Hi!
Found 2 show stoppers for OSPFv3 IPv6 while testing 7.1rc6 on an RB951-2HnD:
1) Interface template giving specific VLAN or straight ether* interface for IPv6 does not result in detected interfaces
ie /routing/ospf/interface-template add area=backbone-v3 cost=10 interfaces=dms0 priority=1
2) OSPFv3 IPv6 interface-template seems to have an issue with VLAN interfaces (ie all on ether1) with duplicate fe80::/64 addresses not being detected - probably 2nd bug covered by 1)
export config dump follows.
Want to purchase an RB5009 but this is holding me back. Really love Mikrotik routers!
Thank you!
# jan/03/1970 12:50:58 by RouterOS 7.1rc6
# software id = 5YZZ-VT8W
#
# model = 951G-2HnD
# serial number = 469B025F3BF7
/interface bridge
add admin-mac=D4:CA:6D:D0:71:D9 auto-mac=no comment=defconf name=bridge
add admin-mac=01:00:00:00:35:00 auto-mac=no fast-forward=no name=rid0 \
protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-D071DD wireless-protocol=802.11
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" !keepalive mtu=1472 name=\
sit-he0 remote-address=66.220.18.42
/interface vlan
add interface=ether1 name=dms0 vlan-id=370
add interface=ether1 name=dmz0 vlan-id=7
add interface=ether1 name=ext0 vlan-id=5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2 router-id=172.31.31.35
add name=default-v3 router-id=172.31.31.35 version=3
/routing ospf area
add instance=default-v2 name=backbone-v2
add instance=default-v3 name=backbone-v3
/routing table
add fib name=""
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ext0 list=LAN
add interface=sit-he0 list=WAN
add interface=dms0 list=LAN
add interface=dmz0 list=LAN
/ip address
add address=172.31.31.35 interface=rid0 network=172.31.31.35
add address=172.31.5.3/24 interface=ext0 network=172.31.5.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=172.31.0.0/16,192.168.44.0/24,fd14:828:ba69::/48
set api disabled=yes
set winbox address=172.31.0.0/16,fd14:828:ba69::/48
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote strong-crypto=yes
/ipv6 address
add address=fd14:828:ba69:1 interface=rid0
add address=fd14:828:ba69:10::2 interface=dms0
add address=2001:470:f012:10::1 interface=dms0
add address=2001:470:c:2e6::2 interface=sit-he0
add address=2001:470:f012:8::1 interface=dmz0
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/128 list=SRC-BOGONS
add address=fc00::/7 list=SRC-BOGONS
add address=::1/128 list=SRC-BOGONS
add address=ff00::/8 comment="Multicast as a Source address" list=SRC-BOGONS
add address=::ffff:0.0.0.0/96 list=SRC-BOGONS
add address=2001:db8::/32 list=SRC-BOGONS
add address=2001:10::/28 list=SRC-BOGONS
add address=fe00::/7 list=SRC-LL-BOGONS
add address=fd14:828:ba69::/48 list=ANATHOTH-PREFIXES
add address=2001:470:f012::/48 list=ANATHOTH-PREFIXES
add address=fd14:828:ba69:5::/64 list=ROUTER-BLOCKS
add address=2001:470:f012:5::/64 list=ROUTER-BLOCKS
add address=fc00::/7 comment="ULA prefixes" list=DST-BOGONS
add address=::ffff:0.0.0.0/96 list=DST-BOGONS
add address=2001:db8::/32 list=DST-BOGONS
add address=2001:10::/28 list=DST-BOGONS
add address=fe00::/7 list=DST-LL-BOGONS
add address=::/128 list=DST-BOGONS
add address=::1/128 list=DST-BOGONS
add address=fec0::/10 comment="Depracated by RFC 3879" list=DST-BOGONS
add address=fec0::/10 comment="Depracated by RFC 3879" list=SRC-BOGONS
add address=ff00::/8 comment="Deny Multicast - we don't do it yet" list=\
DST-BOGONS
add address=2001:470:c:2e6::2/128 list=ROUTER-BLOCKS
add address=2001:470:f012:10::/64 comment="DMS DMZ Network" list=SRC-DMS
add address=2001:470:f012:8::/64 comment="DMZ Network" list=SRC-DMZ
add address=2001:470:f012:/64 list=SRC-DMZ
add address=fd14:828:ba69:/64 list=SRC-DMZ
/ipv6 firewall filter
add action=accept chain=ICMPv6-common comment=\
"Accept Destination Unreachable" icmp-options=1:0-255 protocol=icmpv6
add action=accept chain=ICMPv6-common comment="Accept Packet Too Big" \
icmp-options=2:0-255 protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Time Exceeded (Type 3) code 1" icmp-options=3:1 protocol=icmpv6
add action=accept chain=ICMPv6-common comment="Accept Time Exceeded" \
icmp-options=3:0 protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Parameter Problem (Type 4) code 0" icmp-options=4:0 protocol=\
icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Parameter Problem, codes 1 and 2" icmp-options=4:1-2 protocol=\
icmpv6
add action=accept chain=ICMPv6-common comment="Accept Echo Request" \
icmp-options=128:0-255 protocol=icmpv6
add action=accept chain=ICMPv6-common comment="Accept Echo Reply" \
icmp-options=129:0-255 protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Home Agent Discovery Request (Type 144)" icmp-options=144:0-255 \
protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Home Agent Discovery Reply (Type 145)" icmp-options=145:0-255 \
protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Mobile Prefix Solicitation (Type 146)" icmp-options=146:0-255 \
protocol=icmpv6
add action=accept chain=ICMPv6-common comment=\
"Accept Mobile Prefix Advertisement (Type 147)" icmp-options=147:0-255 \
protocol=icmpv6
add action=log chain=ICMPv6-common comment=\
"Log and Drop other ICMPv6 Packets"
add action=drop chain=ICMPv6-common
add action=accept chain=ICMPv6-input comment=\
"Accept Neighbour Solicitation (135) with hop limit == 255" hop-limit=\
equal:255 icmp-options=135:0-255 protocol=icmpv6
add action=accept chain=ICMPv6-input comment=\
"Accept Neighbour Advertisement (136) with hop limit = 255" hop-limit=\
equal:255 icmp-options=136:0-255 protocol=icmpv6
add action=jump chain=ICMPv6-input jump-target=ICMPv6-common
add action=drop chain=router-in dst-port=\
21-23,53,8291,8728,8729,80,443,161,162 protocol=tcp
add action=drop chain=router-in dst-port=53,161-162,123 protocol=udp
add action=drop chain=router-in protocol=ospf
add action=drop chain=inet-input src-address-list=SRC-BOGONS
add action=jump chain=inet-input dst-address-list=ROUTER-BLOCKS jump-target=\
router-in
add action=jump chain=inet-input jump-target=ICMPv6-input protocol=icmpv6
add action=accept chain=inet-input
add action=drop chain=inet-fwd-in dst-address-list=DST-BOGONS
add action=drop chain=inet-fwd-in dst-address-list=DST-LL-BOGONS
add action=drop chain=inet-fwd-in src-address-list=SRC-BOGONS
add action=drop chain=inet-fwd-in src-address-list=SRC-LL-BOGONS
add action=drop chain=inet-fwd-in src-address-list=ANATHOTH-PREFIXES
add action=jump chain=inet-fwd-in jump-target=ICMPv6-common protocol=icmpv6
add action=jump chain=inet-fwd-in dst-address-list=ROUTER-BLOCKS jump-target=\
router-in
add action=return chain=inet-fwd-in
add action=drop chain=inet-fwd-out dst-address-list=DST-BOGONS
add action=drop chain=inet-fwd-out dst-address-list=DST-LL-BOGONS
add action=accept chain=inet-fwd-out src-address-list=ANATHOTH-PREFIXES
add action=drop chain=inet-fwd-out
add action=jump chain=input in-interface-list=WAN jump-target=inet-input
add action=jump chain=forward in-interface-list=WAN jump-target=inet-fwd-in
add action=jump chain=forward in-interface=dms0 jump-target=dms-fwd-in
add action=jump chain=forward in-interface=dmz0 jump-target=dmz-fwd-in
add action=jump chain=forward jump-target=inet-fwd-out out-interface-list=WAN
add action=jump chain=forward jump-target=dms-fwd out-interface=dms0
add action=jump chain=forward jump-target=dmz-fwd out-interface=dmz0
add action=drop chain=forward
/routing ospf interface-template
add area=backbone-v2 auth-id=1 auth-key="" cost=10 interfaces=rid0 networks=\
172.31.31.35 passive priority=1
add area=backbone-v2 auth=md5 auth-id=1 auth-key=Sna1lR0t cost=10 interfaces=\
ext0 networks=172.31.5.0/24 priority=1
add area=backbone-v3 cost=10 interfaces=rid0 passive prefix-list="" priority=\
1
add area=backbone-v3 cost=10 interfaces=dms0 prefix-list="" priority=1
add area=backbone-v3 cost=20 interfaces=dmz0 passive priority=1
/system clock
set time-zone-name=Pacific/Auckland
/system identity
set name=he-gw
/system ntp client
set enabled=yes
/system ntp client servers
add address=fd14:828:ba69:1
add address=fd14:828:ba69:1
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN