1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question about incoming QoS

Discussion in 'Tomato Firmware' started by Darius510, Sep 27, 2013.

  1. Darius510

    Darius510 Reformed Router Member

    Say I have two classes, one for HTTP downloads at 40% limit, and one for P2P, also at 40% limit.

    If I have both a web download and P2P going at full blast, will each be able to take 40% of the incoming bandwidth, for a total of 80%? Or will they both share the 40%, and effectively only take up 20% incoming bandwidth each?

    If they're both in the same class, I'd expect they'd share the 40%, but can't find solid info about limits and multiple classes.
     
  2. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Each class has its own minimum alotted when active and its own upper limit. Each would get 40% in that scenario.
     
  3. Darius510

    Darius510 Reformed Router Member

    K, that's what I figured. Another question...

    Toastman recommends the best practice for controlling download speed is by actually limiting the upload speed. So if I limit the outgoing bandwidth in a class to 1%, it limits the incoming bandwidth to roughly 15-20%...that part works great.

    Now I have a rule to capture large HTTP downloads, by watching ports 80,43, and 8080. Transfers below 512KB stay in the medium class for web surfing, but transfers over 512KB go into the lowest class. Lowest class is limited to 3% outgoing, so I get roughly 60% back incoming...that part works fine as well. But when I need to make a legitimate upload, the same rule still applies, and my max upload is now limited to 2%, which is obviously a problem.

    So how do I separate that out? How to limit downloads the "correct" way, while retaining the ability to upload at a reasonable speed?
     
  4. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    The Tomato QoS has a good ingress system for TCP traffic. It's safe to increase your upload limit if you have set a download limit.
     
  5. Porter

    Porter LI Guru Member

    Darius510:
    The information about controlling your downstream with you upstream is outdated. The QoS-system is rather capable nowadays. Please flash a recent Toastman firmware, enable QoS, put in your measured uptream and downstream values minus a reasonable safety margin (depends, 10 - 30 %, but you'll need to experiment).

    Don't limit you upstream so much. You have far better control over your upstream than over your donstream. If you are really concerned, limit your lowest class to 60%, but I think you could go up to 80% or even more.

    I will repeat myself: just use the defaults on the Classification page.

    Don't forget to wipe your NVRAM after a new flash.
     
    Marcel Tunks likes this.
  6. Darius510

    Darius510 Reformed Router Member

    Yeah, unfortunately I can't flash a toastman build, because it doesn't have the performance to QoS a 110/35 connection. The only firmware I've found that's capable of it on any router is victek's "speedtest" version, and from the looks of it, it's using the outdated version of QoS. So until the CPUs in routers catch up with high speed connections to the point where I can run more full featured QoS, I'm kind of stuck doing it the hard way.

    Regardless, setting the downlink limit still works by dropping packets and forcing TCP to slow down.
     
  7. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Last edited: Sep 27, 2013
  8. Darius510

    Darius510 Reformed Router Member

    I doubt it...can't change class labels, don't have the "no ingress qos for UDP" option, there's a download limit but no minimum rate. It's pretty stripped down, but it's the only thing that works for my connection.
     
  9. Porter

    Porter LI Guru Member

    Darius510:
    Then you are using the old defective QoS-system. It's faster because it doesn't work right.

    With a connection like yours, is it absolutely neccessary that QoS works? If you know who is torrenting on your network and you can talk to them and they probably will isten to you, this is a far better option than to enable QoS simply because it's nice to have. Just my thought.

    If you need some type of control over your network you have several options:

    1. Get a real computer as a router. There are probably small Linux distros who have some kind of QoS GUI, too.

    2. Buy a professional router which has the power to deal with your connection.

    3. Upgrading to a more powerful SOHO router only makes sense, if there were routers available which can actually deal with your connection. As far as I've heard there aren't.

    4. A bit more complex and will go into detail now:

    If you don't need very good control over your connection and just want to prevent huge queues that kill interactivity, use some kind of the following script. This needs to be configured. You can also prioritze traffic, by uncommenting some lines. With a script like this you can also match on ports. This script doesn't use iptables to match, but tc. This is much faster, but less capable in some areas.

    Code:
    ## Cleanup
    # Delete qdiscs
    tc qdisc del dev imq0 root 2>/dev/null
    tc qdisc del dev imq1 root 2>/dev/null
    tc qdisc del dev ppp0 root 2>/dev/null
    tc qdisc del ppp0 ingress 2>/dev/null
    tc qdisc del dev eth0 root 2>/dev/null
    tc qdisc del dev eth1 root 2>/dev/null
    tc qdisc del dev br0 root 2>/dev/null
    tc qdisc del dev vlan0 root 2>/dev/null
    tc qdisc del dev vlan1 root 2>/dev/null
    tc qdisc del dev vlan2 root 2>/dev/null
    
    
    # Delete Chains
    iptables -t mangle -D PREROUTING -i vlan2 -j IMQ --todev 0 2>/dev/null
    iptables -t mangle -D POSTROUTING -o vlan2 -j IMQ --todev 1 2>/dev/null
    
    
    ## Start
    # Load modules
    modprobe imq
    modprobe ipt_IMQ
    
    # Incoming
    ip link set imq0 up
    
    # Outgoing
    ip link set imq1 up
    
    ## Load iptables rules:
    iptables -t mangle -I PREROUTING -i vlan2 -j IMQ --todev 0
    iptables -t mangle -I POSTROUTING -o vlan2 -j IMQ --todev 1
    
    #Parameters
    UPLINK=800
    DOWNLINK=2000
    
    ##UPLINK
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq0 root handle 1: htb default 20
    
    # shape everything at $UPLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq0 parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
    #  burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic,
    # and a lower priority:
    
    tc class add dev imq0 parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
      burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
    
    ##DOWNLINK
    
    # install root HTB, point default traffic to 1:20:
    
    tc qdisc add dev imq1 root handle 1: htb default 20
    
    # shape everything at $DOWNLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    
    tc class add dev imq1 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit burst 6k
    
    ## high prio class 1:10:
    #
    #tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${DOWNLINK}kbit \
    #  burst 6k prio 1
    
    # bulk & default class 1:20 - gets slightly less traffic,
    # and a lower priority:
    
    tc class add dev imq1 parent 1:1 classid 1:20 htb rate $[9*$DOWNLINK/10]kbit \
      burst 6k prio 2
    
    # both get Stochastic Fairness:
    #tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10

    5. Use a Tomato firmware with functioning QoS (i.e. Toastman). Disable all the layer 7 filters. Do this, if you know what you are doing: disable all the filters that you don't think you will need.
    Decrease your bandwidth to the point where your router is still responsive. Yes, this means you won't be able to fully utilize the bandwidth you paid for but you will have QoS.
     
  10. Darius510

    Darius510 Reformed Router Member

    I'm a little hesitant to use a script that I dont fully understand. I'm aware that I don't *need* QoS, but I still derive some benefit from it. I'm a huge gamer, and even on a 100mbps connection, ping times will still rise when the a download is clogging the line. Granted it rises from an average of 10ms to 30-40ms, which isnt the end of the world, but it also leads to some packet loss. Even with the "defective" QoS, I can globally limit the speed of large downloads on any of my 15-ish devices with a few rules, and pings hover in the 15ms region.

    The problem with using the Toastman QoS is that not only does it limit my overall download speed to 60mbps or so, it locks up the router's CPU, and pings rise to 80ms or so, rather than the 40ms that I'd get without QoS. So there's just really no way to make it work. Even just the basic bandwidth limiter would have sufficed for my needs, but that isn't any faster than QoS.
     
  11. Toastman

    Toastman Super Moderator Staff Member Member

    @Darius510 - I have never seen lockup from enabling the QOS system, ever, in any tomato version. This is not a normal occurrence. I don't have any suggestions for you as to the cause.

    The Bandwidth Limiter is itself a QOS system. But no matter what system were used it's processing needs will be similar, there's no such thing as a free lunch.

    You should try Porter's script, just to see what happens. He's very knowledgeable about the QOS system and was responsible for most of the more recent improvements.

    I see many people making what amount to compliants about many aspects of Tomato, not only the QOS. All of them based on speed issues caused by not having a fast enough processor to cope with the work that people have thrust upon the router. It has nothing to do with Tomato per se.

    It is a bit like buying a bicycle and complaining that it won't keep up with a BMW. :p

    When your available ISP speeds are so high, you really must look elsewhere, the current generation of home routers still aren't sufficient. Unless you can use Fast NAT / CTF which precludes the use of QOS. The situation is improving now with faster processors and better hardware, but these newer routers are very expensive, way overpriced considering what is actually inside the boxes.

    There will come a day when gigabit speeds are available, and the same things will happen ... ad nauseam...
     
  12. Darius510

    Darius510 Reformed Router Member

    By "lock-up" I don't mean the CPU actually crashes, just that it pegs at 100%, and I assume that's the cause of the higher than expected ping times vs QoS off....the CPU can't keep up.

    I'm not really complaining, like you say, the situation is what it is...the home routers out there can't keep up yet, it's not tomato's fault. I've bought multiple routers in search of one that could, the fastest/most expensive being the ac66u, and it's barely any better than my E3000. I'm happy enough that whatever victek is doing with the speedtest version, it's working to some degree, even if it's not ideal.

    I'm willing to give Porter's script a try, but I'm not sure how to configure it....I don't even know where to begin, because I don't understand half of what it's doing. I know tomato well enough to configure rules properly to do exactly what I need via the gui, but most of that script reads like gibberish to me.

    I've considered a professional router, but I'm not sure where to begin with that either, and I'll probably be in over my head with that as well.

    I'm curious though, what do the more recent builds do regarding QoS that the older ones don't? The speedtest properly limits bandwidth in both directions, seems to prioritize properly...what else is left to do?
     
  13. Darius510

    Darius510 Reformed Router Member

    For what its worth, this is my config:

    Capture.PNG Capture2.PNG

    I've set both the upload and download to ~85% of my link, which solves most of the latency issues on it's own.

    -All of my devices are grouped by static DHCP into blocks of IPs that represent each type of device, so I can prioritize and set limits more effectively:

    -The gaming devices account for more than just game traffic, there's HTTP downloads of games, streaming media, etc. So their IP prioritization rules are at the bottom, so the rest can take effect first...basically anything that isnt VOIP, streaming or a download is game traffic, so it'll slip by the other rules and get set to "highest" at the end.

    -Class A is for P2P, which I only use on that one device, so I'm able to properly restrict the download speed by limiting upstream to 2%. Everything else that isn't P2P on that device is accounted for by earlier rules.

    -Even though most streaming media is captured by the HTTP download rule, I set any devices which are used for streaming and only streaming to low at the top, primarily so I can limit their total bandwidth to 50% and prevent any lag spikes during the initial buffering phase.

    -I also use class E to severely restrict the speed of any device that I haven't specifically set the IP address for, just in case anyone breaks into my network (which has never happened anyway).

    Pretty much the only base I don't have covered is not being able to limit the upstream flow of ACK packets for HTTP downloads, which could potentially cause a little extra latency while the download speed stabilizes.
     
  14. Porter

    Porter LI Guru Member

    The problem with the old QoS was that there was no overall limit. So when you had two classes and each of them were allowed to use 60% of the bandwidth and they actually used all of the bandwidth, the QoS didn't limit them to 100% of the bandwidth. They were able to use 120% of the bandwidth which clearly doesn't work.

    There migh be other scripts on google, too. The most important apsect to look out for is that they don't use iptables to do the filtering/matching and that they use an IMQ device for inbound shaping.

    The only thing I can do is give you another example of how a script might look like. This has been made with Mastershaper, which is a linux webfrontend to configure linux' QoS-system: http://pastebin.com/vZVrsCEF

    Please keep in mind that the order of the classes in the script doesn't represent priority. The 'prio' parameter does. Lowest digit means highest priority.

    For each new port filter you need four commands: source port and destination port and in each direction.

    An IP filter would look like this:

    Code:
    tc filter add dev $DEV parent 1:11 protocol ip prio 5 u32 match ip dst $IP flowid 1:13
     
  15. Victek

    Victek Network Guru Member

    I focus speedtest version to maximize bandwidth... when you work with inbound/outbound speeds >10MB sincerely I don't activate QoS for the 3-4 users at home... ;) I simply use Bandwidth limiter to restrict bandwidth to each user and then he/she can manage the assigned quota, it's his/her beer.. not router job.
    If you have 120 users then QoS makes sense... the speed is not the goal, it's the priority for each application accessing Internet.

    Then you have both features in Tomato firmware.
     
    Last edited: Oct 1, 2013
  16. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Thanks for the info Victek. Didn't realize you had switched the QoS back to the old version for the Speedtest mod. Curious to know what the performance cost is of the new system over the old one, but I know you have better things to do than make the comparison.

    I happen to like QoS for the small office/BYOD +/- guest setting, and BW limiter at home, but there are always exceptions.
     

Share This Page