From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 7A8263B29E for ; Thu, 6 Apr 2017 05:33:36 -0400 (EDT) Received: from mail.toke.dk (localhost.localdomain [127.0.0.1]) by mail.toke.dk (Postfix) with ESMTPS id 29B38B35F6; Thu, 6 Apr 2017 11:33:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1491471215; bh=cWPMLWzh5us32q6fKIW7WUjbmUOwqY+lrgQkf31Tg44=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=qonEPQWPOT5SuhBZr12z9fOxVRvesbUhHf7e2iny7GlHSkVz250Cr+Ww1Fv/va6yj AbQK0/wN+2pzkpwCUhJVvi4nhF0yN8FGOKT3eCMHWy10X00i40osXNQ4mDNctC7l+3 V1+VX8pspX4FKL+cqoc1x0bmy5ERqhya4QGdTJFpwN0G+4Y3Kjx+/FZjkJ2VCOTL1B 0yty9tJuPHKrrL+VAn+GAIvs7dYV+1+x/MbqrRacDeU93f7TM+6FSujtW/RYzASw5l W9X05XUMKpWTycuWwr8IJLVimILjJ+uE+oHNXCtahK9YQB7/IjH0s5FDGrQnsYdTzQ gp/j9VfYS1OQA== Received: by alrua-kau.kau.toke.dk (Postfix, from userid 1000) id 04DB9C40276; Thu, 6 Apr 2017 11:33:33 +0200 (CEST) From: =?utf-8?Q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Pete Heist Cc: cake@lists.bufferbloat.net References: <2FD59D30-3102-4A3E-A38E-050E438DABF0@gmail.com> Date: Thu, 06 Apr 2017 11:33:33 +0200 In-Reply-To: <2FD59D30-3102-4A3E-A38E-050E438DABF0@gmail.com> (Pete Heist's message of "Thu, 6 Apr 2017 10:27:02 +0200") X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <87ziftubgy.fsf@alrua-kau> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] flow isolation for ISPs X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 09:33:36 -0000 Pete Heist writes: > Suppose there is a cooperative ISP that has some members who access the n= etwork through a single device (like a router with NAT), while others use m= ultiple devices and leave routing to the ISPs routers. (No need to suppose,= actually.) > > There=E2=80=99s fairness at the IP address level (currently with esfq, ma= ybe soon with > Cake), but it's not fair that members with multiple devices effectively g= et one > hash bucket per device, so if you have more devices connected at once, yo= u win. > There is a table of member ID to a list of MAC addresses for the member, = so if > there could somehow be fairness based on that table and by MAC address, t= hat > could solve it, but I don=E2=80=99t see how it could be implemented. > > Is it possible to customize the hashing algorithm used for flow isolation= , either with Cake or some other way? > > The only options I can think of now: > > - force each member to use only one IP address (probably impractical at t= his point with hundreds of members) > - use one queue per member in an HTB hierarchy, for example, with > filters matching each member=E2=80=99s devices, but that seems difficult = to > manage Once upon a time I implemented something like this; it was basically a PHP script that would generate an HTB bucket (with sfq as leaf qdisc; this was pre-fq_codel) per subscriber ID and use tc filter to map the list of IPs registered to that customer into the right bucket. The HTB shaper was used to enforce the bandwidth each customer was paying for. Did it work? Yup, mostly. Was it ugly? Oh boy, yes! The fq_codel qdisc does have support for arbitrary tc filters to replace the default hashing, BTW. If you don't need the cake shaper, that might be a solution? -Toke