Simplifying QOS for faster speed

Discussion in 'Tomato Firmware' started by danielhaden, Nov 1, 2018.

  1. danielhaden

    danielhaden Network Guru Member

    Name     Promotion, Limit/Cap  Classifications
    01.Exempt      15%, 100%       DNS Service
    02.Max         13%, 100%       VOIP and Game ports
    03.Premium     10%, 100%       less than 1k, 80,443
    04.Express      7%, 100%       Streaming video
    05.Quick        5%, 100%       1k to 512k, 80,443
    06.Medium       0%, 100%       512k and more, 80,443
    07.Default      0%,  75%       less than 1k, unlisted
    08.Slow         0%,  50%       1k to 512k, unlisted
    09.Crawl        0%,  25%       512k and more, unlisted
    10.Punish       0%,   1%       

    *It is fastest if the promotion (minimums) column sums to less than 100% total.
    *The limit/cap column is not dynamic--it is a fixed limit (persistent slowdown) for only the matching classification, so that's why I didn't put a limit on web browsing (100% is full speed). However, for gaming use, it is necessary to use limit column for deciding what 'pays for' using QOS, and what doesn't.
    *Items marked unlisted, go at the bottom of the classification list and in the same order.
    *It is possible to fill the standard Tomato QOS with these replacement names and values.
    *The main intent of this simplifying is for speed; but, after that you can add to it.

    I've been using this QOS at home, along with very few classification rules. The classification page needs cleaned up, by using a reduced ruleset. The effect of this simplifying/streamlining has been web browsing much faster--quite competitive with other routers.

    Accessory firewall script
    iptables -I INPUT -s -m connlimit --connlimit-above 150 -j REJECT
    This prevents router stalling from retry floods, badly programmed torrent clients and other connection runaway. To use the script, you'd want to set your timeouts, udp 60 or less, and tcp 600, so that disused connections are cleaned out before the allotment fills.
    Last edited: Nov 19, 2018
  2. danielhaden

    danielhaden Network Guru Member

    Opposite of the automatic example above--here's extreme favoritism instead.
    Name     Promotion, Limit/Cap  Classifications
    01.Exempt       1%, 100%       DNS Service
    02.Max         48%, 100%       VOIP and Game ports
    03.Premium      1%,  95%       less than 1k, 80,443
    04.Express      0%,  85%       Streaming video
    05.Quick        0%,  90%       1k to 512k, 80,443
    06.Medium       0%,  80%       512k and more, 80,443
    07.Default      0%,  75%       less than 1k, unlisted
    08.Slow         0%,  50%       1k to 512k, unlisted
    09.Crawl        0%,  25%       512k and more, unlisted
    10.Punish       0%,   1%       L7 microsoft, 80,443
    You could set the master download rate at actual speed, so there's no packet drop for exempt and max. Then, the QOS margin is made up for with the limit column. You could put a work-from-home VPN laptop (or game) with a Max priority classification. This example only works if you can identify an application that is more worthy than everything else.

    Unlike the example in the first post, this one will show a slightly lower speed on internet speed tests and file downloads; however, it won't slow down web browsing unless a Max priority classification is in use.
  3. cloneman

    cloneman LI Guru Member

    Interesting post. Why do you give so little "Promotion" though? This seems to me like it would starve those 0% classes. On shibby the minimum is 1%, I don't know how you got 0%.
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    Based on my experiments with connlimit for SMTP back in the good old days when the worst you could expect an infected to do was send spam, the connection limit is based on whatever the source is of the rule is. Since your source is a subnet, that would mean the entire subnet is limited to 150 connections.

    Based on how the rule is written it would seem to indicate if the source is then there are only 150 connections allowed. It doesn't say is allowed 150 connections and is allowed 150 connections, all of is allowed 150 connections.

    Back in the day I had people unable to send mail because the total number of SMTP connections had exceeded my limit of 25. If this was a per client basis 25 is plenty. Gobs even. But if you have more than 25 people trying to send mail at the same time then connections start getting rejected.

    Based on some searches just now I discovered the option --connlimit-mask which seems to do exactly what we'd be after.

    Set it to 32 to limit conntrack to monitoring hosts individually. Set it to 0 to apply to all traffic. ( vs. subnet masks)

    The trick is to test it and see if it works before sticking it into firewall/scripts. Paste it into an ssh/telnet session and see if it blows up. If it does, reboot, rule goes away. If it works as intended paste into scripts, save, reboot, enjoy.
    danielhaden likes this.
  5. danielhaden

    danielhaden Network Guru Member

    0 is for those versions that have an off/none in the list (for lighter cpu load). However, if your minimum is 1, just raise the example by that much. The promotion/minimums column works by slowing down everything else; so, if the sum total of that column is as much as 100, it means to slow down everything. This is checked with page load timings. You can check with a photo archive site and auto scroll with the mouse middle button, to see if there's blank screens scrolling Or lots of photos flying by.
    click center mouse button, see how fast you can scroll without missing a photo, and then what is your speed in cats per second?
    Last edited: Nov 5, 2018
  6. danielhaden

    danielhaden Network Guru Member

    It is really hard to tell if adding '--connlimit-mask 32' does anything differently from the connlimit default behavior, which is, per client. Would you help in testing it? Currently in my router, I've got:
    iptables -I INPUT -s -m connlimit --connlimit-mask 32 --connlimit-above 150 -j REJECT
    This doesn't prevent Tomato, DD-WRT and Gargoyle from reporting in excess of 150 connections in the gui. However, it does prevent persistence of a connection overload, by cutting the overload timeframe down to about 2 minutes.
    So, not exactly what we thought it would do; yet, very helpful indeed.
    Last edited: Nov 7, 2018
  7. cloneman

    cloneman LI Guru Member


    Do you have any simultaneous competing traffic when you do this test? Your "promotion" column should not have any effect unless you are running traffic in multiple classes at once
  8. danielhaden

    danielhaden Network Guru Member

    Thank you for quoting my funny page speed test. Timing-centric tests like that are a great way to judge success or costs of QOS. It is a lot more relevant than a bandwidth test or a bandwidth expenditure, since responsiveness has an effect on utilization.

    I did try with and without other concurrent workloads.
    However, my main effort wasn't in comparing Tomato with itself.

    Actually, I was working on the problem of Tomato QOS not competing well against DD-WRT/broadcom and Gargoyle/atheros QOS, for speed. The problem is the Tomato QOS default settings is a hoarder's mess that costs performance. However, most attempts to clean up Tomato's QOS results in highly competitive performance.
    Last edited: Nov 6, 2018
  9. Monk E. Boy

    Monk E. Boy Network Guru Member

    It's rather amazing what a simple size-based QoS system will do. So category 1 are all connections under 512KB. Category 2 are connections 512KB to 1MB. Category 3 are connections 1MB to 5MB. And category 4 are connections over 5MB. So as a connection transfers more data it progressively gets lower priority. This generally works well because connections that transfer small amounts of data generally require quick responses (e.g. DNS, NTP, ICMP) while the largest connections (e.g. streaming video) are more tolerant of minor bandwidth hiccups. You can skip the whole TCP/UDP and just use any protocol any connection and strictly define them by the amount of data transferred.
  10. danielhaden

    danielhaden Network Guru Member

    Like this?
    1.   10%, 100%    up to 1k
    2     3%, 100%    up to 512k
    3.    1%, 100%    up to 1MB
    4.    1%, 100%    1MB and more
    _.   n/a,  n/a    no rules assigned to it
    _.   n/a,  n/a    no rules assigned to it
    _.   n/a,  n/a    no rules assigned to it
    _.   n/a,  n/a    no rules assigned to it
    _.   n/a,  n/a    no rules assigned to it
    _.   n/a,  n/a    no rules assigned to it
    Last edited: Nov 8, 2018
  11. danielhaden

    danielhaden Network Guru Member

  12. ghoffman

    ghoffman Network Guru Member

    @danielhaden - where do you enter the table with promotions, limits, and priorities?
  13. danielhaden

    danielhaden Network Guru Member

    The Tomato QOS page lists promotions as Minimums (those are dynamic as in nearly automatic).
    It is probably best to keep the limits column at 100% (no limit), at least during initial QOS setup (limits are fixed reductions, so avoid that).
    The remaining portion is found on the QOS classifications page, and that mess usually needs simplifying.
    On the classifications page, each rule may cost against cpu speed; so, what you will enjoy most are few rules that spare the cpu, as in 'earn their own keep'
    Last edited: Nov 18, 2018
  14. rgnldo

    rgnldo Networkin' Nut Member

    I'm not finding this path on the rom. Please detail your post.
    danielhaden likes this.
  15. danielhaden

    danielhaden Network Guru Member

    Due to somewhat more difficult install, I removed that bit from post#1. This thread is about simplifying, so that helped. Thanks!
  16. danielhaden

    danielhaden Network Guru Member

  17. cloneman

    cloneman LI Guru Member

    I don't like the minimums at 1% there. It introduces opportunities for bandwidth starvation. The SFQ and fq_codel automatically prioritize smaller traffic, to some extent.

    Without getting too deep into the rabbit hole, I usually give most classes at least 10% minimum, especially the bottom ones.
  18. danielhaden

    danielhaden Network Guru Member

    Interesting! I didn't find fq_codel on my mips router. Perhaps the function is somewhat different?
    I should have mentioned the point:
    I wanted a 2-rule automatic qos, like Gargoyle's however, to get best speed (full line rate), it happened to need 5 rules. The 5-rule QOS does high speed packet ordering for fast responsiveness. I like the super-quick browsing. It probably works for games too. It seems that the point wasn't in using QOS in the traditional 'enforcement' way; but, rather repurposed as a modern go-fast 'lagbuster' service (the modern assumption about what QOS is for).

    As for using it as a go-fast lagbuster, perhaps I should have tried the Inverted form, which is where the default is highest priority and the rules list has only the items that you'd want to go slower than maximum. Conveniently, QOS works that way natively--speed up rules don't exist, so default fastest makes sense. I've been thinking over that option because it might the ruleset a lot shorter (because things to slow down is a very short list). :) Ever tried it that way?
  19. qamartheone

    qamartheone Networkin' Nut Member

    which router u got?
  20. danielhaden

    danielhaden Network Guru Member

    E-4200, E-3000, E-2000, WRT320n, WNR3500Uv2, WNR3500Lv2, R6300v1, are some of my Broadcom mips collection. Although I have quite a few other options, I like the features of low heat, no lag and no maintenance.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice