From: Kathleen Nichols <nichols@pollere.com>
To: codel@lists.bufferbloat.net
Subject: Re: [Codel] [Cake] Proposing COBALT
Date: Fri, 20 May 2016 07:42:51 -0700 [thread overview]
Message-ID: <3f1756f2-2f8a-d9f7-76cc-0036ee182a94@pollere.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1605200654280.1578@nftneq.ynat.uz>
On 5/20/16 7:04 AM, David Lang wrote:
>
> How big a problem is this in the real world? ARe we working on a
> theoretical problem, or something that is actually hurting people?
>
The above seems like it should be the FIRST thing to consider.
The entire thread:
> On Fri, 20 May 2016, moeller0 wrote:
>
>>> On May 20, 2016, at 15:41 , David Lang <david@lang.hm> wrote:
>>>
>>> On Fri, 20 May 2016, Jonathan Morton wrote:
>>>
>>>> Normal traffic does not include large numbers of fragmented packets
>>>> (I would expect a mere handful from certain one-shot
>>>> request-response protocols which can produce large responses), so it
>>>> is better to shunt them to a single queue per host-pair.
>>>
>>> I don't agree with this.
>>>
>>> Normal traffic on a well setup network should not include large
>>> numbers of fragmented packets. But I have seen too many networks that
>>> fragment almost everything as a result of there being a hop that goes
>>> through one or more tunneling layers that lower the effective MTU
>>> (and no, path mtu discovery does not always work)
>>
>> True, do you have a cheaper idea of getting the flow identity
>> cheaply from fragmented packets, short of ressembly ;) ?
>
> How big a problem is this in the real world? ARe we working on a
> theoretical problem, or something that is actually hurting people?
>
> by default (and it's a fairly hard default to disable in OpenWRT), the
> kernel is doing connection tracking so that NAT (masq) and stateful
> firewalling can work. That process has to solve this problem. The days
> of allowing fragments through the firewall ended over a decade ago, and
> if you don't NAT the fragments correctly, things break.
>
> So, assuming that we can do as well as conntrack (or ideally use the
> work that it's already doing), then the only case where this starts to
> matter is in places that have a custom kernel with conntrack disabled
> and are still seeing enough fragments to matter.
>
> I strongly suspect that in the real world, grouping those fragments by
> source/dest IP will spread them into enough buckets to keep them from
> hurting any other systems, while still keeping them concentrated enough
> to keep fragmentation from being a backdoor around limits.
>
> Remember, perfect is the enemy of good enough. A broken network that is
> fragmenting a lot of traffic is going to have other problems (especially
> if it's the typical "fragment due to tunnel overhead" where you have a
> full packate and minimum size packet pair that you fragment into). Our
> main goal needs to be to keep such systems from hurting others. Keeping
> it from hurting other traffic on the same broken host is a secondary goal.
>
> Is it possible to get speed testing software to detect that it's
> receiving fragments and warn about that?
>
> David Lang
> _______________________________________________
> Codel mailing list
> Codel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/codel
next prev parent reply other threads:[~2016-05-20 14:42 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 10:04 [Codel] " Jonathan Morton
2016-05-20 11:37 ` [Codel] [Cake] " moeller0
2016-05-20 12:18 ` Jonathan Morton
2016-05-20 13:22 ` moeller0
2016-05-20 14:36 ` Jonathan Morton
2016-05-20 16:03 ` David Lang
2016-05-20 17:31 ` Jonathan Morton
[not found] ` <CALnBQ5mNgHgFoTcvLxppv2P9XODc4D-4NObKyqbZJ0PccVkwiA@mail.gmail.com>
2016-05-20 16:43 ` Jonathan Morton
2016-05-23 18:30 ` Jonathan Morton
2016-05-24 13:47 ` Jeff Weeks
2016-05-24 14:07 ` Jonathan Morton
2016-05-24 15:52 ` Dave Täht
2016-05-24 15:56 ` Jonathan Morton
2016-05-24 16:02 ` Dave Taht
2016-05-26 12:33 ` Jonathan Morton
2016-06-03 19:09 ` Noah Causin
2016-06-03 19:34 ` Jonathan Morton
2016-06-04 1:01 ` Andrew McGregor
2016-06-04 6:23 ` Jonathan Morton
2016-06-04 13:55 ` Jonathan Morton
2016-06-04 14:01 ` moeller0
2016-06-04 14:16 ` Jonathan Morton
2016-06-04 15:03 ` moeller0
2016-06-04 17:10 ` Noah Causin
2016-06-04 17:49 ` Eric Dumazet
2016-06-04 19:55 ` Jonathan Morton
2016-06-04 20:56 ` Eric Dumazet
2016-06-27 3:56 ` Jonathan Morton
2016-06-27 7:59 ` moeller0
2016-05-20 13:41 ` David Lang
2016-05-20 13:46 ` moeller0
2016-05-20 14:04 ` David Lang
2016-05-20 14:42 ` Kathleen Nichols [this message]
2016-05-20 15:11 ` Jonathan Morton
2016-05-20 15:12 ` Jonathan Morton
2016-05-20 16:05 ` David Lang
2016-05-20 17:06 ` Jonathan Morton
2016-05-20 16:20 ` Rick Jones
2016-05-20 16:35 ` Jonathan Morton
2016-05-20 17:01 ` Rick Jones
2016-05-20 17:07 ` Jonathan Morton
2016-05-20 17:21 ` Rick Jones
2016-05-20 17:26 ` David Lang
2016-05-20 17:33 ` Jonathan Morton
2016-05-20 14:09 ` Jonathan Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/codel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3f1756f2-2f8a-d9f7-76cc-0036ee182a94@pollere.com \
--to=nichols@pollere.com \
--cc=codel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox