Using QOS - Tutorial and discussion

Discussion in 'Tomato Firmware' started by Toastman, Dec 24, 2008.

  1. sabishii

    sabishii New Member Member

    I didn't say they were better. I was providing the missing images that are listed in the forum FAQ, specifically
    that had been missing because Imageshack sucks.

    In other words, the latest QOS settings in the forum FAQ are from 2010. If there are new settings, that's fine, but I'm just digging up missing stuff.
     
  2. gffmac

    gffmac Networkin' Nut Member

    Is there a way to revert QOS settings to stock without doing a full wipe or manually entering them all again?
     
  3. koitsu

    koitsu Network Guru Member

    I cannot confirm settings for any firmware other than Toastman. Below are the commands for ARM. I'm not sure about MIPS, probably the same but better not risk it. These are commands you can use from the CLI (telnet/SSH); I would not recommend doing this from Tools -> System Commands due to all the magic quoting and madness that goes on (plus browsers wrap text and make distinguishing whitespace locations difficult):

    I believe the forum will botch this very very badly due to the quotes, spacing, and several other aspects (particularly of the syntax of the qos_orules variable), so here is the pastebin:

    http://pastebin.com/mu4Dw16F

    *** WARNING WARNING WARNING ***

    IT IS VERY IMPORTANT YOU ENSURE THE nvram set qos_orules VALUE IS RETAINED AS IS. THE VALUE SHOULD BE WRAPPED IN APOSTROPHES (NOT DOUBLE QUOTES OR "SMART" QUOTES), IS ALL ON A SINGLE LINE, IS NOT BOTCHED/SCREWED UP BY COPY/PASTING, AND DOES NOT HAVE IMPROPER WHITESPACE INJECTED INTO THE CONTENT. DOING SO CAN/WILL BREAK THINGS VERY BADLY. I SUGGEST COPYING FROM THE "RAW PASTE DATA" PART OF PASTEBIN.
    YOU HAVE BEEN WARNED.

    The source of these values comes from router/shared/defaults.c on Toastman-ARM branch. If you want something else (MIPS, ARM7, whatever), give me the exact filename of the firmware you're using and I can go look up the relevant code and do the same process.
     
    gschnasl and gffmac like this.
  4. gffmac

    gffmac Networkin' Nut Member

    Thanks koitsu, it seems PuTTY has a character limit on pasting so the full nvram set qos_orules= .. command is not entered. I'll look for an alternative.

    Maybe the command can be split into 2 or 3 segments?

    I entered the one command via the web gui, worked fine. Thanks
     
    Last edited: Mar 7, 2017
  5. koitsu

    koitsu Network Guru Member

    PuTTY has no such clipboard character limit. I take the time to test my claims/statements before making them. :)

    The command cannot be easily split into sections without risk of the shell interpreting some characters (through use of variables).
     
  6. gffmac

    gffmac Networkin' Nut Member

    I know you know what you are talking about which is why I didn't really want make the post I tried 5 times, and via another program.

    Sent from my HTC 10 using Tapatalk
     
  7. koitsu

    koitsu Network Guru Member

    Okay, I guess I'll do an alternative. I put together a simple shell script that does the work for you (so there's nothing to copy-paste), gzip'd it (to work around any potential network I/O corruption), and put it on my server. This is what you'd do from the CLI on Tomato:

    Code:
    cd /tmp
    wget http://jdc.koitsu.org/toastman_qos_reset.sh.gz
    gzip -d toastman_qos_reset.sh.gz
    chmod 755 toastman_qos_reset.sh
    ./toastman_qos_reset.sh
    
    I urge anyone/everyone to cat toastman_qos_reset.sh first so that they understand what the script is doing (it's the same as what's at pastebin, just with the hashbang line for /bin/sh added). In general I don't like putting shell script things online for people to download/blindly run, as it puts too much trust in what a person is doing. (Yes, I'm a trustworthy person and I do commits/code changes, but my point still stands)

    The script DOES NOT do nvram commit
    -- this is intentional! So, after doing the above, you can nvram show (or nvram show | grep qos_orules etc...) and make sure the settings have changed (back to defaults).

    You then can run nvram commit yourself to commit the changes to NVRAM, followed by reboot and you should be good to go.

    Hope this makes it easier for you. Please let me know if/when you've done this so I can remove the file off my server.
     
  8. Olegaas

    Olegaas New Member Member

    Hello everybody, I have Tomato Shibby and I have trouble with QoS.

    Router - ASUS RT-66U
    Version - Tomato Firmware 1.28.0000 MIPSR2-138 K26 USB AIO-64


    The trouble is: All Inbound Bandwidth Distribution at Graphs, show as default traffic class. (Default traffic class can be choosen at Basic QoS Settings). Outbound Bandwidth Distribution work correct. Also all Inbound traffic are limiting as rule of default traffic class.
    For examle - Inbound WAN 1 Max Bandwidth Limit: 10 000kbit/s, My default traffic class is P2P/Bulk, limits of P2P/Bulk are from 5 to 40%. At result all of the traffic are limited with 40% - do not depend on class.
    Detailes you can see on screenshots.
    All settings are default. I only set Static WAN IP, and DNS.
    Change IP to 192.168.0.1 and DHCP to 192.168.0.100-199
    Disable WIFI. Thats all.

    What I try to do:
    - Install last 1.28 version (was 1.26 version)
    - Reset all setting.

    This is not help at all.
    Does anybody have ideas, how to solve this trouble?[​IMG]
    [​IMG]
     
  9. cloneman

    cloneman Addicted to LI Member

    It's hard to tell from those screenshots as all the TCP traffic is on port 443. perhaps you could try to delete rule 29 and see what happens.

    also, the real shibby version number is on the about page.
     
  10. Olegaas

    Olegaas New Member Member

    On About page version is: Tomato Firmware 1.28.0000 MIPSR2-138 K26 USB AIO-64K

    Right now I make screenshots ot Inbond traffic, and page after press on default traffic (VOIP/GAME) right now:
    [​IMG] [​IMG]
     
  11. Olegaas

    Olegaas New Member Member

    If press on "Empty" class HТТP:
    [​IMG]
     
  12. cloneman

    cloneman Addicted to LI Member

    okay it looks like everything is going to default in inbound like you said. I don't know why it's doing that.

    I know shibby 1.38 has some QOS problems (the bandwidth calculation estimates are missing) , so it is possible that this is a another issue. All I can suggest is to try shibby 1.32 instead. (wipe nvram as well, do not try restore settings)
     
    warchieff likes this.
  13. warchieff

    warchieff New Member Member

    Can you guys write or include a script to configure in Advanced Tomato the ingress burst size such as this one:


    tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

    tc qdisc add dev $DEV handle ffff: ingress

    tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
    192.168.1.1 police rate ${34860}kbit burst 10k drop flowid :1


    I want to drop packets that are coming in too fast, which causes TCP/IP to slow down. Because I don't want to drop traffic unnecessarily, can you write me a 'burst' size to allow this? Is this the correct script to use within AdvancedTomato? Will this script interfere with Tomato's Ingress QOS?
     
    Last edited: Jun 27, 2017
  14. cloneman

    cloneman Addicted to LI Member

    You can probably do it via startup script or wan up script although pressing 'save' in the QoS gui could reset it.
    iirc the relevant scripts it uses are /etc/QoS and the iptables

    I've never touched this but I'd be interested as I've yet to find something that throttles steam downloads properly
     
  15. warchieff

    warchieff New Member Member

    I want Tomato to run the QOS but there are no relevant scripts or guides to configure this type of command. I've looked at the Source Code doesn't show me anything either from some web pages but they don't really show the true code.

    This is the only way to configure ingress this way I've seen, everything else only uses the classification system.

    Works on all kernels. Within the CBQ qdisc we place two Stochastic Fairness Queues that make sure that multiple bulk streams don't drown each other out.
    Downstream traffic is policed using a tc filter containing a Token Bucket Filter.
    You might improve on this script by adding 'bounded' to the line that starts with 'tc class add .. classid 1:20'. If you lowered your MTU, also lower the allot & avpkt numbers!
    #!/bin/bash
    # The Ultimate Setup For Your Internet Connection At Home
    #
    #
    # Set the following values to somewhat less than your actual download
    # and uplink speed. In kilobits
    DOWNLINK=800
    UPLINK=220
    DEV=ppp0
    # clean existing down- and uplink qdiscs, hide errors
    tc qdisc del dev $DEV root 2> /dev/null > /dev/null
    tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
    ###### uplink
    # install root CBQ
    tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
    # shape everything at $UPLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    # main class
    tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
    allot 1500 prio 5 bounded isolated
    # high prio class 1:10:
    tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
    allot 1600 prio 1 avpkt 1000
    # bulk and default class 1:20 - gets slightly less traffic,
    # and a lower priority:
    tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \
    allot 1600 prio 2 avpkt 1000
    # both get Stochastic Fairness:
    tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
    # start filters
    # TOS Minimum Delay (ssh, NOT scp) in 1:10:
    tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
    match ip tos 0x10 0xff flowid 1:10
    # ICMP (ip protocol 1) in the interactive class 1:10 so we
    # can do measurements & impress our friends:
    tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
    match ip protocol 1 0xff flowid 1:10
    # To speed up downloads while an upload is going on, put ACK packets in
    # the interactive class:
    tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
    match ip protocol 6 0xff \
    match u8 0x05 0x0f at 0 \
    match u16 0x0000 0xffc0 at 2 \
    match u8 0x10 0xff at 33 \
    flowid 1:10
    # rest is 'non-interactive' ie 'bulk' and ends up in 1:20
    tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
    match ip dst 0.0.0.0/0 flowid 1:20
    ########## downlink #############
    # slow downloads down to somewhat less than the real speed to prevent
    # queuing at our ISP. Tune to see how high you can set it.
    # ISPs tend to have *huge* queues to make sure big downloads are fast
    #
    # attach ingress policer:
    tc qdisc add dev $DEV handle ffff: ingress
    # filter *everything* to it (0.0.0.0/0), drop everything that's
    # coming in too fast:
    tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
    0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
    If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d.
    If the last two lines give an error, update your tc tool to a newer version!

    The following script achieves all goals using the wonderful HTB queue, see the relevant chapter. Well worth patching your kernel for!
    #!/bin/bash
    # The Ultimate Setup For Your Internet Connection At Home
    #
    #
    # Set the following values to somewhat less than your actual download
    # and uplink speed. In kilobits
    DOWNLINK=800
    UPLINK=220
    DEV=ppp0
    # clean existing down- and uplink qdiscs, hide errors
    tc qdisc del dev $DEV root 2> /dev/null > /dev/null
    tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
    ###### uplink
    # install root HTB, point default traffic to 1:20:
    tc qdisc add dev $DEV root handle 1: htb default 20
    # shape everything at $UPLINK speed - this prevents huge queues in your
    # DSL modem which destroy latency:
    tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
    # high prio class 1:10:
    tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
    burst 6k prio 1
    # bulk & default class 1:20 - gets slightly less traffic,
    # and a lower priority:
    tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
    burst 6k prio 2
    # both get Stochastic Fairness:
    tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
    tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
    # TOS Minimum Delay (ssh, NOT scp) in 1:10:
    tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
    match ip tos 0x10 0xff flowid 1:10
    # ICMP (ip protocol 1) in the interactive class 1:10 so we
    # can do measurements & impress our friends:
    tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
    match ip protocol 1 0xff flowid 1:10
    # To speed up downloads while an upload is going on, put ACK packets in
    # the interactive class:
    tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
    match ip protocol 6 0xff \
    match u8 0x05 0x0f at 0 \
    match u16 0x0000 0xffc0 at 2 \
    match u8 0x10 0xff at 33 \
    flowid 1:10
    # rest is 'non-interactive' ie 'bulk' and ends up in 1:20

    ########## downlink #############
    # slow downloads down to somewhat less than the real speed to prevent
    # queuing at our ISP. Tune to see how high you can set it.
    # ISPs tend to have *huge* queues to make sure big downloads are fast
    #
    # attach ingress policer:
    tc qdisc add dev $DEV handle ffff: ingress
    # filter *everything* to it (0.0.0.0/0), drop everything that's
    # coming in too fast:
    tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
    0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
    If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d.
    If the last two lines give an error, update your tc tool to a newer version!
     
  16. cloneman

    cloneman Addicted to LI Member

    the following command I used
    tc class change dev imq0 parent 1:1 classid 1:100 htb rate 4250kbit ceil 42000kbit cburst 3kb prio 10 quantum 1492

    temporarily changes the burst value for the ceiling. (classid 1:100 represents inbound class 9 in my case) FWIW it doesn't help with my steam problem.

    I'm not sure exactly what your goal is with regard to problematic bursting traffic. The default QoS engine should be sufficient to manage most situations. Can you describe your problematic traffic, maybe modifying the builtin QoS isn't required after all ?
     
    Last edited: Jun 28, 2017
  17. warchieff

    warchieff New Member Member

    I just want to clean up the ingress for gaming. I only have 2 classes.

    1st class - Highest. Classes 2,3,4,5,6,8,9 and 10 are empty. Class 7 is default. 80% - 80%, 20% - 20% for the two classes.

    I just want to limit the burst to small packets of 1514 KB. Even 128 KB if it would fit better. That way everything gets dropped which isn't a game packet.

    So i'd write it like this to modify all ingress?

    Highest Class
    tc class change dev imq0 parent 1:1 classid 1:100(Highest class 1 here not 9) htb rate 50000kbit ceil 47500kbit cburst 128kb prio 10(want priority 0 for gaming here) quantum 576

    Or do I also include this to modify the default class separately from the Highest ingress?

    default class
    tc class change dev imq0 parent 1:1 classid 1:100(default class 7 here not 9) htb rate 50000kbit ceil 47500kbit cburst 128kb prio 10(want priority default for all else) quantum 576
     
    Last edited: Jun 28, 2017
  18. cloneman

    cloneman Addicted to LI Member

    I don't think you'll gain much benefit by messing with burst or cburst. You're probably in over your head trying to reverse engineer this.

    Tomato's GUI doesn't support classifying by packet size (unfortunately. That's a feature request of mine). I played with this concept in cli a few posts back http://www.linksysinfo.org/index.ph...rial-and-discussion.28349/page-12#post-265865.

    I'm not sure how you intent to classify and separate gaming traffic from normal traffic. My advice would be to move to a 3 or 4 class system -

    Class 1 (Gaming)
    Class 2 (Normal - Default)
    Class 3 (Large Downloads)


    The objective is to put your large downloads (e.g. 3000kb+) Below Normal, just in case some important traffic ends up in normal by mistake.

    If you run into issues where there really is a problem with bursty traffic (e.g. torrents and Steam Downloads in "Normal") well, then you have investigate more "invasive" limits, like a 4th bulk class for "problem traffic".

    As a last resort, anything that you limit to 50% of your connection should not cause any problems for your high priority traffic.

    If Steam downloads are causing you problems I'd recommend trying to switch to a region that is further from you. (>50ms). Having a steam CDN with a very low latency causes problems for ingress shaping.
     
    gempotpot likes this.
  19. warchieff

    warchieff New Member Member

    Yes we want to mark egress packets(check box to accelerate game packets)
    'UDP_LENGTH=256'

    Also limit the size of the ingress burst.(check box to help bursty ingress)
     
    Last edited: Jun 28, 2017
  20. mindwolf

    mindwolf Network Newbie Member

    Any way to change the packet limit and quantum to 1000p and quantum 600? It appears editing the /etc/qos file doesn't save any changes.
     
  21. cloneman

    cloneman Addicted to LI Member

    you can use s commad like tc class change
     
  22. cloneman

    cloneman Addicted to LI Member

    Yes, a connection of low speed like this can benefit from micromanagement like you've done. (the context of ensuring reasonable bandwidth for everything with slow connection)

    I should point out, however, that the game has changed a lot since Tomato QoS/ Toastman QoS was released; the vastly most sensible option for most people with modern speed connections (15mbit+) with QoS is, less is more.

    Hopefully were are moving to a future where sfq or fq_codel is commonly available in routers home and business, and available as an upload-only parameter for people with very fast download speeds. This would create a "no knobs / no settings" approach where the only parameter to configure is the line speed. This does 80% of the work to fix problems under load. VoIP and UDP game traffic will never be dropped on purpose with sfq / fq_codel, because large file xfer packets will always be dropped first.

    Unless someone decides to design a protocol open hundreds of connections and divide the file transfer evenly among them, then we're back to hell again. *points and stares at steam and windows update*
     
    Testing and Techie007 like this.
  23. Mark Barabus

    Mark Barabus Serious Server Member

    Is there any reason why a qos rule would be skipped when the criteria is met?

    Recently i've been using a rule at the top of my list to catch all 443 traffic from a Playstation 4 device which is using 443 to download/upload causing havoc with my HTTPS rule. Hence i added the 443 rule for that particular device classifying it as FileXfer.

    90% of the time it works but the other time it gets skipped and moves to the next rule down. A restart of the qos fixes it but i'm just wondering what causes the rule to fail and if theres a way to prevent it.

    Any ideas whats going on here?

    Asus  Classification Rules.png Asus  View Details.png
     
  24. cloneman

    cloneman Addicted to LI Member

    I don't know - but you could always try doing to opposite, a 0-512kbps rule for promoting preferred traffic vs 512+ for demoting.

    You could also prioritize only UDP traffic from the PS4.

    In theory smaller game/voip packets should not be delayed ever even if your rules get tripped up thanks to fq_codel / sfq 's byte fairness vs packet fairness of pfifo.
     
  25. Mark Barabus

    Mark Barabus Serious Server Member

    Thanks i tried that but unfortunately 443 traffic is also game traffic (in some games) and when they get classed as low traffic, certainly on my connection (350kbps up/6 mbps down) the lobbies wont even load, so i have to resort to the 512+ rule and having the rest of the traffic classed as VOIP. Why they cant just use port 80 for downloads like everyone else is beyond me. Not to mention UDP is rarely used on PS4 from what i have seen its all TCP. Talk about making things difficult.
     
  26. cloneman

    cloneman Addicted to LI Member

    Ah, a connection with an upload that slow does present very different challenges. Normally I would say that small flows competing with downloads even within the same class should do 'okay' thanks to fair queuing, but with such small amounts of bandwith, this is not the case.

    You can try switching between sfq and fq_codel to compare, maybe sfq can outperform codel in this special situation (fq_codel dropped too much when I tried 350kbps, sfq did not). But, of course the best solution will be to catch all the traffic that is causing you problems...

    Here's an incoherent rant for no reason :
    If you have 350kbps, thats 44kB/s That means you can only send 4.4kB in 100ms. That's not very much data to send before packets become delayed by 100ms or more. Therefore even a very small queue building up will increase latency a lot.
     
  27. Mark Barabus

    Mark Barabus Serious Server Member

    Thanks Cloneman. I did experiment with fq_codel when i had a ac68u earlier this year for a brief period but it turned out to have a faulty wireless adapter so in short i ended up returning it and getting a cheaper n66u which as far as i know only supports sfq. For what its worth though i didnt notice much of a difference other than my bulk traffic was slightly more stable on fq_codel vs sfq.

    And I'm only now understanding the relevance of your previous post ie doing the opposite so going to try that now.
     
    cloneman likes this.
  28. cloneman

    cloneman Addicted to LI Member

    I've been reading up on low bandwith fq_codel tuning and inquiring about it on their mailing list.

    As it stands right now in the way Tomato is setup, fq_codel is probably not as good as traditional sfq at bandwiths lower than 2.5mbit. For such situations, fq_codel would need to be manually tuned [changing target, quantum, limit, interval, ecn, etc.], which is a CLI process which would get erased with webgui saves or reboots. The 'target' value needs to be increased from 5.0ms to allow for the additional time required to send 1 packet / 1 MTU on a slow connection. Quantum may also need to be decreased, and limit (packet limit) may need to be decreased as well. Since in tomato every class is its own fq_codel queue, any particular class that is policed (set to a max) below 2.5mbit, or even one that temporarily lends bandwidth to a class above it, may experience excessive packet dropping compared to sfq.

    So what does this mean?

    0. manually prioritizing VoIP / ICMP / gaming traffic is important on slow connections.
    The magic of fair queuing may not help sufficiently with mixed traffic competing in the same class. Not without solutions currently unavailable to tomato, like Smartqueue management (sqm) or cake.

    1. On slow connections , people using fq_codel on the current Tomato release may benefit from going back to sfq if excessive drops are experienced. Or, they can deep dive into manual tuning with tc qdisc change, to increase the target from 5.0ms, among other tweaks.

    2. If one of your lower classes is starved for bandwith because of lending, it may also experience more drops on account of falling below the 2.5mbit optimal fq_codel range.

    3. The default packet limit is set to 10240. The old best practices page for fq_codel recommends a value much smaller than this, 1000, for connections of 1G/s or less. I don't know weather this should be changed or to what extent it matters.

    4. Eventually, it may be of interest to allow tweaking of target, quantum, and limit within the webui, for each class. However, this is an advanced setting, and with already the large amount of confusion that exists for traffic shaping, this is best hidden from most users. Heck, maybe what we need is a qos-settings-experiments.asp that would allow deeper digging for those interested, or an /etc/wan_qos that is writable/saveable in CLI.

    5. sqm and cake are some solutions that were proposed to me by the bufferbloat guys, for anyone interested in leveraging fq_codel with more magical properties. Cake has self tuning of target and quantum values. whether or not bringing sqm or cake to Tomato is possible or even desirable is not something I'm qualified to evaluate. Again, this could be another qos-settings-beta.asp


    These are just a few thoughts I think people should be aware of regarding fq_codel on tomato.
     
    Testing likes this.
  29. Testing

    Testing Connected Client Member

    The best QoS for Gaming and Everything else!

    Basic Settings
    1. In "Prioritize small packets" untick: ACK, SYN, FIN, RST (Do not untick ICMP)
    2. Default Class to "High" (All the traffic of ports that do not have rules will go here)
    3. Change the Minimum/Maximum Bandwidth in Upload and Download of the Class, as in the image below.
    [​IMG]

    Classification
    Now you just have to add rules according to their needs:
    1. Service for DNS, Time, NTP, DoT and RSVP.
    2. VOIP/Game for VoIP and Gaming ports. (DO NOT add ports 80 and 443 in this Class!)
    3. High for Other ports. (This Class is for ports that do not have a rule)
    4. Medium for Web Surf and enter the Games Lobby quickly. (The games use port 80 and 443 for this)
    5. Low for File Transfer and Watch videos.
    6. Bulk for Torrent/Bulk Traffic.
    - Just Add rules for ports in VOIP/Game, Medium, Low and Bulk Class that you do not want to be in High Class. (Class for ports that do not have a rule)
    - DO NOT add ports in the Service Class! (Only that for DNS, Time, NTP, DoT and RSVP)
    - DO NOT add ports in the High Class!

    Add those 8 rules in the same order:
    [​IMG]

    QoS Rules:
    Code:
        Name                                  Port                     Protocol       Transferred       Class
        ****                                  ****                     ********       ***********       *****
    #1  DNS, Time, NTP, DoT, RSVP             53,37,123,853,3455       TCP/UDP        0-10              Service
    #2  DNS, Time, NTP, DoT, RSVP 10KB+       53,37,123,853,3455       TCP/UDP        10                Bulk
    #3  HTTP, HTTP Proxy, QUIC                80,8080                  TCP/UDP        0-1536            Medium
    #4  HTTPS, QUIC                           443                      TCP/UDP        0-1536            Medium
    #5  File Transfer                         80,443,8080              TCP/UDP        1536              Low
    #6  qBittorrent uTP                       6881-6889                TCP/UDP                          Bulk
    #7  BitTorrent                        L7: bittorrent               TCP/UDP                          Bulk
    #8  BitTorrent                     IPP2P: BitTorrent               TCP/UDP                          Bulk
    
    - Only add port of VoIP or Consoles/Games that you play in the Class VOIP/Game.
    - DO NOT add ports 80 and 443 of the Consoles/Games in VOIP/Games Class! (There are already rules for these ports #3, #4 and #5)
    - ADD any rule for port and Class, below the rule #8 BitTorrent
    


    VOIP/Games Ports
    DO NOT add ports 80 and 443 of the games in VOIP/Game Class (already exists a rule for these ports)


    The Best Wireless AC and Wired Routers
     
    Last edited: Oct 10, 2018
    txnative, AndreDVJ and Holy_Hunter like this.
  30. Holy_Hunter

    Holy_Hunter Networkin' Nut Member

    Classification Image is missing for me...
    Would love to try your settings, cause i struggle abit with my QoS setup at the moment.

    edit: seems to be fixed...
     
    Last edited: Nov 23, 2017
  31. Techie007

    Techie007 Serious Server Member

    Glad there's somebody else that's aware of this craziness! Since Windows 10, Windows Update literally takes all kinds of networks down when there's a machine or two in somebody's office downloading a large update. It's insane! As a Windows Insider/beta tester, I had created a thread over on Microsoft Answers about this before Windows 10 was released. But Microsoft doesn't seem to care.

    For those who are interested, the solution I've been using is to add the following code to the Admin/Scripts/Init section in Tomato:
    Code:
    echo "windowsupdate" > /etc/l7-extra/windowsupdate.pat
    echo "(Microsoft-Delivery-Optimization/|.mp.microsoft.com)" >> /etc/l7-extra/windowsupdate.pat
    
    echo "youtube-2015" > /etc/l7-extra/youtube-2015.pat
    echo "(stream.com|video.com)" >> /etc/l7-extra/youtube-2015.pat
    And then create two QoS rules, placing them above your HTTP/HTTPs/web surfing/web download rules:
    Code:
    Any address - - Media - YouTube/HTTP video
    TCP - Any port -
    IPP2P (disabled) - youtube2015
    DSCP (any) -
    - -
    Code:
    Any address - - P2P/Bulk - Windows Update
    TCP - Any port -
    IPP2P (disabled) - windowsupdate
    DSCP (any) -
    - -
    If you wish to reduce the L7 filter load, you can refine the YouTube rule to destination port 443 and the Windows Update rule to destination port 80.
     
    Mark Barabus and AndreDVJ like this.
  32. Testing

    Testing Connected Client Member

  33. discosonic

    discosonic Network Newbie Member

    Guys, sorry, if my question is already answered here.
    I used Tomato QOS for 4 years and was satisfied until we got new ISP with 200 Mbit/s connection. Yes, it's enough, but when I'm trying to limit rates, even if set only 1% of my bandwidth, it doesn't affect nothing, because 1% it's 2 Mbit/s.
    Any advice how to set it up? May be there is a way to set 0.5% for example? What's your experience of using QOS on high speed connections? Thanks.
     
  34. txnative

    txnative Networkin' Nut Member

    If your going to stay with your provider and have more bandwidth, a newer supported K26ARM, K26ARM7 supported models with Tomato. Qos doesn't work to well with higher bandwidth on the MIPSR2 models, these issues have been documented on various parts that tomato lacks from oem firmware that can cause high sirq when qos is enabled to handle over 100mbps connections. You could lose up to 45% of your download bandwidth in order to continue to using your current model with qos is enabled, pending on if you have symmetrical as opposed to asymmetrical connections, or do without Qos if your current model still can handle the higher bandwidth, even then you may have to resort to alternative open source for pc engine, mikrotik type of home made router with your choice of open source firmware for such hardware.
     
    Last edited: Dec 8, 2017
  35. discosonic

    discosonic Network Newbie Member

    Thanks for reply. I'm using Asus RT-AC56U with Advanced Tomato firmware (based on Tomato by Shibby but with modified GUI). It's K26ARM model. QoS and Bandwidth limiter are currently disabled, because I don't understand how to limit rates of outgoing traffic, if 1% of my connection speed is enough to load incoming channel full. So, the question is: how you, guys, doing it? If you have 100 Mbit+ connection speed, can you send me your qos config example in PM? Thanks again.
     
  36. txnative

    txnative Networkin' Nut Member

    I personally don't need a lot of bandwidth currently using 50/50(symmetrical) my qos settings aren't that much different from testing post as I have always set my bandwidth up the same ever since I learned tomato qos a few years back, look at testing post as he already has pics and examples, also you can only use either Qos or Bandwidth Limiter but not at the same time, you'll have to experiment with getting it set up properly and it can take a bit of time, just be patience there is excellent advice here in this thread alone to assist you, page 14 here you'll see testing post use that. My router is under powered for 100mbits or more but just right for under 100mbit, no real complexities in my network always keep it simple.
     
    discosonic likes this.
  37. Yim Sonny

    Yim Sonny Serious Server Member

    What type of traffic do you want to limit to less than 2 Mbps ? If you have 200 Mbps then something using 2 Mbps should not be a problem.

    I could explain how to program for less than 2 Mbps but I would need to see what other traffic you have so we could get it working properly for everything.
     
  38. cloneman

    cloneman Addicted to LI Member

    @discosonic

    Backup your configuration, then dump all your rules and replace with 2-3 rules only and try again. Restore config if it doesn't pan out. Only way to be sure your rules arent overwhelming the cpu / sirq%. 50% sirq on dual-core is a bottleneck.

    I'm not sure I understand your issue, you're about talking 2 different things, too much WAN speed and also, a 1% rule not throttling properly. A connection throttled to 2mbps will never cause problems @ 200mbps. Maybe your entire QoS config is broken.
     
  39. Mark Barabus

    Mark Barabus Serious Server Member

    Cannot thank you enough for posting this.

    Youtube and Windows update have been causing mayhem on my QoS for as long as i can remember. Put your solution in place today and everything is back in order again. Brilliant stuff thanks!
     
    Techie007 likes this.
  40. Noveon

    Noveon New Member Member

    Good afternoon! Sorry for my English, because I am from Ukraine and use machine translation.
    I have a RT-N18U + Tomato 1.40
    I made an access point from this instruction: http://www.linksysinfo.org/index.ph...router-a-dumb-access-point.37403/#post-182212
    Now I would like to limit the speed to 20 Mbps and make it so that the user will be off after 15 minutes.
    In Quality of Service=>Basic Settings Outbound Rates/Limits and Inbound Rates/Limits put 20000 kbit/s, but on Wi-Fi it still works on a maximum.
    Help me please.
    Thanks in advance.
     
  41. cloneman

    cloneman Addicted to LI Member

    You cannot use Tomato QoS in Access Point mode, it needs to perform the routing/NAT to have an effect. You have to set it up as a normal router (dual NAT) to make use of QoS.

    You can probably write a script that polls the user list and then adds them to access restriction after 15 minutes, but I don't have the knowledge to do that.
     
    Noveon and ruggerof like this.
  42. ruggerof

    ruggerof Network Guru Member

    Correct, however only if @Noveon uses a Tomato router as the primary gateway. As @Noveon hasn't specified is he uses a Tomato router as gateway he might not be able to do that unless, as you mentioned, he puts his N18U in double NAT.

    In summary:

    1) Tomato capable Gateway + AP (N18U running Tomato or not)
    - Limit hosts @ max 20Mbps: can be done via Bandwidth limiter in the Tomato capable gateway.
    - Limit 15 min: can be done via scripts & Access restrictions.

    2) Non Tomato gateway + N18U Tomato in double-NAT
    - Limit hosts @ max 20Mbps: can be done via Bandwidth limiter in the N18U and only to the hosts connected to the N18U. Hosts connected to the gateway will bypass this limitation.
    - Limit 15 min: can be done via scripts & Access restrictions only in the N18U and to the hosts connected to the N18U. Hosts connected to the gateway will bypass this limitation.
     
    Noveon likes this.
  43. SJMarty

    SJMarty Serious Server Member

    Post #18 in this thread provides the steps to add a second router as a wireless access point. I have a question about this specific step...
    On my router #1, I have one of the LAN ports going to a 16-port unmanaged switch in order to function as an uplink. Can the cable from router #2 connect to the switch and get to router #1 through the uplink or does it actually need to connect directly to one of the LAN ports on router #1?
     
  44. eibgrad

    eibgrad Network Guru Member

    You can connect the two devices through a switch. The distinction being made is between using a WAN to LAN config, vs. a LAN to LAN config, not that the two devices have to be literally connected port to port. It just has to be a switched config, one that doesn't involve the WAN.
     
    SJMarty likes this.
  45. SJMarty

    SJMarty Serious Server Member

    Thanks for the response.

    I currently have the wireless turned off on router #1 and an uplink going from router #1 to router #2. So all of my wireless devices are on router #2. I have two wired computers (Windows 7) that are each connected to a wireless HP printer. After a period of time that I have not yet determined, both computers lose connection to the printer (they cannot ping it). If I turn the wireless on router #1 back on, as long as the printer is on router #1's wireless, the computers do not lose their connection to the printer.

    I suspected the uplink configuration but since it's only the printer that becomes unreachable (plus your response), I don't think that's the problem. I then suspected the printer but that doesn't explain why this does not happen if the printer is on router #1's wireless. That leaves me with the possibility of a router setting on router #2.

    Any ideas? Are there some troubleshooting steps available to try and run this down?
     
