From: Dave Taht <dave.taht@gmail.com>
To: "Toke Høiland-Jørgensen" <toke@toke.dk>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Field Report - installing 3.8.13-7
Date: Sun, 16 Jun 2013 15:35:21 -0700 [thread overview]
Message-ID: <CAA93jw6Ga3ySG5AtCH1WTwA1sq5cydTBaLDpTHFnNot-VqKYtw@mail.gmail.com> (raw)
In-Reply-To: <87sj0hofjf.fsf@toke.dk>
On Sun, Jun 16, 2013 at 3:29 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
> Rich Brown <richb.hanover@gmail.com> writes:
>
>> As noted above, 6in4 addresses seem to work, however, I did see a lot
>> of error messages as a result of running the 6in4 tunnel configuration
>> script. I've attached it to see if there's anything amiss…
I'm still looking for benchmark data on the rrul test over 6in4.
I spoke to a hurricane guy about how they do tunnelling, I think there
is some fq_codel work to be done over there to help their gateways out
in the long run.
> Have never used the 6in4 script, but a few of the messages have to do
> with the new firewall script:
>
>> Warning: Option @defaults[0].synflood_rate has invalid value '200'
>
> This is because the value is wrong. It should be '200/s' and not '200'.
It used to be right.
> That's a bug, I believe (though a minor one). Fixed in git; you can
THX! Polishing up the fenders...
> manually add the /s in your /etc/config/firewall if you want to shut it
> up. :)
I note that in older versions of openwrt the synflood rate was set
very low, low enough to be triggered by benchmarks like google
chrome's web page benchmark. I don't know the default now.
Worse, fixed rate limits like this don't scale up or down well. There
are similar fixed rate limits for ipv6 icmp traffic (which cero
doesn't do) in the default openwrt firewall rules. I would definately
argue that icmp and icmpv6 should be rate limited as a percentage of
your overall bandwidth and/or tossed into a special fq_codel class
and/or classified background, as someone doing a fast ping probe from
a fast host of your entire /48 will eat your entire uplink easily
without some limits in place.
>
>> Warning: Section @rule[0] (domain) does not specify a protocol,
>> assuming TCP+UDP
>
> The new firewall script complains when no protocol is set, but it does
> the right thing, so not really sure if I would call it a bug; should be
> fixed in git as well, though.
>
> The rest of the output is because the new firewall is more verbose than
> the old one.
>
> -Toke
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
next prev parent reply other threads:[~2013-06-16 22:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-16 21:15 [Cerowrt-devel] babeld change Dave Taht
2013-06-16 21:47 ` Toke Høiland-Jørgensen
2013-06-16 21:55 ` Dave Taht
2013-06-16 22:04 ` Toke Høiland-Jørgensen
2013-06-16 22:08 ` [Cerowrt-devel] Field Report - installing 3.8.13-7 Rich Brown
2013-06-16 22:29 ` Toke Høiland-Jørgensen
2013-06-16 22:35 ` Dave Taht [this message]
2013-06-16 22:54 ` Rich Brown
2013-06-17 8:24 ` Toke Høiland-Jørgensen
2013-06-17 4:15 ` [Cerowrt-devel] babeld change Steven Barth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAA93jw6Ga3ySG5AtCH1WTwA1sq5cydTBaLDpTHFnNot-VqKYtw@mail.gmail.com \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox