IPv6 and Mikrotik, how best to deploy right now?


#1

I need to re-do my Mikrotik enabled distribution of customer IPv6, like today.

Does anyone (Simon) have a suggestion for the best current method to do that, knowing v2 is coming soon and we want to dual stack integration with Sonar?


#2

Other than using PPPoE and DHCPv6 over the PPP tunnel so you can use the RADIUS username to identify the customer, I don’t know of a great way today. Someone mentioned that MikroTik has improved their AAA accounting for IPv6 recently, but I haven’t checked yet. Going to look into it more once 2.0 is public. There isn’t really anything new yet in 2.0 for IPv6, but I’ll devote some time to building out some concrete solutions soon.


#3

I have an IPv6 binding script that manipulates address lists by looking for a matching MAC address in IPv4 DHCP, which is a hack. Really hoping to see proper support soon.


#4

What we do (PPPoE+IPv6) is use RADIUS groups to control rate limiting (instead of address lists), and then we use an interface list for delinquent/inactive customers. Sonar adds the customer to the interface list when they are delinquent or inactive, and the interface list has IPv6 firewall rules associated to block the customer from getting online. That way it doesn’t matter that Sonar doesn’t know the customers IPv6 block. Of course, that also means you need to send CoA on delinquency/active status change, but I don’t think that is a big deal for most people. We’ve been running this for about a year now and it is a nice simple reliable workaround until the support improves.


#5

Thanks for your tips guys.
Looks like we are going down the Freeradius server (v3) -> PPPoE IPv4/IPv6 with rate limiting using simple queues on the tunnel to combine the v4/v6 bandwidth to the customer.

Question: currently sonar doesn’t seem to support getting the v6 address’ back into sonar (as far as I can tell). Anyone have any experience with this? sent in a support ticket but haven’t heard back yet…


#6

I think the guys are investigating the issue as IPv6 is not something we deal with regularly. As far as I know dynamic V6 addresses do not come back to Sonar and IPv6 option is only there for record keeping but I could be wrong on this.


#7

so what you are saying is that sonar doesn’t really support IPv6?


#8

Sonar supports IPv6 just fine… you can add IPv6 addresses onto any item. There is no way to do this through DHCP currently as there’s no standard mechanism to identify the devices.

I’m working on a way to make this easier with PPPoE and DHCPv6 over PPP, but it’s not available right now.


#9

My thoughts were a script based in the ppp profile of the PPPoE “OnUP:” that grabbed the lease based on the mac address and tossed it as a JSON post to a ‘Batcher/Poller or other relay’ that could push that info back to sonar for logging purposes.

Would something like that work?


#10

Technically yes, I’m not sure of the specifics. The reason I’m looking at PPPoE and DHCPv6 is you can link the RADIUS profile to the assigned IP in that case.

Honestly I just haven’t had time to dig into this with the push to v2, but it’s on the horizon to at least publish some kind of standardized easy way. Today you can submit anything to the API and get it on the account, you just have to figure out the assignment somehow. It’s not a simple problem.


#11

If I write this to an existing v1 endpoint, will that endpoint still exist when we eventually upgrade to v2?


#12

Depends which one it is and when you upgrade. The plan eventually is to wrap every single v1 API endpoint so that they point to the appropriate GraphQL call. But that won’t be there day 1. That being said, it would be a pretty trivial change to update it to GraphQL.