Configuring IPv6 on RouterOS using 6rd

in Networking on RouterOS
Configuring IPv6 on RouterOS using 6rd

An explanation and script for automatic configuration of IPv6 using 6rd (IPv6 rapid deployment) on MikroTik RouterOS.

IPv6 rapid deployment (6rd) is a convention for configuring the tunnel of IPv6 traffic over IPv4 within an internet service provider’s customer network. MikroTik’s RouterOS operating system supports all the pieces required for a customer to connect to such IPv6 networks deployed with 6rd, but RouterOS doesn’t directly support 6rd. This article describes a custom script that will monitor an interface’s IPv4 address and automatically configure a corresponding 6to4 tunnel to follow the 6rd standard.

The script, as included, is configured for 6rd provided by CenturyLink. By changing the configured prefix and gateway, this script can be adapted to any other 6rd implementation.

  1. What is IPv6 Rapid Deployment (6rd)?
    1. IPv6 Addresses With 6rd
  2. RouterOS Script For 6rd
  3. Script Installation and Usage
    1. Prerequisites
    2. Install the Script
    3. Configure the Script
    4. Manual Run
    5. Scheduled Job
  4. References

What is IPv6 Rapid Deployment (6rd)?

IPv6 rapid deployment (6rd) is a standard for providing IPv6 access to customers of existing IPv4 networks. Because customers are already allocated an IPv4 address, the same bits from the IPv4 address are used to construct an IPv6 prefix which is allocated to the same customer. IPv6 traffic is then tunneled from the constructed IPv6 address prefix to an ISP-controlled gateway. As is described by the name, this facilitates faster implementation of customer-accessible IPv6 internet access by reducing the changes required within the ISP’s networks.

IPv6 Addresses With 6rd

Addresses provided by 6rd are constructed by combining a prefix value with the hexadecimal representation of the customer’s corresponding IPv4 address. For example, the IPv4 decimal address of “192.168.0.1” converts to the IPv6 hex-formatted octets “c0”, “a8”, “00”, and “01”.

Depending upon the bit length of the ISP-provided IPv6 address prefix, these octets may be split at different places. IPv6 addresses are conventionally grouped into sets of 16 bits, with leading zeros dropped within each group. If this example address was to actually be used in a 6rd IPv6 address, it could appear inside the full IPv6 address in either of the following ways:

  • …c0:a800:1… (for example, 2600:c0:a800:100::)
  • …:c0a8:1:… (for example, 2600::c0a8:1::)

When using 6rd, the ISP provides a prefix value. The prefix and the converted IPv4 octets are concatenated to determine the IPv6 address prefix allocated to the customer.

RouterOS Script For 6rd

In order to provide working IPv6, the script creates and manages several objects in RouterOS. First is the 6to4 tunnel, which provides the foundation for IPv6 access. With the 6to4 interface in place, the script then configures an IPv6 address pool. After creating the IPv6 address pool, the script adds or updates several IPv6 address objects, allowing RouterOS to select addresses for the 6to4 tunnel (as a WAN-facing interface) and an address for each LAN-facing interface configured at the beginning of the script. Finally, the script creates an IPv6 route which will send traffic through the 6to4 tunnel.

The full source of the script is available on GitHub: FwMotion/6rd-on-routeros

The core logic of this script operates by string manipulation to build the IPv6 address from a prefix and octets converted from the corresponding IPv4 address. Care is taken to count the bits as each 16-bit field of the address is built, so that leading zeros will be trimmed appropriately during IPv6 address construction.

Script Installation and Usage

Prerequisites

For this script to complete successfully, the following items are required:

  1. The ipv6 package must be installed and enabled in RouterOS
  2. A working IPv4 WAN interface must be configured and active
  3. You must know both of:1
    • the IPv6 prefix for your ISP
    • the IPv4 address of your ISP’s 6to4 gateway

Install the Script

Download the 6rd-on-routeros.rsc file directly onto the device with the following command:

/tool
fetch https://raw.githubusercontent.com/FwMotion/6rd-on-routeros/master/6rd-on-routeros.rsc output=file dst-path=6rd-on-routeros.rsc

Then run the following command to import the script:

/
import file=6rd-on-routeros.rsc

And finally, clean up the file after it’s been imported:

/file
remove 6rd-on-routeros.rsc

You can also change the name of the script by running:

/system script
set script-6rd-centurylink name=your-own-script-name

If you change the name of the script, be sure to adjust the commands below accordingly.

Configure the Script

To start configuring the script, open it inside the RouterOS script editor:

/system script
edit script-6rd-centurylink source

For script editing, RouterOS provides a minimalistic editor with basic syntax highlighting. To exit without saving changes, use the hotkey CTRL+C. To save and exit, use CTRL+O. Syntax highlighting will not update automatically; instead, to update the highlighting, instruct the editor to “repaint” with F5. In addition to supporting arrow keys, HOME, END and similar navigation, the RouterOS script editor also handles basic emacs-like cursor navigation: CTRL+N moves the carat to the next line and CTRL+P moves to the previous line. Similarly, CTRL+F moves forward by a single character while CTRL+B moves backward. CTRL+A and CTRL+E move respectively to the beginning and end of the current line.

The configuration values are contained at the top of the script:

Script Variables Describing Configuration

Available script configuration options

The configuration variables are as listed:

  • ipv4interface: must be set to the name of the interface through which IPv4 internet access is provided. The script will base IPv6 address calculations upon the IPv4 address of this interface.
  • ipv6interfaceWan: the name of the 6to4 tunnel interface. This 6to4 interface will be created if it doesn’t exist.
  • ipv6interfaceLanArray: an array of the names of interfaces which should have IPv6 addresses added
  • ipv6addrcomment: a comment which will be added to signal that the address was created and is managed by this 6rd script. The script searches for IPv6 addresses with this comment for update when the IPv6 address changes
  • ipv6gatewayDestination: the routing mask for use with creating the IPv6 route
  • ipv6prefix: the prefix provided by your ISP for calculating IPv6 address
  • ipv6prefixLen: the bit length of the prefix
  • ipv6pool: the name of a IPv6 pool. The pool will be created if it doesn’t exist.
  • ipv6suffixLanPool: a suffix to add to the calculated IPv6 address when creating the pool for LAN interfaces. This should round the IPv6 address to an even /64 bitmask when completed.
  • ipv6suffixLanPoolDelta: the bit size of the suffix
  • ipv6suffixWan: the suffix to add to the calculated IPv6 address when managing the IPv6 address for the WAN interface.
  • ipv6addressLan: the address to use within the prefix for each LAN interface
  • ipv4border: the IPv4 address which receives the tunneled IPv6 traffic.
  • ipv6mtu: the MTU to use when creating the 6to4 tunnel

When satisfied with the changes, press F5 to ensure that the syntax is correct and highlights properly. Then press CTRL+O to save the script and exit the script editor.

Manual Run

With the script installed and configured, the script is ready to be executed. I suggest running the script manually for the first execution to facilitate validating that the output matches expectations.

Before running the script and enabling IPv6, I strongly recommend reviewing your device’s IPv6 firewall configuration. Some basic security recommendations can be found on the MikroTik Wiki page Securing Your Router.

The following command will run the script manually, displaying the output directly to the console:

/system script
run script-6rd-centurylink

Manual First Run of the 6rd Script

An example manual run of the 6rd script

Scheduled Job

Once the script is working as expected, it needs to be able to respond to changes in IPv4 address. To accommodate this, add a scheduler job to run the 6rd script every 5 minutes:

/system scheduler
add name=schedule-6rd-centurylink interval=5m on-event=script-6rd-centurylink

References

This script was based upon an example script provided in the MikroTik forums. The following features and changes were added to this version of the script:

  1. Working IPv6 address calculation regardless of prefix length or IPv4 hex conversion2
  2. Usage of IPv6 address pool
  3. Support for IPv6 addresses on multiple LAN interfaces
  4. Enhance script output to display both on command line and in RouterOS system logs

  1. The script included in this article is configured for CenturyLink as the ISP. If you subscribe to service from CenturyLink, you may be able to leave the prefix and gateway as-is. ↩︎

  2. The original script would fail under certain circumstances. As an example, converted IPv4 addresses that had octets beginning with 0 may need to be stripped to properly build the IPv6 address. The original script did not strip leading zeros correctly and would construct invalid IPv6 addresses. ↩︎