This is indeed looking most elegant @hnyman, especially given my limited knowledge:
And so in the spirit of this theme, I've left 4 layer_cake to do what it does best on my WAN interface, but I've also installed simple.qos on each of my br interfaces. Layer_cake is taking care of normal DSCP stuff, while simple.qos enforces hard-limits on specific VLAN's and on specially tagged packets. For instance I could clearly use the "Experimental" aka "Local Use" ToS codes (xxxxxx11) along with a slightly hacked simple.qos to implement bandwidth strangling caps based upon stateful usage parameters, analogously to the website link in my previous post.
The thing that's fuzzing me out is what specific technique to use for assigning ToS codes to packets coming from the LAN's into the router, and where best to assign the codes. Are there other options besides standard mangling? It seems that I really will need to bridge each of my br interfaces to a veth pair, just to have some place to do the tagging and QoS at exactly the VLAN level. A veth would also allow me to install simple.qos onto the wan-facing member veth1 and thereby the input and output would be the "right way around", which I presume may have some benefits versus how the cake code is written with regard to asymetries in wan bandwidth and default options for nat dual-dsthost diffserv4 dscp-squash etc. Being better aligned with how the SQM and cake code is written will reduce risk of breakage when new versions of these opkg are released.
$ veth.ko & kmod-veth
$ opkg install kmod-veth
$ sudo modprobe veth
$ lsmod | grep veth
$ ip link add ve-lf type veth peer name ve-wf #...,,,...,,,...,,,...,,,...,,,...,,, PEBKAC! DOES NOT WORK
$ ip link add type veth #...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,...,,,... WORKS FINE
Anyone know where I can find the CORRECT man page for this thing?
On the topic of which DSCP tags to massage unto packets prior to ingest by cake:layer_cake, the readings seem to indicate these these 4 be used so that ineroperability with external software and equipment will be maximized:
. Expedited Forwarding (46)
. CS3 (24)
. Best Effort CS0 (0)
. Scavenger CS1 (8)
It seems to me that CS0 is the same as untagged, so I wonder why bother to tag those packets in the first place?
And for outright bandwidth throttling via cake:simple.qos based upon stateful parameters I'd use the Local Use ToS values:
. ToS 10000011 = gentle restraint
. ToS 01000011 = choke hold
. ToS 00100011 = strangle hold
. Best Effort CS0 (0) = unrestricted
. All others = unrestricted
The idea being that bona-fide DSCP processing will take place one hop downstream, at the WAN interface.
Although the cascaded approach is very piece-meal, I'd like to propose that it's easy to understand, and easy to cobble together without having to spend weeks learning all the nitty gritty of IP Tables and the entire tc subsystem. It also leaves the layer_cake code alone and unmodified, so I don't have to regurgitate my hacks every time the good cake folks come up with a new improved opkg for it, seeing that it's under heavy development.
My #!/bin/sh uci router config script is already at 1000 lines, so the less super-tweaking I have to do to finish this gremlin the better. Rubber bands and glue are gReAt so long as it works and is maintainable ;o) Having simple.qos cascaded with layer_cake makes my router into a simpleton robot serial paquet killer zomby! It could become a popular hack ^^