Mikrotik: HE tunnel + ISP's Native /64 weirdness

[wrtpoona]

My ISP provides a /64 prefix via DHCPv6 on the pppoe-out interface which I enable and configure to set a default route. I offer this via SLAAC on the LAN bridge0 interface and LAN clients receive a GUA from the /64 and IPv6 works.

I wished to use HE's routed /64 as a secondary IPv6 route with a much higher routing metric / distance.

This is the suggested configuration by HE:

Code Select Expand

/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1
This is what I setup on my router which receives a /64 (sadly no /56) via a PPPoE tunnel from my ISP:

Code Select Expand

/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1
I only change distance=15 since that is the only routing parameter used on this router for its 3 WAN uplinks.

But when the tunnel's sit0 interface goes up, LAN clients lose connectivity.
I have confirmed that disabling HE's suggested route fixes IPv6 connectivity:

Code Select Expand

/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
Shouldn't my ISP provided IPv6 connectivity continue to work since it has a routing distance of 1, compared to 15 for the HE route?

[wrtpoona]

I tested this some more and the issue appears to only affect failing over to the HE.net tunnel route.

• Disabled HE's suggested (2000::/3) route with a default gw (::/0) instead, assigned it a distance of 2.
• Instead of trying to route the standard /64 prefix, I took a /64 from the /48 HE assigns and announced it via bridge0.

Here's what I found:
If I disable the pppoe-out1 interface and reboot the router, the HE.net tunnel works
If pppoe-out1 is now brought online, it moves LAN clients off the HE.net tunnel, as expected.

However, if I now disable pppoe-out1, the HE.net tunnel takes 10-15 mins to switch to / come online for LAN clients, all IPv6 traffic fails without any ICMP messages for ping etc.
Happy to hear any tips to troubleshoot this :/