Community discussions

 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

help to set ipv6 / 48

Sat Jul 13, 2019 1:40 pm

Hi everyone,

I would like to set my mikrotik RB4011iGS + to be able to use an ipv6 / 48 subnet that my provider gave me.
However I do not understand the mechanism well and I do not understand if the provider gave me the correct data, among other things it does not help me in the configuration has only answered me ask the builder.

these are the data:
ip wan fe80 :: 1234: 5678: 123
GW: fe80 :: 1
lan: 1234: 5678: 123 :: 1/48
addresses to be assigned to computers:
ip 1234: 5678: 123 :: 2/48
gw 1234: 5678: 123 :: 1
dns1 and dns2

I tried several configations but the mikrotik brings me errors or they are not reachable from the internet.
Thanks for your help
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 3:57 pm

It's the WAN address starting with fe80 you'll have problem with, it's link-local address and so far RouterOS doesn't support adding these manually.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
proximus
Member Candidate
Member Candidate
Posts: 111
Joined: Tue Oct 04, 2011 1:46 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 4:02 pm

The /48 is a block of addresses. First step will be to use an IPv6 Subnetting Calculator to obtain the /64 network segments. One of the /64's should then be used for the LAN interface and computers on that segment.

After you have the addressing sorted out, post the config if still having problems.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 5:36 pm

hi, here I used the caliper that brought me this:
Compressed Address: 2a02:2f0f:1c2::/48
Expanded Address: 2a02:2f0f:01c2:0000:0000:0000:0000:0000/48
Prefix: ffff:ffff:ffff:0000:0000:0000:0000:0000
Range: 2a02:2f0f:1c2:0:0:0:0:0
2a02:2f0f:1c2:ffff:ffff:ffff:ffff:ffff
Number of /64s: 65536:
2a02:2f0f:1c2::/64
2a02:2f0f:1c2:1::/64
2a02:2f0f:1c2:2::/64
2a02:2f0f:1c2:3::/64
2a02:2f0f:1c2:4::/64
2a02:2f0f:1c2:5::/64
2a02:2f0f:1c2:6::/64
2a02:2f0f:1c2:7::/64
2a02:2f0f:1c2:8::/64
2a02:2f0f:1c2:9::/64

then I set:

Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2a02:2f0f:1c2:1::/64 bridge_LAN yes



Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable

# DST-ADDRESS GATEWAY DISTANCE
0 S ::/0 2a02:2f0f:1c2:: 1
1 ADC 2a02:2f0f:1c2:1::/64 bridge_LAN 0

but nothing goes
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 7:17 pm

Router's default gateway should be fe80::1, but it probably won't help you anyway (see my previous post).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 8:23 pm

yes exact putting fe80 from error, I assume then the catch is there and I can't solve myself
 
mkx
Forum Guru
Forum Guru
Posts: 2944
Joined: Thu Mar 03, 2016 10:23 pm

Re: help to set ipv6 / 48

Sat Jul 13, 2019 10:48 pm

Can't you negotiate with your ISP about link-local address of your router? To use it instead of fe80::1234:5678:123 ?

When seeing such stories I become grateful that my ISP delivers IPv6 over PPPoE (together with IPv4) without fussing around with addresses for this and that ..
BR,
Metod
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Sun Jul 14, 2019 4:13 pm

On the other hand, it doesn't look as anything difficult that MikroTik couldn't support, if they wanted to. If ISPs do this, does it work with an average home router? I guess it must, otherwise ISPs wouldn't use it. And in that case, RouterOS needs it too.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Sun Jul 14, 2019 4:43 pm

Is there any RFC allowing to set up a link-local address manually? Both the mac-based method and the random method are there to make the link-local address eventually exist in parallel with a manually assigned one but not to be manually set itself. So unless I've missed such an RFC, asking the end users to support this way of assignment of link-local addresses is merely an arrogance of the ISP.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Sun Jul 14, 2019 7:18 pm

I don't know, there's quite a lot of RFCs.

I remember the old method where the right 64 bits are derived from MAC address (with ff:fe inserted in the middle). The random method clearly exists too, that's what Windows seem to be using. Realistically, as long as resulting link-local address is unique on the link, it shouldn't matter if it's the user who comes up with own "random" number. And even though it's not exactly scientific argument, it looks like Linux can do it, so why not RouterOS.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Mon Jul 15, 2019 8:43 pm

hi,
an update on the ISP request regarding the link-local proposed by Mkx:
Dear client,

Unfortunately we cannot help you with this request , due to our internal protocols we have to use link-local address.

Kind regards.
well for now the ipv6 dream is over :)
thanks to everyone, however, for the advice!
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Mon Jul 15, 2019 9:31 pm

You can try writing to MikroTik support and asking them if they could support this, or if they have some good reason why not.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
kalamaja
just joined
Posts: 20
Joined: Wed May 23, 2018 3:13 pm

Re: help to set ipv6 / 48

Tue Jul 16, 2019 12:24 am

IPv6 has a different, more autoconfig logic. Having link-local address as default gw is completely OK and often used, so seeing the line "GW: fe80 :: 1" tells atleast to me that PROBABLY provider is communicating configuration wrong to customer. So I would try with usual DHCPv6 PD configuration:

/ipv6 dhcp-client add add-default-route=yes disabled=no interface=ether1 pool-name=ipv6-pool pool-prefix-length=64 request=prefix use-peer-dns=yes

If it doesn't succeed (=no prefix appears in ipv6 dhcp-client), then I would ask provider to be more clear about IPv6 configuration techologies they use. BUT, if it succeeds and you see /48 prefix assigned, routes set etc, then you need to do these additional lines to start sharing:

/ipv6 nd set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes interface=bridge managed-address-configuration=no other-configuration=yes
/ipv6 address add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ipv6-pool interface=bridge no-dad=no
/ipv6 dhcp-server add address-pool=ipv6-pool disabled=no interface=bridge name=server1
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Tue Jul 16, 2019 2:38 am

It's true that IPv6 tends to be more dynamic, but static config is possible too. And it looks like it's what this ISP is doing. As a customer, I'd actually prefer this, it's just this one little detail about requiring specific link-local address on client's router that makes it problematic. But of course trying DHCPv6 can't hurt, it takes ten seconds to check if it's there.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Thu Jul 18, 2019 9:11 pm

hi guys, thanks for the advice i tried as you say kalamaja and all however it doesn't work.
I asked the ISP who simply replied that they are using RFC standards and that any router that supports ipv6 can be configured with those values manually.
I also asked Mikrotik to see what they answered.
thanks a lot
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 8:40 pm

hello everyone,
in the end it was simple, I couldn't set the routes but the link-local takes it, thanks to the support everything was revealed:
I guess the printed error is self-explained.
If you are using the link-local address for a route, you need to specify an interface.
Like,

/ipv6 route
add gateway=fe80::219:d1ff:fe00:3512%ether1
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 9:05 pm

I'm confused. I had a feeling that the ISP asked you to set a particular IPv6 address on your side to be able to route your incoming traffic to you. If it is actually enough for their gear that you advertise your interface as a router to your network by means of Neighbor Discovery's Router Advertisement, it's good for you, but on the other hand it's a bit scary as anyone can do the same and steal your incoming traffic if the ISP cannot hard-link your /48 to the physical link or MAC or something.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 9:30 pm

I honestly don't know, they just replied quite rudely that they apply the RFC protocol as it should be standard for everyone, and that in the end "it's my business" if I succeed or not ... the best ...
I don't know, I will continue to do tests until it works
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 9:45 pm

but on the other hand it's a bit scary as anyone can do the same and steal your incoming traffic if the ISP cannot hard-link your /48 to the physical link or MAC or something.
Well, a professional and larger-scale ISP will not put more than one customer in the same broadcast domain.
They can use anything like VLAN, PPPoE, etc but having like 250 customers on the same LAN segment where they can all see eachothers ARP and ND broadcasts and spoof them is asking for trouble.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 9:59 pm

So it really works now? Then count me in for the confused. I'll admit that not mentioning the requirement to include interface when gateway is link-local address was my mistake. But since you clearly didn't change link-local address on your WAN interface, how is it possible that it works? It was supposed to be your ISP's requirement...
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 10:14 pm

honestly I don't understand anything anymore :)
but putting% eth6_WAN (in my case) is not an error in route.
But now I'm at the starting point I didn't understand how I have to set ... sorry I thought it was something quite simple ..
let's say I want to set this:
WAN (internet interface)

IP: FE80 :: 2A02: 2F0F: 1C2 -> where do you set it?
GW: fe80 :: 1 -> where do you set it?
LAN 2A02: 2F0F: 1C2 :: 1/48 -> set in ipv6 bridge lan address

example web server
IP: 2A02: 2F0F: 1C2 :: 2/48
GW: 2A02: 2F0F: 1C2 :: 1
DNS1: 2a02: 2f0c: 8000: 8 :: 1
DNS2: 2a02: 2f0c: 8000: 3 :: 1

I think I don't understand the routes
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 10:37 pm

So in other words, it still doesn't work and you asked MikroTik support wrong question? That would make sense again. Skipping other parts for now, it brings us back to my very first reply in this thread.

