Combine NPTv6 with DHCPv6-PD (Flash Renumbering)

Hi there, I’m trying to set up IPv6 with my ISP, who support it using DHCPv6-PD with a SLAAC address for the WAN interface. When I initially set it up with DHCPv6-PD to several internal interfaces using router advertisements (SLAAC), it seemed to work flawlessly, but after about a day I noticed that several of my devices were failing to connect to the internet. After some troubleshooting, it appears that the ISP had changed my DHCPv6-PD prefix, and I even confirmed that for every DHCPv6-PD renewal (even with the same DUID), the ISP hands out a different prefix. Because I had set up SLAAC on the internal interfaces with long validity times, each device would start to collect multiple addresses with different prefixes, and would continue to use old ones which the ISP no longer considered valid, and thus devices failed to connect or took a while and failed over to IPv4. I’ve shortened the SLAAC validity significantly (to just a few minutes) and disabled IPv6 on some networks, but neither are particularly ideal and shorter validity doesn’t fully solve the problem (a few minutes of downtime is still downtime).

The ISP hasn’t been very helpful with fixing problems on their side and insist everything is set up correctly. I was thinking that a potential solution would be to use NPTv6, so that the addresses on clients (ULA) would stay the same, and the router would be immediately aware of address changes from the ISP and could adapt, only breaking connections momentarily. However, I don’t see a way to do NPTv6 with DHCPv6-PD prefixes. There’s no special options to set the NPTv6 prefix to come from DHCPv6-PD, as far as I can tell. Is it possible to use NPTv6 with DHCPv6-PD prefixes, or is there another solution I haven’t thought of?

More info on flash renumbering, which is what the ISP seems to be doing: Is your ISP constantly changing the delegated IPv6 prefix on your CPE/router? (

Hello @dannytech

Yes, you can implement it using NAT66. You will use the SLAAC address provided by the provider on the WAN port.
For version 1.4:

set nat66 source rule 100 outbound-interface 'eth0'        -> Your WAN interface
set nat66 source rule 100 source prefix 'fd00:1:1:1::/64'  -> Your internal IPv6 prefix network
set nat66 source rule 100 translation address 'masquerade'

Ideally, I’d like to avoid masquerading traffic seeing as this is IPv6 and that violates the end-to-end principle (if I’m masquerading, why bother with IPv6?). Is there no way to translate to an outside dynamic prefix?

Hello @dannytech,
You can try to set the lifetime for the prefix in the router-advert settings.

Thanks, I did this in the past and it’s helped significantly (at the moment have it set to 2.5/5 minutes), which is far from ideal but works with noticeable but at least short downtime. Just trying to find a better solution.