[Bloat] Possible Companion Software for Cake and SQM

[Bloat] Possible Companion Software for Cake and SQM

[Noah Causin]

I found this netfilter module that could be useful for traffic shaping 
with Cake or SQM.

https://github.com/betolj/ndpi-netfilter

It uses an open source deep packet inspection engine to determine what 
application a flow is, and it works with iptables.  My idea is that this 
could be used to apply diffserv markings to traffic like Netflix, so 
that they can be placed into the appropriate classes.

iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP 
--set-dscp-class cs2

What do you think?

Noah

Re: [Bloat] Possible Companion Software for Cake and SQM

[Jonathan Morton]

> On 3 Jun, 2016, at 02:39, Noah Causin <n0manletter@gmail.com> wrote:
> 
> I found this netfilter module that could be useful for traffic shaping with Cake or SQM.
> 
> https://github.com/betolj/ndpi-netfilter
> 
> It uses an open source deep packet inspection engine to determine what application a flow is, and it works with iptables.  My idea is that this could be used to apply diffserv markings to traffic like Netflix, so that they can be placed into the appropriate classes.
> 
> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP --set-dscp-class cs2
> 
> What do you think?

I think this has the potential to be a major CPU hog.  That’s a problem on consumer-grade routers.

It’s also not a general solution which can be deployed by ISPs subject to Net Neutrality regulations - because it explicitly works by identifying applications and marking them for discriminatory treatment, which is precisely what Net Neutrality outlaws.

A secondary problem is that iptables currently gets applied *after* the ingress qdisc has finished with the packet.  This limits the utility.

 - Jonathan Morton

Re: [Bloat] Possible Companion Software for Cake and SQM

[Noah Causin]

This would be something that users would deploy.  I have read comments 
from system administrators of businesses and colleges indicating they 
have issues with managing specific applications like Facebook Video, and 
this could be a good solution.

I think that this could help a lot of people.  Many people who want to 
setup QOS on their router want to priority specific applications like 
Netflix and Skype.  The issue is that many applications use the same 
ports, which makes that difficult. Since cake has a robust diffserv 
model, I think that a good diffserv-marking DPI solution would work well 
with it.  OpenWRT doesn't really have one.

I've been really wanting to implement this as an OpenWRT package, but I 
lack the expertise.

I was wondering if anyone was interested, maybe they could lend a hand.

Noah



On 6/3/2016 12:20 AM, Jonathan Morton wrote:
>> On 3 Jun, 2016, at 02:39, Noah Causin <n0manletter@gmail.com> wrote:
>>
>> I found this netfilter module that could be useful for traffic shaping with Cake or SQM.
>>
>> https://github.com/betolj/ndpi-netfilter
>>
>> It uses an open source deep packet inspection engine to determine what application a flow is, and it works with iptables.  My idea is that this could be used to apply diffserv markings to traffic like Netflix, so that they can be placed into the appropriate classes.
>>
>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP --set-dscp-class cs2
>>
>> What do you think?
> I think this has the potential to be a major CPU hog.  That’s a problem on consumer-grade routers.
>
> It’s also not a general solution which can be deployed by ISPs subject to Net Neutrality regulations - because it explicitly works by identifying applications and marking them for discriminatory treatment, which is precisely what Net Neutrality outlaws.
>
> A secondary problem is that iptables currently gets applied *after* the ingress qdisc has finished with the packet.  This limits the utility.
>
>   - Jonathan Morton
>