Using QOS - Tutorial and discussion

Discussion in 'Tomato Firmware' started by Toastman, Dec 24, 2008.

  1. Monk E. Boy

    Monk E. Boy Network Guru Member

    As I recall QoS only binds itself to the WAN interface. Or, at least, it only applies to traffic using the WAN port.

    If you want to roll your own QoS that applies to VLAN to VLAN traffic you can, but you'll have to do it all by hand... and I don't think it'll show in the GUI. The VLAN builds are flagged as experimental for reasons like this.
  2. cloneman

    cloneman Addicted to LI Member

    Hi Guys,

    I've completed / compiled my recommendations and tips based on everything I've learned from here. This is how I proceed to set things up, for the basic settings page. First I delete everything on the classification page, and change all the rulenames.



    1) Classes on top steal bandwidth from the bottom ones

    2) Classes on bottom should have a high maximum (usually 100%), since top ones will steal if they need to.

    3) When in doubt, use 1 to 5% minimums in general.

    4) The sum of all minimums should not exceed 100%. When in doubt, keep them all low.

    5) At your leisure, use larger minimums (10% - 20% perhaps) for some important lower classes, like the default class such that we prevent upper classes from stealing ALL their bandwidth.

    6) for your top classes, set low maximums as needed. Typically, gaming and VoIP do not require a large amount of bandwith. Setting a high maximum does not give better latency, and if something malfunctions (misclassified app), the erroneously identified top-class will steal lots of bandwidth from the lower classes.

    7) DSL Settings (ATM overhead compensation) is only for ADSL and ADSL2+. Not needed for cable or VDSL.

    Classification page
    use your own logic, and whenever possible using ports instead of L7 rules. You can verify if your stuff is being classified correctly using the graphs and connection details.
    Last edited: Jun 28, 2017
  3. gutsman7

    gutsman7 Networkin' Nut Member

    I personally would never give my class 1 no limit rule because it can break your whole qos. Say if a few pcs are downloading or streaming or uploading a big file on net it will make your dns latency increase alot and make your voip very laggy. That is of course if you are classifying http and https in class 1.
  4. Monk E. Boy

    Monk E. Boy Network Guru Member

    Yeah but, as he explains, he's not using any of the "No Limit" classes.

    I would still make class #1 be a "service" class with high bandwidth constraints, then assign that to DNS, NTP, etc. traffic. You're going to have a hard time performing VOIP operations without functioning DNS, that's why by default it's the highest priority category with minimal bandwidth assigned to it.

    The only time NL makes sense in terms using it in rules is when you assign all categories to be no limit for inbound or outbound. If you want inbound to be unlimited, just set all the categories to no limit.
  5. Porter

    Porter LI Guru Member


    I don't have much time right now so just a few things:

    I don't get why you want to purge everything from the classification page. Those are quite reasonable default filters. I haven't looked at every single one of them, but they seem to work fine. In my oppinion purging the filters is for the absolute pros only. Ok, if you just don't care a lot whether some of traffic ends up in the default class that's fine or you just want to filter by Mac address or something. But as a general rule of thumb purging doesn't make a lot of sense to me.

    It's the same with the classes: If you enable "Prioritize SYN/ACK/RST/etc." on Basic Settings there will be traffic in the highest class aka your 1_. I definitely don't recommend messing with this class. I don't even see a reason to reduce the number of used classes. There are scenarios where you want to use classes in a different way. But yours doesn't seem to one of those.
  6. CardinS2U

    CardinS2U Network Guru Member


    can you post everything you have set on your home network? I wanna compare it to me and see how well is mine set.
  7. cloneman

    cloneman Addicted to LI Member

    Well, my QoS has specific goals only for 4-5 applications, I don't trust having that huge ass ruleset, confuses the hell out of me.... good luck diagnosing lag with 40 rules.

    I've never tried to be honest. Figuring out QoS is very complicated i find, I had enough trouble with 3-4 rules. Now that I understand how everything works, I might be tempted to try more stuff, but I'm happy and I figure there's less CPU overhead with less rules?

    This is my classification page now (highly draft). I was told I forgot the VoIP RTP port, but it catches it anyway (magic?)


    I have my net.outgoing_port and net.outgoing_max_port customized in uTorrent. (7000 - 7005)

    Someone asked for my other settings, so I'm posting them as well (nothing too exciting here)

    Last edited: Jun 28, 2017
  8. CardinS2U

    CardinS2U Network Guru Member

    thanks......I'm not trying to accomplish much..just trying to find a best fit model taking here and there to make my own........theres always lag no matter what you play and configure.......

    casual web browsing is always fast for me with playing with games like league of legend so its less lag running full utorrent.
  9. milde

    milde Reformed Router Member

    Sorry if this has been asked before, but i´m not quite sure what to set for the Inbound, Outbound Rates / Limits.
    My Router is connected to my cable modem, which gets 90 mbps download and 6 mbps upload speed (tested with a few speed tests with a direct connection).

    There are several computers connected to the router using wlan and because of that the internet speed is at 30 mbps download and 5 mbps pretty much stable ( i couldn´t get the wireless speeds faster than 30 mbps but i´m ok with that).

    So do i have to use the 90/6 for the inbound/outbound limits or the 30/5?

    Since this is a wireless lan problem i figured i set it to 90/6, is this correct?
  10. Porter

    Porter LI Guru Member

    So you are saying that you _only_ have wireless clients?

    If that's true, then your real bottleneck is your wlan and it might be more reasonable to shape donw to 30/5. On the other hand, if your wireless clients are using servers on you LAN (for backups etc.) then you will still get congestion on your wlan interface no matter how great the 30/5 QoS works. You could shape on your wlan interface additionally. I've never tried this, though, but it's possible.

    Did you measure the 90/6 with QoS enabled? Just asking because it's very rare that you actually get these speeds with QoS enabled because QoS is straining the CPU of these small routers immensely and most people get less bandwidth. At this point people usually have to decide if their network get's so congested because of many users who use p2p (as an example) that they think they might still profit from less bandwidth but less congestion with QoS enabled or just disable QoS because their network does not have problematic users and doesn't get congested easily.
  11. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Is it 30mbps total with multiple clients active (I assume), or 30mbps from a single client? It's the total throughput in the LAN-WAN interface that you are shaping with Tomato QoS.

    You will be subject to latency spikes due to the bottleneck in the wireless interface regardless of the Tomato QoS settings. You may benefit from reducing txqueuelen to some minimal value on both the router and the clients. There are other changes you could potentially make in the clients depending on the OS involved.
  12. milde

    milde Reformed Router Member

    Thanks for your help guys.
    I measured the 90/6 without QoS, in fact, i measured it without a router. I just connected my laptop to my cable modem to check how much speed i am getting.
    That´s why i figured, i set the QoS limits to 90/6, since the router should get those speeds.
    I tried so many wireless settings (my router is the Asus RT-N16) and finally settled with my settings now, since every client gets about 30/5 and its very stable (N, 40Mhz, 2,4Ghz).
    The 30/5 was also measured without QoS.

    Everytime i measured, i was alone, so no other clients. I actually don´t know how it´s gonna be with 4 people downloading at the same time. All i know is, thanks to QoS, i can download things and the other guys can still watch Youtube or surf the web pretty well.

    Since i live with 3 other friends in a house with 2 floors, every client is wireless.
  13. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Glad it's working.

    Three things that may help if you want more throughput in the future:
    - USB WiFi adapter with high transmit power and, ideally, an external antenna for the clients
    - Powerline networking
    - If one of your friends has an old wireless router that can run third party firmware, then either set up WET bridge or use powerline to add the second router as a wireless (and wired) AP.

    Have fun!
  14. Monk E. Boy

    Monk E. Boy Network Guru Member

    While each client may get 30/5, you're not likely going to add up the bandwidth like you expect. All clients are participating in the same wireless network, so if one client can only get 30/5, then all clients are participating in a 30/5 network. The wireless bandwidth will get shared between clients - you don't have dedicated channels for each client, you have a shared channel between all clients.

    Wireless works similar to Ethernet, in that only one device can be active on a shared segment at any given time, and if two devices try to talk at once it causes a collision which means data from both systems is dropped and they both have to resend data after a random delay. Switches have hidden this collision aspect away in modern Ethernet, but it was present in older hub-based Ethernet.

    The values you put in QoS are speeds you've measured over a wired connection through the router with QoS disabled. Run multiple tests to multiple destinations and average them out. Deduct 15-30% from the average and that's the number you stick into QoS.

    That being said, with QoS enabled, you're not likely to get much more than 50Mb down (or up) with an RT-N16. After you have QoS configured you can try running more bandwidth tests, but unless you have a very sparse QoS rulebase it's likely going to peak a lot lower than 90Mb.
    Marcel Tunks likes this.
  15. milde

    milde Reformed Router Member

    Ok thank you again for all your help and advice.
    I think i have everything working fine now.
  16. DJarvis1

    DJarvis1 Addicted to LI Member

    just curios, i haven't set up q. o. s on my e2000 yet. but the aim will be dns, icmp(not sure what icmp is) top priority, then a class for gaming, browsing, media streaming, http.....bit torrent the absolute lowest priority.

    however some games (online mp) ps3 are this the same exact thing as bit torrent or slightly different..... not sure.

    Sent from my HTC One using tapatalk
  17. Porter

    Porter LI Guru Member

    Please just use the default config on the Classification page and add the stuff that your individual setup requires. Google and find out how your online games communicate, i.e. which port they are using.

    If you want to know whether you configured everything correctly, send screenshots of your Basic Settings and Classification page.
  18. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    In addition to what Porter said
    1. Setting up QoS is a matter of starting with a reasonable configuration, trying it out, and adjusting later if it doesn't suit your needs. The default config in Toastman and Shibby is a good start.
    2. What's your WAN speed? If you have a very fast connection, then you may lose a fair amount of throughput and possibly introduce some latency due to limitations of the CPU. Be sure to disable all the features that you don't need when you have it working the way you like, such as ethernet port state monitor, ip traffic monitoring, etc...
  19. tymbrwlf

    tymbrwlf Reformed Router Member

    I just installed Tomato (v1.28.7821 MIPSR1-Toastman-ND K26 Mini) on my Linksys WRT150N and I'm looking into setting up QoS. While there is a LOT of great info here, it is extremely overwhelming and frankly, I'm more confused now than when I started reading this thread. I'm sure it will click for me given some time.

    My question is this: Are the default QoS settings for 1.28.7821 a good starting point for a relatively standard home user? I play games (PC and XBox); I stream Hulu, Netflix, and Amazon; surfing, email, and VOIP (for my MagicJack). I have a 6 mbps DSL internet connection and while I am the only user, I do have two or three PC's doing different things on my home network.

    If I can just enable these and then tweak as I become more familiar with how it all works, I think it might start making sense more easily for me (obviously, I would disable the rules that do not apply to my usage like Camfrog and Teredo, etc).

    Again, thanks for the unbelievable wealth of knowledge here. I'm going to start back over on page one again now. :)
    Last edited: Aug 27, 2013
  20. Toastman

    Toastman Super Moderator Staff Member Member

    I just want to add something to clarify what your maximum bandwidth limits should be set to.

    I see several people advising to take the AVERAGE speed measurement from speedtest and then deduct, say, 15%. Several people who followed this advice have recently mailed me and told me their QOS doesn't work properly.

    The AVERAGE value is NOT what is required. You stand the risk of your QOS failing.

    Let us consider an example.

    Suppose that you have a 1/10Mbps line and can reach full speed for 12 hours each day.

    Suppose that in the evening/night, as demand increases, you can only obtain 500Kbps/5Mbps for the next 12 hours.

    If you take the AVERAGE value, (75%) and add this less 15%, (750kbps/7500kbps) think about what happens:

    1) In the daytime, everything is fine.
    2) In the evening whenever your throughput tries to exceed your ISP's nighttime speed of 500Kbps, QOS will no longer work. Your router will be trying to send at [750-15%] Kbps on a link that can only do 500Kbps. QOS will fail because it has the wrong setting.

    This will be noticed whenever you try to utilize high bandwidth. So under some circumstances when the router is not stressed you may not notice it.

    To reiterate - the figure that should be entered, IF you want your QOS to work reliably under ALL circumstances and at any time of the day, you must enter the MINIMUM figure that you obtained with your speedtests, less the usual 15%.

    In the above example, we would enter 425 / 42500, which would ensure that QOS works at any time of the day.


    When you do speedtests, you are trying to determine ONLY how fast your router can exchange data with your ISP. So, you should try several speedtest servers, and select the fastest one. That one is most likely to give you the approximate speed of data exchange with your ISP across your internet connection. Don't try several and use an average, that will result in the wrong setting and slower speeds. We aren't interested here in the speed of data exchange with a server in Timbuktoo. Usually, your ISP will have a speedtest server of it's own which will usually be the best choice (but not always).

    see post #1030 for more details.


    Marcel Tunks likes this.
  21. DJarvis1

    DJarvis1 Addicted to LI Member

    Hi, before i do any Q.O.S, gonna update first, from the looks of things i have this version currently:

    Tomato Firmware v1.28.9054 MIPSR2-beta E2000 vpn3.6
    Linux kernel and Broadcom Wireless Driver updates

    I`m looking at RTN NVRAM 60K MIPS2 1.28.7500.2 std.

    Is that one as up-to-date as i get for the e2000 ?....i see mentions of certain ppls `tweaks etc` in this thread occasionally and wanna make sure i update to latest possible...

  22. Edrikk

    Edrikk Network Guru Member


    I'm currently running Victek's 1.2h on my E3000. Everything is running smooth, with the settings being entered via GUI after a reset using the 'iMacro' Firefox Pluggin. (which automates entry from the GUI).

    I'm posting this question here as someone on the Victek thread recommended it...

    Going back as far as I can remember, when a torrent is downloading on my wired PC (in this example, 2 torrents, combined 12 seeds connected, roughly 100 peers; Combined download speed 50 kB/s and up 13 kB/s... I know it's a slow couple...), the following 'issue' is observed:

    The iPhones (a 4 on iOS6, a 4s, and a 5 on iOS7 [different people tried]) are not able to hold onto a FaceTime call with someone in another house who is on Wifi. I have tried putting the devices as 'voip' QoS and also with them not on QoS at all, and under both scenarios the same issue is observed.

    The other side says that the phone informs that that the connection has issues, and the video doesn't make it etc. Otherwise, my network appears fine. I can stream videos from web to a desktop (wired), youtube to a wireless, youtube to iphone, etc.

    As soon as I 'stop' the torrents, all is good.

    There is some wireless activity going on constantly (from a wireless 640x480 FOSCAM camera recording onto the same server where the Torrents are) which uses between 100 kB/s and 120 kB/s on the 2.4 GHz antenna (so roughly 960 kb/s).... Just a blip. No other wireless activity. And this remaining on doesn't impact the FaceTime by itself.

    The iPhones were tested connected to both the 2.4GHz (setup = "Auto") and 5.4GHz (setup = "N Only") antennae.

    The Router information with all this activity (still ongoing) is as follows:

    Model Linksys E3000
    Chipset Broadcom BCM4716 chip rev 1 pkg 10
    CPU Clock 480 MHz
    CPU Load 12.83%
    CPU Load (1 / 5 / 15 mins) 0.00 / 0.00 / 0.00
    Flash RAM Size 8 MB
    RAM Size / Free 60.03 MB / 46.71 MB (77.82%)
    NVRAM Size / Free 60.00 KB / 24.30 KB (40.49%)
    Additionally, things that take up SIRQ with little benefit (to me) are always turned off by me:
    - All logging = off
    - Ethernet port state = off
    - Bandwidth Limiter = off

    Disconnecting from Wifi on the iPhones and going off of LTE results in FaceTime working without issues (as it shows, as I assume Apple lowers quality for the bandwidth of LTE).

    My question is this: Should'nt the QoS result in the FaceTime to work despite the light torrenting? Additionally, (in my maybe mis-guided opinion) since the torrent up/down speeds are slow, and the number of peers is not too high, regardless of QoS, shouldn't this be sufficient for FaceTime to work?

    Any input / suggestions are welcome!

    Thanks in advance.
  23. Porter

    Porter LI Guru Member

    What type of internet connection and bandwidth are we talking about?

    Please post some screenshots of QoS/Basic Settings and Classification. This is mandatory.

    What do you mean by "in another house"? Is this in your local network (meaning everybody is connected to the same router or two routers are connected via cable or WDS) or are we talking about traffic that goes through the internet?
  24. mvsgeek

    mvsgeek LI Guru Member

    I just got these results from several speed tests (PC connected directly to cable modem, no router involved) :

    1. (Charter is my ISP, my contract is for 30 MBps x 4 MBps)

    44.59 x 4.12
    46.14 x 4.13
    45.12 x 4.12

    2. :

    24.21 x 4.07
    19.07 x 4.07
    23.35 x 4.06

    3. :

    33.99 x 4.44
    34.48 x 4.29
    34.85 x 4.35

    Who should I believe? I've configured QoS based on the lowest values from (1) and (3) - 85% of 33.99 and 4.12. I threw away the charter d/l results because they were too good to be true, and the speakeasy results because I didn't like them:) I ran each test with different servers, all within 200 miles.

    Based on the above results, how would you recommend that I specify QoS bandwidth limits?
  25. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    If their accounting is honest, go with your ISP's numbers. If you're concerned, retry on different servers, maybe even your ISP's server.
  26. Edrikk

    Edrikk Network Guru Member

    Just as a follow-up (and even though I had read the first post in this thread), the problem seems to have been with the default QoS rule for P2P, which puts all UDP packets across the board into 'crawl'. Guess where I found FaceTime was falling? Given my very limited upstream (600-800kb), setting that stream to crawl killed FaceTime.

    I really think the various tomato devs should consider getting rid of that rule if it's actually causing problems (and thought/known to be not of much help).

    I will post back if there are more findings, but I thought to post this in case others had the same issue.
  27. Porter

    Porter LI Guru Member

    I already thought that it had something to do with the Crawl class. Thanks for confirming that and I'm happy you found the problem!

    The following proposal is flawed. Please only use its ideas if you have control over your network (you can directly influence its users). The defaults in Tomato reflect a worst case scenario where we try to provide a best effort QoS to an anonymous group of users.

    In this sceanrio the crawl class is where all the unknown UDP traffic goes because this traffic is rather unmanageable. The P2P/Bulk class is the default class.

    In my case I have added port filters for my p2p-programs and I don't need to worry about a lot of unknown people.

    Well then, let's propose a change:
    The catchall UDP-filter on the Classification-page should be deleted or at least set to disabled per default. I vote for deleting it.

    The default class should be Crawl, but it should become the _second_ least prioritzed class. Making the P2P class the last class. Traffic that we don't know should have a higher priority than traffic we know, but don't care about. The Crawl class should by no means be given a bandwidth that will starve its traffic.

    Those are my settings:
    My classes.jpg
    Last edited: Oct 6, 2013
  28. Edrikk

    Edrikk Network Guru Member

    I agree 100%.
    @Victek any thoughts on this? Maybe your branch can incorporate this?
  29. Toastman

    Toastman Super Moderator Staff Member Member

    mvsgeek ... try to understand "why" we do a speed test.

    We want to know how fast OUR router is capable of dumping traffic into the ISP's router. And how fast they can send traffic back to us.

    For the purpose of QOS testing, we are not interested in whether a distant speedtest server in another country or state is slow. Obviously, if it is on another planet in a distant star cluster, to use a silly example, it will be slow to arrive at the ISP's router, but once there, it is sent to your router at the maximum speed that the ISP can support - and that is the figure we need to use. Less 15% or whatever, of course. I would use Charter's speedtest, if that is the fastest server available, and then test at different time of the day - and then use the lowest speeds you got from Charter.

    Re. the crawl class, please remember the reason I made such a class and why I placed it there at the bottom. Simply because P2P UDP was screwing all of my condos. The default class was made to go to P2P/Bulk which is the normal and only foolproof way to trap P2P and ANY OTHER UNKNOWN TRAFFIC.

    If there is another application that you need to cover, the idea is to make a new rule or add it to an existing one. Then it is no longer "Unknown Traffic" or "Bulk" - no need to change any rules.

    The Crawl Class was deliberately put underneath the P2P class and deliberately given almost zero bandwidth and lower priority because I needed to stop it (and anything else we don't recognize) in its tracks. Another name for it would be "Dump-it"

    It's a difference of opinion...

    Feel free to change any of the rule examples - none of them are cast in iron.

    And also, please do the speedtests ON THE ROUTER, with no other traffic and with QOS turned off. We aren't interested in how fast Windows 7 machine can exchange data, we are interested in the router. Of course, they shouldn't be *wildly* different...
  30. Edrikk

    Edrikk Network Guru Member

    So Toastman, are you saying that your people aren't "allowed" to use (as an example) FaceTime? How would you distinguish that (and other such UDP dependent functionality) with the crawl class as currently defined?
  31. mvsgeek

    mvsgeek LI Guru Member

    Thanks Toastman and Marcel Tunks,

    Your explanations of why I should use my ISP's servers make perfect sense. I'm going to adjust my QoS settings accordingly.

    Should measurements be taken with or without the router in play? As reported above, I took mine with a PC connected directly to the cable modem. Should I measure again with a wired connection to the router, QoS turned off, and all wifi connections disabled?

    FWIW my default class is "crawl", but I have a lower class called "freeloader" for the occasional MAC address that sneaks in courtesy of an indiscreet revelation of the wifi key. Sometimes I wonder if it's worth the effort;)
  32. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    The way you did it is fine.
  33. Toastman

    Toastman Super Moderator Staff Member Member

    Remember, the rules were examples - they are used in big apartment blocks where we have no contact with residents and have to prevent them from hogging bandwidth by using the QOS system. Allowing 200+ users to use outgoing video on an ADSL limited bandwidth link is just not possible, and we do not encourage it. Likewise, we don't encourage gamers - if we did there woiuld be nothing but s string of complaints from everyone concerned and an ongoing nightmare trying to forward ports for people.

    If facetime isn't covered by an existing rule, so it drops into the the UDP catch-all rule, then you must create a new rule that does cover it! Likewise, there are many thousands of apps that we don't specifically cover, if they are used in your locality, then it's up to you to create a rule for them.

    What concerns me is just that if people change the default rule examples to dump unknown and unwanted traffic into the CRAWL class, then you should maybe change the name to BULK and the P2P/BULK one to just P2P. But do think about what traffic will actually end up there if not specifically address by a rule. Don't break the whole point of the default class, which is there to trap anything we don't recognize and address - including P2P. The additional CRAWL class was a special need purely to get rid of UDP torrents, which we found (and still do find) necessary. That may change in the future, and it's up to you to determine whether to ditch it.

    Otherwise, posting any references will confuse people.

    Think carefully about the names you give your classes, especially if you are going to make forum posts, that they reasonanly accurately reflect what traffic is supposed to be flowing in them.

    Also, please do the speedtests ON THE ROUTER, with no other traffic and with QOS turned off. We aren't interested in how fast Windows 7 machine can exchange data, we are interested in the router. Of course, they shouldn't be *wildly* different - but remember your pc is vastly more powerful and faster than the few dollars cpu in a SOHO router.
  34. Porter

    Porter LI Guru Member

    Well then, time for a retraction of my proposal. I actually forgot some of the motivation behind the Crawl class... Sorry about that.
    I will edit this post to not lead other people astray.

    Please use a simple port filter for facetime. On my classification page the ports 16384 - 16387 (UDP) and 16393 - 16402 (UDP) are missing. There is a filter for at least some of the other needed ports, though, but it might have an error. We need 3478 - 3497 (UDP) but only 3478 and 3497 are there. Add those two ranges and edit the existing port filter to reflect a port range and not just two ports. Those port ranges could be a candidate to be made available in the default config.
    Concerning the Crawl class: You've seen my example. Use it, if you have control over the people on your network and can configure the p2p software to use specific ports that you then can add to the classification page. Disable the UDP catch-all filter if you think this makes sense in your setup.
  35. Toastman

    Toastman Super Moderator Staff Member Member

    To recap, it seems that to cover any connection that Facetime may try to set up, we need to cover:

    TCP - ports 53, 80, 443, 5223 - used for call setup

    UDP ports 3478-3497, 16384-16387, 16393-16402 - can be used for signalling and media streams

    TCP port 5223 is used for push notifications, and this doesn't seem to merit any sort of special rule. We could add one though, if needed. Port 5228 also would be needed (used by google's services, facebook, etc) and possibly others, I haven't researched it. But do these push notifications work on wifi or do they need to be port-forwarded to the phone? As it would seem that phones don't open these push ports by UPnP. There is some sort of keep-alive mechanism, which probably needs looking at. We need to think about better support of phones these days I suppose... which means Android & Apple primarily.

    The other TCP ports are already covered by the normal rules.

    So a new rule

    Porter likes this.
  36. Toastman

    Toastman Super Moderator Staff Member Member

    This is the ruleset I am currently using, if it helps anyone :)

    [To update, copy it to your TOOLS/SYSTEM box and press EXECUTE]

    nvram set qos_orules="0<<-1<d<53<0<<0:10<<0<DNS>0<<-1<d<37<0<<0:10<<0<Time>0<<17<d<123<0<<0:10<<0<NTP>0<<-1<d<3455<0<<0:10<<0<RSVP>2<<-1<a<<0<<<<0<TESTER>0<<-1<d<9<0<<0:50<<4<SCTP, Discard>0<<-1<x<135,2101,2103,2105<0<<<<4<RPC (Microsoft)>0<<17<d<3544<0<<<<-1<Teredo Tunnel>0<<6<x<22,2222<0<<<<3<SSH>0<<6<d<23,992<0<<<<3<Telnet>0<<6<s<80,5938,8080,2222<0<<<<3<Remote Access>0<<-1<x<8050,34567<0<<<<1<DVR>0<<-1<x<3389<0<<<<3<Remote Assistance>0<<-1<x<6970:7170,8554<0<<<<2<Quicktime/RealAudio>0<<-1<d<1220,7070<0<<<<2<Quicktime/RealAudio>0<<-1<x<554,5004,5005<0<<<<2<RTP, RTSP>0<<-1<x<1755<0<<<<2<MMS (Microsoft)>0<<-1<d<3478,3479,5060:5063<0<<<<1<SIP, Sipgate Stun Services>0<<-1<s<53,88,3074<0<<<<1<Xbox Live>0<<6<d<1718:1720<0<<<<1<H323>0<<-1<d<11031,11235:11335,11999,2300:2400,6073,28800:29100,47624<0<<<<1<Various Games>0<<-1<d<1493,1502,1503,1542,1863,1963,3389,5061,5190:5193,7001<0<<<<6<MSGR1 - Windows Live>0<<-1<d<1071:1074,1455,1638,1644,5000:5010,5050,5100,5101,5150,8000:8002<0<<<<6<MSGR2 - Yahoo>0<<-1<d<194,1720,1730:1732,5220:5223,5298,6660:6669,22555<0<<<<6<MSGR3 - Additional>0<<-1<d<19294:19310<0<<<<6<Google+ & Voice>0<<6<d<6005,6006<0<<<<6<Camfrog>0<<-1<x<6571,6891:6901<0<<<<6<WLM File/Webcam>0<<-1<x<29613<0<<<<6<Skype incoming>0<<17<x<3478:3497,16384:16387,16393:16402<0<<<<6<Apple Facetime/Game Center>0<<-1<a<<0<skypetoskype<<<1<Skype to Skype>0<<-1<a<<0<skypeout<<<-1<Skype Phone (deprecated)>0<<-1<a<<0<youtube-2012<<<2<YouTube 2012 (Youtube)>0<<6<d<119,563<0<<<<7<NNTP News & Downloads>0<<-1<a<<0<httpvideo<<<2<HTTP Video (Youtube)>0<<-1<a<<0<flash<<<2<Flash Video (Youtube)>0<<-1<a<<0<rtp<<<2<RTP>0<<-1<a<<0<rtmp<<<2<RTMP>0<<-2<a<<0<rtmpt<<<2<RTMPT (RTMP over HTTP)>0<<-1<a<<0<shoutcast<<<2<Shoutcast>0<<-1<a<<0<irc<<<6<IRC>0<<6<d<80,443,8080<0<<0:512<<4<HTTP, HTTPS, HTTP Proxy>0<<6<d<80,443,8080<0<<512:<<7<HTTP, SSL File Transfers>0<<6<d<20,21,989,990<0<<<<7<FTP>0<<6<d<25,587,465,2525<0<<<<5<SMTP, Submission Mail>0<<6<d<110,995<0<<<<5<POP3 Mail>0<<6<d<143,220,585,993<0<<<<5<IMAP Mail>0<<17<d<1:65535<0<<<<9<P2P (uTP, UDP)"
    nvram commit
    AllenJ, phlibby and bmupton like this.
  37. Gunbuster

    Gunbuster Reformed Router Member

    It's been some years that I try to implement qos in my network once a while but each time I eventually get discouraged and get rid of it.

    My connection speed:
    Votre FAI : Numericable (Numericable)
    Débit descendant : 26652 kbps (3331.5 Ko/s) - Débit montant : 982 kbps (122.8 Ko/s) - Ping : 15 ms

    Here is how i configured things :




    So I try to stress test my connection, by opening 3 video on youtube in 1080p and downloading 1 file. This is enough to completely kill my connection, see below.


    With this I can't play my games (here listed as "ggpo, supercade") and browsing is really, really painful.
    I tried so many different things, like lowering much the "Max Bandwidth Limit" but it didn't improved anything, if it didn't make things worse.

    Could you please tell me what I did wrong ? I need QOS so I don't get bothered when my brother is downloading file while I'm playing games.

    I have a WRT54GL clocked at 250mhz, it goes through a CVG834G configured in bridge mode.

    Last edited: Oct 8, 2013
  38. Porter

    Porter LI Guru Member

    Which firmware are you using? It seems like a recent one, but the settings really differ from the defaults.

    Enable prioritze small packets: SYN, RST, FIN.

    Change the qdisc scheduler to sfq.

    Your VoIP/Gaming class should be allowed to use 100%, at least outbound.

    With a router like yours and a fast connection I would recommend disabling all the L7 filters.

    Does your gaming traffic end up in the gaming class?

    How high is the router's load when the connection gets fully utilized?
    Gunbuster likes this.
  39. Gunbuster

    Gunbuster Reformed Router Member

    Yes it differs from the stock settings because I did experimented a lot. I use this build : tomato-ND-1.28.7634Toastman-IPT-ND-Std

    So I did removed the L7 filters and that's a lot better ! With average ping at 40ms, but only if I let qdisc scheduler to pfifo, with sfq I get ping response that goes beyond 1000ms again.

    Yes my gaming traffic end up in the gaming class, it's just not showing here, have to find the right ports when my brother plays world of warcraft though.

    With the L7 layers the CPU usage is between 40-80%, by removing them it stay in the 10-30% range. It seems my router can't handle them.

    So things are a lot better now, thank you for your help ! But now nearly all my traffic end up in the p2p/bulk category, is this a good thing ? Why by changing the scheduler it make such a massive difference ? Well at least nothing is going to disturb my gaming sessions now !
    Last edited: Oct 8, 2013
  40. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    I would think that the streaming video falling back to the default class is probably related to disabling the L7 filters rather than changing the scheduler.
    Gunbuster likes this.
  41. Porter

    Porter LI Guru Member

    I think it would be best, if you started with a clean config. This might already solve the problem that a lot of your traffic ends up in P2P/Bulk. Follow theses instructions:

    After you've done that, delete the L7 filters. I don't think your problem has something to do with the scheduler. Please switch back to sfq anyways.

    This might solve the ping problem: Add a new filter where the protocol ist set to ICMP. If I remember correctly, you don't have to modify anything else. Make it the first filter in your list.

    Add your game filters.
    Gunbuster likes this.
  42. Gunbuster

    Gunbuster Reformed Router Member

    Ok I did all the above things and this is how it looks now.





    I also tried to erase the nvram several times before that, resetting everything to default but it never helped, I never understood why qos never worked in my setup that's why I tried and gave up so many times :(
    Last edited: Oct 8, 2013
  43. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    pfifo uses less CPU than sfq. You're pushing your little router to the limit. You can go back to pfifo, and can consider reducing its queue length, probably not as low as 10, maybe 128 or so. Experiment and have fun! Remember to disable any unused features to minimize CPU load, such as ip traffic monitoring, forward individual ports rather than use UPNP, etc...
    Gunbuster likes this.
  44. Toastman

    Toastman Super Moderator Staff Member Member

    Please don't give up. I want to encourage you, take a look at this - I have around 80 users online right now and a good many are streaming from YouTube. HTTP is unaffected, and pings to my ISP gateway still quite low. Remember, you may have some control over your clients, we don't have that luxury. Residents can (and do) run all manner of weird programs and protocols. These rules were designed to control anything that residents throw at the router so that other residents don't notice any reduction in service. And generally speaking, most users are completely unaware that they are actually sharing with a few hundred other residents.

    Although this is an ASUS RT-N16, I do have a few WRT54GL's that also operate on 16mbps lines, and they are still quite acceptably fast. The answer to this is simply, trade speed for better performance, reduce the maximum limits if you have to.


    Nominal speed is 1000/16000 kbps
    Values entered for max = 660/11000 (approx 66%)



    Can you try altering your max bandwidth values? Set them to 66% of the measured up/down bandwidth to your ISP's router. 17600 / 650 approx. That is a common way to really improve pings on VOIP.
    AllenJ and Gunbuster like this.
  45. Porter

    Porter LI Guru Member

    It is quite odd that your webtraffic doesn't end up in WWW or FileXfer... Please disable the L7 filters again, use youtube and start an additional download from a webserver you can identify per IP. Click on the classes on the pie chart page to see which connections exist in the corresponding class. See if your http downlod via port 80 actually ends up in P2P.
    Gunbuster likes this.
  46. heebo1974

    heebo1974 Serious Server Member

    @Toastman Do you know why QOS makes things even worse with LTE network ? If I restrict outgoing traffic I got very very high pings (like 400ms or even more) when doing upload tests. This does not happend with ADSL. If I don't use qos, the pings are of course high, but something like 160ms or 200ms.

    I have adsl which connects 13/1 and 4G (LTE) where I got speed results about 27/2.5Mbit and ping like 20ms (with little jitter 2..7). Still when using same max bandwith limits as that adsl the connections seems to crawl as hell during tests.

    Is it just so, that 4G is just so different technique that this qos does not help ? Or do I just have to use some other options ?

    EDIT: My testing seems to be quite unreliable. I have to use some other method to make proper tests.
    Last edited: Oct 8, 2013
  47. Gunbuster

    Gunbuster Reformed Router Member

    The dst port where I was downloading the file was in the 51xxx range, not 80 maybe that's why ? Because when it's 80 it's properly showing in FileXfer category.

    I did try this command : tc qdisc replace dev eth0 root pfifo limit 15
    I also disabled upn/bandwidth monitoring/log/dhcp server/wifi, but I couldn't see any improvement :(

    I can also try much lower values, but again I can see no improvement, ping response is still way too high :(

    Thank you guys for your help, I appreciate it, please let me know if you have any recommendation but it seems like I'm out of luck.
    Last edited: Oct 9, 2013
  48. Toastman

    Toastman Super Moderator Staff Member Member

    I haven't used 3G/4G on a router, that would be an act of real desperation, because these services are extremely expensive and usually extremely crap too. Those technologies are so variable and unpredictable, anything could happen, the available download speeds vary from minute to minute, I seriously doubt QOS will or even can EVER work properly with it. But ... as I say, I have not used it on a router. I use 3G on several mobiles, and my experience with all service providers here is the same. It's a small improvement on an old dial up phone service. If you are lucky! :)

    3G on routers tends to be used as a backup link on routers used with essential business services such as ATM machines. Even watching a video on 3G will cost you an arm and a leg here.
  49. Porter

    Porter LI Guru Member

    I don't think you are out of luck. If it's still not working, post new screenshots of your current config.
  50. Daneve Mateo

    Daneve Mateo Reformed Router Member


    As I can see from your first post, there is only one connection from your game, and in your second your game is no longer any connection in the VOIP/Game class.

    Try not to use ports to classify your Game, use instead the destination IP.

    Since it is a Home connection, it should be easy to isolate the IP's use in your game.

    This is how you do it:

    1. Don't let anyone use the Internet, fire up your game.
    2. In another computer open the Tomato GUI, since only your game is using the net, copy all the destination IP's in the View Details.
    3. Create rules using the destination IP's listed in the the View Details. Your port should already be any TCP/UDP port.

    - - - - - - - - - - - - - - - -

    On Skype/Facebook chat Classifications.

    Has anyone already succeeded in classifying this?
    Last edited: Nov 4, 2013
  51. Gunbuster

    Gunbuster Reformed Router Member

    Hello guys, thank you so much for your advices I appreciate it very much. I ended upgrading both my router to a Netgear WNR3500lv2 and my ISP gave me a newer modem and as I thought it was the Netgear CVG834G modem that bottlenecked my connection in heavy usage, it's an old modem/router with a very weak CPU but still that is weird because it was configured in bridge mode thus giving the public IP to the router so it's weakness should have been out of the equation...

    Anyway the new modem is a Ubee f08c001 and now I have flawless gameplay even while downloading ton of files and watching multiple 1080p videos on youtube ! Ping remain under 50ms at worst no mater what I throw at it, now I can finally enjoy the power of the qos. Cheers.
    Last edited: Nov 6, 2013
  52. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Man, do I have a lot to learn.....

    I have several "unclassified" in my log. Have no idea what to do with those.
  53. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    An example of unclassified traffic would be accessing the router itself, such as the GUI. QoS is for data going across the WAN interface.
  54. salar

    salar Serious Server Member

    I am looking for a simple tip to give top priority to VoIP. My situation is as below:
    We are three people sharing a 512kbps ADSL connection using a wireless router running tomatousb. Some body please suggest, what we can do to give top priority to for using VoIP application like Viber or Skype. The rest could wait till using Viber or Skype is over.

