[Cake] triple flow isolation
Jonathan Morton
chromatix99 at gmail.com
Mon Jan 18 04:37:35 EST 2016
> On 18 Jan, 2016, at 11:21, moeller0 <moeller0 at gmx.de> wrote:
>
> Am I right to assume that dust and src host isolation works with the same counters but simply ignores one of them?
Yes. That’s explicit in the code.
> So if all internal hosts talk to one external host, does this scheme then equal pure per-flow fairness? I am trying to understand how robust triple-iso is going to be against attempt at shenanigans by unruly machines on the internal/external networks…
No. If there is only one host on one side (whichever side that happens to be), then maintaining per-host fairness for that side is trivial. The algorithm will instead maintain per-host fairness for the other side. This derives from the fact that it also maintains per-host fairness within traffic to each individual host. Per-flow fairness is also still maintained within individual host-pairs.
My measurements show that this aspect of the isolation is not perfect. There is still some influence from the number of flows, which biases the actual throughput slightly from ideal per-host fairness. This bias is however *much* smaller than pure per-flow fairness would be, and I’ve been unable to come up with a robust way of eliminating it entirely.
Hence I think it’s reasonable to simply switch on triple isolation by default, in the near future. It does approximately the right thing, without further configuration, in the great majority of practical cases (that I can think of), and to a greater extent than the existing “flows” mode does.
I think that might also be a good time to overhaul the documentation and do some other overdue cleanup.
- Jonathan Morton
More information about the Cake
mailing list