IPv6 Certified

IPv6 Certification Badge for vmauery

Some will care and some will not, but I can now boast that I have finished all the IPv6 certification tests at at ipv6.he.net. The last one was a real stinker. A while back, I registered mauery.org because I wanted to tinker with DNS stuff. But it turns out that I registered with a registrar that doesn't support IPv6 glue records, which were the entirety of the last certification step. I gave up after a while, since I didn't know what I was doing and didn't have the time to sit down and figure it out. Recently I got the itch to finish up my certification with he.net. I looked into glue records, which are basically the link that breaks the recursion in DNS. For IPv4, the glue records are apparently pretty easy to come by, but few registrars will do IPv6 glue records yet. Especially few actually have a way to do it without raising a support ticket. I found one that does (gkg.net), moved mauery.org over to them, and got my glue records all up in the TLD's nameserver. Hooray.

Now, mauery.org is a fully functional IPv4/IPv6 domain. You can access it via IPv4 only, dual stack, or IPv6 only. Too bad it doesn't really do anything that you could get access to... I don't run any public webservers in the domain or anything. It is basically my home network. Like I said, I purchased the domain because I wanted to play around with DNS and learn some things. For a long while, I was using mauery.home as my domain. I know, .home is not a real TLD, but I figured that it would make sure that there were no namespace collisions with any legitimate domain names. I have since moved over to the mauery.org domain.

Does my certification make me superior to you? Maybe not. But my domain kicks your domain's arrobase. And the free t-shirt doesn't hurt.

Traffic Shaping and Policing

Recently I had the opportunity to work with a customer that needed some help with traffic shaping and policing on their network. I had poked around in the past with this, trying to get guaranteed bandwidth for my VoIP phone, but the last time I checked, that setup no longer worked, so it was shelved until further notice. I just had to take care that when I was on the phone, I could not do any large downloads that would rob the bandwidth from my voice packets.

The customer gave me impetus to re-learn Linux Traffic Control. The main tool offered to us is called tc, meaning traffic control. You can learn all about tc at the Linux Advanced Routing and Traffic Control website. I spent several hours there trying to remember all I had forgotten. I also looked around at several other websites with howtos on the matter, but it seemed that they were all pointing back to lartc.org anyway. I poked around long enough to understand the recipes in their cookbook and then wrote up a script of my own.

I wanted to have about 90kb/s of guaranteed bandwidth for VoIP and then some other high priority bandwidth for things like ICMP packets, TCP ACK packets, and other low-latency stuff (things that mark the TOS field in the IP header.) In other words, I wanted to be able to:

  1. Make sure my VoIP traffic gets through so I don't have choppy phone calls
  2. Perform uploads without killing my downloads (let the ACK packets through)
  3. Be able to type in an SSH session while doing a large download
  4. Not starve my VPN to work when the network is busy (no more 3-12 second latencies, please.)
  5. Have fast ping times so I can brag to all my friends

Sounds like I am hoping for a miracle, right? Well, not really. Simply dividing the traffic into several classes and then giving each one a slice of the pie will do a lot on my quest for the Well Tempered Network. I know the VoIP bandwidth, so that is easy. Then the rest, I decided to split into quarters -- high priority gets at least 1/4 of the remaining bandwidth, medium priority gets the same, while bulk transfers and the rest of the stuff get anything that is left over (a little less than 1/2 the pipe).

Without this QoS script, I am unable to do a large download (or upload) without killing my VoIP call, uploads kill downloads, ssh is very non-interactive, and pings range in the 400-1100ms range. With this QoS script, I can do simultaneous large downloads and large uploads without hurting my VoIP call quality AND at the same time, ssh interactivity goes up (to the same as with no other traffic) and ping times range in the 80-200ms range. VPN traffic seems to be better too, though sometimes it suffers from latencies beyond my control. I think this means I reached all my goals. I was very happy with it and thought it might be nice to share.