Current host & container setup:
I've removed the less important parts, and explainer for the config:
The server has an IPv4, routed additional v4s, and a /64 IPv6 subnet
If I want to give a dedicated IP to a container, it gets the vmbr0, with the IP being one of the additional IPs (1.1.1.3 in the example) and the gateway is the main IP (1.1.1.2 in the example)
If I want to give a NAT IP to a container, it gets vmbr1, with the IP being one of the NAT IPs (not in the example, but 10.0.0.2 for example), and gateway the main bridge IP (10.0.0.1 in the example)
If I want to give a v6 to a container, it gets vmbr2, one of the post-up ip -6... IPs, and the gateway is the main vmbr2 IP.
Now, that all works fine if I have to assign only one of them, lets say just a dedicated IPv4, or just an IPv6 address - I can rate limit the network port that's added.
However, if I want to give an IPv4 and IPv6 at the same time, I have to add two network ports.
The problem with that is that they have their own limits, so lets say I want to limit the container to 10MB/s - With just one port, that's easy, set the limit to 10MB/s
With two ports, if I set both to 10MB/s, if it had two connections open, one on v4 and other on v6, it can use a total of 20MB/s instead, and if I set the limits of 5MB/s (so that it totals 10MB/s), then I can't use 10MB/s on lets say just v4...
What would be the solution to something like this?
Code:
auto lo
iface lo inet loopback
iface ens3 inet manual
auto vmbr0
iface vmbr0 inet static
# Main Bridge - LXC with Dedicated IPv4
address 1.1.1.2/22
gateway 1.1.1.1
bridge_ports ens3
...
# --- Dedicated IPs (v4) ------------------------------------------------------
up ip route add 1.1.1.3/32 dev vmbr0
# --- Nat IPs (v4) ------------------------------------------------------------
# NAT bridge
auto vmbr1
iface vmbr1 inet static
# NAT IPv4 Bridge - LXC with NAT IP
address 10.0.0.1
...
iface vmbr0 inet6 static
address fe:80::1:1
netmask 128
auto vmbr2
iface vmbr2 inet6 static
# Main IPv6 Bridge - LXC with IPv6
address fe:80::2:1
...
post-up ip -6 neigh add proxy fe80::100 dev vmbr0
...I've removed the less important parts, and explainer for the config:
The server has an IPv4, routed additional v4s, and a /64 IPv6 subnet
If I want to give a dedicated IP to a container, it gets the vmbr0, with the IP being one of the additional IPs (1.1.1.3 in the example) and the gateway is the main IP (1.1.1.2 in the example)
If I want to give a NAT IP to a container, it gets vmbr1, with the IP being one of the NAT IPs (not in the example, but 10.0.0.2 for example), and gateway the main bridge IP (10.0.0.1 in the example)
If I want to give a v6 to a container, it gets vmbr2, one of the post-up ip -6... IPs, and the gateway is the main vmbr2 IP.
Now, that all works fine if I have to assign only one of them, lets say just a dedicated IPv4, or just an IPv6 address - I can rate limit the network port that's added.
However, if I want to give an IPv4 and IPv6 at the same time, I have to add two network ports.
The problem with that is that they have their own limits, so lets say I want to limit the container to 10MB/s - With just one port, that's easy, set the limit to 10MB/s
With two ports, if I set both to 10MB/s, if it had two connections open, one on v4 and other on v6, it can use a total of 20MB/s instead, and if I set the limits of 5MB/s (so that it totals 10MB/s), then I can't use 10MB/s on lets say just v4...
What would be the solution to something like this?