Community discussions

MikroTik App
 
zandhaas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 11, 2018 11:02 pm
Location: The Netherlands

New to IPv6

Wed May 31, 2023 12:25 pm

Hello,

I'm new to IPv6 and got a static IPv6 address from my ISP beside my (working) static IPv4 Address.

From My ISP I got the below information:

IPv6 subnet: 2a05:xxxx:y:zzzz::/56
ISP Gateway: 2a05:xxxx:yyyy:zzzz::ww126
Customer router: 2a05:xxxx:yyyy:zzzz::ww/126

I'm lost in what I need to configure to get my router to talk to the IPv6.
Is there someone out there who can give me the needed steps I have to walk thru?

I'm Running RouterOS 7.9.1 on a RB4011 thats connected to the ISP via a sfp.

Regards Peter
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: New to IPv6

Wed May 31, 2023 4:11 pm

Just guessing as my ISP delegates IPv6 prefix using DHCPv6:
/ipv6/address
add interface=sfp1 address=2a05:xxxx:yyyy:zzzz::ww/126 advertise=no
/ipv6/route
add dst-address=::/0 gateway=2a05:xxxx:yyyy:zzzz::gg/126
/ipv6/pool
add name=myIPv6pool prefix=2a05:xxxx:y:zzzz::/56 prefix-length=64

After that assign addresses to LAN interfaces of router:
/ipv6/address
add address=::1 from-pool=myIPv6pool interface=<LAN interface> advertise=yes

After a short while, LAN clients should start receiving RAs and construct their own IPv6 addresses inside same IPv6 /64 subnet.
You can affect a bit more the selection of prefix (and address) for each individual LAN interface, with property address you essentially set the least significant bits of address (so it has to start with ::) while the most significant bits are filled automatically by router by pulling prefixes from pool. Make sure that pool has prefix-length set to 64 (and nothing else), because this governs then the size of prefixes pulled out of pool (and has nothing to do with pool size). Using /64 subnets is more or less standard and one has to know their stuff to go for anything else.
 
zandhaas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 11, 2018 11:02 pm
Location: The Netherlands

Re: New to IPv6

Wed May 31, 2023 5:47 pm

It seems to work.
From the router I can ping and traceroute the IPv6 Google DNS servers.

Thank you for your help.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: New to IPv6

Wed May 31, 2023 11:14 pm

Remember that your IPv4 firewalls have no effect on IPv6 traffic. You need to create IPv6 firewall rules separately. By default there are zero IPv6 firewall rules so you are wide open.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: New to IPv6

Wed May 31, 2023 11:19 pm

Depends on device and ROS version.
RB5009, AX2, AX3 all have default IPv6 firewall on 7.10rc1.

But you're quite correct to point it out and have it checked.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: New to IPv6

Wed May 31, 2023 11:25 pm

I have not looked at ROS 7 yet, but on my RB4011, with 6.49.6, when I enabled IPv6, there were absolutely no IPv6 firewall rules. I rather quickly built a few rules to essentially firewall everything (I'm not really using IPv6, but I do get addresses from both ISPs).
Nice to see that ROS 7 defaults with at least something...
 
zandhaas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 73
Joined: Tue Dec 11, 2018 11:02 pm
Location: The Netherlands

Re: New to IPv6

Wed May 31, 2023 11:38 pm

Im Aware of the separate firewall for IPv6.

That's the next step. In te meantime I have disabled IPv6 until I have time to configure the IPv6 firewall
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: New to IPv6

Wed May 31, 2023 11:40 pm

The reason for missing IPv6 firewall rules in ROS v6 is that default config gets only applied when device is reset to default config when the involved package is already installed and enabled. In ROS v6 IPv6 is optional package and since it's mostly installed after device is already set up, nobody performs reset to default after installing IPv6 package. And default config is not applied simply by installing optional package.

In ROS v7, IPv6 is part of base package and thus related default config is applied along with the rest of default config. Unless one resets/netinstalls to no config - in which case the rest of config is missing as well.

One can always consult default config by executing /system default-configuration print as user with administrative permissions. Make sure terminal window is as wide as possible, long lines are not wrapped, they're truncated. Then one can simply copy-paste of ipv6 configuration subtree.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: New to IPv6

Wed May 31, 2023 11:49 pm

That's the next step. In te meantime I have disabled IPv6 until I have time to configure the IPv6 firewall
Good plan!
The reason for missing IPv6 firewall rules in ROS v6 is that default config gets only applied when device is reset to default config when the involved package is already installed and enabled. In ROS v6 IPv6 is optional package and since it's mostly installed after device is already set up, nobody performs reset to default after installing IPv6 package. And default config is not applied simply by installing optional package.
Good point. Note that at least in later ROS 6 versions, IPv6 is "bundled" and can not be uninstalled. It of course can be disabled.

Who is online

Users browsing this forum: Google [Bot] and 38 guests