Configure DHCPv6-PD (Prefix Delegation) Client & Server on Mikrotik RouterOS 6.48.2
For the past few months, I invested some bucks on my high-speed network project. I’ve got a HPE ProLiant MicroServer Gen10 Plus serving as the NAS, and a 10GbE switch QSW-M2108R-2C from QNAP as the network backbone. On top of them, I’m using a Mikrotik hEX S (RB760iGS) as my main router. And you might have guessed, my AX88U now serves as an AP.
In case of your curiosity, this is how my gears stack now:
Well enough talking, let’s go into the topic.
Set up DHCPv6-PD client
Enable DHCPv6 client
DHCPv6 client can be enabled with:
Depending on your ISP, the prefix hint may vary. My ISP Charter Spectrum offers /56
prefixes, so I’m using ::/56
here.
Note that in order to make SLAAC (or DHCPv6 stateless) work, you’ll need a prefix at least shorter than /64
. If your ISP won’t offer you a prefix shorter than /64
, you can’t do subnetting (or more precisely, offering prefixes to cascading routers) without breaking IPv6, unless you wanna try the dirty NAT66.
The key parameter is the pool-prefix-length
. This value determines the prefix length, or the subnet size, that the DHCPv6 server will offer for cascading routers.
For me, 60
is pretty reasonable: the main router is able to offer 16 /60
prefixes for cascading routers, and the cascading routers can offer another 16 /64
prefixes for their clients.
Now you can check if prefix is assigned with /ipv6 dhcp-client print
and /ipv6 pool print
:
[admin@MikroTik] > /ipv6 dhcp-client print
Flags: D - dynamic, X - disabled, I - invalid
# INTERFACE STATUS REQUEST PREFIX
0 ether1 bound address 2600:6c51:fake:n00b::/56, 4d22h24m10s
prefix
[admin@MikroTik] > /ipv6 pool print
Flags: D - dynamic
# NAME PREFIX PREFIX-LENGTH EXPIRES-AFTER
0 D delegation 2600:6c51:fake:n00b::/56 60 4d22h23m52s
Add necessary IPv6 firewall rule
If the status keeps showing searching
, check IPv6 firewall to see whether incoming packets to UDP port 546
(DHCPv6 client) is allowed. If not, this rule can be added via:
Assign IPv6 address to interfaces
The last step is to assign IPv6 address on internal interface from address pool:
If you get multiple interfaces, run the above command on each interface separately. Use /ipv6 address print
to check assigned addresses:
[admin@MikroTik] > /ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2600:6c51:fake:n00b::1/64 delegation bridge yes
1 DL fe80::a55:31ff:fe00:fake/64 bridge no
2 DL fe80::a55:31ff:fe00:fake/64 ether1 no
3 DG 2600:6c51:some:fake:addr:why:so:long/64 ether1 no
Set up DHCPv6-PD server
Note 1: Like I’ve mentioned before, you need a prefix at least shorter than /64
from your ISP to make DHCPv6-PD server works!
Note 2: In order to delegate prefixes to cascading routers, you have to assign a pool-prefix-length
in RouterOS DHCPv6 client. Check the previous section for details.
Before started, I want to re-state the note (at least at the time of writing) from Mikrotik’s documentation:
Note: RouterOS DHCPv6 server can only delegate IPv6 prefixes, not addresses.
Mikrotik Documentation — Manual:IPv6/DHCP Server
In other words, DHCPv6 server in RouterOS is only capable of SLAAC (or stateless DHCPv6). There is no support for stateful DHCPv6.
Enable DHCPv6 server
The following command creates a DHCPv6 server:
Again, if you get multiple interfaces, run the above command on each interface separately.
Now you can check if cascading routers are assigned prefixes with /ipv6 dhcp-server binding print
:
[admin@MikroTik] > /ipv6 dhcp-server binding print
Flags: I - invalid, X - disabled, R - radius, D - dynamic
# ADDRESS DUID SERVER STATUS
0 D 2600:6c51:fake:n01b::/60 0xa85e45fakeid default bound
Congratulations! Your DHCPv6 services on RouterOS are working now.
Advertise DHCPv6 options
… though there could be one more question: what if I want to configure DHCPv6 options (DNS, search domains, etc.)?
First you need to allow Other Configuration
in IPv6 ND
(neighbor discovery):
Then we can set up DHCPv6 options. Here I’m creating option 23 (DNS) and 24 (domain search list):
For option 23 (DNS), you need to assign a full 64-bit address in hexadecimal.
To grab the value of DHCPv6 option 24 (domain search list), use this tool: https://jjjordan.github.io/dhcp119/.
You may have noticed I’m using a ULA address fd00::1
for option 23. This allows me to assign my Mikrotik router as the default DNS without scripting.
The idea comes from dksoft
. But for my application, I only need one command (to assign fd00::1
):
Note that RA is disabled, because I don’t want clients get SLAAC addresses from fd00::1/8
prefix.
The last step is to assign these options to DHCPv6 server:
Conclusion
I’d say once you figure out how RouterOS works, it is much less painful than doing the same things on AX88U, though it might be unfair to AX88U since it is designed for consumer market.
So what have I learned? Well, if you have special requirements to fullfil, instead of going for all-in-one products (for example AX88U in this case: you get a router, a switch, and an AP), buy products that focuses on specific applications.
Trust me, it’s much more painless!
Comments Go back to the top