[Cake] customizing Cake's isolation with ipsets, tc-flow and eBPF
Pete Heist
pete at heistp.net
Sun Jun 6 06:11:54 EDT 2021
I've always wanted a way to customize Cake's host and flow isolation in
a way that would be usable e.g. for small ISPs, and this is what I came
up with:
https://github.com/heistp/cake-custom-isolation
ipsets are used to set the skb priority or mark, then tc-flow or a
simple eBPF classifier is used in a child filter of cake to get the
major and minor class IDs set, which override the host and flow hashes.
To show it in action, the cakeiso.sh script sets up a netns environment
and runs competition between two "subscribers" and three flows, two TCP
flows and one unresponsive UDP flow. Several configurations are run to
show what is and isn't possible.
If anyone knows of a simpler way than eBPF to get both the major and
minor class ID set from ipsets, I'd like to hear it, but the included
classifiers are at least very simple one-liners...
Pete
More information about the Cake
mailing list