From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 1F8D53B2A2 for ; Fri, 3 Jun 2016 13:08:23 -0400 (EDT) Received: by mail-io0-x236.google.com with SMTP id t40so80462465ioi.0 for ; Fri, 03 Jun 2016 10:08:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=940krJctGukrH6HcdvHlfhGwlmxOw+PKTlXTAPdJmUQ=; b=N++dO5qTEAsF9qbnNyr1Vd0xkAH8i1oY/6AgrU40y/Navf4IMzaOMSV5xVAobvFOzL mr+MuK9PmwKzTaTu+1jTg/+xDQFE8VR2QGnFIukdn6AnCCUEHY/UuxtnhV7jxG9//4MI SiAAz6gx8dBfPKCApB8HRm7Hp5O4+E2LbaOR1Gwuxjs6ZMKEpq9M9Kvug6imxJPvRVW2 rXFZBdm4twLSeF0GH5a+i9JDJ2hrAf/e6OG0f3OrOcrakmWbjydo4LIcY40jRDmkIVGV 6sec2izvSI7z+RqHNoL3uaOKuhJIZ7Q+n/OgOGnlZjlblCf6cSQihow93vFuAxHpywbF zmxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=940krJctGukrH6HcdvHlfhGwlmxOw+PKTlXTAPdJmUQ=; b=WJfC/HdbSnSk1T+6v5HWxWmF18UY6Um708/AIOJF2QzXo8YiLRoL96MwVWJGwLr4D0 QP14QU5+lf8RxYJQ6ORMy4N7XW4ORyRexR5QTC5lCnTJW7WmsvvUUq3Zvz+BlHgnR3le T3l1dtQSrxVHuOhuVMAYYGt5sFf6pejNX5iQvNNJYF22VG+xgogl6ACVx9nNzZZPd0Em DqGGnNkigawVPMpuXB5HzHGJ1ucVFzlo5RNWbGBFlcQ7Ci2KzHX6vwYmG+X7JmojmoSW atCwUZbMBq43BrENLMfXlAbF7JfuZ2aE4p+ZT11F4QZfd5fHs50LVPKb/DtIhHXSKmnL cZQQ== X-Gm-Message-State: ALyK8tLPu7AdbZk4IoaUTMBJ/09P2eikWyAvRsNv/jyIAa2Oj/uM0OPloCBIR1l8D8s7uA== X-Received: by 10.107.10.204 with SMTP id 73mr6756969iok.51.1464973702532; Fri, 03 Jun 2016 10:08:22 -0700 (PDT) Received: from ?IPv6:2601:404:381:a21:a93b:3087:33b4:60ac? ([2601:404:381:a21:a93b:3087:33b4:60ac]) by smtp.gmail.com with ESMTPSA id v40sm3133309ioi.3.2016.06.03.10.08.21 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 03 Jun 2016 10:08:21 -0700 (PDT) To: Jonathan Morton References: Cc: bloat@lists.bufferbloat.net From: Noah Causin Message-ID: <6f4b3da2-a70d-e713-96b2-f4bb127973b8@gmail.com> Date: Fri, 3 Jun 2016 13:08:20 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [Bloat] Possible Companion Software for Cake and SQM X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jun 2016 17:08:23 -0000 This would be something that users would deploy. I have read comments from system administrators of businesses and colleges indicating they have issues with managing specific applications like Facebook Video, and this could be a good solution. I think that this could help a lot of people. Many people who want to setup QOS on their router want to priority specific applications like Netflix and Skype. The issue is that many applications use the same ports, which makes that difficult. Since cake has a robust diffserv model, I think that a good diffserv-marking DPI solution would work well with it. OpenWRT doesn't really have one. I've been really wanting to implement this as an OpenWRT package, but I lack the expertise. I was wondering if anyone was interested, maybe they could lend a hand. Noah On 6/3/2016 12:20 AM, Jonathan Morton wrote: >> On 3 Jun, 2016, at 02:39, Noah Causin wrote: >> >> I found this netfilter module that could be useful for traffic shaping with Cake or SQM. >> >> https://github.com/betolj/ndpi-netfilter >> >> It uses an open source deep packet inspection engine to determine what application a flow is, and it works with iptables. My idea is that this could be used to apply diffserv markings to traffic like Netflix, so that they can be placed into the appropriate classes. >> >> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP --set-dscp-class cs2 >> >> What do you think? > I think this has the potential to be a major CPU hog. That’s a problem on consumer-grade routers. > > It’s also not a general solution which can be deployed by ISPs subject to Net Neutrality regulations - because it explicitly works by identifying applications and marking them for discriminatory treatment, which is precisely what Net Neutrality outlaws. > > A secondary problem is that iptables currently gets applied *after* the ingress qdisc has finished with the packet. This limits the utility. > > - Jonathan Morton >