Skip to content
MikroTik RouterOS Docs

IPv6 Configuration

IPv6 Configuration

Section titled “IPv6 Configuration”

Overview

Section titled “Overview”

IPv6 is the successor to IPv4, providing a vastly larger address space (128-bit addresses vs. 32-bit) and eliminating the need for NAT on most networks. RouterOS 7 provides full IPv6 support including stateless address autoconfiguration (SLAAC), DHCPv6 with prefix delegation, neighbor discovery, and a dedicated IPv6 firewall.

This guide covers IPv6 address configuration, routing, router advertisements, DHCPv6 prefix delegation from an ISP, firewall basics, and dual-stack deployment. It includes a complete working example for a typical ISP setup delivering a delegated prefix.

IPv6 Address Types

Section titled “IPv6 Address Types”

IPv6 addresses are 128-bit values written as eight groups of four hexadecimal digits separated by colons. Consecutive groups of zeros can be compressed with :: (once per address).

Address TypePrefixDescription
Link-localfe80::/10Auto-generated on every interface; local segment only
Unique Local (ULA)fc00::/7Private, not globally routable (analogous to RFC 1918)
Global Unicast2000::/3Publicly routable; assigned by ISP or RIR
Loopback::1/128Equivalent to IPv4 127.0.0.1
Multicastff00::/8One-to-many; used by NDP, DHCPv6, routing protocols
Section titled “Link-Local Addresses”

Every IPv6-capable interface automatically generates a link-local address from its MAC address (EUI-64). These addresses are essential for neighbor discovery and are always present — you cannot disable them.

/ipv6 address print

Output (link-local shown with L flag):

Flags: D - dynamic, X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                         INTERFACE   ADVERTISE
 0 DL fe80::218:e7ff:fe32:ab01/64    ether1      no

The link-local address fe80::218:e7ff:fe32:ab01 was derived from the MAC address 00:18:e7:32:ab:01 using EUI-64.

Enabling IPv6

Section titled “Enabling IPv6”

Verify that IPv6 forwarding is enabled:

/ipv6 settings set forward=yes
/ipv6 settings print

Output:

     forward: yes
  max-neighbor-entries: 8192
  accept-redirects: yes-if-forwarding-disabled
  accept-router-advertisements: yes-if-forwarding-disabled

Important: accept-router-advertisements defaults to yes-if-forwarding-disabled. Once forwarding is enabled, the router stops accepting RAs on its own — it becomes a router, not a host. Configure /ipv6 nd to advertise to clients instead.

IPv6 Address Configuration

Section titled “IPv6 Address Configuration”

Adding a Static Global Address

Section titled “Adding a Static Global Address”

Assign a static global unicast address to an interface:

/ipv6 address add address=2001:db8:cafe::1/64 interface=bridge1 advertise=yes
  • address: IPv6 address with prefix length
  • interface: Interface to assign the address to
  • advertise: Whether to include this prefix in Router Advertisements (RA)

EUI-64 Address Generation

Section titled “EUI-64 Address Generation”

Use eui-64=yes to let RouterOS derive the host portion from the interface’s MAC address. Only supply the prefix:

/ipv6 address add address=2001:db8:cafe::/64 interface=ether1 eui-64=yes advertise=no

RouterOS fills in the interface identifier automatically. Useful on WAN interfaces where you receive a /64 prefix from the ISP.

Viewing Configured Addresses

Section titled “Viewing Configured Addresses”
/ipv6 address print

Output:

Flags: D - dynamic, X - disabled, I - invalid, G - global, L - link-local
 #    ADDRESS                         INTERFACE   ADVERTISE
 0 DL fe80::218:e7ff:fe32:ab01/64    ether1      no
 1  G 2001:db8:cafe::1/64            bridge1     yes

Address Properties

Section titled “Address Properties”
PropertyDescription
addressIPv6 address with CIDR prefix length
interfaceInterface to assign the address to
advertiseInclude prefix in Router Advertisements sent from this interface
eui-64Derive host part from interface MAC (supply only the prefix)
no-dadSkip Duplicate Address Detection (use only in controlled environments)
disabledDisable this address entry

IPv6 Routing

Section titled “IPv6 Routing”

Viewing the IPv6 Routing Table

Section titled “Viewing the IPv6 Routing Table”
/ipv6 route print

Output:

