From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 36E253BA8E for ; Thu, 6 Sep 2018 14:51:23 -0400 (EDT) Received: by mail-wr1-x42a.google.com with SMTP id v16-v6so12452343wro.11 for ; Thu, 06 Sep 2018 11:51:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heistp.net; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=cmkGJ5wbgjRWjxsPvuDTHuxEI+UsULhR0ZISL65JBPo=; b=gyk7d5heVsDCA2Cr+/Y9RDBdZC3trNcOw5ipRY1rXxeAdqCsnQqZc5e4mnHncte7GK AIMr0tmEbt33S3gWlq2Cs56MzX1DTz6vNBzXnP1zP19vtpRpGnaEH1QVLgWgakLysUdc 2wLoUNoUz/BQDE+CGW4tjyCiC7RY9yuKaVVQ7HbSWLdkEOOc15q0OM4/STek9XmH4tlJ NWFkqMHh50giLdR2w6choVQT2U8COoOKB4+khSEf6mNAv+g3ZX+2px8T5JbWsnFLANRu JFws7JGL0WzcfGM4sXM7oOuC2oczIRqOOdVMLhWwot8537k1fGHNSGA/nCIM5C7PZ5Pm eetA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=cmkGJ5wbgjRWjxsPvuDTHuxEI+UsULhR0ZISL65JBPo=; b=Xcq/NU2hvWo6e99kY7Ayz9VJc3Z1gRPD54ieVenMQpuukWz2yEUbyxSFLbb1KOEE2e vdEHDP+/ol7LgREOCxREJm7MSF3V7LFE9zfT6wQGwjD3PEkklqwAE51NmoY3aj9WTfzV GJmib7OS6fQH2KOZGuYLV7PzA966qfAjal24fpYaK1QdiurKG6sMWcZSjAWkjBZjDHKQ fTjyHGSMEPBVrqoGokOIEcdlZ9SjmbsyFtF34la9LWJMTF+jAWAQUXAx0Gjstwvc4xWb nbrea9b5eDCyUg0JH1KV1xrVSHIvKLmw/eXHgL54s/A6AKne3ix/b2oaW/7XSpZa1uOv 8ZAg== X-Gm-Message-State: APzg51AJ+4d/AUPAGQ+HZiF/P/oBT9gjGzZJKaRQBRPxcCmIpf/WLdo2 nLkCRpCcVK6AfM7XoAX3n5gBog== X-Google-Smtp-Source: ANB0VdYIr73vfZ79kySN4+XNseRMy2USb2BtgPWv4naGhUZHcW4RZLggFa2RPgb3/fKMaa0WWyCvPw== X-Received: by 2002:a5d:4b90:: with SMTP id b16-v6mr3627553wrt.168.1536259882341; Thu, 06 Sep 2018 11:51:22 -0700 (PDT) Received: from tron.luk.heistp.net (h-1169.lbcfree.net. [185.193.85.130]) by smtp.gmail.com with ESMTPSA id v192-v6sm5098565wmf.40.2018.09.06.11.51.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Sep 2018 11:51:21 -0700 (PDT) From: Pete Heist Message-Id: <6C556301-015B-4903-AE5A-F22D3517FFCC@heistp.net> Content-Type: multipart/alternative; boundary="Apple-Mail=_5A0EC1BE-6F7C-40F4-BD28-81042B545B42" Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Date: Thu, 6 Sep 2018 20:51:20 +0200 In-Reply-To: <87efe65wol.fsf@toke.dk> Cc: Cake List To: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= References: <87zhwxzh8o.fsf@toke.dk> <139B295B-7371-43DE-B472-DE629C9B8432@heistp.net> <87efe65wol.fsf@toke.dk> X-Mailer: Apple Mail (2.3445.9.1) Subject: Re: [Cake] Cake on elements of a bridge X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2018 18:51:23 -0000 --Apple-Mail=_5A0EC1BE-6F7C-40F4-BD28-81042B545B42 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Sep 6, 2018, at 8:04 PM, Toke H=C3=B8iland-J=C3=B8rgensen = wrote: >=20 > Pete Heist > writes: >=20 >> But now, my neighbor will access the Internet through my CPE device, >> but they must have a separate IP obtained through DHCP (i.e. a >> separate MAC address as well), and I want to use cake to manage the >> queue for both of us. I could do this with two routers and a >> transparent bridge, but I want to see if I can make it work with as >> few devices as possible, preferably just one EdgeRouter-X. I had two >> failures thus far: >=20 > DHCP relay and normal routing? Or bridging with a kernel software = bridge > rather than the hardware switch? I bet a regular software bridge would work. I=E2=80=99ll try it. It looks like I=E2=80=99ll also need to do stateful firewalling for the = neighbors. I was able to get my transparent bridge to do this with = net.bridge.bridge-nf-call-iptables=3D1, I believe, so this should also = theoretically work fine, somehow=E2=80=A6 :) --Apple-Mail=_5A0EC1BE-6F7C-40F4-BD28-81042B545B42 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8
On = Sep 6, 2018, at 8:04 PM, Toke H=C3=B8iland-J=C3=B8rgensen <toke@toke.dk> = wrote:

Pete Heist <pete@heistp.net> writes:

But = now, my neighbor will access the Internet through my CPE device,
but they must have a separate IP obtained through DHCP (i.e. = a
separate MAC address as well), and I want to use cake to = manage the
queue for both of us. I could do this with two = routers and a
transparent bridge, but I want to see if I = can make it work with as
few devices as possible, = preferably just one EdgeRouter-X. I had two
failures thus = far:

DHCP relay and normal routing? Or bridging with a kernel = software bridge
rather than the hardware switch?

I bet = a regular software bridge would work. I=E2=80=99ll try it.

It looks like I=E2=80=99ll= also need to do stateful firewalling for the neighbors. I was able to = get my transparent bridge to do this with = net.bridge.bridge-nf-call-iptables=3D1, I believe, so this should also = theoretically work fine, somehow=E2=80=A6 :)

= --Apple-Mail=_5A0EC1BE-6F7C-40F4-BD28-81042B545B42--