Category Archives: IPv6

Running MikroTik router on Azure

Yes, it is possible to do it – you just need to:

1. Download pre-prepared vhdx image from MikroTik downloads site,
2. Run it for the first time on your on-prem Hyper-V (accept licence agreement and just check the basic configuration (username / password, interface(s)).
3. Convert (in Hyper-V manager) disk from VHDX to VHD and from Dynamic to Fixed size VHD (you can do it in a single operation)
4. Go to Azure portal and upload your VHD file to Blob storage
5. Prepare a disk image and vm image (that you will later deploy).
6. And finally – deploy. ūüôā

What can you do with MikroTik router on Azure network? A lot of things:
1. You can use other VPN solutions to get connected to Azure network
2. You can (by using EoIP) make L2 connection to Azure network (so you can run VMs without changing IP addresses (and DNS records) which might be cool for DR solution? Unfortunately you can not do that as Azure VNet gateway captures and replies to all ARP requests so everything passes via VNet gateway (x.y.z.1) so it is not possible to extend the network as far as I was able to test.
3. You can “bring” IPv6 network (from on-prem location) to Azure

running mikrotik on azure



IPv6 in Windows environment for beginners – part 1 – ISP IPv6 delivery

Here we go… I have my environment up and running… So first of all we need to ask our ISP to give us IPv6 addreses.
In my case my provider – Telekom Slovenije is providing me IPv6 addresses in two different ways – depending on what kind of device I have at the locations.

So first case is where we have a L3 switch from our provider and in this case we have a /64 prefix on “wan” side of our router (connecting prefix) and /56 prefix routed over second IP address of connection prefix (which you can then split into /64 prefixes on your internal intefaces / vlans):

[admin@xxxx] /ipv6> address print
Flags: X – disabled, I – invalid, D – dynamic, G – global, L – link-local
#    ADDRESS                                   INTERFACE                                                           ADVERTISE
0  G 2a00:ee1:xxx0::2/64              ether3 РIPv6 internet uplink                              no
1  G 2a00:ee1:xxx2::100/64          lan                                                                            no

[admin@xxxx] /ipv6> route print
Flags: X – disabled, A – active, D – dynamic, C – connect, S – static, r – rip, o – ospf, b – bgp, U – unreachable
#      DST-ADDRESS              GATEWAY                  DISTANCE
0 A S  ::/0                     2a00:ee1:6700::1                1
1 ADC¬† 2a00:ee1:xxx0::/64¬†¬†¬†¬†¬†¬† ether3 – IPv6 interne…¬†¬†¬†¬†¬†¬†¬† 0
2 ADC  2a00:ee1:xxx2::/64       lan                             0

Second case is where we have PPPoE session established and we receive /56 prefix by so called prefix delegation (in detail described @ blog)

[admin@xxxx] > ipv6 dhcp-client print detail
Flags: D – dynamic, X – disabled, I – invalid
0¬†¬†¬† interface=pppoe-out1 status=bound duid=”0x00030001d4ca6d38f875″ dhcp-server-v6=fe80::230:88ff:fe04:99ec
request=prefix add-default-route=yes use-peer-dns=no pool-name=”isp-pd” pool-prefix-length=56
prefix-hint=::/0 prefix=2a00:ee2:68xx:xxxx::/56, 1h51m46s

[admin@xxxx] > ipv6 address print
Flags: X – disabled, I – invalid, D – dynamic, G – global, L – link-local
#    ADDRESS                                      INTERFACE                          ADVERTISE
0  G 2a00:ee2:68xx:xxxx::1/64       lan                                             no

When this is configured we should be able to ping some IPv6 addresses from our routers… As there is no advertising enabled everything in our network will remain calm and quiet waiting for further configuration.

IPv6 in Windows environment for beginners

Currently I am working on implementing dual-stack (so all servers and computers¬†will run on IPv4 and IPv6 at the same time)¬†in Windows envrironment with Active directory domain controlllers, other member servers (file server, DFS, SharePoint services…), Exchange server 2013, Lync/Skpye for business…

Purpose of¬†this post is to walk you through the obstacles and difficulties while implementing both protocols to work together…

So basicaly we need to know the folowing:

We have one (or more) public IPv4 addresses which we NAT in our private networks where we have our servers…
Our providers gives us some IPv6 prefix for “wan” interface of our router and over that there is a routed prefix which we will use internaly (you need to know there are public – or globaly routed IPv6 addresses inside your network – SO TAKE CARE of your Firewall roules (We will cover that later)).

Simple steps to implement dual stack is to:

a. Get IPv6 from your provider
b. Have a router that understands IPv6 ūüôā
c. Configure router advertisment on internal network with M (managed (this will force users to use DHCPv6 instead of autoconfiguring IPv6 (SLAAC)) and O (other configuration (this will point clients to DHCPv6 server to get DNS servers (your domain controllers IPv6 addresses)) flag
d. Configure DHCP server on your Windows server with DHCPv6 parameters (prefix, exclusions, DNS servers (called: 00023 DNS Recursive Name Server IPv6 Address)
e. disable DHCP client on servers that use static IPv4/IPv6 addresses (if you do not do that your servers will autoconfigure additional IPv6 addresses as told by RA…) You can use Powershell: Set-NetIPInterface ‚ÄďInterfaceIndex <number> -Dhcp Disabled