Using QOS - Tutorial and discussion

Using QOS to control Data Flow in Residential Buildings

  1. Toastman
    Using QOS to control Data Flow in Residential Buildings

    Tomato QOS Tutorial


    I've moved a number of posts here from odd places on the forum so this can become a QOS thread with a particular slant on large installations. While the article is concerned with a large number of users in big premises, obviously, if the QOS will work here, it will also work (and probably even better) for you - as a normal home/standalone user. So this thread is useful for everybody! Now - when I say it will work - I don't mean it will be optimum in every case, but it will give you a base to start. You will see how I have used the different classes for the various protocols and modify them if they aren't right for your setup. It's up to you to decide what to do and how to change it to suit your needs. But to do that you do need to understand how QOS works and the reasoning behind the rules.

    I should point out the difference between a standalone user or one with a couple of family members and a residential building. These lucky "standalone" people have control over each PC and know what applications they are running. Whereas in a residential building, we have no idea what people are running on their PC's and we have no access to, and no control over them at all. So the only thing we can do to prevent one or two users or applications from hogging our valuable bandwidth, is to set up the router's QOS system in a way that prevents it happening. If you are a standalone user, it is often much easier to change what is happening on the PC than it is to try to use a QOS rule to control it afterwards, but we simply don't have that luxury. If you have a family you may have the same problem at home.

    Now, the comment about even a "basic" home setup. People oftenthink they have a "basic" setup. That they browse the web and nothing more, so a single rule to prioritize port 80 HTTP is all they think is necessary. But they fail to understand that almost every single web page has links to other pages, flash videos, advertisers, scam sites, online video, links to messenger, facebook, photo sharing sites. Some of these are secure connections so that involves other ports. Some play music - now we have other streaming protocols. They also use Windows update service and usually Messenger - which itself uses several protocols and many ports.

    That is why QOS rules tend to get quite complex after several months of hard use, even for a home system with a couple of users. A single user is OK, he knows what he is doing. Add another user, and immediately one of them gets annoyed when the other gets his windows update or downloads his email !

    So, we use QOS for a variety of reasons. What I have to do in residential buildings is to KEEP THE SYSTEM RUNNING when a hundred are so people are all trying to use it at the same time. To do that it is often necessary to limit some types of traffic, this is a trade-off. How much you need to do this depends on your own system. That's why you need to understand it and tweak the settings yourself.

    While reading this series of article it is important to remember that they were originally separate posts - some of which have now been bundled together, so please forgive any repetition or duplication of information.

    This link is a useful place to find answer to a lot of common problems


    The author has been involved in setting up WiFi in several large residential blocks, where it was important that the result not only worked but was simple to maintain by reception staff. What was achieved has surprised many people here, including myself.

    Ever sat in an internet shop, a hotel room or lobby, a local hotspot, and wondered why you can't access your email? Unknown to you, the guy in the next room or at the next table is hogging the internet bandwidth to download the Lord Of The Rings Trilogy Special Extended Edition in HDTV format. You're screwed - because the hotspot router does not have an effective QOS system. In fact, I haven't come across a shop, hotel, or an apartment block that has any QOS system in use at all. Most residents are not very happy with the service they [usually] pay for.

    So what is "QOS" ??

    A "QOS" (Quality Of Service) system is a firmware strategy used in a router connected to the internet gateway to allow it to give priority to those applications which are important. Without it, anarchy rules, and the downloader will usually wreck the internet access for everybody else.

    The normal systems installed in hotspots and residential buildings use a simple router with no QOS, running splash screen and access portal software, and a bunch of AP's nailed to the walls. The user often has to buy a card with an access code, and somebody makes heaps of money out of administering the access controls. Unfortunately, the actual web access is so slow and congested as to be unuseable, the router regularly fails, and everyone in the block is angry and feels cheated.

    It doesn't have to be like this!

    Almost all normal SOHO (small office/home) routers have no real way to prioritise applications and make sure that P2P downloaders do not take over. However, some routers which happen to run Linux as an operating system can use third-party firmware (software) to turn a cheap lump of plastic into something akin to a professional router. All for around 50 - 100 dollars! And hotspot owners, cafes, hotels can also use them to provide a superior WIFI system to that which they currently have. That firmware, is called TOMATO - and it was written by Jonathan Zarate and subsequent developers have been adding to it ever since.

    It is quite easy for residential block owners to install and run a system themselves, with the benefit that the web access works well, and they don't have to pay anyone for a third rate access control service. And best of all - it doesn't have to be prohibitively expensive :biggrin: A side benefit of installing what is in effect a wireless network covering your building, is that you can also use it for other purposes. For instance, I also have a 32 camera security system online.

    Now, you don't have to use expensive equipment. The Linksys WRT54GL is adequate for most purposes. We aren't aiming to supply ultra-high-speed internet to all users, and ADSL lines from 2 to 5 Mbps are available easily and cheaply in most countries. This will provide adequate service for most users. 8 and 16Mbps lines will be better, but not so much as you might think! Most users will never see any difference. A router with a bit more memory is useful and more stable, try to get the ASUS WL500gP v2 (32MB RAM, 8MB Flash). Even better - if you can get the WRT54G-TM, which is a router that also has 32MB RAM and 8MB Flash, and also runs nicely overclocked to 250MHz. It's faster than the ASUS WL500gP v2, the wireless is better. and would be a better router for this application.

    Faster and better routers will become available as time goes by, but we do need to be able to run Tomato on it. Tomato, a third party firmware which uses Linux, is the secret of getting this stuff to work properly in an apartment block using cheap hardware. On a WRT54GL clocked at 250Mhz, 1,000 mixed connections, but mostly P2P, usually results in a CPU load of about 20%. At this level, it's still fast.

    JANUARY 2010

    The ASUS RT-N16 router is now available in most counties, it is clocked at 480MHz and has 128MB of RAM. Teddy Bear is the first to port Tomato over to it - and even the first "beta" is stable. Keep an eye on this thread From now on, it would be best to use this for the main router and WRT54GL for AP's. There seems little point in type "N" AP's unless they operate on the 5GHz band, due to interference problems. A "G" 54Mbps connection is going to be the standard for some years yet, and for many reasons will be the best solution.

    You'll need more access points, just use more WRT54GL's and set them up as AP's wired with CAT5e cable to your main router, via switches if necessary. For God's sake don't try to do it with WDS. There is a very severe speed and reliability penalty even with a single WDS connected AP, with a couple or more you will be lucky to download anything this century.

    If you wish to use the network in your building for other purposes too, such as office, security cameras, then it might be a good idea to use gigabit switches, otherwise at the moment they aren't necessary and are more expensive.

    You may find cheaper AP's but the twin external antennas on the WRT54GL's and the ability to set higher transmit power have been an advantage for me. The additional information given by using Tomato firmware on the WRT54GL even when used as an AP is an invaluable tool for faultfinding.

    This is the easy part of the setup. The rest is up to you to get right and maintain.

    Tomato firmware has the most effective and configurable QOS of any SOHO router around. If you have a real need for QOS to control multiple users, you will find DD-WRT etc. almost useless.

    The secret of a successful residential system is the ability of Tomato's QOS to allow you to actually share your ISP's service between all of your clients, hence the title of the first article. And the methods used here can and will work for anyone, what will work for a large residential system should work just about anywhere else, just modify to suit your needs.

    Now, a warning - you'll find some people tell you that you cannot do this job with a small SOHO router, with or without Tomato firmware, because there are too many users. Please don't think about the number of users because it doesn't matter. The overall throughput is limited by the connection to your ISP and it makes no difference if you have one user or 100, as long as the firmware can handle the overall number of connections and throughput. Tomato makes this possible. In fact, many of my colleagues have been replacing their business Cisco routers with routers running Tomato, because they are just too difficult for them to administer.

    Let's begin by making some things a little clearer for newcomers to Tomato.

    "Incoming" versus "Outgoing" QOS

    Unfortunately many posts on the subject of QOS confuse people, especially newcomers, into misunderstanding what the router's QOS is, what it is NOT, what it is used for, and what it can really achieve if understood and used properly. QOS runs on the router connected to the internet gateway or ISP. It works on the WAN (Wide Area Network) port or Internet port.

    NOW - let's get this straight. There isn't a "QOS for Upload" or a "QOS for Download" in Tomato :wall: Tomato's QOS system operates on outgoing data, but it also has class limits on incoming data which can be used to drop packets, and cause link stabilization, at those class limits. We use both of these as part of QOS.

    This ongoing battle seems to arise from the fact that the QOS system operates on outgoing traffic. Therefore, many people do not understand how it can manipulate the situation to controlINCOMING traffic. So they confuse everyone by swamping the forums with comments like "QOS doesn't work" and "the Incoming QOS is rubbish" - etc. This actually makes me extremely angry, because it is just not true. If it were true, then none of the people in the apartments I administer could use the internet. So throughout these articles you will find warnings to disregard posts by such persons. I'm an engineer, I believe in things that work, and only if they work.

    QOS would actually be of no interest whatsoever to us unless it helped us with our incomingdata flow. It really doesn't help to look at it as either "incoming" or "outgoing" QOS. Those people who keep insisting that because QOS only works on outgoing traffic (uploads) then it's useless, are missing the whole point. I must stress this, because there are hundreds of people making stupid statements like this in the forums and unfortunately, too many people believe what they are saying. These people are spreading misinformation, based on ignorance. You CAN control incoming data to a great extent, but there's no "magic button". You have to learn how to do so.


    and also, adopt this philosophy:

    Router QOS is best viewed as an OVERALL strategy for improving your flow of data.

    So HOW does the router's QOS work, how does it make any difference to incoming traffic - if it only acts on the outgoing data?

    Well, it's actually very simple.

    Take this analogy. Suppose there are a thousand people out there who will send you letters or parcels in the mail if you give them your address and request it (by ordering some goods, for example). Until you make your request, they don't know you and will not send you anything. But send them your address and a request for 10 letters and 10 parcels and they will send you 10 letters and 10 parcels. Ask for that number to be reduced or increased, or ask (pay!) for only letters and no parcels, and they will do so. If you get too much mail, you stop sending the requests or acknowledgements until it has slowed down to a manageable level. Unsolicited mail can be dealt with by ignoring it or by delaying receipt (payment) and the sender will send less and give up after a while.

    In other words, you stop more goods arriving at your house by simply not ordering more goods!

    If you have letters arriving from several different sources, you stop or delay sending new orders to the ones you don't feel are important.

    That's it!

    The amount of mail you receive is usually directly proportional to the requests you send. If you send one request and get 10 deliveries, that is a 1:10 ratio. You've controlled the large amount of deliveries you receive with only the one order which you sent. Sending 1,000 requests at a 1:10 ratio would likely result in 10,000 letters received - more than your postman can deliver. So based on your experience, you can figure out the ratio of packets you arelikely to receive from a particular request, and then LIMIT the number of your requests so that your postman can carry the incoming mail. But if you don't limit what you ask for, then the situation quickly gets out of control.

    It's not a perfect analogy, sure, but router QOS works in a similar way. You have to limit the requests and receipts that you send - and the incoming data reduces according to the ratio you determine by experience.

    The problem is you can have no absolute control what arrives at your PC - because your router does not know - and can never know - how many packets are in transit to you at any given time, in what order, and from what server. The only thing your router can directly control is what you SEND, see what comes back, and then respond to it. And the QOS system attempts to influence your incoming data stream indirectly by changing the data that you SEND in much the same way that you can control incoming mail simply by reducing your demand for it.

    That is the whole purpose of the router-based QOS systems, and that is why it they have been developed, not merely to control uploads! However, you can't just check a magic box marked "limit all my P2P when I am busy with something more important" - you have to give clear instructions to the router in how to accomplish your aim. To do this it is necessary to understand how to control your incoming data by manipulating your outgoing requests, class priorities, and receipts for received packets. Added to this we also have the ability to shape traffic by using bandwidth limits on outgoing total traffic, and also on the incoming individual traffic classes. Then we have to also consider UDP packets (rather less easy to control) and how to effectively control applications that use primarily UDP (VOIP, Multimedia etc). Depending on your requirements that may take hours or months to get working satisfactorily.

    Something has to be said, so I'll just come right out and say it:

    The default QOS rules in Tomato are almost completely useless and should be immediately changed.

    The worst problem is the feeble attempt at classifying P2P. P2P cannot be classified by the means shown - assuming that it will be using ports 1024-65535. Neither does using IPP2P or L7 filters (as used in most SOHO routers as the usual way to magically "LIMIT ALL P2P". That is just advertising BS for the nice glossy box. The only way that does work, is to set a default class, (I use class D) and then delete ANY rule pertaining to P2P. Then address everything that you REALLY want to use on your system by placing them in higher classes. Now, anything that is NOT addressed by one of your rules, will bypass them and end up in your default class D. This will include P2P!

    Next you have to define the rule for your DEFAULT class as mentioned above, so decide what you actually want to do with P2P. Usually we want to permit some but prevent it from hogging the bandwidth. As an example, set outgoing rate and limit to 1% and 5%. Set the incoming class limit at 50%. Now you should see it throttled. After this, you can adjust it to suit your own needs.

    The rest of these articles will expand on this, and show you how to effectively control your traffic.

Recent Reviews

  1. cybrnook
    Great read Toastman
  2. Toxic
    Great Tutorial for Tomato Firmware!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice