Apply 15Mbps global ratelimit

Author: jlu5

ROUTING-POLICY.md

@@ -27,7 +27,7 @@ These are defined in `get_region_tag` of [`custom_filters.conf.j2`](roles/config
 
 ## BGP Communities
 
-The [standard dn42 BGP Communities](https://dn42.net/howto/Bird-communities) for max. inter-AS link latency, bandwidth, and encryption are supported. All of my nodes so far are marked as >= 100 Mbps bandwidth, as capacity varies and I cannot guarantee anything higher.
+The [standard dn42 BGP Communities](https://dn42.net/howto/Bird-communities) for max. inter-AS link latency, bandwidth, and encryption are supported. All of my nodes so far are marked as >= 10 Mbps bandwidth, as capacity varies and I cannot guarantee anything higher.
 
 ### Large communities
 

global-config/general.yml

@@ -6,6 +6,12 @@ ownnets4:
 ownnets6:
 - fd86:bad:11b7::/48
 
+# Default ratelimit (Mbps) for outgoing traffic on dn42 interfaces
+dn42_ratelimit: 15
+# ref: https://unix.stackexchange.com/a/100797
+# burst size should be >= rate / kernel HZ, in units of bytes. This uses 2x that for a bit more room
+dn42_ratelimit_tc_args: "root tbf rate {{ dn42_ratelimit }}mbit latency 10ms burst {{ (dn42_ratelimit / 250 * 2 * 125000) | int }}"
+
 # Dummy device names for IGP and Anycast services
 # To simplify IGP configuration in Bird this assumes that all dummy interface names follow a pattern
 # Note: forwarding rules are managed separately in roles/config-iptables/

hosts.yml

@@ -310,7 +310,6 @@ dn42routers:
           dn42_regions: [52]
           location: "Tokyo, JP"
           wg_pubkey: "iJXjwJGGrUTQy/P3OXmZ5lM4cjrDAd9K+vonZVUZjxY="
-          wg_ratelimit: 200  # Mbps
           link_local_ip6: "fe80::124"
           link_local_ip4: "169.254.108.124"
           igp_upstreams:
@@ -335,7 +334,6 @@ dn42routers:
           dn42_regions: [51]
           location: "Singapore, SG"
           wg_pubkey: "X3m9VMzZYN4Oe2QUb7DcnmVymwKSLbPUCB5ElD8igjo="
-          wg_ratelimit: 120  # Mbps
           link_local_ip6: "fe80::1080:39"
           link_local_ip4: "169.254.108.39"
           igp_upstreams:
@@ -388,7 +386,6 @@ dn42routers:
           dn42_regions: [52]
           location: "Hong Kong, HK"
           wg_pubkey: "eedTHubyl5caiHH50GkknQa8SQtAF8q7aqmL26w5qSs="
-          wg_ratelimit: 100  # Mbps
           link_local_ip6: "fe80::1080:38"
           link_local_ip4: "169.254.108.38"
           peerfinder_uuid: !vault |

roles/config-bird2/config/community_filters.conf

@@ -44,7 +44,7 @@ int dn42_crypto;
     dn42_bandwidth = update_bandwidth(link_bandwidth) - 20;
     dn42_crypto = update_crypto(link_crypto) - 30;
     # TODO: abstract this out into a config variable
-    if dn42_bandwidth > 4 then dn42_bandwidth = 4;
+    if dn42_bandwidth > 3 then dn42_bandwidth = 3;
     return true;
 }
 

roles/config-wireguard/templates/dn42_interface.conf.j2

@@ -39,10 +39,7 @@ iface {{ ifname }} inet static
 {% endfor %}
 {# Disable Martian filtering for local addresses, as we may be forwarding responses for anycast services from another node #}
     post-up sysctl -w net.ipv4.conf.{{ ifname }}.accept_local=1
-{% set limit_mbit = peer_info.get('wg_ratelimit', wg_ratelimit|default(0)) | int %}
-{% if limit_mbit and not peer_info.get('is_internal_node') %}
-{# ref: https://unix.stackexchange.com/a/100797 #}
-{# burst size should be >= rate / kernel HZ, in units of bytes. This uses 2x that for a bit more room #}
-    post-up tc qdisc add dev {{ ifname }} root tbf rate {{ limit_mbit }}mbit latency 10ms burst {{ (limit_mbit / 250 * 2 * 125000) | int }}
+{% if dn42_ratelimit and ifname.startswith('dn42') %}
+    post-up tc qdisc add dev {{ ifname }} {{ dn42_ratelimit_tc_args }}
 {% endif %}
     post-down ip link del {{ ifname }}