[Cerowrt-devel] fq_pie for linux
Dave Taht
dave.taht at gmail.com
Tue Dec 11 13:38:48 EST 2018
On Tue, Dec 11, 2018 at 10:37 AM Dave Taht <dave.taht at gmail.com> wrote:
>
> On Tue, Dec 11, 2018 at 10:32 AM Aaron Wood <woody77 at gmail.com> wrote:
> >
> > On Wed, Dec 5, 2018 at 11:51 PM Toke Høiland-Jørgensen <toke at toke.dk> wrote:
> >>
> >> Dave Taht <dave.taht at gmail.com> writes:
> >>
> >> > https://github.com/gautamramk/FQ-PIE-for-Linux-Kernel/issues/2
> >>
> >> With all the variants of fq+AQM, maybe decoupling the FQ part and the
> >> AQM part would be worthwhile, instead of reimplementing it for each
> >> variant...
> >
> >
> > That's a great idea, Toke. There are a lot of places where I think it could work well, especially if it took a pluggable hash function for the hashing (at which point it's very general-purpose, and works on all sorts of different kinds of packets and workloads). That would let it be used for userspace VPN links (as an example), or within QUIC (or similar), where the kernel can't see the embedded flows that are hidden by the TLS encryption.
I really would like us to have reference userspace versions. Also, in
userspace, sse based hashing as in spookyhash or city hash might be
faster than jenkins.
> >
> > And having it pluggable in the kernel would also allow IPSec to work without bloat (last I checked it was horribly bufferbloated, but that was ~5 years ago).
>
> ipsec terminating on the router was made to work beautifully with
> fq_codel with this commit, below.
>
> Before:
>
> http://www.taht.net/~d/ipsec_fq_codel/oldqos.png
>
> After:
>
> http://www.taht.net/~d/ipsec_fq_codel/newqos.png
>
> It's why we keep hoping to do the same thing to wireguard.
>
> commit 264b87fa617e758966108db48db220571ff3d60e
> Author: Andrew Collins <acollins at cradlepoint.com>
> Date: Wed Jan 18 14:04:28 2017 -0700
>
> fq_codel: Avoid regenerating skb flow hash unless necessary
>
> The fq_codel qdisc currently always regenerates the skb flow hash.
> This wastes some cycles and prevents flow seperation in cases where
> the traffic has been encrypted and can no longer be understood by the
> flow dissector.
>
> Change it to use the prexisting flow hash if one exists, and only
> regenerate if necessary.
>
>
>
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
More information about the Cerowrt-devel
mailing list