IPv6

Xymox · Sat May 15, 2010 8:01 am

Im a IPv6 dummy...

If I plug in my XP based computer to the cable modem, I automagically get fully configured for IPv6 and can reach IPv6 web sites. No need for registering for a tunnel or anything. Its plug and play. Of course I do have to install IPv6 in XP. But Vista and W7 need no config at all. They just plug in and work. No config at all.

So my cable company is supporting IPv6 and it works perfectly and completly automatically.

My computer works completly automatically.

However my Mikrotik router needs a large amout of config, a fixed IP from the cable company to support a tunnel and a account at HE.. Even then, I have been unable so far to get RouterOS 4.9 to work.

Why is this the case ? Can't the router see the cable company config like my computers do ? Can't the router see the computer and provide connectivity ?

In fact I dont know of a router that can just work on IPv6 without config, even though I thought one of the main things IPv6 offers is auto.

Ok ok... So then.. How do I get IPv6 working on my cable company's setup. I do NOT want to rely on HE and a fixed tunnel. There must be some way to get connected to the cable company and get the info required to use thier tunnels and hook them to my computers.

This would be a very useful thing as I know that Cox Cable, Comcast and AT&T use the same setup for IPv6. So a config for this could be used by many people.

Ideally after some config, you should be able to plug the router into any Cox/Comcast/AT&T connection and it will discover all the right settings and any computer plugged into the router will end up connected up IPv6 correctly without any config.

Has anyone done this ? If not any ideas ? I could see this being a useful wiki entry on IPv6.

Sob · Sat May 15, 2010 3:53 pm

Autoconfiguration is primarily for client computers, not so much for routers.
Client computer needs just one address and autoconfiguration can provide it. Router in addition needs another whole subnet for computers connected behind it.
Even if ROS accepted router advertisements from ISP's router and configured address for itself (currently it doesn't seem to), it would not be very useful, because it'd be still missing the addresses for computers on internal network.
Ask your ISP, they know best what they can do for you.

Xymox · Sat May 15, 2010 9:54 pm

Ok so the router cant obtain 1 IPv6 address from the ISP and then generate its own addresses from a maunally pre assigned pool then do some sort of NAT ?

This would solve many problems.

It would work just like a IPv4 router. This cant be impossible with IPv6 ?

IPv6 seem to want to assign EVERYTHING a externaly accessable address. I dont need or want that. I like NAT.

This MUST be possible ?

liteforce · Sat May 15, 2010 10:22 pm

It would work just like a IPv4 router. This cant be impossible with IPv6 ?

IPv6 seem to want to assign EVERYTHING a externaly accessable address. I dont need or want that. I like NAT.

This MUST be possible ?

NAT was never meant to be used as a form of network security; it was hacked together to forestall every single machine in the world requiring a globally-unique IPv4 address.

The inability to make direct inbound connections to machines behind a NAT was not by design; merely a side-effect.

The whole point of IPv6 is that you don't need to use specific private addressing behind a single globally-routable address like you do with IPv4; everything has its' own globally unique address - if you want to emulate the security 'features' of NAT, simply ensure that no-one can connect to the machines behind your router by firewalling off all externally-initiated inbound traffic to your internal network.

It really is that easy.

Regards,
Terry Froy
Spilsby Internet Solutions

Xymox · Sun May 16, 2010 12:04 am

Well yes, of course. BUT again, we have a huge problem again. Having to assign all my computers a world reachable IPv6 address. This then requires a account at HE and then a tunnel setup and a fixed IP for a home modem. This prevents me and many others from going to IPv6.

So again, I would think that a IPv6 NAT with the router grabbing a single world accessible IPv6 address from the ISP and then assigning IPv6 addresses from a pool of pre configured addresses to my lan side devices and doing NAT would be the much needed solution to getting a huge chunk of people onto IPv6 ?

This cant be that hard ? The benefits seem worthwhile, suddenly IPv6 just works automagically with routers.

Im sorry if I am somehow being newbie stupid here. I just dont see why this cant be done ?

Xymox · Sun May 16, 2010 12:46 am

Ive posted a question over at DSLReports on my ISP's forum about how to somehow get connected to my ISP IPv6.

http://www.dslreports.com/forum/r24247961-IPv6-help

But this is a separate issue from my question above..

changeip · Sun May 16, 2010 4:35 am

who is your ISP? never heard of any giving out native v6 yet so im curious.

ask your ISP to give you a subnet for your WAN, and a subnet for your LAN. Have them route your LAN subnet thru your WAN subnet ip.

Xymox · Sun May 16, 2010 4:59 am

Well its not native. Your right I dont think anyone is doing that... Yet...

It hands me a automagically configured tunnel..

Here are my exact settings for a test. YES these are full IP's but there is no longer a computer at them so its OK to disclose them.

On a XP machine I installed ipv6 ( cmd prompt > "ipv6 install" ) then plugged directly into the cable modem. Vista and W7 just work no need to install anything. No need to reboot XP either. You do have to restart your browser to go to IPv6 only sites. To test go to http://v6.testmyipv6.com/ and/or http://ipv6.google.com/ You can also use ping6 to ping stuff.

Doing a ipconfig, In my case the automagical numbers that got assigned are:

Ethernet Adapter Local Area Connection:

Connection-specific DNS suffix: ph.cox.net
IP address:68.106.249.47
subnet mask:255.255.248.0
IP Address:fe80::f200:8dff:fed1:783f%5
Default gateway:68.106.248.1

skipping Tunnel adapter Teredo as its not used.

Tunnel adapter 6to4:

Connection-specific DNS suffix: ph.cox.net
IP Address: 2002:446a:f92f::446a:f92f
default gateway: 2002:c050:6301::c050:6301

Tunnel adapter Automatic Tunneling Pseudo-Interface

Connection-specific DNS suffix: ph.cox.net
IP Address: fe80::5efe:68.106.249.47%2

AGAIN 100% automatic. On Vista and W7 it just works right out of the box. Auto configured tunnel.

Xymox · Sun May 16, 2010 10:49 am

I have posted a thread in a IPv6 forum...

http://www.dslreports.com/forum/r242492 ... -Cox-cable

Sob · Sun May 16, 2010 7:55 pm

Everything starting with 2002: is 6to4, automatic tunelling over IPv4. Don't thank your ISP for that, it works with any IPv4 public address.

If your public address is static, this should be enough:

/interface 6to4
add disabled=no local-address=aaa.bbb.ccc.ddd mtu=1480 name=6to4

/ipv6 address
add address=2002:AABB:CCDD:1::1/64 advertise=yes disabled=no eui-64=no interface=LAN
add address=2002:AABB:CCDD::1/16 advertise=no disabled=no eui-64=no interface=6to4

/ipv6 nd prefix default
set autonomous=yes

/ipv6 route
add disabled=no distance=1 dst-address=2000::/3 gateway=::192.88.99.1%6to4

Where aaa.bbb.ccc.ddd is your public address and AABB:CCDD is the same address converted to hexadecimal representation (68.106.249.47 and 446a:f92f in what you posted).
If your address is dynamic, then it must also be possible to set up, but I'm not exactly sure how, I never tried it before in ROS. You probably need some script to update the local address in 6to4 interface settings. Maybe somebody else knows.

NAB · Sun May 16, 2010 8:42 pm

who is your ISP? never heard of any giving out native v6 yet so im curious.

Don't know about the OP, but in the UK, Andrews and Arnold have been providing native IPv6 for around about 6 years. See http://aaisp.net.uk/kb-broadband-ipv6.html.

Xymox · Sun May 16, 2010 9:13 pm

OoOooo Sob, that seems pretty close !

I don't know enough script either. Maybe someone here can complete this quest ? It would be pretty awesome to have a script and some settings that would make a router just work automagically on any connection

I would think it would be a good thing to put in the wiki under the IPv6 section as a example.

Some script and settings to make RouterOS just automagically do tunneled IPv6 on any connection, Thats pretty awesome.

Sob · Mon May 17, 2010 12:14 am

Updating the local address of 6to4 interface is easy, just take the script from wiki (http://wiki.mikrotik.com/wiki/Hurricane ... nt_updater) and cut the unneeded last part (the one with /tool fetch).

Unfortunately it won't help you much. In this case you also have to change the IPv6 addresses and prefixes, because they're derived from actual IPv4 address.

ROS can change the advertised prefix automatically (when you select 6to4 interface parameter in IPv6->ND->Prefixes), but it seems to be completely buggy (ROS 4.9 x86):

- It requires "6to4 interface" to be WAN interface instead of actual 6to4 interface. It doesn't make sense, because there can be several 6to4 interfaces on the same WAN.
- It creates the address with reversed byte order. I tried it with 192.168.80.200 and instead of correct 2002:c0a8:50c8::/64 it generates 2002:c850:a8c0::/64.
- It is quite laggy. When the IPv4 address is changed it still keeps advertising the old prefix.

But it can be worked around, we have the script running anyway, so it'd be possible to change prefix manually. Also the IPv6 address of 6to4 interface must be changed.

And here I'm lost. It'd require to parse IPv4 address, convert numbers to hexadecimal representation and construct the address from them. But I can't find any "int to hex" function in ROS scripting...

Xymox · Mon May 17, 2010 7:38 am

Hmmm......

Yes with DD-WRT and Open-WRT you have full access to the *nix enviroment so converting numbers to hex and everything else is easy. I do wish we had access to *nix. Ive run into that problem before.

Buggy is bad. Hard to overcome that one..

well that is discouraging.

Ok well... NO doubt it can be done. In our case we need Mikrotik to implement a solution however. Not sure if this has any application to the pro market, but for the 750G and 450G SOHO home user market this would be a great thing to implement.

I can imagine a single check box to enable this functionality. But it might just stay in my imagination......

Well awesome work on this Sob ! You need some Karma !

marsark · Mon May 17, 2010 11:55 pm

More about troubles with ROS and IPv6 can be found here: http://forum.mikrotik.com/viewtopic.php?f=2&t=38166

Xymox · Tue May 18, 2010 5:00 am

Well in all fairness ROS is not alone in IPv6 having some trouble. Open-WRT and DD-WRT also have issues.

Sob · Wed May 19, 2010 2:25 am

I found some time before going to bed and decided to give it one more try. And it wasn't really that hard.

Sample initial configuration:

/interface 6to4
add disabled=no local-address=192.0.2.1 name=6to4 remote-address=unspecified
/ipv6 address
add address=2002:c000:201::1/16 advertise=no comment=6to4public disabled=no \
    eui-64=no interface=6to4
add address=2002:c000:201:dead::1/64 advertise=yes comment=6to4subnet \
    disabled=no eui-64=no interface=LAN1
add address=2002:c000:201:beef::1/64 advertise=yes comment=6to4subnet \
    disabled=no eui-64=no interface=LAN2
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=2m valid-lifetime=5m
/ipv6 route
add disabled=no distance=1 dst-address=2000::/3 gateway=::192.88.99.1%6to4

The addresses must be created and properly labeled by comments.

And following is the update script:

# settings begin:

:local WANinterface "WAN"
:local 6to4interface "6to4"
:local PubAddrComment "6to4public"
:local SubnetAddrComment "6to4subnet"
:local LogPrefix "6to4update: "

#settings end.

:local WANaddress

:set WANaddress [/ip address get [/ip address find interface=$WANinterface] address]
:set WANaddress [:pick [:tostr $WANaddress] 0 [:find [:tostr $WANaddress] "/"]]

:if ([:len $WANaddress] = 0) do={
  :log error ($LogPrefix . "Could not get IP for interface " . $WANinterface)
  :error ("Could not get IP for interface " . $WANinterface)
}

:if ([/interface 6to4 get ($6to4interface) local-address] != $WANaddress) do={
  :log info ($LogPrefix . "Updating " . $6to4interface . " local-address with new IP " . $WANaddress . "...")
  /interface 6to4 set ($6to4interface) local-address=$WANaddress
   
  :set WANaddress ($WANaddress . ".")
  :local IP6prefix "2002:"
  :local num
  :local tn
  :local hi
  :local lo
  :local ar
  :local pos
  :local IP6part

  :for i from=0 to=1 do={
    :set IP6part ""  
    :for j from=0 to=1 do={
      :set pos [:find $WANaddress "."]
      :set num [:pick $WANaddress 0 $pos]
      :set WANaddress [:pick $WANaddress ($pos + 1) 99]
      :set tn [:tonum $num]
      :set hi ($tn / 16)
      :set lo ($tn - ($hi * 16))
      :set ar [:toarray ($hi . "," . $lo)]
      :foreach val in=$ar do={
        :if ($val < 10) do={
          :set IP6part ($IP6part . $val)
        } else={
          :if ($val = 10) do={ :set IP6part ($IP6part . "a") }
          :if ($val = 11) do={ :set IP6part ($IP6part . "b") }
          :if ($val = 12) do={ :set IP6part ($IP6part . "c") }
          :if ($val = 13) do={ :set IP6part ($IP6part . "d") }
          :if ($val = 14) do={ :set IP6part ($IP6part . "e") }
          :if ($val = 15) do={ :set IP6part ($IP6part . "f") }
        }
      }
    }
    :set IP6prefix ($IP6prefix . $IP6part . ":")
  }
  
  :foreach i in=[/ipv6 address find] do={
    :local addr [/ipv6 address get $i address]
    :local cmnt [/ipv6 address get $i comment]
    :local name [/ipv6 address get $i interface]
    :if ($cmnt = $PubAddrComment) do={
      :local newaddr ($IP6prefix . ":1/16")
      /ipv6 address set $i address=$newaddr
      :log info ($LogPrefix . "Changed address of interface " . $name . " from " . $addr . " to " . $newaddr)
    }
    :if ($cmnt = $SubnetAddrComment) do={
      :local tmp $addr
      :for j from=0 to=2 do={
        :set pos [:find $tmp ":"]
        :set tmp [:pick $tmp ($pos + 1) 99]
        :if ($j = 2) do={
          :set pos [:find $tmp ":"]
          :local newaddr ($IP6prefix . [:pick $tmp 0 $pos] . "::1/64")
          /ipv6 address set $i address=$newaddr
          :log info ($LogPrefix . "Changed address of interface " . $name . " from " . $addr . " to " . $newaddr)
        }
      }
    }
  }
  :log info ($LogPrefix . "Finished successfully.")
}
#EOF

Name it "update6to4" and add it to scheduler:

/system scheduler
add comment="" disabled=no interval=5m name="Update 6to4" on-event=\
    update6to4 policy=read,write start-date=jan/01/1970 start-time=00:00:00

omega-00 · Tue Aug 31, 2010 7:33 am

Excellent and informative post.

I think I'll expand on this to create an auto-setup-6to4 script

Do you mind if I use the original script in a blog post if it is attributed back to you?

Sob · Tue Aug 31, 2010 4:17 pm

Use it, improve it, sell it, ... anything you want.

omega-00 · Sat Sep 04, 2010 9:33 am

Of note, this config works fine in v4.11 but not properly in v5.0beta6

Edit: scrap that, got it working in 5.0beta6 I think I might have been doing something dumb

Sob · Sat Sep 04, 2010 6:16 pm

What exactly doesn't work? I tried quick test (just local with virtual machines in VirtualBox) and everything seems to be fine.

FIPTech · Sat Sep 04, 2010 6:23 pm

Just for information, we have native IPv6 over ADSL and SDSL lines since about 9 years in France.

For ADSL it is IPv6 over PPPoE, and for SDSL, it is Ethernet.

This is dual stack, so you receive IPv4 and IPv6 at the same time in the same xDSL line.

Only one provider is doing this, but i think that others will do this very soon.

I'm using IPv6 in production, PPPoE or Ethernet over router OS boxes, and it does works.

omega-00 · Sun Sep 05, 2010 4:27 pm

This is dual stack, so you receive IPv4 and IPv6 at the same time in the same xDSL line.

Only one provider is doing this, but i think that others will do this very soon.

I'm using IPv6 in production, PPPoE or Ethernet over router OS boxes, and it does works.

Out of interest could you provide the configuration you use on your PPPoE interface?
We have a provider here who is doing this also (as a trial) however I've yet to be able to receive an advertised prefix for my router to use.

For anyone interested, here's the 6to4 post I did. http://www.mikrotik-routeros.com/?p=112

FIPTech · Sun Sep 05, 2010 9:49 pm

This is not a 6 to 4 tunnel. We are using native IPv6 over PPPoE with IPv6CP.