Flags: D - dynamic, X - disabled, A - active, C - connect, S - static, r - rip, b - bgp, o - ospf, d - dhcp
 #      DST-ADDRESS                      GATEWAY                     INTERFACE
 0 DAC  2001:db8:cafe::/64               bridge1                     bridge1
 1 DAC  fe80::/64                        ether1                      ether1
 2 DAS  ::/0                             fe80::1:1:1:1               ether1

Adding a Static Default Route

Section titled “Adding a Static Default Route”

In IPv6, the default gateway is typically the link-local address of the upstream router. Always use the link-local address as the next-hop on the WAN interface:

/ipv6 route add dst-address=::/0 gateway=fe80::1%ether1

The %ether1 suffix is required when specifying a link-local next-hop — it identifies which interface to reach the gateway through. Without it, RouterOS cannot determine which interface to use since link-local addresses are not unique across interfaces.

Adding Static Routes

Section titled “Adding Static Routes”
/ipv6 route add dst-address=2001:db8:beef::/48 gateway=fe80::2%ether1

Route Properties

Section titled “Route Properties”
PropertyDescription
dst-addressDestination prefix (::/0 for default)
gatewayNext-hop address; use address%interface for link-local
distanceAdministrative distance (lower = preferred, default: 1)
scopeRouting scope
disabledDisable this route

Router Advertisements and SLAAC

Section titled “Router Advertisements and SLAAC”

Router Advertisements (RAs) are the core of IPv6 address autoconfiguration. RouterOS sends RAs from the /ipv6 nd menu. Hosts use RAs to learn the default gateway and optionally configure their own addresses (SLAAC).

How SLAAC Works

Section titled “How SLAAC Works”
  1. Router sends RA with a prefix (e.g., 2001:db8:cafe::/64) and autonomous=yes
  2. Host combines the prefix with its own EUI-64 interface identifier
  3. Host configures address 2001:db8:cafe::218:e7ff:feXX:XXXX/64 automatically
  4. Host sets the router’s link-local address as its default gateway

SLAAC requires no server-side state — it scales to any number of clients.

Configuring Router Advertisements

Section titled “Configuring Router Advertisements”
/ipv6 nd add interface=bridge1 ra-interval=30s-60s managed-address-configuration=no other-configuration=no
/ipv6 nd print

Output:

 #   INTERFACE  RA-INTERVAL  RA-DELAY  RA-LIFETIME  HOP-LIMIT  REACHABLE-TIME  RETRANSMIT-TIME
 0   bridge1    30s-60s      1s        30m           64         unspecified     unspecified

ND Properties

Section titled “ND Properties”
PropertyDescription
interfaceInterface to send RAs on
ra-intervalMinimum and maximum interval between unsolicited RAs
ra-lifetimeHow long the router is valid as a default gateway (0 = not a default gateway)
managed-address-configurationM flag: clients should use DHCPv6 for addresses
other-configurationO flag: clients should use DHCPv6 for other info (DNS, etc.)
dnsDNS server addresses to advertise in RA (RDNSS)
reachable-timeTime a neighbor is considered reachable after confirmation
retransmit-intervalRetransmit interval for neighbor solicitations
hop-limitDefault hop limit advertised to hosts

Advertising DNS via RA (RDNSS)

Section titled “Advertising DNS via RA (RDNSS)”

Advertise DNS servers directly in the RA so clients do not need DHCPv6 for DNS:

/ipv6 nd set [find interface=bridge1] dns=2001:db8::53,2001:4860:4860::8888

ND Prefix Configuration

Section titled “ND Prefix Configuration”

Control which prefixes are included in RAs:

/ipv6 nd prefix add prefix=2001:db8:cafe::/64 interface=bridge1 \
    autonomous=yes on-link=yes preferred-lifetime=30m valid-lifetime=1h
/ipv6 nd prefix print
PropertyDescription
prefixIPv6 prefix to advertise
autonomousHosts may use SLAAC with this prefix (A flag)
on-linkPrefix is on-link; hosts can reach each other directly
preferred-lifetimeHow long addresses derived from this prefix are preferred
valid-lifetimeHow long addresses remain valid (should be longer than preferred)

SLAAC vs DHCPv6

Section titled “SLAAC vs DHCPv6”
FeatureSLAACDHCPv6 (Stateful)DHCPv6 (Stateless)
Address assignmentAuto from prefix + EUI-64Server assigns specific addressSLAAC for address
DNS deliveryRA (RDNSS)DHCPv6 optionDHCPv6 option
Address trackingNoneServer maintains leasesNone
M flag010
O flag011
ComplexityLowHighMedium
Use caseHome/simple networksEnterprise (address control)SLAAC + DNS via DHCPv6

M flag (Managed Address Configuration): When set, clients use DHCPv6 to get their IPv6 address.

O flag (Other Configuration): When set, clients use DHCPv6 to get configuration options (DNS, NTP) but may still use SLAAC for their address.

Stateless DHCPv6 (SLAAC + DHCPv6 for DNS)

Section titled “Stateless DHCPv6 (SLAAC + DHCPv6 for DNS)”

Set the O flag to direct clients to query DHCPv6 for DNS only:

/ipv6 nd set [find interface=bridge1] managed-address-configuration=no other-configuration=yes

Stateful DHCPv6

Section titled “Stateful DHCPv6”

Set the M flag to direct clients to use DHCPv6 for address assignment:

/ipv6 nd set [find interface=bridge1] managed-address-configuration=yes other-configuration=yes

DHCPv6 Prefix Delegation (ISP Setup)

Section titled “DHCPv6 Prefix Delegation (ISP Setup)”

Most residential and business ISPs deliver IPv6 via DHCPv6 Prefix Delegation (DHCPv6-PD). The ISP assigns your router a prefix (commonly a /56 or /48), which you then subdivide into /64 subnets for your internal networks.

How DHCPv6-PD Works

Section titled “How DHCPv6-PD Works”
  1. Router (as DHCPv6 client) requests a prefix from ISP
  2. ISP delegates e.g. 2001:db8:abcd::/56 to your router
  3. Router carves this into /64 subnets: 2001:db8:abcd:0::/64, 2001:db8:abcd:1::/64, etc.
  4. Router assigns one /64 to each LAN interface and advertises it via RA
  5. LAN hosts autoconfigure via SLAAC

Step 1: Request Prefix from ISP

Section titled “Step 1: Request Prefix from ISP”

Configure a DHCPv6 client on the WAN interface to request a prefix:

/ipv6 dhcp-client add interface=ether1 request=prefix pool-name=isp-pool add-default-route=yes
PropertyDescription
interfaceWAN interface facing the ISP
requestprefix requests a delegated prefix; address requests an address
pool-nameName of the local IPv6 pool that will store the delegated prefix
add-default-routeAutomatically add a default route via the DHCPv6 server

Verify the client received a prefix:

/ipv6 dhcp-client print

Output:

 #  INTERFACE  STATUS        PREFIX                    EXPIRES-AFTER
 0  ether1     bound         2001:db8:abcd::/56        23h59m

Step 2: Create IPv6 Pools from the Delegated Prefix

Section titled “Step 2: Create IPv6 Pools from the Delegated Prefix”

RouterOS automatically creates a pool named isp-pool with the delegated prefix. View it:

/ipv6 pool print

Output:

 #  NAME      PREFIX            PREFIX-LENGTH  EXPIRES-AFTER
 0  isp-pool  2001:db8:abcd::/56  64           23h59m

The prefix-length=64 means when addresses are assigned from this pool, each assignment gets a /64.

Step 3: Assign a /64 to Each LAN Interface

Section titled “Step 3: Assign a /64 to Each LAN Interface”

Use a dynamic address bound to the pool for each LAN interface:

/ipv6 address add interface=bridge1 from-pool=isp-pool advertise=yes

RouterOS automatically assigns the next available /64 from the pool and assigns it to bridge1. The address appears as dynamic:

/ipv6 address print

Output:

Flags: D - dynamic, G - global, L - link-local
 #    ADDRESS                         INTERFACE   ADVERTISE
 0 DL fe80::218:e7ff:fe32:ab01/64    ether1      no
 1 DG 2001:db8:abcd::/64             bridge1     yes
 2 DL fe80::218:e7ff:fe32:ab01/64    bridge1     no

Step 4: Configure Router Advertisements

Section titled “Step 4: Configure Router Advertisements”

RA sends the /64 prefix to LAN clients automatically because advertise=yes was set above. Verify and tune the ND settings:

/ipv6 nd add interface=bridge1 ra-interval=30s-60s managed-address-configuration=no other-configuration=no

LAN clients receive the prefix and configure their addresses via SLAAC.

Step 5: Configure IPv6 Firewall

Section titled “Step 5: Configure IPv6 Firewall”

See the IPv6 Firewall Basics section below.

Complete DHCPv6-PD Working Example

Section titled “Complete DHCPv6-PD Working Example”

This example configures a dual-stack router with:

  • ether1: WAN (DHCP from ISP for IPv4, DHCPv6-PD for IPv6)
  • bridge1: LAN bridge (192.168.88.0/24 + delegated IPv6 /64)
# --- WAN: IPv6 prefix delegation ---
/ipv6 dhcp-client
add interface=ether1 request=prefix pool-name=isp-pool add-default-route=yes comment="ISP DHCPv6-PD"


# --- LAN: Assign first /64 from pool to bridge ---
/ipv6 address
add interface=bridge1 from-pool=isp-pool advertise=yes comment="LAN IPv6 from ISP pool"


# --- Router Advertisements: SLAAC for clients ---
/ipv6 nd
add interface=bridge1 ra-interval=30s-60s managed-address-configuration=no other-configuration=no


# --- Enable IPv6 forwarding ---
/ipv6 settings
set forward=yes

After applying, LAN hosts receive a global IPv6 address automatically via SLAAC and can reach the internet.

IPv6 Firewall Basics

Section titled “IPv6 Firewall Basics”

IPv6 addresses are publicly routable — there is no NAT to hide internal hosts. A proper IPv6 firewall is essential. RouterOS provides /ipv6 firewall filter (equivalent to /ip firewall filter) for IPv6 traffic.

Critical: Do not block ICMPv6. IPv6 depends on ICMPv6 for neighbor discovery, path MTU discovery, and router advertisements. Blocking ICMPv6 breaks IPv6 connectivity. See RFC 4890 for guidance.

Required ICMPv6 Types

Section titled “Required ICMPv6 Types”
ICMPv6 TypeNameWhy It Must Be Allowed
133Router SolicitationHosts discovering routers
134Router AdvertisementRouters advertising prefixes
135Neighbor SolicitationIPv6 equivalent of ARP
136Neighbor AdvertisementIPv6 equivalent of ARP reply
137RedirectPath optimization
1Destination UnreachablePath MTU discovery
2Packet Too BigPath MTU discovery (critical)
3Time ExceededTraceroute, loop detection

Basic IPv6 Input Firewall (Protecting the Router)

Section titled “Basic IPv6 Input Firewall (Protecting the Router)”
/ipv6 firewall filter


# Accept established and related connections
add chain=input action=accept connection-state=established,related,untracked \
    comment="accept established/related"


# Accept all ICMPv6 (required for NDP, PMTUD, etc.)
add chain=input action=accept protocol=icmpv6 \
    comment="accept ICMPv6 (NDP, PMTUD, ping)"


# Accept DHCPv6 prefix delegation responses from ISP (link-local source)
add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 \
    comment="accept DHCPv6-PD from ISP"


# Drop invalid connections
add chain=input action=drop connection-state=invalid \
    comment="drop invalid"


# Drop everything else
add chain=input action=drop \
    comment="drop all other input"

Basic IPv6 Forward Firewall (Protecting LAN Clients)

Section titled “Basic IPv6 Forward Firewall (Protecting LAN Clients)”
/ipv6 firewall filter


# Accept established/related traffic
add chain=forward action=accept connection-state=established,related,untracked \
    comment="accept established/related forward"


# Accept ICMPv6 (required for PMTUD from WAN)
add chain=forward action=accept protocol=icmpv6 \
    comment="accept ICMPv6 forward"


# Drop non-routable addresses (link-local and multicast must not be forwarded)
add chain=forward action=drop src-address=fe80::/10 \
    comment="drop link-local src from forwarding"
add chain=forward action=drop dst-address=fe80::/10 \
    comment="drop link-local dst from forwarding"


# Drop invalid
add chain=forward action=drop connection-state=invalid \
    comment="drop invalid forward"


# Drop new connections from WAN to LAN (allow LAN-initiated only)
add chain=forward action=drop in-interface=ether1 connection-state=new \
    comment="drop unsolicited inbound from WAN"

