technotes.seastrom.com

Mikrotik and IPv6 on cable (tested with legacy-TWC and Comcast)

  • Mon 22 August 2016
  • misc

So you want native IPv6 on your cable connection and you're in Comcast or former Time Warner Cable footprint?

This is pretty easy with a DOCSIS 3.0 cablemodem that is on the approved-for-IPv6 list [*] and a Mikrotik router. Only difficulty is that even though I'm hinting for a /56 I seem to be getting a /64. Not sure if this is a limitation of the Mikrotik or possibly old sticky data from having once hinted for a /64, or what.

Bare-bones config from an RB750GL on TWC:

[admin@DeskTik] /ipv6> export
# aug/13/2016 08:32:34 by RouterOS 6.36
# software id = S6K2-X0Q4
#
/ipv6 dhcp-server
add address-pool=6pd interface=ether2-master-local name=internalv6
/ipv6 address
add from-pool=6pd interface=ether2-master-local
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-gateway pool-name=6pd \
    pool-prefix-length=56 request=prefix
[admin@DeskTik] /ipv6>

Slightly more convoluted (and redacted) config with some likely superfluous old entries (such as the icmpv6/ND entry and DHCP6 entry) in the firewall from an RB751U-2HnD in Comcast-land:

[admin@pennacres] /ipv6> export
# aug/22/2016 11:43:31 by RouterOS 6.30.4
# software id = TM54-18ZH
#
/ipv6 dhcp-server
add address-pool=6pd interface=bridge-local name=internalv6
/ipv6 address
add address=2001:db8:100:273b:20c:42ff:fee2:1054 eui-64=yes from-pool=6pd \
    interface=bridge-local
/ipv6 dhcp-client
add add-default-route=yes interface=ether1-gateway pool-name=6pd
/ipv6 firewall filter
add chain=input comment="Not just ping - ND runs over icmp6." in-interface=\
    ether1-gateway protocol=icmpv6
add chain=input connection-state=established in-interface=ether1-gateway
add chain=input comment="related means stuff like FTP-DATA" connection-state=\
    related in-interface=ether1-gateway
add chain=input comment=\
    "for DHCP6 advertisement (second packet, first server response)" \
    dst-address=fe80::/16 dst-port=546 in-interface=ether1-gateway protocol=\
    udp src-address=fe80::/16
add chain=input comment="ssh to this box for management" dst-address=\
    2001:db8:9800:1b::1/128 dst-port=22222 protocol=tcp
add action=drop chain=input in-interface=ether1-gateway
[admin@pennacres] /ipv6>

[*] Pretty much can't go wrong with the Motorola/Arris SB6141 or Arris CM820A - both of these are 8x4 cablemodems. SB6190 looks pretty choice too, but beware that (at this writing at least) TWC does not support IPv6 on the 6183.
Of course be sure to double check with your provider TWC or Comcast - note the "IPv6" column for Comcast and the * for "no IPv6" for TWC.