Router delegates 2 IPv6 Prefixes to OpenWRT

Mic2026 · March 21, 2026, 2:28pm

Hello everyone,

I've now enabled IPv6 prefix delegation (IA_PD and IA_NA) in my router (Fritz!Box) and also configured it in OpenWRT on my NanoPi R5S. I've manually set a prefix length of /58 in OpenWRT WAN6. The length of /57, which should actually work, only results in a /58 prefix.

However, when the NanoPi is connected, I see that two prefixes are being delegated in my router. It seems as if OpenWRT is requesting two prefixes, but I can't find any device using the additional /62 prefix.

Is this normal behavior for OpenWRT to reserve a second prefix, or have I made a mistake in my configuration?

Thank you for your support.

Regards,
Mic.

Mic2026 · March 21, 2026, 2:29pm

I am allowed to upload only one picture in one post in this foum. Here is the second one I wanted to show:

alexq · March 21, 2026, 2:42pm

2nd prefix (fd00:) is the ULA (Unique Local Address) IPv6 prefix, which works similarly to private IPv4 address ranges like 192.168.x.x: it's an internal IPv6 prefix automatically generated by your router. If you don't need it, you can disable it in LuCI → Network → Interfaces → Global Network Options and just remove range.

I have disabled ULA on my router because I currently have no use cases that require it (+ see this thread). Instead, I use the GUA (Global Unicast Address) IPv6 prefix provided by my ISP for my network (2001: address in your screenshot)

lleachii · March 21, 2026, 3:42pm

You must have the WAN interface set to obtain a prefix from both local (ULA) and WAN6.

Mic2026 · March 21, 2026, 5:02pm

Hello,

Thank you for your feedback. Both prefixes delegated by the Fritz!Box start with 2001:. Shouldn't a delegated ULA prefix start with something like fd00:? Does it really have something to do with ULA?

Furthermore, I'm surprised that the second delegated prefix is a /62 prefix. Where does this number come from?

I've read in some places online that ULA shouldn't be used. However, I've been using it in my network for several years now, including for my local DNS and Docker containers. My GUA prefix also changes every night. That wouldn't be a stable address on the local network.

In OpenWRT, I defined a ULA prefix for further delegation as fd85:1234:5678:.

Thanks and regards,
Mic.

mk24 · March 21, 2026, 5:40pm

It looks normal except upstream is also issuing a ULA prefix starting with fd00:. That really isn't useful for much since ULAs are by definition local.

A good ISP should reserve the same GUA prefix for a customer as long as they stay connected. Changing the GUA every night requires the customer to re-issue addresses throughout their network.

Mic2026 · March 21, 2026, 6:08pm

Hi @mk24,

I'm not quite sure what you're trying to tell me. As I said, the two delegated prefixes I see in the Fritz!Box are both 2001: prefixes, so in my opinion, they're not ULAs (like fd80:).

The fact that the IPv6 GUA prefix changes every 24 hours is normal for DSL connections in Germany. The global IPv4 address also changes (though this doesn't happen very often due to a lack of alternatives).

But back to my question: Is it normal, and not a bug, that two prefixes are delegated to OpenWRT? Where does the /62 value of the second prefix come from, and where is it used?

Regards,
Mic.

bluewavenet · March 21, 2026, 7:24pm

In fact you should see at least three addresses each with its own prefix :

ULA (Unique Local Address) - beginning with fdxx:. This is defined in the network config. It is used for many things, including local routing so should not be disabled, even if you think you don't need it. It has a /64 subnet
LLA (Link Local Address) - beginning with fe80:. This is a special address and is associated with the physical interface aka "link". Also used for local routing. Should NEVER be disabled. It has a /64 subnet.
GUA (Global Unicast Address) This address is valid on the Internet and is an address within the prefix delegated by your isp. It has a /64 subnet.

Rather than looking at the Luci summary page it is better to SSH into the router and run:

ip -6 addr

ifstatus wan6

and

ifstatus lan

These commands will give you the full story.

