So I've just got fibre installed and I have my router connected directly to the fibre termination box and it works over PPPoE. I've also got IPv6 working on all devices.
In the WAN interface settings I have 'Obtain IPv6 address' set to 'Automatic' and therefore a virtual dynamic interface is up. That virtual interface has a IPv6 PD address with a /56 mask. On the wan interface, I've enabled the setting for 'Delegate IPv6 prefixes'. All DHCPv6 (RA, NDP, DHCPv6) & designated master on WAN is disabled. 'IPv6 assignment length' is disabled.
On the LAN interface, I have designated master disabled, 'RA-service' and 'DHCPv6-Service' in 'server mode'. 'NDP-Proxy' is in hybrid mode. IPv6 RA settings has flags 'O' (other config) & 'M' (managed config). I have disabled SLAAC.
This all works. But I have questions because I don't understand why this works. Do I want SLAAC? Could I have DHCPv6 on LAN in relay mode and then set server mode on the WAN interface (would this be the same as it is now)? Do I want designated master enabled on either LAN or WAN?
Can we simplify this by separating the ipv6 routing/DHCP/NAT/DNS stuff from the prefix delegation stuff?
Regarding prefix delegation specifically. On downstream interfaces from your interfaces where you have had an upstream ipv6 prefixe delegated to you. Or you're the primary router for the ipv6 prefix, in case of ULA:
For each downstream interface. i.e. lan, etc. (And then if you delegate again in case you will have more routers downstream of you)
For example this is my management network. I get a /56 from upstream and hav eset that to delegate. On my management network I then allow prefix delegation again as I want my downstream routers to be able to be ipv6 routers themselves if they request one.
I don't need to filter which prefix to assign to this network as I only have two upstream. My ULA and my public.
I don't care about a suffix as I use DNS names and my network is small. But if I set it per the description I would get an easily memorable thing in case I was typing, or looking at addresses and needed to identify what network they were.
Then final is to get the order right when assigning prefixes? i.e. to get the ordering right? I haven't messed with this one either. But in case you want an interface lower in the list. i.e. first /60 to one interface, then another etc.
Primary router. One can see that we have two interfaces where I have enabled prefix delegation. A third not.
And we have the top assigned first. Then the third interface now has a :6c10::1 rather than 6c00::1 and then for the ULA we have ::1 on the first interface and ::1 and then :10::1
And here's a downstream router using a DHCP client with PD enabled. I get a /62 from the pool that I got from br-lan.1 on the upstream router. Note that the PD is 6c04::/62 which is from 6c00::/60
Designated master, RA relay, DHCPv6 relay, and NDP relay are all related to the special case where you only have a single /64 routed to your line from the ISP. This is the case with 4G/5G LTE and some really bad wireline ISPs. Since you have a real prefix you should not be using any of the above.
In conventional delegation, each LAN gets part of the prefix found on WAN. For example a /56 can be broken up into 16 /60s. The LAN takes an IP (by default ::1) out of the zeroth /64 in its prefix and advertises that /64 in its RA packets. LAN devices that choose to use SLAAC will randomly choose the last 64 and send an NDP probe to confirm that the address is not in use. If no matching neighbor replies, it starts using that IP. There is nothing the router can do to prevent a device from using SLAAC other than not advertise a prefix in RA, which seems to not be possible with OpenWrt.
The ra_flags are used to advise LAN devices that they can make a DHCPv6 request to obtain a router-assigned (stateful) IP address and/or a prefix to delegate. This is only advisory and some devices make the request anyway regardless of the flags.
Of note is that the Android OS never uses DHCPv6, it only uses SLAAC. Home networks typically don't need DHCPv6 address assignment, since all endpoint OSs support SLAAC.
