From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [212.27.42.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 6FB083B2A4 for ; Mon, 1 Jul 2019 07:52:57 -0400 (EDT) Received: from eos (unknown [213.61.153.180]) (Authenticated sender: albeu) by smtp6-g21.free.fr (Postfix) with ESMTPSA id A95DA7802C2; Mon, 1 Jul 2019 11:52:53 +0000 (UTC) Date: Mon, 1 Jul 2019 13:52:51 +0200 From: Alban To: cake@lists.bufferbloat.net Cc: Alban Message-ID: <20190701135251.08defe75@eos> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/qzol4EptnSofl3Z2O6RP+Tm"; protocol="application/pgp-signature" X-Mailman-Approved-At: Mon, 01 Jul 2019 08:13:29 -0400 Subject: [Cake] Recommendations for using cake in complex setup (wireguard + vlan + bond) X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jul 2019 11:52:57 -0000 --Sig_/qzol4EptnSofl3Z2O6RP+Tm Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi everybody, I am setting a new router with a non trivial setup and I really like to get some recommendations on how to best use cake. First of all the router is using VLAN on top of 2 bonded gigabit Ethernet interface: +--> VLAN1 (LAN) eth0 <--+ | +---> bond0 <--+--> VLAN2 (WAN1) eth1 <--+ | +--> VLAN3 (WAN2) The bond is using LACP, but mainly for redundancy and not for the increased bandwidth. Both WAN VLAN are going to ISP provided FritzBox connected to 50/10Mbit VDSL2 lines. As far as i understand I should use cake on the WAN VLAN interfaces. But what about the bond and physical Ethernet interface? Per default the Ethernet interfaces use the fq_codel qdisc, should I replace it with noqueue if cake is running on the VLAN interface? Any other recommendation regarding queuing in general with such layering of interfaces? But there is one more component, on each WAN interface there is a wireguard tunnel which is used to encrypt most of the traffic going out on the interface. Unlike unencrypted IP in IP tunnel the kernel flow dissector is not able to distinguish the flows, so all the encrypted traffic is just one big flow for cake. Ideally I would like to achieve a setup where cake can handle the encrypted traffic just like unencrypted traffic. Looking at the wireguard code it seems that the incoming skb get encrypted/encapsulated and resent again while still using the same skb. This give me the hope that it might be possible to classify the traffic entering the wireguard tunnel and somehow pass this information down to the cake instance running on the lower device. I have seen that cake can use classifier and that the tin can be passed via fw mark, however I'm unsure if that would really be useful/usable in this case. Any suggestion would be welcome, from what can be done with the current code, up to what kind of changes would be needed to achieve the ideal case. Alban --Sig_/qzol4EptnSofl3Z2O6RP+Tm Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0W61GceYqNjiMSkodJSaS524LbwFAl0Z9BMACgkQdJSaS524 LbxOjw//Wx99k2o6H4pLIQUuE2RM6yMg6YSYD33n4K1dKW22g4wlqhv/4H2FMogD TiOHyrezktoLYhqDLdeQuoTTsIUyS64YsLSeN1f5BrUr429BTiOKGG5mU6C0ZdsD 0vYuDi/4IPS2WIwiIMhPFki/prxrALAGbShQXeM5ccVsUTey8gpPrtaEMHi7j7fV GaOzi1FEqyNmRyldf3OF2ML6JfduUypFCzAY5EB+GKavckjpahk7za4lapwfNVni cEZO24IQnN+JLxOxrrbSVE247N9nbURwuudmG6c3fWN+fIzqapia7guw7w7afW25 8Gk1OIYGS0xMm9CuZkHIYGNfBTBQ+UaUrenzu/t+wYC9JXmSApngzeOWh95nsxjy r3MmNXOfw0ZNbgUQ9TIMsbbSpo9VidqpllN0Dtf3OjlURV7whqFmn3YG36lthj3p f7gfXfHU3pkINEIV8N1vEc38vao67KMOznnr+9/4cxVrvt7b6y9v1xt0eoejJ5y/ HR7sJp/oOqT34gS9af9F+Rk1mJZGOU7Io84tqmgtA98TozAPSHaLrH+uhLxTiwUs g8IOxeS7+qGJXgsJtsG6JocDccOAQn7BgTM3rGLFTRm/rg3MD6auwaI8WjsQ2z3j M62MTs27SIwWmrl2S2F7y+37WBnpaLWvK3DcGYZwgxzrrinE3W8= =Hi1o -----END PGP SIGNATURE----- --Sig_/qzol4EptnSofl3Z2O6RP+Tm--