[Cake] flow isolation for ISPs

[Toke Høiland-Jørgensen]

Pete Heist <peteheist at gmail.com> writes:

> Suppose there is a cooperative ISP that has some members who access the network through a single device (like a router with NAT), while others use multiple devices and leave routing to the ISPs routers. (No need to suppose, actually.)
>
> There’s fairness at the IP address level (currently with esfq, maybe soon with
> Cake), but it's not fair that members with multiple devices effectively get one
> hash bucket per device, so if you have more devices connected at once, you win.
> There is a table of member ID to a list of MAC addresses for the member, so if
> there could somehow be fairness based on that table and by MAC address, that
> could solve it, but I don’t see how it could be implemented.
>
> Is it possible to customize the hashing algorithm used for flow isolation, either with Cake or some other way?
>
> The only options I can think of now:
>
> - force each member to use only one IP address (probably impractical at this point with hundreds of members)
> - use one queue per member in an HTB hierarchy, for example, with
> filters matching each member’s devices, but that seems difficult to
> manage

Once upon a time I implemented something like this; it was basically a
PHP script that would generate an HTB bucket (with sfq as leaf qdisc;
this was pre-fq_codel) per subscriber ID and use tc filter to map the
list of IPs registered to that customer into the right bucket. The HTB
shaper was used to enforce the bandwidth each customer was paying for.

Did it work? Yup, mostly. Was it ugly? Oh boy, yes!


The fq_codel qdisc does have support for arbitrary tc filters to replace
the default hashing, BTW. If you don't need the cake shaper, that might
be a solution?

-Toke