https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-06-27T13:52:15ZpfSense bugtrackerpfSense - Feature #8599: IPv6 flow labelshttps://redmine.pfsense.org/issues/8599?journal_id=368012018-06-27T13:52:15ZJim Pingle
<ul><li><strong>Category</strong> set to <i>Rules / NAT</i></li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Very Low</i></li></ul><p>Looks like <code>ipfw</code> can match, but not set the IPv6 <code>flow-id</code>. I don't see any reference to a similar function to match in pf, and thus neither would have a way to set the flow-id. Limiters use ipfw/dummynet but the rules are still created through pf, so again, no way to match or set the flow-id. So that isn't going to be possible. You can ask upstream in FreeBSD if that can be added to pf, and we could pick up support for that if they add it.</p>
<p>For load balancing, that would maybe be found in the HAProxy package. Since someone from HAProxy wrote that RFC, you may be in luck there. The HAProxy package maintainer may want to look into that eventually. That should be moved to a separate ticket in the pfSense Packages area here.</p>
<p>For ECMP/LAGG, I don't see that as supported in FreeBSD but if you can point out where it is, I can take a look. ECMP isn't supported currently for IPv4 or v6. We don't have any GUI options for controlling LAGG hashing either, though the OS supports some things there. There is a flowid reference in LAGG support but it is unrelated to IPv6, it's for allowing the NIC to control hashing. Looks like that would need to be handled by FreeBSD first as well.</p> pfSense - Feature #8599: IPv6 flow labelshttps://redmine.pfsense.org/issues/8599?journal_id=369492018-07-09T07:35:55ZDavid Horndhorn2000@gmail.com
<ul></ul><p>sysctl -d net.inet6.ip6.auto_flowlabel</p>
<p>net.inet6.ip6.auto_flowlabel: Provide an IPv6 flowlabel in outbound packets</p>
<p>man inet6<br /><pre>
IPV6CTL_AUTO_FLOWLABEL (ip6.auto_flowlabel) Boolean: enable/disable
automatic filling of IPv6 flowlabel field, for
outstanding connected transport protocol packets.
The field might be used by intermediate routers
to identify packet flows. Defaults to on.
</pre><br />Just for reference. I'm not sure if this particular kernel knob givens the requester part of what they are looking for.</p> pfSense - Feature #8599: IPv6 flow labelshttps://redmine.pfsense.org/issues/8599?journal_id=370272018-07-16T07:36:45ZJim Pingle
<ul></ul><p>Since that's fully automatic it doesn't appear to allow the kind of control implied in the original request. That likely only affects packets sourced from the firewall itself, as well, and not for traffic flowing through the firewall.</p>