> On Oct 12, 2016, at 10:11 , ching lu <lschin...@gmail.com> wrote:
> For egress, setting DSCP field should work.
> iptables -> wan egress -> cake
> But is it possible to set DSCP to 0x0 after cake's classification? i
> do not know how ISP handle non-zero DSCP, there seems to be no
> standard for this.

        Interestingly cake, at some point in the past offered exactly that 
functionality, but it got removed due to added complexity with very little 
practical applicability (and a potential layering violation, but one could 
equally argue that the current layering is partly sub-optimal/wrong and hence 
violating it to better reflect reality might be acceptable). But current cake 
does not offer this. If you are willing to daisy-chain two routers, you could 
run cake on the respective egress interfaces connecting both routers, and do 
the DSCP cleaning on the outer router’s egress interface toward the internet…

> For ingress, DSCP field may not be set by network peer at all, and i
> have multiple LAN interfaces
> AFAIK, the order is "wan ingress -> ifb egress -> cake -> iptables"
> The trick of setting DSCP by iptables do not work because cake comes first

        Hence Jonathan’s recommendation to make sure that cake follows 
iptables, by setting it up on egress interfaces only…

Best Regards

> On Wed, Oct 12, 2016 at 3:26 PM, Jonathan Morton <chromati...@gmail.com> 
> wrote:
>>> On 12 Oct, 2016, at 08:52, ching lu <lschin...@gmail.com> wrote:
>>> I deprioritize bittorrent traffic by marking related connections in
>>> iptables (e.g. detect by port number) and route them to corresponding
>>> HTB class and qdisc.
>>> How can i archive the same goal using the cake qdisc?
>> Modify your iptables rules to set the DSCP rather than a kernel-internal 
>> mark.  You probably want "-j DSCP —set-dscp-class CS1”, as CS1 is the “bulk 
>> low priority” code.  Cake’s default Diffserv mode will pick that up 
>> appropriately.
>> You also need to make sure Cake sees your packets *after* they’ve been 
>> through the firewall, which generally means attaching it to the egress port 
>> in each direction, not the ingress port.  You’ve probably already done this, 
>> if you’re happy with your HTB setup.
>> If you have multiple LAN interfaces (eg, both Ethernet and wifi), you should 
>> loop the inbound traffic through a common IFB device (and attach Cake to 
>> that instead of the physical interfaces) to simplify configuration.
>> - Jonathan Morton
> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake

Cake mailing list

Reply via email to