IPv6 Prefix Delegation

You do know that a /64 gives you a ton of subnets?  The total address space is /128 - so you can create a bunch of /96 subnets off your /64 allocation?

Heck the entire IPv4 allocation is just one of the /96 subnets...

So please, double check that you are doing your math correct.

::1/128 is the local host

which means:

::1/96 is equivalent to the entire IPv4 address space (32bit)

As a matter of fact, you can create as many 32 bit subnets in the /64 space as there are IPv4 addresses....

Yes, but /64 allows creation of only one subnet, as per a number of RFCs.  See here:

http://serverfault.com/questions/714890/ipv6-subnetting-a-64-what-will-break-and-how-to-work-around-it

and here:

https://tools.ietf.org/html/rfc7421

A /64 delegation assumes only one subnet.  While this would be enough for many home users, many use cases can be made to have multiple subnets to segregate different kinds of traffic.  For example, I don't want the subnet containing my main computers to be shared with address space open to Wifi and IOT traffic.

ISPs were supposed to issue /48 prefixes, but rfc7421 argues that /56 would be fine.  I'd argue that /60 would be more than sufficient for home and SOHO usage.  /64 works for a very simple environment, maybe one computer connected directly to the cable modem? 

This is all difficult enough as it is and I'd rather not get down into the weeds about trying to subnet past /64.  IPv4 and NAT still works fine...

I'll bow to your greater knowledge of the RFCs, I just looked at this mathematically. 

I just checked my dd-wrt and it does default to asking for a /64 - I'm not sure if pfsense does the same.  Merlin for ASUS routers lets you choose the prefix it requests as well.

Sounds like that might be a good thing to check.

That's good news, Chris!  No, I'm not using dd-wrt, I've got a Zyxel USG20 router/firewall.  While the USG20 is an excellent and capable router, the documentation could be a bit better.  I spent about 40-hours on this issue so far, but you give me encouragement to spend some more time on it.  Cox is a good company and I'd like to think it would do the right here. 

I'll be sure to report how it goes.

/64 will not work if you are using a cisco 1841 router and are connecting a linksys e2500. The DuID requires a /64 subnet which cox is assigning to the 1841. With tunnel broker I had no issues setting up ipv6 using an IPV6 tunnel. The tunnel broker assigned a /48 network which I was able to subnet into a /64 for the vlan that connects to the e2500 on the 1841. If you look at the rfc's a /64 is required for uid-64 to work. This is where the router will assign an address in a /64 subnet based on the mac address of the device. ANything less that /64 will not work. A /96 as the example given is not a good network to use and is not recommended. A /62 prefix provides  for 4 /64 subnets. One could be assigned to the 1841 outbound interface and the second to the Vlan on the 1841 a third would be assigned for the linksys to give out to wireless devices. 

ipv6 dhcp pool IPV6access_vlan2
 prefix-delegation 2001:470:E2C0:2::/64 00030001C8B3730402CB iaid 9A3C7A00
 address prefix 2001:470:E2C0:1::/64
 dns-server 2001:470:20::2

The previous gives the front end of the linksys a /64 address assigned by using the DUID feature of the auto ipv6 enable. This is the second line.

The third line is network  the devices connected wirelessly via IPV6 to the linksys will be assigned. 

I have not been able to make this work with the native /64 subnet assigned by cox because I cant subnet to a /64 which is required for the command above. The linksys has to auto assign its ip from the 1800 via duid which requires /64.

You should use a command in your config for the wan interface similar to this:

ipv6 dhcp client pd hint ::/60

to request a /60 subnet to allow further splitting.  change the ::/60 to whatever size you want (/56 /58 /60 /62)

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i1.html#wp9077522340