So you just setup an IPv6 address on your WAN interface (Ethernet or PPPoE) and a default route to the provider gateway and it's working.

You need to know the /48 block delivered by your provider and the provider gateway. Those are not delivered automatically.

I think the nicer solution is too choose your IPv6 wan address in the same /126 sub-network than the provider gateway but choosing another one will normally work the same as soon as it is not an adress from a LAN /64 subnetwork you will use.

Next you can put /64 subnetworks (from the /48) to your Lans. So you can have about 65000 subnetworks for your LANs (16 bits)...

Those /64 blocks on LAN interfaces will be advertised from your router by Radvd (Neighbour Discovery setup inside Router OS).

The setup is simpler than IPv4, as you have no DHCP to configure.

One thing you must be cautious, is that there is no NATTING with IPv6. So you need to setup forward firewall rules to avoid the world to be able to join every machines on your LANs.

In the end, configuring IPv6 is very fast and simpler compared to IPv4.

omega-00 · Mon Sep 13, 2010 4:05 am

You need to know the /48 block delivered by your provider and the provider gateway. Those are not delivered automatically.

I think the nicer solution is too choose your IPv6 wan address in the same /126 sub-network than the provider gateway but choosing another one will normally work the same as soon as it is not an adress from a LAN /64 subnetwork you will use.

Here's where I run into problems at the moment, as even v5.0beta doesn't seem to have a way to get the dynamically advertised prefix from the remote end (which is how my ISP is handing out the IPv6 ranges).

It's currently a bit of a show-stopper for us as it can't be used until this function is available. I don't expect many of us want to have to configure every part of our network or find out what the new IPv6 allocation is for connections on a Dynamic IP address (IPv4/IPv6 dual stacks and such..)

charliebrown · Mon Sep 13, 2010 4:42 am

Sorry how is your ISP handing out its dynamic ranges? Having to "get" from the ISP side doesn't make any sense. I'm also not sure that your meant to dynamically change the v6 prefix handed out to the CPE as this would require an address update for every v6 device in the lan when the dsl/wifi/sat/whatever link drops

omega-00 · Mon Sep 13, 2010 7:58 am

"In order to participate in the broadband trial you will need ... a router that supports IPv6 PPP and Prefix Delegation via DHCPv6"

From: http://ipv6.internode.on.net/access/adsl/

charliebrown · Mon Sep 13, 2010 8:24 am

Have you actually checked if your prefix changes? DHCPv6 is something I havent played with in ROS yet but its meant to be coming in v5. If your prefix doesn't change (Which it shouldn't TBQH, There is no need for dynamic v6 ranges to client when an ISP has more IP's than the number of people on earth) just assign it on your Ethernet and be done with it

bevhost · Mon Sep 13, 2010 8:27 am

I'm also not sure that your meant to dynamically change the v6 prefix handed out to the CPE as this would require an address update for every v6 device in the lan when the dsl/wifi/sat/whatever link drops

Unlike DHCPv4, DHCPv6 has a reconfigure capability where the server can announce to it's clients that they should renew their lease/pick up new information.

omega-00 · Mon Sep 13, 2010 9:04 am

Have you actually checked if your prefix changes? DHCPv6 is something I havent played with in ROS yet but its meant to be coming in v5. If your prefix doesn't change (Which it shouldn't TBQH, There is no need for dynamic v6 ranges to client when an ISP has more IP's than the number of people on earth) just assign it on your Ethernet and be done with it

Yeah I can understand that *maybe* it won't change (would depend on the ISP). However at the moment there's no way to receive it in the first place.
Can't really call a helpdesk to find it out for each new connection. The option just needs to be made available on RouterOS.

After this it'll be our users connecting up to the mikrotik who need DHCPv6 prefix delegation.
We would assign each user a /56 that they can use, however how to inform them of that other than via the aforementioned?

omidkosari · Mon Sep 13, 2010 9:27 am

Dynamically via radius ?

omega-00 · Mon Sep 13, 2010 10:55 am

RouterOS doesn't yet support receiving the prefix's thou...

Ozelo · Wed Sep 29, 2010 9:00 am

OSPFv3 routing filters? any chance?

please!

IPv6

IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Re: IPv6

Who is online