Community discussions

MikroTik App
 
ef86
just joined
Topic Author
Posts: 5
Joined: Mon Dec 27, 2021 11:33 am

IPv6 SLAAC

Sun Jan 02, 2022 3:38 pm

Ok if have a hex S on 7.1 default config sat behind isp router and it has the typical hidden public IPv6 address after changing "Accept Router Advertisements" from "yes if forwarding disable" to "yes".

I am now able to ping Cloudflare IPv6 dns servers and can see the results and in the log with log enabled on "defconf: accept established,related,untracked" this show the hidden IPv6 address.

What do I have to do for clients of the hexs to be able to get IPv6 addresses, Slaac passthrough ???? not really sure I get a no route on a linux box and it just has a fe80 address, Or should i open a port on te firewall for RA to get through.

Help
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 232
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: IPv6 SLAAC

Sun Jan 02, 2022 3:55 pm

SLAAC works on layer 2, and does not cross routed interfaces. I am not aware of any helper or relay to bypass this limitation, but one may exist. usually people get prefix's delegated for their internal subnet's through a dhcpv6-server.
 
User avatar
Tporlapt
just joined
Posts: 3
Joined: Sat Jan 01, 2022 10:40 am

Re: IPv6 SLAAC

Sun Jan 02, 2022 4:34 pm

This worked for me (I've pasted my config as commands, but all the below is accessible within the IPv6 menu of webfig) where ether1 is connected to my ISP and my LAN WAN bridge is called “bridge

- Enable DHCP client. My ISP gives me a /56 delegation so use that in the prefix length field. I don’t use my ISPs DNS, but if you do, change use-peer-dns to yes:

/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=pool6 pool-prefix-length=56 request=prefix use-peer-dns=no

- Add an IPv6 address to the bridge

/ipv6 address
add address=::1 from-pool=pool6 interface=bridge advertise=yes

Setup Neighbor Discovery (ND on the webfig menu) on the bridge, with advertise-mac-address=yes advertise-dns=yes managed-address-configuration=yes other-configuration=yes dns=(Whatever IPv6 DNS servers you use, comma separated, could include your router's new IPv6 address from above IF you have allowed remote requests, confusingly under IP->DNS not IPv6…)

/ipv6 nd
set [ find default=yes ] dns=x,y interface=bridge managed-address-configuration=yes \
other-configuration=yes etc

That should be it…
 
aoakeley
Member Candidate
Member Candidate
Posts: 171
Joined: Mon May 21, 2012 11:45 am

Re: IPv6 SLAAC

Mon Jan 03, 2022 7:55 am


What do I have to do for clients of the hexs to be able to get IPv6 addresses......
So I have done quite a bit of playing about with this. Not sure if this will help you but here goes.

First there is a bug in ROS7 where if your WAN IP is assigned by SLAAC and you enable IP Forwarding, then IPv6 breaks.
viewtopic.php?t=181350
There is some discussion here that "you should not use SLAAC for getting your WAN Address, but if that's the way your provider does it..... too bad so sad....

On v6 with SLAAC......

My ISP assigns a WAN IP via SLAAC and then routes a /56 for personal use to that IP.
You can then split up that /56 into multiple /64 for use by clients on the other side (LAN Side) of the router.
IPv6 Address 2404:9404:4:0:216:3eff:fee1:7681
IPv6 Routed 2404:9404:4176:8100::/56

LAN Addresses are also being issued through Neighbor Discovery not actually IPv6DHCP-Server. But the ipv6 DNS Server is being issued by DHCPv6, hence that configuration in there.

ether1 is WAN and ether2 is LAN
This is my config in v6. as per above the same comfig in v7 does not work, no matter what I try.

# Set the IPv6 DNS Server for clients
/ipv6 dhcp-server option
add code=23 name=v6dns value="'2404:9404:4176:8100::1'"

# Set the IP Pool of available addresses for clients
/ipv6 pool
add name=pool1 prefix=2404:9404:4176:8100::/64 prefix-length=64

# Tell the router that ether2 is using the first available address in the assigned pool
/ipv6 address
add address=::1 from-pool=pool1 interface=ether2

#Enable the DHCP Server for issuing the IPv6 DNS IP.
/ipv6 dhcp-server
add address-pool=pool1 dhcp-option=v6dns interface=ether2 name=server1

# optional firewall
/ipv6 firewall filter
add action=accept chain=input comment=ICMP protocol=icmpv6
add action=accept chain=forward protocol=icmpv6
add action=accept chain=input comment="Established and Related" connection-state=established,related protocol=tcp
add action=accept chain=forward connection-state=established,related protocol=tcp
add action=accept chain=input comment="Allow DNS Replies" in-interface=ether1 protocol=udp src-port=53
add action=drop chain=input comment=Drop in-interface=ether1
add action=drop chain=forward in-interface=ether1


#Enable ND on the wan to get my WAN IP and on ether2 for my LAN
/ipv6 nd
set [ find default=yes ] interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m
add interface=ether2 other-configuration=yes reachable-time=5m
/ipv6 nd prefix default
set preferred-lifetime=4h valid-lifetime=4h

#Set IPV6 settings to accept advertisements
/ipv6 settings
set accept-router-advertisements=yes

Hope this helps somewhat.

Andrew
 
ef86
just joined
Topic Author
Posts: 5
Joined: Mon Dec 27, 2021 11:33 am

Re: IPv6 SLAAC

Mon Jan 03, 2022 6:14 pm

Thanks for this will play around our isp gives a /56 and the first /64 is the isp router meh.. to add insult to injury you can’t add routes on the isp router.

The only bizarre way to get around all of this is to have a openwrt based router in tandem with ros with ipv4 disabled and ipv6 ra relay enabled.

But in all honesty not being able to see what ipv6 address is assigned without pinging something and logging the traffic is odd.

I really hope one of the 7 updates brings some decent ipv6 features to ros.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: IPv6 SLAAC

Mon Jan 03, 2022 7:22 pm

If your ISP router runs at lest half-decent DHCPv6, then you could configure DHCPv6 client on hEX S, but only request prefix (not address) and store the prefix into a IPv6 address pool. If hEX S will receive a prefix, then next step is to assign one address from same pool to its "LAN" interface, and enable ND / router advertisements on "LAN" interface ... which will allow "LAN" clients to use SLAAC ....
 
ef86
just joined
Topic Author
Posts: 5
Joined: Mon Dec 27, 2021 11:33 am

Re: IPv6 SLAAC

Tue Jan 04, 2022 10:43 am

Isp router doesn’t do PD will have to wait for an update

Who is online

Users browsing this forum: synchro and 14 guests