Hi all…
after successfully getting into IPv6 configuration, I decided to take a step back and look at the IPv4 part of the DS-Lite connection my ISP is offering.
Thus, deactivated/removed all forwarding IPv6 RA mechanisms for the following experiment and left only the IPv6 on the hardware interface carrying the WAN line.
DS-Lite has been set up “manually” (logged the DHCPv6-client options to get AFTR FQDN).
NAT is only applied to the PPPoE interface (sNAT Masq.), something I’m not sure about as the outgoing link is IPv6…
See export.
What happens is that my connection is behaving as if there were MTU issues.
Some websites load slow, some not at all.
But:
Pinging them with fixed package sizes does work for most.
Except for example DuckDuckGo, which only responds up to 72 bits… 
And I’m a bit out of options as to why … 
/interface bridge
add admin-mac=DC:2C:6E:57:EB:2E auto-mac=no igmp-snooping=yes name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1_wan
set [ find default-name=ether5 ] name=ether5_mgmt
/interface ipipv6
add !keepalive local-address=:: name=dslite1 remote-address=aftr.fra.purtel.com
/interface vlan
add interface=ether1_wan name=007_DGN vlan-id=7
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 disabled=no interface=007_DGN max-mtu=1492 name=\
pppoe-out1_DGN use-peer-dns=yes user=###########.digital
/interface list
add name=WAN
add name=LAN
add name=MGMT
add name=WAN_dslite-Tunnel
/ip pool
add name=pool_mgmt ranges=192.168.88.101-192.168.88.200
add name=pool_downstream ranges=172.21.253.2
/ip dhcp-server
add address-pool=pool_mgmt interface=ether5_mgmt lease-time=10m name=dhcpv4_mgmt
add address-pool=pool_downstream interface=ether2 lease-time=1d name=dhcpv4_downstream
/ip smb users
set [ find default=yes ] disabled=yes
/ipv6 dhcp-client option
add code=6 name=OPTION_ORO-OPTION_AFTR_NAME value=0x0040
add code=6 name=OPTION_ORO-OPTION_DNS_SERVERS value=0x0017
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set accept-source-route=yes
/interface list member
add interface=bridge1 list=LAN
add interface=ether5_mgmt list=MGMT
add interface=pppoe-out1_DGN list=WAN
add interface=ether4 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=dslite1 list=WAN_dslite-Tunnel
add interface=ether1_wan list=LAN
add interface=007_DGN list=LAN
/ip address
add address=192.168.88.1/24 interface=ether5_mgmt network=192.168.88.0
add address=192.0.0.2/29 interface=dslite1 network=192.0.0.0
add address=172.21.253.1/30 interface=ether2 network=172.21.253.0
/ip dhcp-client option
add code=55 name=req_6rd value=0x010306d4
add code=6 name=req_dns_aftr value=0x00170040
/ip dhcp-server network
add address=172.21.253.0/30 gateway=172.21.253.1
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers="8.8.8.8,1.1.1.1,9.9.9.9,2001:4860:4860::8888,2001:4860:4860\
::4444,2606:4700:4700::1111,2606:4700:4700::1001,2620:0:ccc::2,2620:0:ccd::2"
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=forward
add action=accept chain=input
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMP from WAN" in-interface=pppoe-out1_DGN \
protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" \
dst-address=127.0.0.1
add action=accept chain=input comment="allow WinBox from WAN" in-interface=pppoe-out1_DGN port=\
8291 protocol=tcp
add action=accept chain=input comment="allow SSH from WAN" in-interface=pppoe-out1_DGN port=22 \
protocol=tcp
add action=drop chain=input comment="drop anything else from WAN" in-interface=pppoe-out1_DGN
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.0.0.1 routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ipv6 address
add from-pool=pool-pppoe-pd interface=ether1_wan
/ipv6 dhcp-client
add dhcp-options=OPTION_ORO-OPTION_DNS_SERVERS,OPTION_ORO-OPTION_AFTR_NAME dhcp-options=\
OPTION_ORO-OPTION_DNS_SERVERS,OPTION_ORO-OPTION_AFTR_NAME interface=pppoe-out1_DGN pool-name=\
pool-pppoe-pd pool-prefix-length=60 rapid-commit=no request=prefix script=":log info (\$option\
s->\"64\") \r\
\n:log info (\$options->\"23\")\r\
\n#:global aftr (\$options->\"64\")"
/ipv6 firewall address-list
add address=::/128 comment="unspecified address" list=bad_ipv6
add address=::1/128 comment=lo list=bad_ipv6
add address=fec0::/10 comment=site-local list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=ipv4-mapped list=bad_ipv6
add address=::/96 comment="ipv4 compat" list=bad_ipv6
add address=100::/64 comment="discard only " list=bad_ipv6
add address=2001:db8::/32 comment=documentation list=bad_ipv6
add address=2001:10::/28 comment=ORCHID list=bad_ipv6
add address=3ffe::/16 comment=6bone list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="DEBUG ONLY - IN AllowAll" in-interface-list=all
add action=accept chain=forward comment="DEBUG ONLY - FWD AllowAll" in-interface-list=all \
out-interface-list=all
add action=accept chain=output comment="DEBUG ONLY - OUT AllowAll" out-interface-list=all
add action=accept chain=input comment="accept ALL from MGMT" in-interface-list=MGMT
add action=accept chain=input comment="accept established, related, untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation from LinkLocal Src" \
dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="accept DHCPv6-Server/Relay requests" dst-port=547 \
protocol=udp
add action=accept chain=input comment="accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="accept all that matches ipsec policy" ipsec-policy=\
in,ipsec
add action=drop chain=input comment="drop everything else coming from WAN" in-interface-list=WAN
add action=accept chain=forward comment="accept ALL from MGMT" in-interface-list=MGMT
add action=accept chain=forward comment="accept established, related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=\
icmpv6
add action=accept chain=forward comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="accept HIP" protocol=139
add action=accept chain=forward comment="accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="accept all that matches ipsec policy" ipsec-policy=\
in,ipsec
add action=accept chain=forward comment="accept UDP traceroute" dst-port=33434-33534 port="" \
protocol=udp src-port=""
add action=drop chain=forward comment="drop everything else coming from WAN" in-interface-list=\
WAN
/ipv6 firewall raw
add action=accept chain=prerouting comment="DEBUG ONLY - AcceptAll"
/ipv6 nd
set [ find default=yes ] disabled=yes dns="2001:4860:4860::8888,2001:4860:4860::4444,2606:4700:470\
0::1111,2606:4700:4700::1001,2620:0:ccc::2,2620:0:ccd::2" interface=bridge1 \
managed-address-configuration=yes other-configuration=yes
add disabled=yes dns="2001:4860:4860::8888,2001:4860:4860::4444,2606:4700:4700::1111,2606:4700:470\
0::1001,2620:0:ccc::2,2620:0:ccd::2" interface=ether5_mgmt
/system clock
set time-zone-name=Europe/Berlin
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=ptbtime1.ptb.de
add address=ptbtime2.ptb.de
add address=ptbtime3.ptb.de
add address=ptbtime4.ptb.de
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
