Comment 4 for bug 1818960

The prefix delegation code I mentioned is in _process_pd_iptables_rules(), and it's called when a port with an address scope is added to a router.

In your case you are not adding such a port, instead you are just adding an IPv6 subnet to the private network, then adding an interface for the router in the subnet. That will not explicitly make that subnet routable since the internal "address scope" is different than the external address scope (on the external network).

Here are a couple of links to both address scopes and IPv6 configuration:

https://docs.openstack.org/neutron/rocky/admin/config-address-scopes.html
https://docs.openstack.org/neutron/rocky/admin/config-ipv6.html

In the second there is a section on Prefix Delegation, which is what I would recommend if your infrastructure supports it (i.e. upstream router running a PD server). If not then you should be able to use address scopes and subnet pools such that all the IPv6 subnets are allocated from the same pool (internal and external), and therefore have the same address scope. This should cause the missing rule to get added when the router is added to the internal subnet.