IPv6 routing setup (using native IPv6)-Collection of common programming errors

I administrate the network for a small organisation. Having only experience with IPv4, I’m unsure of how to best approach IPv6.

Existing IPv4 setup

We have 13 public IPv4 addresses which are all NAT’ed to internal RFC 1918 addresses (one mapping one-to-many for users, the rest mapping one-to-one for servers). All outgoing traffic goes our ISP’s (single) upstream gateway. Our own router runs Linux.

In beautiful ASCII art, the network looks akin to this:

client                   router                upstream
10.0.0.x             10.0.0.1     192.0.2.2             192.0.2.1

IPv6 setup

Of course, with IPv6, there is no need for NAT, since we have been allocated four /64 networks (let’s say “9:9:9:0::/62”), of which one contains the upstream router. What’s the norm for a similar IPv6 network?

A) Possible IPv6 network layout:

client                   router                upstream
9:9:9:1::x           9:9:9:1::1           9:9:9:0::2             9:9:9:0::1

The question is then, how to get the upstream gateway to route packets through our router. With NAT and IPv4, it was simple: our router owned the addresses and responded to ARP requests for them. But now, the upstream gateway expects to find the LAN hosts on its own subnet, and fails.

1) I’ve looked into NDP proxying (the IPv6 version of ARP proxying), to let the router advertise all the addresses in 9:9:9:1/64. However, Linux, at least, seems to require a separate Netfilter entry per IP-address, which is of course entirely impossible with IPv6. Am I missing something?

2) It seems it should be possible to use NDP router advertisement to advertise our router as the “downstream gateway” for 9:9:9:1::/64. Can’t get it to work, though. Perhaps our ISP ignores the router advertisement?

3) Do we need to ask our ISP to manually configure their upstream gateway to use our router? Seems weird it should be necessary under IPv6 and not under IPv4.