Do you have service router-advert set on the interface that you want to have the fc00:470:f1cd:101::/64 on, and does it have managed-flag set? For a client to use DHCPv6, it must first get a RA with managed flag, only then it'll try DHCPv6. The interface must not have no-default-link-local, because RA and DHCPv6 depend on a link-local to work.
What does your show interfaces and show service router-advert show protocols config look like, and also run show ipv6 route and run show dhcpv6 server leases?
I'm running 202005090117 as well and I have no problem with DHCPv6, so the problem must be with your configuration.

The virtual machine takes DHCPv6 (over opnsense firewall virtual machine) directly from the main route of vyos1, but after waiting for a while, it can only get the suffix with the prefix of 128 that cannot be routed.

That would mean you likely have RA mis- or not-configured. A DHCPv6 address will have a /128 prefix length, the RA will give you a route to the /64 prefix that is on-link.

A ip -6 addr and ip -6 route on the client would help to see if that's the case.

The configuration mode executes show service router advert result:

interface br1 {
}
interface br2 {
    default-preference high
    hop-limit 60
    interval {
        max 600
    }
    managed-flag
    name-server fc00:410:f1cd:101::1
    name-server fc00:410:f1cd::ff00
    other-config-flag
    prefix fc00:410:f1cd:101::/64 {
        valid-lifetime 2592000
    }
    reachable-time 0
    retrans-timer 0
}

This service can provide a link with a prefix of 64, but why does DHCPv6 provide an address with a prefix of 128?

why does DHCPv6 provide an address with a prefix of 128?

That's normal, and is as designed. https://tools.ietf.org/html/rfc5942#section-4

https://community.cisco.com/t5/ipv6/ipv6-host-prefixes-set-to-128/td-p/3192039
https://serverfault.com/questions/918472/why-is-a-128-ipv6-address-assigned-via-dhcpv6-in-ubuntu

So if this is the only issue and DHCPv6 works (hands out addresses) I'd consider this issue invalid.

Let me see if it works from the vyos2 virtual machine

My vyos2 virtual machine can only get a 128 prefix address without routing. What's the matter?

Replicated the issue, I can't get a autoconf address just by setting ipv6 address autoconf. The problem is accept_ra=1, which means to not accept RAs if forwarding=1 (which it is, as we're a router).
Running sudo sh -c echo 2 > /proc/sys/net/ipv6/conf/br2/accept_ra' will make it accept RAs. We must fix the issue by also doing this in the interface scripts.

We could go 2 ways:

a) we set accept_ra to 2 when ipv6 address autoconf or address dhcpv6 is set
The drawback of this approach is that the kernel will modify the routing table by itself when it receives a RA, and this may modify the user's routes in a way in which he does not expect if he already has some existing IPv6 routes.
The benefit is it's simple and novice-friendly.

or

b) we add a new node ipv6 accept-ra to do this.
The benefit of this is that it gives the user more control over the configuration.
The drawback is that just ipv6 address autoconf or address dhcpv6 wouldn't do anything without ipv6 accept-ra, unless forwarding is disabled on the whole system (in other words, it's turned from a router to a host, which is very useless for a router, but can be done by set system ipv6 disable-forwarding), in which case, the default of accept_ra=1 will make both work.

I'm leaning more towards option a), as it's more foolproof, and if the user wants to have a autoconf or dhcpv6 address on that interface, it's highly likely he also wants to accept RAs on it.

file: /proc/sys/net/ipv6/conf/interface/accept_ra
variable: net.ipv6.conf.interface.accept_ra 

Accept Router Advertisements; autoconfigure using them.

It also determines whether or not to transmit Router Solicitations. If and only if the functional setting is to accept Router Advertisements, Router Solicitations will be transmitted.

Possible values are: 0 Do not accept Router Advertisements. 1 Accept Router Advertisements if forwarding is disabled. 2 Overrule forwarding behaviour. Accept Router Advertisements even if forwarding is enabled.

Functional default: enabled if local forwarding is disabled. disabled if local forwarding is enabled.

Nb: per interface setting (where “interface” is the name of your network interface); “all” is a special interface: changes the settings for all interfaces.

https://github.com/vyos/vyos-1x/pull/407

Ducumentation at https://docs.vyos.io/en/latest/interfaces/ethernet.html#cfgcmd-set-interfaces-ethernet-interface-ipv6-address-autoconf
is inaccurate, forwarding is not disabled if autoconf is set. It probably refers to behavior before a rewrite was done and should be updated.

@jjakob

This was a breaking change

tunnel tun0 {
-    address 172.27.113.2/30
-    description kroy-gre
-    encapsulation gre
-    local-ip XX.XX.XX.XX
-    multicast disable
-    remote-ip XX.XX.XX.XX
-}

and

-tunnel tun1 {
-    address 2001:470:xx:xx::2/64
-    description "HE.NET IPv6 Tunnel"
-    encapsulation sit
-    local-ip 10.0.10.1
-    mtu 1472
-    multicast disable
-    policy {
-    }
-    remote-ip 216.66.77.230
-}

Fail to apply with the error:

33
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 668, in <module>
    c = get_config()
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 407, in get_config
    if options['ipv6_autoconf'] or 'dhcpv6' in options['address']:
KeyError: 'address'

Right - that should be 'addresses-add' - the keys are different from other interfaces, and I don't have any tunnels configured to test. I'll make a patch.

@c-po beat me to it by 1 minute - I was wondering why my PR wouldn't merge. I apologise for the error.

No Problem - nice to see races for bugfixes