Unifi Secure Gateway and Box Broadband IPv6
TLDR: The prefix length needed for the Unifi Secure Gateway for Box Broadband is 56, not 64.
We recently updated the broadband at home to full fibre from Box Broadband. One of the many selling points was that they support IPv6 and are happy for customers to use their own routers.
The installation went smoothly, they delivered a box which takes the fibre and has a standard rj45 Ethernet connector that when plugged into a Unifi Secure Gateway. Box Broadband emailed the connection details:
I have send you out a bridge/Modem as per your request. Please find below the required WAN setting:
Connection: PPPoE
UserName: XXXXXXXXXX@boxbb.uk
Password: YYYYYYY
Also the IPv6 prefix delegation size is 64.
Using those settings the link came up and all was good, except IPv6.
cgerhard@Router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u WAN
eth1 192.168.1.1/24 u/u LAN
2a0e:3700:20bf:6900:feec:daff:fe43:a676/56
eth1.2 192.168.2.1/24 u/u
eth2 - A/D
lo 127.0.0.1/8 u/u
::1/128
pppoe0 149.102.31.39 u/u
2a0e:3700:1000:2c4c:cc42:5d5a:c95c:5faa/64
cgerhard@Router:~$
cgerhard@Router:~$ ping6 facebook.com
PING facebook.com(edge-star-mini6-shv-01-lcy1.facebook.com) 56 data bytes
64 bytes from edge-star-mini6-shv-01-lcy1.facebook.com: icmp_seq=1 ttl=59 time=3.37 ms
64 bytes from edge-star-mini6-shv-01-lcy1.facebook.com: icmp_seq=2 ttl=59 time=4.14 ms
^C
--- facebook.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 3.370/3.758/4.147/0.393 ms
cgerhard@Router:~$
00:2c4c:cc42:5d5a:c95c:5faa/64
cgerhard@Router:~$
So from the router I can ping facebook’s IPv6 address but still nothing for the clients.
The strange thing to my eyes is the prefix for eth1 is /56, when I would expect the prefix to be greater than or equal to the prefix of pppoe0 network. Unifi support could offer no clues and Box Broadband support looked at my settings and said they were correct.
So today I opted for “making changes to see if it works” and I decreased the Prefix Length by one on the WAN interface and noticed the prefix length on eth1 increased. Still IPv6 did not work but, there was no smoke, so I decreased the WAN prefix to 56 and now I have
cgerhard@Router:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u WAN
eth1 192.168.1.1/24 u/u LAN
2a0e:3700:20c1:1700:feec:daff:fe43:a676/64
eth1.2 192.168.2.1/24 u/u
2a0e:3700:20c1:1701:feec:daff:fe43:a676/64
eth2 - A/D
lo 127.0.0.1/8 u/u
::1/128
pppoe0 149.102.31.39 u/u
2a0e:3700:1000:2c4c:cc42:5d5a:c95c:5faa/64
cgerhard@Router:~$
And now I have working IPv6 on both networks
Chris Gerhard's Blog 
Awesome. I’ve ordered a Box connection and am planning on using my own Edgerouter device so this info is very helpful. Cheers!