Community discussions

MikroTik App
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Multihomed ipv6 host

Wed Oct 13, 2021 3:37 pm

Suppose, we have two 6to4 tunnels to different tunnel brokers with different prefixes on the bridge interface. Two static 2000::/3 routes to each tunnel. In Mikrotik v6 we have no ipv6 NAT. But we can adjust a preferred-lifetime property of these prefixes to a little value. May be 1min or what you want. When the prefix become disabled a corresponding host ipv6 address could not make new connection. Script:
:local prefix1 2xxx:xxxx:xxxx:xxxx::/64;
:local prefix2 2axx:xxxx:xxxx:xxxx ::/64;
:local int1 sit1;
:local int2 sit2;

:if ([/interface 6to4 find  where running and name=$int1])
  do={/ipv6 nd prefix enable [find prefix=$prefix1];/ipv6 nd prefix disable [find prefix=$prefix2]}
else={:if ([/interface 6to4 find  where running and name=$int2])
  do={/ipv6 nd prefix disable [find prefix=$prefix1];/ipv6 nd prefix enable [find prefix=$prefix2]}}
But still some questions about Mikrotik 6to4 interface _running_ state. How adequate is this property?
And btw ipv6 NAT would be better in this case.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Fri Oct 15, 2021 6:40 am

But still some questions about Mikrotik 6to4 interface _running_ state. How adequate is this property?
Do you enable the "Check Gateway" (ping) feature of your 2000::/3 routes? Do you think you can check the presence of a route in your script, instead of interface state?
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Fri Oct 15, 2021 2:24 pm

Do you enable the "Check Gateway" (ping) feature of your 2000::/3 routes? Do you think you can check the presence of a route in your script, instead of interface state?
Yes, it's enabled. Presence of a route is a very connected thing with the interface state, as far as I tried it in the Mikrotik. I enable and disable and vise versa an ipv4 address of the tunnel far end by IP Firewall. No clear for me why and when interface state is changed. With Hurricane Electric tunnel enabling option _keep alive_ works better (not ideal so), but with the other provider this option turns tunnel into the _not running_ state.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Fri Oct 15, 2021 8:25 pm

No clear for me why and when interface state is changed. With Hurricane Electric tunnel enabling option _keep alive_ works better (not ideal so), but with the other provider this option turns tunnel into the _not running_ state.
Have you been able to figure out how the keepalive feature on sit* interfaces works under the hood? The 6in4 protocol (RFC4213) does not seem to define any keepalive mechanisms.
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Sat Oct 16, 2021 5:47 am

Have you been able to figure out how the keepalive feature on sit* interfaces works under the hood? The 6in4 protocol (RFC4213) does not seem to define any keepalive mechanisms.
I can only guess. I think the same like in IPIP tunnel: "Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries."
https://wiki.mikrotik.com/wiki/Manual:Interface/IPIP

But when it's enabled with NTS ISP the 6to4 tunnel state turns to _not_ running.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Sat Oct 16, 2021 6:15 am

Have you been able to figure out how the keepalive feature on sit* interfaces works under the hood? The 6in4 protocol (RFC4213) does not seem to define any keepalive mechanisms.
I can only guess. I think the same like in IPIP tunnel: "Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. By default keepalive is set to 10 seconds and 10 retries."
https://wiki.mikrotik.com/wiki/Manual:Interface/IPIP
I have read this page already. It does not specify what kind of keepalive packets the MikroTik is sending/expecting to/from the remote side.
But when it's enabled with NTS ISP the 6to4 tunnel state turns to _not_ running.
It's probably because NTS does not respond to MikroTik's keepalives whatever they are? Or does not respond in the way MikroTik expects.
 
matd
just joined
Posts: 13
Joined: Wed Jan 17, 2018 5:12 pm

Re: Multihomed ipv6 host

Mon Oct 18, 2021 8:06 pm

Hi, just a side note - shortening IPv6 prefix preferred/valid lifetime to a very short value can be a problem on a wifi. IPv6 Router advertisements are send as multicast and they are easily lost, especially when clients use power save feature (on linux you can check with iw dev wlan0 get power_save). Then you can get issues on clients with IPv6, because preferred lifetime expire (and are not refreshed because of lost Router advertisement messages).
However, if you are on wired Ethernet, you should be safe.
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Tue Oct 19, 2021 10:26 am

Ok. I do this solution for a home network. Two, not so critical, 6to4 tunnels. I adjusted 10 min preferred lifetime. Win 10 Laptop works normal via Wifi with this time. For production networks I would be prefer IPv6-to-IPv6 Network Prefix Translation.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Tue Oct 19, 2021 12:40 pm

Ok. I do this solution for a home network. Two, not so critical, 6to4 tunnels. I adjusted 10 min preferred lifetime. Win 10 Laptop works normal via Wifi with this time. For production networks I would be prefer IPv6-to-IPv6 Network Prefix Translation.
For production networks I would prefer BGP in this case.
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Tue Oct 19, 2021 3:59 pm

For production networks I would prefer BGP in this case.
Do you mean to obtain Provider Independent ip v6 addresses and AS?
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Wed Oct 20, 2021 6:45 am

For production networks I would prefer BGP in this case.
Do you mean to obtain Provider Independent ip v6 addresses and AS?
I do. I don't know however if it has become easier or harder to obtain a PI block as compared to IPv4. If you have to become a LIR to get your own block of addresses (de facto the only way in the IPv4 world), it's not a feasible way for small companies.
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Sun Oct 24, 2021 4:20 pm

Have you been able to figure out how the keepalive feature on sit* interfaces works under the hood? The 6in4 protocol (RFC4213) does not seem to define any keepalive mechanisms.
Mikrotik keepalive packets:
sit1.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Sun Oct 24, 2021 7:26 pm

Mikrotik keepalive packets:
OMG, what is it? Can you please expand the IPv6 header?
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Mon Oct 25, 2021 5:30 am

OMG, what is it? Can you please expand the IPv6 header?
Only nulls. And I didn't find any replies.
ipv6.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Mon Oct 25, 2021 5:44 am

Only nulls. And I didn't find any replies.
Very odd. Who will reply to such packets? There should be a "Next Header" and some other important fields.
 
AlexeyShebeko
just joined
Topic Author
Posts: 8
Joined: Wed Oct 13, 2021 3:09 pm

Re: Multihomed ipv6 host

Mon Oct 25, 2021 5:52 am

Some times the HE tunnel falls into _not running_ state too, with keep alive enabled. But in most time HE is _running_ with keep alive enabled unlike the NTS case. So, somehow it works. We can dig it deeper. But I don't see a reason.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: Multihomed ipv6 host

Mon Oct 25, 2021 8:26 am

Some times the HE tunnel falls into _not running_ state too, with keep alive enabled. But in most time HE is _running_ with keep alive enabled unlike the NTS case. So, somehow it works. We can dig it deeper. But I don't see a reason.
An official comment from the MikroTik team is due here. What kind of packets they use as keepalive, why, what RFC it is, or is it something proprietary etc etc. I agree that there is no use guessing but it would be good to have first hand knowledge.

Who is online

Users browsing this forum: No registered users and 18 guests