    Sent from my TouchPad using Tapatalk
  55. Porter

    Porter LI Guru Member

    A 512kbps connection doesn't tell me alot. What is your upstream and downstream exactly?

    Use a recent Toastman build.
    Since you are only three people, you should configure Skype on all of your devices to use a specific port. I usually use something in the 55000 range. If you have mobile devices like smartphones and tablets, please don't bother looking for ports to change. Skype (or Microsoft) obviously doesn't want you to change the settings. Skype defaults to port 80. Yes, you've heard right. This is absolutely ridiculous and I really don't know why they did it. Basically, you will have to use a PC, if you really want to give Skype traffic priority over your other traffic.

    Make a filter with all those ports on your PCs (comma separated). Say TCP/UDP, source or destination port. Class is kind of self explanatory. Put this filter somewhere up at the top.
    salar likes this.
  56. madmalkav

    madmalkav Networkin' Nut Member

    Dunno if this is the correct topic to ask this, if not, please tell me and I will delete the message.

    As L7 Filter haven't seem an update in years, will QoS benefit from moving to something like libprotoident or nDPI ?
  57. Porter

    Porter LI Guru Member

    If one of those actually have skype-filters that work, this would be a big plus. But those solutions would have to be very performance oriented, too, because our routers are struggling even without QoS, if you have big line capacity (we are talking about 100MBit). And somebody would have to integrate it into Tomato.

    At the moment I don't have the time to look at those new solutions. What would be intresting though if some of their search patterns could be ported to our L7 system.

    Actually, you can write new L7 patterns yourself. I've done so with the youtube-2012-pattern. So there have been updates, at least to Tomato's L7-filters.
  58. madmalkav

    madmalkav Networkin' Nut Member

    The idea of backporting the rules sounds interesting, and *perhaps* something in my range of skills if I get some free time on my hands. Will look into it.

    EDIT: here you have the Skype filter description of libprotoident . Sourcecode at a few clicks, too:
    Last edited: Nov 26, 2013
  59. cloneman

    cloneman Addicted to LI Member

    If skype uses UDP exclusively, a quick and dirty solution is to create a UDP rule that puts any UDP traffic on top.

    Just make sure you don't break it by turning on uTP / UDP Torrents, or UDP-VPN.(you could create seperate rules to send these items to a lower class)

    Anyway, you default class would have a minium of 5% to 20% (depending how much bandwidth you'd like left over for non-skype), and a maximum of 90%-100%. Then you'd have another class containing all UDP traffic that has a minimum of 50% and a maximum of 95% or 100%. (n.b. the minimum is actually irrlevant if this is the #1 class)
    salar likes this.
  60. Jaison

    Jaison Networkin' Nut Member

    I read the OP and understand the importance of QoS. I understand it all for the most part, but when i go to do it myself I am so lost and its frustrating.

    I've been using tomato for ages now and recently upgraded to the Tomato Firmware v1.25.8515 .2RAF ND for the WRT54G router.

    I have a 30/5 plan through Time Warner Cable.

    I ditched my cell phone. I recently got some Voip service through Basic Talk and now kind of interested in looking at QoS.

    We have a handful of devices. Stream music through Pandora. Watch Netflix. Have a Wii and getting an Xbox 360. Do some World of Warcraft, Guild Wars and Star Wars: The Old Republic gaming. Do the occasional torrent download to update my OS.

    Could i get someone to help get the ball rolling, please.
  61. cloneman

    cloneman Addicted to LI Member

  62. Porter

    Porter LI Guru Member

    I could be wrong but the firmware you describe might be really outdated. Google finds forum posts that reach back to the year 2009. For that reason, please update to a recent Toastman formware first. Somewhere around this version: v1.28.7634 Toastman-IPT-ND ND Std. Your router may not have enough power for your connection. If you had a wrt54gl I'd just tell you to overclock it to 250MHz, but for the G-version I have no idea. When you enable QoS, have a look at the status page and see how well the CPU can handle a fullspeed download.

    After that just work with the QoS defaults. Enable it, put in your maximum _measured_ bandwidth (yes, use a speedtest and rerun on different times over the day), deduct maybe 30% of the measured bandwidth. Those are your maximum values to start with. You can increase them again, if everything is working fine.

    Your VoIP-phone probably uses standard ports. Those should already be configured on the QoS/Classification-page. You'll find some examples as to how to treat your games there, too. Please make your torrent client use a specific port and add that port to the classification page. There are a lot of sreenshots in this thread where examples have been discussed. Just browse through the last pages. If you use google, make sure people are using a recent Tomato version, because a lot of stuff has changed.
  63. Jaison

    Jaison Networkin' Nut Member

    I know its ancient. I just don't have the free cash to throw down for a new router. I did throttle my connection to 20/4 and speedtest matches.
    Cool thanks. I got the newer firmware.
    Any cheaper options?
    Last edited: Nov 28, 2013
  64. brollysan

    brollysan Reformed Router Member

    Hmm I am a bit confused as to what the optimal setting for my network would be. There is at most 4-5 devices on, use ranging from youtube/streaming/gaming to uTorrent being nearly constantly on (on my own PC). I was hoping to set the rules such that gaming/streaming/browsing take precedent and it seems to be working but not where latency is considered.

    With uTorrent on if I at the same time play a game (like dota2), I at time get surges in latency, going from 50 to spikes of ~1000 then dropping back to normal again (if I am lucky). This actually is worse than with my stock ISP router (which doesn't expose its QoS to the user for changing).

    I have the ISP router in bridge with N16 acting as a router with tomato toastman, here are my settings. My ISP doesn't throttle and I have 8/0.5 mbits 247. What am I doing wrong?

  65. Daneve Mateo

    Daneve Mateo Reformed Router Member

  66. Porter

    Porter LI Guru Member

    Those high peaks usually occur when you didn't enter the correct bandwidth values. How high was the bandwidth you measured?

    Did you make new filters on the classification page for Steam/Dota2?

    Please post some screenshots of your classifications page.

    Why aren't you giving your inbound WWW class more than 5% as the left value? I would recommend 20%.
  67. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Are the clients wired or wireless? If wired, Porter is probably right. If wireless then it will be harder to eliminate the problem.
  68. brollysan

    brollysan Reformed Router Member

    Yes I did read the first page but I am still confused as to what the left value is supposed to mean. The way I understood it: 5-100% means that AT LEAST 5% is reserved for this class if no higher priority class is in use.

    The bandwidth I measured was a bit over 8 mbits down and 0.62 mbits up. I did not make a new filter on the classifications page, I simply added dota2 port (27005 I think) to the list under various game.

    Here is screenshots of classificaitons.

  69. Porter

    Porter LI Guru Member

    You understood that almostcorrectly, the left value is the guaranteed bandwidth. This class will _always_ get this much bandwidth if it requests it.

    Are you on anything ADSL? Then just a bit over 8000 will definitely be too small of a safety margin. Better start with 7000 and work your way up.

    Adding that port number under one filter is the right thing to do. But I don't see this port number in your screenshot and Steam/Dota2 uses a lot more ports than just this. I googled it and added the appopriate ports myself today, since I'm sometimes playing it myself. Do the same with the rest of the ports. One thing I did was to divide the ports by protocol, because there are so many and I really don't want to give the TCP ports such a high priority by accident. But that's just me being thourough. ;)
  70. brollysan

    brollysan Reformed Router Member

    Oh yeah doh it wasn't on that list. Also 27005 for dota is the client port so I set the various games rule to srs or dst and voila now I have 50 ms constant again with no spikes. I am considering writing my own rules from scratch since I know pretty well the network habits of my household and that would likely perform better.

