Using QOS - Tutorial and discussion

Discussion in 'Tomato Firmware' started by Toastman, Dec 24, 2008.

  1. frojnd

    frojnd Networkin' Nut Member

    Hi guys. I've tweaked around but still didn't find the optimised option for me. I have Linksys WRT54GL v1.1 I think. And Toastman's release tomato-ND-1.28.7628.1-Toastman-VPN

    I have problem I think with download. When user is doing torrents, I can't watch youtube videos normal (even on 320p) if I choose to watch 720p videos heh, than I get to see loading icon a lot :) Also loading some pages is taking sooooooooooooo long... So I think I have badly configured QoS

    My Download speed: 28Mbit
    My Upload speed: 2.5Mbit


    QoS Basic:

    QoS classifications are left default. And here is the image of a user downloading like a madman:

    What am I doing wrong?
  2. Porter

    Porter LI Guru Member

    1. Please upgrade to the latest Toastman build.

    2. Delete NVRAM thoroughly.

    3. Don't give WWW any rate at all. Give it 100% if you have to, but I'd advice you to go a bit lower.

    4. After that check whether you have been successful with the QoS Graphs.
  3. Planiwa

    Planiwa Network Guru Member

    You could change the outbound paramenters for P2P from 5%-90% to 1%-5%.
    After that you might increase the limit from 5% towards 10%, if there is spare capacity.

    If that's not enough, you could reduce Syn Sent timeout.
    Might also consider reclassifying DNS as Download class.

    If all that is not enough, it's time to zap UDP connections.
    And perhaps reduce Unreplied UDP timeout to 5s.
  4. frojnd

    frojnd Networkin' Nut Member

    Ok. I've upgraded to: tomato-ND-1.28.7632.3-Toastman-IPT-ND-VPN Even though my download link is 28Mbit, I've redcued it to 22630kbits and even though my upload link is 2.5Mbit I've reduced it to 1900kbits. Just for the sake of QoS. I've test a little bit with torrenting (I was the tester) And I watched 1080p youtube videos. And by loading youtube videos I opened random pages that are known to be very big. A few notes. Youtube still loads from time to time but less time than in previous version. Pages opens more quickly but sometimes it hangs... I'll get more real time torrenting this week when students arrive :)

    Also I've noticed that my download speed for torrents didn't go above 900KB/s. Also When Watching youtube videos on 1080p download rate was approximately 300KB/s What I don't understand is, why youtube won't get more download speed? Also why downloading torrents with max ~800KB/s even though my class says: from 5% to 100% ? Should I rearange classess somehow in new version?

    I've also noticed while being on skype, that the user didn't hear me a few times, there was interraption on my part... And also in QoS I saw that when using skype some port was in p2p/Bulk.

    Advanced -> Contrack/Netfilter
    QoS -> Bassic Settings
    QoS -> Classifications (They are left default)
    QoS -> Graphs (I think it's worng because most of the traffic is indeed p2p
  5. Toastman

    Toastman Super Moderator Staff Member Member

    TBH, I am using this same version on three old 16Mbps/500kbps remote sites with WRT54GL's and have no issues - downloads peak 15Mbps, and the new QOS ingess allows this on any class, including P2P, if set to do so. YouTube videos are usually classified OK by the L7 rules (HTTPVideo and Flash) and also get good speeds depending on the server's load. (BTW - over here YouTube rarely gives very fast downloads, but always enough to prevent buffering).

    Yours should be better especially as you have more outgoing bandwidth.

    I think the traffic in VOIP class is caused by misclassification. You can click on that class and see which rule put it there, it is probably rule 25, the Skypeout filter. You should disable it.

    I can't see anything obviously wrong. Did you erase NVRAM and reconfigure from scratch? Is your LAN connection running at 10Mbps?
  6. frojnd

    frojnd Networkin' Nut Member

    Hi Toastman :) I just want to tell you thank you for time and good work here!

    I've disabled skypeout rule (It was rule 25). I've erase NVRAM after upgrade and start configuring from scratch. Where do I see (in router) if LAN connection is running at 10Mbps? Transfers within LAN are 100Mbit... Also I don't see LAN in Bandwith -> Real-Time I See: WAN (wlan1), WL (eth1), br0, eth0, imq0, vlan0

    Also I've noticed just now that DL speed for torrents went to 1300KB/s fro a few minutes and in this time load buffers incrased and response time of pages also increased.

    Is my Advanced->Conntrack/Netfilter missconfigured? Or maybe QoS -> Bassic Settings?
  7. shadowken

    shadowken Networkin' Nut Member

    Hi Toastman
    Thanks for your good work , Keep it up man :)
    I'm currently using tomato-E3000USB-NVRAM60K-1.28.7495.1MIPSR2-Toastma n-RT-VPN-NOCAT firmware , really happy with it .
    I just want to ask you if you can load "String match" & "comment" modules into your next builds ?
  8. Toastman

    Toastman Super Moderator Staff Member Member

    frojnd, something is very wrong. I suggested looking at the speeds of the wired connections, LAN (look at the speed of connection in Windows, (or your OS) and check it's really connected at 100Mbps), because your're limiting at around 10Mbps speeds and it doesn't seem to be anything wrong with your settings. This is quite a common occurrence. Of course the same would apply to the modem connection if it is running at 10Mbps.

    shadowken, I tried the string match module some time ago, and found it to be unstable. That may have been my fault, of course.
  9. frojnd

    frojnd Networkin' Nut Member

    Toastman: The computer I was testing torrents was FreeBSD 8.2 with 100Mbit ethernet card. I'm 1000% positive it's 100Mbit because I was able to transfer from that computer 100Mbit ethernet card to my working computer (Linux) which has Gigabit ethernet card at around 12MB/s (as in megabytes per seconds). But if I'm not wrong, LAN speeds will be at around 10MB/s if the main router has 100Mbit ports?

    I called my ISP and he remotely checked and confirmed that the line is fine. It's not locked to 10Mbps.

    Real time example, what I can't find in this new version is LAN tab.

    And here is scheme of LAN configuration:

    The transfers I was describing were through Linux and BSD through 100Mbit Switch.
  10. frojnd

    frojnd Networkin' Nut Member

    I was downloading a file through http, using wget directly on a Linux computer and I don't think it's 10Mbit limitation issue:

    I found LAN tab under IP Traffic Real - Time :)blush:) What I don't understand is that even though I was transfering file from BSD to Linux with 9Mb/s LAN didn't recognize this:
  11. windozer

    windozer LI Guru Member

    @frojnd have you turned the QOS off to see if the transfers are still limited?

    The custom naming of classes was a nice touch.
    Since toastman updated the QOS settings, I install firmware, clear nvram again, turn off L7, rename the classes to Highest-High-Medium-Low-Lowest (the old way), set default class to medium, download limits for all classes to none, upload limit for each (Highest to Lowest) ~90% to ~10% in a decreasing order, and make my own rules on a case by case basis - for apps, http, p2p ports, certain IPs etc. I copy and paste those rules into notepad and do them all over again. Coz nvram reset keeps everything shiny and fast after flashing : ) seriously. I'm not an expert but i'm just sharing what works best for me.

    Since my last flashing i've kept the default QOS setting on because I noticed the youtubes are playing with less/no interruption @720p on my 4mb DSL. Although I'm tempted to go back to my "old" custom settings. Thank you toastman, really appreciate your support.
  12. frojnd

    frojnd Networkin' Nut Member

    windozer, yes I've turned off QoS an it wasn't nice, there was a BOOOOOM on a network :D
  13. frojnd

    frojnd Networkin' Nut Member

    Hi there. Today I have 3 questions regarding QoS -> Details:

    a) How can I fix red Unclassified rule? I have a feeling that this port is p2p since it's going to the soruce port 41132 <- p2p. How can I fix that there won't be unclassified anymore?
    b) blue unclassfied. Destination port is 138 and also source port is 138. Where should I put this port?
    c) green remote. This is teredo port. I'm almost 100% this user doesn't use teredo. At least not in his knowladge. Could this be some trojan horse or smth that it's triggering this port to be active?

    Other than that, QoS works fine and I'm still doing some tweaking. Any tips how to make Web pages more responsive even under high usage of torrents, youtube videos?
  14. Toastman

    Toastman Super Moderator Staff Member Member

    a) Most "unclassified" connections are incoming P2P connections from other P2P users that are trying to connect to ports that have already been closed. Therefore, they stop at the router. If anyone is or has been using P2P, these incoming connections will keep occurring for some time after you stop using the application, since a tracker has indicated your IP has files to share. Just ignore them.

    Connections that terminate at the router are not classified. This will help you to figure things out.

    b) This is Netbios over TCP / Samba. It should be limited to your local network.

    c) Late versions of Windows have Teredo enabled by default, just disable it. On a big network you usually see a lot of machines that are running Teredo.

    Lastly, at all my locations, we found long ago that allowing UDP and uTP connections from uTorrent etc. took most of our bandwidth while the speed of downloads actually decreased. By disabling both in the torrent client, we are able to use what bandwidth we have to get high download speeds using TCP only. In my case I try to choke them both in the "crawl" class as I have no control over the user's PC's.
  15. frojnd

    frojnd Networkin' Nut Member

    Thank you for yor detailed answer on my a) question and on other two questions. I second looked at destination ip for 139 port and it was locally. So all is good. How can I disable Teredo on Toastman version? Or do I have to disable it on each machine individually?
  16. quietsy

    quietsy Network Guru Member

    It's recommended to disable UDP/DHT in your P2P application as it doesn't contribute much to the download speed and QoS is performing much better without it.

    You have to disable Teredo on each machine individually, this is how you do it on windows 7:
    Open CMD and type the following commands
    set state disabled
  17. frojnd

    frojnd Networkin' Nut Member

    Thank you quietsy. I'll try somehow to inform the users that use torrents, toredo.
  18. careh

    careh Addicted to LI Member

    Well I did some digging on deltacopy & found the 'real' problem is the rsync protocol the program uses. It runs at very slow rates.

    So there is no issue here & sorry for leading you guys on a wild goose chase. I deleted my previous posts.
  19. l0p

    l0p Serious Server Member

    Hi, i need to do income filtering based on private destination IP address on VLAN4 interface.
    I found how to do this here
    But i failed to do
    $IPTABLES -t mangle -A FORWARD -i $INTERNET -j IMQ --todev 1
    I guess it happened because there is no ipt_IMQ module. How can i get it?
    i found it here
    but it is for another kernel. Please help

    PS:I'm using shibby tomatousb on asus-rt-n66u
  20. l0p

    l0p Serious Server Member

    Ok, the correct module is xt_IMQ and all commands are accepted now. The classification works ok and “ceil” parameter works properly for all classes, but “rate” parameter still doesn’t work (classid 1:10 always takes all bandwidth limited to 4Mbit ceil).
    Here is the commands I use is in another VLAN: vlan3
    vlan4 is DSL internet
  21. l0p

    l0p Serious Server Member

    I guess there is something wrong with tc in the tomato firmware.
    1. It doesn’t respect rate or quantum parameters on imq interface. Here is tc stat ( 1:11 class has only 71576bit rate although it has much more quantums):
    2. I tried another approach for incoming traffic control, which I used on Oleg's based custom firmware (2.4.37 kernel based) on wl500g router: building separate classes on eth0 for VLAN. It worked on tomato too, although tc stat displays wrong classification. Very strange.
    I will try dd-wrt if it works better.
  22. mvsgeek

    mvsgeek LI Guru Member

    How is the QoS "View Details" page populated? I'd like to capture this information via script, say every 5 minutes, over a period of days or weeks, and use the results to eliminate redundant QoS rules.

    Is this (a) feasible (b) worthwhile?
  23. the_bhagwan

    the_bhagwan Network Guru Member

    Way back in this thread there was rebooting issues solved by firewall prerouting scripts.

    Its still in the firewall tab of current builds, under admin-scripts.asp, but it assumes you use and no VLANs

    My main IP range is, not
    and a VLAN on a port with IP range

    Question! Will these modified firewall rules below serve the purpose intended on both IP ranges?
    I'm a little concerned that doubling up on these, albeit with different src-range, will make one or both inoperable/ineffective. I don't understand this enough to know.

    iptables -t nat -I PREROUTING -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 100 -j DROP
    iptables -t nat -I PREROUTING -p ! tcp -m iprange --src-range -m connlimit --connlimit-above 50 -j DROP

    iptables -t nat -I PREROUTING -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 100 -j DROP
    iptables -t nat -I PREROUTING -p ! tcp -m iprange --src-range -m connlimit --connlimit-above 50 -j DROP

    iptables -t nat -I PREROUTING -p tcp --dport 25 -m connlimit --connlimit-above 5 -j DROP

  24. Bladepopper

    Bladepopper Serious Server Member

    Qnap TS-212 (BT Downloads using Download Station and Transmission, mostly downloading movies and tv episode, generally 10 torrends on download station and Transmission each)
    Asus RT-N16 with latest tomato firmware (Toastman build:tomato-K26USB-1.28.7498MIPSR2-Toastman-RT-VPN.trx).
    All lan lines are CAT 5e.
    One desktop with gigabit lan wired to RT-N16 (It is dedicated for playing music and video stored on the NAS)
    Two Notebook (Macbook Pro and Toshiba Z830) (General Internet browsing only)

    Previously I had a TP-LINK WR340G v2, which is a b/g router, and I could get about 300~800KB/s of download rate. However I bought a Asus RT-N16 and flashed latest Toastman Tomato firmware (tomato-K26USB-1.28.7498MIPSR2-Toastman-RT-VPN.trx) due to the old TP-LINK is crippling my internet access (whever download station is active, no matter if download/upload speed is 1kBs or 1000kBs, loading yahoo or google takes more than 3 minutes and often failed to open).

    I live in school dormitory and using I tested my download speed is about 3.5~4.0mb/s and upload about 0.5mb/s. I entered the speeds with about 70% of this value. Here's a snapshot of my QoS settings:

    With QoS enabled, downloading torrents no longer cripple my network and my browsing is pretty smooth. However I discover that my download speed is no more than 50kB/s. Here's a snapshot of the bandwidth.
    As you can see, download can be as low os 10KB/s
    I suspect its QoS limiting my download speed and so I turned it off, here's a snapshot.
    As expected, download speed shoots up to about 500KB/s and more.

    So I'm thinking I'm not setting the QoS properly. My objective is simple: when I'm using browsing internet, bt download should not affect my browsing experience. When I'm not browsing, BT should be at full speed. Can anyone give me some suggestion of how I should set my QoS?

    PS: I'm not sure if I've forwarded the ports correctly:
    Can someone confirm that if this setting is correct/incorrect?

    Thanks a lot.
  25. Kila

    Kila Serious Server Member

    I had some P2P traffic coming in through the VOIP/Game ports, is this normal? Without being able to directly control a user's port selection on their torrent application, is there any way to combat this? I'm concerned someone who's torrent application randomises ports might end up damaging likes of Skype's bandwidth if they end up using the same ports.
  26. lancethepants

    lancethepants Network Guru Member

    Toastman does have some firewalls rules that come with his firmware that could help somewhat. You'd have to uncomment them, but they should limit the amount of connections each computer can create. If someone torrents over voip ports, it could at least keep it down to significantly fewer connections instead of dozens.
    I've also wondered about this, though I haven't yet seen the issues arise for me. Especially if a user has knowledge of the workings of qos, seems you could not only bypass, but exploit the system. Limiting the connections though probably ought to help prevent saturating the line though.
  27. Kila

    Kila Serious Server Member

    So aside from P2P performance being hit, is there any other disadvantages to limiting the amount of connections each computer can create?

    I've got bandwidth limitations assigned to each computer/IP address which will help. But it would be good to have QoS settings for each IP too (the classification rules etc for each IP). So if someone torrents through the VoIP ports, it only affects them. I guess it would result in a very complex arrangement of QoS settings.
  28. Toastman

    Toastman Super Moderator Staff Member Member

    Don't worry too much about the odd "leak" into other classes, it usually isn';t too serious and will not last for very long, generally.

    Some apps just can't be controlled, because the writers have made it use common ports under 1024 - then as a last resort make a rule for the client IP or MAC instead and limit it. You just have to do what's necessary. Up to 80 QOS rules are currently allowed.
  29. Kila

    Kila Serious Server Member

    Is there a way to re-arrange the rank order for the classes on incoming bandwidth distributions? I can only see ways to change it on outbound. One video streaming application comes in as FileXfer, and I'd rather that had higher priority than VoIP, since P2P traffic keeps appearing through that and getting priority. Or is the inbound traffic not ranked by priority?
  30. Toastman

    Toastman Super Moderator Staff Member Member

    Priority is the same as outgoing. Top down to bottom. You could make a new rule for that particular transfer and classify it higher than VOIP.
  31. wilsonhlacerda

    wilsonhlacerda Addicted to LI Member


    have anyone found a correct way to classify Youtube? An QoS classification in Tomato that does work with it?
    L7 httpvideo never catches Youtube here. L7 flash neither. I also tried L7 http-rtsp and no way to work also.
    Using standard Toastman classifications Youtube is always set as http and thus endup QoS classified as DOWNLOAD cause of 512k+. That's a huge problem because usually we want consistent but slow (low QoS priority) downloads in one side and consistent but fast (high QoS priority) streaming videos on the opposite side.

    Tests done lots of times with diffent Tomato mods K2.6 and also K2.4. Exactly now runing "tomato-WRT54G_WRT54GL-1.28.7633.3-Toastman-VLAN-IPT-ND-VPN" on a WRT54G v3.0. Youtube was and is always a problem. Tomato's L7 httpvideo/flash/http-rtsp cannot catch it.

    I think it is impossible to have and keep up to date a list of all Youtube servers IP, but if someone could solve this or another way please share.
  32. Howlgram

    Howlgram Serious Server Member

    Hey Toastman, i am looking through the internet and your countless posts to properly set up my QoS (for gaming purposes). I still havent so i cant tell what works and what doesnt, but through google i found this thread where another guy says that setting inbound outbound limits to 60% instead of 100% is totally wrong, apparently what he says helps whoever was asking, so im wondering what is right and what is wrong, what do you advice me?

    and, in another more important note, how do i know if i should use source or destination (src, dst) for X port number? :/
    I want to set a class for steam games :
    • ports: UDP 27000 to 27030 inclusive
  33. Toastman

    Toastman Super Moderator Staff Member Member

    Well, the forums are full of experts <g> I would ignore that advice.

    You need to set them as destination ports.
  34. Monk E. Boy

    Monk E. Boy Network Guru Member

    27000 to 27030? Steam, eh? I used Src or Dst for my Steam rule.

    Personally the only way QoS makes sense for me is if all values in the left column - the ones that are in use by rules at least - total 100%. Left side is guaranteed bandwidth, and you can't guarantee > 100% of bandwidth.
  35. Toastman

    Toastman Super Moderator Staff Member Member

    That's true. Although it seems to sort itself out.
  36. Howlgram

    Howlgram Serious Server Member

    um kk, ty
    do you know when to use src or dst? in case i want to set another rule so i can figure out myself
  37. Toastman

    Toastman Super Moderator Staff Member Member

    In general dest means the remote end, i.e. not your router, src is the router. Obviously, if you're not sure set both, see if it works then change to src or dest to see what the difference is. Just experiment to get used to it.
  38. frojnd

    frojnd Networkin' Nut Member

    I'm having some major problems with version tomato-ND-1.28.7632.3-Toastman-IPT-ND-VPN.bin torrent speeds are like only 30-50KB/s :eek: fring doesn't work properly etc... I think it's something with QoS. So I'll try to upgrade to tomato-ND-1.28.7633.3-Toastman-IPT-ND-VPN.trx Do I have to rename .trx to .bin?
  39. frojnd

    frojnd Networkin' Nut Member

    Ok I've renamed to .bin and upgraded. I've erased NVRAM before and after upgrade. But I still have similar problem as Bladepopper. My download rate is around 130kB/s when QoS enabled. The moment I disable QoS bandwith significly rise up. I've upgraded to tomato-ND-1.28.7633.3-Toastman-IPT-ND-VPN
  40. Kila

    Kila Serious Server Member

    I stream live TV using a website called Sky Go (which uses Microsoft Silverlight). QoS defines it as FileXfer, and I've allocated sufficient bandwidth (40% to 100%) so it works without buffering when P2P traffic gets heavy.

    The video stream allows you to set 4 video quality settings: low, medium, high and auto. Using auto, it will begin using low quality and after a few seconds determine there's enough bandwidth to use high. QoS seems to affect this, as it'll remain on low quality, even though there is sufficient bandwidth - with QoS disabled it works as expected. I can manually select high, so this isn't really an issue but just some background info.

    With the 'high' setting - there is two bit-rates, one at 1.8Mbps and one at 2.7Mbps. For some reason, with QoS enabled, it will always remain at the 1.8Mbps stream, never using the full bandwidth for the 2.7Mbps stream. There is no way for me to force the web app to use the 2.7Mbps stream, it is determined automatically, and the QoS seems to be affecting it somehow. This happens with no other traffic. With QoS it uses the 2.7Mbps stream. I have 10Mb internet.

    The ports used vary, and Sky won't tell me what the port range is. What else can I do to set this up?
  41. Toastman

    Toastman Super Moderator Staff Member Member

    Perhaps each stream has something different, port maybe? Something obviously changes.
  42. Monk E. Boy

    Monk E. Boy Network Guru Member

    What I usually do is set a rule to src or dst, then establish a connection, then go into View Details to see how the connection is working.

    With Steam I believe you're connecting to their servers over 27000 to 27030 and other peers are connecting to you over 27000 to 27030, therefore you need the rule to encompass both src & dst... but I haven't looked at Steam in ages so things may have changed. I set it to both, set up a port forwarding rule, and haven't needed to touch it since.
  43. frojnd

    frojnd Networkin' Nut Member

    This is odd. Somehow web interface every now and then become unresponsive. I can't access it locally. The only option I have is to ssh to the router and reboot it. But now even this doesn'thelp. Internet works however web interface is unresponsive. My version of the firmware is: tomato-ND-1.28.7633.3-Toastman-IPT-ND-VPN (I belive it's the last stable one) Any ideas what is going on? Is this the right topic to write this stuff in? If not please inform me where to post it.
  44. Toastman

    Toastman Super Moderator Staff Member Member

    It doesn't usually happen. It may be that the router is heavily stressed and is running out of resources/memory.
  45. frojnd

    frojnd Networkin' Nut Member

    Hm. The odd part is that I see in status numbers like this:
    CPU Usage 28.16%
    Total / Free Memory 14.04 MB / 3,760.00 KB (26.16%)

    Odd because CPU doesn't go higher even though I have a few havy torrent users. And memory well maybe because I set cpu to 250MHz? But didn't have any problems in the past with setting CPU clock to 250MHz.

    And question two. I've setup openVPN server with certificates that listens on port 1194 (TCP) I didn't forward it. Vpn works fine. The only problem is that it's very slow. Even though I have plenty of upload/download speed. Is it even possible to clasify in QoS vpn?
  46. miracle2k

    miracle2k Networkin' Nut Member

    This. I have the same problem. The L7 filters don't seem to work, at least for Youtube.

    On a related note, it would be tremendously helpful for debugging QoS if the "Transfer Rates" view listed the classification (Class and Rule).
  47. Porter

    Porter LI Guru Member

    Concerning the L7-filters and youtube:

    I can't say that the flashvideo filters don't work at all. But especially on youtube they are quite unreliable. Sometimes if I click on a video link then the QoS graphs will show me, that the video is classified as download. But if I reload the youtube page it gets classified as Media the next time.

    Maybe this ist because of the way L7-filters work. As far as their howto told me, the filters look at the first 2KB of a connection or the first 10 packets, whichever is reached first. Those limits could be too small nowadays. But that's only my guess. Another explanation is that the regular expressions in the filters need better finetuning to match again because most of them are quite old and some things could have changed.
  48. rs232

    rs232 Network Guru Member

    These in attachment are my QoS settings for the "media" class


    They are not perfect... but they match quite a lot.
  49. rojmiller

    rojmiller Serious Server Member

    The Youtube L7 filters don't work for me either. But I found out one reason why. I use Firefox, and when I watch Youtube the videos pass all the filters and end up as Bulk Download. Watch the same videos in IE, and they get caught by the filters and classified correctly. Any one have any idea what Firefox could be doing to cause this?
  50. rojmiller

    rojmiller Serious Server Member

    I found the answer - Firefox is using HTML5 (, while IE and Chrome are not. So Flash is being caught by the filter, but html5 is not. Anyone know how to filter out html5 videos in QOS?
  51. Gitsum

    Gitsum LI Guru Member

    Watching youtube with Firefox 13.01 gets picked up by L7 rule "httpvideo" correctly for me using Shibby 095. Puts it in the "media" class.
  52. rojmiller

    rojmiller Serious Server Member

    Not for me, using Firefox 13.1 as well. But I am using WRT54GL-1.28.7633.3-Toastman-IPT-ND-Std
  53. miracle2k

    miracle2k Networkin' Nut Member

    I've made some tests in different browsers (all Youtube, Windows).

    - Firefox 13.0.1 with Flash 11,3,300,262 - does detect as file transfer.
    - Chrome 20.0.1132.47 with Flash 11,3,300,257 - does detect as file transfer.
    - IE 9 with Flash 11,2,202,235 is interesting - it detects as media, but only initially. It then seems to switch to new connections in regular intervals (I observe new connections to the same destinations with the source port increasing by +1), and those new connections are not detected as media.

    I also tried Youtube with HTML5 enabled in Chrome, and it makes no difference - still file detected as transfer.
    My classifications setup is first testing for L7 flash, httpvideo, http-rtsp, shoutcast, then a bunch of manual ports, all targeting the media class, then two rules that classify HTTP, HTTPS and FTP with Transferred 512KB+ as file transfer.
  54. GrandPixel

    GrandPixel Networkin' Nut Member

    Toastman have you thought about doing a YouTube tutorial for QoS?
  55. Toastman

    Toastman Super Moderator Staff Member Member


    Tutorials of this kind need good explanations and diagrams.

    Youtube videos of same always have some guy waving his hands and talking nonstop garbage while attempting to zoom in on some low-res image that was taken in a hurricane.

    Youtube isn't for me ... sorry.
    warchieff likes this.
  56. Porter

    Porter LI Guru Member

    It's difficult to give advice if the complete configuration is unknown. Some screenshots would help.

    Did you read Toastman's guide? Are your overall Max Bandwidth Limits low enough? How is Netflix classified? I'm not sure about it, but does it end up in the Media class?
  57. Toastman

    Toastman Super Moderator Staff Member Member

    You're clearly suffering from congestion, probably on the incoming link. Because of this, QOS isn't working, you need to rethink your maximum settings, as Porter suggests. Use the incoming charts to make absolutely sure that your incoming bandwidth never exceeds about 90% of your maximum "measured", bandwidths. You must never let it hit the "max" value, at that point we lose control.

    If you are using an old version of Tomato, change to Toastman version that has a much better QOS ingress system.
  58. tutorialbs

    tutorialbs Serious Server Member

    This post is in response to my QoS questions posted in the other thread about QoS(click here). See below for my QoS setup (images included) ;)
    Thx for the fast response!
    2. That's good to know. I actually *only* really need BW limiter to control the amount of connections on a few IPs who are known torrent users, and a total limit for the rest. Would the BW limiter work together with the main QoS to do that, at least?
    So you're saying that that one or the other works? Or, for example, if I have classes setup on both, and both enabled, do rules from the main QoS classification's list overrule the BW-limiter's rules? I've noticed that the main QoS class list goes from #1, #2, #3.... and so on, depending on how many you make, while I have seen much higher rules prioritizing my traffic (for ex, I see Rule #255 a lot) and I've only ever had 15 rules, max.

    3. I knew it was traffic between LAN and router... but when there is a lot of traffic (i.e. many connections between LAN(s) and the router) that the router might have to use extra processor speed or power to handle all of that local traffic, and therefore, the router would have less overall processor speed or power available for browsing the internet or w/e, and thus slow down my game.
    4. Screens of my current setup below. Been working quite nicely so far, this is my best setup yet:​
    A)Qos-Classification.PNG, B)Qos-BasicSettings.PNG​
    C)QoS-BW-Limiter.PNG, D)QoS-Graph.PNG​
    A)[​IMG] B)[​IMG]
    C)[​IMG] D)[​IMG]

    5. I'm not actually sure what I meant either.
    edit: Oh, I was trying to understand why there is no classification list for "Inbound Direction" traffic? I read something somewhere but it looks like I confused a few things together.

    6 + 7. Thx for the reminder, I did think of that, but I actually think it would be more of a hassle for all of us for me try to and get everyone to control their bandwidth appropriately, I think they'd just prefer I did this (I told one, but I probably should ask every1). I don't really care about having priority over them in games but I can see how that would be considered cheating.
    Like I said though, the game uses random ports other than just 80 which is why this whole QoS deal was so difficult. It has a list of about 6 or 7 ports, but then there will be some random server that requires some random port to be open, it was really stupid of them to design it that way really.

    8. Toastman, I am experiencing less lag in my game after unchecking ALL 5 or 6 of the "small-packet" prioritization options, I think. But that's only after one night of experience. Could not having these options checked be worse in some situations than others?
    Also, I made QoS rules that simply prioritize small amounts of traffic instead (see my classification image) 0-8kb in size. Is this alternative equivelant? Or should I make the 8kb smaller or larger? Or just have them all checked except ACKS?

    Thanks for your help and the work you did on this!
  59. Porter

    Porter LI Guru Member

    2. They may interact unintentionally. I repeat myself: only use one of them. If you want to limit the amount of connections read this and adept it.
    #255 ist the default rule, which has to be the last one, because it matches everything that hasn't been matched by anything before. If you really want to prevent p2p from crashing your network, you should read Toastman's guide for the QoS-system.

    3. When there is a lot of traffic between the hosts of your network (LAN) the integrated switch in your router does all the work. Only connections to your router use cpu power and unless you have dozens of tabs open that display QoS-graphs this shouldn't be a problem.

    4. I highly doubt that you get a smooth internet experiece with you current config. If this works for you and your roommates then fine. But using the default rules and adjusting them to your needs should be far more effective. Not distinguishing between different protocols (i.e. mail, http) will mess everything up. Imagine somebody is sending an email while you are playing over http. Email and http will end up within the same class pretty quickly because you only classify based upon connection bytes and 8KB are reached very quickly.

    5. You actually have a point there. Seems like this headline was forgotten when the QoS system was improved. Maybe to something like "Rules for Classification", Toastman?

    6. If the game is http-based (and flash games probably are, but I'm just guessing) then you shouldn't have a problem matching it. You do have a problem though if the game traffic doesn't get matched and shows up in your default class. But then again, if you load the default rules and your game connection over http has seen more than 512KB, it will end up in the Download class and will get slowed down considerably when there are people downloading. You might be screwed either way. Your only chance might be a self-made L7-filter.
  60. tutorialbs

    tutorialbs Serious Server Member

    Over the course of a few days I have to say it's not nearly as smooth as I thought. The lag spikes aren't constant, at least, they come every once in a while and are fairly brief, like a bottle-neck finally releasing everything, and then building up again. So it's still better than constant lag with giant spikes, but definitely needs improvement.
    Thanks. I disabled the BW limiter, and using only QoS now. I'm using the following code exactly as I copied/pasted it into my Firewall Scripts section:
    #Limit all *other* connections per user including UDP
    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 40 -j DROP
    iptables -I INPUT -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 100 -j DROP
    #Limit UDP packet opens from all users - UDP to Router
    iptables -I INPUT -p udp -m limit --limit 20/s --limit-burst 40 -j ACCEPT
    #Limit UDP packet opens from all users - UDP out to WAN
    iptables -I FORWARD -p udp -m limit --limit 20/s --limit-burst 40 -j ACCEPT
    Do the last 2 mean there's 20 UDP connections per second, per user, or 20/s total?

    6. I didn't try to differentiate protocols because I didn't understand them too much. I only know that TCP is more for important stuff that can't have packet loss, and UDP is for streaming media and such. Would there be any disasterous effects if I restricted all my current rules to TCP/UDP, and then had one rule at the end restricting all protocols (so, all other protocols) to the Lowest class? Would that work or would all traffic use that rule? I'll look into the protocols further. For L7, is that simply a class that contains a list of classes?Thx again.
  61. Porter

    Porter LI Guru Member

    You chose to divert with no good reason and even deleted all the classification rules just because you didn't understand them. Don't blame me or anybody else if it doesn't live up to your expectations.

    I suggest you read Toastman's QoS-Guide in its enterity, because I'm getting the feeling you never did that until now.

    2. You also didn't read the whole post I pointed you to. At the end of the post you can find the commands that turned out to be useful.
    Concerning whether the commands limit overall or per IP: I don't know. You will have to google that. I would guess it's an overall limit.

    6. Please load the default rules by resetting you config. The most important thing about getting QoS to work is knowing your line capacity and then not enter the values of 100% but 60-70% of your line capacity. Only by that are big and latency generating queues being prevented.
    Please google for: iptables l7-filter.
  62. bobyang

    bobyang Serious Server Member

    Hi Toastman, I have a question. I am using your build and setup 66% of max download speed in Qos, I still get slow latency. I just wonder if you could help me out. I even set up to 30% and still the same result. as long as download speed reaches "flat line" the responding time became very slow and all other qos classes are slow too, such as www.


    PS. please take a look of the screen capture if you have time. thanks!



    Attached Files:

  63. Porter

    Porter LI Guru Member

    Hi bobyang,

    on the QoS/Basic Sttings-page:
    the left values are the guaranteed speed for a class and the right values are the maximum speed one class can get. The sum of the left values must not exceed 100%. Your current values guarantee about 200%! That's most likely the cause of your problem.
  64. bobyang

    bobyang Serious Server Member

    thanks for the information! I am going to modify the left column again.

    by the way, I thought that thought the left column means by class, if the total of top few classes use up all 100%, then lower classes will have no speed...

    Do you know how classes work with the % speed? For example, before, I setup WWW as 10% on the left. when someone use P2P (setup as 5%) with a lot of speed, it still sucks a lot of speed even WWW has a higher class, it ends up P2P uses about 6Mb and only few kb to WWW in the speed test. it seems like P2P is the first takes the speed then it owns the speed...

    thanks a lot
  65. Toastman

    Toastman Super Moderator Staff Member Member

    tutorialbs - As Porter says 2 posts above, you really need to go back and read this thread. All the answers you require are already there. The rules you have now are not going to accomplish much.
  66. tutorialbs

    tutorialbs Serious Server Member

    Everything I've done so far has made our network much stronger and faster than the default setup so I only consider these things improvements... you're right I didn't read through the guide, I did use a few parts of it, but it's just too much for me, I'm pretty ADD when it comes to reading stuff I'm not interested in (not trying to be a dick, it's just the truth). I just like the rules that cover everything because they are simple and easy.

    Setting my connections too small was actually a big problem it turns out, after fixing that, we're getting no lag and good ping times. It could probably be better, I'll have to come back and finish the guide in parts. But I just wanted to let you guys know about the connections problem. The game did NOT like the fact that I set Time Wait: 30 seconds and Established: 1200 and there was weird lag when I set these too low, in addition to regular lag I had before my current QoS setup.
    After finding a higher time_wait that would not max out our connections too fast Time Wait: 210 seconds and making established connections last longer Established: 3600 basically all lag has ceased and everythings running smoothly.
    Thanks guys for caring enough to help and working with me to find the problems!
  67. bobyang

    bobyang Serious Server Member

    Thanks. yes, I read through almost all articles before I post, I tried all most everything I can google and in "" I think that's the reason I end up different configulations. I will go through and reset again.

    here is the result I setup on the left column for downstream and adds up to 100% but still with the same slow response time. (by the way, I only use QOS without speed limiter, and uncheck all packages and icmp)


    the picture shows the ping with max of 66% and 50% of ISP downstream. with firewall script:
    #The new rules in the firewall script box were:
    iptables -t nat -I PREROUTING -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 150 -j DROP
    iptables -t nat -I PREROUTING -p ! tcp -m iprange --src-range -m connlimit --connlimit-above 100 -j DROP
    iptables -t nat -I PREROUTING -p tcp --dport 25 -m connlimit --connlimit-above 5 -j DROP


    Attached Files:

  68. Porter

    Porter LI Guru Member


    So you are saying you kept your own old config and it's made your connection better? Web-downloads, youtube or P2P don't mess with the responsiveness?
    Concerning the timeout-settings: it's not wrong to use higher values. In fact the default are much higher values. But when under heavy load the old wrt54gl and alike weren't able to deal with so many connections, so reducing the timeouts was a good tradeoff, which I have never had a problem with. At least not that I know of.


    Don't sweat it. Toastman might have confused you with tutorialbs.
    What type of traffic are you using to test your config? Web-downloads, p2p etc.?

    Are you sure that the host you are pinging is giving you stable and fast repsonses when you don't download?

    I wouldn't give any class 99%. In my oppinion it's always better to be a bit more on the safe side. As an example I have uploaded a screenshot.

    Check the QoS-graphs. Maybe some traffic isn't behaving as you like. Can you browse the web with a reasonable speed while you are still downloading?

    Attached Files:

  69. bobyang

    bobyang Serious Server Member

    The way I tested is using netflex and IPTV (MEDIA class) to make sure with bigger downstream (about 2-5 Mb) (my ISP gives me 10Mb) + running torrents to test if someone tries to use P2P at the same time (P2P class) + browse web at the same time to test speed (WEB/DOWNLOAD classes) for most of regular users.

    At the same time, I try to change neflex menu, then nothing comes up. I found that's because the latency (1xxx-3xxx ms) is too slow, so the menu couldn't pop up. Afterwards, I stop P2P client, I don't see flat line anymore in the router realtime graph and I could see ping comes back to about 50-80ms, at this time, I can see netflex menu again.

    I could not browse web (even google) with a reasonable speed, it was poping up right away, but with slow ping time (flat line) it takes about 5 seconds to have google web comes up.

    I ping -t to (the google DNS) and (DNS) and both should be very stable.

    I will try your setting shortly and let you know the result. thanks!
  70. Eri

    Eri Networkin' Nut Member

    Sir Toastman or Expert Ones,
    which one is the correct opinion:
    1. QOS Outbound Rates / Limits & Inbound Rates / Limits setting are intended to manage bandwidth for each client to WAN based on each client's request? or
    2. QOS Outbound Rates / Limits & Inbound Rates / Limits setting are intended to manage bandwidth for router to WAN based on all clients' request?

    if the correct is #2, what about if all clients (say 25 clients) are connected/request for gaming class, while the QOS is set 5% - 20% (outbound) & 10% - 30% (inbound)? is that setting enough for serving the clients' (25 clients) request?

    or if another correct opinion please describe.