  46. cloneman

    cloneman Addicted to LI Member

    For those of your that might be interested, it's possible to make a transparent QoS Shaper (fq_codel / Cake) using OpenWRT.

    This would be a device that could be dropped in to a network and do traffic shaping without the need to change any infrastructure.

    This would either be a permanent solution to bufferbloat without replacing equipment, or as a "proof of concept" that proper shaping exists for arguing with consultants.

    https://apenwarr.ca/log/?m=201808#openwrt

    The instructions on that page are for a DI-825 , some routers are wired up differently internally, and you'd replicate his setup by creating an additional VLAN to bridge the WAN-LAN traffic (forcing it to use the CPU).

    Even more interesting; in bridge mode (no NAT work for the CPU?) I get quite stellar performance from this device... seeing 400mbit+
     
    Last edited: Aug 22, 2018
  47. Mark Barabus

    Mark Barabus Serious Server Member

    Very interesting indeed. Might have to give this a try on my home network where i'm stuck on 20CN with no sign of it being upgraded...

    Am i right in thinking i could just drop this infront of an existing tomato router thats already running its own QoS?
     
  48. cloneman

    cloneman Addicted to LI Member

    Yes. You can really drop it at any point in the network for testing. And of course you can disable Tomato's own QoS.
     
  49. Mark Barabus

    Mark Barabus Serious Server Member

    So i'm guessing it would be a terrible idea to leave Tomato's QoS in addition to having OpenWRT's QoS active?

    I was thinking along the lines of using Tomato QoS to slow the outgoing packets for bulk traffic (everything below WWW rules) and OpenWRT could then apply its cake QoS or equivalent to eliminate buffer bloat. I expect the traffic would just queue up with 2 QoS active but i might just give it a try for testing purposes ofcourse ;).
     
  50. cloneman

    cloneman Addicted to LI Member

    That would be fine I think. Having 2 traffic shapers on separate devices is unlikely to have a negative impact, other than possibly reducing the overall speed of some traffic.
     
  51. robross0606

    robross0606 New Member Member

    I must not be very smart either because I'm thoroughly confused by the wording of this post. In one paragraph says:

    Note the specific use of "maximum... uplink speed" thereby saying we should be taking 85% of the maximum.

    Then it goes on to say this a couple sentences later:

    This would seem to be a direct contradictions by saying "minimum" multiple times. It then goes on to get frustrated and condescending of confused readers. They may not understand because there's possibly a typo in the write-up or at least wording which is easily confused. What am I missing?

    That being said, let's assume it is actually the "minimum" we're after, there's a fundamental problem with the post in that 1) it doesn't provide a suggested means of obtaining this "minimum" and, 2) the minimum bandwidth of any and all connections is always going to be absolute zero. If it isn't an "average" (mean, median or mode) as you explicitly state and you truly want the minimum possible sampled bandwidth, that can easily be derived as 0 and the whole post is mathematically moot. Perhaps what you're suggesting is a "minimum average" -- probably the mode? In any case, what we could really use is a suggestion how best to come upon the recommended value.

    I've tried several speed test tools. For example:

    [​IMG]

    Note that max for both upload and download is provided (still an average of sampled data). But if we're looking for "minimum", you can clearly see that the value drops all the way to ZERO (0) several times. So... to what value exactly are you suggesting we set our Max bandwidth? 85% of 0 which is... 0?

    I'm truly confused, so if someone could help me understand what is actually being suggested here, that would be great.
     
  52. Yim Sonny

    Yim Sonny Serious Server Member

    The fields for maximum bandwidth limits are not directly part of the QOS formula. They are only used to calculate the speed based on the percentages you specify. For my QOS configurations I always specify a reference speed that is greater than my measured speeds. If my measured download speed is 100 Mbps then I put 120 Mbps for the "Inbound Max Bandwidth Limit". If I have a high priority class of service that I do not want to be restricted of bandwidth then I give that class of service 100% which of course calculates to a limit of 120 Mbps. Since I only have 100 Mbps of bandwidth available then traffic in that class of service is the full 100 Mbps ( since the QOS limiting would only engage at 120 Mbps ).

    If I want a lower class of service to get only 84 Mbps of the 100 available then I would specify 70% for that class. 120 Mbps * .7 = 84 Mbps which is the speed that class is restricted to.

    If I have a very low class of service that I wish to limit to 12 Mbps then set the percentage of that class to 10%

    The % ranges are very useful too. You can have two different classes that are each set for 100% maximum, but one with 5% minimum and the other with 75% minimum. Like this ;

    Class 1 = Range of 75% - 100%
    Class 2 = Range of 5% - 100%

    If either of the classes has no competing traffic from any other class then it would achieve your full 100 Mbps ISP provided bandwidth
    If both classes run a speed test at the same time then ;
    Class 1 would download at 120*.75 = 90 Mbps
    Class 2 would download at 120*.05 = 6 Mbps
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice