IPv6第二VLAN

Spixxy · Sun Feb 03, 2019 12:47 pm

Hello,

我有从我的ISP IPv6,分配给我的main VLAN bridge, but it's not working on another VLANs. How can I do that?
My working config:

/ipv6 address add address=::1 from-pool=general-pool6 interface=bridge_vlan10 /ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=general-pool6 request=address,prefix /ipv6 nd add hop-limit=64 interface=bridge_vlan10 ra-interval=20s-1m

This is what I tried for second VLAN, it didn't work:

/ipv6 nd add hop-limit=64 interface=bridge_vlan20 ra-interval=20s-1m /ipv6 nd prefix add interface=bridge_vlan20 prefix=2a02:768:8e13:d36::/64 /ipv6 route add distance=0 dst-address=2a02:768:8e13:d36::/64 gateway=bridge_vlan20 scope=10

I think I just (somehow) need to point two VLANs to one pool. But how?

mozerd · Sun Feb 03, 2019 1:35 pm

Following is my config for ipv6 based on my ISP proving me with aprefix /56

/ipv6 address add from-pool=rogers-ipv6 interface=vlan10 /ipv6 address add from-pool=rogers-ipv6 interface=vlan20 /ipv6 address add from-pool=rogers-ipv6 interface=vlan40 /ipv6 dhcp-client add add-default-route=yes comment="delgate ISP-assigned prefix" interface=ether1 pool-name=rogers-ipv6 prefix-hint=::/56 request=address,prefix /ipv6 nd set [ find default=yes ] advertise-dns=yes interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m /ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan10 reachable-time=5m /ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan20 reachable-time=5m /ipv6 nd add advertise-dns=yes hop-limit=64 interface=vlan40 reachable-time=5m /ipv6 nd prefix default set preferred-lifetime=4h valid-lifetime=4h /ipv6 settings set accept-router-advertisements=yes

Perhaps my code can help you …. change the relevant parts to match what your ISP provides you ….. so the important parts are the PREFIX, POOL and WAN INTERFACE, and VLAN INTERFACE
Your Pool isgeneral-pool6
Your Prefix ???? your ISP needs to provide you with a Prefix Assignment … for most people its /64
Your VLAN Interfaceinterface=bridge_vlan10
Your WAN interfaceether1

Spixxy · Sun Feb 03, 2019 1:58 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?

mozerd · Sun Feb 03, 2019 2:19 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?

I have no idea why.

Who is your ISP?

Can you please post your Config
/export hide-sensitive file=spixxyconfig terse

proximus · Sun Feb 03, 2019 3:01 pm

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?

Because your pool is a single /64 ... once it is assigned to bridge_vlan10, the pool is exhausted. If your ISP is able to provide you with a /56 or /60, then you will have enough address space to assign more IPv6 interfaces (/64's).

Spixxy · Sun Feb 03, 2019 3:28 pm

Yeah, I thought it's because of this. But how can I assign only half of that pool? If I want to assign only /65, it says that I have to disable advertise. But then my devices won't get it's IP, right?

Or is there any other solution? I don't believe this is impossible

mkx · Sun Feb 03, 2019 3:41 pm

The basic idea is to assign IP address with longer prefix as router's address on interface in a subnet ... ND should derive it's settings from there ...

/ipv6 address add address=::1/72 from-pool=general-pool6 interface=bridge_vlan10 add address=::1/72 from-pool=general-pool6 interface=bridge_vlan20

Prefix length should generally be specified with IPv6 addresses, if it's not then /64 is taken as default.

mozerd · Sun Feb 03, 2019 4:11 pm

My ISP Rogers dishes out multiple /64 plus other options like /56 although that may have changed recently. for a long time I was using /64 and assigning to each subnet or vlan.

With Ubiguiti Routers its very easy to do that utilizing a commands like:

set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 2 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd rapid-commit 'enable'

I do not believe that the same can be done using RouterOS …. I could not find the ability to add an index like PD 0, PD 1,PD 2 etc

First you you have to find out from your ISP if they would dish out multiple /64 and if YES then some RouterOS GURU needs to confirm how to convert the above code to RouterOS speak

Ideally, check with your ISP if they will issue a /40 or /60 or /56 … many ISP are going with a /56 for their users --- some are only providing that for their business class users and if not some ISP will dole out multiple /64

Spixxy · Sun Feb 03, 2019 4:35 pm

I would like to assign ::1/72, but terminal forces it to /64 and Winbox shows this error

My ISP is small Czech local which apparently gives me one /64.
And my idea is to force multiple interfaces to take IPs from this pool

tdw · Sun Feb 03, 2019 5:34 pm

SLAAC requires /64 as that is the size of an automatically generated address. It is possible to use smaller subnet sizes when using static addresses or DHCP, but AFAIK it is no longer recommended

proximus · Sun Feb 03, 2019 5:36 pm

That error is because SLACC (IPv6 auto config) requires a /64, therefore the error.

If you run your own IPv6 DHCP server (or static addresses), you can set advertise=no and may be able to use the /72. Doing this requires settings in ND to advertise the Managed flag.

The basic config for not using SLACC and a LAN-based DHCPv6 server only would be like this:

/ipv6 address add address=::1 advertise=no from-pool=comcast-ipv6 interface=ether2-lan .. etc /ipv6 dhcp-client add add-default-route=yes comment="WAN Cable Modem" interface=ether1-gateway pool-name=comcast-ipv6 prefix-hint=::/60 request=address,prefix use-peer-dns=no /ipv6 nd add hop-limit=64 interface=ether2-lan managed-address-configuration=yes other-configuration=yes ra-interval=1m40s-5m /ipv6 nd prefix add autonomous=no interface=ether2-lan

Personally, I do not like SLACC. I want to see known addresses, not ever-changing random ones.

Spixxy · Sun Feb 03, 2019 7:15 pm

Thank you, but I still cannot make it working

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough?

I have deleted all IPv6 related settings and started from scratch.
First step: set up DHCP client, it gets prefix and automatically creates pool.
Second: add address ::1/72
- it gets replaced by /64 and so I cannot add another.

mozerd · Sun Feb 03, 2019 7:28 pm

Up until now most ISP’s that I am familure with will not provide a static ipv6 .... and if there are exceptions I am certainly not aware of those ISP.

所以对于时间ing check with your isp and find out if they will allocate more than one /64 ... tell them that you run 2 subnets they may accomadete you.

You are at the mercy of your ISP in terms of which subnet(s) are assigned TO YOUR ISP MODEM. You cannot go and pick a subnet from your prefix delegation and assign it statically. The cable modem must do the assignment.

proximus · Sun Feb 03, 2019 7:35 pm

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough?

DHCPv6 server on another machine to provide host addresses. MT's DHCPv6 server does not do host addressing (wish it did!!!)

What I posted changes the flags in the Router Advertisement. That tells the hosts that they should request an IPv6 address via DHCP and not auto-configure.
--
I'm kind of doubting you can do what you want with a single /64 from a pool.

Spixxy · Thu Feb 07, 2019 10:13 am

Well, that's bad that simple things like VLANs relies on ISP.
Or maybe it's ok and I just don't understand it well

Anyway thank you very much!

mkx · Thu Feb 07, 2019 12:21 pm

Well, that's bad that simple things like VLANs relies on ISP.

Your VLANs don't rely on ISP. What relies on ISPs is to offer you short enough IPv6 prefix (i.e. /63 or lower) so that you can allocate one /64 prefix to each of your VLANs.

BTW, it's not only VLANs, it also LAN subnets (in case you create physical subnets).

mozerd · Thu Feb 07, 2019 12:38 pm

Well, that's bad that simple things like VLANs relies on ISP.
Or maybe it's ok and I just don't understand it well
Anyway thank you very much!

99% of the general public do not have the ability to configure subnets [vlans are a form of subnets] ..... so most isp take the easy raod and jsut provide a /64. You should talk to you ISP and ask for an accommodation that would help you to accomplish your objective --- I'm sure others in your area are asking for same and the more people that ask the more are the chances they will comply --- .... My ISP originally only offered a /64 and also offered more than one /64 for those who knew how to index the address space THEN through a little [a lot of] coxing from its users a /56 was allowed .... one of these days [in a couple of years -maybe] they may dish out a statics and allow to have a dhcp6 server locally

Sob · Thu Feb 07, 2019 3:46 pm

My ISP is small Czech local which apparently gives me one /64.

Did you try to ask them for bigger prefix? There could be some hope with small company. Maybe they are just new to this and /64 is their honest mistake without an ill intent. If they are open to discussion, there are enough even local resources about the subject, e.g. Cesnet seminars, articles on root.cz, etc. Like this one:pdf,video

pe1chl · Thu Feb 07, 2019 4:24 pm

Indeed, the problem is often that the ISP is unfamiliar with IPv6.
The absolute minimum a home customer should get is a /60.
More considerate would be a /56.
I get a /48 on my home internet connection.

jonmansey · Mon Apr 22, 2019 6:45 am

For me it was as simple as setting the DHCPv6 client prefix hint to ::/62 and the ISP (TWC) gave me a /56 instead of the standard /64. Then I was able to simply add multiple ::1/64 to each vlan, and it all worked automatically. I think I could have used any prefix hint less than 64 and it would have given me a /56.

archerious · Sat Mar 12, 2022 9:08 pm

My ISP Rogers dishes out multiple /64 plus other options like /56 although that may have changed recently. for a long time I was using /64 and assigning to each subnet or vlan.

With Ubiguiti Routers its very easy to do that utilizing a commands like:
Code:Select all
set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 0 interface eth2.10 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 0 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 1 interface eth2.20 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 1 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 host-address '::1' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 'no-dns' set interfaces ethernet eth0 dhcpv6-pd pd 2 interface eth2.30 service 'slaac' set interfaces ethernet eth0 dhcpv6-pd pd 2 prefix-length '64' set interfaces ethernet eth0 dhcpv6-pd rapid-commit 'enable'
I do not believe that the same can be done using RouterOS …. I could not find the ability to add an index like PD 0, PD 1,PD 2 etc

First you you have to find out from your ISP if they would dish out multiple /64 and if YES then some RouterOS GURU needs to confirm how to convert the above code to RouterOS speak
Ideally, check with your ISP if they will issue a /40 or /60 or /56 … many ISP are going with a /56 for their users --- some are only providing that for their business class users and if not some ISP will dole out multiple /64

That's exactly what my issue is, my ISP AT&T issues out a /60 but to their RG, they then request that my RB4011 make multiple pd requests or multiple DHCPv6_clients to pull several /64s. They will NOT allow my RB4011 to take the /60, only their equipment is allowed control over the /60 *sigh*.

I guess Ubiquiti is the solution for now since the popular bypass doesn't work anymore for me (XGS-pon).

Sob · Sat Mar 12, 2022 9:42 pm

I didn't test it much, but it seems that good oldVRRP hackworks for DHCPv6 too.

archerious · Mon Mar 14, 2022 7:50 am

I didn't test it much, but it seems that good oldVRRP hackworks for DHCPv6 too.

That worked! Thank you for sharing the link, it's been working well.

pe1chl · Mon Mar 14, 2022 10:47 am

Maybe it is time to explain the ISP how to deploy IPv6. Why are they using non-standard "tricks" when there is an established method of doing things?
I just have a DHCPv6 client requesting a prefix, I get a block of addresses in the pool (a /48, the ISPs are not that stingy here), and from there I can assign addresses to interfaces.
That works almost without effort.

Znevna · Mon Mar 14, 2022 11:10 am

Maybe it is time to explain the ISP how to deploy IPv6. Why are they using non-standard "tricks" when there is an established method of doing things?
[...]

Network administrator be like: "I'm all we have!!11"

IPv6第二VLAN

IPv6第二VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Re: IPv6 on second VLAN

Who is online