| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Mar 2020 21:53:27 -0600 From: Philip Prindeville <philipp_subx@...fish-solutions.com> To: netdev@...r.kernel.org Subject: Fwd: tc question about ingress bandwidth splitting Had originally posted this to LARTC but realized that “netdev” is probably the better forum. Was hoping someone familiar with the nuts and bolts of tc and scheduler minutiae could help me come up with a configuration to use as a starting point, then I could tweak it, gather some numbers, make graphs etc, and write a LARTC or LWN article around the findings. I’d be trying to do shaping in both directions. Sure, egress shaping is trivial and obviously works. But I was also thinking about ingress shaping on the last hop, i.e. as traffic flows into the last-hop CPE router, and limiting/delaying it so that the entire end-to-end path is appropriately perceived by the sender, since the effective bandwidth of a [non-multipath] route is the min bandwidth of all individual hops, right? So that min could be experienced at the final hop before the receiver as delay injected between packets to shape the bitrate. How far off-base am I? And what would some tc scripting look like to measure my thesis? > Begin forwarded message: > > From: Philip Prindeville <philipp_subx@...fish-solutions.com> > Subject: tc question about ingress bandwidth splitting > Date: March 22, 2020 at 3:56:46 PM MDT > To: lartc@...r.kernel.org > > Hi all, > > I asked around on IRC but no one seems to know the answer, so I thought I’d go to the source… > > I have a SoHo router with two physical subnets, which we’ll call “production” (eth0) and “guest” (eth1), and the egress interface “wan” (eth5). > > The uplink is G.PON 50/10 mbps. I’d like to cap the usage on “guest” to 10/2 mbps. Any unused bandwidth from “guest” goes to “production”. > > I thought about marking the traffic coming in off “wan" (the public interface). Then using HTB to have a 50 mbps cap at the root, and allocating 10mb/s to the child “guest”. The other sibling would be “production”, and he gets the remaining traffic. > > Upstream would be the reverse, marking ingress traffic from “guest” with a separate tag. Allocating upstream root on “wan” with 10 mbps, and the child “guest” getting 2 mbps. The remainder goes to the sibling “production”. > > Should be straightforward enough, right? (Well, forwarding is more straightforward than traffic terminating on the router itself, I guess… bonus points for getting that right, too.) > > I’m hoping that the limiting will work adequately so that the end-to-end path has adequate congestion avoidance happening, and that upstream doesn’t overrun the receiver and cause a lot of packets to be dropped on the last hop (work case of wasted bandwidth). Not sure if I need special accommodations for bursting or if that would just delay the “settling” of congestion avoidance into steady-state. > > Also not sure if ECN is worth marking at this point. Congestion control is supposed to work better than congestion avoidance, right? > > Anyone know what the steps would look like to accomplish the above? > > A bunch of people responded, “yeah, I’ve been wanting to do that too…” when I brought up my question, so if I get a good solution I’ll submit a FAQ entry. > > Thanks, > > -Philip >
Powered by blists - more mailing lists