From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: Dave Taht <dave.taht@gmail.com>
Cc: Georgios Amanakis <gamanakis@gmail.com>,
Cake List <cake@lists.bufferbloat.net>
Subject: Re: [Cake] Fwd: Does the latest cake support "tc filter"?
Date: Wed, 30 May 2018 22:47:57 +0200 [thread overview]
Message-ID: <87h8moc1ky.fsf@toke.dk> (raw)
In-Reply-To: <CAA93jw6T3gaM=hvLu40q5XuDRWvOccxtSf6kzm66uwR9X4WoeQ@mail.gmail.com>
Dave Taht <dave.taht@gmail.com> writes:
> On Wed, May 30, 2018 at 1:30 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>> Dave Taht <dave.taht@gmail.com> writes:
>>
>>> I am very interested in collecting use cases and howtos as to how to
>>> use this feature.
>>
>> Well, with tc-bpf you can write a BPF program to do any processing you
>> like, and select diffserv tin and/or flow queue based on that... :)
>
> I guess "why", is also a good pre-requisite.
'Why not' is surely a better one ;)
Off the top of my head, putting things into queues based on some other
parameter than what cake knows. For instance, an ISP could create a BPF
map with the IP addresses of their customers and use that to give each
their own queue. Or, longer term, we could extend Cake to have a
configurable number of *tins*, and the same mechanism could be used to
give each customer a whole set of queues, in a single instance
> My own thought for bpf was that it could be used to more actively
> identify "bad guys" as a front
> end to cake, dropping packets and never hitting it - but then I
> realized that that would muck with the inbound shaper mode, yet again.
If you want to drop packets really fast (DDOS protection, for instance),
you'd want to do it in the ethernet driver using XDP. That can
cheerfully throw away packets at 40 Gbps line rates with minimum-sized
floods. If you're trying to protect yourself against a DDOS, an inbound
shaper is presumably not going to help you anyway, since DDOS attacks
generally don't use congestion control...
-Toke
next prev parent reply other threads:[~2018-05-30 20:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-17 2:36 [Cake] " Fushan Wen
2018-05-17 10:42 ` Toke Høiland-Jørgensen
2018-05-30 19:14 ` Georgios Amanakis
2018-05-30 19:58 ` Toke Høiland-Jørgensen
[not found] ` <CACvFP_gbwHzR6Qk1fQFbgWm5TmMu1eEjV0bcj1FGfS9smn6dEw@mail.gmail.com>
2018-05-30 20:14 ` [Cake] Fwd: " Georgios Amanakis
2018-05-30 20:18 ` Dave Taht
2018-05-30 20:30 ` Toke Høiland-Jørgensen
2018-05-30 20:42 ` Dave Taht
2018-05-30 20:44 ` Georgios Amanakis
2018-05-30 20:51 ` Toke Høiland-Jørgensen
2018-05-30 20:46 ` Dave Taht
2018-05-30 20:50 ` Toke Høiland-Jørgensen
2018-05-30 20:47 ` Toke Høiland-Jørgensen [this message]
2018-05-30 20:31 ` [Cake] " Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h8moc1ky.fsf@toke.dk \
--to=toke@toke.dk \
--cc=cake@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
--cc=gamanakis@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox