IPv6 DHCPv6 Issues on MikroTik L009

bitflow · Sat Oct 26, 2024 2:27 pm

Hi all.

I'm having trouble setting up IPv6 on my MikroTik L009UiGS-2HaxD router, which replaced a Ubiquiti AmpliFi that worked out of the box.

Despite multiple configuration attempts, I'm seeing UnSpecFail status errors and can't seem to acquire a stable IPv6 address and prefix.

I'd prefer not to hardcode addresses but am running out of options.

Network Setup

Now:

ISP -> fiber box -> MikroTik L009UiGS-2HaxD (sfp1)

Previously:

ISP -> fiber box -> fiber switch -> Ubiquiti AmpliFi (RJ45)

Routerbord information

routerboard: yes
model: L009UiGS-2HaxD
serial-number: redacted
firmware-type: ipq5000
factory-firmware: 7.12
current-firmware: 7.16.1
upgrade-firmware: 7.16.1

IPv6 configuration

/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6 after RAW" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN

/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes managed-address-configuration=yes mtu=1500 other-configuration=yes ra-delay=5s ra-interval=5s-30s ra-lifetime=none reachable-time=5m
add advertise-dns=no interface=sfp1 ra-lifetime=none reachable-time=5m

/ipv6 nd prefix default
set preferred-lifetime=20m valid-lifetime=12h

/ipv6 settings
set accept-redirects=no accept-router-advertisements=yes max-neighbor-entries=4096

Findings

I have confirmed with my ISP that they hand out a ::/56 prefix.

Sometimes I receive a link-local address that is added as a gateway in (IPv6 Route List) as DAg with a distance of 1.

dhcp log from when dhcp client runs

1:34:32 dhcp,debug,packet send sfp1 -> ff02::1:2%13 
11:34:32 dhcp,debug,packet type: solicit 
11:34:32 dhcp,debug,packet transaction-id: be0318 
11:34:32 dhcp,debug,packet  -> clientid:   00030001 789a18fc 6dd0 
11:34:32 dhcp,debug,packet  -> ia_na:  
11:34:32 dhcp,debug,packet    t1: 0 
11:34:32 dhcp,debug,packet    t2: 0 
11:34:32 dhcp,debug,packet    id: 0xa 
11:34:32 dhcp,debug,packet  -> oro: 23  
11:34:32 dhcp,debug,packet  -> elapsed_time: 0 
11:34:32 dhcp,debug,packet  -> ia_pd:  
11:34:32 dhcp,debug,packet    t1: 0 
11:34:32 dhcp,debug,packet    t2: 0 
11:34:32 dhcp,debug,packet    id: 0xa 
11:34:32 dhcp,debug,packet recv client: sfp1 fe80::redacted -> fe80::redacted
11:34:32 dhcp,debug,packet type: advertise 
11:34:32 dhcp,debug,packet transaction-id: be0318 
11:34:32 dhcp,debug,packet  -> clientid:   00030001 789a18fc 6dd0 
11:34:32 dhcp,debug,packet  -> serverid:   00010001 27639377 00505687 fc2c 
11:34:32 dhcp,debug,packet  -> ia_na:  
11:34:32 dhcp,debug,packet    t1: 3600 
11:34:32 dhcp,debug,packet    t2: 7200 
11:34:32 dhcp,debug,packet    id: 0xa 
11:34:32 dhcp,debug,packet   -> ia_addr:  
11:34:32 dhcp,debug,packet     address: 2001:redacted
11:34:32 dhcp,debug,packet     valid time: 86400 
11:34:32 dhcp,debug,packet     pref. time: 54000 
11:34:32 dhcp,debug,packet  -> status: 1 - failed 
11:34:32 dhcp,debug,packet  -> dns_servers:  
11:34:32 dhcp,debug,packet     2001:redacted
11:34:32 dhcp,debug,packet     2001:redacted
11:34:32 dhcp,debug,packet  -> ia_pd:  
11:34:32 dhcp,debug,packet    t1: 3600 
11:34:32 dhcp,debug,packet    t2: 7200 
11:34:32 dhcp,debug,packet    id: 0xa 
11:34:32 dhcp,debug,packet   -> ia_prefix:  
11:34:32 dhcp,debug,packet     prefix: 2001:redacted::/56 
11:34:32 dhcp,debug,packet     valid time: 86400 
11:34:32 dhcp,debug,packet     pref. time: 54000

Screenshots from dump

Request

Response

UnSpecFail reference (RFC3315)

If a server receives a message that contains options it should not
contain (such as an Information-request message with an IA option),
is missing options that it should contain, or is otherwise not valid,
it MAY send a Reply (or Advertise as appropriate) with a Server
Identifier option, a Client Identifier option if one was included in
the message and a Status Code option with status UnSpecFail.

