[Cake] CAKE host isolation modes with NAT - two routers

Cake - FQ_codel the next generation
 help / color / mirror / Atom feed

From: Nils Andreas Svee <me@lochnair.net>
To: CAKE list <cake@lists.bufferbloat.net>
Subject: [Cake] CAKE host isolation modes with NAT - two routers
Date: Thu, 20 May 2021 18:07:43 +0200	[thread overview]
Message-ID: <91d484ec338c58f622c25285bf4ff8658fde4a03.camel@lochnair.net> (raw)

Hi folks

Currently my setup looks something like this: LAN <-> EdgeRouter <->
WireGuard <-> VPS <-> Internet.

CAKE for upstream is running on the EdgeRouter and downstream on the
VPS.

The public IPs are all on the VPS per today, so that the host isolation
can do its job with NAT enabled.

Ideally I'd like to route the public IPs to each endpoint and handle
NAT-ing there, but then I'd obviously lose the ability to do proper
host isolation.

Now, I've been toying with the idea of using an userspace application
to extract conntrack information, to let the VPS know which host hash
it should use.

I might be way of here, but I'm thinking of using NFQUEUE to mark new
flows based on information from the EdgeRouter, and let tc filters set
the host hash based on that mark. For performance purposes only send
unmarked flows to NFQUEUE.

I realise this is kinda overkill, but it might we a fun weekend
project.

-- 
Best Regards,
Nils

next             reply	other threads:[~2021-05-20 16:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-20 16:07 Nils Andreas Svee [this message]
2021-05-21 15:51 ` John Sager
2021-05-21 23:10   ` Nils Andreas Svee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=91d484ec338c58f622c25285bf4ff8658fde4a03.camel@lochnair.net \
    --to=me@lochnair.net \
    --cc=cake@lists.bufferbloat.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox