Hi,
i'm seeking input on how best to configure:
A test network with multiple subnets is routed using an RB1100. This in turn is connected to an x86 RouterOS install for internet access
wired -\
wireless ----- RB1100 ---- x86RouterOS --- USB LTE --- Internet
server -/
Connection to the internet is through the x86 RouterOS using a USB LTE UML295 verizon wireless device. This appears on the x86 system as interface lte1. IP addresses are dynamically assigned by the ISP.
The setup is working fine with IPv4 - but i'm wanting to add IPv6 to the mix. Internally, ('m using OSPF for routing (I actually complicate the internal side further with some anycast services, but have disabled these from the mix to simplify things in this scenario).
Firstly, the USB LTE device gets an IPv6 address that is dynamically assigned by the ISP each time it connects. From tests with a laptop, this LTE device uses SLAAC to configure the IPv6 address on the USB client-side. This won't work with RouterOS as it doesn't support SLAAC. I'm actually able to retrieve the IPv6 address from the LTE device using a web request. Annoyingly, the subnet changes quite a bit, for example: 2600:100A:B129:, 2600:100A:B112:, 2600:100A:B122:.
Next, i'd like to have IPv6 throughout the network, ideally with multiple subnets to mirror the IPv4 setup (i'm simulating different zones/subnets for servers, wired, wireless, etc.).
So, how do i go about this? Since the x86 edge router will get a different IPv6 address each time the LTE device reconnects, i would have thought NAT would be the best solution - but RouterOS doesn't support NATv6? Or, if there's no other option but to have the IP address change each time (which is scriptable), how do i utilize a subnet on the inside that won't change each time?
A thought i had was to attach the USB LTE to a linux box, and use that to do NAT with the x86 RouterOS being connected to that.
just wondered if anyone has any ideas?
thanks.
Re: Suggestions for IPv6 configuration
My suggestion, which I agree is not very helpful, is to get a connection, where you receive your own prefix from ISP, big enough for all subnets you need. Otherwise you can't do much, RouterOS currently does not support NATv6. You would have to use some other device which does as gateway. But then, what's the point of NATted IPv6? For some very special occassions, fine, but not for regular use...
Re: Suggestions for IPv6 configuration
Did you try running DHCPv6 client on the ROS x86 router on the LTE interface?
The only correct solution to this is if you get DHCPv6 PD advertised. Then you can split that prefix into smaller subnets if necessary and/or assign it to your LAN-bound interface.
If you get no PD, then perhaps you could request a prefix with your ISP?
The only correct solution to this is if you get DHCPv6 PD advertised. Then you can split that prefix into smaller subnets if necessary and/or assign it to your LAN-bound interface.
If you get no PD, then perhaps you could request a prefix with your ISP?
Re: Suggestions for IPv6 configuration
Unfortunately, they don't use DHCP. I'm not sure if they would give a prefix - it's a cellular LTE provider.Did you try running DHCPv6 client on the ROS x86 router on the LTE interface?
The only correct solution to this is if you get DHCPv6 PD advertised. Then you can split that prefix into smaller subnets if necessary and/or assign it to your LAN-bound interface.
If you get no PD, then perhaps you could request a prefix with your ISP?
Re: Suggestions for IPv6 configuration
Bad news: You're basically unable to use this LTE connection for IPv6. Mikrotik doesn't even support learning an interface IPv6 address / default GW from SLAAC. Furthermore, your connection would require NAT in order to share it with other devices. SLAAC is for one and only one device. Mikrotik doesn't support NAT on IPv6 either - mostly because there's no official kernel support for it.
There is a very strong movement to eliminate NAT from the Internet with IPv6. (Consider this RFC from 2010 that discusses the pros and cons of NAT.... https://tools.ietf.org/html/rfc5902). Personally, I side with the "no nat" camp, even though I was enforcing NAT on customers before it was commonplace to do so (back in the mid 1990's). I think that there are better ways to achieve the same benefits that NAT is currently used to obtain, but without the broken applications and work-arounds that we are forced to use today. (UPnP for Xbox, anyone?)
Anyway, the fact of the matter is that the LTE connection is designed for a single client to connect itself to the IPv6 internet, and not a router, and Mikrotik doesn't support any of the protocols that would be necessary to work around the limitation.
Sorry.
It seems silly, but if you want to use IPv6, then you can get a tunnel from tunnelbroker.net - I used a tunnel like this for years at my hose, and it works great. (Comcast started supporting /60 assigments with dhcpv6-pd, so that ended my need for the tunnel)
There is a very strong movement to eliminate NAT from the Internet with IPv6. (Consider this RFC from 2010 that discusses the pros and cons of NAT.... https://tools.ietf.org/html/rfc5902). Personally, I side with the "no nat" camp, even though I was enforcing NAT on customers before it was commonplace to do so (back in the mid 1990's). I think that there are better ways to achieve the same benefits that NAT is currently used to obtain, but without the broken applications and work-arounds that we are forced to use today. (UPnP for Xbox, anyone?)
Anyway, the fact of the matter is that the LTE connection is designed for a single client to connect itself to the IPv6 internet, and not a router, and Mikrotik doesn't support any of the protocols that would be necessary to work around the limitation.
Sorry.
It seems silly, but if you want to use IPv6, then you can get a tunnel from tunnelbroker.net - I used a tunnel like this for years at my hose, and it works great. (Comcast started supporting /60 assigments with dhcpv6-pd, so that ended my need for the tunnel)