From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail.toke.dk (mail.toke.dk [45.145.95.4])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id E10353B29E
 for <cake@lists.bufferbloat.net>; Sun,  6 Jun 2021 15:59:19 -0400 (EDT)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023;
 t=1623009556; bh=QQyMty9p7UvYmyTJbGwTZ3kcu3JLe3ulbl49ms+bDDo=;
 h=From:To:Subject:In-Reply-To:References:Date:From;
 b=vEjUaxfSx+1TcyL55VXtcOPIXzwksYNBJ+wF49zG6cdc+PGkWLrABezYU8Y3zNVP3
 gG6tIJ4GioGF2l+vEi/NNLnwYMHoMOZqxtnbnyBj/yKhgdqyifz/9OD3hneGyj/Ivr
 pi+CbXx+xZGFORwm7sLjKPRe/jSsesHJP1ZReDJnOshQN3gBlZ8bWIPYtJxamSBHDQ
 6qnGWobJxQHgiQDjGlWdrvjl2/BUCC+tvammxQskNqvMDoQ/doA0axHMA7bL42ejBN
 ou+O2CO/QWecvodqNm8cRvycveoxOGat0Dqa6rthwaTFDbhkfn2fmsRZeRma0BBEDl
 EJmvQt6x/Qp5w==
To: Pete Heist <pete@heistp.net>, Cake List <cake@lists.bufferbloat.net>
In-Reply-To: <22f3032d0dfd47f53d4d6595ee6bd192377fbc6e.camel@heistp.net>
References: <22f3032d0dfd47f53d4d6595ee6bd192377fbc6e.camel@heistp.net>
Date: Sun, 06 Jun 2021 21:59:14 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87h7iawyr1.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Cake] customizing Cake's isolation with ipsets,
	tc-flow and eBPF
X-BeenThere: cake@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Cake - FQ_codel the next generation <cake.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cake>,
 <mailto:cake-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cake>
List-Post: <mailto:cake@lists.bufferbloat.net>
List-Help: <mailto:cake-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cake>,
 <mailto:cake-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 06 Jun 2021 19:59:20 -0000

Pete Heist <pete@heistp.net> writes:

> I've always wanted a way to customize Cake's host and flow isolation in
> a way that would be usable e.g. for small ISPs, and this is what I came
> up with:
>
> https://github.com/heistp/cake-custom-isolation
>
> ipsets are used to set the skb priority or mark, then tc-flow or a
> simple eBPF classifier is used in a child filter of cake to get the
> major and minor class IDs set, which override the host and flow hashes.

Very cool! Awesome to see the customisation options being used for
something neat like this! :)

> To show it in action, the cakeiso.sh script sets up a netns environment
> and runs competition between two "subscribers" and three flows, two TCP
> flows and one unresponsive UDP flow. Several configurations are run to
> show what is and isn't possible.
>
> If anyone knows of a simpler way than eBPF to get both the major and
> minor class ID set from ipsets, I'd like to hear it, but the included
> classifiers are at least very simple one-liners...

Well, you could go the other way? Instead of ipset, just do the
classification in eBPF and use a BPF map to store the IP addresses.
There's even an LPM map type, so you can use arbitrary prefix lengths
for each class (or not, and just use a hashmap)...

-Toke