 pm

A very warm welcome to the community for an MT-newbie who's trying to set up their home network with new hardware. It's okay we can be rude again, Christmas is over.

There is an endless line of sub 10 post count'ers who have proven to be nothing more than fly-bys taking help but giving nothing back. Prove yourself different. As you say, you're a "member of the community" now. Znevna's link to the manual was an act of kindness.

ROS, like all vendors and products out there, does have bugs. Perhaps you have unfortunately found one. Do let us know. The diagrams help everyone.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 3:50 pm

Setup 1:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6.[...]
1) The OpenWRT router receives an IPv6 address with /64 prefix using DHCPv6 from the Fritzbox.

[...]
2) The drawn clients are able to configure an IPv6 address from that /64 respective that /59 net using SLAAC from the OpenWRT [...]
Setup 2:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6. It is configured to have a DHCPv6 server running on it's internal network as well just like in Setup 1.
The OpenWRT router receives an IPv6 address with /64 prefix, I'd have to check if it received the address via DHCPv6 or configured it via SLAAC in that case.
[...]
Both these scenarios depict a wrongly configured network.
1) you can't have a /64 prefix on wan and the same /64 prefix on lan without looking for trouble.
2) from the /59? how?
What if you take the OpenWrt router out of the picture and leave the switch between the clients and the Fritz? are your clients getting anything ?

Plus the details that you gave on IRC are not found in your diagrams and I can't get them out of my head :)
<Sellerie> Okay so for whatever reason when I connect my openwrt router to the fritzbox with this mikrotik switch inbetween IPv6 PD doesnt seem to work?
[...]
<Sellerie> Well the switch supports some VLAN-shenanigans and I'm trying to use exactly that to have WAN and LAN connection on a single cable
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 4:19 pm

Setup 1:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6.[...]
1) The OpenWRT router receives an IPv6 address with /64 prefix using DHCPv6 from the Fritzbox.

[...]
2) The drawn clients are able to configure an IPv6 address from that /64 respective that /59 net using SLAAC from the OpenWRT [...]
Setup 2:
The Fritzbox receives a /59 IPv6 subnet from my ISP via DHCPv6. It is configured to have a DHCPv6 server running on it's internal network as well just like in Setup 1.
The OpenWRT router receives an IPv6 address with /64 prefix, I'd have to check if it received the address via DHCPv6 or configured it via SLAAC in that case.
[...]
Both these scenarios depict a wrongly configured network.
1) you can't have a /64 prefix on wan and the same /64 prefix on lan without looking for trouble.
2) from the /59? how?
What if you take the OpenWrt router out of the picture and leave the switch between the clients and the Fritz? are your clients getting anything ?
Regarding 1 & 2) I see what's wrong here and cannot overstate that I'm deeply sorry that I keep presenting seemingly incorrect info here - I'm trying to make my best guesses from this situation at that point.
I'm certainly no expert on IPv6, and I was just happy that OpenWRT just "made it work" in my setup before here. I found what's wrong with the info I gave and have edited the post that you quoted. Thanks so much for putting up with my up until now.

Regarding your closing question: I am able to configure an IPv6 address with my laptop when connected to the Fritzbox via the MikroTik switch. My assumption at that point would be that SLAAC is working through it and my next assumption here would be that the OpenWRT device also got ahold of the /64 address using SLAAC. Am I far off here?

Regarding the single-cable thing: I see that it might be bad practice and to have both WAN and LAN connection for the router on the same cable just disconnected via VLANs here.
I didn't just come up with that idea for craps and giggles - my current home situation doesn't make it fun to lay alot of cables in my home as I cannot just drill through walls etc.

I figured that the only applications that would actually be able to come close to filling up Gigabit line-rate would be inside the internal LAN network, not actually going through the router, so the possible performance hit from that setup would actually be negligible, my internet access is slower anyway and the devices on other networks also managed by the router (e.g. esp32 based wifi devices) wouldn't be in need of higher bandwidth anyway. This is why I originally came up with the solution to have both connections on a single cable. And it works just fine with my managed Netgear switch here lol, even though that probably sounds hella cursed...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Dec 29, 2022 5:04 pm

I am able to configure an IPv6 address with my laptop when connected to the Fritzbox via the MikroTik switch. My assumption at that point would be that SLAAC is working through it and my next assumption here would be that the OpenWRT device also got ahold of the /64 address using SLAAC.

How exactly did you "configure an IPv6 address"?

And don't assume anything, verify. As I explained, OpenWRT can get WAN IPv6 address from Fritz via SLAAC, but can't forward it to LAN side. So did you configure OpenWRT to fetch a prefix from Fritz? Did you assign OpenWRT's LAN interface with address from received prefix? Router needs different prefixes on routed interfaces (so OpenWRT needs two different prefixes on its WAN and LAN interfaces).
That's all part of IPv6 and unless/until you get a grip on those "details", don't assume some switch misbehaves (or that the other one behaves for that matter). And verify things ... on all devices ... every time you plug/unplug cables.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+  [SOLVED]

Fri Dec 30, 2022 11:52 pm

I am able to configure an IPv6 address with my laptop when connected to the Fritzbox via the MikroTik switch. My assumption at that point would be that SLAAC is working through it and my next assumption here would be that the OpenWRT device also got ahold of the /64 address using SLAAC.

