My ISP only provides connectivity as native IPv6 via prefix delegation (I get a very sticky /56 as long as I keep using the same DHCP DUID), with IPv4 done via DS-Lite.
How can I get high availability working in these circumstances? My thinking was to get both OPNSense instances configured to use the same DUID, the WAN interfaces to do DHCP to get prefix delegation and all other interfaces to generate their IPv6 via tracking - that way they should be getting IPv6 addresses in matching /64 subnets if the prefix IDs match.
I would then do router advertisements from those LAN interfaces using link local carp IPs, and clients should be getting advertisements from each OPNSense instance that advertise the same prefixes and gateway addresses.
I tried implementing this, but the network seems to collapse at random when both instances are online, whereas a single one seems to be stable.
Then there's the issue of DS-Lite: is there a way to connect and disconnect a GIF tunnel when an OPNSense instance transitions between being CARP master and backup?