IPv6 Prefix Delegation

All true.  Still broken to this day (BGW320).  Although it is possible to do multiple PD requests to grab up to eight /64 blocks, this is non-standard and requires custom programming around your behavior.

I got AT&T gigabit fiber and sure enough there was IPv6, but only one /64 block. I share an apartment with my son, and I created two subnets - one for him, one for me, using pfSense. Not a big deal on IPv4, just created two private subnets (172.20/16 and 172.21/16), but I had to bring in tunneled IPv6 from HE (with a free /48) to set up two separate IPv6 subnets. IETF recommends at least a /60 (16 subnets) or /56 (256 subnets) for home users, and /48 for business users. 

Just using the existing 2000::/3 allocation block, there are enough addresses to give every human alive over 5,000 /48 blocks. STOP THINKING IN TERMS OF IPv4!

Assigning a /64 or longer prefix does not conform to IPv6 standards and will break functionality in customer LANs. With a single /64, the end customer CPE will have just one possible network on the LAN side and it will not be possible to subnet, assign VLANs, alternative SSIDs, or have several chained routers in the same customer network, etc.

https://www.ripe.net/publications/docs/ripe-690#4-2-3--prefixes--longer-than--56

It is strongly discouraged to assign prefixes longer than /56 unless there are very strong and unsolvable technical reasons for doing this.

There are enough IPv6 addresses to delegate end-users a /48, so a /56 already represents a sizeable restriction. There is no need to delegate fewer addresses than that

https://www.ripe.net/publications/docs/ripe-690#4-2-3--prefixes--longer-than--56

That same document: 

"A delegated prefix for use within the home network (mandatory). The Broadband Forum suggests a size for the delegated prefix of at least a /60 for home network or SOHO environments, with a recommended prefix length of /56. The delegated prefix may be extended to a /48 for larger organizations."

If you represent a larger organization then I believe you can get a /56 or /48 from the business services sold by AT&T.

You can't.  I just checked.  Whether your GPON service is residential as the "1000 internet" or business class, the same BGW320 is used as the router/ONT.  No CPE change. Thus, it still has the same bug in the implementation of DHCPv6 PD responses.  In all requests for a PD, sized with a hint length or zero for all of it, all you get is a worthless /64 than contains just a single address block

I'm up and running now with both native and tunnel routing for IPv6 using OpenWrt and have finally two subnets with correct v6 addressing.

LAN has

option ip6hint '000a'

GUEST has

option ip6hint '000b'

I skipped using 192.168.1.0/24 because that routes to the BGW320 for its web interface at 192.168.1.254

I still demand my /56

Here's the /etc/config/network settings

config interface 'wan6tun'
	option proto '6rd'
	option iface6rd 'wan'
	option peeraddr '12.83.49.81'
	option ip6prefixlen '60'
	option mtu '1480'
	option ip6prefix '2602:30x:xxxx:xxx0::'
	option ip4prefixlen '32'

config interface 'wan6native'
	option ifname 'eth1.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option peerdns '0'
	list dns '2001:4860:4860::8888'
	list dns '2001:4860:4860::8844'
	option reqprefix '56'     # maybe one day we'll finally get a /56

The tunnel should auto-config from a DHCP option, but AT&T doesn't advertise it so you'll need to calculate your addy

@OpenWrt:~# V4L=69.209.xx.xx
@OpenWrt:~# echo $V4L | awk -F. '{ t=sprintf("%02x%02x%02x%02x", $1, $2, $3, $4); print "2602:30"substr(t,1,1)":"substr(t,2,4)":"substr(t,6)"0::" }'
2602:30x:xxxx:xxx0::
@OpenWrt:~#