First off, apologies for the tardy acknowledgement of your super-quick response ![:-)]( "Smile")
life intervened ![:-P]( "Razz")
But yes, your guide worked perfectly. I'm now 'visible' on IPv6. Thanks a ton!
I do have a couple of quick follow-up questions (and a seemingly phantom RA issue that I'm seeing on the LAN side) that I'd really appreciate your input on:
First my questions:
While I see the 'real' RA sent by my mikrotik (on the LAN side) with its source address set to <my_prefix>::1 (i.e. the one advertising my prefix and my own DNS server) I'm also seeing another RA with a link-local source address that does not belong to any of the mikrotik's interfaces.
So are these from Xfinity (on the WAN side) and are somehow being 'forwarded' on to the LAN side? This is a bit counter-intuitive to me. Also, these RAs have the destination address of fe80::ffff:ffff:fffe. I've looked online but don't see this listed as a 'reserved' address anywhere. If it matters, these RAs also advertise a 'private' prefix of the '2001:0:x' sort.
So where are these RAs coming from and more importantly would it wise to suppress them on the LAN side? If yes, is there a simpler RouterOS option to disable these on the LAN side (as opposed to using a firewall rule)?
Thanks!
/DN
life intervened 
But yes, your guide worked perfectly. I'm now 'visible' on IPv6. Thanks a ton!
I do have a couple of quick follow-up questions (and a seemingly phantom RA issue that I'm seeing on the LAN side) that I'd really appreciate your input on:
First my questions:
- 1. Why do we add the <my_prefex>::1 IPv6 address on the bridge interface and not on the WAN interface? How does this enable 'IPv6 world visibility' (that my original question alluded to)?
2. Would be wise/safe to add another G address on the WAN interface (say <my_prefix>::/2)?
While I see the 'real' RA sent by my mikrotik (on the LAN side) with its source address set to <my_prefix>::1 (i.e. the one advertising my prefix and my own DNS server) I'm also seeing another RA with a link-local source address that does not belong to any of the mikrotik's interfaces.
So are these from Xfinity (on the WAN side) and are somehow being 'forwarded' on to the LAN side? This is a bit counter-intuitive to me. Also, these RAs have the destination address of fe80::ffff:ffff:fffe. I've looked online but don't see this listed as a 'reserved' address anywhere. If it matters, these RAs also advertise a 'private' prefix of the '2001:0:x' sort.
So where are these RAs coming from and more importantly would it wise to suppress them on the LAN side? If yes, is there a simpler RouterOS option to disable these on the LAN side (as opposed to using a firewall rule)?
Thanks!
/DN
Statistics: Posted by devnull0 — Fri Mar 15, 2024 12:39 am