Linux tc Traffic Shaping for IPv6

bandwidth-controlipv6linuxtraffic-shaping

I have traffic shaping with tc and htb in place and everything works fine for IPv4.
Now I want to limit the bandwidth for incoming IPv6 ssh/sftp traffic to some reasonable amount, so it doesn't interfere with more critical traffic.
In short, nothing worked:

tc class add dev eth0 parent 1:0 classid 1:14 htb rate 3000kbit ceil 3000kbit prio 3

ip6tables -A POSTROUTING -t mangle -o eth0 -p tcp --dport 22 -j MARK --set-mark 14
tc filter add dev eth0 parent 1:0 protocol ip handle 14 fw flowid 1:14
# or
tc filter add dev eth0 parent 1:0 protocol ipv6 u32 match ip6 protocol 6 0xff match ip6 dport 22 0xffff flowid 1:14
# or variations of these...

How does one traffic-shape IPv6 data with tc?

Best Answer

At least on my modem/router (Actiontec C1000A, BusyBox v1.17.2, kernel version 2.6.30), I was able to match directly on the destination IPv6 address using tc (i.e. no need for ip6tables to mark the packets):

tc class add dev eth0 parent 1:0 classid 1:14 htb rate 3000kbit ceil 3000kbit prio 3
tc filter add dev eth0 parent 1:0 protocol ipv6 prio 16 \
    u32 match ip6 dst $IPV6_ADDR flowid 1:14

So, it's a guess, but I should think the following would work:

tc filter add dev eth0 parent 1:0 protocol ipv6 prio 16 u32 match ip6 dport 80 flowid 1:14

Or, using your ip6tables mangling:

tc filter add dev eth0 parent 1:0 protocol ipv6 handle 14 fw flowid 1:14

Related Solutions

Linux – Linux Traffic Shaping Using TC

Assuming eth0 is a 100mbit Ethernet connection to the Cisco Router, it should be something like this (Isn’t it?):

tc qdisc add dev eth0 root handle 1: htb default 2
# 100 mbps
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
# To LAN traffic
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 99000kbit ceil 100mbit
# IN traffic
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 120kbit
# OUT traffic
tc class add dev eth0 parent 1:1 classid 1:4 htb rate 120kbit

# IN “bands” (one for each PC)
tc class add dev eth0 parent 1:3 classid 1:10 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:3 classid 1:11 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:3 classid 1:12 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:3 classid 1:13 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:3 classid 1:14 htb rate 24kbit ceil 120kbit

# OUT “bands” (one for each PC)
tc class add dev eth0 parent 1:4 classid 1:15 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:4 classid 1:16 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:4 classid 1:17 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:4 classid 1:18 htb rate 24kbit ceil 120kbit
tc class add dev eth0 parent 1:4 classid 1:19 htb rate 24kbit ceil 120kbit

Would get me something like this:

+-----------------------------------------------------------+
|                      100 mbits (1:1)                      |
+---------+------------------------+------------------------+
| 99mbits |   120 kbits In (1:3)   |  120 kbits Out(1:4)    |
+  (1:2)  +----+----+----+----+----+----+----+----+----+----+
+---------+ PC1| PC2| PC3| PC4| PC5| PC1| PC2| PC3| PC4| PC5|
          |1:10|1:11|1:12|1:13|1:14|1:15|1:16|1:17|1:18|1:19|
          +----+----+----+----+----+----+----+----+----+----+

And for each band:

# PC1, IN
tc qdisc add dev eth0 parent 1:10 handle 20: prio
tc qdisc add dev eth0 parent 20:1 handle 22: sfq perturb 10
tc qdisc add dev eth0 parent 20:2 handle 23: sfq perturb 10
tc qdisc add dev eth0 parent 20:3 handle 24: sfq perturb 10

# PC1, OUT
tc qdisc add dev eth0 parent 1:15 handle 21: prio
tc qdisc add dev eth0 parent 21:1 handle 25: sfq perturb 10
tc qdisc add dev eth0 parent 21:2 handle 26: sfq perturb 10
tc qdisc add dev eth0 parent 21:3 handle 27: sfq perturb 10

+--------------------++--------------------+
|       PC1 IN       ||      PC1 OUT       |
+--------------------++--------------------+
|     PRIO (20:0)    ||     PRIO (21:0)    |
|      |      |      ||      |      |      |
| Prio | Prio | Prio || Prio | Prio | Prio |
|   1  |   2  |   3  ||   1  |   2  |   3  |
|(20:1)|(20:2)|(20:3)||(21:1)|(21:2)|(21:3)|
+------+------+------++------+------+------+
|  SFQ |  SFQ |  SFQ ||  SFQ |  SFQ |  SFQ |
|(22:0)|(23:0)|(24:0)||(25:0)|(26:0)|(27:0)|
+------+------+------++------+------+------+

And so on.

The rules should be like this

# PC1, OUT
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1 fw flowid 21:1
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid 21:2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid 21:3

# PC1, IN
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 16 fw flowid 20:1
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 17 fw flowid 20:2
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 18 fw flowid 20:3

and so on.

Any suggestion, comments, etc? (I have no experience in the field)

Linux – tc traffic limiting/shaping/throttling/policing in linux ipv6 issues

tc -s -d -r filter show dev eth0 may say more about what filters match.

Best Answer

Related Solutions

Linux – Linux Traffic Shaping Using TC

Linux – tc traffic limiting/shaping/throttling/policing in linux ipv6 issues

Related Topic