From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x234.google.com (mail-oi0-x234.google.com [IPv6:2607:f8b0:4003:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id A65803B25E for ; Wed, 12 Oct 2016 05:35:31 -0400 (EDT) Received: by mail-oi0-x234.google.com with SMTP id d132so54667823oib.2 for ; Wed, 12 Oct 2016 02:35:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=VZE9ayaonU0lb7sIeWoZJ4PkuREvjf/oh5BNlaWkB6Q=; b=iVayrBkoXv0fyevq5n7kGQSnotd0fdYQUY2u17twKOuk+4WC0AWxNb0ZYhx+5Of+Om wFB7NKfJruQ5gvcXGaDNgRBbOgrg2xn/6+3QxLd6owO3TjlTN7uE8qKZ4Hu4g6cAagWG XVKPNEROr3sb5JakHJF0PKk3+av4HIb1tCS7XdKtkPK+JLIf3wyzL500PaOdziCY2KPw LnCWzvgnI0GmQjAutv7Z6b7tQKzLXLXE91lNP+bSRu9C8oU2jnTCSIzR/Fv5Ig476IT7 qEJ+g5NqSLnc5BjJ8zcvf1zGJds7KeoIoNU1bC1+t9nbqBcuvcTqt+5ftcG33AFLzM9o kpmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=VZE9ayaonU0lb7sIeWoZJ4PkuREvjf/oh5BNlaWkB6Q=; b=cYqOUQ1n6S1N8b80bJmjt964L6+K2Q2IpVO8Dct1QfnH1bRoy58mQo0FNdTjvSiu2V dsSL7IW3FRFxvJ3bxI7zPpaIjorZunNA3VlMLViijk+JgPWdE732dhoOj2GA6bKHIIDb 1VbYOWuL3ELXyg93WIClPbxLBhnTsbEkl86MnxK/90bJor4io+akUby/Rj2OMRo75/I6 tL2Xmb5+sZ8a66Ys75MJOuRBdkH7XyYuXE6reit/DgZMGF/hqnzqeMoYtlNEileqclmu xkL9pOdvFgdEWsLXs2wFOAD+DxO7X/XSmbwe6Rlm60soWCoigC1SD6rtYdDkPHR2Ehfk IXTQ== X-Gm-Message-State: AA6/9Rlz5yewNHKsm5kclg+MQHdsADl1SqkBaPNOpKE8IUBkRz8nc3VB7u8mAVek194JZaIvic3WVp5qDlkw6Q== X-Received: by 10.157.63.152 with SMTP id r24mr88029otc.170.1476264931046; Wed, 12 Oct 2016 02:35:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.49.136 with HTTP; Wed, 12 Oct 2016 02:35:30 -0700 (PDT) In-Reply-To: <95CB6153-524D-499A-8E85-231C5098A4DB@gmx.de> References: <4D2419FB-6649-4250-9D42-E6EDECFFCCDE@gmail.com> <95CB6153-524D-499A-8E85-231C5098A4DB@gmx.de> From: ching lu Date: Wed, 12 Oct 2016 17:35:30 +0800 Message-ID: To: moeller0 Cc: Jonathan Morton , cake@lists.bufferbloat.net Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] diffserv based on firewall mark X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2016 09:35:31 -0000 How to archive "cake follows iptables"? is it "wan ingress -> iptables -> wifi egress/LAN egress -> ifb egress -> cake"? On Wed, Oct 12, 2016 at 5:10 PM, moeller0 wrote: > Hi, > > >> On Oct 12, 2016, at 10:11 , ching lu wrote: >> >> For egress, setting DSCP field should work. >> >> iptables -> wan egress -> cake >> >> But is it possible to set DSCP to 0x0 after cake's classification? i >> do not know how ISP handle non-zero DSCP, there seems to be no >> standard for this. > > Interestingly cake, at some point in the past offered exactly tha= t functionality, but it got removed due to added complexity with very littl= e practical applicability (and a potential layering violation, but one coul= d equally argue that the current layering is partly sub-optimal/wrong and h= ence violating it to better reflect reality might be acceptable). But curre= nt cake does not offer this. If you are willing to daisy-chain two routers,= you could run cake on the respective egress interfaces connecting both rou= ters, and do the DSCP cleaning on the outer router=E2=80=99s egress interfa= ce toward the internet=E2=80=A6 > >> >> >> For ingress, DSCP field may not be set by network peer at all, and i >> have multiple LAN interfaces >> >> AFAIK, the order is "wan ingress -> ifb egress -> cake -> iptables" >> >> The trick of setting DSCP by iptables do not work because cake comes fir= st > > Hence Jonathan=E2=80=99s recommendation to make sure that cake fo= llows iptables, by setting it up on egress interfaces only=E2=80=A6 > > Best Regards > Sebastian > >> >> On Wed, Oct 12, 2016 at 3:26 PM, Jonathan Morton = wrote: >>> >>>> On 12 Oct, 2016, at 08:52, ching lu wrote: >>>> >>>> I deprioritize bittorrent traffic by marking related connections in >>>> iptables (e.g. detect by port number) and route them to corresponding >>>> HTB class and qdisc. >>>> >>>> How can i archive the same goal using the cake qdisc? >>> >>> Modify your iptables rules to set the DSCP rather than a kernel-interna= l mark. You probably want "-j DSCP =E2=80=94set-dscp-class CS1=E2=80=9D, a= s CS1 is the =E2=80=9Cbulk low priority=E2=80=9D code. Cake=E2=80=99s defa= ult Diffserv mode will pick that up appropriately. >>> >>> You also need to make sure Cake sees your packets *after* they=E2=80=99= ve been through the firewall, which generally means attaching it to the egr= ess port in each direction, not the ingress port. You=E2=80=99ve probably = already done this, if you=E2=80=99re happy with your HTB setup. >>> >>> If you have multiple LAN interfaces (eg, both Ethernet and wifi), you s= hould loop the inbound traffic through a common IFB device (and attach Cake= to that instead of the physical interfaces) to simplify configuration. >>> >>> - Jonathan Morton >>> >> _______________________________________________ >> Cake mailing list >> Cake@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cake >