Configuring QoS with Managed Switch and OpenWrt

Installing and Using OpenWrt
21

I have these two iptables

iptables -t mangle -A PREROUTING -p all --dst 192.168.1.18 -j DSCP --set-dscp-class CS5
iptables -t mangle -A PREROUTING -p all --src 192.168.1.18 -j DSCP --set-dscp-class CS5

in the firewall's custom rules and I've set Wireshark's display to filter to view to and from traffic to the PS4. I'm still seeing 0 in the DSCP column.

22

which port are you mirroring? you will only be able to see packets going to the PS4 with DSCP. packets coming from the PS4 and heading to the internet will have a different source IP because of NAT

23

TX and RX from ports 14 and 16 on the 24-port switch.

24

ok so packets from ingress to whichever of those two ports is your router's LAN with destination 192.168.1.18 should have DSCP = CS5

are you seeing that?

are you seeing that the DSCP rule is being hit in the firewall info tab on LUCI (Status > Firewall)?

25

I'm only seeing packets for the bottom rule

Both set to prerouting
Both set to prerouting972×206 6.08 KB

using these rules:-

iptables -t mangle -A PREROUTING -p all --dst 192.168.1.18 -j DSCP --set-dscp-class CS5
iptables -t mangle -A PREROUTING -p all --src 192.168.1.18 -j DSCP --set-dscp-class CS5

However, changing the top rule to POSTROUTING so the rules become:-

iptables -t mangle -A POSTROUTING -p all --dst 192.168.1.18 -j DSCP --set-dscp-class CS5
iptables -t mangle -A PREROUTING -p all --src 192.168.1.18 -j DSCP --set-dscp-class CS5

Wireshark shows DSCP CS5 with ip.dst == 192.168.1.18 set in the dispplay filters.

To see the DSCP packets PS4 > internet

On my 24-port switch I've set port 12 (the PS4) to Tx and set port 14 to Rx. With ip.addr == 123.456.789.010 (dummy public IP address) in Wireshark I'm able to see CS5 under the DSCP column.

26

Right, that make sense, NAT occurs after PREROUTING, so POSTROUTING is the appropriate place for the --dst rule

27

hello everybody i would make the rules directly in luci with traffic rules possible you think ?

and wan to lan

i don't know if i put squash and ignore dscp on my lan and not my wan ...

i use sqm on lan and wan to egress and ingress thanks in advance for your response

28

Good information in this topic to my setup but im using edgeswitch, at the moment i only see dscp tags on egress side..

Read and test :thinking: :joy:

2021-09-16 (3)
2021-09-16 (3)1920×1080 212 KB

2021-09-16 (2)
2021-09-16 (2)1920×1080 201 KB

2021-09-16 (1)
2021-09-16 (1)1920×1080 210 KB

29

I have try but i cant tag downstream

2021-09-19 (1)
2021-09-19 (1)1920×1080 136 KB

2021-09-19
2021-09-191920×1080 140 KB

If anyone can help, tha acl as more settings but is hard to config, the diffserv is a lit simple but i cant set tag for downstream

30

Same here.

Here is my current setup on OpenWrt
Openwrt Interfaces:

image
image687×595 23.6 KB

Switch VLAN Setup:

image
image843×552 22.7 KB

image
image893×865 44.8 KB

image
image673×617 6.81 KB

image
image777×629 7.45 KB

image
image997×713 48.5 KB

Switch QoS Scheme:
image
image837×547 7.65 KB

image
image1037×591 22.6 KB

image
image1025×877 34.1 KB

Cable Logistics:

  • Port 1 on switch connects to Cable Modem VLAN20(WAN-eth0.20).
  • Port 2 on switch connects to Openwrt Modem VLAN1(Management-eth0.1) and VLAN10(LAN-eth0.10)
  • Port 3-24 LAN ports.

My question:

What are the best practices to configure QoS (either can be on switch or SQM with Openwrt)?

1 Like