From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-ch2-09v.sys.comcast.net (resqmta-ch2-09v.sys.comcast.net [IPv6:2001:558:fe21:29:69:252:207:41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 76C543B29D for ; Fri, 24 Apr 2020 13:42:48 -0400 (EDT) Received: from resomta-ch2-15v.sys.comcast.net ([69.252.207.111]) by resqmta-ch2-09v.sys.comcast.net with ESMTP id S1wmjiWojviMSS2LfjpwCQ; Fri, 24 Apr 2020 17:42:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20180828_2048; t=1587750167; bh=2z4hOFYTlOkwBjSz+1xkeCTunstLm+oQoGOjxRBF5w8=; h=Received:Received:Received:Date:From:To:Subject:Message-ID: MIME-Version:Content-Type; b=FD5vCfd/tjUtq18TiEYG6YVegqyISJfNmN7FEqaeoL7nJmJL95AwpanA0+aQXMgDp wliypRUU7+WXzcNJhkMlkZDfZ34Nx4PWyzcIonHwIw+7rzyWkgWWTNeIK4zbnfldBu fy+e+E+MpPd8PxrEBZGXoOiiKJIMPuTE/gvnvx2kl96TiFjJIXU/em2Jn+VACqVDcg fTQOj77oQEeleazQelIjApmWQ8r6KSIOPHf/z3dESPtvjr626tW1txoLpzfTX6/bFV Gf7nZsNjXpE1VZ4goAoGpfsDevsYkETaIw+MvhPQroT4n9Rh/PnKu8WtBYED7q3rnw nSianU1ig+msA== Received: from home.sewingwitch.com ([IPv6:2601:644:1:6c10::3f1]) by resomta-ch2-15v.sys.comcast.net with ESMTPA id S2LdjppGlLI66S2LejzmxK; Fri, 24 Apr 2020 17:42:47 +0000 X-Xfinity-VMeta: sc=0.00;st=legit Received: from [10.96.7.39] ([10.96.7.39]) (authenticated bits=0) by home.sewingwitch.com (8.14.7/8.14.7) with ESMTP id 03OHgbT2014208 for ; Fri, 24 Apr 2020 10:42:38 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 home.sewingwitch.com 03OHgbT2014208 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sewingwitch.com; s=default; t=1587750158; bh=2z4hOFYTlOkwBjSz+1xkeCTunstLm+oQoGOjxRBF5w8=; h=Date:From:To:Subject:In-Reply-To:References:From; b=jvV1ChvRN1CWysNmO7J7uESPeepRWPxv3lIw9SGjtdgG9KZqvEOv0cqxZH0SUILXO T/D9jR5Ab3xtk5i9zKM/7JC3ADMhuKzRDlTMbUSLrWdk7oBVlBkpqiGVWwmp2c4Sbn pOMaO9RzJ/ESa5dN1TUzcs7BwktaLoRL0m+vzF30= Date: Fri, 24 Apr 2020 10:42:35 -0700 From: Kenneth Porter To: bloat Message-ID: <2673A50B521B1EDC22B5C9C2@[172.27.17.193]> In-Reply-To: References: <431A84397F3D9C1EB097BCCE@[172.27.17.193]> <6F1F3C646A7DFD2CC8C9E79E@172.27.17.193> <42D98FE80B7B9C1102C47579@172.27.17.193> X-Mailer: Mulberry/4.1.0a3 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline; size=1837 X-Scanned-By: MIMEDefang 2.84 on 10.96.0.132 Subject: Re: [Bloat] this explains speedtest stuff X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 17:42:48 -0000 --On Friday, April 24, 2020 10:32 AM -0700 Dave Taht wrote: > That's miserable. 480ms latency on fiber?? You can do so much better. > But why centos? sure the sqm-scripts work with that but you should be > able to shape 45Mbits with even a wndr3800. openwrt works great on x86 > hw, also. :) The same box is providing a bunch of other public-facing services, so I need some moderately heavy iron. (Still a cheap server, though.) If it were JUST a NAT router, I'd consider a cheap OpenWrt-capable router like the one I'm using at home. Note that this test was without any shaping parameters. I think CentOS (like Fedora) defaults to fq_codel, though. > do you get dedicated ipv6 with that AT&T service? Yep, they give us a /56, which seems to be the default for "sites" unless you ask for something bigger. So I'm assigning a /64 to the link between our box and their gateway, and another to our LAN. That leaves 254 more for whatever. I need to assign a AAAA to the public side and test. Haven't gotten to that, yet. We also get some VOIP lines that their gateway deals with. So no SIP yet within the LAN. We do use the "WiFi calling" feature on our mobiles, though. Cellular coverage at our location is terrible. > What will be the vpn type? ipsec, terminating on the router, works > well with fq_codel because the hash is propagated to the tunnel, > wireguard and openvpn currently do not. I'm using OpenVPN with proto udp and dev tun. Our main use is to run Remote Desktop from home to our office and lab PCs. If I need to move files, I usually use scp. Outbound, we use Cisco's VPN to connect to customers to check binaries into their Subversion repo over HTTPS. For customers and vendors, we have secure FTP drops. Mostly used for CAD drawings.