QoS and Allegiance

privateerm · Post by **privateerm** » Wed Sep 17, 2014 4:38 am

Question: has anyone here ever setup their router's QoS(quality of service) to make it so youtube movies, ipod app downloads, etc by someone else on the same pipe not interfere with Allegiance. Ie. Make Allegiance get the highest priority

Caveat: I know I can't technically do inbound QoS, but I have had success with outbound throttling.....

I know that there USED(very long ago) to be specific port number I could put a trigger on, but that doesn't seem to be the case now.

I'm using Tomato firmware on my router, but could just as easily stick DD-WRT on it.

Ideas, Thoughts?

Edit:
Here is a good read if you want your head to hurt...
http://tomatousb.org/tut:using-tomato-s-qos-system
http://www.dd-wrt.com/wiki/index.php/Quality_of_Service

peet · Post by **peet** » Wed Sep 17, 2014 12:57 pm

Do you use cable, (a)dsl, wimax, wifi?

privateerm · Post by **privateerm** » Wed Sep 17, 2014 3:59 pm

peet wrote:QUOTE (peet @ Sep 17 2014, 09:57 AM) Do you use cable, (a)dsl, wimax, wifi?

dsl directly into a tomato router then split into a small business network which my gaming machine is connected to.

dusanc · Post by **dusanc** » Wed Sep 17, 2014 7:18 pm

I have similar setup 6/1Mb adsl link. I throttle in and out traffic so to keep providers queue small and give my pc top priority.CODE
#/bin/bash
##!/sbin/runscript

# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
#depend() {
# after net.br0
#}
#start() {
DOWNLINK=5950
UPLINK=1000
DEV=eth0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

###### uplink

# install root HTB, point default traffic to 1:20:

tc qdisc add dev $DEV root handle 1: htb default 20

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1

# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2

# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
#laptop
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip src 192.168.1.10/24 flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

#router setup

iptables -F
iptables -t nat -F

#Setup default policies to handle unmatched traffic
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

#Copy and paste these examples ...
export LAN=br0
export WAN=eth0

#Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain ! -i ${LAN} -j REJECT

#(Optional) Allow access to our ssh server from the WAN
# iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT

#Drop TCP / UDP packets to privileged ports
iptables -A INPUT -p TCP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP

#Finally we add the rules for NAT
iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done#}

privateerm · Post by **privateerm** » Thu Sep 18, 2014 12:17 am

Thanks, this is what I was looking for. Good solution.

This ddwrt or linux box?

lol

Let me rephrase that dd-wrt router linux or pc running a linux bridge?
IT"S ALL LINUX!

DusanC wrote:QUOTE (DusanC @ Sep 17 2014, 04:18 PM) I have similar setup 6/1Mb adsl link. I throttle in and out traffic so to keep providers queue small and give my pc top priority.CODE
#/bin/bash
##!/sbin/runscript

# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
#depend() {
# after net.br0
#}
#start() {
DOWNLINK=5950
UPLINK=1000
DEV=eth0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

###### uplink

# install root HTB, point default traffic to 1:20:

tc qdisc add dev $DEV root handle 1: htb default 20

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1

# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2

# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
#laptop
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip src 192.168.1.10/24 flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

#router setup

iptables -F
iptables -t nat -F

#Setup default policies to handle unmatched traffic
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

#Copy and paste these examples ...
export LAN=br0
export WAN=eth0

#Then we lock our services so they only work from the LAN
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain ! -i ${LAN} -j REJECT

#(Optional) Allow access to our ssh server from the WAN
# iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT

#Drop TCP / UDP packets to privileged ports
iptables -A INPUT -p TCP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP
iptables -A INPUT -p UDP ! -i ${LAN} -d 0/0 --dport 0:1023 -j DROP

#Finally we add the rules for NAT
iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done#}

peet · Post by **peet** » Thu Sep 18, 2014 7:13 am

May I suggest to set the DOWNLINK and UPLINK value to 90% of the [real internet speed]? Measured with www.speedtest.net or similar website? Thus not the [advertised theoretical values] of your ISP. Measure your real speed on the DSL router itself without all the equipment attached.

Do you also want to use something like Mumble to talk with your buddies?

privateerm · Post by **privateerm** » Thu Sep 18, 2014 5:49 pm

peet wrote:QUOTE (peet @ Sep 18 2014, 04:13 AM) May I suggest to set the DOWNLINK and UPLINK value to 90% of the [real internet speed]? Measured with www.speedtest.net or similar website? Thus not the [advertised theoretical values] of your ISP. Measure your real speed on the DSL router itself without all the equipment attached.

Do you also want to use something like Mumble to talk with your buddies?

I do use mumble. Good reminder.

dusanc · Post by **dusanc** » Thu Sep 18, 2014 6:18 pm

That's a gentoo linux box. Dl and ul speeds are throttled but not to 90% but to 5950/6100 and 1000/1020. Values from multiple runs of speedtest. Oh and I crop packets from my network to my isp to lower mtu than 1500 on that box.

peet · Post by **peet** » Thu Sep 18, 2014 7:32 pm

Was the reserved minimum uplink / downlink for FreeAlleg + mumble together something like 98/98 KBytes/sec?

@Dusan. It is my experience that smaller MTU / MSSI's are often better processed by some ISP's, on an OpenVPN stream for example. I seem to have good experience with 1200.

DusanC wrote:QUOTE (DusanC @ Sep 18 2014, 08:18 PM) ...o lower mtu than 1500 on that box....

Imago · Post by **Imago** » Fri Sep 19, 2014 12:16 pm

peet wrote:QUOTE (peet @ Sep 18 2014, 02:32 PM) Was the reserved minimum uplink / downlink for FreeAlleg + mumble together something like 98/98 KBytes/sec?

@Dusan. It is my experience that smaller MTU / MSSI's are often better processed by some ISP's, on an OpenVPN stream for example. I seem to have good experience with 1200.

max packet size < 1400 Arma3