<html><head></head><body>Hi there,<br><br>A few related thoughts. Some people use sldnsmasq to populate ipsets based on dnsnames to figure out which IP addresses are used by, say YouTube, and then dscp mark them to their own desire. Others use iptables rules to detect bulk flows by their accumulated transfervolume and then dscp mark them. The common thread here is that these techniques fo not work with the IFB way of ingress shaping, since the IFB runs before iptables/dnsmadq/ipset actually has seen the packets and hence they carry their original useless DSCP marks. If your router does not use wifi, you can instantiate the ingress Shaper on the egress side of the interface from the CPU to the lan side, or you can use a veth pair to route ingress traffic into the lan bridge and then instantiate the ingress Shaper on the egress side of that veth...<br><br>Best Regards<br> Sebastian<br><br>P.S.: As far as I can tell IPv6 end hosts will cycle through new addresses, but typically should only use a few concurrently. It would be quite interesting to figure out whether the Xbox updates truly use multiple IP addresses in the first place or whether this is a thundering herd problem caused by synchronized updates by multiple hosts, no?<br><br><div class="gmail_quote">On 18 August 2020 06:15:55 CEST, Jonathan Morton <chromatix99@gmail.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On 18/08/2020 06:44, Daniel Sterling wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">...is it possible to identify (and thus classify)<br>plain old bulk downloads, as separate from video streams? They're both<br>going to use http / https (or possibly QUIC) -- and they're both<br>likely to come from CDN networks... I can't think of a simple way to<br>tell them apart.<br></blockquote><br>If there was an easy way to do it, I would already have done so. We are <br>unfortunately hamstrung by some bad design and deployment around <br>Diffserv, which might otherwise provide a useful end-to-end visible <br>signal here.<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Is this enough of a problem that people would try to make a list of<br>netblocks / prefixes that belong to video vs other CDN content?<br></blockquote><br>It's possible that someone is doing this, but I don't specifically know <br>of such a source of information. It would of course be better to find a <br>solution that didn't rely on white/black lists, which have a distressing <br>habit of going stale.<br><br>But one of the more reliable ways might be to use Autonomous System (AS) <br>information. ASes are an organisational unit used for assigning IP <br>address ranges and for routing, and usually correspond to a more-or-less <br>significant Internet organisation. It should be feasible to map an <br>observed IP address to an AS, then look up the address blocks assigned <br>to that AS, thereby capturing a whole range of related IP addresses.<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">I do notice video streams are much more bursty than plain downloads<br>for me, but that may not hold for all users.<br><br>That is, for me at least, a video stream may average 5mbps over, say,<br>1 minute, but it will sit at 0mbps for a while and then burst at<br>20mbps for a bit.<br></blockquote><br>Correct, YouTube at least likes to fetch a big block of data from disk <br>and send it all at once, then rely on the client buffer to tide it over <br>while the disk services other requests. It makes some sense when you <br>consider how slow disk seeks are relative to the number of clients they <br>need to support, each of which will generally be watching a different <br>video (or at least a different part of the same one).<br><br>However, this burstiness disappears on the wire just when you would like <br>to use it to identify traffic, ie. when the video traffic saturates the <br>bandwidth available to it. If there's only just enough bandwidth, or <br>even *less* than what is required, then YouTube sends data continuously <br>into the client buffer, trying to keep it as full as possible.<br><br>There are no easy answers here. But I've suggested some things to look <br>for and try out.<br><br> - Jonathan Morton<hr>Bloat mailing list<br>Bloat@lists.bufferbloat.net<br><a href="https://lists.bufferbloat.net/listinfo/bloat">https://lists.bufferbloat.net/listinfo/bloat</a><br></pre></blockquote></div><br>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>