From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Fri, 13 Jan 2017 18:02:22 +0000 Subject: Re: tc and IPv6 : any experiences ? Message-Id: <5879162E.1080807@gmail.com> List-Id: References: <200173d8-5856-c64e-55d2-6ce34752882f@auf.org> In-Reply-To: <200173d8-5856-c64e-55d2-6ce34752882f@auf.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Dave Taht wrote: > On Fri, Jan 13, 2017 at 5:49 AM, Alan Goodman > wrote: >> 'Just works' for me. >> >> TF + HFSC + FQ_Codel. QoS categoriser written in iptables rules which mark >> the traffic was 'cloned' across using ip6tables. Slight adjustments needed. > > I pointed to a common mistake folk tend to make when dealing with > ipv6, in writing a filter rule, or a default bin, here: > > https://www.bufferbloat.net/projects/cerowrt/wiki/Wondershaper_Must_Die/ > > When I started that rant I was seeing in nearly every off the shelf > shaper a tc pattern match that looked like this: > > tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ > 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 > > Instead of > > tc filter add dev ${DEV} parent ffff: protocol all match u32 0 0 \ > police rate ${DOWNLINK}kbit burst 100k drop flowid :1 > > > Not matching protocol "all", thus ipv4 only - and thus the instant you > added ipv6 to a network, the shaper (or policer in this case), failed > to shape successfully any traffic. Additional problems listed in the > link above. I went on a search-and-destroy mission on every shaper I > could find that was public to fix it a few years ago, but there's so > much copy/pasted tc code out there... I was about to post that ip is just v4, but would also add - be careful with protocol all as well. You may end up shaping/dropping "critical" packets like arp.