From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com [209.85.223.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 102F821F17B for ; Mon, 26 Nov 2012 06:00:47 -0800 (PST) Received: by mail-ie0-f171.google.com with SMTP id 17so13638145iea.16 for ; Mon, 26 Nov 2012 06:00:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=uCkJAmJFZrvWQJD7Ifu4uwkTMd48px+tEh0yRScG5Lw=; b=iQjhaW3L29LTB76y6dlthn/zIKtYQnSqNoAofdHng3QYlKAQgNoBxZak27lv/Xvqv/ sfyLpGM/xrJxdGzHSaXuifQI3/Zcfj1w1OPA0ehkj495/XU9r9NNjswvbrTG5gR2AO7y qUohPxT+JyM6xymzQAYh8EIzbOPyBF1YWXvb7ZeiwJ38m9mV759s4NL8SSePd7jCCFkm HvLeibesUC5S3AMExUBZaZ8NSa4IBx5zpv1A7vKWk88xZIJXYevspVXuCG38r9kTv7zi 7hMjVE4Q9WiN6QCHQHW+8kRRr7JMKxYsS5lKTe+/6efkMlprjKF3ieNEYIZuebgGVDlQ 8+Qw== MIME-Version: 1.0 Received: by 10.42.201.201 with SMTP id fb9mr10000557icb.19.1353938446338; Mon, 26 Nov 2012 06:00:46 -0800 (PST) Received: by 10.64.135.39 with HTTP; Mon, 26 Nov 2012 06:00:45 -0800 (PST) In-Reply-To: <10146.1353932800@obiwan.sandelman.ca> References: <54532012A5393D4E8F57704A4D55237E3CDE473A@CH1PRD0510MB381.namprd05.prod.outlook.com> <10146.1353932800@obiwan.sandelman.ca> Date: Mon, 26 Nov 2012 15:00:45 +0100 Message-ID: From: Dave Taht To: Michael Richardson Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Cc: Richard Brown , "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Bufferbloat at upcoming LUG talk X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 14:00:47 -0000 On Mon, Nov 26, 2012 at 1:26 PM, Michael Richardson wrot= e: > >>>>>> "Richard" =3D=3D Richard Brown writes= : > Richard> - I can see how the CeroWrt de-bloating algorithms help > Richard> protect against bad latency when I'm *uploading* big > Richard> files. I'm not sure whether using CeroWrt with its > Richard> CoDel/FQ/SFQ/etc. helps when I'm downloading big files, > Richard> though. What can I say about this? > > If the link from the broadband to the laptop is wireless, than it's > quite possible that the wireless link experiences bufferbloat. > This would be true: > - if the laptop is far from the base station the rate could be > lower than the broadband download link. (Especially now that > cable offers 50Mb/s downlinks...) > - if the wireless is bridged to wired, and there are many windows > boxes, broadcasting a lot, then the wireless link may be > otherwise saturated One point of the rrul tests are that netserver runs out of xinetd on the router itself, so it's possible to test wifi performance in the presence of multiple workl= oads. However, the overhead of running netserver on such a small box is too extreme, presently. I hope to produce a simpler test that can, indeed, work right on cerowrt, so you can easily diagnose the inside path on your network. You can certainly install netperf 2.6 or later on a heftier box, locally on your network, and test wifi and wired that way. > > bad uplink latency will affect TCP ACKs, and can totally ruin your > interactive ssh day too. s/can/does > But, in general, either the ISP has to debloat too, or it has to rate > limit to below the actual bandwidth. Rate limiting below the ISP's provided downlink-to-you bandwidth does work, but tends to chop off 10-15% of what the ISP claims they are providing. > Richard> - I believe the default DNS server in Sugarland is dnsmasq, > Richard> not bind. Is DNSSEC enabled by default? Also: there's a > Richard> report (Bug #411) that says that DNS is leaking internal > Richard> names to the outside world. What's the best advice for > Richard> closing this? ("list notinterface 'ge00'" is one > Richard> recommendation=85) > > (In general, leaking names is really not that much of a worry...) Names, no. Amplification attacks are a serious problem with DNS. The internet is rife with worms and daemons that are leveraging open dns servers to amplification attacks. In a few short weeks that macej had left the port open, http://www.bufferbloat.net/issues/411 "Having DNS open for a while made some evil forces notice it and use my IP for DNS amplification attacks. I secured dnsmasq not to listen on ge00, but I'm still getting over 300 UDP packets/s!" I really hate having contributed to this problem with sugarland. Nobody wants an extra 300 packets/s hitting their home network for any reason. Please close this immediately upon installing sugarland. I've tried very hard to respond to CVEs over the course of this project (bind alone, had 5), but I'm away from the lab, in the middle of a trip, in between a major upgrade of functionality to cerowrt and trying to get funding to re-invigorate this project. I haven't had much time to hack. None to test. I would to get to where we had infrastructure to easily create, test, and push out security related fixes. > > Richard> My plan is to give a little of the science behind > Richard> bufferbloat mitigation and also put in a plug for > Richard> CeroWrt. Any topics I haven't already mentioned that I > Richard> should? Thanks! > > Use the fountain images that Van Jacobson used at IETF84. In my own preso at the lincs, I used my coffee cup... There is an interesting preso that shemminger is using that uses soda bottles to do something similar to both concepts. Jamming holes into it randomly to simulate red.... I may adopt this - however in explaining fq_codel, I think I need to add multiple cups, and an eye-dropper for the ant packets. > > -- > ] He who is tired of Weird Al is tired of life! | firewa= lls [ > ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net arch= itect[ > ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device d= river[ > Kyoto Plus: watch the video > then sign the petition. > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html