How to archive "cake follows iptables"? is it "wan ingress -> iptables
-> wifi egress/LAN egress -> ifb egress -> cake"?


On Wed, Oct 12, 2016 at 5:10 PM, moeller0 <moell...@gmx.de> wrote:
> Hi,
>
>
>> On Oct 12, 2016, at 10:11 , ching lu <lschin...@gmail.com> wrote:
>>
>> For egress, setting DSCP field should work.
>>
>> iptables -> wan egress -> cake
>>
>> But is it possible to set DSCP to 0x0 after cake's classification? i
>> do not know how ISP handle non-zero DSCP, there seems to be no
>> standard for this.
>
>         Interestingly cake, at some point in the past offered exactly that 
> functionality, but it got removed due to added complexity with very little 
> practical applicability (and a potential layering violation, but one could 
> equally argue that the current layering is partly sub-optimal/wrong and hence 
> violating it to better reflect reality might be acceptable). But current cake 
> does not offer this. If you are willing to daisy-chain two routers, you could 
> run cake on the respective egress interfaces connecting both routers, and do 
> the DSCP cleaning on the outer router’s egress interface toward the internet…
>
>>
>>
>> For ingress, DSCP field may not be set by network peer at all, and i
>> have multiple LAN interfaces
>>
>> AFAIK, the order is "wan ingress -> ifb egress -> cake -> iptables"
>>
>> The trick of setting DSCP by iptables do not work because cake comes first
>
>         Hence Jonathan’s recommendation to make sure that cake follows 
> iptables, by setting it up on egress interfaces only…
>
> Best Regards
>         Sebastian
>
>>
>> On Wed, Oct 12, 2016 at 3:26 PM, Jonathan Morton <chromati...@gmail.com> 
>> wrote:
>>>
>>>> On 12 Oct, 2016, at 08:52, ching lu <lschin...@gmail.com> wrote:
>>>>
>>>> I deprioritize bittorrent traffic by marking related connections in
>>>> iptables (e.g. detect by port number) and route them to corresponding
>>>> HTB class and qdisc.
>>>>
>>>> How can i archive the same goal using the cake qdisc?
>>>
>>> Modify your iptables rules to set the DSCP rather than a kernel-internal 
>>> mark.  You probably want "-j DSCP —set-dscp-class CS1”, as CS1 is the “bulk 
>>> low priority” code.  Cake’s default Diffserv mode will pick that up 
>>> appropriately.
>>>
>>> You also need to make sure Cake sees your packets *after* they’ve been 
>>> through the firewall, which generally means attaching it to the egress port 
>>> in each direction, not the ingress port.  You’ve probably already done 
>>> this, if you’re happy with your HTB setup.
>>>
>>> If you have multiple LAN interfaces (eg, both Ethernet and wifi), you 
>>> should loop the inbound traffic through a common IFB device (and attach 
>>> Cake to that instead of the physical interfaces) to simplify configuration.
>>>
>>> - Jonathan Morton
>>>
>> _______________________________________________
>> Cake mailing list
>> Cake@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cake
>
_______________________________________________
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Reply via email to