One of my Raspberry Pis is connected to a VLAN through a cheap Netgear switch, and on that VLAN there is a /24 IPv4 network and a /64 IPv6 network.
On my regular (untagged) LAN, different IPv4 and IPv6 networks are used.
I noticed that somehow the Pi kept getting a route for the LAN /64 through its ethernet interface, without going through the router. That is not supposed to happen. As soon as I deleted the route (
sudo ip route del IPv6_NET/64), it was re-added. This prevented any of the two subnets to talk to each other through the router, because the Pi did not send the traffic to the router, but tried to send it as if the other host were on the same network segment.
Then, suddenly, I remembered that I had to restart that stupid switch because I had to move its power brick to a different outlet: somehow while booting it ignored all VLAN configuration, so for a few seconds the Pi was connected to the main VLAN, got the route advertisment whiche for some reason
dhcpcd kept hanging on and dutifully re-adding every time I deleted it.
The solution was easy:
sudo systemctl restart dhcpcd
For those of us with limited upload bandwidth, just plugging an iPhone in for a charge while on home wifi can bring our connection to its knees. As convenient as automatic online backups are, they tend to monopolize all the available bandwidth, and saturating your upload means crippling the download as well (it has to do with buffer bloat, delayed ACKs, and other stuff).
Through some Google-fu I found (one of) the subnet(s) used by iCloud, so that I can easily throttle the upload traffic without imposing a limit on all the upload coming from iOS devices. The subnet is
Thanks to my pfSense router, I put together a nifty set of rules that throttles uploads to that subnet from 8 am to midnight, limiting it to 50% of my available bandwidth. During the night, it is unlimited.
Just a quick overview of what’s needed to do that on pfSense (not a full tutorial, sorry):
- A schedule that defines the times you want the limit to be enabled
- Trafic shaping with a dedicated upload queue with a fixed maximum rate, in addidition the default ones
- A floating rule of type Pass, applied on both WAN and LAN, TCP protocol, destination
220.127.116.11/16, active during the day, sent to the queue you created earlier w/ the limit enabled.
Actually I have 2 schedules, one for the day and the other for the night, an additional queue for unthrottled iCloud backups and an additional floating rule that is identical to the one above apart from the fact that it is enabled during the night and sends traffic to the unthrottled queue. This allows me to have nice graphs that show only iCloud traffic. Definitely not necessary, but cool.