But I have no control over which client receives which IPv6 address.
If you use SLAAC, then you have little control over how they are assigned. There are still some addresses left in the segment, which means you can use a few static addresses for individual hosts and let the rest have automatically assigned addresses.
There are times when I want to identify and/or bandwidth manage certain clients, so I'd like to know who has which IP address.
The router knows which MAC address each IPv6 address is used by. So if the router has proper support, it should be able to manage all of this by MAC address rather than by IP address.
If I turn off RA and switch to IPv6 DHCP can I accomplish this by handing out certain IPv6 IPs to certain DUIDs?
Also how do I advertise the IPv6 DNS server? In my Mikrotik I can set it up so I can have clients query the Mikrotik router for DNS, but I'd like to have the clients go directly to an IPv6 DNS server. How can I configure the Mikrotik router to give out that info?
There are a few different ways it can be configured.
- Static configuration without any RA or DHCPv6. This would require you to manually configure each host.
- RA and SLAAC with no DHCPv6. Addresses are assigned either by MAC address or randomly. It is decided by each host, which method to use. You have little control over it. IPv6 address of DNS servers can be included in RA options, but this option may not be supported by everything yet.
- RA, SLAAC and DHCPv6. You can use SLAAC to assign addresses and query a DHCPv6 server just for some additional static configuration information, such as list of DNS servers.
- RA and DHCPv6. SLAAC is only meant for /64 networks. If you make your prefix longer than /64, SLAAC is disabled. (I think there is also a way to disable SLAAC on /64 prefixes. But if you don't want SLAAC, there isn't any major drawback from using a longer prefix). With SLAAC disabled you can use DHCPv6 for assigning addresses.
I'm not sure if you can combine SLAAC and DHCPv6 assigned addresses on the same segment. There certainly are enough addresses in a /64 to allow for both, but I am not sure if there is a way to let each host know, which of the two it is supposed to use.
And lastly, when I configure the Mikrotik's IPv6 DHCP client it doesn't seem to get a DHCP lease from HE. Is that normal?
The tunnel link is supposed to be statically configured, so there is no need to use RA, SLAAC or DHCPv6 on that link. I don't know if HE is going to respond to router-solicitation or DHCPv6 requests, if you do send them over the tunnel. I have never needed to send any of those on any of my tunnels.
Only ::1 and ::2 are mentioned as having a specific purpose on the tunnel link. AFAIK the entire range from ::2 through ::ffff:ffff:ffff:ffff is treated identical by the tunnel server. But the ::2 is pinged to verify that there is actually a tunnel endpoint responding.