Last active
January 27, 2023 04:51
-
-
Save Emantor/9ba805b2098f71977be80a10fb122bea to your computer and use it in GitHub Desktop.
PPPoE Ingress handling via IFB device for NixOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Setup an ifb to handle ingress traffic via an egress qdisc | |
| systemd.network = { | |
| netdevs = { | |
| "ifb4ppp0" = { | |
| netdevConfig = { | |
| Kind = "ifb"; | |
| Name = "ifb4ppp0"; | |
| }; | |
| }; | |
| }; | |
| networks = { | |
| "ifb4ppp0" = { | |
| name = "ifb4ppp0"; | |
| extraConfig = '' | |
| [CAKE] | |
| OverheadBytes = 65 | |
| Bandwidth = 90M | |
| FlowIsolationMode = triple | |
| ''; | |
| }; | |
| }; | |
| # Setup an ip-up script which will add the qdisc and ingress filter. $1 is the interface name | |
| environment.etc."ppp/ip-up" = { | |
| mode = "755"; | |
| text = with lib; '' | |
| #!/usr/bin/env sh | |
| ${getBin pkgs.iproute2}/bin/tc qdisc del dev $1 ingress | |
| ${getBin pkgs.iproute2}/bin/tc qdisc add dev $1 handle ffff: ingress | |
| ${getBin pkgs.iproute2}/bin/tc filter add dev $1 parent ffff: matchall action mirred egress redirect dev ifb4ppp0 | |
| ''; | |
| }; | |
| # checks can be done by using: | |
| # sudo tc filter show dev $ppp-interface ingress | |
| # sudo tc qdisc show dev $ifb-interface | |
| # The first should show a redirect to the ifb, the second a CAKE configured qdisc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OpenWRT recommends 85-95% off your bandwidth as the bandwidth limit, see https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm