a.k.a share your ipv6 subnet from Linux to Mikrotik
I'm a big fan of IPv6 protocol for many years now and its starting to be more and more popular (Ipv6 in Poland).
Some ISP gives native ipv6 by default but unfortunately my ISP is not offering v6 protocol. Let's try to delegate a small subnet from my dedicated linux server to my home Mikrotik router.
Still you can use a ipv6 tunnelbroker like tunnelbroker.net but cmon.
I will use the same server I was describing in my previous post some time ago - Multiple IPv6 tunnels on a single machine
1 x debian (9) linux with: - public available IP - **18.104.22.168** - ipv6 tunell 2001:abc:4321::/48 1 x Mikrotik (hAP ac with RouterOS v6.41 at the time of writing) - public avaliable IP - **22.214.171.124**
1. Split your subnet
In IPv4 you usually think about how many addresses you have available and how you can allocate them. In IPv6 you usually think about how many (/64) subnets you have available and how you can allocate them to end users. You almost never worry about how many IPs will be used, each subnet just simply has way more addresses available than it will ever require, so instead you worry only about allocating subnets, not hosts inside them.
IPv6 subnets are usually /64 because that is required in order for SLAAC (stateless address autoconfiguration) to work. Even where SLAAC is not in use, there may be other reasons to use /64.
Standard IPv6 network sizes:
- /64 - basic subnet (LAN, WAN, addresses for virtual hosts, etc...) subnets are never expected to be smaller (longer prefix) than /64.
- /56 - block of 256 basic subnets
- /48 - block of 65536 basic subnets (recommended size of block that ISP customer end site should receive)
- /32 - block that most ISPs will receive each time they request more addresses from a regional address registry.
My pick from 2001:abc:4321::/48 will be 2001:abc:4321:a::/64** but you can set whatever is in your range.
2. Linux config
Lets keep it simpe and use 6to4 IPv6 Tunneling to handle the tunell.
6to4 is v6 transition mechanism described in RFC 3056. Like many other transition mechanisms, it enables encapsulation of IPv6 packets into IPv4 for transport across an IPv4 network. What's really neat about 6to4 is that it allows for automatic 6to4 address translation!
My tunnel name will be pomidor and we do it debian way!
... auto pomidor iface pomidor inet6 v4tunnel address 2001:abc:4321:a::1 netmask 126 local 126.96.36.199 endpoint 188.8.131.52 ttl 64 mtu 1280 up ip -6 r a 2001:abc:4321:a::/64 dev pomidor pre-down ip -6 r d 2001:abc:4321:a::/64 dev pomidor ...
Now you can use ifup and ifdown to control your tunnel. What's even better about it, is that the tunnel is set up at boot time, because in /etc/init.d/networking, "ifup -a" is called, which brings up all interfaces from /etc/network/interfaces configured with the "auto" option.
(dont forget to do a
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding)
root::~# ifup pomidor root::~# ifconfig pomidor pomidor Link encap:IPv6-in-IPv4 inet6 addr: 2001:abc:4321:a::1/126 Scope:Global inet6 addr: fe80::3ed2:2614/64 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0 GiB) TX bytes:0 (0 GiB)
It's redy to do the the config on the mikrotik.
3. Mikrotik setup
Same as on linux server we need to add 6to4 interface with a ipv6 address 2001:abc:4321:a::2 and a default route pointing to the linux server.
/interface 6to4 add !keepalive local-address=184.108.40.206 mtu=1280 name=pomidor remote-address=220.127.116.11 /ip firewall filter add chain=input comment="IPv6 18.104.22.168 - Allow ICMP" in-interface=pomidor protocol=icmp src-address=22.214.171.124 add chain=input comment="IPv6 126.96.36.199 - Protocol 41" in-interface=pomidor protocol=ipv6 src-address=188.8.131.52 add chain=output out-interface=pomidor protocol=ipv6 /ipv6 add address=2001:abc:4321:a::2 advertise=no interface=pomidor /ipv6 route add distance=1 gateway=2001:abc:4321:a::1
Lets test and ping the other side.
/ping 2001:abc:4321:a::1 SEQ HOST SIZE TTL TIME STATUS 0 2001:abc:4321:a::1 56 64 30ms echo reply 1 2001:abc:4321:a::1 56 64 30ms echo reply 2 2001:abc:4321:a::1 56 64 30ms echo reply 3 2001:abc:4321:a::1 56 64 30ms echo reply sent=4 received=4 packet-loss=0% min-rtt=29ms avg-rtt=29ms max-rtt=30ms
Its alive!! Stay tuned for next ipv6 episodes ;)