a little confusing. about ndp-proxy HOT 5 CLOSED

In this example, eth0 is the interface where ndp-proxy will answer to the Network Sollicitation packets for the ::1/64 network (which is nonsense actually, those are just example values). The proxy does not care is there is actually such a network on the same machine, it just answers the NS packets.
So I think this is what you call the "outer" interface, even though there are no concept of inner/outer or up/down interface as far as the proxy is concerned.

from ndp-proxy.

ndp-proxy listen to an interface, and when it receive an NDP Network Solicitation packet for an IPv6 in a given subnet, it will answer a Network Advertisement packet as if that IP was actually bound to the interface. This allows to route a subnet (subnet X)through a machine acting as a router(machine A) without having to configure a route to that machine on upstream routers. It is useful especially if upstream routers are managed by somebody else and cant be modified.

take this as example, in divide /64. machine A and subnet X, similarly machine B and subnet Y (omitted in picture). definitely no public route. I looked some documents mentioned ndp proxy but still some confusing. some one said ndp proxy can avoid the same ipv6 because the upper level see them as in a /64 subnet. and some one said only with ndp proxy subnet X Y can ping each other. in a word damn /64. divide /60 is much easier and will get slaac but isp only give me /64.

                     x:x:x:x:1::1/80      +--------------+               +---------------+
                                          |              |               |               |
            +-------------+               |  machine A   +---------------+    subnet X   |
            |             +---------------+              |               |               |
 +----------+             |               |              |               |               |
            |             |               +--------------+               |               |
        x:x:x:x::/64      |                                              +---------------+
get pd  isp route to here |     x:x:x:x:1::/80     x:x:x:x:2::1/80
            |             |                                          x:x:x:x:2::/80
            |             |
            |             |
            |             |
            |             |
            |             |
            +-------------+

from ndp-proxy.

What is sure is that you need an ndp proxy to get this setup working, otherwise the ISP would have no way to know that machines on the subnet X (or Y) exist and would not send any packet destined to them.
I see no reason that subnet X and Y would not be able to ping each other if the setup is done correctly.

from ndp-proxy.

again this is my second level openwrt (machine A) only when I set ndp-proxy on in openwrt the subnet X could ping first level router and verse visa (tested). and "ip -6 neigh show proxy" there adding a lot of ipv6s. so i hope to know if I run linux, should I need your programs because I see ip command only add one ip each time.

                     x:x:x:x:1::1/64      +--------------+               +---------------+
                                          |              |               |               |
            +-------------+               |  machine A   +---------------+    subnet X   |
            |             +---------------+              |               |               |
 +----------+             |               |              |               |               |
            |             |               +--------------+               |               |
        x:x:x:x::/64      |                                              +---------------+
get pd  isp route to here |     x:x:x:x:1::/64     x:x:x:x:2::1/64
            |             |                                          x:x:x:x:2::/64
            |             |
            |             |
            |             |
            |             |
            |             |
            +-------------+

from ndp-proxy.

Yes, you need some kind of NDP proxying on the left side of machine A for this to work. Either the linux kernel, but you have to add every IP address of the subnet X by hand, or ndp-proxy if you want to "proxy" the whole subnet X. That is the whole point of ndp-proxy !

The command "ip -6 neigh show proxy" will only report the IP addresses proxied by the kernel, not the range proxied by ndp-proxy, which runs in userspace and is totally independent from the kernel.

from ndp-proxy.