    The problem now is getting uTorrent to behave properly, yes I am on an ADSL bridged into the N16. uTorrent rarely/ever utilizes the full line anymore and this is with private tracker torrents (avistaz) which I know should be blazing fast. The connection icon on it has been a yellow exclamation point since I installed tomato. I did (I think) properly set up a static ip for the mac of my PC on the dhcp page and forwarded the incoming port to my ip but still yellow and slow, cannot possibly be QoS causing this?
  71. Porter

    Porter LI Guru Member

    I strongly advise against building everything from scratch. There are a few hurdles to take when doing this. I'd rather recommend you disable the rules you don't need. Port filters usually don't need that much computing power. I't the L7-filters that have an impact. Although we've been careful with them and try to only use tha fast ones.

    You might want to use the ADSL overhead feature.

    QoS will only interfere with your reachability if it's configured to drop all the packets. Your problem seems more along the lines of NAT/Firewall/DHCP. And UPnP or the like. Try to look into that. utorrent usually requests a port forward all by itself without you having to set something up. Except for enabling UPnP.
  72. brollysan

    brollysan Reformed Router Member

    Yes the port seems to be forwarded correctly as the builtin speedTest greens out on the port test (I had to upgrade to 3.2 from 1.8 on uTorrent, this new version is ugly but hoping this one might provide more info to work with) and it seems that tomato is blocking it 100%. The speedtest errors out with

    "A local networking problem closed the connection". I have no idea where to start troubleshooting this. My modem (ISP one) is in bridge and connected to the tomato N16 in DHCP mode on wan. Everything else works just fine except uTorrent (and now lol/dota working too with rules set to both tcp/udp and both in/out on ports).

    This is frusturating me :(
  73. irouy

    irouy Serious Server Member

    Any chance on getting official QoS support on OpenVPN links?
  74. Porter

    Porter LI Guru Member

    I just downloaded something with utorrent and it reports a network error in the lower right corner but the port gets properly forwarded as can be seen in the Tomato GUI and utorrent's network test greens out, too. This behaviour is new on my machine. Might be an error in utorrent.

    As for the rest I can't seem to help you a lot. I hope you figured it out somehow...
  75. JustinChase

    JustinChase Networkin' Nut Member

    I'm working on fine tuning these wonderful scripts to my specific use, and am running into a bit of trouble.

    When I select a video to download, using DownloadThemAll, that download traffic gets recognized as HTTP (YouTube) traffic by rule 30.

    I'd rather it get recognized as FileXfer traffic, so that real YouTube video (Media class) would take precedence over these downloads. As it is, the system becomes very slow because the downloads are taking much of the bandwidth.

  76. Porter

    Porter LI Guru Member

    There is no way for the system to know when you just want to download a video and when you actually are watching a video. It's the same HTTP-request.
  77. JustinChase

    JustinChase Networkin' Nut Member

    I was afraid of that. is there any way to either force DownloadThemAll to 'mark' the download with something specific, or use the fact that it's that program initiating the download to force the download into another class? Either force it to use a specific port, or IP address, or something unique/different?
  78. Porter

    Porter LI Guru Member

    Use another pc to download and put its IP in a lower class. Or tell DownThemAll to limit the bandwidth.
  79. Daneve Mateo

    Daneve Mateo Reformed Router Member

    If you are in control, limit the bandwidth of the downloader as Porter said, but if not, put the computer IP as a source then classify it as File Transfer, place it above Media/YouTube 2012 (Youtube)
  80. BrummyGit

    BrummyGit Network Guru Member


    I've just moved to Toastman builds of Tomato for my Asus RT-N66U as QoS is my priority to ensure that our 8Mb ADSL service is usable for both VoIP, home working and my family gaming etc.

    Currently I have installed version v1.28.0503 MIPSR2Toastman-RT-N K26 USB VPN

    I started with the default QoS settings ant got started with reasonable results but I'm busy researching to get all of my applications playing together nicely. I'm now totally overwhelmed by the amount of good info available and need to ask a couple of very basics.

    I started with the FW default settings for QoS but there are various other example setups in the QoS tutorial and in this thread. All are different and I'm not sure what my starting point should be as the ages vary wildly and I assume better rules have developed. Which basic QoS settings should I apply?

    Secondly is there a repository of rules anywhere that will help me start to apply QoS to applications I use such as Teamviewer, Microsoft Lync or similar?

    Thanks in advance
  81. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    There's no repository of rules because every network is different, and traffic in a single network will also change over time. The easiest solution is to do what you have done. Now it's a matter of deciding if you are happy with the bandwidth allocation and latency for each type of traffic. It's a matter of listening to your users and looking at the graphs and numbers when the system is under load. Is there a specific type of traffic that is not performing the way you would like?
  82. BrummyGit

    BrummyGit Network Guru Member

    Thanks, I'm already adjusting allocations to tune my QoS but there is the possibility for a repository of classification definitions which is what I'm after. I managed to define my employers Lync classes by inspecting the laptop firewall rules, but I need to do similar for Teamviewer next - this is the opportunity to have a library which expands on what's in the defaults.

    Any advice on which set of classifications I should start with as I'm puzzled that the FW defaults vary from the published toastman recommendations
  83. Porter

    Porter LI Guru Member

    There is no repository. Please look at it another way: what is the benefit of a repository that would have to be maintained and kept current when there is something called google (or any other search engine) which allows you to find the company website of your software and look up the used ports?

    If you know some basics about TCP/UDP then you shouldn't have a problem to add those new filters on the classifications page. If in doubt, take some screenshots of your calssifications page and post them here.
  84. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    Sorry, I misunderstood. For the traffic types you mentioned the port numbers can be found by searching this forum. For games and popular applications you will often find more info with a Google search as suggested by Porter. If you can't find port numbers then you may have to resort to Wireshark, but most users won't get to than point. Toastman's classification is quite up to date but obviously doesn't cover every application.
  85. Derbo

    Derbo Serious Server Member

    Hi guys,

    I just recently startd to play with QOS settings and I used post 1037 as base to start with. However I have a question on the L7 youtube 2012 filter. I am currently seeing that when youtube is playing, its classified as file transfer over 80,443 instead of being called media. Is there something I am missing?
  86. Porter

    Porter LI Guru Member

    Which firmware are you using? Generally speaking: with one of the recent ones (Toastman/Shibby etc.) you already have QoS classification configured correctly so you don't need post 1037 and maybe just something went wrong when you executed the commends. I'd recommend flashing a recent firmware and resetting NVRAM.

    Or post a screenshot of QoS/Classification. The L7 filter for youtube needs to be above the filters for port 80.
  87. Derbo

    Derbo Serious Server Member

    Thanks for the help, Porter. I am using Toastman's build from Jan31st 2014, for an E4200 V1. I used the QOS claffisications from 1037, literally copy n pasted.

    I will try resetting the NVRAM and doing it again. I am at work right now, but the L7 filter for youtube2012 is above as the file transfer is near the bottom.


    I am using this build

    Last edited: Feb 20, 2014
  88. aayman

    aayman Serious Server Member

    Twitch.TV seems to be classified as FileXfer using default settings, anything I can change to give that more priority? Youtube seems to be fine.
  89. Porter

    Porter LI Guru Member

    I just checked: gets caught by the L7-filters youtube-2012 and httpvideo. It supposedly also uses port 1935, which would also get caught.

    Do you have a link to a video/stream that doesn't get caught?
  90. aayman

    aayman Serious Server Member

    It seems to be working fine now, weird. The only reason I even viewed the graph is because the stream was stuttering and saw most of the usage in FileXfer.

    Thanks though, I'll post back if it happens again.

    Edit: it just happened again, it automatically switched to FileXfer after keeping it open for a while. It's this stream:

    Under this classification:
    Dst Port: 80,443,8080
    Transferred: 512KB+
    HTTP, SSL File Transfers
  91. Porter

    Porter LI Guru Member

    I really can't reproduce this behaviour. Everything works as it should.

    I tested with this video: . I let it run for about 30min, then waited for 45min and started it again. It needed about 10min to play through the cached video and then requested more data from the server. The new requested data from the server ended up in the Media class as well. So no problems there, everything works as expected.
  92. Derbo

    Derbo Serious Server Member

    Thanks Porter. I got it to work after I updated to the newest build: tomato-E4200USB-NVRAM60K-1.28.0503.7MIPSR2Toastman-RT-N-VLAN-VPN-NOCAT.bin

    I reset NVRAM and its working now. Thanks for the help!
  93. heebo1974

    heebo1974 Serious Server Member

    Littlebit offtopic, but has anyone converted these awesome toastman qos rules for openwrt ?
  94. cloneman

    cloneman Addicted to LI Member

    Hi guys, been awhile, I'm still happy with QoS :)

    How hard would it be to implement a feature where you can change the way amount of "reaction bandwith" for QoS, either as a whole or for one particular class?


    How QoS works now, during congestion / full utilization (IMHO): If lower class needs 100kbps of bandwith, Tomato will "steal" 100kbps from whichever class is lowest priority, dropping 100kbps worth of bandwith to make room.

    I would be interested in testing a feature or a setting, where, if a particular high priority class "demands" a.k.a. starts using 100kbps of bandwith, the system drops more bandwith as a reaction, for example 200kbps.

    I have no idea if this would be useful, but my gut tells me it would be, expecially for downstream. It would be cool if you can configure, for example a VoIP class to reserve 1meg for itself even though it's only using 100kbps. This is not the same thing as minimum bandwith, which does not "reserve" bandwith, it merely prevents that traffic from being dropped.
  95. kzrssk

    kzrssk LI Guru Member


    I thought about making a new thread for my question, but since it's rather related to your setups, @Toastman, I thought I'd ask here. To start with, though, thanks for the informative QoS tutorial and its 2013 update. It taught me a lot and corrected some things I would surely have assumed about Tomato's QoS implementation.

    I'm in charge of a certain small network (small for now, anyway) powered by a 40/5 (Mbps) cable connection. I installed a WRT54GSv4 that I had lying around with (what I think was) an older version of Victek's firmware, and things ran more or less smoothly (wondering if maybe it was because it ran Linux 2.4), but then in the interest of keeping up to date, I installed the latest (at the time) 2.6 Shibby v116.

    Since then, the router seems to be brought to its knees with pretty much any traffic going through it, and actually froze today and needed a reboot. In your tutorial, you suggest RT-N16s and WRT54s. Are those still your go-tos, and I'm just setting up incorrectly, or do the Tomatos of Today require a newer ASUS for a public setup? Eventually we want to open it up for everyone in the building to use, and I'll undoubtedly try to set up like you have yours, since we won't have much control over what devices and apps the public is using.

    e: There's also an E2500 that the organization is using solely for wireless now that I could flash instead if I could be sure the E2500 is perfectly safe to flash (I'm leery of flashing equipment that doesn't belong to me). Has anyone had success using the E2500 in a small public setting with QoS?

    Last edited: Apr 17, 2014
  96. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    A WRT54GSv4 will handle that connection using K2.4 Tomato, but only if you don't use QoS. K2.6 is needed if you need IPV6.

    E2500's weak point is the wireless range and occasionally flaky 5GHz radio. It would work fine as a gateway device. I flashed a V1 with Shibby's Tomato that has had uptime of over a year now. Version somewhere in the 108-110 range (can't check on that one remotely). V1 and V2 can be flashed directly from stock after a firmware reset from the GUI. V3 needs to flash Fractal's dd-wrt mod first, then upgrade to Tomato, then reset settings with a 10 second hold of the reset button.

    My personal preference is to not flash any router that I am not willing to brick. The risk is low, but not zero.
  97. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    PS. Are all the business' devices wired? If so, then you can get away without QoS by limiting the wireless to 802.11g only. This will limit wireless traffic on the 2.4GHz range to 15mbps and reserve the rest of your connection for the wired devices.
  98. yasavvy

    yasavvy Reformed Router Member

    If I can get this question answered, I'm probably going to make a YouTube tutorial about QoS configuring in Tomato. It shouldn't take this long for people to get it set up and going, yet we're expected to earn a PhD in QoS in order to just get it going.

    After a couple weeks of researching QoS, the best information I came across that explains QoS to average people was a post above by "cloneman." This diagram is rich in useful information:

    I know what my bandwidth speed is. I'm a speed freak. I have exactly 57Mbps down and 12Mbps up. I am new to QoS, but I set it up similarly to cloneman because I too use VoIP/gaming/torrent etc. But there's a problem:

    Can we establish that is using port 80 when doing a test? So why do I instantly drop to 35Mbps when I enable QoS despite port 80 and high transfers being set at 100% or no limit?

    QoS is SUCH an unintuitive piece of junk that when I disable it entirely for my internal IP for this PC:, I get 35Mbps on I also get 35Mbps if I set my IP to rule 1 which had no limit and then I changed it to 5%-100% and it's the same result despite being the first entry which supposedly has priority. I get 35Mbps even if I change my incoming bandwidth from 60000 to 50000 or even 90000. Unchecking the QoS box and disabling QoS entirely, of course, brings my inbound bandwidth back to where it's supposed to be.

    I can make a video to show evidence of this but I've become so frustrated with QoS that you wouldn't want to hear the veins congealing in the video. As soon as I figure it out, though, I'm going to make the most understandable QoS video ever produced in the history of our species. Nobody should have to go through what I've gone through to get QoS up and running.

    These are my settings. I'm using the default Shibby QoS settings with a few additions and changes. It's definitely not final, and I'll likely start from scratch as soon as I find a solution. I NEED to use at least 55Mbps download speed when I want to download fast. The upload setting I have is fine. I upload JUST enough to almost max me out but maintain a good ping and that's what a lot of people want to be able to do. I'd like the same to be true for downloads.


    Thank you for all your posts and work and I apologize for my frustration. I just feel that QoS should be intuitive and configurable for the average person without having to take hours to learn it.
    Last edited: May 19, 2014
  99. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    What model of router? Most likely you are CPU limited.

    As for difficulty learning QoS: Toastman's tutorial thread is excellent, and his default settings (also the default in Shibby's releases) are an excellent start. You can then test and tweak.
  100. yasavvy

    yasavvy Reformed Router Member

    Linksys E2000 router with 2014-04-14 version of Shibby's firmware: tomato-E2000-NVRAM60K-1.28.RT-MIPSR2-117-Max.bin

    I could be wrong, but I don't see how I could be CPU limited when the upload limit works fine. I just began a youtube video upload and was using around 1300 kB/sec. This is what ping -t looked like right as I began the upload:

    Reply from bytes=32 time=18ms TTL=55
    Reply from bytes=32 time=18ms TTL=55
    Reply from bytes=32 time=18ms TTL=55
    Reply from bytes=32 time=48ms TTL=55
    Reply from bytes=32 time=29ms TTL=55
    Reply from bytes=32 time=33ms TTL=55
    Reply from bytes=32 time=42ms TTL=55
    Reply from bytes=32 time=49ms TTL=55
    Reply from bytes=32 time=26ms TTL=55

    Ping increased ever so slightly, but that's perfect. That's exactly what I want. At the cusp of my bandwidth limit but QoS set to use JUST about all of it but not affect gaming, VoIP, or ping. What I want can't be handled with just bandwidth limiting. If I can just get over this hump--why I go from 57Mbps download to 35Mbps download on despite having seemingly correct settings. Will a video of all my router settings help? Or just a screenshot of all Classification settings?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice