D
D
Dmitry Shitskov2018-10-24 19:55:43
Computer networks
Dmitry Shitskov, 2018-10-24 19:55:43

Is it possible to advertise IPV6 prefix on Mikrotik?

We received the following settings from the provider:
NET: 2a03:ffff:ffff:100::/64
GW: 2a03:ffff:ffff:100::1/64
Using these settings, I try to configure Mikrotik to distribute this address space in LAN. Below I give the settings, after which Mikrotik itself successfully accesses the Internet. ether11_wan - WAN interface

Settings ipv6 v.1
/ipv6 export verbose     
# oct/24/2018 19:48:16 by RouterOS 6.43.2
# software id = R233-59RQ
#
# model = RouterBOARD 1100x4
# serial number = 793107A16F12
/ipv6 pool
add name=ipv6_pool prefix=2a03:ffff:ffff:100::/64 prefix-length=66
/ipv6 address
add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ipv6_pool interface=IPV6 no-dad=no
add address=2a03:ffff:ffff:100::2/64 advertise=no disabled=no eui-64=no from-pool="" interface=ether11_wan no-dad=no
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no disabled=no hop-limit=unspecified interface=all managed-address-configuration=no mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \
    reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 dst-address=::/0 gateway=2a03:ffff:ffff:100::1 !route-tag scope=30 target-scope=10
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes max-neighbor-entries=8192

Routes
0 A S  dst-address=::/0 gateway=2a03:ffff:ffff:100::1 gateway-status=2a03:ffff:ffff:100::1 reachable via  ether11_wan distance=1 scope=30 target-scope=10 
1 ADC  dst-address=2a03:ffff:ffff:100::/64 gateway=ether11_wan gateway-status=ether11_wan reachable distance=0 scope=10


Then the question itself follows - how can I distribute this /64 prefix to the local area, because if I try to do this, then the microt naturally thinks that GW is itself? IPV6 - local bridge.
Settings ipv6 v.2
/ipv6 export verbose 
# oct/24/2018 19:33:31 by RouterOS 6.43.2
# software id = R233-59RQ
#
# model = RouterBOARD 1100x4
# serial number = 793107A16F12
/ipv6 pool
add name=ipv6_pool prefix=2a03:ffff:ffff:100::/64 prefix-length=66
/ipv6 address
add address=2a03:ffff:ffff:100::2/64 advertise=no disabled=no eui-64=no \
    from-pool="" interface=ether11_wan no-dad=no
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no disabled=no \
    hop-limit=unspecified interface=all managed-address-configuration=no mtu=\
    unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
    ra-lifetime=30m reachable-time=unspecified retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/ipv6 route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
    dst-address=::/0 gateway=2a03:ffff:ffff:100::1 !route-tag scope=30 \
    target-scope=10
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
    yes-if-forwarding-disabled forward=yes max-neighbor-entries=8192

Routes
0 A S  dst-address=::/0 gateway=2a03:ffff:ffff:100::1 gateway-status=2a03:ffff:ffff:100::1 reachable via  IPV6 distance=1 scope=30 target-scope=10 
1 ADC  dst-address=2a03:ffff:ffff:100::/64 gateway=ether11_wan,IPV6 gateway-status=ether11_wan reachable,IPV6 reachable distance=0 scope=10


What am I doing wrong? Of course, there is still an opinion that the pr configured its side incorrectly and had to either route the prefix through the link-local address, or allocate a separate prefix for routing.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
W
Wexter, 2018-10-24
@Zarom

Something in your config is such a mess that it's already scary.
In general, here is a good manual https://www.medo64.com/2018/03/setting-ipv6-on-mik...
If your prefix is ​​not issued by dhcp, then create a pool with your prefix manually, or add an address without a pool
Well, for example, my config (sit1 - 6to4 Hurricane Electric tunnel, instead of it, your interface to the provider)

# oct/24/2018 20:26:47 by RouterOS 6.43.2
# software id = 1LD8-H6Z7
#
# model = RouterBOARD 750G r3
# serial number = 6F38065E7063
/ipv6 pool
add name=pool_lan prefix=2001:470:xxxx: xxxx::/64 prefix-length=64
/ipv6 address
add address=::1 from-pool=pool_lan interface=bridge_lan
add address=2001:470:xxxx:xxxx::2 advertise=no interface=sit1
/ipv6 nd
add advertise-dns=yes hop-limit=64 interface=bridge_lan managed-address-configuration=yes other-configuration=yes ra-interval=5m-10m
/ipv6 route
add distance=1 dst-address=2000::/3 gateway= 2001:470:xxxx:xxxx::1

M
Melkij, 2015-08-22
@astralo

select * from users where id not in (select user_id from user_roles join roles on role_id = roles.id where roles.title='админ')

select * from users left join (user_roles, roles) ON (role_id = roles.id and user_id = users.id and roles.title='админ') where user_id is null

V
Vyacheslav Plisko, 2015-08-22
@AmdY

No need to fence sql, on eloquent everything is simple and clear.
We get all users (User) whose (whereHas) roles with the name admin (where('name', 'admin')) is less than 1.

$users = User::whereHas("role", function($q) {
  $q->where('name', 'admin');
}, '<', 1)->get();

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question