I need for my clients to have a WI-FI that works for teleworking and that their children can play at the console at the same time or not, I have to assign the dhcp and static to the PCs in lan and wifi
And my PS4 console in lan but several scenarios can play if their child plays in wifi is enough to assign in wifi the ps4 is it right?
Juju do you want to limit the flooding of ack? I think the game is more responsive with award winning ICMP ... iptables -t mangle -A FORWARD -p icmp -j DSCP --set-dscp-class EF ... icmp also as high priority, especially for the ACC ping time. or else iptables -t mangle -A FORWARD -p icmp -j DSCP --set-dscp-class CS6, iptables -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class CS6
I keep repeating my self (but since I love hearing myself, I am also enjoying it), but, ports approximately above port 1000 are ephemeral and any application can use them, so solely relying on port numbers carries a (small) risk. If possible it seems less risky to use IP address + port numbers, like the PS4's statically assigned IP address and the games known port number ranges seems much less likely to trigger false positive up-prioritizations of packets never intended for VIP treatment.
I do think since anyone can be doing video conferencing you wind up needing to use known ports for jitsi/zoom/meet etc without ip address but fortunately those people do seem to have a narrow range they've chosen.
Also with IPv6 it can help to use "tokenized" ip assignment to identify important hosts for prioritization. Like set your gaming PC to ::abc:001 I hope to hell the Xbox and playstation people will enable IPv6 with tokenized addresses soon. Games are one of the huge wins for ipv6
Side-note, Deutsche Telekom some years ago prototyped a new all-IPv6 network architecture (with IPv4 runing as a service over IPv6 softwires), where they proposed to the take three or six bits (I don't remember the details) out of the space they could assign as prefix to end-customers, and use these their internal DSCP equivalents so that they could leave DSCPs untouched and potentially end-to-end.
Not sure whether they still aim for that though.
For IPv6 the challenge is more how to overcome IPv6 privacy extensions, and the fact that some devices only do SLAAC and ignore DHCPv6 (i am looking at you, android....)
DHCPv6 is I think only useful for server farms. I think the default should be privacy addresses with a very clear checkbox to enable "stable privacy". With that, if you need to be able to prioritize a device by IP you click the stable privacy checkbox. If the device doesn't need to have a well known IP you just use privacy addresses. This handles essentially 100% of cases. Even with servers stable privacy is "enough" most of the time.
Why? I already use static DHCPv4 assignments based on MAC addresses so that my logging allows me to use symbolic names instead of having to look up MAC addresses. Sure MAC addresses can be spoofed, but this is not really a security thing, but rather a convenience thing (symbolic names, and stable addresses to use in port forwards to make machines reachable fron the outside). I would love to do the same with IPv6 as well, my wish would be to keep the last 64bit under my control and get new prefixes whenever my ISP sees fit, so all I need is the current prefix and I can reach (seected) hosts from the outside. Not sure whether DHCPv6 would be overkill, but it certainly promises the right capabilities, until we hit the android devices...
At that point, it is not private anymore, the whole goal of privacy addresses is to cycle through random 64bit final address parts fast enough that outsiders have no real chance of brute forcing a connection to a known machine. Once a host has a stable address, privacy has left the building... at least that is my understanding.
If you are "just" proposing a mechanism for normal endusers to actually disable privacy extensions, I am with you I would appreciate something like that as well.
But sure for the low number of machines in my network, I am fine with reading of the randomly selected stable addresses from each host, DHCPv6's capability to configure the IPv6 address to MAC mappings on the router is nice to have but not really that much a time saver.
I admit that I actually do not think that I will ever consider to make any of the android devices accessible from the outside at all, mostly my ssh hosts and potentisally the router itself to VPN in over IPv6.