  71. Porter

    Porter LI Guru Member

    #2 is the right description of what is happening in the router.

    Nobody can tell you how much bandwidth your game needs. You will have to test it for yourself. If gaming is so important to you, why don't you set the right value to 85% or 90% instead of 20% and 30%?
    Eri likes this.
  72. Eri

    Eri Networkin' Nut Member

    Thanks for your concern to my question sir.
    i'll set as suggested (since most of my users are enthusiast game).
    I'll keep monitor on it.

    And if the quota of each class (even the higher one) doesn't reach max limit yet, will it be merged to the other class (even the lower one) ?
    Then if the higher class needs more quota, will it take to the lower class till the higher class reach max limit of it's quota?
  73. bobyang

    bobyang Serious Server Member

    Hi Porter, I try your setting and use 66% and 50% of the my ISP download speed. However, I still get the same thing.. once I hit the max speed in average which is almost flat line for then latency became very slow and other higher priority Qos didn't get the bandwidth of it should get.

    More information, once I see the line pop up or down, then the latency will get back to normal until I see the flat line again.

  74. Porter

    Porter LI Guru Member

    I didn't mean that you only use 66% or 50% of your overall line capacity. I meant that you shouldn't give any class 99%. To be on the safe side, I wouldn't give any class more than 70% or 80%.

    Try to test every type of traffic (IPTV, P2P, Web-Download) for itself. Monitor with the QoS-graph that they are classified correctly and stay within the defined limits of their classes.
  75. bobyang

    bobyang Serious Server Member

    I found P2P is hard to setup limit because it may use other classes too, for example, I use google voice, which uses port 5222, 5228..etc and sometimes I see P2P uses those port because I don't use google voice at that moment, and I have skype L7 setup too and I see some goes to that class too.

    sorry, I didn't reply clearly earlier. Yes, I use your Qos setting from the picture + my own setting of 50% or 66% of download speed (where I read from toastman's post using only 66% downstream speed; otherwise, the latency will go up).

  76. Porter

    Porter LI Guru Member

    Only use L7 filter if you absolutely have to. I forgot whether it makes sense to make L7 filters the last filters so that most traffic has been already matched. You could try that. The skype L7-filters are known to overmatch. Just disable them and hav skype use a specific port so that you can match it with a simple port-filter.

    Try to make people use specific ports for p2p, too.

    In my experience, when I'm downloading a lot, webpages take twice the time to load. But I believe without QoS it would be even worse.
  77. bobyang

    bobyang Serious Server Member

    yes, skype L7 doesn't really work well.. However, skype uses dymanic ports so could not use the port numbers :(

    by the way, about P2P, do you block all other ports in the end of Qos? I don't know how to ask people to use specific ports unless they cannot connect...and I found a lot of them have no idea how to change ports in P2P software. :( it will take me too long to support them with 50 rental studios.)

    Thanks for the information. I thought Qos makes the higher priority traffic gets in and out First. I tried AximCom's iDBM, it works very well, it handles, all media, VOIP, gamming, web, P2P in the correct order. While full speed with P2P, the web speed is normal and ping is normal too. However, the only bad thing, AximCom only supports up 64 IPs now. However, with 50 rental studio unit 64 IPs are not enough.

    I read somewhere, it is related to "buffer bloat" with tomato firmware. I will try to do some research on that.

    by the way, I know this is out of topic, I tried DD-WRT, I don't like their Qos features and I wrote firewall scripts but get too much problems in the end because people ask for different rules, so I tried to use tomato. I heard people saying OpenWrt with X-WRT works out very well now, I just wonder if anyone tried it and see any problem?

    thanks a lot!
  78. Porter

    Porter LI Guru Member

    You can tell skype to use a specific port. But since people already don't know how to do this in their p2p-software they most likely don't know for skype either. Just make sure that the L7-skype filter is one of the last filters in line and see if this helps.

    Everything that doesn't get matched by a filter will end up in the default class (that's when you see filter rule #255). That's why you don't need an extra rule for all the other ports.

    QoS tries to prevent buffer bloat by handling traffic well. It's got nothing to do with tomato because if you configure QoS in the right way no buffers will run full.

    I didn't try any other firmware. The only thing that I know of is Gargoyle which is supposed to have automatic QoS.
  79. bobyang

    bobyang Serious Server Member

    thanks for the help Porter!

    I tried L7 skype as last rule.. and testing skype, it gets to my default class "Crawl" and the quality is not usable.. I heard almost nothing... ;(

    FYI, I just gave a try of , I think it really fixes the problem! the latency is good (about 60 ms) with flat line downloading speed! According to the posts, it limits the buffer pockets rather than using tomato Qos default 128 or 256.
    I tried their 2 packets limit but I can only reach the download speed to max of 4.xx or 5Mb... I will try to ask if he could help me to compile the firmware for 10 or 20 packets. if he could, I will post for the result.


    PS. I just read this. it sounds interesting.

    After doing more research and reading about bufferbloat problem, Linux Kernel 3.5 fixed the problem by using CoDel queue management.
    some information if you are inerestingin :) (I don't think any wrt use version 3.x yet but I will start doing research. thansk for all the helps)
  80. threeclaws

    threeclaws Serious Server Member

    I tried these setting but it destroyed my steam (source games) ping and that was after adding the required ports to the "well known games/voip" classification.
  81. Porter

    Porter LI Guru Member

    which settings did you try? The ones against bufferbloat?

    I remember playing around with txqueuelen, but this was several years ago. It didn't improve network speeds at all. I think it even had adverse effects. Especially when you reduce txqueuelen on a linux fileserver/router, because this network interface then has to handle your internet connection and your fileserving. If you've got only average internet speed then you are dealing with a 6MBit connection, but inside your LAN you might have gigabit interfaces (1000MBit). I highly doubt that those will work without proper queues.

    Another argument why the described measures might be a bit too much: buffers are only there to prevent packet loss when there is traffic that cannot go on the wire because the line capacity has been reached. If the line capacity is never reached, buffers won't fill up and slow down traffic.

    There is a specific problem to DSL networks per se. Due to the underlying ATM-Layer there is a certain amount of overhead induced which normal QoS doesn't know of. This is why normal QoS can never know exactly how much bandwidth is being used over a DSL-Link and therefore we all have to use such a big safety margin. We don't use 100% of our line capacity as maximum in the QoS/Basic Settings dialogue, but only 66-70%!

    There is a solution for this already in the K26 builds, but as far as I know it hasn't been implemented in the GUI, yet. This would be one cool solution to use QoS in a more efficient and reliable way.

    Apart from that I made a rather sad discovery today. I tested my connection with . Eralier this year I switched from a firmware with the mentioned ATM-mod to the new Toastman-mod with proper QoS. I always thought the reason why my internet got slower was the kernel:

    But in fact that's not true! I disabled QoS to see how buffers looked like without it because they were really high:

    QoS on:
    Now with QoS off:

    This came as a real surprise.

    To confirm I checked with my monitoring tool that downloads two websites every 5min:

    K24 comparison 2.4.37 with and without QoS.png

    Well, the sad conclusion now is that just by enabling QoS my internet speed slows down considerably! One explanation might be that I still use a wrt54gl and Tomato-QoS uses iptables to mark packets which is far more demanding than pure tc-filters.

    So now I can either buy a new and powerful router or I can switch back to the ATM-mod. Unfortunately the iptables subsystem is far more powerful in marking traffic, so control is much better. But right now, this costs a lot of speed!
  82. Monk E. Boy

    Monk E. Boy Network Guru Member

    Sounds to me like you didn't adjust your inbound/outbound speeds correctly.

    Personally I hack the ever living crap out of the default rulebase and go with a much simpler ruleset, with the first QoS category and the first QoS rule applying to Steam, so that it immediately classifies that traffic and goes along its merry way. Categories seem to be prioritized from the top down, and rules are compared sequentially from the top down, so anything that is time-sensitive (DNS, NTP) should be placed higher on the rule list and category list than, say, HTTP/HTTPS traffic (which while important to prioritize, isn't as time sensitive so it can be the 3rd or 4th category/rule w/o consequences).

    FYI, Steam uses ports 27000-27050. I also set a port forwarding rule for 27000-27050 to forward those ports to my PC. This doesn't mean that third party (non-Valve) games are going to use ports 27000-27050 though, if a game uses G4WL for example it will likely use different ports.

    Also, make sure in categories that the left bandwidth column, the minimum bandwidth percentage column, never exceeds 100% when totalling all values for all categories up. That column is a guarantee of a percentage of your bandwidth, you can't guarantee more than 100% (really you shouldn't try guaranteeing more than 90% so QoS has some room to work with).
  83. bobyang

    bobyang Serious Server Member

    very good point! I never test the LAN speed. I just try to make sure I got reasonable latency from outside so people can use netflex and gaming correctly instead of getting error message. ;P hard to handle everything all at once :) good to know the potential problems ahead.

    (We don't use 100% of our line capacity as maximum in the QoS/Basic Settings dialogue, but only 66-70%!) this what I thought earlier so I thought ping will not slow down since we didn't take the whole bandwidth and that's the reason I test with 6.6Mb and 5Mb limitation and all comes up the same result. This sounds like a conclusion to me, the router uses only the max speed we set up and then it became a "flat line" then buffer starts building up, I think that's the time even higher priority traffic could not go first because all are in the buffer and waiting to release.

    I just wonder is there any way I can say up only use 6.6Mb but when it is flat line, then higher priority traffic can pass over by using those other 3.4Mb (10Mb-6.6Mb), such as, latency, so it won't stay in the buffer too long and wait.

    I am using e2000 and wnr3500L both has the same "flat line" issue. this is not a problem at all until the bandwidth hit the flat line (but it is easy to hit flat line, can make it happens with one computer).. then people said game doesn't work, online TV menu doesn't pop up, google voice doesn't ring, skype doesn't pop up.......

    I am not sure your internet speed slows down with Qos. I thought toastman use tc filters? I remember I see something in tc -s qdisc before.. but I forget.. I haven't tried it for a while. I remember toastman build is different from others which has more rules and including internal and external interface. I will do some test to turn on/off qos. so you use ADSL there? I am using cable connection not sure if they are the same situation.

    I have another problem about Qos filter to youtube, I try to set youtube as "media" with L7 of httpvideo and rstp. However, it doesn't work, it gets to the "www" and then "download" rule. I just wonder if anyone knows how to set this up correctly?

  84. Porter

    Porter LI Guru Member

    What's with the Basic Settings? Did you enable icmp prioritization? In my experience enabling this doesn't help. What helped was making a new filter for the icmp-protocol and adding it as #2. But I never had pings with 1000-2000ms, even without prioritization. Maybe something else is wrong. You could post some screenshots of your whole config again.

    You can easily put unimportant traffic in one low class and put every other high priority traffic in a higher class. Using more classes just makes you a bit more flexible. But whatever works. Give it a try.

    Does your TV traffic really end up in the media class?

    You always use tc when doing QoS in linux. But the filtering can either be done by tc itself or by iptables. And Tomato uses iptables. Which is ok, but it's slower on older routers.

    The L7-filters for youtube mainly don't work anymore. We'll have to wait for somebody to analyse the youtube traffic and rewrite the regular expression in the filter accordingly.
  85. bobyang

    bobyang Serious Server Member

    thanks for the information. no wonder my youtube L7 doens't work out correctly as I expected.

    yes, I found "enable icmp prioritization" doesn't work either heii.. However, I use the rule to enable ICMP traffic to be as "services" on the first rule even higher than DNS rule but I still see "ping -t xxxx" into rule 255 in QOS and which shows as ICMP.. not sure why...

    actually, my pings are good most of time, only when the download speed reaches the max, things get into buffer then I start getting high ping. some people said it happens in most of newer router because of bigger buffer? the strange thing, I tried to max the upload speed to the amount I set up (18% lower than ISP gave to me) and the ping response is still normal. but it only effects to download speed, I even set max to 30% of ISP provided, I still get high ping when reaching the flat line, it seems like that the flat line is a dead zone.

    yes, the TV traffic end up in the media class correctly because I put IP instead of filter (I use filter doesn't work out well or P2P may take those ports)

    do you want to try different build like shibby? I remember someone's build was suing tc filter when I check something in the command line.

    one ore question, about Qos Desc address. is it possible to use something like * to handle all hosts in that domain?

  86. Monk E. Boy

    Monk E. Boy Network Guru Member

    Destination address has to be a particular IP address (or, possibly, a range of addresses). DNS names won't work.
  87. threeclaws

    threeclaws Serious Server Member

    No Toastmans' latest from the first page.

    I have a 30/5 line (TWC no speedboost) and had them set at 20/3.5 to give plenty of overhead. My in game pings went from ~30ms to west coast servers (specifically San Francisco and I'm in LA) to 600+ to the same servers. Steam was 4th highest priority and nothing else was using the connection at the time.
  88. Eri

    Eri Networkin' Nut Member

    my "L7 of httpvideo" setting works perfectly for me (after test & trial).
    I set it:
    Dst port: 80,443,8080
    transferred : 0 - 1024KB (1024KB + will be moved to download class).
  89. Porter

    Porter LI Guru Member

    It's supposed to be classified as Media...

    A ping of 600ms is very odd after enabling QoS.
    I don't know which settings you enabled. In Toastman's posts there don't seem to be exact settings... Could you be a bit more specific or even put up some screenshots?
    For my tests with CS 1.6 have a look below.

    I don't know why icmp doesn't get classified correctly.
    This is my filter:

    Today I tested a bit and used the old counter strike 1.6 for it. I started an ubuntu torrent and an ubuntu image via http. Without traffic I get an ingame ping of around 40ms; with or without QoS enabled. With traffic and QoS enabled I get a ping of 60-250ms and without QoS consistently above 250-340ms. Ingame loss only happens when Websites get loaded - with or without QoS. Loading websites seems to be more demanding then a one connection download.

    Just so there is no misunderstanding: you are saying you are using the maximum rates your ISP gave you? Didn't you measure your maximum rates yourself?

    Concerning QoS by domain destination:
    Do I understand correctly that you want to filter traffic that is destined for several hosts on your network? The filters only take IP-adresses. Domain names won't work. What you can do is put a script in the firewall section. Here is an example, the last post:

    You could then build an iptables command (inspired by /etc/iptables) to match specific IPs that gets unloaded and reloaded every day at a certain time so you catch dynamic IPs.
  90. threeclaws

    threeclaws Serious Server Member

    I used the settings here which match these

    I found it odd, to say the least, as well which is why I disabled it immediately.

    I've since reset everything, and added only the source ports to the voip/game classification in the default settings. This setup is working but I don't know what will happen, yet, when a heavy download starts elsewhere on the network.
  91. Azuse

    Azuse LI Guru Member

    1. It was stated at the end of the qos development thread a while back - prioritize ICMP box does not work. Making your first qos rule ICMP (if it's below dns torrents will will mess with pings) however does. Curiously, prior to the ingress fix in toasmans build, neither really worked so while not ideal, what we have now is a real improvement.

    2. Don't dig up qos guides prior to March this year for toastman builds, they're out of date.

    3. L7 httpvideo & flash do work, but they only work on video that hasn't be messed with. For example they catch all iplayer (big deal in the UK) traffic regardless of platform and all video streamed online to an xbox (again big deal - films especially) however they fail completely when someone meddled with the video as in inserted adds or used modified flash players e.g. youtube/jwplayer. RTMP catches quite a few of the more obscure ones, not had a chance to fully check the new quicktime ones etc (last time I updated my router was 18 months ago). Silverlight is a problem, in every respect.

    4. FYI the correct ports for steam are UDP - 3478, 4379, 4380 (destination ports, rule 1), UDP - 27000-27030* (destination ports, rule 2), TCP - 27015 (destination port, rule 3). Steam changed the download system to http more than a year ago, they're port 80 and will be caught by the regular download rule. N.B. You do not need to forward any ports unless you are running a server locally, otherwise you just create problems for yourself. In fact unless you're running any server or have a very special reason you should just delete all the port forwarding rules when flashing the router.

    5. GFWL control port is 3074 TCP/UDP (again destination), as with steam you can do no more than that.

    *Official ports for source games. Many servers do not operate on these and will have to be manually added if you use them regularly. Also games using steam works (most of them - rule 1) only use these as control ports and voip, with the actual game traffic taking random UDP ports thus being chucked in with p2p. The main reason the ICMP rule is needed.
  92. Eri

    Eri Networkin' Nut Member

    This my QOS for video/flash streaming.
    it works well so far:
    Any Address
    Dst Port: 80,443,8080
    Class: Media
    Transferred: 0 - 1024KB (1024+ moved to "Class Download")
  93. Azuse

    Azuse LI Guru Member

    That's a go and read everything again rule.
  94. Porter

    Porter LI Guru Member

    Thank you for taking the time to read the help that is provided in the forum. Unfortunately it is outdated.
    Please read Azuse's post. Most of what he says came to my mind, too.
    In my last posts I gave several hints as to how to configure QoS properly. You probably already know them. Just stick with them and if you run into problems post some screenshost of your config. It's fairly easy to produce some with paint.

    Sorry, but that's exactly what neither of us wanted. Mediastreams of whatever kind should not end up in the download class. If you just filter by port _everything_ (meaning normal webtraffic, too) will end up together with mediastreams in one class.

    1. There was a discussion between Toastman and me, whether this box worked or not. It never worked for me but an extra icmp-filter on the classification page worked. Toastman on the other hand seemed to observe that this box worked for him and that he didn't need an extra filter.

    I don't understand why the icmp-rule needs to be the first rule. DNS traffic of torrents never seemed to have messed with my ping. In my oppinion it doesn't make any difference whether this is the first or the fifth rule as long as the traffic gets into "service".

    3. Agreed, they do work with most of the normal flash videos. But as far as I remember there was a time when they worked somewhat reliably with youtube, too. Unfortunalely that's over.

    On a more general matter:
    My conclusion that QoS slows down my traffic was a bit premature. I ran another test with QoS enabled but disabled the four L7-filters I had. Now websites load almost as fast as without QoS! There is still one BUT: Netalyzr still says I've got excessive buffering.
  95. Azuse

    Azuse LI Guru Member

    Hmm, when I checked I was throwing far more connections at it than I'd ever use but on recheck you're right, DNS first, ICMP second is fine (probably better that way.

    It is odd though. On this toastman build the rule works but the box doesn't. On the Shibby build I tried either appeared to work and on the last k24 raf release the box worked but rule did not. Guess it's just trial and error, but it does make one wonder if the other check boxes are working as intended (seem to be).
  96. alfred

    alfred LI Guru Member

    How do I classify the IPv6 Tunnel?

    I am using Hurricane Electric IPv6 Tunnel Broker, so in the qos-detailed.asp page, I can see an IPv6 tunnel line between my IP and HE's tunnel remote endpoint, without Dst/Src port, classified P2P/Bulk in default, and 0 Bytes in/out.

    I think, generally it belongs to WWW traffic at the moment, should not be calssified P2P; should I set a rule with portocol IPv6 to WWW for it?
  97. Porter

    Porter LI Guru Member

    I can only guess if what I'm telling you is correct because I'm not using IPv6 and my Tomato-version isn't capable of it either. I'm also guessing that the QoS-system has no IPv6 support as of now, since you are reporting this.

    It migh be very simple though. The matching of packets is done by iptables. For IPv4 it is iptables, for IPv6 it is ip6tables.

    I just modified the filter for port 80 that I could find in my /etc/iptables, so if it doesn't work look for some examples there.

    This is the line I'm modifying:

    The connbytes part can be taken out because you probably only need one filter that matches always.

    What gave me some problems is the mark which is written in HEX. The last digit here 0x1c02005 is a 5 and seems to correspond with the class number. My download class has the number 5. The first two digits after the x seem to be a counter for the filter number. 1c in HEX is 28 in DEC.

    To be on the safe side I would suggest you choose 99 DEC (63 in HEX) as the filter number.

    So the command that you need to put in Administration/Scripts/Firewall is:

    Don't forget to change the XXXXX to the correct port.

    Please try this via ssh on the command line, so that you see immediately whether there will be an error or not. It is possible that this one command isn't enough.
  98. alfred

    alfred LI Guru Member

    Hi, Porter,
    Thank you for the reply, a picture is attached here and let me explain something:

    I do not mean the classification of the real IPV6 traffics, I mean the the classification of the "tunnel" itself.
    The two parts of the picture are extracted on the same page, a very long qos-detailed.asp page.


    Checking the top, you can see the IPv6 traffics can be classified according to the the QoS Rules; but at the most bottom, you can see the line of IPv6 tunnel between my IP and HE's tunnel remote endpoint, without Dst/Src port, classified P2P/Bulk in default, and 0 Bytes in/out.
  99. bobyang

    bobyang Serious Server Member

    thanks Azuse,
    1. I set ICMP as the first rule but still get into 255.. now sure why.. I guess I should clear all nvram and restart everything over...
    2. yeah.. I think a lot of them are out dated
    3. user are right, those work but not working working for youtube.. I will try to see if I can google any other youtube filter into media or www class.

    thanks porter,
    I don't know why it doesn't work for my ICMP.. I will reset nvarm and start over everything.
    To me because other people have something needs fast response, such as, gaming, VOIP, and netflex TV.. so I need to make sure P2P will not slow the network down.. I think you never see P2P slows ping could be the router you are using? I didn't have that "flat downloading speed line" problem before. However I start getting those things in e2000 and WNR3500 routers.. people said because these routers has bigger buffer and memory so those make all the traffic lined up, even for small high priority packet. I guess that's the reason new Linux has buffer float fix?

    the max download speed I used is from the speed I tried to FTP the ISP server by 5 times without any QOS running. However, it is very close to the speed ISP gives to me. but I think the thing is not the max downloading speed I setup... I got 10Mb download speed, but even I set up to 2Mb, I still get slow ping once I see the "flat line" appear as I showed in the previous screen... I set to 6.6Mb, and slow ping when it is flat line. then I set up 5Mb, in the short period of time, it is not flat line, the ping went back to 78mb but after few seconds, the speed became 5Mb flat line, and my ping went to about 2300mb!

  100. Toastman

    Toastman Super Moderator Staff Member Member

    Just rechecked here. The "prioritize ICMP" box is still working for me and easily checked, as pings go way out under heavy load but are 27mS - 53 mS when the box is checked.

    BTW - I believe that the current fascination with the "bufferbloat" issue is complete fud. I've tried all of the proposed mods to Tomato on ADSL lines of 1Mbps up / 16Mbps down, and all of them either resulted in no noticeable difference at all, or decreased throughput and other problems. The QOS system in itself prevents "bufferbloat".

    There are many scaremongering websites now that report that your link and equipment is pretty well useless unless you try out there "magic cure". Please ignore them and get on with your life.

    Personally, I share the opinion of most engineers who actually have to make this stuff work .. buffers are there for a good reason.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice