Manual:IPv6 Overview: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Route (talk | contribs)
No edit summary
 
(37 intermediate revisions by 3 users not shown)
Line 1: Line 1:
*''Packages required:'' '''ipv6'''
{{Versions|v3beta10+, v4, v5+}}
*''Software versions:'' '''3.0beta10+'''


== IPv6 overview ==
== IPv6 overview ==
<p id="shbox">
<b>Package requirement:</b> <code>ipv6</code>
</p>


Internet Protocol version 6 (IPv6) is the new version of the Internet Protocol (IP). It was initially expected to replace IPv4 in short enough time, but for now it seems that these two version will coexist in Internet in foreseeable future. Nevertheless, IPv6 becomes more important, as the date of unallocated IPv4 address pool's exhaustion approaches.
Internet Protocol version 6 (IPv6) is the new version of the Internet Protocol (IP). It was initially expected to replace IPv4 in short enough time, but for now it seems that these two version will coexist in Internet in foreseeable future. Nevertheless, IPv6 becomes more important, as the date of unallocated IPv4 address pool's exhaustion approaches.


The two main benefits of IPv6 over IPv4 are:
The two main benefits of IPv6 over IPv4 are:
* much larger address space (IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4);
* much larger address space;
* support of stateless address autoconfiguration.
* support of stateless and statefull address autoconfiguration;
* built-in security;
* new header format (faster forwarding).


== Supported programms ==
== Supported programms ==


MikroTik IPv6 support at the moment (RouterOS 3.28/4.0beta4):
MikroTik IPv6 support at the moment:
* DHCPv6 prefix delegation for DHCP server.
* DHCPv6-PD client.
* IPv6 Prefix Delegation over PPP interfaces.
* static addressing and routing;
* static addressing and routing;
* router advertisement daemon (for address autoconfiguration)
* router advertisement daemon (for address autoconfiguration);
* dynamic routing: BGP+, OSPFv3, and RIPng protocols
* dynamic routing: BGP+, OSPFv3, and RIPng protocols;
* firewall (filter, mangle, address lists, connection table);
* queue tree, simple queue, pcq;
* DNS name servers;
* DNS name servers;
* 6in4 (SIT) tunnels;
* 6in4 (SIT) tunnels;
* telnet;
* EoIPv6, ip/ipv6 over ipv6 (IPIPv6) tunnel interface (starting from v5RC6)
* IPSEC;
* VRRPv3;
* IPv6 forwarding over all PPP (Point-to-point protocols);
* SSH, telnet, FTP, WWW access, Winbox, API;
* ping;
* ping;
* traceroute;
* traceroute;
* web proxy;
* web proxy;
* sniffer and fetch tools;
* sniffer and fetch tools;
* IP services and User allowed IPv6 address support;
* torch, bandwidth test and other tools;


Features not yet supported:
Features not yet supported:
* DHCPv6;
* all PPP (Point-to-point protocols);
* IPSEC;
* SSH, FTP, API, Winbox, Webbox access;
* queues;
* automatic tunnel creation;
* automatic tunnel creation;
* policy routing;
* policy routing;
* multicast routing;
* multicast routing;
* MPLS;
* MPLS;
* torch, netwatch, bandwidth test and other tools;
== IP addressing ==
IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4.
There are multiple IPv6 address classes. RouterOS distinguishes the following:
* multicast (with prefix ff00::/8)
* link-local (with prefix fe80::/10)
* loopback (the address ::1/128)
* unspecified (the address ::/128)
* other (all other addresses, including the obsoleted site-local addresses, and RFC 4193 unique local addresses; they all are treated as global unicast).
Basic IPv6 address configuration example:
ipv6 address add address=fc00:1::1/64 interface=ether1
ipv6 address add address=fc00:2::1/64 interface=ether2
One difference between IPv6 and IPv4 addressing is that IPv6 automatically generates a link-local IPv6 address for each active interface that has IPv6 support.


Example:
== Addressing ==
<pre>
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
#    ADDRESS                                    INTERFACE                  ADVERTISE
0 DL fe80::20c:42ff:fe1d:3d3/64                  ether2                    no
1 DL fe80::20c:42ff:fe1d:3d2/64                  ether1                    no
2 DL fe80::20c:42ff:fe1d:3d4/64                  ether3                    no
3  G fc00:1::1/64                                ether1                    yes
4  G fc00:2::1/64                                ether2                    yes
</pre>


For IPv6 automatically generated addresses are also often used. Such addresses consist of two parts:
IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4. IPv6 address syntax and types are described in RFC 4291.
# 64 bit long network prefix (usually manually configured for routers, and advertised via RADVD to host);
# 64 bit long unique identifier.


The 64 bit unique ID is generated from hardware serial numbers or MAC addresses. In case of a 48 bit MAC address, this so called EUI-64 (Extended Unique Identifier) is generated by the following algorithm:
[[Manual:IPv6/Address | Read more>>]]
# use the first 3 bytes of the MAC address (OUI) as the first 3 bytes of the EUI-64, except that the second-least significant bit of the most significant byte is inverted;
# insert 0xFF and 0xFE as 4th and 5th bytes of the EUI-64 respectively;
# use the last 3 bytes of the MAC address as the last 3 bytes of the EUI-64;
([http://www.tcpipguide.com/free/diagrams/ipv6eui64.png Image])
 
In RouterOS, if the eui-64 parameter for an address is configured, the 64 bits of that address will be automatically generated and updated using interface's MAC address. These last bits must be configured as zero for this case.
Example:
<pre>
[admin@MikroTik] > ipv6 address add address=fc00:3::/64 interface=ether3 eui-64=yes
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
#    ADDRESS                                    INTERFACE                  ADVERTISE
...
5  G fc00:3::20c:42ff:fe1d:3d4/64                ether3                    yes
[admin@MikroTik] > interface ethernet set ether3 mac-address=10:00:00:00:00:01
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
#    ADDRESS                                    INTERFACE                  ADVERTISE
...
5  G fc00:3::1200:ff:fe00:1/64                  ether3                    yes
</pre>
 
If the '''advertise=yes''' configuration option is set for an IPv6 address, the prefix of that address is automatically advertised to hosts using ICMPv6 protocol. The option is set by default for addresses with prefix length 64. Note that the prefix length must be equal to 64 for host autoconfiguration to work. '''/ipv6 nd prefixes print''' console command shows information about prefixes that are currently advertised:
[admin@MikroTik] > ipv6 nd prefix print
Flags: X - disabled, I - invalid, D - dynamic
  0 D prefix=fc00:1::/64 interface=ether1 on-link=yes autoconfig=yes
      valid-lifetime=4w2d preferred-lifetime=1w
 
External resources: http://www.tcpipguide.com/free/t_IPv6Addressing.htm
 
== IP routing ==
 
For static routing, the basic principles of IPv6 are exactly the same as for IPv4. Example:
<pre>
[admin@MikroTik] > ipv6 route add dst-address=2001::/16 gateway=fc00:1::2
[admin@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 A S  dst-address=2001::/16 gateway=fc00:1::2 reachable ether1 distance=1
        scope=30 target-scope=10
</pre>


Perhaps the most notable difference is that link local addresses can be used as route nexthops only if interface is specified too. Example:
=== Stateless Autoconfiguration ===
<pre>
[admin@MikroTik] > ipv6 route add dst-address=2002::/16 gateway=fe80::21a:4dff:fe56:1f4d%ether1
[admin@MikroTik] > ipv6 route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
...
1 A S  dst-address=2002::/16
        gateway=fe80::21a:4dff:fe56:1f4d%ether1 reachable distance=1
        scope=30 target-scope=10
</pre>


Another small difference is that there are no ''blackhole'' or ''prohibit'' routes, only ''unreachable''.
[[ Manual:IPv6/Address#Stateless_address_autoconfiguration | Read more >>]]


IPv4 and IPv6 routing also differs in the area of multipath route. Technically speaking, in Linux kernel there is no support for multiple nexthops for a IPv6 route. However, RouterOS allows to set more than one gateway address for a single route. In this case, a route is installed in the kernel for each of the different interfaces to which route's nexthops belong.
== Routing ==


Example:
For static routing, the basic principles of IPv6 are exactly the same as for IPv4. [[ M:IPv6/Route | <code>Read more >></code>]]
<pre>
[admin@MikroTik] > ipv6 address p
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
#    ADDRESS                                    INTERFACE        ADVERTISE
0  G fc00:1::1/64                                ether1            no
1  G fc00:2::1/64                                ether2            no
[admin@MikroTik] > ipv6 route add dst-address=2001::/16 gateway=fc00:1::2,fc00:2::2
[admin@MikroTik] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
#      DST-ADDRESS              GATEWAY                      DISTANCE
0 A S  2001::/16                fc00:2::2 reachable ether1,  1
                                fc00:1::2 reachable ether2
</pre>


When printing the Linux kernel route table, we see that two routes were added, not one:
{{Note|Link local addresses are required for dynamic routing protocols to function!}}
# ip -6 route
2001::/16 via fc00:2::2 dev eth1  proto static  metric 1024  mtu 1500 advmss 1440 metric10 4294967295
2001::/16 via fc00:1::2 dev eth0  proto static  metric 1024  mtu 1500 advmss 1440 metric10 4294967295
...


== Dynamic routing protocols ==


<div style="background: #EEE;">'''Note:''' Link local addresses are required for dynamic routing protocols to function!</div>


<div style="background: #EEE;">'''Note:''' All dynamic routing protocols also require a valid Router ID to function. If the Router ID is not configured manually, one of router's IPv4 addresses are used as the Router ID. If no IPv4 addresses are present, the router ID selection process will fail. This means that dynamic routing will not work on a router that has no IPv4 addresses, unless you configure the Router ID manually!</div>
{{Warning|All dynamic routing protocols also require a valid Router ID to function. If the Router ID is not configured manually, one of router's IPv4 addresses are used as the Router ID. If no IPv4 addresses are present, the router ID selection process will fail. This means that dynamic routing will not work on a router that has no IPv4 addresses, unless you configure the Router ID manually!}}


=== BGP ===
=== BGP ===
Line 187: Line 98:
Unlike to BGP, adding IPv6 support to OSPF required a lot of changes and resulted in a new, incompatible, version of OSPF: protocol version 3. (For IPv4, OSPF version 2 is used). The new version is described in RFC 2740.
Unlike to BGP, adding IPv6 support to OSPF required a lot of changes and resulted in a new, incompatible, version of OSPF: protocol version 3. (For IPv4, OSPF version 2 is used). The new version is described in RFC 2740.


OSPFv3 uses the same fundamental mechanisms as OSPFv2 — LSAs, flooding, the SPF algorithm, etc. However, it add not only support to a new address family, but also some improvements to the protocol itself. It avoids some potential problems and inefficiencies present in the operation of OSPFv2.
OSPFv3 uses the same fundamental mechanisms as OSPFv2 — LSAs, flooding, the SPF algorithm, etc. However, it adds not only support to a new address family, but also some improvements to the protocol itself. The new version avoids some potential problems and inefficiencies present in the operation of OSPFv2.


OSPFv3 configuration syntax largely remains the same as for OSPFv2. One mayor difference is that there is no configuration for networks anymore, and interface configuration becomes mandatory, since OSPFv3 runs on link, not IP subnet, basis.
OSPFv3 configuration syntax largely remains the same as for OSPFv2. One mayor difference is that there is no configuration for networks anymore, and interface configuration becomes mandatory, since OSPFv3 runs on link, not IP subnet, basis.
Line 238: Line 149:
   0 ADr  2001::/16                fe80::1200:ff:fe00:10... 120
   0 ADr  2001::/16                fe80::1200:ff:fe00:10... 120


== Stateless address autoconfiguration ==
<div style="background: #EEE;">'''Note:''' Stateless autoconfiguration does not work for routers!</div>
RouterOS has stateless IPv6 address autoconfiguration support using Router Advertisement Daemon (RADVD).
Prefixes of all addresses with 64 bit netmask are advertised by default.
Example:
[admin@MikroTik] > ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
  #    ADDRESS                                    INTERFACE        ADVERTISE
  0  G fc00:1::1/64                                ether1            yes
[admin@MikroTik] > ipv6 nd prefix print
Flags: X - disabled, I - invalid, D - dynamic
  0 D prefix=fc00:1::/64 interface=ether1 on-link=yes autoconfig=yes
      valid-lifetime=4w2d preferred-lifetime=1w


On a host that is directly attached to the router:
== 6to4 (6in4) tunnels ==
atis@atis-desktop:~$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
<b>    inet6 fc00:1::21a:4dff:fe56:1f4d/64 scope global dynamic
        valid_lft 2588363sec preferred_lft 601163sec</b>
    inet6 fe80::21a:4dff:fe56:1f4d/64 scope link
        valid_lft forever preferred_lft forever
The host has received the ''fc00:1::/64'' prefix from the router and configured an address with it.
 
There is also an option to redistribute DNS server information using RADVD:
[admin@MikroTik] > ip dns set secondary-dns=fc00:1::2
[admin@MikroTik] > ip dns print
            primary-dns: 10.0.0.1
          secondary-dns: fc00:1::2
...
[admin@MikroTik] > ipv6 nd set [f] advertise-dns=yes
 
You will need a running client side software with Router Advertisement DNS support to take advantage of the advertised DNS information.
 
== 6to4 tunnels ==


This describes solution using global 6to4 relay address. For a solution using a tunnel broker see [[Setting up an IPv6 tunnel via a tunnel broker]].
This describes solution using global 6to4 relay address. For a solution using a tunnel broker see [[Setting up an IPv6 tunnel via a tunnel broker]].
Line 288: Line 162:


Now you need to add a IPv6 address to the tunnel interface. The address should be in form ''"2002 + <IPv4 address in hex> + <custom id>" ''.
Now you need to add a IPv6 address to the tunnel interface. The address should be in form ''"2002 + <IPv4 address in hex> + <custom id>" ''.
A bash script can be used to generated sch address to generate IPv6 address for you:
A bash script can be used to generate such IPv6 address for you:
  atis@atis-desktop:~$ ipv4="1.2.3.4"; id="1"; printf "2002:%02x%02x:%02x%02x::$id\n" `echo $ipv4 | tr "." " "`
<pre>
2002:0102:0304::1
  atis@atis-desktop:~$ ipv4="1.2.3.4"; id="1"; printf "2002:%02x%02x:%02x%02x::$id\n"  
`echo $ipv4 | tr "." " "`
2002:0102:0304::1
</pre>


Add the generated address to the 6to4 interface:
Add the generated address to the 6to4 interface:
Line 297: Line 174:
Add route to global IPv6 Internet through the tunnel interface using the anycast IPv4 address:
Add route to global IPv6 Internet through the tunnel interface using the anycast IPv4 address:
  ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1,sit1
  ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1,sit1
Syntax for '''routing-test''':
Syntax for RouterOS v4.x, or RouterOS 3.x with '''routing-test''':
  ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1%sit1
  ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1%sit1


Now try to ping some IPv6 host (e.g. ipv6.google.com) to check your IPv6 connectivity.
Now try to ping some IPv6 host (e.g. ipv6.google.com, 2001:4860:a003::68) to check your IPv6 connectivity.


See also [http://en.wikipedia.org/wiki/6to4 6to4 in Wikipedia]. Do not confuse 6to4 tunnels with [http://en.wikipedia.org/wiki/6in4 6in4] or [http://en.wikipedia.org/wiki/6over4 6over4] - similarly named, but different mechanisms!
See also [http://en.wikipedia.org/wiki/6in4 6in4] and [http://en.wikipedia.org/wiki/6to4 6to4] in Wikipedia.


== Using dual stack ==
== Using dual stack ==
Line 319: Line 196:
  Escape character is '^]'.
  Escape character is '^]'.
  GET /
  GET /
 
  HTTP/1.0 404 Not Found
  HTTP/1.0 404 Not Found
  Content-Length: 518
  Content-Length: 518
Line 330: Line 207:
  Connected to fc00:1::1.
  Connected to fc00:1::1.
  GET /
  GET /
 
  HTTP/1.0 404 Not Found
  HTTP/1.0 404 Not Found
  Content-Length: 525
  Content-Length: 525
Line 336: Line 213:
  Generated Mon, 18 Dec 2006 12:38:51 GMT by ::ffff:10.0.0.131 (Mikrotik HttpProxy)
  Generated Mon, 18 Dec 2006 12:38:51 GMT by ::ffff:10.0.0.131 (Mikrotik HttpProxy)


[[Category: Manual]]
 
 
{{cont}}
 
 
[[Category: Case Studies|I]]
[[Category: Manual|I]]
[[Category:IPv6|I]]

Latest revision as of 12:43, 21 December 2018

Applies to RouterOS: v3beta10+, v4, v5+

IPv6 overview

Package requirement: ipv6


Internet Protocol version 6 (IPv6) is the new version of the Internet Protocol (IP). It was initially expected to replace IPv4 in short enough time, but for now it seems that these two version will coexist in Internet in foreseeable future. Nevertheless, IPv6 becomes more important, as the date of unallocated IPv4 address pool's exhaustion approaches.

The two main benefits of IPv6 over IPv4 are:

  • much larger address space;
  • support of stateless and statefull address autoconfiguration;
  • built-in security;
  • new header format (faster forwarding).

Supported programms

MikroTik IPv6 support at the moment:

  • DHCPv6 prefix delegation for DHCP server.
  • DHCPv6-PD client.
  • IPv6 Prefix Delegation over PPP interfaces.
  • static addressing and routing;
  • router advertisement daemon (for address autoconfiguration);
  • dynamic routing: BGP+, OSPFv3, and RIPng protocols;
  • firewall (filter, mangle, address lists, connection table);
  • queue tree, simple queue, pcq;
  • DNS name servers;
  • 6in4 (SIT) tunnels;
  • EoIPv6, ip/ipv6 over ipv6 (IPIPv6) tunnel interface (starting from v5RC6)
  • IPSEC;
  • VRRPv3;
  • IPv6 forwarding over all PPP (Point-to-point protocols);
  • SSH, telnet, FTP, WWW access, Winbox, API;
  • ping;
  • traceroute;
  • web proxy;
  • sniffer and fetch tools;
  • IP services and User allowed IPv6 address support;
  • torch, bandwidth test and other tools;

Features not yet supported:

  • automatic tunnel creation;
  • policy routing;
  • multicast routing;
  • MPLS;

Addressing

IPv6 uses 16 bytes addresses compared to 4 byte addresses in IPv4. IPv6 address syntax and types are described in RFC 4291.

Read more>>

Stateless Autoconfiguration

Read more >>

Routing

For static routing, the basic principles of IPv6 are exactly the same as for IPv4. Read more >>

Note: Link local addresses are required for dynamic routing protocols to function!



Warning: All dynamic routing protocols also require a valid Router ID to function. If the Router ID is not configured manually, one of router's IPv4 addresses are used as the Router ID. If no IPv4 addresses are present, the router ID selection process will fail. This means that dynamic routing will not work on a router that has no IPv4 addresses, unless you configure the Router ID manually!


BGP

Because of it's design BGP naturally supports multiple address families, and migration to IPv6 is straightforward here.

Example: configure iBGP between routers A and B, AS 65000, that will exchange IPv4 and IPv6 routes.

Router A:

[admin@A] > routing bgp peer add remote-address=10.0.0.134 remote-as=65000 address-families=ip,ipv6

Router B:

[admin@B] > routing bgp peer add remote-address=10.0.0.133 remote-as=65000 address-families=ip,ipv6

Redistribute a route from router A to router B:

[admin@A] > ipv6 route add dst-address=2001::/16 gateway=fe80::1%ether1
[admin@A] > routing bgp network add network=2001::/16
[admin@A] > routing bgp advertisements print
PEER     PREFIX               NEXTHOP          AS-PATH  ORIGIN     LOCAL-PREF
peer1    2001::/16            fe80::1200:ff...          igp        100
[admin@B] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 ADb  2001::/16                fe80::1200:ff:fe00:10... 200

IPv6 addresses can also be used in peer configuration in remote-address and update-source fields - to make a BGP connection over IPv6.

OSPF

Unlike to BGP, adding IPv6 support to OSPF required a lot of changes and resulted in a new, incompatible, version of OSPF: protocol version 3. (For IPv4, OSPF version 2 is used). The new version is described in RFC 2740.

OSPFv3 uses the same fundamental mechanisms as OSPFv2 — LSAs, flooding, the SPF algorithm, etc. However, it adds not only support to a new address family, but also some improvements to the protocol itself. The new version avoids some potential problems and inefficiencies present in the operation of OSPFv2.

OSPFv3 configuration syntax largely remains the same as for OSPFv2. One mayor difference is that there is no configuration for networks anymore, and interface configuration becomes mandatory, since OSPFv3 runs on link, not IP subnet, basis.

Example:

Configure OSPF on router A:

[admin@A] > routing ospf-v3 interface add interface=ether1 area=backbone

Configure OSPF on router B:

[admin@B] > routing ospf-v3 interface add interface=ether1 area=backbone

Redistribute a route from router A to router B:

[admin@A] > ipv6 route add dst-address=2001::/16 gateway=fe80::1%ether1
[admin@A] > routing ospf-v3 instance set default redistribute-static=as-type-1
[admin@A] > routing ospf-v3 route print
 # DESTINATION                                 STATE          COST
 0 2001::/16                                   imported-ext-1 20
[admin@B] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 ADo  2001::/16                fe80::1200:ff:fe00:10... 110

RIP

Similarly to OSPF, a new version of RIP was required to add IPv6 support. The new version is called RIPng (RIP new generation) and described in RFC 2080. Just like OSPFv3, RIPng runs on link, not IP subnet, basis - this means that you need to configure interfaces, not IP networks, on which to run RIPng.

Example:

Configure RIP on router A:

[admin@A] > routing ripng interface add interface=ether1

Configure RIP on router B:

[admin@B] > routing ripng interface add interface=ether1

Redistribute a route from router A to router B:

[admin@A] > ipv6 route add dst-address=2001::/16 gateway=fe80::1%ether1
[admin@A] > routing ripng set redistribute-static=yes
[admin@A] > routing ripng route print
Flags: C - connect, S - static, R - rip, O - ospf, B - bgp
 #   DST-ADDRESS
 0 S 2001::/16
[admin@B] > ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 ADr  2001::/16                fe80::1200:ff:fe00:10... 120


6to4 (6in4) tunnels

This describes solution using global 6to4 relay address. For a solution using a tunnel broker see Setting up an IPv6 tunnel via a tunnel broker.

First, you will need a global routable IPv4 address. We assume the address 1.2.3.4 for the sake of this example.

Then you need to make user that the global 6to4 relay anycast address 192.88.99.1 is reachable and that it really provides relay services (since it's anycast address, your connection should be routed to the host having this addresses that is the closest to your location).

Then add 6to4 interface without specifying remote address and using your global IPv4 address as local-address:

interface 6to4 add mtu=1280 local-address=1.2.3.4 disabled=no

Now you need to add a IPv6 address to the tunnel interface. The address should be in form "2002 + <IPv4 address in hex> + <custom id>" . A bash script can be used to generate such IPv6 address for you:

 atis@atis-desktop:~$ ipv4="1.2.3.4"; id="1"; printf "2002:%02x%02x:%02x%02x::$id\n" 
 `echo $ipv4 | tr "." " "`
2002:0102:0304::1

Add the generated address to the 6to4 interface:

ipv6 address add address=2002:0102:0304::1/128 interface=sit1

Add route to global IPv6 Internet through the tunnel interface using the anycast IPv4 address:

ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1,sit1

Syntax for RouterOS v4.x, or RouterOS 3.x with routing-test:

ipv6 route add dst-address=2000::/3 gateway=::192.88.99.1%sit1

Now try to ping some IPv6 host (e.g. ipv6.google.com, 2001:4860:a003::68) to check your IPv6 connectivity.

See also 6in4 and 6to4 in Wikipedia.

Using dual stack

All IP services that listen to IPv6 also accept IPv4 connections. We take the web proxy for an example.

To force the web proxy to listen to IPv6 connections:

/ip proxy set src-address=::

To demonstrate that the dual stack is working, we connect to the web proxy at 10.0.0.131/fc00:1::1 using telnet, issue "GET /" request, and observe generated error message.

Connecting via IPv4:

$ telnet 10.0.0.131 8080
Trying 10.0.0.131...
Connected to 10.0.0.131.
Escape character is '^]'.
GET /

HTTP/1.0 404 Not Found
Content-Length: 518
...
Generated Mon, 18 Dec 2006 12:40:03 GMT by 10.0.0.131 (Mikrotik HttpProxy)

Connecting via IPv6:

$ telnet -6 fc00:1::1 8080
Trying fc00:1::1...
Connected to fc00:1::1.
GET /

HTTP/1.0 404 Not Found
Content-Length: 525
...
Generated Mon, 18 Dec 2006 12:38:51 GMT by ::ffff:10.0.0.131 (Mikrotik HttpProxy)


[ Top | Back to Content ]