IPv6 Address Lists for Filtering

Section titled “IPv6 Address Lists for Filtering”
/ipv6 firewall address-list
add list=no_forward_ipv6 address=fe80::/10  comment="link-local (RFC4291)"
add list=no_forward_ipv6 address=ff00::/8   comment="multicast (RFC4291)"
add list=no_forward_ipv6 address=::1/128    comment="loopback"
add list=no_forward_ipv6 address=::/128     comment="unspecified"

Use these lists in forward rules:

/ipv6 firewall filter
add chain=forward action=drop src-address-list=no_forward_ipv6 \
    comment="drop non-routable src"
add chain=forward action=drop dst-address-list=no_forward_ipv6 \
    comment="drop non-routable dst"

Dual-Stack Configuration

Section titled “Dual-Stack Configuration”

A dual-stack router runs IPv4 and IPv6 simultaneously. Clients use whichever protocol is available and preferred.

Complete Dual-Stack Example

Section titled “Complete Dual-Stack Example”
# === IPv4 Configuration ===
/ip dhcp-client add interface=ether1 disabled=no


/ip address add address=192.168.88.1/24 interface=bridge1


/ip dhcp-server
add name=dhcp-lan interface=bridge1 address-pool=dhcp-pool lease-time=1d


/ip pool add name=dhcp-pool ranges=192.168.88.10-192.168.88.254


/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade


# === IPv6 Configuration ===
/ipv6 settings set forward=yes


# Request delegated prefix from ISP
/ipv6 dhcp-client
add interface=ether1 request=prefix pool-name=isp-pool add-default-route=yes


# Assign /64 from pool to LAN
/ipv6 address
add interface=bridge1 from-pool=isp-pool advertise=yes


# Send Router Advertisements to LAN (SLAAC)
/ipv6 nd
add interface=bridge1 ra-interval=30s-60s managed-address-configuration=no


# === IPv6 Firewall ===
/ipv6 firewall filter
add chain=input action=accept connection-state=established,related,untracked
add chain=input action=accept protocol=icmpv6
add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10
add chain=input action=drop connection-state=invalid
add chain=input action=drop


add chain=forward action=accept connection-state=established,related,untracked
add chain=forward action=accept protocol=icmpv6
add chain=forward action=drop connection-state=invalid
add chain=forward action=drop in-interface=ether1 connection-state=new

Verifying Dual-Stack

Section titled “Verifying Dual-Stack”
# Check IPv4 address
/ip address print


# Check IPv6 address (should show global address from ISP pool)
/ipv6 address print


# Check IPv6 default route
/ipv6 route print where dst-address=::/0


# Ping IPv6 from router
/ping 2001:4860:4860::8888

Common Gotchas

Section titled “Common Gotchas”
Section titled “Link-Local Addresses Are Mandatory”

Link-local addresses (fe80::/10) are auto-generated and required for IPv6 to function. They cannot be removed. Always specify the interface when using link-local as a gateway:

# Wrong - ambiguous without interface
/ipv6 route add dst-address=::/0 gateway=fe80::1


# Correct - interface specified with % notation
/ipv6 route add dst-address=::/0 gateway=fe80::1%ether1

RA Flags (M and O) Must Match Your Setup

Section titled “RA Flags (M and O) Must Match Your Setup”

If you use SLAAC but set managed-address-configuration=yes (M flag), clients will try DHCPv6 for addresses and may fail if no DHCPv6 server is present:

# SLAAC only (no DHCPv6 server needed)
/ipv6 nd set [find] managed-address-configuration=no other-configuration=no


# SLAAC + DHCPv6 for DNS only
/ipv6 nd set [find] managed-address-configuration=no other-configuration=yes


# Full DHCPv6 (requires DHCPv6 server)
/ipv6 nd set [find] managed-address-configuration=yes other-configuration=yes

Forwarding Disables accept-router-advertisements

Section titled “Forwarding Disables accept-router-advertisements”

When /ipv6 settings forward=yes, the router no longer accepts RAs on its interfaces (it becomes a router, not a host). The default accept-router-advertisements=yes-if-forwarding-disabled means this changes automatically. The DHCPv6 client (/ipv6 dhcp-client) gets the default route instead.

Pool Addresses Are Dynamic

Section titled “Pool Addresses Are Dynamic”

Addresses assigned from a pool (from-pool=) are dynamic — they disappear if the DHCP client loses its lease. This is expected behavior. If you need a stable address on the LAN interface, combine a pool address with a ULA or manually set global address:

/ipv6 address add address=fd00::1/64 interface=bridge1 advertise=no

ICMPv6 Blocking Breaks Everything

Section titled “ICMPv6 Blocking Breaks Everything”

Do not use blanket drop protocol=icmpv6 rules. Neighbor Discovery Protocol (NDP) — the IPv6 replacement for ARP — runs over ICMPv6. Blocking ICMPv6 prevents hosts from resolving neighbors, breaks PMTUD, and disables router discovery.

Prefix Length Must Be /64 for SLAAC

Section titled “Prefix Length Must Be /64 for SLAAC”

SLAAC requires exactly /64 prefixes. If your ISP delegates a /48 or /56, you must subnet it into /64s before advertising via RA. RouterOS does this automatically when using from-pool with prefix-length=64.

No NAT for IPv6 (By Design)

Section titled “No NAT for IPv6 (By Design)”

IPv6 does not use NAT. Every host gets a globally routable address. Use the firewall forward chain to control inbound access instead of relying on NAT for security.

Troubleshooting

Section titled “Troubleshooting”

Clients Not Getting IPv6 Addresses

Section titled “Clients Not Getting IPv6 Addresses”

  1. Verify the router has a global IPv6 address on the LAN interface:

    /ipv6 address print

  2. Check ND is configured and sending RAs on the correct interface:

    /ipv6 nd print

  3. Verify the prefix is being advertised:

    /ipv6 nd prefix print

  4. Check the firewall is not blocking ICMPv6:

    /ipv6 firewall filter print

DHCPv6-PD Client Not Receiving Prefix

Section titled “DHCPv6-PD Client Not Receiving Prefix”

  1. Check client status:

    /ipv6 dhcp-client print

  2. Verify the WAN interface has a link-local address:

    /ipv6 address print where interface=ether1

  3. Check firewall input rules allow DHCPv6 (UDP port 546):

    /ipv6 firewall filter print

  4. Verify the ISP supports DHCPv6-PD (not all do — some use SLAAC or static assignment on WAN).

IPv6 Connectivity Works Locally But Not to Internet

Section titled “IPv6 Connectivity Works Locally But Not to Internet”

  1. Verify default route exists:

    /ipv6 route print where dst-address=::/0

  2. Test pinging the gateway link-local address:

    /ping fe80::1%ether1

  3. Check firewall forward chain is not dropping outbound traffic:

    /ipv6 firewall filter print chain=forward

  4. Verify IPv6 forwarding is enabled:

    /ipv6 settings print

Neighbor Discovery Not Working

Section titled “Neighbor Discovery Not Working”

  1. Check the neighbor table:

    /ipv6 neighbor print

  2. Verify ICMPv6 is not blocked at the firewall (types 135/136 for NDP).

  3. Check that link-local addresses are present on both the router and client interfaces.

Section titled “Related Features”
  • IP Addressing - IPv4 address configuration: /ip address
  • IP Routing - IPv4 and IPv6 route management: /ip route, /ipv6 route
  • DHCP - DHCPv4 server and client: /ip dhcp-server, /ip dhcp-client
  • Firewall Filter - Packet filtering rules: /ip firewall filter, /ipv6 firewall filter
  • PPPoE with IPv6-PD - Prefix delegation over PPP connections
  • 6to4 Tunneling - IPv6 over IPv4 tunnels: /interface 6to4

References

Section titled “References”
  • RFC 2460 — Internet Protocol, Version 6 (IPv6) Specification
  • RFC 4291 — IP Version 6 Addressing Architecture
  • RFC 4861 — Neighbor Discovery for IP version 6
  • RFC 4862 — IPv6 Stateless Address Autoconfiguration
  • RFC 3315 — Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
  • RFC 3633 — IPv6 Prefix Options for DHCPv6 (Prefix Delegation)
  • RFC 4890 — Recommendations for Filtering ICMPv6 Messages in Firewalls
  • RFC 4193 — Unique Local IPv6 Unicast Addresses