[Cake] flow isolation for ISPs
John Sager
john at sager.me.uk
Fri Apr 7 06:56:13 EDT 2017
On 07/04/17 09:28, Jonathan Morton wrote:
>> It looks like the mark could be obtained from the ‘mark' field of the sk_buff struct, but I don’t know the validity of the field in various cases. For example, I don’t think I can set the mark on ingress before it reaches a qdisc on an IFB device.
>
> It has been suggested, in the context of using the “mark” for Diffserv purposes, that Linux’ conntrack facility could preserve the mark between directions of flow. Cake can already query conntrack for NAT awareness.
>
That's how I use marks, though for guaranteeing bandwidth to classes rather
than fairness per se - it prevents big file downloads killing video
streaming. See this fraction from my setup script:
# add ingress qdisc
$TC qdisc add dev $IFACE handle ffff: ingress
# set pkt mark from connmark & send all traffic to ifb interface
$TC filter add dev $IFACE parent ffff: protocol ip u32 match u32 0 0 \
action connmark action mirred egress redirect dev $IFB
Marks are set up by iptables rules on egress and copied to conntrack.
The qdiscs on egress and ifb are htb+fq_codel.
John
More information about the Cake
mailing list