how-to block ads
|
|
Uniqs:
1532 |
Share Topic
 |
 |
|
|
|
 JTCAlways Mount A Scratch Monkey
join:2002-01-09
USA | v4/v6 traffic shaping, transparent if possible Just what it says on the tin. 
I was thinking about the increase of v6 enabled sites and noticed from my traffic stats that v6 traffic is increasing (duh), which means that I really should look at implementing some kind of traffic shaping for the v6 side of the house.
The potential problem, as things sit right now, is that the v6 side is done via a he.net tunnel using a separate router (m0n0wall) from the comcast connection router (pfsense).
Since the two don't really talk to each other in regards to QoS, my first thought was to set up some kind of stand-alone transparent QoS device outside of the m0n0/pfsense boxen, but I'm not finding much in the way of transparent setups (at all), much less ones that know v6 (tunneled or otherwise).
Anyone else looked into this and have any suggestions?
--
All hardware sucks, all software sucks, some just suck more than others | |
| Is there any reason why you can't run the tunnel on the gateway router? That would seem to be the simplest solution.
The pfsense router should be able to shape v6 traffic en masse by matching protocol 41. You could also explore the possibilities of using DSCP to have the m0n0wall write its QoS labels to packet headers, and let pfsense use that for shaping... although I'm not sure what would be needed to match against the pre-tunnel v6 packet but write the DSCP bits to the v4 header of the tunnel-encapsulated packet that is actually output.
If I might plug my own work: the next release of TomatoUSB will contain robust IPv6 support, including a config page to easily enter the settings for a he.net tunnel, and all the QoS rules automatically apply to both v4 and v6 traffic wherever appropriate. | | |
|
JTCAlways Mount A Scratch Monkey
join:2002-01-09
USA | said by Westacular:Is there any reason why you can't run the tunnel on the gateway router? That would seem to be the simplest solution. It would, if pfsense officially supported ipv6, especially via the gui, which it doesn't at the moment, and isn't planned until post 2.0 release.
said by Westacular:The pfsense router should be able to shape v6 traffic en masse by matching protocol 41. You could also explore the possibilities of using DSCP to have the m0n0wall write its QoS labels to packet headers, and let pfsense use that for shaping... although I'm not sure what would be needed to match against the pre-tunnel v6 packet but write the DSCP bits to the v4 header of the tunnel-encapsulated packet that is actually output. That's the catch. QoS using protocol 41 isn't quite granular enough, I want to make sure the DNS and SMTP packets get priority over anything else, so it's looking to be something that either needs to be implemented on the pfsense machine itself or find a way to have the m0n0 and pfs machines talk to each other.
DSCP might be an option, if I can find anything on implementing it on the m0n0 and pfs boxes, both of which I'm turning up semi-empty on (next version, bare bones info, etc)
said by Westacular:If I might plug my own work: the next release of TomatoUSB will contain robust IPv6 support, including a config page to easily enter the settings for a he.net tunnel, and all the QoS rules automatically apply to both v4 and v6 traffic wherever appropriate.
At the time I was looking at tomato last, it didn't support multiple IP's on the same interface (I've got five statics), so unfortunately, it's not a viable replacement for my current setup. That being said, I was looking at it to replace the dd-wrt install on my old linksys (which I still use for my wireless clients in the house), but the lack of IPv6 support in the current release limits it's usefulness to me. But if the next version will have better, if not superb, support for v6, I'll have to take a look at it again when it's released.
--
All hardware sucks, all software sucks, some just suck more than others | |
|
