How to manage IPv6 addresses in a home network?

Question

I apparently don't understand something about IPv6. Or I'm trying to use my experience with IPv4 networks... In any case, I have a problem.

I want to manage IPv6 addresses in my home network. I want to assign a single IPv6 address to a device. I want to give each host a DNS name, create rules in the firewall, set up monitoring (let's say it will be basic ping monitoring). With IPv4, it's clear - I take the MAC address of the device, generate an IPv4 address. I write this address in DHCP, register the name with the address in DNS, then monitoring, firewall, and so on.

With IPv6, it doesn't work that way. Yes, there is DHCPv6. But not all devices can work with DHCPv6 (smartphones, TVs, IoT devices, etc.). And the SLAAC algorithm issues IPv6 addresses that I cannot predict in advance.

I have spent quite a bit of time looking for a solution. But I haven't found one. Hasn't a mechanism for managing addresses in IPv6 networks been developed in almost 30 years?

How is it supposed to manage addressing, monitoring, and even the configuration of software that needs to specify host addresses? How is it supposed to manage the firewall to restrict hosts that can access the internet (given that a host can simply get another address)?

Just in case, I will show my configuration. Maybe I just set everything up incorrectly?

dhcpv6

ddns-update-style none;
authoritative;
if not known
{
    log(info, concat("Unknown host.",
                     " DUID: "        , option dhcp6.client-id,
                     " interface-id: ", option dhcp6.interface-id,
                     " remote-id: "   , option dhcp6.remote-id));
}
shared-network "domain.local"
{
  interface internal_0;
  option dhcp6.name-servers 2001:XXXX:YYYY:1::1;
  option domain-name-servers ns.domain.local;
  option dhcp6.domain-search "domain.local";
  option ntp-servers ntp.domain.local;
  option dhcp6.preference 255;
  default-lease-time 86400;
  max-lease-time 345600;
  deny duplicates;
  ping-check true;
  update-optimization false;
  allow leasequery;
subnet6 2001:XXXX:YYYY::/48
  {
    prefix6 2001:XXXX:YYYY:: 2001:XXXX:YYYY:: / 64;
pool6
{
  range6 2001:XXXX:YYYY:1::1 2001:XXXX:YYYY:1::1000;
  deny unknown-clients;
}

pool6
{
  range6 2001:XXXX:YYYY:1::1001 2001:XXXX:YYYY:1::2000;
  range6 2001:XXXX:YYYY:1::/64 temporary;
  allow unknown-clients;
}

}
}
host ap-garage_48_8F_5A_CD_3B_03
{
  hardware ethernet 48:8F:5A:CD:3B:03;
  host-identifier option dhcp6.client-id 00:03:00:01:48:8f:5a:cd:3b:03;
  fixed-address6 2001:XXXX:YYYY:1::5f;
} # Interface name: (Internal)
...
Other hosts

radvd

interface internal_0
{
    AdvSendAdvert on;
    AdvManagedFlag on;
    AdvOtherConfigFlag on;
    AdvHomeAgentFlag off;
    MinRtrAdvInterval 8;
    MaxRtrAdvInterval 80;
prefix 2001:XXXX:YYYY::/48
{
    AdvOnLink on;
    AdvAutonomous off;
    AdvRouterAddr on;
};
prefix 2001:XXXX:YYYY:1024::/64
{
    AdvOnLink on;
    AdvAutonomous on;
    AdvRouterAddr on;
};
RDNSS 2001:XXXX:YYYY:1::1 {};

DNSSL domain.local {};

};

Answer 1

And the SLAAC algorithm issues IPv6 addresses that I cannot predict in advance.

Most devices use SLAAC to generate a stable address – not necessarily predictable but usually the same every time.

PCs are the main exception with their use of "privacy" addresses, but usually it's not those that need restrictions.

Hasn't a mechanism for managing addresses in IPv6 networks been developed in almost 30 years?

It has; it's called DHCPv6. The problem is not the lack of mechanism, but the lack of adoption.

How is it supposed to manage the firewall to restrict hosts that can access the internet (given that a host can simply get another address)?

In larger networks, have separate subnets with their own prefixes and treat the subnet as the smallest unit. In small networks, use firewall rules that filter by MAC address.

A host can still get another address in IPv4, e.g. by specifying a different DHCPv4 "Client Identifier" (it usually matches the MAC address but doesn't have to).