I thought I'd revisit this topic in 26.1 to see if any new developments (maybe in and around dhcp6c?) can help here.
WAN is set to DHCPv6 with "Request prefix only" for IPv6. This gets distributed via RAs to clients doing SLAAC.
Problem: When either the lease is lost or the WAN flaps, this causes the RA daemon (radvd or dnsmasq) to send a message with preferred lifetime=0 to deprecate the prefix. The issue is that in many cases the prefix is not actually lost. It's just that the ISP has issued a reboot command to the modem, such as for periodic maintenance. When the modem comes back up and we get a new or renewed lease, the same prefix is given to OPNsense.
The problem now is that clients have already marked the prefix as invalid so even if they receive subsequent RAs for the same with new valid & preferred lifetimes, they refuse to generate new temporary addresses and the latest one remains in 'deprecated' state. The client falls back to the stable GUA for outbound connections, if it's available, else would lose IPv6 connectivity altogether.
A new temporary address is never created until/unless the client interface is reset or the client is rebooted.
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 24:xx:xx:xx:77:cd brd ff:ff:ff:ff:ff:ff
inet 172.21.30.100/24 brd 172.21.30.255 scope global dynamic noprefixroute br0
valid_lft 74228sec preferred_lft 74228sec
inet6 2601:xx:xxxx:3163:423d:7f49:624f:8fb2/64 scope global temporary deprecated dynamic
valid_lft 86379sec preferred_lft 0sec
[...]
inet6 2601:xx:xxxx:3163:xxxx:xxx:xxxx:xxx/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86379sec preferred_lft 86379sec
inet6 fe80::xxxx:xxxx:xxxx:fb89/64 scope link noprefixroute
valid_lft forever preferred_lft forever
'radvd' has an option 'DeprecatePrefix' which can be turned off, but this doesn't help in this scenario. It only prevents the prefix deprecation when the RA daemon (or OPNsense) is being shut down or restarted.
OPNsense has an option under Interfaces->Settings (advanced mode)->Prevent release, but this only tells the ISP to hold the lease.
My question is, does 26.1 bring any additional capabilities that we can leverage to stabilize the prefix on WAN for transient events like modem power loss or reboots? I'm thinking we could have an option to tell the system that it should not drop prefixes from the interfaces within some configurable interval, say 5 minutes, in case the same prefix is seen again shortly? That way the RA daemons won't notice its temporary loss and won't send a deprecation event.
Thoughts?
tl/dr; we are missing an option to prevent RA daemons from prematurely deprecating a prefix that is still active but has been temporarily dropped from interfaces due to some power loss event or modem reboot.
I use my own daemon for this, which proxies the router advertisements from the ISP.
That means there is no truth besides the ISP, but it also means you won't have IA_PD and DHCPv6. You proxy the same SLAAC on-link prefix to all interfaces. (only SLAAC means no DHCPv6 quirks)
I never have any issues even if the WAN is flakey since it's transparent.
https://docs.opnsense.org/manual/ndp-proxy-go.html
Just an alternative approach to this all.