The gateway is fe80::1, so it means:
/ipv6 route
add dst-address=::/0 gateway=fe80::1%ether1
(or with different interface if ether1 is not your WAN port)

But the problem is fe80::2a02:2f0f:1c2 which should go on your WAN port:
/ipv6 address
add address=fe80::2a02:2f0f:1c2/64 interface=ether1
But that's currently impossible with RouterOS (returns "failure: can not add link local address"). And that's what you were supposed to ask support about.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 10:44 pm

In your first OP, you wrote:
these are the data:
ip wan fe80::1234:5678:123
GW: fe80::1
lan: 1234:5678:123::1/48
Did they really ask you that the first 48 bits of your /48 were used as the last 48 bits of your WAN IP's link-local address? Or you've chosen the 1234:5678:123 randomly as placeholders?

Because according to RFC, a manually assigned link-local address can be used, but only in rare cases where automatic generation is not practical.

People are often rude when they don't understand something themselves and are embarassed to admit that. So if they actually don't need that your WAN's link-local address was a particular one, there are few possible substitutions on their side:
  • routing using a point to point interface as a gateway,
  • accepting routing advertisements within the Neighbor Discovery suite, where your WAN advertises its address as a gateway to the whole /48 assigned to you
  • theoretically, accepting the some information by means of some more advanced routing protocol
In the latter two cases anyone else could impersonate your network as there is no authentication available (unless you'd use IPsec as it was initially intended).

So where have you actually got? Do you need a helppinging hand to generate incoming traffic towards your /48 to see whether it is coming, so that you could separate the chicken from the egg and find out which direction works and which doesn't? Or have you got past that point and your IPv6 communication is already bi-directional?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 10:59 pm

the addresses were random,

the only data the ISP gave me are:
WAN:
IP: FE80 :: 2A02: 2F0F: 1C2
GW: fe80 :: 1

LAN: 2A02: 2F0F: 1C2 :: 1/48

server settings
IP: 2A02: 2F0F: 1C2 :: 2/48
GW: 2A02: 2F0F: 1C2 :: 1
DNS1: 2a02: 2f0c: 8000: 8 :: 1
DNS2: 2a02: 2f0c: 8000: 3 :: 1

IP: 2A02: 2F0F: 1C2 :: 3/48
GW: 2A02: 2F0F: 1C2 :: 1
DNS1: 2a02: 2f0c: 8000: 8 :: 1
DNS2: 2a02: 2f0c: 8000: 3 :: 1

so far the setting is so on the router:3


# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 fe80::1%eth6_WAN 1
1 ADC 2a02:2f0f:1c2::/48 bridge_LAN 0



# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::764d:28ff:fe43:6a3b/64 bridge_LAN no
1 DL fe80::764d:28ff:fe43:6a3f/64 eth6_WAN no
2 G 2a02:2f0f:1c2::1/48 bridge_LAN
I don't know what the first 2 addresses are (0 and 1)
Last edited by mikeleord on Tue Jul 23, 2019 11:09 pm, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 11:06 pm

Because according to RFC, a manually assigned link-local address can be used, but only in rare cases where automatic generation is not practical.
Then it's clear (bold = important, italic = not important). In rare case when I decide that I need to remember my router's link-local address, I need it to be fe80::2 and RouterOS should allow me to add it. :)

--

For the record, the rest of config. IPv6 usually works with /64 subnets (it's hard requirement for autoconfiguration). Since you have /48, you can create up to 65 thousands /64 subnets:

2a02:2f0f:1c2:0000::/64
2a02:2f0f:1c2:0001::/64
...
2a02:2f0f:1c2:fffe::/64
2a02:2f0f:1c2:ffff::/64

If you want standard autoconfiguration on interface lan1:
/ipv6 address
add address=2a02:2f0f:1c2:1::1/64 interface=lan1
Connected device will choose address automatically and will use router's link-local address (fe80::something from lan1) as gateway.

Or another subnet on lan2, this time fully static:
/ipv6 address
add address=2a02:2f0f:1c2:2::1/64 advertise=no interface=lan2
Connected device will need both static address 2a02:2f0f:1c2:2::<anything>/64 and gateway 2a02:2f0f:1c2:2::1.

It's also good idea to add unreachable route for whole /48.
/ipv6 route
add distance=1 dst-address=2a02:2f0f:1c2::/48 type=unreachable
Because if something tries to access other parts that you don't use, packets would otherwise bounce between you and ISP until TTL expires.

You can try this too, but without the right fe80 adress on WAN interface, it probably won't work. Devices will have correct addresses, but internet will be unreachable.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 11:11 pm

the only data the ISP gave me are:
WAN:
IP: FE80 :: 2A02: 2F0F: 1C2
GW: fe80 :: 1
LAN: 2A02: 2F0F: 1C2 :: 1/48
So the substitution was systematic (2A02:2F0F:1C2 ->1234:5678:123 everywhere) and they really do ask you to manually set the link-local address of your WAN so that its lowest 48 bits match the highest 48 bits of your /48, and refer to RFC which admits this in special cases. Lovely. So if you ping your server's address from outside, /tool sniffer quick interface=ether6 should show you a neighbor discovery packet asking for FE80::2A02:2F0F:1C2. If this is true, you'll have to replace Mikrotik by some linux box capable of configuring link-local addresses manually.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 11:22 pm

Because according to RFC, a manually assigned link-local address can be used, but only in rare cases where automatic generation is not practical.
Then it's clear (bold = important, italic = not important). In rare case when I decide that I need to remember my router's link-local address, I need it to be fe80::2 and RouterOS should allow me to add it. :)
Yes, I suppose they read the RFC in this twisted way beneficial for them. The point is that the RFC allows to the interface owner to choose to set the link-local address manually, it doesn't mandate that it must be possible on all interfaces, to ease the link peer's life.

I still hope that assinging 2A02:2F0F:1C2::1/48 to WAN and setting advertise=yes for that address should be sufficient.

As @Sob has already pointed out, a /48 on LAN interface is a bad idea, there should be anything between 2A02:2F0F:1C2:1:1/64 and 2A02:2F0F:1C2:ffff::1/64, otherwise your LAN devices will be unable to auto-configure. And the route to 2A02:2F0F:1C2::/48 should be a blackhole on your end (as an exception from your default route via the ISP, whereas the LAN subnets 2A02:2F0F:1C2:x::/64 will in turn constitute exceptions from this blackhole route).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 11:30 pm

ok to recap:
in ipv6 address I entered:
2a02: 2f0f: 1c2 :: 1/48 interface bridgeLAN
in the routes:
ok to recap:
in ipv6 address I entered:
2a02: 2f0f: 1c2 :: 1/48 interface bridgeLAN
in the routes:
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 fe80::1%eth6_WAN 1
1 ADC 2a02:2f0f:1c2::/48 bridge_LAN 0
but is unreachable
but nothing can be reached outside the LAN network are reachable
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Tue Jul 23, 2019 11:48 pm

@sindy: Well, ISP shouldn't expect that every client device supports this config (and I still wonder what will average home router think about this), that's probably true. On the other hand, it's allowed, Linux can do it, ... is there any reason why RouterOS couldn't support this too? It seems clear that it will happen sooner or later, as the current behaviour seems to be arbitrary decision.
I still hope that assinging 2A02:2F0F:1C2::1/48 to WAN and setting advertise=yes for that address should be sufficient.
I wouldn't expect it to. If they have route to /48 with fe80::2a02:2f0f:1c2 as gateway, advertising /48 on WAN won't change anything.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Wed Jul 24, 2019 12:02 am

@mikeleord: As it looks right now, you have no chance to succeed with current RouterOS, no matter what you do.

Your outgoing traffic should be ok. If you have some other server with IPv6 somewhere else and you try to ping it from this network, on that server you should see incoming packets with some packet sniffer.

But incoming traffic is the problem, without that specific fe80 address on your WAN interface, ISP is not able to deliver it to you.

You could test if our understanding of this config is correct with some linux machine connected either temporarily instead of this router, of bridged with router's WAN interface. There you could add required fe80 address and it should work with it.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mikeleord
just joined
Topic Author
Posts: 20
Joined: Thu Apr 18, 2019 8:41 pm

Re: help to set ipv6 / 48

Wed Jul 24, 2019 9:03 am

Good morning,
nothing else is possible then ..
Will try with a linux, better this way
thank you all, I would offer you a coffee you were here :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: help to set ipv6 / 48

Wed Jul 24, 2019 10:03 am

@sindy: Well, ISP shouldn't expect that every client device supports this config (and I still wonder what will average home router think about this), that's probably true. On the other hand, it's allowed, Linux can do it, ... is there any reason why RouterOS couldn't support this too? It seems clear that it will happen sooner or later, as the current behaviour seems to be arbitrary decision.
It is much like not supporting /31
Everyone can do it, but it isn't standard (or it wasn't always standard) and apparently the lag between things becoming commonplace and MikroTik removing the limitations is quite long.
 
