From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ia0-f170.google.com (mail-ia0-f170.google.com [209.85.210.170]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 74DD621F12A for ; Sun, 9 Dec 2012 23:39:31 -0800 (PST) Received: by mail-ia0-f170.google.com with SMTP id i1so6313278iaa.1 for ; Sun, 09 Dec 2012 23:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=R00tvNdY1rJtDNLthpWQTNeLj82d6rq+YExVl2v4ggs=; b=ywu5dbVQjVX52ove4jTEGPo7LSk0/6o9Huw7f85Lp9Wt8aZ8r4aC0skQlrdGmWaBWk IGxohZjemTAh0apdVRv/TwPWgjLIZ8S4mfVfcI2GvA/hcZDDGAaRkwe+keScgQFCCjBX 7EEuIy+fYF/l0tO8ndkD4dSV4Yan/O73Ows35w8EaXBiZ+0xrbJO0+C423qUayPJdL4M hJW9Pv5pac9mxIWc6Y9aIA3MHaZ1GAwD/wUvciMnmjzI1X9HbjJNrXz+zF8uQVwWmgdx KT+j9fzbY0MN/vm2dVnUtxxmBsZ1OkutHs7I8S4vEQiSl+r94s9XxxTzo35iCvjiDmfO 26BA== MIME-Version: 1.0 Received: by 10.50.57.138 with SMTP id i10mr5764259igq.68.1355125170545; Sun, 09 Dec 2012 23:39:30 -0800 (PST) Received: by 10.64.135.39 with HTTP; Sun, 9 Dec 2012 23:39:30 -0800 (PST) In-Reply-To: <3310.1355097649@obiwan.sandelman.ca> References: <3310.1355097649@obiwan.sandelman.ca> Date: Mon, 10 Dec 2012 08:39:30 +0100 Message-ID: From: Dave Taht To: Michael Richardson Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] cerowrt 3.6.9-5 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2012 07:39:32 -0000 On Mon, Dec 10, 2012 at 1:00 AM, Michael Richardson wrot= e: > >>>>>> "Dave" =3D=3D Dave Taht writes: > Dave> I go back, however, to worrying about encapsulated traffic (suc= h as > Dave> vpn) that might need to ignore classification in order to > Dave> preserve the > Dave> stream boundries.... > > What do you mean here? I worry about encapsulating protocols copying the inner TOS/Diffserv bits to the outer IP header. Using a shaper that is aware of these bits would end up delivering packets that depend on a sequential encrypted stream out of order. I went looking into it a bit and it looks not to be a problem with openvpn, gre, and ike, as the protocols are not defined to do that. 6in4 is OK as it's pretty stateless... I think the other ipv6 encapsulating protocols should be fine too. (what actually happens in the real world has to be looked at, though) My head explodes when trying to understand AH and ipsec (strongswan), however, and I'd rather set up one and look at packets than try to understand the code. ENOTIME... and that leaves ipip etherip and encap, and l2tp left to look at. I'm also growing interested in protocols we could no longer use in the NAT era, but can in the ipv6 era (even with npt66), like sctp, and hip.... (100+ others elided), and also ones that are heavily used outside of conventional networking, like dccp. Then there's various forms of multicast... As happy as I am with fq_codel and it's upcoming successors, I keep looking for things that will break if we flipped a switch tomorrow and converted linux over to it! For example, it would make sense to FQ packets entering the ipsec/openvpn portions of the stack somehow, and it is suboptimal to penalize vpn streams over all others. --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html