Traffic Shaper Firewall Rules for WANv6 traffic with globally routable IP

WhizzWr

Context is this old discussion:
Re: Limiter not working with IPv6 active

I'm trying to apply Traffic Shaper to fix Bufferbloat.

Followed this tutorial: https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

IPv4 works like a charm, but no go with IPv6.

@Bob-Dig answer is spot on:

The source in the rule can't be WAN-address because you most probably don't NAT with IPv6, use any instead or if you have a fixed prefix, use that

So I can set the source address to my prefix or any.. BUT this shaper applies to local traffic as well. :( My gigabit LAN is now reduced to the WAN speed.

Makes sense, since my local devices has globally routable IPv6 address and modern device/networking stack will prefer to use that rather than local link address. Those are not "WAN Address".

Is there a rule/condition on the floating rule that can distinguish local IPv6 traffic from WAN traffic, given both uses globally routable address?

I've been reading https://www.reddit.com/r/PFSENSE/comments/ousyta/matching_only_nonlocal_ipv6_via_filter_rules/ and it seems I can tag my local traffic and then set it on floating rule of the shaper, but I need to read futher.

TIA!

Bob.Dig

@WhizzWr said in Traffic Shaper Firewall Rules for WANv6 traffic with globally routable IP:

BUT this shaper applies to local traffic as well.

It is on WAN, why should it apply to local traffic.

WhizzWr

@Bob-Dig

I don't know how and why, but it does. :(
I confirmed the unintended traffic shaping with simple iperf3 between local devices. With floating rules off there is shaping, with the floating rules off, I get gigabit speed again. The shaping is bidirectional.

Are you saying regardless of the traffics IPv6 adress being globally routable, they should be treated as local traffic since the interface is still LAN?