nostromog
Member Candidate
Member Candidate
Posts: 159
Joined: Wed Jul 18, 2018 3:39 pm

Re: help to set ipv6 / 48

Wed Jul 24, 2019 3:59 pm

ok to recap:
in ipv6 address I entered:
2a02: 2f0f: 1c2 :: 1/48 interface bridgeLAN
in the routes:
ok to recap:
in ipv6 address I entered:
2a02: 2f0f: 1c2 :: 1/48 interface bridgeLAN
in the routes:
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 fe80::1%eth6_WAN 1
1 ADC 2a02:2f0f:1c2::/48 bridge_LAN 0
but is unreachable
but nothing can be reached outside the LAN network are reachable
Have you tried to ping "ip6-allnodes"?

There is a special multicast group ip6-allnodes (and another ip6-allrouters) which all nodes should join. So pinging it can give you clues of the other side address:
# Note that the RouterOS ipv6 firewall is a bit broken and does not allow multicast through
# Substitute ether1 by your wan interfaces
:ping ff02::1%ether1
You should receive 2 answers at least; one from your ipv6 link-local address and another from the gateway one. This is the real link-local address of your ISP gateway.
After this you can try unicast ping:
:ping fe08::<whatever>%ether1 
And see if your ISP gateway answers, etc.

As I noted in comments, be careful with RouterOS firewall, I think the default IPv6 firewall is broken and does not allow through a number of things (router advertisements being one of them). I usually add a rule like
/ipv6 firewall filter
add action=accept chain=input comment="accept multicast" dst-address=ff00::/8 place-before=[f chain=input  comment~"ICMPv6"]
Though for these tests you might find better to disable all /ipv6 firewall filter rules
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: help to set ipv6 / 48

Wed Jul 24, 2019 4:03 pm

@mikeleord: You can try Linux and if everything works, then you can inform MikroTik support about your experience and explain how sad it makes you that you can't do the same with RouterOS. Maybe they will realize that it wouldn't be too difficult for them to make you (and others like you) happy. :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3811
Joined: Mon Dec 04, 2017 9:19 pm

Re: help to set ipv6 / 48

Fri Aug 02, 2019 10:52 am

Just one more idea, is the 4011 your first Mikrotik ever? I've bumped into the fact that as of current, Mikrotik's DHCPv6 server only delegates prefixes to other routers but doesn't assign individual addresses to end hosts, so I had to look for alternatives and the most natural choice for me was OpenWRT as I have enough suitable hardware from the past. While in my case it was Asus, there is a list of Mikrotik hardware supported by OpenWRT, so maybe your older machine can be found on that list and if you won't ask too much from it (i.e. the 4011 would have to act as a firewall etc., the firewall on the OpenWRT would have to protect only itself), it could work around your issue.

Manual setting of link-local address on OpenWRT is also not a single-click task but at least it is possible.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
AUsquirrel
just joined
Posts: 4
Joined: Fri Feb 21, 2014 10:28 pm

Re: help to set ipv6 / 48

Tue Aug 20, 2019 3:24 pm

Have you configured the ISP connection port as a DHCP client?

My ISP connects to my CISCO router and assigns it an address. It also pushes the default route to it. I have UDP 546 open on the internet to accept the DHCP requests and the autoconfig. I then set the default route to that interface. The global IPV6 address on my outside interface is not part of the /56 subnet allocated to me.Your interface to your ISP will have the fe80:: address with the network address being your mac address padded out from 48 bits to 64 with the ff:fe.

My outside interface on the Cisco has both the LL FE80::32E4:DBFF:FE85:9570 and the allocated Global 2001:44B8:2035:931:32E4:DBFF:FE85:9570. Note the subnet address is an autoconfig as the ISP has advertised the prefix 2001:44B8:2035:931. Both addresses have the network address of 32E4:DBFF:FE85:9570 as that is the mac address of the external interface.

I would not assign my whole /48 as that address space is allocated to allow you to have subnets. In my network, a /56, I have allocated 2 /64 subnets. cf01 and cf02. One is my DMZ and the other is my Internal network. I have my Mikrotik routing between the DMZ and INT.

I also don't bother with a subnet calculator. The first four quad hexadecimals are the subnet address. The last 4 are the network address. In a /48 you have the first three quad hexs as your /48 subnet allocation. As Sob posted, just use the 2a02:2f0f:1c2::/64 (or in full notation 2a02:2f0f:01c2:0000::/64) as your first internal subnet. Stick to /64 subnets. The moment you accept that you start to "get" IPV6 :-).

Who is online

Users browsing this forum: MSN [Bot] and 107 guests