How exactly did you "configure an IPv6 address"?

And don't assume anything, verify. As I explained, OpenWRT can get WAN IPv6 address from Fritz via SLAAC, but can't forward it to LAN side. So did you configure OpenWRT to fetch a prefix from Fritz? Did you assign OpenWRT's LAN interface with address from received prefix? Router needs different prefixes on routed interfaces (so OpenWRT needs two different prefixes on its WAN and LAN interfaces).
That's all part of IPv6 and unless/until you get a grip on those "details", don't assume some switch misbehaves (or that the other one behaves for that matter). And verify things ... on all devices ... every time you plug/unplug cables.
I did configure an IPv6 address using SLAAC (Stateless address Autoconfiguration, hence the "configure").
Yes, OpenWRT is configured by default to fetch a prefix from the Fritzbox and sends RAs into the LAN by default if it has received a prefix.

Funnily enough I found the solution to my problem: "Add information option" under "System" has to be unchecked, then it'll just work how I want it to.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Sat Dec 31, 2022 12:55 am

That's not related to IPv6 & ICMP or RA at all.
 
Sellerie
just joined
Topic Author
Posts: 10
Joined: Mon Dec 26, 2022 1:05 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Jan 05, 2023 5:29 pm

I know lol.

Support didn't explicitly say that but after what they wrote it appears as if that is already a known issue to them:
Hello, 

Thank you for the reply!

This is a software issue and we look forward to fixing it in future SwOS lite releases, but I cannot share the release date.

Best regards,
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Thu Jan 05, 2023 5:42 pm

Yeah, I've seen this "looking forward to fixing it in future releases" before in tickets. Don't hold your breath though :P
 
privatereese
just joined
Posts: 1
Joined: Fri Jan 06, 2023 1:16 am

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Fri Jan 06, 2023 1:31 am

Thank you Sellerie and others, that literally made my day, I had the exact same problem and did the exact same scenarios you did, since at least march 2022.

Would be nice if this happens to be in the documentation until it is fixed, as I couldn't connect these problems together and it almost got me quit buying MKT.
Will be happy to provide more info if necessary and useful for anyone :-)
 
PortalNET
Member Candidate
Member Candidate
Posts: 126
Joined: Sun Apr 02, 2017 7:24 pm

Re: Problems with IPv6 Prefix Delegation on CSS610-8G-2S+

Tue Apr 04, 2023 4:58 am

I know lol.

Support didn't explicitly say that but after what they wrote it appears as if that is already a known issue to them:
Hello, 

Thank you for the reply!

This is a software issue and we look forward to fixing it in future SwOS lite releases, but I cannot share the release date.

Best regards,

Hi would love to know if you ever made it work on IPV6??

i have been struggling also with a crs317 running in SwitchOS mode, with firmware 2.13 latest avaiable ..no updates for nearly 2 years on this device..it amazes me why SwitchOS cannot simply forward IPV6 traffic..

i problable must have the dumbest CRS availbale or i am the dumbest person on earth.. i cannot get ipv6 /126 static route to work at all.. no packets forwared from CCR1 to CCR2 passing trough the switch... i went even further and connected CCR1 directly to CCR2 on both sfp+ 10G ports.. and setup a static route side A xxxxxxxxxx:1/126 and side B xxxxxxxxxxxxxx:2/126 "voila" i can ping back and forward from both CCRs..on IPV6 packge.. i setup default gateway on CCR side B.. and i can also Ping ipv6 outside to external IPs addresses outside my ASN block... when i simply plug both CCR1 and CCR2 direclty to the switch...it simply will not forward traffic (its simple case of CCR1 connected to SFP1, and CCR2 connected to SPF2 port on CRS317)... cannot ping the device on the other end, as it will timeout all the time.. i have tried pretty much everything i could test by reading the wikis from mikrotik.. i even reset the switch just in case it was something wrong with CRS317 configuration.. disable RSTP , enabled RSTP, disable igmp, enabled igmp, marked down all interfaces Flood unicast , multicast.. unmarked.. it simply will not work. no packets running.. i must admit.. even the xingling 3rd grade clone of clone chinese brand switch sfp+ 10G will forward ipv6 packets straight out the box without any aditional configuration better then CRS running switchOS.... só after nearly 3 weeks spending time trying to understand what could be wrong.. i will just simply stock pile the CRS device , and will put my old chinese unknown brand 10G sfp+ switch to work with IPV6.. aldo i am limited to only 4 SFP+10 ports.. one of the reasones why i have decided to buy CRS317 for the extended 10G sfp+ ports..

EDIT: btw ipv4 works anyway, just slam any configuration at it.. flood multicast, unicast, you name it and it will work on ipv4.... but ipv6.. i guess its something out of for the next version probably...

Who is online

Users browsing this forum: No registered users and 13 guests