Re: [Cake] Using firewall connmarks as tin selectors

Cake - FQ_codel the next generation
 help / color / mirror / Atom feed

From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
To: George Amanakis <gamanakis@gmail.com>
Cc: Felix Resch <fuller@beif.de>,
	"cake@lists.bufferbloat.net" <cake@lists.bufferbloat.net>
Subject: Re: [Cake] Using firewall connmarks as tin selectors
Date: Sun, 3 Mar 2019 11:52:26 +0000	[thread overview]
Message-ID: <67E78212-F68E-4BD1-946D-F1830EEA2968@darbyshire-bryant.me.uk> (raw)
In-Reply-To: <000901d4cf15$27748ec0$765dac40$@gmail.com>

Be afraid, be very afraid.

I’ve woken up with two ideas in my head, one is bad, the other is very bad.  The bad one is already implemented and lurking in the mine branch of my cake git tree:

The bad idea:

An extension of the ‘fwmark’ tin allocation idea is to get cake to automagically update the conntrack mark based on the DSCP tin allocation chosen on egress.  That way, well behaved applications using DSCP (e.g. dropbear) get their return path packets similarly classified on ingress.  Badly behaved applications can have iptables rules put in place to ‘manually’ add fwmarks as is already done.

The very bad idea:

And it’s bad ‘cos it’s sort of incompatible with the existing fwmark implementation as described above.  So an awful lot of our shenanigans above is due to DSCP not traversing the internet particularly well.  The solution above abstracts DSCP into ’tins’ which we put into fwmarks.  Another approach would be to put the DSCP *into* the fwmark.  CAKE could (optionally) copy the FWMARK contained DSCP into the diffserv field onto the actual packets.  Voila DSCP traversal across ’tinternet with tin/bandwidth allocation in our local domain preserved.

> On 28 Feb 2019, at 03:24, gamanakis@gmail.com wrote:
> 
> I think it's much simpler to use than tc-filter, BPF or even DSCP bits.
> Manipulating DSCP bits seems the simplest of the currently available mechanisms to classify traffic. Even in this case, fwmarks are essentially simpler.
> E.g. if you want to classify outgoing traffic on the LAN interface:
> with DSCP you need to manipulate DSCP bits on incoming packets on the WAN interface. 
> with fwmark you can directly mark outgoing packets on the LAN interface and cake will classify them appropriately.
> 
> 
> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake

Cheers,

Kevin D-B

012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A

next prev parent reply	other threads:[~2019-03-03 11:52 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-27 21:12 Felix Resch
2019-02-28  3:24 ` gamanakis
2019-03-03 11:52   ` Kevin Darbyshire-Bryant [this message]
2019-03-03 12:22     ` John Sager
2019-03-03 16:25       ` Kevin Darbyshire-Bryant
2019-03-04 11:04         ` Toke Høiland-Jørgensen
2019-03-04 11:39           ` John Sager
2019-03-04  5:37     ` Ryan Mounce
2019-03-04  6:31       ` Jonathan Morton
2019-03-04  6:37         ` Ryan Mounce
2019-03-04  7:15           ` Dave Taht
2019-03-04  8:39     ` Pete Heist
2019-03-04 11:01       ` Kevin Darbyshire-Bryant
2019-03-04 11:17         ` Toke Høiland-Jørgensen
2019-03-04 11:55           ` Kevin Darbyshire-Bryant
2019-03-04 12:44             ` Toke Høiland-Jørgensen
2019-03-04 15:50               ` Kevin Darbyshire-Bryant
2019-03-04 16:39                 ` Toke Høiland-Jørgensen
2019-03-04 17:19                   ` Kevin Darbyshire-Bryant
2019-03-04 17:36                     ` Toke Høiland-Jørgensen
2019-03-04 20:58                       ` Kevin Darbyshire-Bryant
2019-03-04 21:33                         ` Toke Høiland-Jørgensen
2019-03-04 21:42                           ` Toke Høiland-Jørgensen
2019-03-05 14:06                           ` Kevin Darbyshire-Bryant
  -- strict thread matches above, loose matches on Subject: below --
2019-02-27 14:52 Kevin Darbyshire-Bryant
2019-02-27 15:14 ` Toke Høiland-Jørgensen
2019-02-28  8:32   ` Kevin Darbyshire-Bryant
2019-02-28  9:54     ` Toke Høiland-Jørgensen
2019-02-28 11:00       ` Kevin Darbyshire-Bryant
2019-02-28 11:13         ` Toke Høiland-Jørgensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67E78212-F68E-4BD1-946D-F1830EEA2968@darbyshire-bryant.me.uk \
    --to=kevin@darbyshire-bryant.me.uk \
    --cc=cake@lists.bufferbloat.net \
    --cc=fuller@beif.de \
    --cc=gamanakis@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox