From: Pete Heist <pete@heistp.net>
To: Georgios Amanakis <gamanakis@gmail.com>
Cc: Cake List <cake@lists.bufferbloat.net>
Subject: Re: [Cake] Cake on elements of a bridge
Date: Thu, 6 Sep 2018 19:37:37 +0200 [thread overview]
Message-ID: <139B295B-7371-43DE-B472-DE629C9B8432@heistp.net> (raw)
In-Reply-To: <CACvFP_jx5y8cZMf0puQ3W1UHJm9hEx6Y2fnW526ia=ZcbuMGPw@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2937 bytes --]
I happen to also be working on a bridge setup, but it’s different. For one, I used fq_codel on a transparent bridge for a couple years in production and it worked well, so I trust it also would for cake.
But now, my neighbor will access the Internet through my CPE device, but they must have a separate IP obtained through DHCP (i.e. a separate MAC address as well), and I want to use cake to manage the queue for both of us. I could do this with two routers and a transparent bridge, but I want to see if I can make it work with as few devices as possible, preferably just one EdgeRouter-X. I had two failures thus far:
Fail #1: Do routing for the neighbors on their NS5AC Loco, and use the ER-X’s internal switch to bridge the neighbor’s and my WAN interfaces to the CPE. Doing cake on switch0 results in my WAN traffic going through the qdisc, but unsurprisingly, the neighbor’s traffic passes through the switch without going through the qdisc layer.
Fail #2: Use the ER-X’s pseudo-ethernet functionality to add a second virtual Ethernet interface to the ER-X’s WAN interface. I could use IFB if I got two WAN interfaces working on the same box. This looks promising and I can pick up two DHCP addresses on one physical interface, but the ER-X doesn’t handle the routing situation where two interfaces have the same default router IP. (Using policy-based routing, what does it do when next-hop is the same for two different LAN subnets?)
There will be a solution here, I just haven’t found it yet. I’m now thinking of a setup with a smart switch / VLANs and a transparent bridge through two physical interfaces of the ER-X (which only has 5 ports total), but I’ll figure it out… :)
> On Sep 4, 2018, at 2:01 PM, Georgios Amanakis <gamanakis@gmail.com> wrote:
>
> Awesome, thanks to both of you!
> I am aware of the uselessness of nat (in terms of cake) in this setup. It's good to know what Sebastian pointed out. I ran it for a couple of hours and it seems to be working fine. I am going to finalize the setup and will get back to you.
>
> Georgios
>
> On 4 Sep 2018 1:31 pm, "Toke Høiland-Jørgensen" <toke@toke.dk <mailto:toke@toke.dk>> wrote:
> Georgios Amanakis <gamanakis@gmail.com <mailto:gamanakis@gmail.com>> writes:
>
> > Dear All,
> >
> > I was giving a transparent firewall a try, and wondered whether cake
> > can be applied on the interfaces of a bridge. I want to put an extra
> > router in-line between clients and the ISP-modem-router. It will have
> > two interfaces (eth0 facing wan, eth1 facing lan), bridged together as
> > br0.
> >
> > Can I fearlessly apply cake on eth0 and eth1? Would this be compatible
> > with features like ingress, ack-filter or even nat?
>
> Well, you wouldn't get much benefit from the nat feature, as the machine
> running CAKE would not be the one doing the nat'ing. But other than
> that, it should work fine :)
[-- Attachment #2: Type: text/html, Size: 4372 bytes --]
next prev parent reply other threads:[~2018-09-06 17:37 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-04 10:19 Georgios Amanakis
2018-09-04 10:31 ` Toke Høiland-Jørgensen
2018-09-04 12:01 ` Georgios Amanakis
2018-09-06 17:37 ` Pete Heist [this message]
2018-09-06 18:04 ` Toke Høiland-Jørgensen
2018-09-06 18:51 ` Pete Heist
2018-09-10 19:29 ` Pete Heist
2018-09-10 19:55 ` Dave Taht
2018-09-10 22:40 ` [Cake] Cake vs fq_codel and c/burst on an ER-X bridge Pete Heist
2018-09-11 7:54 ` Sebastian Moeller
2018-09-11 8:20 ` Dave Taht
2018-09-11 8:20 ` Sebastian Moeller
2018-09-11 8:30 ` Dave Taht
2018-09-11 8:43 ` Sebastian Moeller
2018-09-11 18:27 ` Pete Heist
2018-09-11 18:29 ` Dave Taht
2018-09-11 18:42 ` Dave Taht
2018-09-19 13:27 ` Sebastian Moeller
2018-09-19 17:02 ` Dave Taht
2018-09-20 10:34 ` Sebastian Moeller
2018-09-20 17:05 ` Dave Taht
2018-09-20 18:19 ` Sebastian Moeller
2018-09-20 18:31 ` Dave Taht
2018-09-11 18:09 ` Pete Heist
2018-09-11 18:28 ` Sebastian Moeller
2018-09-11 18:45 ` Pete Heist
2018-09-11 18:47 ` Dave Taht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=139B295B-7371-43DE-B472-DE629C9B8432@heistp.net \
--to=pete@heistp.net \
--cc=cake@lists.bufferbloat.net \
--cc=gamanakis@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox