It seems also some services identify HE to act like a VPN (that's what the block information suggests, I guess). Therefor it's also not possible to use HE for Netflix, as they don't (want to) allow VPN. Forgot the technical term for this. Not much one can do about it, unfortunately.

Per a test run at URL http://www.solvedns.com/dnsspeedtest/he.net, it appears as if you don't have any anycasted versions of your hosting domain servers in the "Oceania" part of the world (Australia, New Zealand, and associated Southwest Pacific islands).

Most locations in the speed test do have a response less than 10ms, but the Sydney, Australia location comes in over 140ms for all 5 virtual servers (over 200ms for ns1).  However, your network map does show peering points in both AU and NZ.

Any plans to add additional anycasted DNS hosting servers in Australia, New Zealand, or places nearby?  Sydney suggested (per your current network map)....

In my home network I have a EdgeRouter 4 connected to a SonicWall TZ600 firewall. The SonicWall is "core" of my network, it connects to my cable modem via its X1 interface. My internal network is connected to the X0, X3, X4 interfaces that are configured as shared switch ports. The ER4 eth0 interface is connected to the X2 interface of the SonicWall. The ER4 is I have OSPFv2 and OSPFv3 running between the SonicWall and ER4. All of the IPv4 routing works as expected.  I also have a 4 VM Cumulus BGP Spine/Leaf setup that is using OSPF and OSPFv3 with the SonicWall on a VLAN sub-interface X0.123 via one of the virtual leaf VMs.

I am getting a /56 prefix delegation from my ISP and I have broken this up into various /64 networks.  I also have a /64 prefix HE Tunnel interface on the ER4 that I have excluded from OSPFv3.

The issue I am having is that as soon as I put an non-Link Local IPv6 address on one one of the ER4 interfaces or Cumulus VM interfaces that is not physically also on SonicWall all IPv6 traffic that hits the SonicWall is routed to the interface that has the non-Link Local IPv6 address. Looking at the IPv6 routes that I get via OSPFv3 on the SonicWall I just get a route for the /64 network of the address I bind to the interface on the ER4 or Cumulus routers.

I have IPv6 RA enabled on the SonicWall but disabled on the ER4 and Cumulus interfaces. I am advertising both connected and learned routes on both the SonicWall, ER4 and Cumulus. I have a default route ::/0 on the SonicWall going to my ISP IPv6 gateway.

I have tried putting a static route ::/0 on the ER4 to the SonicWall X2 interface address.

I can't seem to get IPv6 routing to work. The only thing I have not done is disable OSPFv3 and put in static routes.

I have no idea what is going on I welcome any suggestions or ideas that might help.  IPv4 throughout this setup works perfectly. 

I'm also having this problem, my IPv6 IP (from the Los Angeles tunnel broker) is geolocating to China/Hong Kong

firewall,info forward: in:6to4-tunnel2he out:6to4-tunnel2he

Everyone gets a /64 by default.  If you don't need it, don't use it.

today, somebody decide to scan my not usable routed /64 prefix. I dont't use it and don't have specific route for it. the packet arived to my router, router lookup up in routing table for /64 prefix and send it to default route, back to you 1/128 then there is a route loop....

Hi. I recently create 6to4 tunnel and get Routed /64 Routed /48 Prefixes in Tunnel Details. I have 8 subnets that's because i choose Routed /48. and i don't understand what is the Routed /64? why you give me that? In /48 i have many /64

Use the routed /64 reverse.  Example:

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.d.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 1d IN PTR snarked-1.subnet.ipv6.he.net.

;; ANSWER SECTION:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.3.3.0.a.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN PTR tunnel61427-pt.tunnel.tserv14.sea1.ipv6.he.net.

how do I proceed ?