How to configure a Mikrotik router as DHCP-PD Client (Prefix delegation)
February 6, 2018
Over time more and more IPS provide IPv6 addresses to the router (and the clients behind it) via DHCP-PD. To be more verbose, that’s DHCPv6 with Prefix delegation delegation. This allows the ISP to provide you with more than one subnet, which allows you to use multiple networks without NAT. And forget about NAT and IPv6 – there is no standardized way to do it, and it will break too much. The idea with PD is also that you can use normal home routers and cascade them, which requires that each router provides a smaller prefix/subnet to the next router. Everything should work without configuration – that was at least the plan of the IETF working group.
Anyway let’s stop with the theory and provide some code. In my case my provider requires my router to establish a pppoe tunnel, which provides my router an IPv4 automatically. In my case the config looks like this:
/interface pppoe-client add add-default-route=yes disabled=no interface=ether1vlanTransitModem name=pppoeDslInternet password=XXXX user=XXXX
For IPv6 we need to enable the DHCPv6 client with following command:
/ipv6 dhcp-client add interface=pppoeDslInternet pool-name=poolIPv6ppp use-peer-dns=no
But a check with
/ipv6 dhcp-client print
will only show you that the client is “searching…”. The reason for this is that you most likely block incoming connections from the Internet – If you don’t filter –> bad boy! :-). You need to allow DHCP replies from the server.
/ipv6 firewall filter add chain=input comment="DHCPv6 server reply" port=547 protocol=udp src-address=fe80::/10
Now you should see something like this
In this case we got a /60 prefix delegated from the ISP, which counts for 16 /64 subnets. The last step you need is to configure the IP addresses on your internal networks. Yes, you could just statically add the IP addresses, but if the provider changes the subnet after an disconnect, you need to reconfigure it again. Its better configure the router to dynamically assign the IP addresses delegated to the internal interfaces. You just need to call following for each of your internal interfaces:
/ipv6 address add from-pool=poolIPv6ppp interface=vlanInternal
Following command should show the currently assigned prefixes to the various internal networks
/ipv6 address print
Hey, IPv6 is not that complicated. 🙂
3 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Powered by WordPress
Entries and comments feeds.
Valid XHTML and CSS.
40 queries. 0.067 seconds.
Mikrotiks seems as pain in … really 🙁
Your article helped me a lot, thank you very much!
Saved lots of time as was busy few days ago nearly the same task, was need to configure it as well like DHCP-PD client.
Comment by scanforsecurity — April 18, 2018 #
Hello, so how do I do the cascading part? How does the next downstream mikrotik get a /62 for example?
Thanks
Comment by gera — October 14, 2018 #
Hi Robert, thank you for the content that you post on your blog, it is always a good read and an opportunity to learn.
May I ask what ISP dou you use, I have an A1 Business Internet service, i will be inquiring with them if they support IPv6.
Comment by Mark — January 26, 2021 #