[Cake] Fwd: Does the latest cake support "tc filter"?
Toke Høiland-Jørgensen
toke at toke.dk
Wed May 30 16:47:57 EDT 2018
Dave Taht <dave.taht at gmail.com> writes:
> On Wed, May 30, 2018 at 1:30 PM, Toke Høiland-Jørgensen <toke at toke.dk> wrote:
>> Dave Taht <dave.taht at gmail.com> writes:
>>
>>> I am very interested in collecting use cases and howtos as to how to
>>> use this feature.
>>
>> Well, with tc-bpf you can write a BPF program to do any processing you
>> like, and select diffserv tin and/or flow queue based on that... :)
>
> I guess "why", is also a good pre-requisite.
'Why not' is surely a better one ;)
Off the top of my head, putting things into queues based on some other
parameter than what cake knows. For instance, an ISP could create a BPF
map with the IP addresses of their customers and use that to give each
their own queue. Or, longer term, we could extend Cake to have a
configurable number of *tins*, and the same mechanism could be used to
give each customer a whole set of queues, in a single instance
> My own thought for bpf was that it could be used to more actively
> identify "bad guys" as a front
> end to cake, dropping packets and never hitting it - but then I
> realized that that would muck with the inbound shaper mode, yet again.
If you want to drop packets really fast (DDOS protection, for instance),
you'd want to do it in the ethernet driver using XDP. That can
cheerfully throw away packets at 40 Gbps line rates with minimum-sized
floods. If you're trying to protect yourself against a DDOS, an inbound
shaper is presumably not going to help you anyway, since DDOS attacks
generally don't use congestion control...
-Toke
More information about the Cake
mailing list