_bernd · March 21, 2026, 11:41pm

Don't redact addresses to hard. nobody can help you.
Leave the two alpha digits BEFORE the slash in the prefix readable. Thanks.

Edit ps and of course a IPv6 routing table of the OpenWrt would help too.

Mic2026 · March 22, 2026, 1:12pm

Hello @bluewavenet,
Hello @mk24,

yes, you are right. Because the IPv6 prefixes change every 24 hours I can post the uncovered text here.

What you see is that two GUA prefixes are deligated in case I connect my NanoPi R5S with OpenWRT. The prefix ending with :1380 is really used for br-lan and downstream devices connected to LAN1 or LAN2. But where is the prefix ending with :13fc used? Is this used to create local ULA addresses in OpenWRT?

Here is the additional information you requested:

root@OpenWrt:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd00::abcd:abcd:abcd/64 scope global dynamic noprefixroute
       valid_lft 7154sec preferred_lft 3554sec
    inet6 2001:xxxx:xxxx:xxxx:abcd:abcd:abcd/128 scope global dynamic noprefixroute
       valid_lft 6700sec preferred_lft 3100sec
    inet6 fe80::abcd:abcd:abcd/64 scope link
       valid_lft forever preferred_lft forever

5: br-lan: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 state DOWN qlen 1000
    inet6 2001:xxxx:xxxx:xxxx::1/64 scope global dynamic noprefixroute
       valid_lft 6700sec preferred_lft 3100sec
    inet6 fdxx:xxxx:xxxx::1/64 scope global noprefixroute
       valid_lft forever preferred_lft forever
    inet6 fe80::abcd:abcd:abce/64 scope link
       valid_lft forever preferred_lft forever

root@OpenWrt:~# ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 507,
        "l3_device": "eth0",
        "proto": "dhcpv6",
        "device": "eth0",
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,

        "ipv4-address": [
        ],

        "ipv6-address": [
                {
                        "address": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd",
                        "mask": 128,
                        "preferred": 3083,
                        "valid": 6683
                },
                {
                        "address": "fdxx:xxxx:xxxx:abcd:abcd:abcd",
                        "mask": 64,
                        "preferred": 3537,
                        "valid": 7137
                }
        ],

        "ipv6-prefix": [
                {
                        "address": "2001:xxxx:xxxx:xxxx::",
                        "mask": 58,
                        "preferred": 3083,
                        "valid": 6683,
                        "class": "wan6",
                        "assigned": {
                                "lan": {
                                        "address": "2001:xxxx:xxxx:xxxx::",
                                        "mask": 64
                                }
                        }
                }
        ],

        "ipv6-prefix-assignment": [
        ],

        "route": [
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 7137,
                        "source": "::/0"
                },
                {
                        "target": "fdxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 7137,
                        "source": "::/0"
                },
                {
                        "target": "fdxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "::/0"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "2001:xxxx:xxxx:xxxx::/58"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "fdxx:xxxx:xxxx:abcd:abcd:abcd/64"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd/128"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "2001:xxxx:xxxx:xxxx::/58"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "fdxx:xxxx:xxxx:abcd:abcd:abcd/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1737,
                        "source": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd/128"
                }
        ],

        "dns-server": [
                "fdxx:xxxx:xxxx:abcd"
        ],

        "dns-search": [
        ],

        "neighbors": [
        ],

        "inactive": {
                "ipv4-address": [
                ],
                "ipv6-address": [
                ],
                "route": [
                ],
                "dns-server": [
                ],
                "dns-search": [
                ],
                "neighbors": [
                ]
        },

        "data": {
                "passthru": "MASKED_HEX_DATA"
        }
}

root@OpenWrt:~# ifstatus wan6
{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 514,
        "l3_device": "eth0",
        "proto": "dhcpv6",
        "device": "eth0",
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,

        "ipv4-address": [
        ],

        "ipv6-address": [
                {
                        "address": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd",
                        "mask": 128,
                        "preferred": 3076,
                        "valid": 6676
                },
                {
                        "address": "fdxx:xxxx:xxxx:abcd:abcd:abcd",
                        "mask": 64,
                        "preferred": 3530,
                        "valid": 7130
                }
        ],

