Scribd
Upload
210 views37 pages

Ipv6 Implantando No Mikrotik

This document discusses implementing IPv6 in Mikrotik RouterOS. It begins with an introduction to IPv6 including expanded addressing capabilities, header simplification, and neighbor discovery protocol. It then provides examples of IPv6 addressing including unicast, multicast, anycast, and link-local addresses. The document demonstrates creating an IPv6 tunnel to a broker to allow IPv6 connectivity over an IPv4 network. It includes network diagrams and configuration steps for the main gateway and distribution router to establish the IPv6 network.

Uploaded by

bigdrsmith
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
210 views37 pages

Ipv6 Implantando No Mikrotik

This document discusses implementing IPv6 in Mikrotik RouterOS. It begins with an introduction to IPv6 including expanded addressing capabilities, header simplification, and neighbor discovery protocol. It then provides examples of IPv6 addressing including unicast, multicast, anycast, and link-local addresses. The document demonstrates creating an IPv6 tunnel to a broker to allow IPv6 connectivity over an IPv4 network. It includes network diagrams and configuration steps for the main gateway and distribution router to establish the IPv6 network.

Uploaded by

bigdrsmith
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

Implementation IPV6 in Mikrotik

RouterOS
by Teddy Yuliswar

YOGYAKARTA, OCTOBER 09 10 , 2015


Introduction
TEDDY YULISWAR

qMTCNA, MTCRE, MTCTCE, MTCINE

qPlace of Hanging out :


- Politeknik Negeri Padang
- PT. Gnet Biaro Akses (Golden Net) (ISP)
- LPSE Tanah Datar
- Kelompok Pengguna Linux Indonesia (KPLI) Padang
qTeaching Internet for Junior High School Student in rural
area in Tanah Datar (Social Activity)
What is IPV6
To Transition from IPv4 to IPv6
More than 20+ years will be occur.
What do we do until then?
Dual Stack Because IPv6 is not backward
compatible with IPv4, Both will run at the same
time for years to come.
What is IPV6?
What is IPV6
qExpanded Addressing Capabilities
qHeader Format Simplification
qImproved Support for Extensions and Options
qFlow Labeling Capability

Header Comparison
Neighbor Discovery Protocol (NDP)
qReplace ARP FuncGon in IPV4
qIt operates in the Link Layer of the Internet model (RFC
1122)
qResponsible for address autoconguraGon of nodes
qResponsible for discovery of other nodes on the link, d
qDetermining the link layer addresses of other nodes
qDuplicate address detecGon
qFinding available routers and Domain Name System (DNS)
servers
qAddress prex discovery, and maintaining reachability
informaGon about the paths to other acGve neighbor nodes
(RFC 4861)
Prex
IPv6 prex is wriSen in address/prex-length
format. Compared to IPv4 decimal
representaGon of network mask cannot be used.
Prex examples:
2001:470:1f09:131::/64
2001:db8:1234::/48
2607:f580::/32
2000::/3
Type of IPV6 Addresses
IPv6 has three types of addresses, which can be categorized
by type and scope:
1.Unicast addresses. A packet is delivered to one interface.
2.MulGcast addresses. A packet is delivered to mulGple
interfaces.
3. Anycast addresses. A packet is delivered to the nearest of
mulGple interfaces (in terms of rouGng distance).

IPv6 does not use broadcast messages.


Unicast Addresses
Packets addressed to a unicast address are
delivered only to a single interface. To this group
belong:
globally unique addresses and can be used to
connect to addresses with global scope
anywhere.
link-local addresses
site-local addresses (FEC0::/48) - deprecated
special purpose addresses
compaGbility addresses
Global unicast address can be automaGcally
assigned to the node by Stateless Address auto-
congura2on.

Link-local address

A link-local address is required on every IPv6-enabled interface,
applicaGons may rely on the existence of a link-local address even
when there is no IPv6 rouGng, that is why link-local address is
generated automaGcally for every acGve interface using it's interface
idenGer (calculated EUI-64 from MAC address if present).

Address prex is always FE80::/64 and IPv6 router never forwards link-
local trac beyond the link.

These addresses are comparable to the auto-conguraGon addresses
169.254.0.0/16 of IPv4.

A link-local address is also required for Neighbor Discovery processes.
The following table is a parGal list of IPv6 mulGcast addresses that are reserved for
IPv6 mulGcasGng and registered with the Internet Assigned Numbers Authority
(IANA). For complete list of assigned addresses read IANA document.
Anycast address
Anycast address is a new type of address incorporated in IPv6.

Anycasting is a new networking paradigm supporting service


oriented Addresses where an identical address can be assigned
to multiple nodes providing a specific service. An anycast packet
(i.e., one with an anycast destination address) is delivered to one
of these nodes with the same anycast address.

Anycast address is not assigned a specific address range. It is


assigned from unicast address range.
Interface IdenNer
The last 64 bits of an IPv6 address are the interface identifier that is unique to
the 64-bit prefix of the IPv6 address. There are several ways how to determine
interface identifier:
q EUI-64;
q randomly generated to provide a level of anonymity;
q manually configured.
EUI-64
Traditional interface identifiers for network adapters are 48-bit MAC address.
This address consists of a 24-bit manufacturer ID and a 24-bit board ID.
IEEE EUI-64 is a new standard for network interface addressing. The company
ID is still 24-bits in length, but the extension ID is 40 bits, creating a much
larger address space for a network adapters.
To create an EUI-64 address from the interface MAC address:
q 0xFFFE is inserted into the MAC address between the manufacturer ID and
the board ID.
q seventh bit of the first byte is reversed.

Lets make an example with following MAC


address 00:0C:42:28:79:45.

When the result is converted to colon-hexadecimal notaGon, we get the


interface idenGer 20C:42FF:FE28:7945. As the result, corresponds link-local
address is
FE80::20C:42FF:FE28:7945/64
In RouterOS, if the eui-64 parameter of an address is congured, the last 64 bits
of that address will be automaGcally generated and updated using interface
idenGer.
The last bits must be configured to be zero for this
case. Example:
IPV6 Transition Methods

Dual Stack Running both IPv4 and IPv6


on the same devices
Tunneling Transporting IPv6 traffic
through an IPv4 network transparently
Translation Converting IPv6 traffic to
IPv4 traffic for transport and vice versa.
Dual Stack
IPV6 2001:d02::14:0:0:96
Network 2001:d02::14:0:0:95

202.65.11.189 202.65.11.190

IPV4
Network
Tunneling
TranslaGon
NAT-PT
Router

IPV6 IPV4

Not Yet Supported in Router OS


My First IPV6 Network in MikroGk
Router OS
My main gateway (R1) has only IPv4 internet
connecGvity and ISP is not providing IPv6
services. Our network consists of two isolated
network segments Lan1 and Lan2.
To enable IPv6 we will need to create a tunnel
to IPv6 tunnel broker which will transit our
IPv6 trac over IPv4 network.
Network Topology
Tunnel Broker

2001:470:35:f1a::1/64
R1

2001:470:35:f1a::2/64
2001:470:36:f1a::1/64

2001:470:36:f1a::2/64 R2

2001:470:ecc0:2::1/64

2001:470:ecc0:2::2/64
SpecicaGon Hardware
Main Gateway (R1) : RB1100 AH X2
SpesicaGon Hardware
DistribuGon Router (R2) : RB750G
1. RegistraGon at Hurricane Electric tunnel
broker services : www.tunnelbroker.net


2. Ager registraGon click on "Create regular
tunnel", enter your IP address and choose
closest server to your locaGon. That's it
tunnel is now allocated.
3. Now go to tunnel details, where you will see
all the parameters for successful tunnel
creaGon and allocated IPv6 address block. As
we have two separate lan segments we will
need /48 address block, allocate it by clicking
on "allocate".

4. In default packages Router OS MikroGk in
Routerboard sGll not installed IPV6 Packages,
so follow this step :



ConguraGon in Main Gateway (R1)
# ipv4 connectivity to ISP

/ip address add address=202.62.10.195/24 interface=ether1


/ip route add gateway=202.62.10.193

# ipv6 service
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no \
local-address=202.62.10.195 mtu=1280 name=tunnel-IPV6 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:35:f1a::1 scope=30 target-scope=10
/ipv6 route add comment="" disabled=no distance=1 dst-address=::/0 gateway=tunnel-IPV6 scope=30 target-scope=10

/ipv6 address add address=2001:470:35:f1a::2/64 advertise=no disabled=no eui-64=no interface=tunnel-IPV6

#Lan1

/ipv6 address add address=2001:470:36:f1a::1/64 advertise=yes disabled=no eui-64=no interface=tunnel-IPV6

# routing between segments

/routing ospf-v3 instance set default router-id=10.10.10.1 distribute-default=if-installed-as-type-1 \ redistribute-connected=as-


type-1
/routing ospf-v3 interface add area=backbone interface=ether3

# DNS
/ip dns set allow-remote-requests=yes servers=2001:4860:4860::8844,2001:4860:4860::8888,8.8.8.8,8.8.4.4
ConguraGon in DistribuGon Router (R2)
# ipv6 service

/ipv6 address add address=2001:470:36:f1a::2/64 advertise=no disabled=no eui-64=no interface=ether2 comment=gateway


/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:36:f1a::1 scope=30 target-scope=10
/ipv6 route add comment="" disabled=no distance=1 dst-address=::/0 gateway=ether2 scope=30 target-scope=10

#Lan2

/ipv6 address add address=2001:470:ecc0:2::1/64 advertise=yes disabled=no eui-64=no interface=ether1

# routing between segments

/routing ospf-v3 instance set default router-id=10.10.10.2 distribute-default=if-installed-as-type-1 \ redistribute-connected=as-


type-1
/routing ospf-v3 interface add area=backbone interface=ether2

/ip dns
set allow-remote-requests=yes servers="2001:470:36:f1a::1,2001:4860:4860::8844,2001:4860:4860::8888,8.8.8.8,8.8.4.4"
Contact me :

hXp://www.teddyyuliswar.com

@BangTeddy

teddy.yuliswar@gmail.com
Thank You

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy