a.k.a share your ipv6 subnet from Linux to Mikrotik

I'm a big fan of IPv6 protocol for many years now and its starting to be more and more popular (Ipv6 in Poland).
Some ISP gives native ipv6 by default but unfortunately my ISP is not offering v6 protocol. Let's try to delegate a small subnet from my dedicated linux server to my home Mikrotik router.

Still you can use a ipv6 tunnelbroker like tunnelbroker.net but cmon.

PREPARATIONS

HARDWARE/TUNNELS/IPS

I will use the same server I was describing in my previous post some time ago - Multiple IPv6 tunnels on a single machine

1 x debian (9) linux with:
- public available IP - **1.1.1.1**
- ipv6 tunell 2001:abc:4321::/48

1 x Mikrotik (hAP ac with RouterOS v6.41 at the time of writing)
- public avaliable IP - **2.2.2.2**

1. Split your subnet

In IPv4 you usually think about how many addresses you have available and how you can allocate them. In IPv6 you usually think about how many (/64) subnets you have available and how you can allocate them to end users. You almost never worry about how many IPs will be used, each subnet just simply has way more addresses available than it will ever require, so instead you worry only about allocating subnets, not hosts inside them.

IPv6 subnets are usually /64 because that is required in order for SLAAC (stateless address autoconfiguration) to work. Even where SLAAC is not in use, there may be other reasons to use /64.

Standard IPv6 network sizes:

  • /64 - basic subnet (LAN, WAN, addresses for virtual hosts, etc...) subnets are never expected to be smaller (longer prefix) than /64.
  • /56 - block of 256 basic subnets
  • /48 - block of 65536 basic subnets (recommended size of block that ISP customer end site should receive)
  • /32 - block that most ISPs will receive each time they request more addresses from a regional address registry.

My pick from 2001:abc:4321::/48 will be 2001:abc:4321:a::/64** but you can set whatever is in your range.

2. Linux config

Lets keep it simpe and use 6to4 IPv6 Tunneling to handle the tunell.
6to4 is v6 transition mechanism described in RFC 3056. Like many other transition mechanisms, it enables encapsulation of IPv6 packets into IPv4 for transport across an IPv4 network. What's really neat about 6to4 is that it allows for automatic 6to4 address translation!

My tunnel name will be pomidor and we do it debian way!

/etc/network/interfaces

...
auto pomidor
iface pomidor inet6 v4tunnel
  address 2001:abc:4321:a::1
  netmask 126
  local 1.1.1.1
  endpoint 2.2.2.2
  ttl 64
  mtu 1280
  up ip -6 r a 2001:abc:4321:a::/64 dev pomidor
  pre-down ip -6 r d 2001:abc:4321:a::/64 dev pomidor
...

Now you can use ifup and ifdown to control your tunnel. What's even better about it, is that the tunnel is set up at boot time, because in /etc/init.d/networking, "ifup -a" is called, which brings up all interfaces from /etc/network/interfaces configured with the "auto" option.
(dont forget to do a echo 1 > /proc/sys/net/ipv6/conf/all/forwarding)

root::~# ifup pomidor
root::~# ifconfig pomidor
pomidor  Link encap:IPv6-in-IPv4  
          inet6 addr: 2001:abc:4321:a::1/126 Scope:Global
          inet6 addr: fe80::3ed2:2614/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0 GiB)  TX bytes:0 (0 GiB)

It's redy to do the the config on the mikrotik.

3. Mikrotik setup

Same as on linux server we need to add 6to4 interface with a ipv6 address 2001:abc:4321:a::2 and a default route pointing to the linux server.

/interface 6to4 add !keepalive local-address=2.2.2.2 mtu=1280 name=pomidor remote-address=1.1.1.1

/ip firewall filter
add chain=input comment="IPv6 1.1.1.1 - Allow ICMP" in-interface=pomidor protocol=icmp src-address=1.1.1.1
add chain=input comment="IPv6 1.1.1.1 - Protocol 41" in-interface=pomidor protocol=ipv6 src-address=1.1.1.1
add chain=output out-interface=pomidor protocol=ipv6

/ipv6 add address=2001:abc:4321:a::2 advertise=no interface=pomidor

/ipv6 route add distance=1 gateway=2001:abc:4321:a::1

Lets test and ping the other side.

/ping 2001:abc:4321:a::1
  SEQ HOST                                     SIZE TTL TIME  STATUS
   0 2001:abc:4321:a::1                       56  64 30ms  echo reply
   1 2001:abc:4321:a::1                       56  64 30ms  echo reply
   2 2001:abc:4321:a::1                       56  64 30ms  echo reply
   3 2001:abc:4321:a::1                       56  64 30ms  echo reply
  sent=4 received=4 packet-loss=0% min-rtt=29ms avg-rtt=29ms max-rtt=30ms 

Its alive!! Stay tuned for next ipv6 episodes ;)