We've done some testing on IPv6 rate limiting which showed that it isn't currently supported, so I've had a bit of a look at the code, and noticed that the following define in ntedev-linux.c:
#define POLICE_CONFIG_CMD "/sbin/tc filter add dev %s parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate %dkbit burst %dk mtu 65535 drop flowid :1" This is called within netdev_linux_set_policing to set rate limiting. As is clear from the command, it's IPv4 only. I've also done some further looking around, and it turns out that official site (http://lartc.org/) suggests that IPv6 is not supported for rate limiting, the site is very out of date, and it should, in fact, be possible (see http://tcn.hypert.net/tcmanual.pdf, for example). I'm guessing that adding a second command, along the lines of #define POLICE_CONFIG_CMD_IP6 "/sbin/tc filter add dev %s parent ffff: protocol ip6 prio 51 u32 match ip6 src 00::00/0 police rate %dkbit burst %dk mtu 65535 drop flowid :1" ...might work, as long as both were applied (note that I've changed the priority). Has anyone tried this, or are there other missing pieces, such as how the packets are marked, that are likely to cause problems? I'm willing to accept that there's much deeper work to be done - I've only just started scratching the surface this afternoon, and am very far from being a tc guru. -Mike. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
