1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I need some advice on setting up QoS on my home network.

Discussion in 'Tomato Firmware' started by Rocky Grim, Jul 2, 2013.

  1. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Hi guys,

    I have been messing with QoS now for quite a while in Tomato. I can't seam to come up with a configuration that works correctly for my home network. Could you guys give me some advice on what I could do differently? My network is as fallows.

    7.1mb/768kb Verizon DSL PPPOE
    Westell 6100g - Bridge Mode
    ASUS RT-N66U - Handles PPPOE Login
    Two wireless N laptops.
    One wired gaming PC.
    One android tablet.
    One Xbox 360.
    One Vizio Smart TV.

    I have been using the default Toastman rules and just adding to it the games I play etc. However, this causes a problem when I am trying to watch videos on the smart TV. The traffic from HULU Plus, Netflix, and VUDU end up getting throttled by the QoS. Then when I try to play a video I get really crappy quality video or video that doesn't even want to play sometimes. It seams like all the video from these apps gets pushed into P2P/Bulk. Anyone got any suggestions on what I can do about this problem? This is the main issue I have.

    On my gaming PC I recently started downloading stuff via Bittorrent. I know it can cause problems with QoS if not properly setup but I have had the above problems before I even started using it. I am pretty sure I read in Toastman's QoS guide not to prioritize ACK packets when using Bittorrent as it uses a lot of ACK's. Therefore, should I just keep using the default settings for Prioritize small packets with these control flags? SYN, FIN, and RST checked? I just want to make sure if I am downloading a torrent I don't completely destroy the whole networks ability to do anything at all.

    My internet connection is Verizon DSL. I use a Westell modem setup in bridge mode and then using my RT-N66U for the PPPOE login. I have a 7.1mb/768 dry loop connection. I have the DSL Overhead Value - ATM Encapsulation Type set to 40-PPPOE LLC/SNAP. However, I'm not real sure if it should be set to that setting or 16-RCF2684/RCF1483 Routed Bridge LLC/SNAP. If anyone knows if this is correct please let me know. I want to make sure it is right so that way it doesn't cause any problems with the QoS at all. This way too if I run into problem after this I can rule this out of the equation.

    Would this work to resolve my main problem on the Vizio smart TV? Could I set it up in the BW Limiter? My connection averages about 6.6mb download and .73 upload. To get the TV to play HD content could I give it a DL Rate of like 5120kb with a DLCeil of 6758kb and for ULRate 512kb with a ULCeil of 748kb? If my thinking is correct wouldn't this give the Vizio Smart TV dedicated bandwidth and when the other devices aren't in use allow it to run at the Ceiling rates maximizing the internet connection? If the other devices are in use would this allow them to use the difference between the DL Rate and DL Ceil and UL Rate and UL Ceil and be prioritized by QoS? If this will work what should I set the priority and TCP/UDP Limit too?

    Thanks,
    Rocky
     
  2. Elfew

    Elfew Addicted to LI Member

    I had problems with lag spikes when QoS was enabled. So I am using BW limiter with priority settings and everything is ok...

    QoS is not bad, but many problems with setting.
     
  3. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Don't combine QoS and BW limiter. Pick one, test, and adjust.

    If you don't care about latency on your other devices, and just care about video streaming on the TV, then BW limiter with reasonable minimum and maximum no more than 70% of your measured maximum throughput may give you what you want.

    If your video streaming apps are being classified at P2P/bulk, then torrents will wreak havoc. You may be able to get away with giving the P2P class a low minimum and a very high maximum, but you'd be better off trying to adjust/create rules to properly classify traffic. You could also create a QoS rule for the TV, adding it as a class and giving it unique bandwidth percentages.
     
  4. PGalati

    PGalati Network Guru Member

    Some have said that running QOS and BW Limiter at the same time is a bad thing. I am currently using Shibby with 2 VLANS and 1 of them is BW Limited and seems to be functioning as expected, so your mileage may vary. On a WRT54GS no less.

    Am I to assume that you are getting smooth playback with QOS turned off? Have you tried adding the MAC address of the smart TV to the classification page, classify it as something other than bulk, and move it to rule #1? Not familiar with the way vudu or Hulu buffers content, does it stream similar to netflix?

    This is what I did to hopefully guarantee smooth playback at all times. I have an Apple TV to watch Netflix with. I designated a specific class (media) to work with the Apple TV. I added the MAC address of the AppleTV to the QOS Classification page, chose media, and moved it to rule #1 initially. I then set the minimum download to 1% and the max download to 100% or 11Mb. I then would stream a movie from netflix. Everything played fine. I then started reducing the max percentage down until I started running into buffering issues. I added 5% back and made THAT my minimum for media. I then put the max to 60%. All has been great since. I have tried streaming a netflix movie while downloading large files from the web and streaming internet radio and resyncing an imap mailbox. The minimum for media stayed the course and netflix played without issue. Just make sure all of your minimums equal 100 or less.

    Does this help?
     
  5. Porter

    Porter LI Guru Member

    Netflix traffic should get matched by the httpvideo L7 filter. A few weeks back there was a guy who needed to match Netflix. After he telling him this he didn't come back. Keep in mind: this L7 filter has be higher up than anything http related.

    Please check for those L7-filters, too: rtp, rtmp, rtmpt.
    And the port filter with the ports: 554, 1935, 5004, 5005.

    I don't know what VUDU uses. You might want to google it.

    This is what I've found so far: http://sharkfest.wireshark.org/shar...e-Wireshark-to-Analyze-Video_Betty-DuBois.pdf

    In my oppinion, the standard settings should catch most of this traffic already. Especially since it's mostly transferred over HTTP and should, if not matched by the media rules, end up in the download (transfer) class and not P2P. I find it rather odd that you are saying it seemed to end up in P2P. Please try to find out where the traffic ends up exactly.

    What I've done is made P2P my lowest class and used a port filter, because I'm the only one torrenting here. My second lowest class is my default class. Doing this, you could distinguish your traffic a bit better.

    I didn't see any negative effects whether I disabled or enabled ACK prioritization. Just make sure to enable the other three.
     
  6. Elfew

    Elfew Addicted to LI Member

    I dont combine BW limiter and QoS. There is a BW limiter with priority settings in Victek b.

    I just set BW, priority (high, medium,low....) and it works.
     
  7. Rocky Grim

    Rocky Grim Networkin' Nut Member

    @ Porter - Can you give me more information on what you mean by setting up a port filter for torrenting? Do I just use the port that UTorrent is using for incoming connections which is port 11111, and set the very last P2P rule in Toastmans build for P2P to that port? As far as HULU, Netflix, and VUDU go I did check a little while back and saw that their connections were not getting classisfied as HTTP Video or RTP,RTMP, or RTMPT. With QoS off the videos stream just fine unless my son is trying to watch one of those services at the same time from his tablet. Then, I end up getting buffering and freezing problems. I would assume he gets the same but has not told me. He is only 10. I am hoping that once I get the QoS fixed properly it might resolve some of this buffering. I'm also not sure what you mean by "And the port filter with the ports: 554, 1935, 5004, 5005".

    Thanks for you replies everyone. I am sorry it took me a litter while to reply. I have been getting ready for the 4th.
     
  8. mvsgeek

    mvsgeek Addicted to LI Member

    @Porter.
    That was me. I implemented your recommendation, but didn't report back back because the user in question was a vacation visitor who took his netflix/apple-tv away with him, so I couldn't tell if the filter was working. Since then, I've seen the filter classifying YouTube correctly, but haven't seen any netflix/apple-tv users.

    Is there any way to log QoS rule usage for later analysis? I asked this some time ago on the QoS thread, but nobody responded. It would be nice to know which rules are actually being executed, and which are redundant. I think it would be useful in tuning QoS.
     
  9. Porter

    Porter LI Guru Member

    msvgeek:
    For the L7 filters it's
    Code:
     iptables -vL L7in
    (Most likely) Anything else:
    Code:
    iptables -t mangle -vL | less
     
  10. Porter

    Porter LI Guru Member

    Rocky:

    Make utorrent use a specific port. Make a new filter with TCP/UDP, both directions and the port number. Class: P2P. Put this filter somewhere up high. Especially before all the L7 filters.

    Hmm, it would be really unfortunate, if none of the L7 filters worked... So what you are describing implies that those media sites don't use port 80, but other ports that are not yet in the default config. Seems odd, actually. Then the only solution is to wireshark and see what's happening. If you want to, your could post some screenshots of Basic Settings and Classification. I would actually like to see your config.

    "And the port filter with the ports: 554, 1935, 5004, 5005":
    I just wanted to make sure that you have one filter activated which matches these ports, because those are some standard media ports.
     
  11. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Sorry for the late response. Unfortunately I couldn't reply sooner because I had a huge cherry tree fall on my house. We been getting a lot of rain here in PA and the tree uprooted itself. Anyways I have just checked and HULU Plus traffic is definitely getting prioritized as P2P Bulk. It is also using WWW and Unclassified. The device I am using for HULU Plus is 192.168.1.7 which is my Vizio TV. I have attached three screenshots to show you whats going on. All the rules are set to the default. All of the ports you mentioned are listed in Shibby's latest build. There is a L7 filter for RTMP (1935) already so I didn't add it. I also added a rule for uTorrent. I will report back with my findings for Netflix shortly.

    [​IMG]

    [​IMG]

    [​IMG]
     
  12. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Netflix is being classified as FileXfer, WWW, and Unclassified. Once again I have attached images of my findings. I am using the same device which is my Vizio TV with IP 192.168.1.7.

    [​IMG]

    [​IMG]

    [​IMG]
     
  13. Monk E. Boy

    Monk E. Boy Network Guru Member

    Netflix is being classified as FileXfer because once an http transfer exceeds a set amount (I think it's 1MB in Toastman's default rules, not sure in Shibby's) then the connection gets bumped down from WWW to FileXfer, which is a lower priority class.

    HULU is being classified as P2P/Bulk because the L7 filtering system is horribly out of date and doesn't catch a lot of traffic. By default Toastman's rulebase includes a port-based rule for 1935 traffic to classify it as Media. I'm not sure if Shibby stripped the port-based rules out or what, but port-based rules take up a fraction of the CPU time and have a fraction of the latency of L7 rules, so you should always rely on port based rules unless there's no way for them to work (e.g. Skype spews dozens, even hundreds, of P2P-like connections on completely random ports, so L7 is the only realistic way of classifying it - but the Skype L7 filters are so outdated they don't catch most Skype traffic).

    I treat L7 rules as a case of last resort and expect all the traffic I really care about to get caught by port-, packet-, and IP-based rules. L7 rules are placed at the BOTTOM of my list, and aren't mixed in with port-based rules. Again, this is because port-based rules are quick and get data moving along its way with a minimum of delay and CPU time.

    So for Hulu you should create a rule for Media traffic and add, at the minimum, port 1935 TCP/UDP to it (mine contains 554,1935,5004,5005), then move that rule far up your classification list.

    For Netflix create a static DHCP lease for your Visio TV so even if a tree falls and knocks out power for a week it'll still get the same IP address. Next create a rule stating that TCP traffic from that IP address to destination ports 80,443 get classified as Media. Third, move that rule up in your list, at the VERY least above rule 37.

    You may need to make adjustments to the Media class but let's start out by at least getting the traffic classified right.
     
    Marcel Tunks likes this.
  14. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Thanks for your reply. I will work on that now and let you know how we end up. I have also switched over to Toastman's build so we are working from the same build. Would it make life simpler to just dedicate a portion of my bandwidth to the Vizio TV's IP? Then setup QoS for the rest of the devices?
    Thanks again,
    Rocky
     
  15. Monk E. Boy

    Monk E. Boy Network Guru Member

    You could create two QoS rules, one for traffic heading to the Visio's IP, one for traffic coming from the Visio's IP, covering "Any" protocol, and then assign them to Media or another class. That's the simplest arrangement, because then everything, every last scrap of traffic to and from the Visio, will get assigned to that class. Most of the time for devices like this all you need to do is create a rule for traffic coming from the device and not to, but when I resort to these situations I try to be thorough so people will stop complaining.

    Note that you need static DHCP leases for all the affected devices you'll be creating these special-case rules for. MAC address stuff works for traffic from an address but not to an address, while IP works both ways. Hence the need for a static DHCP lease.

    Edit: Oh, and in case you're confused, rules are checked from the top down. So when a packet comes into the router, it checks each rule, in turn, from 1 to wherever to see if it matches. For these "anything" kind of rules you should move them up and put them before any other rules that might match traffic, or at least traffic you care about. For example, since Netflix uses port 80 & 443, you would need to put it before port the 80 & 443 rules.
     
  16. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Cool thanks for your help. I don't know why that didn't pop into my head lol. I felt like smacking myself that I didn't figure this out sooner lol. I see whats up now. Thanks for your help.
     
  17. Monk E. Boy

    Monk E. Boy Network Guru Member

    Tomato's QoS has some pretty severe limitations (because it's running on $50 hardware instead of $5000 hardware) but it all works pretty well once you understand it well enough to know how to futz with it. The trick is sticking with it long enough to learn it.

    Feel free to keep asking questions, we've certainly all have been there before...
     
  18. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Yeah, I been cramming my head full of everything I can get my hands on for about a year now. Always learning new things. I been using tomato for a while but for a long time I had cable internet which was fast enough for all the PC's to do their thing without the need for QoS. Now that I have multiple devices and just a 7mb/768 DSL connection the need for QoS is more apparent. Its the really complicated QoS rules that confuse me. Would you happen to have a suggestion for setting up a QoS rule for Battlefield 3 through Origin? I understand how to set Battlefield 3 up as if I had the physical disk. However, I have used a program called Origin (Similar to Steam) to purchase and play the game through. I would like to set up a rule for it for my device named "Gaming-PC" which uses 192.168.1.2. Thanks again for your help.
     
  19. Monk E. Boy

    Monk E. Boy Network Guru Member

    Oh! Before I forget. Your unclassified connections are multicasts. This is basically a one-to-many connection, meaning your device hooks into a stream that's being sent to many others (normally connections are dedicated, one-to-one, connections, while multicasts are one connection the server sends out that many devices can connect to). They're kind of interesting if you ever want to dig into them (some ex-coworkers created a company centered around multicasting video). Anyway, since you're on a NAT (behind a router) you may need a multicast "helper" for those connections to run optimally. Tomato includes such a feature under Advanced -> Firewall. You may need to enable IGMPproxy or Udpxy or both for efficient multicasting. On the other hand sometimes they get in the way, so this is primarily one more thing to try if you're still not happy with performance.
     
  20. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Nice, thats for telling me about that. I had never heard of it before. I take it this is why I see some connections over port 443 coming up as unclassified as well as a few others?
     
  21. Monk E. Boy

    Monk E. Boy Network Guru Member

    I believe Origin uses port 80 & 443 for Origin-related things, while games use whatever ports they want to use. They're kind of different things.

    You could certainly create the same kind of "any" rules for your gaming PC, but I actually view this stuff as a last resort when you've got a bit of an inscrutable box to deal with (I have a couple of these rules for my niece's system for when she visits so &*@#$&* Skype works without lagging). I have a couple gaming rules right below my service rules that includes all the ports used by all the games I play. The nice thing about using non-IP rules is that even if a game is running on a different system it still gets caught and classified properly.
     
  22. Monk E. Boy

    Monk E. Boy Network Guru Member

    Normally any and all connections to the router itself are unclassified. So, in a way, you can think multicast is being treated as a connection to the router.
     
  23. Rocky Grim

    Rocky Grim Networkin' Nut Member

    I wonder if the ports would stay the same as the regular disc version while playing over Origin? I never setup any rules for games through Steam or any other gaming services. I do have "Avoid displaying LAN to router connections" checked under debugging as I heard this will get rid of some of the things that come up as unclassified. I guess the ones that I am left with is from multicast? There is only a few of them. I am going to leave things as is and try to figure out this Battlefield 3 QoS situation and add it. Then, run the default QoS rules with the custom rules you suggested for a bit. If things still don't seam right or I notice alot of unclassified connections over ports that look important (lol) I will give the multicast tips a shot.
     
  24. Monk E. Boy

    Monk E. Boy Network Guru Member

    Bf3 Origin and Bf3 should use the same ports for multiplayer since, unless I'm really off base, all Bf3 PC players can play against each other.

    Steam had its own ports for a while but moved over to 80 & 443 in a big way a while ago, now even games like TF2 are using 80 & 443 for most connections, though games are obviously free to implement whatever ports they want to use.
     
  25. Rocky Grim

    Rocky Grim Networkin' Nut Member

    I guess I could always keep everything closed on my PC and fire up Origin and jump in a multi-player game and see what ports are being used. I'm about 99% sure your right though that it would use the same ports. I will shoot an e-mail to Origin if I notice something strange. Thanks again for your help. I greatly appreciate it. I will post back if I notice anything crazy lol.
     
  26. Monk E. Boy

    Monk E. Boy Network Guru Member

    Most of the time that's how I figure out what ports are in use, I just log into the router from another system and see what's being used by the system in question, then create/modify rules as needed. After a while though the customization tends to trail off and you're left with almost everything (except new stuff) configured.

    Sometimes you can head things off at the pass by Googling but Bf3 looks like it opens a lot of different connections:
    https://help.ea.com/article/online-ports-for-battlefield-3

    But who knows which of those are actually in use during a game that need to be classified higher. Usually things like chat lobbies, server browsers, etc. can live just fine in P2P/Bulk or Crawl.
     
  27. Porter

    Porter LI Guru Member

    Monk E. Boy:

    I get quite good results with the L7 filters nowadays. At least when it comes to media traffic. Skype is terrible, though. But then again, I'm not using any VoD-services.
    The question here is whether Hulu and the like do something differently. This can only be determined by wireshark captures.
     
  28. Monk E. Boy

    Monk E. Boy Network Guru Member

    I figure if the L7 filters fail to classify the traffic, that's evidence the L7 filters aren't classifying the traffic. Figuring out the reasons for why its not classifying the traffic require wireshark captures. The filters are out of date, they need to be updated or at least additional filters added to capture connections from sources they don't currently catch. It's not anything unusual, all L7 filters need to be updated as applications change, I'm surprised Tomato's filters work as well as they do after all this time.

    I didn't mean to knock the L7 system as a whole, aside from the importance of not going nuts with every L7 filter under the sun, it's a perfectly valid way of analyzing traffic. However I once setup a router with just L7 filters on a fairly slow connection, purely as a test, and even simple things http web browsing ended up with some connections not being classified. That's why I treat them as a method of last resort... if they work, great, but just don't depend on them working 100%.

    Hell, my last employer had a six figure firewall solution and even it, with 16 Xeon cores and constantly updated filters, occasionally hiccuped when using layer 7 analysis. Consumer class hardware with open source solutions can be forgiven, but ultimately if traffic isn't classified, then traffic isn't classified.
     
  29. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Is there a way to reset the classifications to their defaults without having to do a factory reset? I think I accidentally moved some of the rules around on accident while trying to move my custom rules up. For some reason when I put the new rules in place yesterday they didn't stay. I did click save but I don't know what happened to them. Under firewall I enabled IGMPproxy and Udpxy. What does the enable client statistics option do? I checked it as well but I can't tell what it did. I also switched the bandwidth ratios of Messenger and Media. I don't hardly use any messengers so I made the Messenger class have 5%-40% for both inbound and outbound and made Media have 5%-60% in both directions. This now gives me 37 - 455 kbit/s upload and 340 - 4080 kbit/s download for media.
     
  30. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

  31. Porter

    Porter LI Guru Member

  32. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Marcel Tunks likes this.
  33. cloneman

    cloneman Networkin' Nut Member

    Don't forget to enable the DSL overhead setting on the QoS page... 32 or 40 bytes worked for me.

    EDIT: Nevermind, you already did, reading fail on my part....

    Just set the Smart TV's mac ADDress as a higher priority traffic, and make sure this rule is at the very top. of your classification page, so it'll lock in before any of the L7 rules apply.
     
  34. Monk E. Boy

    Monk E. Boy Network Guru Member

    Did you miss the part where I said some web browsing was being missed by http? Skype? The youtube l7 filter was recently updated because it had stopped working. Heck, I'd love to see a decent l7 filter for https. How about teamspeak? That's been broken for a while too.

    The problem with l7 analysis is that as applications get updated their traffic often changes. If the l7 filters aren't kept up to date they stop working.

    Just as a test you can disable all non-l7 rules in QoS and see how long it takes before you have a problem. Set your default class to 1%/1% for outbound, so when its not caught by L7 you really notice it. Under these conditions it took our students under 5 minutes to hit the first website that had a problem. Within 15 a cacophony developed.
     
  35. Porter

    Porter LI Guru Member

    I'm sorry but where do the problems of some L7-filters have anything to do with Rocky Grim's problem to filter his _media_ traffic correctly? I was talking about all the media L7 media filters and suddenly you are talking about something off topic. That's just confusing!

    I don't know why you would need a filter either for http or https. And I think it's a very unrealistic experiment to not use port filters for both of them. I can't see how this is a big issue. It's a surprise to me that the http-filter doesn't work anymore because the pattern seemed to work really well when tested. HTTP certainly hasn't changed. If the filter really doesn't catch everything, changing it shouldn't be that difficult because it's easily analyzed with wireshark.

    If teamspeak hasn't changed too much, the pattern should be adjusted just as easily.

    For Skype it's a lot more difficult. If you look at the skypeout pattern, this is really difficult to understand. http://l7-filter.sourceforge.net/layer7-protocols/protocols/skypeout.pat

    So what I'm suggesting is: if you think a filter doesn't work correctly, why not improve it yourself?
     
  36. Monk E. Boy

    Monk E. Boy Network Guru Member

    His media traffic passes over port 80, 443, & 1935. He obviously lacked a port 1935 rule and was instead relying on the L7 RTMP filter. Which didn't classify his RTMP traffic. Which is why it was classified as P2P/Bulk.

    Adobe has been busy updating RTMP to insert DRM into the mix to prevent people from downloading content, even to the point of delivering DMCA notices to people who publish methods of capturing encrypted RTMP streams. This is undoubtedly is why the RTMP filter is broken.

    Because I'd rather depend on port & packet rules.

    When people expect L7 to work all the time and get mystified as to why its not working, that's when I start pointing out the L7 system doesn't work 100%. Into which you interjected yourself asserting that the L7 system wasn't broken, didn't need updating, and required packet capturing and analysis to determine whether it was or wasn't working.
     
  37. Porter

    Porter LI Guru Member

    Monk E. Boy:

    So far, Rocky Grim hasn't reported back.

    He never put up screenshots of his Classification page so I couldn't tell what the exact problem was. People are playing around with QoS too much to just rely on their word. That's just how it is.

    Your explanation concerning port 1935 and the DRM issue sounds reasonable, though. But that probably means that Shibby's build might not have this filter...


    Rocky Grim:

    Could you please report back, when you find the time?
     
  38. Monk E. Boy

    Monk E. Boy Network Guru Member

    If he implemented the pair of "anything" rules (any traffic to or from an ip address), and moved them above the rules that were classifying his traffic, then it's got to work... though obviously he may need to reorder his classes a bit for it to work well. More than likely Toastman's default rules, which includes a port 1935 rule, will probably work... though depending on his setup he may need to adjust his Media rule a little, possibly adding more bandwidth to its minimum, possibly moving it further up the class list.

    It's certainly been quiet since he moved over to Toastman's firmware and reset the rules to default.
     
  39. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Oh sorry I didn't know you guys wanted me to report back. I haven't played with anything in my QoS rules at all except what I was told to. One thing I have noticed is I am getting a weird instance under view details of my QoS. I don't even have my Xbox 360 plugged into the internet and it is reporting that it is transferring information. It shows this under view details for my QoS.

    TCP 192.168.1.3 57280 17.172.232.52 5223 Unclassified
    0​
    178​
     
  40. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Here is a screenshot of what I am talking about. The Xbox 360 which is on this IP is not even plugged into the internet right now.

    Also, here is my QoS rules I am using. I have erased the NVRAM and reset to factory defaults and started over today. Everything seams to be working fine now. I just can't figure out what is being used over my Xbox 360's IP address when its not plugged in.

    Classification Rules
    Match Rule Class Description #
    TCP/UDP
    Dst Port: 53
    Transferred: 0 - 10KB
    Service DNS 1
    TCP/UDP
    Dst Port: 37
    Transferred: 0 - 10KB
    Service Time 2
    UDP
    Dst Port: 123
    Transferred: 0 - 10KB
    Service NTP 3
    TCP/UDP
    Dst Port: 3455
    Transferred: 0 - 10KB
    Service RSVP 4
    TCP
    Dst Port: 80,443,8080
    Transferred: 0 - 512KB
    WWW HTTP, HTTPS, HTTP Proxy 5
    TCP/UDP
    Dst Port: 9
    Transferred: 0 - 50KB
    WWW SCTP, Discard 6
    TCP/UDP
    Port: 135,2101,2103,2105
    WWW RPC (Microsoft) 7
    UDP
    Dst Port: 3544
    Disabled Teredo Tunnel 8
    TCP
    Port: 22,2222
    Remote SSH 9
    TCP
    Dst Port: 23,992
    Remote Telnet 10
    TCP
    Src Port: 80,5938,8080,2222
    Remote Remote Access 11
    TCP/UDP
    Port: 3389
    Remote Remote Assistance 12
    From 00:6B:9E:17:43:BD
    TCP/UDP
    Media Vizio TV 13
    TCP/UDP
    Port: 6970-7170,8554
    Media Quicktime/RealAudio 14
    TCP/UDP
    Dst Port: 1220,7070
    Media Quicktime/RealAudio 15
    TCP/UDP
    Port: 554,5004,5005
    Media RTP, RTSP 16
    TCP/UDP
    Port: 1755
    Media MMS (Microsoft) 17
    TCP/UDP
    Dst Port: 3478,3479,5060-5063
    VOIP/Game SIP, Sipgate Stun Services 18
    From XX:XX:XX:XX:XX:XX
    UDP
    Dst Port: 3659
    VOIP/Game Battlefield 3 PC 19
    TCP/UDP
    Src Port: 53,88,3074
    VOIP/Game Xbox Live 20
    TCP
    Dst Port: 1718-1720
    VOIP/Game H323 21
    TCP/UDP
    Dst Port: 11031,11235-11335,11999,2300-2400,6073,28800-29100,47624
    VOIP/Game Various Games 22
    TCP/UDP
    Dst Port: 1493,1502,1503,1542,1863,1963,3389,5061,5190-5193,7001
    Messenger MSGR1 - Windows Live 23
    TCP/UDP
    Dst Port: 1071-1074,1455,1638,1644,5000-5010,5050,5100,5101,5150,8000-8002
    Messenger MSGR2 - Yahoo 24
    TCP/UDP
    Dst Port: 194,1720,1730-1732,5220-5223,5298,6660-6669,22555
    Messenger MSGR3 - Additional 25
    TCP/UDP
    Dst Port: 19294-19310
    Messenger Google+ & Voice 26
    TCP
    Dst Port: 6005,6006
    Messenger Camfrog 27
    From XX:XX:XX:XX:XX:XX
    TCP/UDP
    Dst Port: 55993
    P2P/Bulk uTorrent 28
    TCP/UDP
    Port: 6571,6891-6901
    Messenger WLM File/Webcam 29
    TCP/UDP
    L7: skypetoskype
    VOIP/Game Skype to Skype 30
    TCP/UDP
    L7: skypeout
    Disabled Skype Phone (deprecated) 31
    TCP/UDP
    L7: youtube-2012
    Media YouTube 2012 (Youtube) 32
    TCP/UDP
    L7: flash
    Media Flash Video (Youtube) 33
    TCP/UDP
    L7: httpvideo
    Media HTTP Video (Youtube) 34
    TCP/UDP
    L7: rtp
    Media RTP 35
    TCP/UDP
    L7: rtmp
    Media RTMP 36
    TCP/UDP
    L7: rtmpt
    Media RTMPT (RTMP over HTTP) 37
    TCP/UDP
    L7: shoutcast
    Media Shoutcast 38
    TCP/UDP
    L7: irc
    Messenger IRC 39
    TCP
    Dst Port: 80,443,8080
    Transferred: 512KB+
    FileXfer HTTP, SSL File Transfers 40
    TCP
    Dst Port: 20,21,989,990
    FileXfer FTP 41
    TCP
    Dst Port: 119,563
    FileXfer NNTP News & Downloads 42
    TCP
    Dst Port: 25,587,465,2525
    Mail SMTP, Submission Mail 43
    TCP
    Dst Port: 110,995
    Mail POP3 Mail 44
    TCP
    Dst Port: 143,220,585,993
    Mail IMAP Mail 45
    UDP
    Dst Port: 1-65535
    Crawl P2P (uTP, UDP) 46
     

    Attached Files:

  41. Monk E. Boy

    Monk E. Boy Network Guru Member

    Do you have a static DHCP lease set for the XBox? So that only the XBox can get 192.168.1.3?

    17.172.232.52 is an Apple IP address, and port 5223 is Apple's push email service. The two in combination are typically used by iPads, iPhones, iPods, etc. for low-power email access. It's possible an OSX 10.8 system could use the same functionality, I just have limited experience with 10.8...

    Under Status -> Device List it should tell you what 192.168.1.3 is, and I'm going to bet if you click on OUI it'll tell you it's an Apple device.
     
  42. Rocky Grim

    Rocky Grim Networkin' Nut Member

    192.168.1.3 is my Xbox 360. WOW now there is a BUNCH of different connections with that IP. I double checked and it is definitely the MAC and IP for my XBOX 360 and it is not even on.
     
  43. Porter

    Porter LI Guru Member

    Why rule #5 (webtraffic) up there? That's a big mistake, because as I just checked the L7 media filters on port 80 won't work any more. Everything is being classified as a simple download.

    Did you change this or is this the default setting?
     
  44. Rocky Grim

    Rocky Grim Networkin' Nut Member


    I noticed that as well. Not sure how it got up there. Must of been an accident. I reset NVRAM and then reset factory defaults just to make sure there was nothing goofy going on. I then put in all the QoS rules we discussed above. I did make a slight modification though. Instead of creating two rules to and from my Vizio TV for Netflix and HULU I just made a rule using its MAC and allowed it to use any protocol. This way it should prioritize ALL traffic regardless of anything. I double, tripple, and quadruple checked all the MAC address and IPs under static DHCP and everything is correct and my XBOX 360's IP is definitely 192.168.1.3 and for some reason I am getting traffic to it without it plugged in. I have even tried flashing back to Shibby's build to see if I have that happening as well in his build and I do. I keep getting all these connections under view details under QoS with my XBOX 360's IP of 192.168.1.3. They are all unclassified connected and it is not just LAN traffic. I have avoid showing LAN traffic disabled so it definitely is NOT LAN traffic. Anyone have any clue why this is happening? I have attacked a screen shot so you guys can check it out for yourselves.

    View attachment 2126 View attachment 2127 View attachment 2127
     

    Attached Files:

  45. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Also, here is my QoS rules and static DHCP so you guys can verify that I do have everything setup properly. Here are my QoS rules. Please make sure they are correct. The only other thing I have messed with was the amount of bandwidth allocated for "Messenger" and "Media". I switched them. I do not use hardly any messengers at all neither does the other devices. Messenger had a higher amount of allocated bandwidth so I gave that bandwidth to Media and gave the Media bandwidth to Messenger. The reason I did this was because there was not enough bandwidth being allocated by default for Media. I had to make a second post because it said I went over 15,000 characters.
    Outbound Direction
    Match Rule Class Description #
    TCP/UDP
    Dst Port: 53
    Transferred: 0 - 10KB
    Service DNS 1
    TCP/UDP
    Dst Port: 37
    Transferred: 0 - 10KB
    Service Time 2
    UDP
    Dst Port: 123
    Transferred: 0 - 10KB
    Service NTP 3
    TCP/UDP
    Dst Port: 3455
    Transferred: 0 - 10KB
    Service RSVP 4
    TCP/UDP
    Dst Port: 9
    Transferred: 0 - 50KB
    WWW SCTP, Discard 5
    TCP/UDP
    Port: 135,2101,2103,2105
    WWW RPC (Microsoft) 6
    UDP
    Dst Port: 3544
    Disabled Teredo Tunnel 7
    TCP
    Port: 22,2222
    Remote SSH 8
    TCP
    Dst Port: 23,992
    Remote Telnet 9
    TCP
    Src Port: 80,5938,8080,2222
    Remote Remote Access 10
    TCP/UDP
    Port: 3389
    Remote Remote Assistance 11
    TCP/UDP
    Port: 6970-7170,8554
    Media Quicktime/RealAudio 12
    TCP/UDP
    Dst Port: 1220,7070
    Media Quicktime/RealAudio 13
    TCP/UDP
    Port: 554,5004,5005
    Media RTP, RTSP 14
    TCP/UDP
    Port: 1755
    Media MMS (Microsoft) 15
    From 00:6B:9E:17:43:BD Media Vizio 16
    TCP/UDP
    Dst Port: 3478,3479,5060-5063
    VOIP/Game SIP, Sipgate Stun Services 17
    From BC:5F:F4:4A:55:19
    UDP
    Dst Port: 3659
    VOIP/Game Battlefield 3 18
    TCP/UDP
    Src Port: 53,88,3074
    VOIP/Game Xbox Live 19
    TCP
    Dst Port: 1718-1720
    VOIP/Game H323 20
    TCP/UDP
    Dst Port: 11031,11235-11335,11999,2300-2400,6073,28800-29100,47624
    VOIP/Game Various Games 21
    TCP/UDP
    Dst Port: 1493,1502,1503,1542,1863,1963,3389,5061,5190-5193,7001
    Messenger MSGR1 - Windows Live 22
    TCP/UDP
    Dst Port: 1071-1074,1455,1638,1644,5000-5010,5050,5100,5101,5150,8000-8002
    Messenger MSGR2 - Yahoo 23
    TCP/UDP
    Dst Port: 194,1720,1730-1732,5220-5223,5298,6660-6669,22555
    Messenger MSGR3 - Additional 24
    TCP/UDP
    Dst Port: 19294-19310
    Messenger Google+ & Voice 25
    TCP
    Dst Port: 6005,6006
    Messenger Camfrog 26
    TCP/UDP
    Port: 6571,6891-6901
    Messenger WLM File/Webcam 27
    From BC:5F:F4:4A:55:19
    TCP/UDP
    Dst Port: 55993
    P2P/Bulk uTorrent 28
    TCP/UDP
    L7: skypetoskype
    VOIP/Game Skype to Skype 29
    TCP/UDP
    L7: skypeout
    Disabled Skype Phone (deprecated) 30
    TCP/UDP
    L7: youtube-2012
    Media YouTube 2012 (Youtube) 31
    TCP/UDP
    L7: flash
    Media Flash Video (Youtube) 32
    TCP/UDP
    L7: httpvideo
    Media HTTP Video (Youtube) 33
    TCP/UDP
    L7: rtp
    Media RTP 34
    TCP/UDP
    L7: rtmp
    Media RTMP 35
    TCP/UDP
    L7: rtmpt
    Media RTMPT (RTMP over HTTP) 36
    TCP/UDP
    L7: shoutcast
    Media Shoutcast 37
    TCP/UDP
    L7: irc
    Messenger IRC 38
    TCP
    Dst Port: 80,443,8080
    Transferred: 0 - 512KB
    WWW HTTP, HTTPS, HTTP Proxy 39
    TCP
    Dst Port: 80,443,8080
    Transferred: 512KB+
    FileXfer HTTP, SSL File Transfers 40
    TCP
    Dst Port: 20,21,989,990
    FileXfer FTP 41
    TCP
    Dst Port: 119,563
    FileXfer NNTP News & Downloads 42
    TCP
    Dst Port: 25,587,465,2525
    Mail SMTP, Submission Mail 43
    TCP
    Dst Port: 110,995
    Mail POP3 Mail 44
    TCP
    Dst Port: 143,220,585,993
    Mail IMAP Mail 45
    UDP
    Dst Port: 1-65535
    Crawl P2P (uTP, UDP) 46

     
  46. Porter

    Porter LI Guru Member

    If you did configure your DHCP server correctly, you probably won't have to rely on MAC addresses.I would even recommend that you use IP addresses instead.

    The connections shown in the screenshots are not two sided. Those could be irrelevant connections then. They didn't use a lot of traffic, too. If you don't see these connections getting a lot more traffic and traffic in both directions, I wouldn't worry about them.

    This looks wrong:

    Where is the rule number and the Class? It's just really difficult to read.

    Screenshots of your classification page would be better, even if they are not perfect.
     
  47. Rocky Grim

    Rocky Grim Networkin' Nut Member


    The reason I chose to use MAC Address's was because for example for the Vizio TV I would of had to create two rules for it. One with DST IP and one with SRC IP to get all the traffic from the Vizio TV where with the MAC address it should get all the traffic classified in one rule. I went ahead and fixed the rules again using IP's please have another looks and let me know if everything is right now. The copy and paste method did not show everything properly.
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      447.8 KB
      Views:
      37
    • 2.jpg
      2.jpg
      File size:
      412.9 KB
      Views:
      40
  48. Porter

    Porter LI Guru Member

    Thank you! Looks alright so far!
     
  49. Rocky Grim

    Rocky Grim Networkin' Nut Member


    Cool thank you for your help. I greatly appreciate it. I will give this a whirl then and see how everything goes. I am hoping the the Battlefield 3 QoS rule is correct because I tried launching Battlefield 3 before creating the rule and my guy wouldn't move or anything from the lag. When I would parachute in the the landing zone I would just float there and never hit the ground. I believe they call this "rubber banding" in the Battlefield 3 world. I will be trying it here shortly with the rule I have created to see if any difference has been made.
     
  50. Porter

    Porter LI Guru Member

  51. Rocky Grim

    Rocky Grim Networkin' Nut Member


    I was reading around about Battlefield 3 and found a post that said port 3659 UDP was the port that all the games traffic goes through. They said that is the port that needed prioritized.
     
  52. Porter

    Porter LI Guru Member

    There are a lot of so called "experts" out there. See for yourself whether bf3 uses this port on your machine and see how your QoS classifies it.

    You can use the ressource monitor in windows 7 to check for ports used by a program.
     
  53. Monk E. Boy

    Monk E. Boy Network Guru Member

    The problem with creating MAC address rules is they only correspond with traffic FROM a device, not TO a device. In other words, you have created the equivalent of an IP address rule for traffic from the device, but have no rule for traffic being sent to the device.

    For a TV or other set-top device you're unlikely to see the latter but anything is possible in a closed-source inscrutable box world.
     
  54. Rocky Grim

    Rocky Grim Networkin' Nut Member

    I just double checked things and realized I gave the Vizio rules the wrong IP. It should be 192.168.1.7. Therefore, I changed both rules to that IP. Then, I gave the Xbox Live rule the IP of my Xbox 360 which is 192.168.1.3. Then for the Battlefield 3 rule I made it SRC IP 192.168.1.2 and port 3659 UDP. I will check to make sure this is right. Finally, I have a SRC IP rule for 192.168.1.2 and port 55933 for uTorrent. I think everything is correct now.

    @ Porter - I am using Windows 8 x64 with Bitdefender Internet Security 2014. Will the Windows 8 resource monitor still show what ports are in use if I am not using the Windows Firewall? I have never used the resource monitor before.

    PS. Should the rules for XBOX Live, Battlefield 3, and uTorrent be SRC IP or DST IP?
     
  55. Porter

    Porter LI Guru Member

    The ressource monitor has nothing to do with the firewall. It will show the used ports anyway.

    It's not always neccessary to enter an IP. Just say "any address" and use "dst and src" port and enter the port number. Most of the time I would even recommend you use "TCP/UDP".
     
  56. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Here is what I saw in resource monitor with the game running. I don't know what ports I am suppose to use. Its surely not as many ports as it says on the EA webpage. I don't know if I use the local ports or the remote ports or both?
     

    Attached Files:

    • BF3.jpg
      BF3.jpg
      File size:
      396.1 KB
      Views:
      25
  57. Porter

    Porter LI Guru Member

    I don't know why you are making such a big fuzz about this. Just add all the ports that are listed on EA's website (you can do this with just one filter), except for port 80 and 443, and be done with it. Just don't specify src or dst, if unsure. Just say both.
     
  58. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Wow, I am not making a fuss about anything. I did exactly what you told me to do. You said to look in the resource monitor and I did! If no one teaches people how to make rules and understand what rules they should add from the resource monitor don't you think that is going to cause them to ask question? Pardon me for wanting to learn how to properly create rules for my router and how to learn how to use the resource monitor to see what ports are actually being used. I have noticed there has been a lot of rudeness when people ask questions around here sometimes. It makes people new to using these types of firmware not even want to post questions. I don't understand why people even take the time to post if it annoys them to do so. I just got one word "WOW".
     
  59. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Rocky, a lot of people rely on Porter for QoS advice. I think he might have gotten frustrated because the thread itself became a bit drawn out and repetitive and, given his knowledge of the system, the solution (in retrospect) seems relatively simple:
    - reset QoS to default
    - find out what ports are used by the target application
    - make rule for that application

    It's the advice given by both Porter and Monk E. Boy.

    I agree about rudeness sometimes popping up in forums. Porter's not a frequent offender. We're all people with lives outside Tomato, trying to help where we can. This forum is far less hostile than many you will find.
     
  60. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Marcel, I understand what Porter told me to do. However, he left out critical pieces of information. He told me what ports to use but did not state how to set the rules up exactly. When Monkey told me what to do he told me exactly what needed to be done. I understood what he told me and the issue with my Vizio TV was resolved in a few quick posts. I asked specific questions that I am confused about which still have not been answered. Basically what I am left with after this very long post is half of what I need to know. Its like drawing a diagram of a house and leaving half of the diagram out for the carpenter to figure out on his own. I like setting up rules for specific devices. A lot of the programs I am setting up are only used by my PC and not others. Therefore, by setting a rule for my specific IP I don't have to later worry about traffic being prioritized on other PC that isn't suppose to be. This is why I asked very specifically. Should I create SRC IP or DST IP rules for a specific device? Its lazy and unprofessional to open up more ports than you actually need just for the sake of simplifying things. I am trying to learn how to do things the RIGHT way that way I learn how to do it the RIGHT way. Simple as that. If I learn half ass whats the point of learning at all? I am trying to learn because unlike other people who take the information and run and keep to themselves, I actually but time back into the community by passing the information I have learned onto other people who are like me and need the help. I was told how to see what ports are in use by programs using the resource monitor. Which I appreciated because I didn't know about that. However, when I specifically asked "Hey what ports are the ones I need to use local ports or remote?" I was told that I am "making a big fuss". That's not right. Tell me how to do it! That's what I want. Tell me how to do it the right way that way when I run across a program that's ports are not listed on the internet I don't have to come back here and ask a thousand questions and get half answers like I did this time. Its that simple.
     
  61. Monk E. Boy

    Monk E. Boy Network Guru Member

    Actually the more complicated you make each rule, the more work the router has to do to inspect each packet, and therefore the worse your performance will get. Similarly, the more rules you have the more work it has to do, worst case, to match packets (I'm specifically thinking of packets that don't match any defined rules and fall into the default category).

    You're not opening up ports here, you're just having the router inspect each and every packet flowing through the router and using the criteria you specify to figure out how much priority to give each and every packet. Creating rules so that that traffic to/from BF3 ports gets prioritized based on the ports its using is more efficient than creating the exact same port rules but limiting them to just match your PC's IP address.

    The ports you need to prioritize are listed in EA's technote, you really don't have to dig around in resource monitor to find them.
    https://help.ea.com/article/online-ports-for-battlefield-3

    The reality of the matter is that nobody is going to tell you exactly how to configure QoS for your particular setup. You're going to have to learn what your setup is and customize QoS to meet your needs. My needs aren't necessarily your needs and vice versa, hence nobody can, or even should, dictate to you exactly how things are to be done. We can help you get to where you need to be but there is learning & effort involved.

    As a general rule you should have your service rules up top, followed by the most time-sensitive and critical rules you've got. VOIP, gaming, video conferencing, etc. are very time sensitive.

    Personally, I've been putting out fires the past few weeks from numerous unscheduled power outages/events (not literal fires, but in terms of equipment lost due to what amounts to power company incompetence it may as well have been), as well as dealing with the outages/events, so it's not like this thread has been my focus nor can it even be a priority...
     
  62. Rocky Grim

    Rocky Grim Networkin' Nut Member

    See what some people aren't understanding is basically everything you just said is what I am trying to do. I don't want no one to hold my hand and tell me word for word how to setup MY QoS rules. I am trying to learn how to do this MYSELF. How I am trying to do that is by asking questions and for example find out what determines if you use SRC IP or DST IP? Before asking all the questions I asked her I did very through forum searching to try to find the answers myself. Therefore, it isn't like I'm being lazy and going hey guys this is my setup give me all my QoS rules. I was trying to get help with setting up a few programs and then I could see how those few programs got setup and hopefully that will show me what I need to do in the future. I am a visual learner. I searched for QoS examples and looked tried to look up other peoples QoS rules to see how they where setting up IP based QoS rules. To see if they were using DST IP or SRC IP. Guess what? I found no one had a single rule created like that on this forum. There was no examples for me to go by. Thats why I asked for help. As a matter a fact pretty much all the QoS examples I found where people who were completely tearing apart all the QoS rules and messing everything up! Those are the people who are trying to get their hands held! Also, I read the QoS guide about 3.3 million times. It is good for very basic 1+1 = 2 kind of stuff. When it comes to setting up advanced stuff, good luck with that.
     
  63. cloneman

    cloneman Networkin' Nut Member

    If you want to create a setup for several use cases / types of traffic, I recommend you delete all the predefined rules and experiment. you're going to have a hell of a time isolating issues and figuring out the subtleties of QoS with all the default rules in there.

    My biggest point of contention with Tomato QoS is that the guides go into too much detail, are old and outdated since the new QoS modifications for inbound QoS. It's next to impossible to figure out how it really works without settting up a very small number of rules experimenting quite a bit (think 3-4 sessions of 3-4 hours each, to take a step back and try something else.). It's excellent once you figure out how it works. That wasn't always the case though, it was pretty half-assed before the introduction of inbound QoS and DSL overhead compensation.

    I generally use Visualware VoIP testing as a benchmark to see if my rules actually work. I create "what happens if this is using a lot of bandwith, does VoIP still work" scenarios, and move from there.

    My quick&dirty configuration is to create a class that prioritizes all UDP traffic above the default class, but with maximums set to 70% or less. This way, we allow UDP things like gaming and skype to always win over default traffic, but never using 100%.

    This isn't perfect (especially if you enable UDP torrenting), but provides a nearly zero configuration prioritization for gaming and voip that works well in most scenarios, and in the worst case scenario, no traffic is hopelessly crushed.
     
  64. Porter

    Porter LI Guru Member

    Rocky Grim:
    I was wrong telling you to use the resource monitor, because the crucial information was indeed already available von EA’s website. In my mind the resource monitor never was the primary source of information, which I didn’t tell you. This led you the wrong way and I'm sorry about that. When resolving a problem it’s always best to start with the simplest probable solution to the problem and work up from there to the most complex one. I should have insisted that you just add the ports on EA’s website and “be done with it”. Using the resource monitor would have been the third or an even latter step. So I really couldn’t understand why you would make this overly complicated. Especially since many ports on EA’s port list weren’t in your filter and adding those could have been the easiest solution to the problem. That’s why I said: don’t trust these so called experts, trust the website first.

    Also, I didn’t foresee that the resource monitor couldn’t help you because you don’t seem to understand how TCP or UDP work. This can’t be a topic in this thread because this is basic knowledge available on the web and I would suggest you read up on it because doing QoS is really difficult if you don’t understand how applications send traffic and how this traffic traverses through networks.

    Tomato gives you a lot of help when figuring out where your traffic goes just by using the GUI, especially if your IPs are sticky anyway. There are also a lot of examples on the Classification page where you can see how to make these filters. One of these examples is a filter with the description “Various games”. While I have no idea which games are being matched, that’s how you get an idea how to filter BF3. Actually, games are the same as any other program like your browser or messenger. You could run into problems when you host games, but I'm not entirely sure how big of a problem that really is. If unsure, just don't specify if you mean src or dst port and you should be fine. Personally I think the "Various games" rule should be disabled by default and name the games, but that’s another story…

    So to sum this up: there was a misunderstanding and I’m sorry about that.


    Cloneman:
    I really don’t recommend deleting all the default rules. You will miss a lot of traffic and especially for people like Rocky Grim it will become very difficult to make new filters, because they don’t even have examples to guide them.

    I do have to admit though, that the guide is too long and detailed and that it is outdated. Toastman already has a lot at his hands and I haven’t come around and deliver a short one myself. Well, it’s our hobby and nothing more.
     
  65. Toastman

    Toastman Super Moderator Staff Member Member

    Problem is that the QOS Thread was a discussion thread and illustration of QOS, not intended to be a cure-all for everyone. I'm involved in several other projects and as Porter said, somewhat busy. Nevertheless, even though the majority of that thread discusses the qos system prior to the inclusion of the new ingress system, it's relatively easy to apply similar reasoning to the ingress as was used in the egress, but considering the greater incoming bandwidth.

    One thing that might help is making a new thread with most of the "discussion" removed and that would make it more readable, and easier to add newer stuff. I may try to find time to do something about that. I've started by copying the more important stuff to a new thread... I'll start editing it soon. To actually write a shortened guide isn't so easy, because it won't actually help many people get to understand the reasoning behind the use of QOS.

    In general, the "source port" is on the local machine and the "destination port" is on the remote server.
     
  66. Monk E. Boy

    Monk E. Boy Network Guru Member

    As far as I've seen, the only time the "source port" is the remote system and the "destination port" is your system is when you have port forwards in place. In those cases it's useful to use "Src or Dst" port to keep traffic classified by a single rule.

    A connection source is the system that's requesting the information from the connection destination. Unless you have port forwards in place, the connection source will always be your local system's IP and the destination will be the internet system.

    As long as QoS is enabled, "Unclassified" connections are always connections that are made to your router. Connections your router makes to other systems (e.g. DNS) are not considered unclassified. As a result, if you see a connection listed as unclassified - and you haven't been running with QoS disabled - that means the connection ends at the router itself.

    You can always use the "Drop Idle" button under Advanced -> Conntrack/Netfilter to make the router drop connections that aren't in use, which will often make quirky connections disappear. These are sometimes a nefarious little schlub on the internet attempting to attack systems behind your router, but sometimes it's just as simple as your WAN port being DHCP (or PPPoE) and the IP address has changed on it - all the traffic the previous owner had directed at that IP will be flooding at you instead.

    As pointed out earlier, multicast connections are treated as connections to your router. This is likely because you'll find it very difficult to receive multicast streams without the router using helper modules that act as a man-in-the-middle for multicast connections. The helper modules in Tomato are "IGMPproxy" and "Udpxy" and are configurable under Advanced -> Firewall.

    Edit: Oh, and the reason why it's important to note that QoS hasn't been turned off is because when you turn QoS off, all connections become unclassified. Even if you then turn QoS back on those unclassified connections stay unclassified until they time out, which can be a very, very long time if you're actually using the connection.
     
  67. cloneman

    cloneman Networkin' Nut Member

    I like my QoS guide, summarized into one screenshot :p. But of course I'm (highly) biased.

    Porter: I never understood the allure of having many rules and classes. Most people only care about certain things... prioritizing a few types of traffic and suppressing a few other types. When in doubt, I throw it in the default pile. I don't really care about micromanaging every single protocol or application, I just want games/voip to work during file transfer stress.

    I suppose the 40-rules that come by default would be somewhat useful in the Apartment complex use case, where we try to ensure all low-bandwidth applications that are sensitive to jitter that exist in the whole world are given a boost versus file sharing hogs. I personally like to manually classify the 4-5 applications that are important to me and my family, and I'm pretty much done.
     
  68. Toastman

    Toastman Super Moderator Staff Member Member

    Agreed. If you are a standalone user or have control over other machines on your LAN you probably have no need to try to cover every scenario. However, I do see many people quickly find that they come across other instances where they have to add rules, and their rules list quickly expands.... so the example rules do help.
     
  69. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Thanks for all your replies guys. I greatly appreciate you all taking the time to help me out. I am still having some problems though. The biggest problem I am having is with my Vizio Smart TV. I have setup a QoS rule for both incoming and outgoing data to the Vizio TV's IP which is 192.168.1.7. I have assigned it to media and also changed the amount of bandwidth the media class can use on the inbound side to 60%. This allows the class 322 - 3870 kbit/s. Even after doing this I am still having problems with very choppy playback. I have even tried setting the bandwidth in the HULU Plus app to as low as 650kb but it still does it. HULU Plus also gives me error messages telling me to check my internet connection error (FL4). Can you guys please look over my QoS settings and tell me if you see anything else I could try? I have been experimenting with different builds and trying different things with my QoS rules. Still I cannot find a solution to the problem. I have added some screenshots of my rules and settings. Thanks for your help.

    QoS Basic Settings 1.jpg QoS Basic Settings 2.jpg Classifications-1.jpg Classifications-2.jpg
     
  70. cloneman

    cloneman Networkin' Nut Member

    How much bandwith does your iptv want to use? does it work with QoS off and no other traffic?
     
  71. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Give the TV a higher download maximum, and a higher minimum if it's not introducing too much latency to your other devices. You may consider making the max value close to your bandwidth ceiling. Keep the outgoing minimum low.

    Turn down the max values on other stuff to make playback smoother.

    Ensure the wire to the TV is in good condition. Don't use wireless for streaming video.

    Last, most importantly, turn your outgoing ceiling down. 720 is very close to the maximum throughput you mentioned in your first post. Make it closer to 66% of your max upload initially, then repeatedly increase it while streaming video or making large downloads and pinging a nearby site. Stop increasing your upload limit when pings start to rise. If that's inconvenient, then just make it 66-75% of your max upload until everything else is fixed.

    Edit:
    I shouldn't say don't use wireless as a blanket statemtnt. It often creates problems like the ones you describe, but there are ways to make it work...
     
  72. Porter

    Porter LI Guru Member

    3870 kbit/s does seem a bit low for HD streams. Most often you need 4000+ kbit/s.

    1. You are using the ATM-patch, so 720 should be fine. You might be able to get a bit more than 6450 kbit, but leaving it there is fine. Higher values are for finetuning.

    2. Increase inbound and outbound maxima of your Media class to 100%. You can decrease the 100% if you run into problems but this should give you a lot less stuttering. You just don't have a lot of wiggle room with your bandwidth.

    3. Do you actually see the traffic from your TV in the bandwidth pie charts? Does it end up in Media?
     
  73. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    @Porter:
    I'm sure you're right. I didn't know if the overhead was set properly.
     
  74. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Porter, Thanks for your reply. I appreciate it. My TV shows for HD streaming via HULU Plus it is 3.2MB/s. I had eve forced it to steam at 650kb/s for SD with my old settings and was still getting the stuttering issue. HULU Plus was also spitting out error messages telling me to check my connection.

    I have adjusted the inbound and outbound of the Media class as you suggested to 100%. I just fired up a video and it seams to be playing fine. However, they normally play fine for about 10m to 15m, and then start acting up like crazy even after restarting the video. I am going to try this for a little while as you suggested then see if I can bring it down if there is problems with anything else on the network. The TV is showing up as Media in the pie charts so all is good there. I will post back if there are anymore issues.

    Another thing that seams weird is my TV has a speed test. It using DNS servers and NTP servers to determine speed. It always says my speeds are way slower than my actual connection or if I had QoS on it will spit out a speed way lower than I have allocated. Like right now set to 100% I am only seeing about 4500kb/s on the speed test. I think the test is just really generic but I'm not sure though.

    Thanks again,
    Rocky
     
  75. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Hmm for some reason Marcel and Clonemans responses just showed up for me. I am reading them now.

    The actual speeds I am seeing through www.speedtest.net is pretty consistently 6.63Mb/.73Mb. I took my download speed and multiplied it by 1024 then subtracted 5% to get my current figures. When I noticed the videos where doing this I thought maybe I had them set too high so I subtracted 5%.
     
  76. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    The other issue with some TVs, e.g. some Samsung models is the video streaming apps on the devices producing similar behavior - working fine for a while then getting choppy. TV firmware update or app update (depending on the TV) may fix the issue.
     
  77. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Thanks for the reply Marcel. I been working with Vizio and HULU as well. That was one of the first things I tried was uninstalling and reinstalling the app on the TV. I have the latest version of the app but its still doing it. As far as the firmware I believe it is auto rolled by Vizio. I haven't been able to find a firmware download online yet. The model number of the TV is E420D-A0 if anyone finds anything. The current firmware version on the TV is 3.18.3.1175.
     
  78. cloneman

    cloneman Networkin' Nut Member

    I'm still confused as to the cause of your issue. QoS will only help you during congestion/fighting for bandwith. If your app is flakey even with QoS off, and no other activity, QoS will absolutely not help.

    Not sure if I'm just stating the obvious...
     
  79. Rocky Grim

    Rocky Grim Networkin' Nut Member

    Cloneman you are correct. I already knew this. The problem is definitely due to devices fighting over bandwidth and the QoS just needs to be fine tuned. The TV seams to work fine when it is the only device on the network. As soon as I start adding other computers it goes to hell. It is worse when QoS is off with other computers using the connection at the same time as it should be. Therefore, this is definitely just an issue with working out the kinks in the QoS settings.
     

Share This Page