Manual:Simple Static IPv6 Routing: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Created page with "== Introduction == Lets make a simple routing setup illustrated in image below Image:simple-ipv6-routing.png Lets consider ISP is giving us prefix 2001:db8::/62 and prefi..."
 
No edit summary
Line 63: Line 63:


{{Note | Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted  access or attacks}}  
{{Note | Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted  access or attacks}}  
==See Also==
* [[Manual:My_First_IPv6_Network | IPv6 routing example with tunnel broker]]


{{cont}}
{{cont}}

Revision as of 14:00, 1 June 2012

Introduction

Lets make a simple routing setup illustrated in image below


Lets consider ISP is giving us prefix 2001:db8::/62 and prefix is routed to us with link-local address (fe80::1:1).

Ether1 of Router1 is connected to ISP and will be the gateway of our networks. Router2 is connected to ether2 of Router1 and will act as a gateway for clients connected to it from LAN2. Router1 also connects one client to ether3. Our goal is to create setup so that clients from LAN1 can reach clients from LAN2 and all of them can connect to the internet.

Configuration

At first we need to find what link-local addresses are on Router1 and on Router's 2 ether1 for routing. We can do IPv6 routing without globally configuring addresses on every link that way addresses are not wasted. In current setup there is no global addresses even between ISP and our gateway.

[admin@R1] /ipv6 address> print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE     ADVERTISE
 0 DL fe80::219:d1ff:fe00:3511/64                           ether1        no 
 1 DL fe80::219:d1ff:fe00:3512/64                           ether2        no 
 1 DL fe80::219:d1ff:fe00:3513/64                           ether3        no 
[admin@R2] /ipv6 address> print 
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE     ADVERTISE
 0 DL fe80::219:d1ff:fe39:3535/64                           ether1        no 
 1 DL fe80::219:d1ff:fe39:3536/64                           ether2        no 


Now we can start configuration.

Router1

/ipv6 address 
add address=2001:db8:1::1/64 interface=ether3 advertise=yes

/ipv6 route 
add gateway=fe80::1:1%ether1
add dst-address=2001:db8:2::/64 gateway=fe80::219:d1ff:fe39:3535%ether2


Router2

/ipv6 address 
add address=2001:db8:2::1/64 interface=ether2 advertise=yes

/ipv6 route 
add gateway=fe80::219:d1ff:fe00:3512%ether1

Notice how link local addresses are configured as gateways. We provide directly connected neighbour routers link-local address and explicitly specify on which interface ll address is reachable.

Added global addresses are with advertise flag meaning that RA will be used to automatically configure IPv6 addressing on the client PCs. Read more>>

That is all required configuration. At this point all clients are directly reachable from remote locations.

Note: Since IPv6 does not have NAT all clients have direct connection to the Internet. IPv6 firewall rules are required to protect the clients from unwanted access or attacks



See Also


[ Top | Back to Content ]