I found my problem- I had an outbound NAT rule that applied to both IPv6 and IPv6 that was rewriting the source of UDP packets to the WAN address (not the link local address) [image: 1776748520552-efc1ad6d-3b8d-4b6b-8976-b92b583dbd9c-image.png] When the ISP saw the packets from the GUA they were ignored- these are supposed to come from link-local. I guess the initial request went through because there was no WAN address for them to be rewritten to. Updating this rule to only affect ipv4 seems to have fixed my issue- I will have to wait a few hours to tell for sure but I see replies in packet captures. WAN firewall allows ipv4+ipv6 UDP port 546, 547 MAC address on WAN is set to the address on the ATT gateway "Do not allow PD/Address release" is unchecked. "Prefer IPv4 over IPv6" is checked I found this by comparing packets from my primary ISP and my backup ISP- primary: 5 28.595589 2001:XYZ::1 ff02::1:2 DHCPv6 156 Renew XID: 0x1ff509 CID: 0001000131609bcc0cc47a6cef34 IAA: 2001:XYZ:::::1 I eventually did a packet capture on my failover wan and saw these renew packets that did get a response: 1 0.000000 fe80::ec4:7aff:fe6c:ef36 ff02::1:2 DHCPv6 130 Solicit XID: 0xd90503 CID: 0001000131609bcc0cc47a6cef34 Note these are coming from the link-local address instead of the GUA (2001::.XYZ)- this was the clue I needed to figure out the problem.