IPv6 /127

LennonNZ · Fri Nov 22, 2013 7:37 am

I have a router.. 2 interfaces..

XXXX:f000:32:88::/127
XXXX:f000:32:89::1/127

I can route XXXX:f000:32:90::/127 -> XXXX:f000:32:88:1 fine...
_but_
I cannot route XXXX:f000:32:90::/127 -> XXXX:f000:32:89::

it says XXXX:f000:32:89:: unreachable

I'm actually trying to send ::/0 to the :0 address and says unreachable but if I send to a :1 on a /127 it works.

Below is some example I set up..

[admin@MikroTik] > ping XXXX:f000:32:89::
HOST SIZE TTL TIME STATUS
XXXX:f000:32:89:: 56 64 0ms echo reply
XXXX:f000:32:89:: 56 64 0ms echo reply
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 S ::/0 XXXX:f000:32:89:: 1 <--- it thinks is unreachable
1 ADC XXXX:f000:32:88::/127 ether2 0
2 ADC XXXX:f000:32:89::/127 ether1 0
3 A S XXXX:f000

1::/64 XXXX:f000:32:88::1 1

[admin@MikroTik] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 DL fe80::d6ca:6dff:fed3:2699/64 sfp1-gat... no
1 DL fe80::d6ca:6dff:fed3:269a/64 ether1 no
2 DL fe80::d6ca:6dff:fed3:269e/64 ether5 .. no
3 DL fe80::d6ca:6dff:fed3:269b/64 ether2 no
4 G XXXX:f000:32:88::/127 ether2-bras no
5 G XXXX:f000:32:89::1/127 ether1-core no

This works on ciscos/juniper/other routers fine.. but why not on Mikrotik? anyway I can do this?

Running v6.4

tomaskir · Fri Nov 22, 2013 1:27 pm

There have been multiple discussions on the forums on the use of /127s with MikroTik.

Its currently not supported, and as far as I remember, no support was promised.
/31s for IPv4 are not supported either.

Currently /64s should be used for PtP links.

janisk · Fri Nov 22, 2013 2:34 pm

first things first:

initially /127 addressing where considered harmful for IPv6.
http://tools.ietf.org/html/rfc3627
there are other RFC documents about IPv6 that will state that /127 address space should not be used.

now when this is stated, you can use other than the address that ends with 0.

for example, use of 2001:db8::0/127 will yield error as such route cannot be currently added (that is a problem we will work to resolve it)

but 2001:db8::2/127 can be used freely and will work correctly as main culprit - router anycast address is not used in RouterOS and at all is deprecated from IPv6.

LennonNZ · Fri Nov 22, 2013 2:47 pm

first things first:

initially /127 addressing where considered harmful for IPv6.
http://tools.ietf.org/html/rfc3627
there are other RFC documents about IPv6 that will state that /127 address space should not be used.

now when this is stated, you can use other than the address that ends with 0.

for example, use of 2001:db8::0/127 will yield error as such route cannot be currently added (that is a problem we will work to resolve it)

but 2001:db8::2/127 can be used freely and will work correctly as main culprit - router anycast address is not used in RouterOS and at all is deprecated from IPv6.

Thanks..

So you are saying /127 work 100% fine but as long as you are not trying to router towards 2001:db8::0/127 but routing towards 2001:db8::1/127 will work fine (This is what I personally found)

LennonNZ · Fri Nov 22, 2013 2:53 pm

first things first:

initially /127 addressing where considered harmful for IPv6.
http://tools.ietf.org/html/rfc3627
there are other RFC documents about IPv6 that will state that /127 address space should not be used.

now when this is stated, you can use other than the address that ends with 0.

for example, use of 2001:db8::0/127 will yield error as such route cannot be currently added (that is a problem we will work to resolve it)

but 2001:db8::2/127 can be used freely and will work correctly as main culprit - router anycast address is not used in RouterOS and at all is deprecated from IPv6.

yes RFC3627 (which says /127 are bad) has a link to RFC6547 which basically says RFC3627 is obsolete and to use read RFC6164 which says /127 are good. Thanks Miktotik.. I hope you fix the ::0/127 problem.

LennonNZ · Fri Nov 22, 2013 3:00 pm

There have been multiple discussions on the forums on the use of /127s with MikroTik.

Its currently not supported, and as far as I remember, no support was promised.
/31s for IPv4 are not supported either.

Currently /64s should be used for PtP links.

Yes /31's not working as most other routers and standards say they should is a little annoying and having to waste ipv4 space for P2P Links IMHO is not good. I dunno the exact reason why mikrotik won't/can't support /31's. It is very common practice to use them these days and most of P2P links I use are /31's (except when a customer can't and its usually as they have a miktotik).

the issue regarding /127.. well they work.. except for the ::0/127 one (you can route to the ::1 but not the ::0) and I can work around that at the moment.

janisk · Fri Nov 22, 2013 3:03 pm

adding a route to ::1/127 is weird, as the other end will not be able to set up route to point in the correct direction.

so skip the first 2 addresses and start using this form ::2/127

also, what is the main reason behind using /127 and instead of /128 that should be supported and is supported from IPv6 get-go.

jmorby · Wed May 28, 2014 4:04 am

IPv4 /31 and IPv6 /127 are not really the same thing

I'm also experiencing problems with /126 addresses ... and /30 is definitely supported if you were to use that analogy

Using /64 is wasteful ... but the major problem is the possibility of DDoS from all that additional ping-pong traffic

+1 for /127 support

janisk · Wed May 28, 2014 9:32 am

/127 is exempt, /126 should work normally. If you see the need for /127 use /128 instead.

And that is correct /31 for ipv4 and /127 are completely different as /127 if mis-configured can cause more issues and open you to attacks that you can not control.

savage · Tue May 30, 2017 10:57 am

so skip the first 2 addresses and start using this form ::2/127

also, what is the main reason behind using /127 and instead of /128 that should be supported and is supported from IPv6 get-go.

It's not only ::/127, but also 10::/127, 20::/127, 30::/127, 40::/127, etc...

Quite annoying, to say the least.

janisk · Wed Jun 28, 2017 3:56 pm

Any address with /127 mask is not working. Also, there is no good reason to use that.

savage · Wed Jun 28, 2017 4:11 pm

Any address with /127 mask is not working. Also, there is no good reason to use that.

Shrugs. RFC3627 is old, outdated, and multiple erratas exists for it.

https://tools.ietf.org/html/rfc6164 for example, has clear definitive reasons as to why /127s ARE valid, and accepted. Quite a lot of ISPs doing IPv6 connectivity, supply /127s, not /126s.

niamul · Wed Jun 28, 2017 7:36 pm

This actually makes a lot of sense

Basically *::/64 in a pool won't work but *::1/64 will work on the pppoe or dhcp?
Then again you can't set a pool for pppoe with *::1/64

Any work around it?

Jesse6 · Fri Nov 17, 2017 7:46 pm

+1 to the IPv6 /127 network support in IPv6. Harmful or not, adding a feature (that can be used or not) does not harm at all, it improves compatibility, flexibility and versatility. Many providers use /127 for serial (i.e., point-to-point) links.

silderan · Fri Dec 20, 2019 4:42 pm

Sorry for pop this thread up but...

+1.

Our Internet transit supplier just gives us a /127 to set up a BGP/AS session.

Is there any workarround or shall I purchase a router from another vendor?

This is a MUST for routers in https://tools.ietf.org/html/rfc6164.

Regards.

danunjaya123 · Sat Dec 21, 2019 3:21 pm

+1

IPv6 /126 is not working to me on CCR1036

danunjaya123 · Sun Dec 22, 2019 1:36 pm

[admin@4C:5E:CC:DD:9F:D8] > ping 2606:4700:4700::1111
SEQ HOST SIZE TTL TIME STATUS
0 2606:4700:4700::1111 timeout
1 2606:4700:4700::1111 timeout
2 2407:ff00:7::e 104 64 597ms address unreachable
3 2606:4700:4700::1111 timeout
sent=4 received=0 packet-loss=100%