Reference threads

viewtopic.php?t=177172
viewtopic.php?t=144099
https://forum.opnsense.org/index.php?topic=20369.0
https://michael.stapelberg.ch/posts/202 ... -ipv6-duid
https://community.tp-link.com/en/smart- ... Id=1048964
https://community.ui.com/questions/UDMp ... 3fafa19008
https://www.reddit.com/r/mikrotik/comme ... ipv6_help/

tdw · Sat Oct 26, 2024 4:29 pm

Having a link local address for the default gateway is normal. Provide all of your IPv6 configuration, not just part of it - commonly the DHCP client settings should not add a default route and only request a prefix, not an address, also there should be no /ipv6 nd entry for the interface providing the WAN connection.

bitflow · Sat Oct 26, 2024 5:18 pm

Having a link local address for the default gateway is normal. Provide all of your IPv6 configuration, not just part of it - commonly the DHCP client settings should not add a default route and only request a prefix, not an address, also there should be no /ipv6 nd entry for the interface providing the WAN connection.

Hey. I did a /ipv6 export. If I do a /export I don't see anything else than what I have already added here.

I feel like I have tried with every option.

tdw · Sun Oct 27, 2024 1:52 pm

There is no sign of any /ipv6 address or /ipv6 dhcp-client in the export yet you have DHCPv6 logging data

bitflow · Sun Oct 27, 2024 2:27 pm

There is no sign of any /ipv6 address or /ipv6 dhcp-client in the export yet you have DHCPv6 logging data

ipv6 dhcp-client settings

/ipv6 dhcp-client
add add-default-route=yes comment="isp prefix" interface=sfp1 pool-name=isp prefix-hint=::/56 rapid-commit=no request=address,prefix use-interface-duid=yes use-peer-dns=no

ipv6 neighbor

[admin@MikroTik] > /ipv6/neighbor/print 
Flags: R - router 
 0 R address=fe80::redacted interface=sfp1 mac-address=22:22:00:01:00:01 status="stale"

ipv6 addresses

[admin@MikroTik] > /ipv6/address/print 
Flags: D - DYNAMIC; L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
 #    ADDRESS                       INTERFACE  ADVERTISE
 0 D  ::1/128                       lo         no       
 1 DL fe80::7a9a:18ff:fefc:6dd8/64  sfp1       no       
 2 DL fe80::7a9a:18ff:fefc:6dd9/64  br         no

I always receive a status: 1 - failed error from the gateway router in the dhcp logs. It does not matter if I only try to request an address or address+prefix or prefix.

13:24:19 dhcp,debug,packet recv client: sfp1 fe80::redacted -> fe80::7a9a:18ff:fefc:6dd8 
13:24:19 dhcp,debug,packet type: reply 
13:24:19 dhcp,debug,packet transaction-id: 0a446f 
13:24:19 dhcp,debug,packet  -> clientid:   00030001 789a18fc 6dd8 
13:24:19 dhcp,debug,packet  -> serverid:   00010001 27639377 00505687 fc2c 
13:24:19 dhcp,debug,packet  -> ia_na:  
13:24:19 dhcp,debug,packet    t1: 3600 
13:24:19 dhcp,debug,packet    t2: 7200 
13:24:19 dhcp,debug,packet    id: 0xa 
13:24:19 dhcp,debug,packet   -> ia_addr:  
13:24:19 dhcp,debug,packet     address: 2001:redacted
13:24:19 dhcp,debug,packet     valid time: 78351 
13:24:19 dhcp,debug,packet     pref. time: 45951 
13:24:19 dhcp,debug,packet  -> status: 1 - failed 
13:24:19 dhcp,debug,packet send sfp1 -> ff02::1:2%13 
13:24:19 dhcp,debug,packet type: solicit 
13:24:19 dhcp,debug,packet transaction-id: 23e56e 
13:24:19 dhcp,debug,packet  -> clientid:   00030001 789a18fc 6dd8 
13:24:19 dhcp,debug,packet  -> ia_na:  
13:24:19 dhcp,debug,packet    t1: 0 
13:24:19 dhcp,debug,packet    t2: 0 
13:24:19 dhcp,debug,packet    id: 0xa 
13:24:19 dhcp,debug,packet  -> elapsed_time: 0

maimbo · Sat Dec 07, 2024 9:24 am

Not sure if it helps or not, but this is what I'm using for DHCP client settings (albeit on PPPoE interface):

/ipv6 dhcp-client
add interface=internet-pppoe pool-name=public-ipv6 pool-prefix-length=60 prefix-hint=::/56 request=prefix use-peer-dns=no

bitflow · Mon Dec 30, 2024 7:28 pm

Not sure if it helps or not, but this is what I'm using for DHCP client settings (albeit on PPPoE interface):
Code: Select all
/ipv6 dhcp-client
add interface=internet-pppoe pool-name=public-ipv6 pool-prefix-length=60 prefix-hint=::/56 request=prefix use-peer-dns=no

Unfortunately not, but thanks for trying.

Either MikroTik or my ISP is doing something wrong and they can't seem to get this to work. I assume that the IPv6 was assigned in another way using my old Ubiquiti AmpliFI device. I will try and capture the DHCP traffic using the old Ubiquiti device someday but at the moment I just disabled IPv6 and continued with life.. Too much time spent on this matter...

Props to the support team though for investigating this and for trying to fix this issue!

IPv6 DHCPv6 Issues on MikroTik L009

IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Re: IPv6 DHCPv6 Issues on MikroTik L009

Who is online