Re: [Cerowrt-devel] slowly moving to deploy 3.3.8-6

[Michael Richardson <mcr@sandelman.ca>]

[-- Attachment #1: Type: text/plain, Size: 3001 bytes --]


>>>>> "Dave" == Dave Taht <dave.taht@gmail.com> writes:
    Dave> Comments:

    Dave> 1) we have a fq_codel enabled build for ubuntu 12.4
    Dave> contributed by kamal mostafa on:

    Dave> https://launchpad.net/~kamalmostafa/+archive/bufferbloat

It took me a few reads to get why this mattered... this is for my wife's
laptop.

    Dave> 2) There are multiple things about vlan behavior in cerowrt
    Dave> and with AQMs that you could explore. I'm not really sure if
    Dave> the default cerowrt ifconfig script is going to work right on
    Dave> multiple vlans. (see /etc/hotplug.d/iface/00-debloat) for one
    Dave> thing.

okay, thanks.

    Dave> 3) if you enable the vlan on the switch, each port can indeed
    Dave> be a different network.

Good.  I'm not entirely sure that I care actually, given that I can
create vlans... assuming I can get Gigabit to somehow work directly with
my Cisco switch.

    Dave> 4) My intent with the se00 and ge00 naming scheme was to come
    Dave> up with a clean way to write difficult firewall rules, using a
    Dave> "s+" or "g+" pattern match, rather than having to write
    Dave> O(network interface) rules.

I agree with it.

    Dave> This concept doesn't play well with the conventional vlan
    Dave> se00.XXX naming scheme but I do note that names can be changed
    Dave> on creation to match some sort of guest/secure split while
    Dave> preserving the capability for + semantics. That said, the
    Dave> default openwrt firewall (as cerowall is unfinished) doesn't
    Dave> use +, uses .XXX, and YMMV.

well, my firewall rules/policy are somewhat more complex than just
lan/guest.   I will have:
        trusted (very few incomng ports open, only from known places)
        service (many incoming ports open, few outgoing open)
        wireless ("sw", gets access to printer)
        guest    ("gw", outgoing only, probably NATed)

    Dave> Delighted you are making progress with a real world and
    Dave> wife-compatible installation.

    Dave> Are you using qos-scripts or the simple_qos script yet?

Not yet.

My laptop now spends most days at home in it's docking station, as
"desktop", and I have transitioned to a desktop computer at CREDIL, but
I ssh to home to run xemacs+mhe... and *I* sure notice bufferbloat.
(I also run sshfs in both directions at the same time, plus have a 7
year old that would spend all day on youtube if we let him...)
This is despite my ISP having put some QoS at their end....  I have some
very clear smokeping pictures. I hope that codel at my end will help. 

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 

[-- Attachment #2: Type: application/pgp-signature, Size: 307 bytes --]