From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ie0-x22a.google.com (mail-ie0-x22a.google.com [IPv6:2607:f8b0:4001:c03::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 6C79521F0FA for ; Mon, 19 Jan 2015 11:17:50 -0800 (PST) Received: by mail-ie0-f170.google.com with SMTP id y20so7418433ier.1 for ; Mon, 19 Jan 2015 11:17:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KXQbM0lkaMg5PcI/iIPWoRlYiLu2QuDYofaxCcg2ue0=; b=XdNtQAfTxikXCCQPCv8ytdNWNrxwptzA9urf6I8k/9HpuuMIdsdhQBjc10lWU8kdll Z/ULkfqJalEiLvBMgfiWliAXlxb6ShYFUE0Bpzqcx8180shKNoOXzsa0Pu4eMXDi7+8i Fdl13zfuOi0QT3Ags4t3oxrwjrELtCXNJV15cE4R1Dlm+qvtMTqJH5WG6VHq5hdEInya V+hS6skUo5dVe6N7PCSujCyK+YJjCX0DZXX0aXe82l0cEbaQN/Bh5UwskCsJ3uczYbCM iTzBXRsEyL/fPp4E72sY3FC3Q2ar4KVdRVCoJQhih1/uDVaV7FsBhtl9utnAl2YSlFve HaeA== MIME-Version: 1.0 X-Received: by 10.50.108.83 with SMTP id hi19mr21170213igb.8.1421695070237; Mon, 19 Jan 2015 11:17:50 -0800 (PST) Received: by 10.64.208.39 with HTTP; Mon, 19 Jan 2015 11:17:50 -0800 (PST) In-Reply-To: References: <1420565177.062826426@apps.rackspace.com> Date: Mon, 19 Jan 2015 11:17:50 -0800 Message-ID: From: Aaron Wood To: Dave Taht Content-Type: multipart/alternative; boundary=089e01494c2aa3fa76050d062df3 Cc: cerowrt-devel Subject: Re: [Cerowrt-devel] SInce I mentioned this crew's work in a post, I don't want anyone to be surprised. X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2015 19:18:19 -0000 --089e01494c2aa3fa76050d062df3 Content-Type: text/plain; charset=UTF-8 On Tue, Jan 6, 2015 at 11:37 AM, Dave Taht wrote: > > I also tend to wish that streaming video had got it's own control port > rather than being layered over 80 and 443. > In my experience, that was due to the corporate firewalls' default rule of disallowing outbound connections. Port 80 can be deep-packet-inspected to confirm it's HTTP, and 443 can be confirmed to be SSL, and so everything else was shut down. So everything had to be delivered over those, or it failed. In my world, that means that IoT devices talking custom protocols over SSL have to use 443 to the datacenters because the corporate firewall people won't allow anything else out. And if you can't demo it from the "guest" network at a company, you won't make any sales there. OTOH, fq_codel should hash them out separately based on the destination IP and source ports as separate connections. Not separable into a QoS bucket, but at least able to pry apart the streams for fairness... -Aaron --089e01494c2aa3fa76050d062df3 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Tue, Jan 6, 2015 at 11:37 AM, Dave Taht <dave.taht@gmail.com&= gt; wrote:

I also tend to wish that streaming video had got it's own control port<= br> rather than being layered over 80 and 443.

<= div>In my experience, that was due to the corporate firewalls' default = rule of disallowing outbound connections.=C2=A0 Port 80 can be deep-packet-= inspected to confirm it's HTTP, and 443 can be confirmed to be SSL, and= so everything else was shut down.=C2=A0 So everything had to be delivered = over those, or it failed.=C2=A0 In my world, that means that IoT devices ta= lking custom protocols over SSL have to use 443 to the datacenters because = the corporate firewall people won't allow anything else out.=C2=A0 And = if you can't demo it from the "guest" network at a company, y= ou won't make any sales there.

OTOH, fq_codel = should hash them out separately based on the destination IP and source port= s as separate connections.=C2=A0 Not separable into a QoS bucket, but at le= ast able to pry apart the streams for fairness...

= -Aaron=C2=A0
--089e01494c2aa3fa76050d062df3--