I'm sure I'm making a n00b error here but I can't work out what.
RouterOS is v6.49.13 (stable) now 7.12.1 and the machine is hEX S RB760iGS r2
I have a pppoe connection to fibre. It had ipv4 and ipv6, fixed assignments on the pppoe account.
The ipv4 is a /29 and is working fine. The clients are manually assigned. It's not using any dhcp with ipv4.
This was configured via the quick set menu, mode router and port ether1. [a]
The problem is with ipv6. It gets a ND /64 via DHCP and a PD /48. I want the clients to use SLAAC, so they each get a
/64 from the /48 via DHCP-PD on the router.
The problem seems to be that it'll only register the /48 on ether1 and ether1 is bound to the pppoe connection. So the clients never get ipv6, because the clients are connected via ether2.
What I'm expecting to see is the ND /64 on the pppoe connection and the /48 in ether2
What do I need to do?
[a] is this the wrong connection type?
ipv6 ND /64 and PD /48 problems
Last edited by rb760igs on Sat Mar 02, 2024 6:09 pm, edited 1 time in total.
Re: ipv6 ND /64 and PD /48 problems
This is a misconfiguration on your end.
Run DHCPv6 client for the ia_pd /48 on top of the PPPoE client interface, from there it will get the /48 from upstream and inject it into the database of the IPv6>Pool.
From there, now, you can just use it directly on each VLAN:
VLAN1- ::1/64
VLAN2- ::1:1/64
Etc
Then configure the IPv6>ND (aka RA) for each VLAN, disable it for "all" (or any interfaces that doesn't need SLAAC).
Run DHCPv6 client for the ia_pd /48 on top of the PPPoE client interface, from there it will get the /48 from upstream and inject it into the database of the IPv6>Pool.
From there, now, you can just use it directly on each VLAN:
VLAN1- ::1/64
VLAN2- ::1:1/64
Etc
Then configure the IPv6>ND (aka RA) for each VLAN, disable it for "all" (or any interfaces that doesn't need SLAAC).
Re: ipv6 ND /64 and PD /48 problems
Hi, thank you for looking at this.
As you can probably tell, I'm totally unfamilair with routeros, being
more used to just directly editing something like dhcpcd.conf on other systems.
I forgot to mention, ether2 is connected to the LAN. There are no other ethernet ports
connected, just ether1 for the pppoe and ether2 for LAN.
Firmware has been upgraded to 7.12.1.
is running separate VLANs a requirement? There are no VLANs configured.
The router currently has ipv6 connectivity:
tcpdump from a machine connected to the (external) LAN (via external dumb switch) which ether2 is plugged into
it's been running for 15 mins or so and that's all it has.
As you can probably tell, I'm totally unfamilair with routeros, being
more used to just directly editing something like dhcpcd.conf on other systems.
I forgot to mention, ether2 is connected to the LAN. There are no other ethernet ports
connected, just ether1 for the pppoe and ether2 for LAN.
Firmware has been upgraded to 7.12.1.
Without a doubt !!This is a misconfiguration on your end.
This is what I've entered into the page which I get to by clicking "IPv6" and then selecting "DHCP Client"- is this what you mean?Run DHCPv6 client for the ia_pd /48 on top of the PPPoE client interface, from there it will get the /48 from upstream and inject it into the database of the IPv6>Pool.
Where's "there" ? On the above screen?From there, now, you can just use it directly on each VLAN:
is running separate VLANs a requirement? There are no VLANs configured.
The router currently has ipv6 connectivity:
Code: Select all
ping 2606:4700:4700::1111
SEQ HOST SIZE TTL TIME STATUS
0 2606:4700:4700::1111 56 253 7ms753us echo reply
1 2606:4700:4700::1111 56 253 7ms711us echo reply
2 2606:4700:4700::1111 56 253 7ms788us echo reply
Code: Select all
tcpdump ip6 -v -v -v -i genet0
tcpdump: listening on genet0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
15:00:55.007805 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::7a9a:18ff:fecd:cb0e > ff02::2: [icmp6 sum ok] ICMP6, router solicitation, length 16
source link-address option (1), length 8 (1): 78:9a:18:cd:cb:0e
0x0000: 789a 18cd cb0e
Code: Select all
/ipv6/address> print
Flags: D - DYNAMIC; G - GLOBAL, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
# ADDRESS INTERFACE ADVERTISE
0 DL fe80::1/64 pppoe-out1 no
1 DG 2a02:8011:XXXX:fb::1/64 pppoe-out1 no
2 DL fe80::7a9a:18ff:fecd:cb0d/64 ether1 no
You do not have the required permissions to view the files attached to this post.
Re: ipv6 ND /64 and PD /48 problems
ipv6-dhclient.jpg
prefix-length should be set to /64 ... this setting defines prefix sizes which will later be handed out by the pool. If you wan't to "suggest" to upstream DHCP server the prefix (and length) you want to receive, you do it using prefix hint field ... like you already do, but add the prefix length, e.g. 2a02:8010:aaaa::/48 . Mind that it's a "hint" and upstream DHCP server is free to ignore it completely.
Re: ipv6 ND /64 and PD /48 problems
aha! ok I understand that.prefix-length should be set to /64 ... this setting defines prefix sizes which will later be handed out by the pool.
Made the change, clicked onto 'save configuration' (on the 'quick set' menu) and restarted the connection (but didn't reboot). Is a reboot required?
Still no handing out ip6
EDIT: the "prefix hint" I populated with the numbers my ISP provided for the /48.
Re: ipv6 ND /64 and PD /48 problems
My experience is that sonetimes it is necessary to reboot ROS device in order to fully apply configuration changes. E.g. pool has to be "replenished" for it to be able to start handing out different prefix size.
Re: ipv6 ND /64 and PD /48 problems
ok thanks, i'll reboot each time i make a change
I found this guide: https://wiki.mikrotik.com/wiki/Setting_up_DHCPv6
it's not worked so far but I've not rebooted yet
I found this guide: https://wiki.mikrotik.com/wiki/Setting_up_DHCPv6
it's not worked so far but I've not rebooted yet
Re: ipv6 ND /64 and PD /48 problems
For Prefix Hint, you can use ::/48, or ::/56, etc... no need to include the real prefix from your ISP. Don't follow the old wiki guide that tell you to setup DHCPv6 server. You don't need to configure the DHCPv6 server at all.
What you need is to add an address entry:
ether2 is you LAN interface :
abcd is the interface id part (64bit suffix) of the IPv6 address of the router that will be set on that ether2.interface. v6pool is the pool created by DHCPv6 client.
When you now print the IPv6 address list, this entry will have the full address, including a /64 prefix from the prefix provided by your ISP, and the "Advertise" flag will be enabled. With this flag and /ipv6 nd properly configured for ether2, the clients will all get their IPv6 addresses using SLAAC with the same /64 prefix.
If you have more VLAN or other interfaces, repeat the same and add one /ipv6 address entry for each of them.
What you need is to add an address entry:
Code: Select all
/ipv6 address
add address=::1234:abcd comment="From WAN pool" from-pool=v6pool interface=ether2
abcd is the interface id part (64bit suffix) of the IPv6 address of the router that will be set on that ether2.interface. v6pool is the pool created by DHCPv6 client.When you now print the IPv6 address list, this entry will have the full address, including a /64 prefix from the prefix provided by your ISP, and the "Advertise" flag will be enabled. With this flag and /ipv6 nd properly configured for ether2, the clients will all get their IPv6 addresses using SLAAC with the same /64 prefix.
If you have more VLAN or other interfaces, repeat the same and add one /ipv6 address entry for each of them.
Re: ipv6 ND /64 and PD /48 problems
I zeroed my ipv6 config and started again.For Prefix Hint, you can use ::/48, or ::/56, etc... no need to include the real prefix from your ISP. Don't follow the old wiki guide that tell you to setup DHCPv6 server. You don't need to configure the DHCPv6 server at all.
What you need is to add an address entry:
ether2 is you LAN interface :Code: Select all/ipv6 address add address=::1234:abcd comment="From WAN pool" from-pool=v6pool interface=ether2
When you now print the IPv6 address list, this entry will have the full address, including a /64 prefix from the prefix provided by your ISP, and the "Advertise" flag will be enabled. With this flag and /ipv6 nd properly configured for ether2, the clients will all get their IPv6 addresses using SLAAC with the same /64 prefix.
If you have more VLAN or other interfaces, repeat the same and add one /ipv6 address entry for each of them.
Unfortunately, I couldn't make your suggestion work. It's still not issuing anything SLAAC can use. I am surely doing something wrong.
By ":
abcd" do you mean, in my case, ::1 ? (that being the first /64 of the /48)Is the ipv6 implementation that routerOS uses non-standard? (see [1])
On other routers (openbsd edgerouter, fritzbox etc) i've not had to specify actual address entries, so this is all new.
They get the right ND via DHCP when pppoe comes up, and the PD /48 gets set (i.e. configured) as the network for the LAN interface,
(in other words what's entered is not the full or partial ip, just "/48" for the ether2 equivalent) and that's it.
[1] My ISP has this to say about its implementation:
/48 Delegation Prefix. This is usually provided over DHCPv6, and requires that your router acts as a requesting router for the purpose of IPv6 delegation RFC3633 - (https://tools.ietf.org/html/rfc3633). Subnets of this prefix are used by the CPE to address devices on the LAN.
Routers supporting RFC7084 (https://tools.ietf.org/html/rfc7084) are expected to work without issue. Older routers, or ones that do not fully implement RFC7084 may experience issues.
Re: ipv6 ND /64 and PD /48 problems
By ":
Yes, it's the interface-id part of the address, the 64-bit at the end of the IPv6 address. You can set it to ::1 if you wish. If you enter it with the UI in WebFig or Winbox, you should enter it as ::1/64. Once you have done that you can check with
Code: Select all
/ipv6 address printwhether a corresponding entry with the G (global) flag and without the D (dynamic) flag is present for the ether2 interface. This address should have the prefix from the ISP and the interface-id that you chose above. Please note that in your DHCPv6 client configuration, you should only request for the prefix, not an address
Also make sure that you've created an entry for the ether2 interface under /ipv6 nd (Neighbor Discovery). The two following checkboxes should be enabled:
Code: Select all
/ipv6 nd
add interface=ether2 managed-address-configuration=yes other-configuration=yesFrom my experience, the DHCPv6 client implementation in RouterOS works fine and has no problems supporting prefix delegation.
You do not have the required permissions to view the files attached to this post.
Re: ipv6 ND /64 and PD /48 problems
bingo! it works TYVM
(from freebsd SLAAC-enabled machine):
so, essentially, if ::2 is required, i'd put that on ether3. That's very powerful.
TYVMCode: Select all
Flags: D - DYNAMIC; G - GLOBAL, L - LINK-LOCAL
Columns: ADDRESS, FROM-POOL, INTERFACE, ADVERTISE
# ADDRESS FROM-POOL INTERFACE ADVERTISE
;;; From WAN pool
0 G 2a02:8010:XXXX:1::1/64 v6pool ether2 yes
1 DL fe80::7a9a:18ff:fecd:cb0e/64 bridge no
2 DG 2a02:8010:XXXX:1::1/64 bridge no
3 DL fe80::1/64 pppoe-out1 no
4 DG 2a02:8011:YYYY:fb::1/64 pppoe-out1 no
5 DL fe80::7a9a:18ff:fecd:cb0d/64 ether1 no
Code: Select all
(genet0)
inet6 2a02:8010:XXXX:1:ZZZZ:32ff:fee2:48fc prefixlen 64 autoconf pltime 604800 vltime 2592000
Re: ipv6 ND /64 and PD /48 problems
I'm going to make a step-by-step howto as the process was (for me) counter-intuitive
probably mostly down to my own unfamiliarity with routerOS.
probably mostly down to my own unfamiliarity with routerOS.
Re: ipv6 ND /64 and PD /48 problems
Cleaned config would look something like this:
Code: Select all
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe1 pool-name=ISP-PD-Pool pool-prefix-length=64 prefix-hint=::/48 request=prefix use-peer-dns=no
/ipv6 nd
set [ find default=yes ] disabled=yes
add interface=ether2
/ipv6 address
add address=::1 advertise=yes from-pool=ISP-PD-Pool interface=ether2Re: ipv6 ND /64 and PD /48 problems
thank you!
Who is online
Users browsing this forum: Semrush [Bot] and 10 guests