I've been searching for a good solution for this for a while now, so I thought I would finally ask about it here.
Here is my scenario as it is currently laid out:
- Primary internet (wan) on cable internet with Verizon LTE home gateway backup (wanb) in bridge mode
- Primary provides native IPv6 with PD (/56)
- Secondary provides only /64 without PD (it's LTE - this is not fixable)
- MWAN is enabled for IPv4 interfaces, disabled for IPv6 at the moment
Since the LTE secondary is only for backup and will only be used if the primary is down, I want to keep my native IPv6 from the cable provider and only route v6 traffic through the backup if there's a failure. I'm trying to prevent full-on NAT6 due to multihoming without BGP.
I've tested multiple scenarios related to v6 routing without nat6 - permutations of allowing PD through the wan interface while trying to do numerous different tests to see if I could also present addresses from the backup /64 while doing policy routing and translation, but that's been insane and I recognize that I'm insane for trying to make it so complicated.
So I got the idea - what if I enabled masq6 outbound only on the LTE interface so that during outages, I still get ipv6 but in a 'degraded' state, of sorts. I am not certain how the primary's GUA addresses will react to losing the upstream, I'm not versed enough on IPv6 to know if routes get withdrawn in a way that takes precedence over other routing. I suspect that this won't matter if OpenWRT is sending RAs with default gateway set to forced so it always advertises itself as default - even if there's only link-local addressing theoretically I might still be able to figure out a way to route outbound v6 until I get the primary back and the PD starts distributing addresses again.
I just upgraded to 22.03 so I'm not quite certain how to enable masq6 on a single outbound interface - i'm not so well versed with nft vs ipt and there's no easy way to do this ass-backwards configuration in LUCI.
Does anyone have any configuration suggestions or better ideas for me? As it stands, my backup is not really used enough to pursue this much more than I already have -- it was just a problem and it was bugging me that I hadn't figured it out. If i'm down, the IPv4 backup with the small lag of ipv6 timeouts is acceptable... I'm just being the stereotypical IT geek that gets bugged by things not working.