Tag Archives: IPv6 prefix delegation mikrotik

IPv6 at home

Now days most of ISPs provide their end-users with IPv6 connectivity.

In this post I’ll explain IPv6 setup on my home router Mikrotik running RouterOS on Routerboard 951-2n.

CPE & DHCPv6-PD

My ISP is using DHCPv6-PD to delegate IPv6 (/56 sized) prefixes to the customers. This extension to DHCPv6 is described in RFC3633.

Simple diagram is shown below.

IPv6_1

Although it is pretty much self-explanatory, CPE is cable modem in this case, MT is Mikrotik WLAN router.

We need to distinguish between address assignment and prefix delegation. IPv6 prefix will be delegated by ISP, but address assignment will be done by customer (us) to our IPv6 capable home devices (laptop, smartphone).

Check RouterOS for IPv6 support

The RouterOS (v6.18) need package “ipv6” for all this to work. So first make sure you have it:

[admin@MikroTik] > /system package print
 Flags: X - disabled
 # NAME VERSION SCHEDULED
 0 routeros-mipsbe 6.18
 1 system 6.18
 2 X wireless-fp 6.18
 3 ipv6 6.18
 4 wireless 6.18
 5 X hotspot 6.18
 6 dhcp 6.18
 7 X mpls 6.18
 8 routing 6.18
 9 ppp 6.18
 10 security 6.18
 11 advanced-tools 6.18

If it is disabled, you might have to restart your router in order to enable the package.

After we checked that IPv6 is available on our router:

[admin@MikroTik] > ipv6 ?
.. -- go up to root
 address --
 dhcp-client -- DHCPv6 client settings
 dhcp-relay -- DHCPv6 relay settings
 dhcp-server -- DHCPv6 server settings
 firewall --
 nd --
 neighbor --
 pool -- IPv6 address pools
 route --
 settings --
 export -- Print or save an export script that can be used to restore configuration

we can start with the configuration.

Link-Local Addresses

After IPv6 has been enabled each running interface should have link-local IPv6 address. This is needed for proper IPv6 operation (IPv6 LLA).

[admin@MikroTik] > /ipv6 address print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE   ADVERTISE
 0 DL fe80::4e5e:cff:fed8:aad3/64                           ether1      no       
 1 DL fe80::4e5e:cff:fed8:aad8/64                           wlan1       no

If you accidentally remove these addresses either you can reboot your RouterOS or disable/enable interfaces to get them assigned dynamically by RouterOS. In any case – we need them!

Here is updated diagram with LL IPv6 addresses:

IPv6_2

IPv6 pool

DHCPv6-PD in this setup needs IPv6 local pool. This can be described as an entity which will contain information about prefix which will be assigned to us as an user from our ISP.

At this point there are still no IPv6 pools defined:

[admin@MikroTik] > /ipv6 pool print 
Flags: D - dynamic 
 #   NAME    PREFIX                                      PRE EXPIRES-AFTER

So far so good. Since ether1 interface will get information about the IPv6 prefix over DHCPv6, we need to define local pool while configuring the interface:

[admin@MikroTik] > /ipv6 dhcp-client add interface=ether1 pool-name=IPv6-local-pool add-default-route use-peer-dns

(Note: new versions of ROS use different arguments)

[admin@MikroTik] > /ipv6 dhcp-client add interface=ether1 pool-name=IPv6-local-poo
l add-default-route=yes use-peer-dns=yes request=prefix

If all goes well you should be able to see your IPv6 delegated prefix:

[admin@MikroTik] > /ipv6 dhcp-client print terse                                   
 0    interface=ether1 pool-name=IPv6-local-pool pool-prefix-length=64 prefix-hint=::/0 status=bound prefix=2001:XXXX:12c:4c00::/
56 expires-after=7h29m6s duid=000300014c5e0cd8aad3 add-default-route=yes use-peer-dns=yes

pool-prefix-length is by default 64, we can define something bigger like /62, /60 (smaller than /64 is not advisable because of numerous reasons).

Note: pool-prefix-length has nothing to do with the prefix size we’ll get from ISP (which is /56 in this case). It is used for prefix length for addresses which will be assigned to our home devices (laptop, smartphone, etc…) over DHCPv6 server or in this example over SLAAC.

Pools can be viewed with:

[admin@MikroTik] > /ipv6 pool print 
Flags: D - dynamic 
 #   NAME    PREFIX                                      PRE EXPIRES-AFTER       
 0 D IPv6... 2001:XXXX:12c:4c00::/56                      64 5h30m27s

as well as their used prefixes:

[admin@MikroTik] > /ipv6 pool used print 
POOL         PREFIX                                      OWNER        INFO

(in this case there are no used prefixes since we didn’t assign any IPv6 yet)

Checking default IPv6 route

In IPv6 the default route is written as ::/0

It will point to LLA of gateway (CMTS) interface:

[admin@MikroTik] > /ipv6 route print terse 
 0 ADS  dst-address=::/0 gateway=fe80::5675:d0ff:fe47:3c5%ether1 gateway-status=fe80::5675:d0ff:fe47:3c5%ether1 reachable distance=1 scope=30 target-scope=10 
 1 ADSU dst-address=2001:XXXX:12c:4c00::/56 type=unreachable distance=1

We can see from the output that we received info about default route ::/0 and as a gateway LLA fe80::5675:d0ff:fe47:3c5 will be used. The %ether1 part represents the zone index (RFC6874).

IPv6 address assignment

Now when we have our pool with /56 delegated prefix defined, we can start assigning IPv6 addresses to our home devices or to our router interfaces.

Let’s assign IPv6 address to wlan1 interface from the pool:

[admin@MikroTik] > /ipv6 address add interface=wlan1 from-pool=IPv6-local-pool advertise=yes

RouterOS will delegate automatically IPv6 address from the IPv6-local-pool to wlan1 interface.

You might noted that I don’t bother manually specifying addresses. I rely on DHCPv6-PD & SLAAC. I might write a post about manually configuring addresses next time.

Let’s check what address was assigned to wlan1 interface:

[admin@MikroTik] > /ipv6 address print terse 
 0 DL address=fe80::4e5e:cff:fed8:aad3/64 from-pool="" interface=ether1 actual-interface=ether1 eui-64=no advertise=no 
 1 DL address=fe80::4e5e:cff:fed8:aad8/64 from-pool="" interface=wlan1 actual-interface=wlan1 eui-64=no advertise=no 
 2  G address=2001:xxxx:12c:4c00::/64 from-pool=IPv6-local-pool interface=wlan1 actual-interface=wlan1 eui-64=no advertise=yes

wlan1 interface has global unicast address assigned. You can check its reachability from some looking glass server (my favorite: bgp4.as)

Now every home IPv6 capable device should be able to get its IPv6 address using SLAAC (somewhere also called “automatic”) configuration.

Which end devices are supporting SLAAC

SLAAC is not useful on devices which don’t support this sort of IPv6 auto-configuration.

At the time of writing I tested SLAAC on bunch of my home wireless devices:

  • Windows 7 – SLAAC supported
  • Windows 10 – SLAAC supported
  • Sony PS3 – No IPv6 support at the moment
  • Blackberry Z10 – SLAAC supported
  • Windows Mobile 10 – IPv6 seems to be supported but only through DHCPv6, no SLAAC
  • FreeBSD/Linux – should I even mention?

Links

Wikipedia PD explanation

RFC3633: IPv6 Prefix Options for DHCPv6

RFC6874: IPv6 Zone Identifiers

Comparison of IPv6 support in OS