Rapidshare QoS

Discussion in 'Tomato Firmware' started by popcornmix, Jan 30, 2009.

  1. popcornmix

    popcornmix Addicted to LI Member

    Has anyone managed to set Rapidshare (or other HTTP download) to low priority whilst leaving HTTP browsing high? The Rapidshare and browsing are on same machine.

    I've tried added rules based on dest IP addresses, but Rapidshare has many ranges, and when using a download manager, multiple addresses are used. I've added about 20 ranges to QoS classification rules, but there are always more.

    Is there a better way of distinguishing Rapidshare? Could I proxy Rapidshare (maybe through router) to get a different source IP address?
  2. michse

    michse Addicted to LI Member

    limit your traffic like

    Dst Port: 80,443
    Transferred: 512KB+

    and when you watch a site, it goes fast, when you upload more than 512KB, it slows down. I think, its preset in tomato.

  3. popcornmix

    popcornmix Addicted to LI Member

    I do have that rule in QoS, but I think it applies in wrong direction.

    I'll never send 512K to Rapidshare - I'm downloading.

    Basically when downloading (which saturates my incoming bandwidth), web browsing gets slow, and ping times are high (say 300ms).

    If I limit incoming bandwidth to, say, 80% of what's available, the ping times improve, but without classification, the router is presumably discarding both Rapidshare (which I'm happy with) and web browsing data (which I don't want).

    How can I just apply incoming bandwidth restriction to Rapidshare?
  4. peyton

    peyton Network Guru Member

    Use the layer 7 for rar files as i don't think you're downloading others. :tongue:
  5. popcornmix

    popcornmix Addicted to LI Member

    That sounds like a possibility. I'll give it a try. Thanks!
  6. michse

    michse Addicted to LI Member

    qos works only in upload direction. you find a lot of discussions in the forum. l7 with rar is not working in download direction. read something about tcp vegas, maybe this is what you need.

  7. az2008

    az2008 Addicted to LI Member

    I've read that TCP Vegas only operates on outbound traffic. It could affect inbound traffic by slowing down outbound acks, etc.

  8. az2008

    az2008 Addicted to LI Member

    It would be helpful if you could get a Wireshark capture of that connection when it first opens, and the post to the L7 developers list.[1] The maintainer is eager to improve things like this.

    You'd also want to provide the L7 pattern used by Tomato (just in case it's not current). It can be found in /etc/l7-protocols on your router.

    [1] https://lists.sourceforge.net/lists/listinfo/l7-filter-developers

  9. popcornmix

    popcornmix Addicted to LI Member

    So does the L7 rule apply to inbound (downloaded) data?

    I have found setting all port 80 traffic to class E with an *inbound* bandwidth limit of about 75% not only makes the ping times snappy, but seems to make the web browsing better than without an inbound bandwidth limit.

    Does that make any sense?
  10. az2008

    az2008 Addicted to LI Member

    I think so. I use RTP (the rtp-2 filter which was fixed about a day before Tomato 1.23 was released). My inbound VOIP traffic is caught by the QoS classification.

    Keep in mind that inbound QoS causes controversy among some. It's not "traffic shaping." Just an attempt to slow down the sender by delaying acknowledgments, discarding packets, etc. (For me, it works very well as tested by placing a call, and saturating my download bandwidth using a speed test at www.speedtest.net).

    But, for the purpose of L7, it's just used to identify traffic. It doesn't do anything to shape traffic.

  11. popcornmix

    popcornmix Addicted to LI Member

    The L7 RAR rule did seem to classify some connections. (I could see some rapidshare IP addresses in class A due to the rule), but it didn't seem to get all of them.

    I guess you need the start of the rar file to identify it, so resuming and using multiple connection download managers will break that.

    Internet Download Manager allows a proxy address to be used for downloading. Is it possible to run a proxy on the router? (and so distinguish the connections using the router's IP address as source).

    I've looked at using SSH which I get running as a SOCKS proxy for Firefox, but IDM just wants a HTTP proxy. Can I run that on router?
  12. pharma

    pharma Network Guru Member

    Out of curiosity, do you see any "4226" tcpip errors in your windows event log? If so your problem might be related to the number of "half open connections" allowed by the Windows operating system.

  13. popcornmix

    popcornmix Addicted to LI Member

    I did install the half open connections fix when searching for causes of slow internet. Looking at the event log shows it worked - there are a number of these warnings before Christmas, but none since.

    Anyway, the ping times are the same from router as from PC, so I don't think it is just a PC problem.
  14. Planiwa

    Planiwa Network Guru Member

    Understanding Connections

    (simplified -- corrections invited):

    While any particular (iptables) rule invocation is triggered by and applied to a packet, parts of that rule refer to the connection that the packet belongs to. A connection is like a conversation, and each packet is like an utterance. Like a conversation, a connection has two participants and two flows, one in each direction.

    The essential data in a connection, as maintained in the conntrack table, are as follows:

    [B]Protocol   Status   Time-To-Live
    Source-IP  Destination-IP   Source-Port  Destination-Port[/B] (initiator's flow)[B]
    Source-IP  Destination-IP   Source-Port  Destination-Port[/B] (responder's flow)
    Of those essential values, the only two that change during the course of the connection are Status and TTL.
    Each time the connection is active, the status is updated, if it has changed, and the TTL is set to the timeout value for the status. While the connection is inactive, the TTL value decreases by 1 each second. When a connection's TTL reaches 0, it is removed.

    Thus, in the rule above, presumably the Dst Port is that of the original responder, i.e. the distant web server's web port. The bytes transferred presumably apply to the entire connection, i.e. predominantly the flow from responding server to initiating client.

    An (almost expired) ordinary connection may look like this:

    src= dst=321.98.235.70 sport=2279 dport=80 tcp 6 8 TIME_WAIT
    src=321.98.235.70 dst=987.171.158.140 sport=80 dport=2279 [ASSURED] use=1 mark=2

    It's a little more complex because of NAT, and it gets really interesting when the initiator is on the outside and the responder on the inside, as with port-forwarding, or mediated peerage:

    src=321.238.25.95 dst=987.171.158.140 sport=25506 dport=24981 udp 17 5
    src= dst=321.238.25.95 sport=24981 dport=25506 use=1 mark=266

    With two flows and two sources, it seems that sometimes it is assumed that the source is the initiator, whereas at other time it is assumed that the source is the near one, rather than the far one. Trouble comes when the initiator is far, as is likely with p2p. (Which assumption does Tomato make?)

    More modern Connection Trackers maintain byte counts and packet counts for each flow, but Tomato's conntrack does not. This raises the interesting question of how Tomato's QoS handles this matter. (Look for bcount in /etc/iptables).

    Can someone please explain how that last part works?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice