Exempt Traffic from QoS?

Discussion in 'Tomato Firmware' started by WRD - EasyTomato, Aug 9, 2013.

  1. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    People were talking about it way back when in this post. Does anyone know if you can do it?

    There is a similar situation where traffic to a specific server (static IP) needs to be exempt from all QoS limits.
  2. Porter

    Porter LI Guru Member

    Could you tell me something about your setup? How is the WAN port being configured? I guess it isn't PPPoE then?
  3. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    It's not my setup so I'm not sure. I'm trying to help out someone in a clinic in Africa who needs to exempt some traffic.

    If anyone knows a quick way to do this in the QOS settings great, but changing their setup isn't an option.

  4. Porter

    Porter LI Guru Member

    The problem is that the description in the post you gave was very incomplete. With a setup as described there, it should be impossible for QoS to work, because there is no ppp0 and therefore no outbound shaping. But to be honest I have no idea what would happen if you told Tomato to just connect two networks together.

    Please get a screenshot of Basic/Network and better even an output of ifconfig.
  5. Malitiacurt

    Malitiacurt Networkin' Nut Member

    He's the creator of a Tomato mod and one of his users wants to implement this. The solution should not be relevant to the specific setup since ideally it should be implemented on the firmware for most setups, not just a specific one.

    Also, why would the WAN type connection affect the QoS rules. Have you ever even looked at how QoS is implemented, or how basic iptables rules are categorized? I'm not advanced enough to know the solution to his question but even I know you're talking nonsense.
  6. Porter

    Porter LI Guru Member

    Are you trolling me or are you really this ignorant and impolite?!
  7. Malitiacurt

    Malitiacurt Networkin' Nut Member

    @WRD - EasyTomato

    I think the solution is similar to how NeoPolus implemented the homeserver_ip here: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=3100&start=45

    Eg the command:
    iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HTTP_PORT -j MARK --set-mark 3 
    In your case you'd have to mark it as highest priority, or create a class that's allowed to use 99% while the rest use 1%, etc. I haven't found iptable rules bypassing the QoS entirely by IP.

    @Porter WAN type connection fits where in this? Sorry but I was neither trolling or ignorant.
  8. Porter

    Porter LI Guru Member

    I am pretty sure that ppp0 is being hardcoded into the source, i.e. it isn't dynamic. So when you switch your WAN connection to Static or DHCP it might be that there is no ppp0 device. Then of course QoS in outbound direction isn't working and the NAS should be reachable at full speed.

    When you have a setup without ppp0 it probably doesn't make sense to use QoS at all because the bottleneck usually is at the router that is connected to the internet. This one should use QoS and not the one that is probably connected via 100Mbit ethernet or more.

    And that's why I'm asking.
  9. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    As long as the QoS system is before the bottleneck, shouldn't the system work?

    My understanding was that the current QoS ideally becomes the bottleneck, and then the scheduling/traffic shaping system sets priorities and limits. Isn't that why the Tomato QoS breaks down with the variable performance of wireless devices and when ISPs vary the allowed throughput from moment to moment? This problem is part of the rationale for the system used in cerowrt and the modern Linux kernel, isn't it?

    I'm not trying to argue here, just trying to better understand the theory.

    As for the original question of exemption of a device (or group) from QoS, any chance they have a second router available? Could a Tomato router act as QoS-enabled AP? If so, then exempt device(s) could connect to a gateway router without QoS, and all others could connect to the Tomato router with QoS. If you're talking about a medical clinic in Africa then I'd happily donate an old router to the cause if shipping isn't too outrageous. (Edit: may create a double NAT problem... Never mind.)

    Honestly I don't understand why one would exempt a device from QoS, breaking the system. One would ordinarily assign guaranteed minimum bandwidth but still control traffic, no?
    Last edited: Aug 13, 2013
  10. WRD - EasyTomato

    WRD - EasyTomato Networkin' Nut Member

    So we're not trying to exempt a device, rather specific traffic coming from any device.

    Again I don't have a lot of details and changes to their local setup isn't possible, but there is a server that is past the WAN port but is still before the sat modem. What is wanted is that any communication to/from that server and local computers is full speed (not 100% of QOS limits, which will be a tiny % of LAN speed) while all other traffic falls under QoS limiting.

    I thought that perhaps making a rule targeting traffic to and from the server's IP with class disabled would work, but apparently it didn't.
  11. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yeah, class disabled just disables the rule.

    One of these days when my head stops spinning and family members stop dying :( I'll start into a better understanding Tomato's QoS system.
  12. cloneman

    cloneman LI Guru Member

    One ugly workaround that comes to mind is to use QoS in a way that is very punitive for undesirable traffic. Basically, this means using only 3 classes on your setup.

    Let's assume 100mbit NAS, and 10mbit wan. We have "nas traffic (1)", "high priority wan traffic (2)", and "bulk traffic"

    You'd set your global limits to 100mbit, and high priority maximum 7%, with a minimum of about 6%. This would guarantee 6mbits for your important internet traffic, even when NAS traffic is excessive.

    Finally, you'd have a class for your bulk traffic that is allowed no more than 2% maximum,. This would highly limit the speed that this class can do, but then sum of your internet maximums ( 7 + 2) would equal 9mbit and therefore would never exceed the speed of your WAN, therefore QoS would work. (maybe?)

    This would create:

    7mbits maximum for important traffic at all times
    2mbits maximum for bulk traffic at all times

    100mbits for NAS traffic

    It would be very beneficial to know what type of internet-bound traffic we are trying to control, maybe we could come up with a more efficient ruleset. The basic concept though is to break down your internet needs into 2 classes only, and ensure the sum of the maximums fall just below your actual WAN link capacity.
  13. Toastman

    Toastman Super Moderator Staff Member Member

    Late replying to this thread, sorry. Busy.

    I personally would never allow the option to exempt a user or device from QOS. If you do, you have essentially broken QOS, allowing any unwanted apps or viruses on that machine to take all of the hosptal's bandwidth. I can't see why he would want to do that. Am I missing something?

    But.. ... this was cut from another website from some while back, it apparently worked well, basically it is the method cloneman suggests but using all other classes/rules as normal.

    This way, you place the wanted traffic in a high class priority, and any unwanted stuff running on any machine including the server will still be controlled by QOS.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice