7

I have the following configuration in my network:

ISP Router <- eth1 -> Mikrotik Router <- eth2-5 -> Internal network

My ISP router receives a /64 IPV6 block that is dynamic, changing whenever I reboot it.

The issue is that the devices in my internal network aren't receiving an IPV6 address, probably because the DHCP server in Mikrotik isn't configured correctly.

I already configured the DHCP client in Mikrotik ( IPV6 -> DHCP client ) and I can see the /64 block that was assigned by my ISP.

But I can't configure the DHCP Server. I tried to assign the pool in "IPV6 -> DHCP Server -> Add new" but my devices still doesn't receive any IPV6 addresses.

Any ideas about what is wrong? I'm using version 6.33.

Note: If i connect a device directly to my ISP router, IPV6 works correctly.

--- Edit ---

After Michael comment I was able to make some progress. I disabled the DHCP Server in Mikrotik and added a new address in "IPV6 -> Addresses" with advertise flag and using the pool that is created by the DHCP client.

All devices in my internal network are receiving IPV6 addresses and can ping each other. Unfortunately I can't ping external hosts.

In Mikrotik I can only ping external hosts only if I check the option "Request address" in /ipv6 dhcp-client. Otherwise ping doesn't work in Mikrotik.

Example: trying to ping ipv6.google.com.

/ping 2800:3f0:4001:801::200e
  SEQ HOST                                     SIZE TTL TIME  STATUS
    0 2800:3f0:4001:801::200e                                 timeout
    1 2800:3f0:4001:801::200e                                 timeout
    2 2800:3f0:4001:801::200e                                 timeout
    sent=3 received=0 packet-loss=100%

Here is how my route looks like:

/ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 ADS  ::/0                     fe80::e297:96ff:fe6a:...        1
 1 ADC  2001:1284:****:90dd::/64 ether2-master-local             0
 2  DSU 2001:1284:****:90dd::/64                                 1
Fernando
  • 1,129
  • 6
  • 23
  • 32
  • What is this "ISP Router"? Who controls it? – Michael Hampton Nov 11 '15 at 18:38
  • It's a Huawei router that my ISP provides. I don't even know the model as everything is capped. My ISP only allows changing some basic things like Wifi name/password and Port forwarding. Everything else is hidden. – Fernando Nov 11 '15 at 18:53
  • 2
    Start here: http://wiki.mikrotik.com/wiki/Manual:IPv6/DHCP_Client But if your ISP only gave you a /64 then you're going to be stuck. – Michael Hampton Nov 11 '15 at 18:58
  • @MichaelHampton thanks. I was able to make some progress but I couldn't figure it out yet. I added my progress info to the question. – Fernando Nov 11 '15 at 21:39

2 Answers2

1

Mikrotik does prefix delegation only. Its dhcp server implementation is incomplete. I've been following the discussions on their forums. See http://forum.mikrotik.com/viewtopic.php?f=13&t=101918&p=506310&hilit=dhcpv6#p506307.

Jeff Loughridge
  • 1,074
  • 2
  • 7
  • 18
  • I also found the log tells the truth. Does this mean the DHCPv6 server within the RouterOS is totally dummy and useless? The RA has already take care about the prefix delegation I have no idea what did the DHCPv6 server do here. – jayatubi Jul 20 '16 at 05:53
  • It's definitely a partial implementation of DHCPv6 functionality. I removed my mikrotic from my home network for this reason. The best you'll be able to do is get the router to accept the prefix and then use a /64 from within it to assign to a LAN-facing interface. As you indicate, the actual IP address assignment would be performed via RA. – Jeff Loughridge Jul 20 '16 at 11:28
  • What can the DHCPv6 server do? I followed lots of the guides on the RouterOS wiki and internet to setup it but I didn't see any significant outcomes. My clients couldn't get a IPv6 address if I only enable the DHCPv6 server while disable the RA. And when the RA is on I found I won't need the DHCPv6 server anymore. – jayatubi Jul 21 '16 at 04:43
  • You can't use RA if you don't know what /60 or whatever the ISP assigns to you. The bigger prefix can change although I don't see it happen very much with my ISP. If you stick with microtik, do what I described in the previous message. Use DHCPv6 for PD/DNS/default gateway, and then the RA daemon can use a /64 from the larger prefix for assignment on one of the LAN interfaces. – Jeff Loughridge Jul 21 '16 at 14:07
0

I actually got tired of waiting for MikroTik to fix their DHCPv6 Server, as Jeff Loughridge noted FIVE YEARS AGO was broken and remains a work-in-progress to this day. Even the Prefix Delegation part of it produced inconsistent results from my testing and decided to avoid any dependencies on it when subnetting my IPv6 network.

I documented a workaround that completely avoids the DHCPv6 Server and only relies on Neighbor Discovery, Ripng and (optionally) adding static routes. Indeed, rather than being complex, it's more elegant because it has fewer gears. It also scales across multiple routers; SLAAC just works and assigns hosts an IP from the subnet they connect to.

Anyway, since MikroTik hasn't moved things on with the DHCPv6 Server in all these years, at least my solution is something until they can fix that mess. Hope this helps others save time solving the same problem...

F1Linux
  • 335
  • 5
  • 12