From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id BDD1C3B2A4 for ; Sun, 6 Jun 2021 06:11:56 -0400 (EDT) Received: by mail-wr1-x432.google.com with SMTP id u7so8548646wrs.10 for ; Sun, 06 Jun 2021 03:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heistp.net; s=google; h=message-id:subject:from:to:date:user-agent:mime-version :content-transfer-encoding; bh=bNOpS9uJyz6o3V35xjjVBAzcocdPg7znU9MuFfS48rU=; b=GHY09mDnagiT/nLwCRVeYBCbEGnFFx88JNO2rzzoDoOINKolX4+9jvVtHEeX/BfpvK EYhlCYgWU7CwHmVBhCqYNKff6m0BrSWVdsGZB8VRNgvmnKuhtGSPbiomCzb4C9aEo4wx qo1wNuCGbdgZz8NeX85N96BKgK0hwbxb6O0FCyM/1PXVvBl+XKO0+o++NGriE6RJ8Vqm 9Ey1aUBfB3mA0Fu6Fz4+Ozpkd3SZz5LEi5hNthsGsaKEPbHnPQIn6vwOihEGFxBvkzPg RVXF6ZoiqAIy0QOfRK8CUlgF/mO2yG+v9ln4rOcUsc58cQC4ElLYA0cHAwIedbeIqVbB y5MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:date:user-agent :mime-version:content-transfer-encoding; bh=bNOpS9uJyz6o3V35xjjVBAzcocdPg7znU9MuFfS48rU=; b=gJ+oROYtPqlY5nlLAurPJXYrRQ/3IR4+jqOf8TE2ts/EJNbQdyltU0qVEr2AN1xl18 OhVLP5SSILvpi+YsB6gXzQ+WCpwt+qD2Kc9/0/3aEiOcQjLq4sjMXduOpGLY8kU2bc4J xFwf87x/taU+ME2JseaKYXe5ksmtcJ7J7251BiNAMDXUUjJQSBNgKPKPXlTw2TtupkbN BVJ01MNneVJ+oXiwYT2yWHa2710o0y10xWkUkUHj+Dv6CV1hMT5FU6wzoQaiir1hHPZ6 1H9ot0LbQGFI4zxZtyBcpNwUcrFjMnEI2yDQYLztc9W97rQq0KarvhzY0z8Wk0zKufKe LLuQ== X-Gm-Message-State: AOAM530Z4oeyV9UqkYRuZfnyi3J/o+EYJi8eX+bPP4j/qN/kD5jLITSK w0N9HQcH/fPFv47OTGuusx/AmmDrkfbAMA== X-Google-Smtp-Source: ABdhPJwERR6WeB5oD1+5P2hpT1Y2EnAR8I1cD9p9xmt/obTLE+qXTlQuWGuUfwXKNGEoNCjdRxt0zg== X-Received: by 2002:a5d:63c7:: with SMTP id c7mr11751653wrw.276.1622974315559; Sun, 06 Jun 2021 03:11:55 -0700 (PDT) Received: from [10.72.0.88] (h-1169.lbcfree.net. [185.193.85.130]) by smtp.gmail.com with ESMTPSA id s7sm12521693wrf.91.2021.06.06.03.11.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Jun 2021 03:11:55 -0700 (PDT) Message-ID: <22f3032d0dfd47f53d4d6595ee6bd192377fbc6e.camel@heistp.net> From: Pete Heist To: Cake List Date: Sun, 06 Jun 2021 12:11:54 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Cake] customizing Cake's isolation with ipsets, tc-flow and eBPF X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jun 2021 10:11:56 -0000 I've always wanted a way to customize Cake's host and flow isolation in a way that would be usable e.g. for small ISPs, and this is what I came up with: https://github.com/heistp/cake-custom-isolation ipsets are used to set the skb priority or mark, then tc-flow or a simple eBPF classifier is used in a child filter of cake to get the major and minor class IDs set, which override the host and flow hashes. To show it in action, the cakeiso.sh script sets up a netns environment and runs competition between two "subscribers" and three flows, two TCP flows and one unresponsive UDP flow. Several configurations are run to show what is and isn't possible. If anyone knows of a simpler way than eBPF to get both the major and minor class ID set from ipsets, I'd like to hear it, but the included classifiers are at least very simple one-liners... Pete