From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 06AF83B25E for ; Wed, 12 Oct 2016 05:10:32 -0400 (EDT) Received: from [172.17.3.48] ([134.76.241.253]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0Leux5-1b4crw0dfr-00qh9c; Wed, 12 Oct 2016 11:10:31 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: moeller0 In-Reply-To: Date: Wed, 12 Oct 2016 11:10:30 +0200 Cc: Jonathan Morton , cake@lists.bufferbloat.net Content-Transfer-Encoding: quoted-printable Message-Id: <95CB6153-524D-499A-8E85-231C5098A4DB@gmx.de> References: <4D2419FB-6649-4250-9D42-E6EDECFFCCDE@gmail.com> To: ching lu X-Mailer: Apple Mail (2.2104) X-Provags-ID: V03:K0:7aWwVcmv8dSk0NT7AgwzYiT6QaavvQZxy+vLKvTBUSLRbJ74eYT AaIZd+4dauNur3sPU+4kXocihO0absNfePhw35yS4HNhJAHCEHJARtFauDlYaG5ppmVSg4/ FBbSonXnBT8azdAUnBTV9TPnJ5kDgMlnSiW1LMtkQ99EkylqsjadSiSSKQ05kzVRCmvEtAg Amw7QuQIN0Pi2/23JWDsQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:BRQk49/wQAc=:Kl2kHHMRoMofm8JzdvQirC hxRNOFYX0qv++x044GB5OhnBeLC4xbWnHYTah4bQ8i8gxGPmnI/NwnJegqD8yK2qO3l6d82Fy 4/2XUYPbGn3NxVhjpZAuenzR2hGFte7FxnGgc6bHSOBCr3PIS3iJPQZLbRu63C72pZiD35/UM kZLEAgY+f+OEX5yaGnE5rbfWy+bJCsKxVHyDzjXfXEPac3WbkQdWJ3Hp2DKkPc4V1i2R7A/cv t/ueHwHN4S2afAEbNgCOHV3KNHNSyFa97QpIfrPXv5VcN8b6rzAUDuTC6Z8yttXwu7P+QZfoq 5G07x8shaVMcMULSq0qgtWugh6FGBLlOHWyIEYgscQYj3SJCnHwC17DVTQCcOPlubhO/8j2JZ w+hVgFzeI3anP5rLcoGSXKa/efvdTZW74MLFBb9/GcoP/ZIPDRFKeHyG12hZhJDuA7daqEIt8 bgRxGBBD2HAH0pUM3hnLnttP6OFP687uAUkFQuV3rsEGHbK7wci8v+40ngGKZsUCoeNX0ASJ+ BRe/A2QZRv2858Q81kcmIr1rKvqMRZ2oPeCUbFGeJOTm9m5mHxHas0BrPtzvYa7YAw0W8nFrI eygxBqpEfVKMX0U8o7uX38UjRuRYXEBTQlIpuhHbRoOG1lA1GEIk7gMrGHypAjtGBlLbsWpij wUieAewJj4B5aUZXFRyA/60gbafDIJ5DxgMpVz12qEwhLHOGMlUV+fc/NsXM6T4ATWurTabRf Pay6UOjMVIva+P75tGkklohrMJNUg1LdnulyD5dnU9x4u+lEhwnXpDgBTB39DCjmBt7TOukJp tSdCqyU Subject: Re: [Cake] diffserv based on firewall mark X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2016 09:10:33 -0000 Hi, > On Oct 12, 2016, at 10:11 , ching lu wrote: >=20 > For egress, setting DSCP field should work. >=20 > iptables -> wan egress -> cake >=20 > But is it possible to set DSCP to 0x0 after cake's classification? i > do not know how ISP handle non-zero DSCP, there seems to be no > standard for this. Interestingly cake, at some point in the past offered exactly = that functionality, but it got removed due to added complexity with very = little practical applicability (and a potential layering violation, but = one could equally argue that the current layering is partly = sub-optimal/wrong and hence violating it to better reflect reality might = be acceptable). But current cake does not offer this. If you are willing = to daisy-chain two routers, you could run cake on the respective egress = interfaces connecting both routers, and do the DSCP cleaning on the = outer router=E2=80=99s egress interface toward the internet=E2=80=A6 >=20 >=20 > For ingress, DSCP field may not be set by network peer at all, and i > have multiple LAN interfaces >=20 > AFAIK, the order is "wan ingress -> ifb egress -> cake -> iptables" >=20 > The trick of setting DSCP by iptables do not work because cake comes = first Hence Jonathan=E2=80=99s recommendation to make sure that cake = follows iptables, by setting it up on egress interfaces only=E2=80=A6 Best Regards Sebastian >=20 > On Wed, Oct 12, 2016 at 3:26 PM, Jonathan Morton = wrote: >>=20 >>> On 12 Oct, 2016, at 08:52, ching lu wrote: >>>=20 >>> I deprioritize bittorrent traffic by marking related connections in >>> iptables (e.g. detect by port number) and route them to = corresponding >>> HTB class and qdisc. >>>=20 >>> How can i archive the same goal using the cake qdisc? >>=20 >> Modify your iptables rules to set the DSCP rather than a = kernel-internal mark. You probably want "-j DSCP =E2=80=94set-dscp-class = CS1=E2=80=9D, as CS1 is the =E2=80=9Cbulk low priority=E2=80=9D code. = Cake=E2=80=99s default Diffserv mode will pick that up appropriately. >>=20 >> You also need to make sure Cake sees your packets *after* they=E2=80=99= ve been through the firewall, which generally means attaching it to the = egress port in each direction, not the ingress port. You=E2=80=99ve = probably already done this, if you=E2=80=99re happy with your HTB setup. >>=20 >> If you have multiple LAN interfaces (eg, both Ethernet and wifi), you = should loop the inbound traffic through a common IFB device (and attach = Cake to that instead of the physical interfaces) to simplify = configuration. >>=20 >> - Jonathan Morton >>=20 > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake