From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 8FEE721F264 for ; Mon, 6 Apr 2015 16:43:51 -0700 (PDT) Received: by oblw8 with SMTP id w8so14436987obl.0 for ; Mon, 06 Apr 2015 16:43:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=DtcHPnhjCea5hT+ty7Y0p6bMQ6epGmStYs4RtgA4Oas=; b=wHU3CdH4dDnFE1TbFcLKISlhBN/TymXrIcEPXScqw7+Dk7iR26WcbFvs/KaGb8LwNS 1uciqmxEbbXmpplddVOQ8U9gz2GLJpaGU7llvdLMNOL+hgywyAdsrm2Iji2zdTM22QgP rp4RQu8pw5J/d8bAHxxPUJolEgY+idj1uNQafNoOb19t0/nFo25Wqly18yP/RKbQWzdC +aIsBHywwiN130XhOSLLb56L5LzsZ7YTE/RB1HWa/S43Hr3eOSIM3hM+yngh4GIto5Oz tr1qsNpcYPhdppoHAO2EjCMIPvY8563L0aQsd3HwWDIacka/bAIsuSm201iIAd0k21Ci f4UA== MIME-Version: 1.0 X-Received: by 10.182.66.106 with SMTP id e10mr21472235obt.42.1428363830211; Mon, 06 Apr 2015 16:43:50 -0700 (PDT) Received: by 10.202.51.66 with HTTP; Mon, 6 Apr 2015 16:43:50 -0700 (PDT) Date: Mon, 6 Apr 2015 16:43:50 -0700 Message-ID: From: Dave Taht To: "cerowrt-devel@lists.bufferbloat.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] Edgerouter 1.7.0alpha3 release with smart queuing X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Apr 2015 23:44:19 -0000 Those of you fiddling with the edgerouters have something more to test now. (I note that there seems also to be pretty complete openwrt support for them also.) I have 1 of each, but no time to test right now. ---------- Forwarded message ---------- From: Ubiquiti Community Date: Mon, Apr 6, 2015 at 3:22 PM Subject: UBNT-ancheng mentioned you in Ubiquiti Networks To: dave.taht@gmail.com Hi dtaht2, UBNT-ancheng (Ubiquiti Employee) mentioned you in a post! Join the conversation below: ________________________________ Alpha release v1.7.0alpha3 New software release v1.7.0alpha3 is now available here: ERLite-3 and ERPoe-5 (3-port and 5-port models): http://dl.ubnt.com/firmwares/edgemax/v1.7.0/ER-e100.v1.7.0alpha3.4760682.ta= r ER-8 and ERPro-8 (8-port models): http://dl.ubnt.com/firmwares/edgemax/v1.7.0/ER-e200.v1.7.0alpha3.4760682.ta= r This release adds new "traffic analysis" (that works with offload) feature and "smart queue" (FQ-CoDel + HTB) feature and also many enhancements and bug fixes. More details can be found in the release notes below. Please give it a try and let's discuss any issues here. Thanks very much! [Release Notes v1.7.0alpha3] Changelog Changes in v1.7.0alpha3 New features [Web UI] Add new "Traffic Analysis" feature: A few things to note: Currently, the initial implementation provides the TX/RX stats of individual IP addresses. More "granular" stats will be added too of course. This feature is integrated with the offload feature, so unlike NetFlow (flow accounting), it does not disable offload. Conversely, stats are not available for traffic that is not offloaded. The current implementation does not handle all cases yet and have some limitations, for example, non-NATed traffic is not handled, stats may be incomplete in some cases, etc. We will certainly be addressing these. Flow stats are "aged out" after 30 minutes currently, so for example, the RX bytes stat may go down noticeably 30 minutes after a big download finishes. Even though this works with offload, obviously it does still add some overhead. Therefore if the feature is not needed for example, it can be disabled using the following command: sudo sh -c "echo 0 >/proc/cavium/ipv4/export"(This will be made configurable in the system configuration.)While we continue working on improving the feature, please give it a try and let us know your feedback/suggestions/etc. Thanks! [QoS] Add new "smart queue" feature providing FQ-CoDel + HTB function. For example, assuming the WAN interface is "eth2" and the WAN link provides 10 Mbps and 50 Mbps for the upload and download bandwidth, respectively, then a basic configuration looks like the following: set traffic-control smart-queue sq1 interface eth2 set traffic-control smart-queue sq1 rate-up 10mbit set traffic-control smart-queue sq1 rate-down 50mbit commitA few things to note: The actual rate limits will be set to 95% of the specified value, so you could experiment with different values if necessary. Dynamic interfaces are also supported, for example: set traffic-control smart-queue sq1 interface pppoe0This works even if the dynamic interface does not exist yet, in which case the policy will be applied later when the interface comes up. Note that when setting the first interface, there is currently a spurious error message "Insufficient arguments for option intf-unique", which can be ignored. Currently this feature conflicts with the existing "traffic-policy" configuration, so the two should not be applied to the same interface at the same time. Also as discussed previously, the HTB rate limiting is computation intensive, and therefore above a certain rate the rate limiting would not work well (cannot achieve the specified rate). Currently a warning is implemented to indicate the specified rates are above such a threshold (however it does not fail the commit). This threshold (applied to the sum of "rate-up" and "rate-down") is platform-specific and the current values are: ERLite-3 and ERPoe-5: 200 Mbps ER-8: 450 Mbps ERPro-8: 550 MbpsOf course this will also depend on other factors such as load on the router etc., so these are just general guidelines and it may require some testing to find the limitations in a particular environment.The FQ-CoDel function have been in discussion for some time. In particular we would like to thank @dtaht2 , who contributed the original backport patches for fq_codel and also provided invaluable information on the subject! Many other community members participated and contributed as well, including but not limited to @ConnorM @psydafke @wkweksl @jzaw @berrybartels @martyh @levicki @Josh_SPITwSPOTS @twinkletoes @Zerofail @chaicka @ryan3531 @request_timeout @bcdouglas @kai_h @videomatic3 @zbeyuz @leeandy @Ric878 @CiscoKid85 @shado @Sugaroverdose @r4m3u5 @WisTech @paszczus @Arnold2222 @final (who implemented a Web UI wizard for the script!) @amishgenius @mackintire @moeller0 @Xand @BillyPrefect @erictooth @waheuler @jjonsson @asat @cinnamw @skyflash @axp @Djursland01 for example here and here. Please help test this new feature and provide feedback, and if testing goes well, we will be adding Web UI page for configuring this too of course! Thanks! Enhancements and bug fixes [Web UI] Fix validation issue for IPv6 network notation. Reported by @loke here. [Web UI] Add peer description for IPsec site-to-site page. Suggested by @chrish13 here. [Web UI] Fix handling of space character for dynamic DNS "Web-skip" configuration. Reported by @tucker here. [Web UI] Reorder config settings for system log in System tab and disable level input if server is not configured. Discussed with @petecarlson here. [Web UI] Fix deletion of bridge interface. Reported by @Paetur . [Web UI] Fix display issue of VLAN interfaces under parent interfaces whose name end in "0". Reported by community members including @dcplaya @MountainPatrick @nlpdk @jndfx22 @RyLeeRyno @jjonsson @britannic @dragon2611 @Cznet for example in these threads: 1 2 3. [HW offload] Allow offload to be used with "modify table" action (for policy-based routing) in "modify" firewall rules. [PPPoE server] Add configuration option for enabling MPPE encryption (default disabled). To enable: set service pppoe-server encryption enableThis allows airOS PPPoE client to connect if "encryption" is enabled on the client. Reported by and discussed with @ajbtv2 @Paetur @Twoopi86 here and here. [System] Only start internal telnetd (for Web UI "CLI window") if Web UI is enabled. Discussed with community members including @ryan3531 @mrjester @Xand @rjh2805 @budcar @apleschu @GaryGapinski @zx2c4 for example in these threads: 1 2 3 4. [System] Fix handling of negative temperature readings from the temperature sensors. Reported by @Magician . [System] Implement potential fix for Web UI backend process issue. [System] Use temporary file during save operation. Patch contributed by community member final [MSS clamping] Add support for clamping "all" traffic set firewall options mss-clamp interface-type allDiscussed with community members, for example @drac here. [MSS clamping] Apply MSS clamping in both directions. Discussed with @bjck @Adze1502 here. [Firewall/NAT] Fix address group validation for /32 addresses. Reported by @Zubr here. [Bridge] Fix implementation issue with the "bridged-conntrack" setting introduced in 1.7.0alpha2. This can now be disabled (default) unless connection tracking for bridged traffic is required, in which case it can be enabled by: set interfaces bridge br0 bridged-conntrack enable [Interface] Fix validation to prevent configuration of mirror/redirect on "switched" interfaces (which does not work). [Static route] Add description setting to static routes configuration. For example: set protocols static route 1.1.1.0/24 next-hop 2.2.2.2 description 'lab network'Discussed with community members for example @ttt_travis here. [NetFlow] Fix "clear flow-accounting counters" command to also clear egress counters. Reported by @zx900e20 here. [CLI] Fix "commit-archive" to send whole config (ignore "edit level"). Patch contributed by community member @final (discussed here). [CLI] Allow multiple IP addresses for static host mapping. Patch contributed by community member @zx2c4 here. [DHCPv6 PD] Allow "prefix-only" configuration. For example: set interfaces ethernet eth1 pppoe 1 dhcpv6-pd prefix-onlyReported and fix suggested by @Mephi here. [VRRP] Allow VRRP to be configured on switch and bridge interfaces. Suggested and tested by @Sergiy here. Updated software components Update PHP to 5.4.39: Fix CVE-2015-2301, CVE-2015-2787, CVE-2015-2348, CVE-2015-2305, CVE-2015-2331, CVE-2015-0235, CVE-2015-0273, CVE-2014-9705, CVE-2015-0231, CVE-2014-9427, CVE-2015-0232, CVE-2014-9652 Update bind9 to 1:9.8.4.dfsg.P1-6+nmu2+deb7u4: Fix CVE-2015-1349 Update dbus to 1.6.8-1+deb7u6: Fix CVE-2015-0245 Update gnupg to 1.4.12-7+deb7u7: Fix CVE-2014-3591, CVE-2015-0837, CVE-2015-1606 Update eglibc to 2.13-38+deb7u8: Fix CVE-2015-1472, CVE-2015-1473, CVE-2012-3406, CVE-2014-4043, CVE-2014-9402, CVE-2013-7424 Update libcomerr2 to 1.42.5-1.1+deb7u1: Fix CVE-2015-0247, CVE-2015-1572 Update libgcrypt11 to 1.5.0-5+deb7u3: Fix CVE-2014-3591, CVE-2015-0837 Update gnutls26 to 2.12.20-8+deb7u3: Fix CVE-2015-0294, CVE-2015-0282 Update libssh2 to 1.4.2-1.1+deb7u1: Fix CVE-2015-1782 Update openssl to 1.0.1e-2+deb7u16: Fix CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3571, CVE-2015-0209 Update openvpn to 2.3.2-7~bpo70+2: Use newer version from Wheezy backports. Suggested by @rolfl here. Update sudo to 1.8.5p2-1+nmu2: Fix CVE-2014-9680 Update tcpdump to 4.3.0-1+deb7u2: Fix CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155 Changes in v1.7.0alpha2 See the previous release notes ________________________________ Ubiquiti Networks sent this message to dave.taht@gmail.com. You are receiving this email because you were @mentioned. To control which emails we send you please go to, manage your subscription & notification settings or unsubscribe. --=20 Dave T=C3=A4ht We CAN make better hardware, ourselves, beat bufferbloat, and take back control of the edge of the internet! If we work together, on making it: https://www.kickstarter.com/projects/onetswitch/onetswitch-open-source-hard= ware-for-networking