[admin@4C:5E:CC:DD:9F:D8] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2407:ff00:7::e/126 BondingWAN no
1 DL fe80::4e5e:cff:fed1:9fe1/64 vlan135 no
2 DL fe80::4e5e:cff:fed1:9fe1/64 vlan231 no
3 DL fe80::4e5e:cff:fed1:9fe1/64 vlan134 no
4 DL fe80::4e5e:cff:fed1:9fe1/64 vlan223 no
5 DL fe80::4e5e:cff:fed1:9fe1/64 vlan170 no
6 DL fe80::4e5e:cff:fed1:9fe1/64 vlan267 no
7 DL fe80::4e5e:cff:fed1:9fe1/64 vlan153 no
8 DL fe80::4e5e:cff:fed1:9fe1/64 vlan246 no
9 DL fe80::4e5e:cff:fed1:9fe1/64 vlan116 no
10 DL fe80::4e5e:cff:fed1:9fe1/64 vlan149 no
11 DL fe80::4e5e:cff:fed1:9fe1/64 vlan174 no
12 DL fe80::4e5e:cff:fed1:9fe1/64 vlan202 no
13 DL fe80::4e5e:cff:fed1:9fe1/64 vlan232 no
14 DL fe80::4e5e:cff:fed1:9fe1/64 vlan108 no
15 DL fe80::4e5e:cff:fed1:9fe1/64 vlan233 no
16 DL fe80::4e5e:cff:fed1:9fe1/64 vlan244 no
17 DL fe80::4e5e:cff:fed1:9fe1/64 vlan117 no
18 DL fe80::4e5e:cff:fed1:9fe1/64 vlan210 no
19 DL fe80::4e5e:cff:fed1:9fe1/64 vlan221 no
20 DL fe80::4e5e:cff:fed1:9fe1/64 vlan112 no
21 DL fe80::4e5e:cff:fed1:9fe1/64 vlan141 no
22 DL fe80::4e5e:cff:fed1:9fe1/64 vlan167 no
23 DL fe80::4e5e:cff:fed1:9fe1/64 LAN no
24 DL fe80::4e5e:cff:fed1:9fd8/64 BondingWAN no
25 DL fe80::4e5e:cff:fed1:9fe1/64 vlan148 no

[admin@4C:5E:CC:DD:9F:D8] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 BondingWAN 1
1 ADC 2407:ff00:7::c/126 BondingWAN 0

Sob · Sun Dec 22, 2019 5:01 pm

@danunjaya123: It's two different things, /127 in IPv6 is like /31 in IPv4, let's say a little unusual. Your /126 is normal configuration that works. Your problem is wrong gateway for default route, just use address 2407:ff00:7::d, instead of interface BondingWAN.

danunjaya123 · Mon Dec 23, 2019 2:49 pm

Thanks it worked issue is i have not added gateway in routes.

@danunjaya123: It's two different things, /127 in IPv6 is like /31 in IPv4, let's say a little unusual. Your /126 is normal configuration that works. Your problem is wrong gateway for default route, just use address 2407:ff00:7::d, instead of interface BondingWAN.

ns88ns · Fri Apr 29, 2022 9:47 pm

2 Sob:

/127 in IPv6 is like /31 in IPv4

Definitely, it isn't valid due to the difference between IPv6 and IPv4. IPv6 /127 is like IPv4 /30 (not the /31). The IPv4 /31 provides 2 special addresses (1 network address and 1 broadcast address) and 0 node addresses. This is why IPv4 /31 is senseless, though, the /31 can be a valid route definition. The IPv4 /30 provides 2 the special addresses + 2 node addresses. The IPv6 /127 provides 0 special addresses and 2 node addresses so it is completely valid network definition.

ns88ns · Fri Apr 29, 2022 9:57 pm

Ok, could you, please, folks, explain then, how to configure properly IPv6 PtP connection at the ROS7 (e.g. v7.2.1) with /128 instead of /127 ?

Setup 1 based on /127:

FD01::/64 -[ (eth2) R1 (eth1) ]- FD05::2/127 ()--PtP conn--() FD05::3/127 -[ (eth1) R2 (eth1) ]- FD02::/64

At the R1:

IPv6 addresses:

Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
 #    ADDRESS                      INTERFACE              ADVERTISE
 0  G fd05::2/127                  eth1                   no       
 1  G fd01::/64                    eth2                   no       
 2 DL fe80::215:5dff:fee7:1001/64  eth1                   no       
 3 DL fe80::215:5dff:fee7:1002/64  eth2                   no

IPv6 routes:

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; 
+ - ecmp
 0  As   dst-address=fd02::/64 routing-table=main gateway=fd05::3 immediate-gw=eth1 distance=1 scope=30 
         target-scope=10 

   DAc   dst-address=fd01::/64 routing-table=main gateway=eth2 immediate-gw=eth2 distance=0 scope=10 

   DAc   dst-address=fd05::2/127 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth1/64 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth2/64 routing-table=main gateway=eth2 immediate-gw=eth1 distance=0 scope=10

At the R2:

IPv6 addresses:

Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
 #    ADDRESS                      INTERFACE              ADVERTISE
 0  G fd05::3/127                  eth1                   no       
 1  G fd02::/64                    eth2                   no       
 2 DL fe80::211:4dfa:fec3:1001/64  eth1                   no       
 3 DL fe80::211:4dfa:fec3:1002/64  eth2                   no

IPv6 routes:

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; 
+ - ecmp
 0  As   dst-address=fd01::/64 routing-table=main gateway=fd05::2 immediate-gw=eth1 distance=1 scope=30 
         target-scope=10 

   DAc   dst-address=fd02::/64 routing-table=main gateway=eth2 immediate-gw=eth2 distance=0 scope=10 

   DAc   dst-address=fd05::2/127 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth1/64 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth2/64 routing-table=main gateway=eth2 immediate-gw=eth1 distance=0 scope=10

This setup works but route #0 at both routers is invalid/unreachable immediately after boot. Though, manual disabling/re-enabling route #0 after makes it work.
As per this thread - the situation with the /127 in ROS is still unclear. It doesn't work properly in ROS6 (actually works only if the low bit of IPv6 address is 1). In ROS7 it kinda works but is still buggy. So - still quite unclear. Therefore, let's change the setup above to /128. Link-local addresses won't be used in this setup because they can be changed dynamically after reboots and we dislike adjusting the route table each time it happens.

So, the new setup:

FD01::/64 -[ (eth2) R1 (eth1) ]- FD05::2/128 ()--PtP conn--() FD05::3/128 -[ (eth1) R2 (eth1) ]- FD02::/64

At the R1

IPv6 addresses:

Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
 #    ADDRESS                      INTERFACE              ADVERTISE
 0  G fd05::2/128                  eth1                   no       
 1  G fd01::/64                    eth2                   no       
 2 DL fe80::215:5dff:fee7:1001/64  eth1                   no       
 3 DL fe80::215:5dff:fee7:1002/64  eth2                   no

IPv6 routes:

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; 
+ - ecmp
 0  As   dst-address=fd02::/64 routing-table=main gateway=fd05::3 immediate-gw=eth1 distance=1 scope=30 
         target-scope=30 

 1  As   dst-address=fd05::3/128 routing-table=main gateway=eth1 immediate-gw=eth1 distance=1 scope=30 
         target-scope=10 

   DAc   dst-address=fd01::/64 routing-table=main gateway=eth2 immediate-gw=eth2 distance=0 scope=10 

   DAc   dst-address=fd05::2/128 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth1/64 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth2/64 routing-table=main gateway=eth2 immediate-gw=eth1 distance=0 scope=10

At the R2:

IPv6 addresses:

Flags: D - DYNAMIC; G, L - LINK-LOCAL
Columns: ADDRESS, INTERFACE, ADVERTISE
 #    ADDRESS                      INTERFACE              ADVERTISE
 0  G fd05::3/128                  eth1                   no       
 1  G fd02::/64                    eth2                   no       
 2 DL fe80::211:4dfa:fec3:1001/64  eth1                   no       
 3 DL fe80::211:4dfa:fec3:1002/64  eth2                   no

IPv6 routes:

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; 
+ - ecmp
 0  As   dst-address=fd01::/64 routing-table=main gateway=fd05::2 immediate-gw=eth1 distance=1 scope=30 
         target-scope=30 

 1  As   dst-address=fd05::2/128 routing-table=main gateway=eth1 immediate-gw=eth1 distance=1 scope=30 
         target-scope=10 

   DAc   dst-address=fd02::/64 routing-table=main gateway=eth2 immediate-gw=eth2 distance=0 scope=10 

   DAc   dst-address=fd05::3/128 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth1/64 routing-table=main gateway=eth1 immediate-gw=eth1 distance=0 scope=10 

   DAc   dst-address=fe80::%eth2/64 routing-table=main gateway=eth2 immediate-gw=eth1 distance=0 scope=10

Ok, the magic is that route #1 was added to both routers (kinda static "connected" route) and raised the target-scope to 30 for route #0 on both routers.

It works well but the magic is still there: as per the ROS documentation (https://wiki.mikrotik.com/wiki/Manual:IP/Route) it MUST not work:

Routes with interface as a gateway
Value of gateway can be specified as an interface name instead of the nexthop IP address. Such route has following special properties:
Unlike connected routes, routes with interface nexthops are not used for nexthop lookup.

So, route #0 at both routers MUST fall to invalid/unreachable because it can be resolved only via route #1 (which is not used nexthop resolution, as per the wiki), but it doesn't fall.

The questions:

Why does the setup second setup (with /128) work despite the fact it contradicts the documentation?
How it should be configured properly with /128?

Thank you in advance.

IPv6 /127

IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Re: IPv6 /127

Who is online