IPv6 connectivity
At this writing, the home network infrastructure has 2 ISP connections. One from Comcast/Xfinity, the other from Allo Communications. Comcast supplies IPv4 and IPv6. Allo only provides IPv4, and if it does have plans to provide IPv6, they have not been well communicated. Plans are in progress to shut down the Comcast service, meaning no more native IPv6 for the home network.
Comcast/Xfinity
Directly connected system (router/firewall) interface config
First time manual run of DHCPv6 client needs to request a prefix and give a prefix length hint. So do something like dhclient -6 -P --prefix-len 60 enp67s0. This will also initialize the default-duid parameter in the DHCP leases file. In order to get the same IPv6 prefix after a restart, saving this is important. It can be copied from one system to another in case of hardware replacement.
Add the following in the appropriate /etc/network/interfaces.d/interface file:
iface enp67s0 inet6 dhcp
accept_ra 2
autoconf 1
dhcp 1
privext 0
request_prefix 1
post-up /usr/sbin/ip -6 rule add table ipv6-he-tunnel from 2001:470:3924::/48 table ipv6-he-tunnel || true
post-up /usr/sbin/ip -6 route add table ipv6-he-tunnel default nexthop via inet6 fe80::baca:3aff:fe5e:d848 dev bond0.1000 || true
post-up /usr/sbin/systemctl restart radvd || true
post-down /usr/sbin/ip -6 route del table ipv6-he-tunnel default nexthop via inet6 fe80::baca:3aff:fe5e:d848 dev bond0.1000 || true
post-down /usr/sbin/ip -6 rule del table-ipv6-he-tunnel from 2001:470:3924::/48 || true
post-down /usr/sbin/systemctl stop radvd || true
The routing rules and table stuff are related to policy routing, needed when multiple upstream ISPs are involved. request_prefix is important here to ask the upstream DHCP server for a number of subnets to share with the internal networks. The actual result is that the DHCPv6 client gets the "-P" flag when it is run.