[Cake] Cake on elements of a bridge

Pete Heist pete at heistp.net
Thu Sep 6 13:37:37 EDT 2018


I happen to also be working on a bridge setup, but it’s different. For one, I used fq_codel on a transparent bridge for a couple years in production and it worked well, so I trust it also would for cake.

But now, my neighbor will access the Internet through my CPE device, but they must have a separate IP obtained through DHCP (i.e. a separate MAC address as well), and I want to use cake to manage the queue for both of us. I could do this with two routers and a transparent bridge, but I want to see if I can make it work with as few devices as possible, preferably just one EdgeRouter-X. I had two failures thus far:

Fail #1: Do routing for the neighbors on their NS5AC Loco, and use the ER-X’s internal switch to bridge the neighbor’s and my WAN interfaces to the CPE. Doing cake on switch0 results in my WAN traffic going through the qdisc, but unsurprisingly, the neighbor’s traffic passes through the switch without going through the qdisc layer.

Fail #2: Use the ER-X’s pseudo-ethernet functionality to add a second virtual Ethernet interface to the ER-X’s WAN interface. I could use IFB if I got two WAN interfaces working on the same box. This looks promising and I can pick up two DHCP addresses on one physical interface, but the ER-X doesn’t handle the routing situation where two interfaces have the same default router IP. (Using policy-based routing, what does it do when next-hop is the same for two different LAN subnets?)

There will be a solution here, I just haven’t found it yet. I’m now thinking of a setup with a smart switch / VLANs and a transparent bridge through two physical interfaces of the ER-X (which only has 5 ports total), but I’ll figure it out… :)

> On Sep 4, 2018, at 2:01 PM, Georgios Amanakis <gamanakis at gmail.com> wrote:
> 
> Awesome, thanks to both of you! 
> I am aware of the uselessness of nat (in terms of cake) in this setup. It's good to know what Sebastian pointed out. I ran it for a couple of hours and it seems to be working fine. I am going to finalize the setup and will get back to you.
> 
> Georgios
> 
> On 4 Sep 2018 1:31 pm, "Toke Høiland-Jørgensen" <toke at toke.dk <mailto:toke at toke.dk>> wrote:
> Georgios Amanakis <gamanakis at gmail.com <mailto:gamanakis at gmail.com>> writes:
> 
> > Dear All,
> >
> > I was giving a transparent firewall a try, and wondered whether cake
> > can be applied on the interfaces of a bridge. I want to put an extra
> > router in-line between clients and the ISP-modem-router. It will have
> > two interfaces (eth0 facing wan, eth1 facing lan), bridged together as
> > br0.
> >
> > Can I fearlessly apply cake on eth0 and eth1? Would this be compatible
> > with features like ingress, ack-filter or even nat?
> 
> Well, you wouldn't get much benefit from the nat feature, as the machine
> running CAKE would not be the one doing the nat'ing. But other than
> that, it should work fine :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cake/attachments/20180906/b03ddd74/attachment-0001.html>


More information about the Cake mailing list