        "ipv6-prefix": [
                {
                        "address": "2001:xxxx:xxxx:xxxx::",
                        "mask": 58,
                        "preferred": 3076,
                        "valid": 6676,
                        "class": "wan6",
                        "assigned": {
                                "lan": {
                                        "address": "2001:xxxx:xxxx:xxxx::",
                                        "mask": 64
                                }
                        }
                }
        ],

        "ipv6-prefix-assignment": [
        ],

        "route": [
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 7130,
                        "source": "::/0"
                },
                {
                        "target": "fdxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "::",
                        "metric": 256,
                        "valid": 7130,
                        "source": "::/0"
                },
                {
                        "target": "fdxx:xxxx:xxxx::",
                        "mask": 64,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "::/0"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "2001:xxxx:xxxx:xxxx::/58"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "fdxx:xxxx:xxxx:abcd:abcd:abcd/64"
                },
                {
                        "target": "2001:xxxx:xxxx:xxxx::",
                        "mask": 56,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd/128"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "2001:xxxx:xxxx:xxxx::/58"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "fdxx:xxxx:xxxx:abcd:abcd:abcd/64"
                },
                {
                        "target": "::",
                        "mask": 0,
                        "nexthop": "fe80::abcd:abcd:abcd",
                        "metric": 512,
                        "valid": 1730,
                        "source": "2001:xxxx:xxxx:xxxx:abcd:abcd:abcd/128"
                }
        ],

        "dns-server": [
                "fdxx:xxxx:xxxx:abcd"
        ],

        "dns-search": [
        ],

        "neighbors": [
        ],

        "inactive": {
                "ipv4-address": [
                ],
                "ipv6-address": [
                ],
                "route": [
                ],
                "dns-server": [
                ],
                "dns-search": [
                ],
                "neighbors": [
                ]
        },

        "data": {
                "passthru": "MASKED_HEX_DATA"
        }
}

Regards
Mic.

BrightCandle · March 22, 2026, 3:11pm

I am not sure if what I saw is the same issue you are running into but with the first beta of the 25.12 there was the introduction of a new PrefixDelegation setting under interfaces >> Lan > DHCP server > DHCPv6 Settings called DHCP6-PD, this had a prefix size of 62 and some devices were being assigned devices from that. I don’t really understand why this exists or how it differs from the prefix delegation that appears to work based on the settings provided by the ISP to the WAN interface, but I found turning this setting off got rid of the extra 2001:: addresses that had the incorrect network prefix size. I posted about it the odd addresses in the thread for that service release but I didn’t explain it until the second release and worked out how to get rid of them.

What I found even odder about these addresses is when I integrated the machines themselves they were not aware they had this address, so in some regard they were nonfunctional as well.

_bernd · March 22, 2026, 4:41pm

You still over redact your prefixes and address.
If you are not Snowden turn please stop the theater and give proper feedback to questions asked.

And no. Addresses from 2001::/3 are global and fc00::/7 is ula. Two totally disjuncted networks.

Mic2026 · March 22, 2026, 6:03pm

Hi @_bernd,

I'm afraid I still don't understand your question, and I don't see any new questions from you.

I answered your question about IP prefixes and—as you just discovered—confirmed that your assumption that the second delegated prefix is for ULA is incorrect. So what is it for then? OpenWRT obviously behaves differently here than other router software (pfSense, OpenSense).

Regards,
Mic.

Mic2026 · March 22, 2026, 6:07pm

Hi @BrightCandle,

Thank you for your feedback. That's a good approach to explore. Where exactly in LuCI can I find the option you described? I found an option for IPv6 prefix delegation in the "br-lan" interface. However, if I disable it (remove the checkmark), downstream devices don't get an IPv6 address at all. Perhaps you're referring to a different option.

Thanks and regards,
Mic.

