IPv6 suddenly stopped routing correctly for no apparent reason.

I want to get on this thread too and I'm willing to help debug this for the greater good.  Going to need some input from the network XfinityCSA--SomethingOrOther.

One question is the /60 a correct setting for DHCPv6 Prefix Delegation size? Are we supposed to Use IPv4 connectivity as parent interface?  I have many more, but the documentation on it would be helpful. Is there a white paper that documents how Xfinity implemented their ipv6 routing scheme, and what settings we're supposed to use with it as an end user?

What happens?  Everything is jolly for a bit, sometimes for a day or two, and then.....you hit a wall and routing problems as the original post says.  I have full control of my gear, plus debugging capability and advanced configuration options (not a router), but I'd rather not guess settings by trial and error.  Sooner or later, you'll need the documentation anyway.

If possible, can we get XfinitySomethings to respond to this thread in public?  Keeping with the spirit of a helpful user Forum instead of DM's and blank answers?  We can help.  Save you both time and money spent, perhaps even trying to debug your own network and firmware.

One question is the /60 a correct setting for DHCPv6 Prefix Delegation size?

It was when I first set it up, and still seems to be delegating correctly now.  I’ve tried 56, 60 and 64 and none of them help with the external routing issue.

I came up with /60 as well after some trial and error.   You can also send an IPV6 prefix hint requesting delegation size, but I doubt it would work. 

Perhaps the issue lies with the lease renewal, and in the request options sent.  Some documentation would be helpful.  Having poorly configured devices on your network doesn't seem to be a benefit to me, and the information is not confidential or intellectual property.  Other providers do this.

We'll see how far we get.   

@Gelfin Get anywhere with Xfinity chat for documentation?  Guess that means it's up to us.  I've got pfsense box up, bridged netgear, client debug on.

I don't know your gear, or how it translates to your config file, but perhaps my config will help and you have similar settings.  Here's my current implementation to try to get it to work:

system --> advanced --> networking == set allow ipv6 (otherwise there's no show)

routing --> gateways == set default gateway ipv6 to WAN_DHCP6  (leave ipv4 configured)

firewall --> lan --> rules == create a rule to allow lan ipv6 to pass through to the internet.  That's just an any-any rule, same as a default ipv4 rule.

interfaces --> wan == in dhcp6 client config, set delegation size to /60, and send ipv6 prefix hint to request delegation size.  I also checked Request a IPv6 prefix/information through the IPv4 connectivity link because I think their ipv6 is boned.  IPV4 comes up first, IPV6 just sits there otherwise.

interfaces --> lan == change ipv6 config type to Track Interface

interfaces --> lan == (same page) IPv6 Interface select WAN and select 0 for IPv6 Prefix ID

Couple of freebsd/openbsd tunables I set too:

net.inet6.icmp6.nd6_onlink_ns_rfc4861 = 1

 net.inet6.ip6.accept_rtadv = 0

services --> DHCPv6 Server & RA == change router mode to RA Flags [managed, other stateful], Prefix Flags.  Router priority set to normal.

Then, reboot.  Should have both IPV4 and IPV6 on Lan and Wan interfaces.   The problem with this?  Well, as you said in the original post, it stops working.  I'll leave debug on to see if I can see what happens during the lease renew.  A good bet on where a problem could be.   I'm not using their DNS, have that set to cloudflare.

*EDIT:  Router mode has to be STATELESS RA Flags[other stateful] Router Flags[onlink, auto....

Also turned if getting IPV6 through IPV4.  Try to make it work the right way for debugging.

So the above config gets you connectivity, but SLAAC isn't RFC4941.

Xfinity care to explain their implementation?  We supposed to set Assisted/managed [other stateful]?

OK, it is the IPV6 lease getting wrapped around the axle.  It's supposed to go down like this:

That's not what happens.  I ask, and nobody answers after I send a release.  It can hang like this for quite some time:

This is also going to bone your client routing.  So, my workaround is a couple of things.  There's an advanced->networking setting for:

Prefer to use IPv4 even if IPv6 is available = yes

Also in the WAN interface ipv6 client --> Do not allow PD/Address release.  Fine, I won't send a release.  Ever.  I'm renewing at half the lease time anyway, that's supposed to keep the current one active, but since nobody is home quite often, I won't. 

Perhaps it's a work around.   See how long it stays up and working.