From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 334213B2A4 for ; Fri, 19 Feb 2021 15:33:59 -0500 (EST) Received: by mail-io1-xd33.google.com with SMTP id f20so6967428ioo.10 for ; Fri, 19 Feb 2021 12:33:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iJgsXw+ktNHpWHvy5fw35KRi1zkNzaG8VweqmOgIpaM=; b=JmWmPRIx+20sBZ4B/Zm1p5/WAvrilBfy6jX8/ohIkAjImN9NDmnF4dAPDPtdxyA697 GOIY9BLReGFqklvqgGi6x1IYqv5SjhMxB0msqbZ9iH+ZaIBH1T9GbvxMglZCkYhCevSc zC9ndGzqVoHscPG2pqKooVhJwJOyEGcW4M4dCcsDi2g4ThnedntOAFeENH6x9Flv+F/3 ILixwREGosb+D1r1CJDFGuzKghmjB8tCoINChHemOS9ZdMtB1HEpnEOZg44HgjP8nBbb 0ajO1fEFNlSijNqLbqwcgbEj7eNOordCmAmp32K7ssD54D5fYG6uyPZZ2tyoub+1Ffp3 atQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iJgsXw+ktNHpWHvy5fw35KRi1zkNzaG8VweqmOgIpaM=; b=GV5rodXfxr4i1OfbNwKVSJwEv8HaDp5dnJ4yKaWwDwYe/0+QYKx0Q2tunV/E2S5P2e GRt0wg6EvvezOK3WIrL0c9Tva9izwdY+P+sBcYHUvoR8ccTbPld65BkbOdkAjC5Kf28j 9vgc8Gc9hGJzFoH2M1UnlLJYj+ywS9/u6qDJt8QyTQwt2+upkUrh5Bvr8LPt6vodJqTW gSMQ8LbNRYrzzHjQqBd8U+hb84PrI/uHd5AH6KjanJBc0dYDfg/53cniJl+Q73SWlpon 9/cOYjkfn4Kdgv7izyfNmZ4Wtu+Ec+NRSXARt6/Adza2A/gEnF3NDQkh3nLB6WoSkiIm qwhw== X-Gm-Message-State: AOAM532e5VuVfxQCpOWnwnvFQSDWNLNoSh4/byVT0Uy1WLp0unzP7hnN soiyNLUZ/gdlFMkptBmesVPv6c8a/lf0YxmZeJozTxB+QUsyow== X-Google-Smtp-Source: ABdhPJzY3L/UBsSVif+GexJgAfAukiguG5Umv69AheMExt+I3dG0obU7NDC0qafC0vQ2+9o6e3xGpumNcw6OhaAiWoM= X-Received: by 2002:a02:3541:: with SMTP id y1mr11352105jae.66.1613766838435; Fri, 19 Feb 2021 12:33:58 -0800 (PST) MIME-Version: 1.0 References: <87mtw1kx9c.fsf@toke.dk> <87im6pkweq.fsf@toke.dk> <9a889d98-0fae-d1af-6dea-c534f0df854a@sager.me.uk> In-Reply-To: From: Peter Lepeska Date: Fri, 19 Feb 2021 15:33:44 -0500 Message-ID: To: John Sager Cc: cake@lists.bufferbloat.net Content-Type: multipart/alternative; boundary="00000000000027c48605bbb65f9e" Subject: Re: [Cake] Enforcing video quality question X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2021 20:33:59 -0000 --00000000000027c48605bbb65f9e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable "I'll put together a toy iptables rules file and a toy script with the necessary tc commands. " Wow -- that would be really appreciated. Question: will you need to explicitly call out the inside IP address of the host being shaped? Or, can it be set to shape each inside host? I'm not sure you can post to mailing list but maybe give it a shot (since there may be general interest) and if it fails email me directly? Thanks!!! Peter On Fri, Feb 19, 2021 at 2:04 PM John Sager wrote: > Yes. The marks are set on egress so you can select on inside IP address, > port, protocol - in fact many characteristics that iptables rules can tes= t > for. I'll put together a toy iptables rules file and a toy script with th= e > necessary tc commands. It'll take me a few days though as I'm busy with > other stuff currently. > > PS does the cake list allow attachments? It will be a small zip file. > > John > > On 19/02/2021 15:02, Peter Lepeska wrote: > > Hi John > > > > Does this result in the ability to set per internal host max ingress > > bandwidth? If so, any chance you can share a snippet of a script? I wil= l > be > > trying to reproduce your setup. > > > > Thank you! > > > > Peter > > > > On Fri, Feb 19, 2021 at 7:16 AM John Sager > > wrote: > > > > That's basically what I do. I set marks on outgoing traffic in the > mangle > > table which are copied to connmark before egress. Then on ingress t= he > > connmark is restored to the packet and punted to ifb0 using 'action > > connmark > > action mirred egress redirect dev $IFB' as an ingress filter on the > > incoming > > interface (ppp0 in my case). Then I have HTB classes on ifb0 which > set rate > > limits for different traffic classes indicated by the marks. I have > only 6 > > traffic classes (I bundle all video into one class), but as marks > are 32 > > bits wide there is lots of scope for classes for individual IP > addresses. > > > > John > > > > On 18/02/2021 19:28, Toke H=C3=B8iland-J=C3=B8rgensen via Cake wrot= e: > > > Peter Lepeska >> > > writes: > > > > > >> A user on the OpenWrt forum suggested hashlimit rules supported > by > > >> iptables. How does that idea sound to you? > > > > > > That will result in a cliff-edge policer (i.e., as soon as a > device goes > > > over its limits it will see every packet get dropped). This > doesn't > > > interact too well with the burstiness of TCP, so you'll likely g= et > > > erratic behaviour of the traffic if you do that. Doing the same > thing > > > with HTB means the router will queue+shape each class (and with > FQ-CoDel > > > on the leaves, you'll get a nice AQM behaviour as well), so that > will be > > > smoother and less prone to bloat :) > > > > > > -Toke > > > _______________________________________________ > > > Cake mailing list > > > Cake@lists.bufferbloat.net > > > https://lists.bufferbloat.net/listinfo/cake > > > > > _______________________________________________ > > Cake mailing list > > Cake@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cake > > > --00000000000027c48605bbb65f9e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
"I'll put together a toy iptables rules file and = a toy script with the
necessary tc commands.=C2=A0"

<= div>Wow -- that would be really appreciated. Question: will you need to exp= licitly call out the inside IP address of the host being shaped? Or, can it= be set to shape each inside host?

I'm not sur= e you can post to mailing list but maybe give it a shot (since there may be= general interest) and if it fails email me directly?

<= div>Thanks!!!

Peter

On Fri, Feb 19, 2021 at 2= :04 PM John Sager <john@sager.me.uk<= /a>> wrote:
Y= es. The marks are set on egress so you can select on inside IP address, port, protocol - in fact many characteristics that iptables rules can test =
for. I'll put together a toy iptables rules file and a toy script with = the
necessary tc commands. It'll take me a few days though as I'm busy = with
other stuff currently.

PS does the cake list allow attachments? It will be a small zip file.

John

On 19/02/2021 15:02, Peter Lepeska wrote:
> Hi John
>
> Does this=C2=A0result in the ability to set per internal host max ingr= ess
> bandwidth? If so, any chance you can share a snippet of a script? I wi= ll be
> trying to reproduce your setup.
>
> Thank you!
>
> Peter
>
> On Fri, Feb 19, 2021 at 7:16 AM John Sager <john@sager.me.uk
> <mailto:john@= sager.me.uk>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0That's basically what I do. I set marks on outg= oing traffic in the mangle
>=C2=A0 =C2=A0 =C2=A0table which are copied to connmark before egress. T= hen on ingress the
>=C2=A0 =C2=A0 =C2=A0connmark is restored to the packet and punted to if= b0 using 'action
>=C2=A0 =C2=A0 =C2=A0connmark
>=C2=A0 =C2=A0 =C2=A0action mirred egress redirect dev $IFB' as an i= ngress filter on the
>=C2=A0 =C2=A0 =C2=A0incoming
>=C2=A0 =C2=A0 =C2=A0interface (ppp0 in my case). Then I have HTB classe= s on ifb0 which set rate
>=C2=A0 =C2=A0 =C2=A0limits for different traffic classes indicated by t= he marks. I have only 6
>=C2=A0 =C2=A0 =C2=A0traffic classes (I bundle all video into one class)= , but as marks are 32
>=C2=A0 =C2=A0 =C2=A0bits wide there is lots of scope for classes for in= dividual IP addresses.
>
>=C2=A0 =C2=A0 =C2=A0John
>
>=C2=A0 =C2=A0 =C2=A0On 18/02/2021 19:28, Toke H=C3=B8iland-J=C3=B8rgens= en via Cake wrote:
>=C2=A0 =C2=A0 =C2=A0 > Peter Lepeska <bizzbyster@gmail.com <mailto:bizzbyster@gmail.com= >>
>=C2=A0 =C2=A0 =C2=A0writes:
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 >> A user on the OpenWrt forum suggested has= hlimit rules supported by
>=C2=A0 =C2=A0 =C2=A0 >> iptables. How does that idea sound to you= ?
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > That will result in a cliff-edge policer (i.e= ., as soon as a device goes
>=C2=A0 =C2=A0 =C2=A0 > over its limits it will see every packet get = dropped). This doesn't
>=C2=A0 =C2=A0 =C2=A0 > interact too well with the burstiness of TCP,= so you'll likely get
>=C2=A0 =C2=A0 =C2=A0 > erratic behaviour of the traffic if you do th= at. Doing the same thing
>=C2=A0 =C2=A0 =C2=A0 > with HTB means the router will queue+shape ea= ch class (and with FQ-CoDel
>=C2=A0 =C2=A0 =C2=A0 > on the leaves, you'll get a nice AQM beha= viour as well), so that will be
>=C2=A0 =C2=A0 =C2=A0 > smoother and less prone to bloat :)
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0 > -Toke
>=C2=A0 =C2=A0 =C2=A0 > _____________________________________________= __
>=C2=A0 =C2=A0 =C2=A0 > Cake mailing list
>=C2=A0 =C2=A0 =C2=A0 > Cake@lists.bufferbloat.net <mailto:Cake@lists.bufferbloat.ne= t>
>=C2=A0 =C2=A0 =C2=A0 > https://lists.bufferbloat.n= et/listinfo/cake
>=C2=A0 =C2=A0 =C2=A0 >
>=C2=A0 =C2=A0 =C2=A0_______________________________________________
>=C2=A0 =C2=A0 =C2=A0Cake mailing list
>=C2=A0 =C2=A0 =C2=A0Cake@lists.bufferbloat.net <mailto:Cake@lists.bufferbloat.net&= gt;
>=C2=A0 =C2=A0 =C2=A0https://lists.bufferbloat.net/lis= tinfo/cake
>
--00000000000027c48605bbb65f9e--