BrightCandle · March 22, 2026, 7:04pm

Network menu interfaces

br Lan click edit.

DHCP server tab and then sub tab DHCPv6 Settings

The option is called DHCPv6 PD

Should be selected on by default and the PD minimum length defaults to 62.

I have set in the Wan-6 general settings Request IPv6 Prefix and that correctly identifies my ISP setup and seems to configure things correctly. It shows underneath the setting what it is using.

bluewavenet · March 22, 2026, 7:58pm

Can I assume this image is from a Luci screenshot?

It is very misleading, maybe incorrect, possibly a bug in Luci along the lines @BrightCandle was saying. I don't use Luci, so I have never seen this.

By the way, you repeated the ifstatus wan6 output and still redacted too much as @_bernd said.

Can you show the ifstatus lan output please?

For example, it should look something like the following, which is the important bit from the output on my test network:

	"ipv6-prefix-assignment": [
		{
			"address": "fd39:2821:bf83:c::",
			"mask": 64,
			"preferred": 80,
			"valid": 43134,
			"local-address": {
				"address": "fd39:2821:bf83:c::1",
				"mask": 64
			}
		},
		{
			"address": "2a0d:3344:1d9:3c0c::",
			"mask": 64,
			"preferred": 80,
			"valid": 230,
			"local-address": {
				"address": "2a0d:3344:1d9:3c0c::1",
				"mask": 64
			}
		},
		{
			"address": "fd46:cfe5:34c5:ddd6::",
			"mask": 64,
			"local-address": {
				"address": "fd46:cfe5:34c5:ddd6::1",
				"mask": 64
			}
		}
	],

Here you will see I only have one GUA with mask 64.
I also have two ULA's (specific to my use case), both mask 64.

Note the first line that I show:

	"ipv6-prefix-assignment": [

This is an ASSIGNMENT, for br-lan in this case.
It is NOT an available prefix range, that would be seen in the output of ifstatus wan6

Lets look at your ifstatus wan6 output.

Mic2026:

        "ipv6-prefix": [
                {
                        "address": "2001:xxxx:xxxx:xxxx::",
                        "mask": 58,
                        "preferred": 3083,
                        "valid": 6683,
                        "class": "wan6",
                        "assigned": {
                                "lan": {
                                        "address": "2001:xxxx:xxxx:xxxx::",
                                        "mask": 64
                                }
                        }
                }
        ],

        "ipv6-prefix-assignment": [
        ],

Here you can see that wan does not have any prefix assignments.
BUT it does have a /58 block available for sub delegation for downstream /64 assignments for use if you daisy chain more routers. Each downstream daisy-chained router would take a /64 assignment for its lan, passing the remainder for use further downstream.
As you can see, the address space is immense.

You can see, the /62 prefix in your image does not seem to appear in any of your command line outputs.

Mic2026 · March 22, 2026, 9:07pm

Hello @bluewavenet.

The screenshot displaying the delegated prefixes is from my Fritz!Box Router located "upstream" from the NanoPi with OpenWRT. The GUI fo the Fritz!Box shows the two prefixes.

Internet --> Fritz!Box ---> NanoPi (OpenWRT) --> other devices

Hello @BrightCandle.

Do you mean these settings in LuCI in interface "br-lan"?

If I disable it, the downstream device seems not to get any IPv6 address from OpenWRT.

Regards
Mic.

bluewavenet · March 22, 2026, 9:15pm

Can you show the ifstatus lan output please?
I don't use Luci at all, so that page means little if anything to me.

Your ip -6 addr and ifstatus wan6 outputs appear perfectly as expected....

_bernd · March 22, 2026, 10:22pm

No I think I'm totally aware that you see more then one delegated prefix from 2000::/3. That's why I have asked you to not redact the last two bytes of each prefix.
So someone might be able to actually answer your question why and what....

bluewavenet · March 23, 2026, 9:22am

@Mic2026
For reference, this link is a good starting point:
IPv6 Address Types

Particularly, see the "IPv6 prefixes" section of the web page.