I've got a Linksys EA8300 router with openWRT since a couple of days and was able to add some really nice features I was missing before. One Feature I'm still missing is to (de-)prioritize traffic.
My Setup: I've got a server which runs a media server and a torrent client, my openwrt router is running Wireguard. I can not connect to the media server directly from the internet, I have to VPN (wireguard) into my home network. Also I've got 2 gaming PCs and as every one else some WiFi devices. So, every upload streaming traffic will go via wireguard.
What I want: If there is an upload on torrent ongoing and there is any other upload traffic (video streaming/gaming/surfing) I want, that the other traffic always gets priority. Not only to reduce ping for gaming, but also to make sure, that if there is (upload) streaming going on I'll get a stable video connection.
It's hard for me so find a good solution, and I only found few tutorials which were a bit helpful for my problem. I read about layer.cake, but couldn't figure out how and where to specify which traffic gets priority over which. Cake in general would only help for the lags in gaming, but not help that my wife can watch her TV shows when she's traveling.
I hope I could explain myself clearly and looking forward for Ideas.
As a first measure read https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm-details and try to follow the "sing and dance" section to configure per-internal-IP-fairness. This might not solve your problem completely but should give you a better starting position for your optimization work.
Do this, test your traffic and report back on the issues you still encounter.
Than you for your quick answer, du to unexpected visitors (the good kind) I didn't find the time to look into the forum.
I will read the document you provided, I already had a quick check and that's a lot to chew on.
I run a layer_cake config for QoS and use the rules shown below to lower the priority of a handful of very chatty IoT devices. The power monitors in particular account for nearly 50% of my outbound packet count. So lowering them into the bulk tin is potentially helpful in unclogging the best-effort tin on egress.
I use MAC addresses to identify the source devices, as that is more durable than IPs.
Note that you must adjust the interface to match your WAN, so if your hardware WAN is eth1, the replace eth0.2 for eth1 on the relevant lines.
This gets pasted in the Network->Firewall, Custom Rules sub-tab page. Paste it below any existing rules/comments.
Requirements: OpenWRT 18.x or newer, with sqm enabled with layer_cake option.
# This rule lowers the priority of traffic coming from IoT devices
# Push it all into the bulk tin
# remember to change the MAC address below to match your unit(s), and adjust the interface (eth0.2) for your HW
# Identify outbound traffic from the IoT unit(s) and connmark the connection with the value 88
# Neurio / PWRview monitor 1
iptables -t mangle -A FORWARD -o eth0.2 -p all -m mac --mac-source C4:7F:51:01:A3:A5 -j CONNMARK --set-mark 88
# Neurio / PWRview monitor 2
iptables -t mangle -A FORWARD -o eth0.2 -p all -m mac --mac-source C4:7F:51:01:98:6A -j CONNMARK --set-mark 88
# Anova SousVide
iptables -t mangle -A FORWARD -o eth0.2 -p all -m mac --mac-source 4C:24:98:88:F0:0D -j CONNMARK --set-mark 88
# LG Dryer
iptables -t mangle -A FORWARD -o eth0.2 -p all -m mac --mac-source 2C:2B:F9:A0:4A:62 -j CONNMARK --set-mark 88
# Identify outbound packets on connections with a connmark of "88",
# and tag the packets with DSCP 8 (CS1) so they land in the bulk tin
iptables -t mangle -A FORWARD -o eth0.2 -m connmark --mark 88 -j DSCP --set-dscp 8
Thank you, that's also awesome, unfortunately I can't use the mac nor the IP as filter criteria. Because The Torrent and the Media Server are runnig on the same device. Whereas Torrent has no Priority, but Mediaserver has the highest priority.
But if you could let me know where to enter des rules, this would be extremely helpfull for me, because this was one of the things I was never able to find out in all the tutorials I read. They all would say "now we use these filter rules" but never mentioned where...
Well, if you just target the BT ports, then you should be able to de-prioritize BT outgoing traffic without affecting anything else from that machine.
# Target the ports used by BitTorrent, use the MAC of the machinne running BT
# do it for TCP and UDP
iptables -t mangle -A FORWARD -o eth0.2 -p tcp -m mac --mac-source [MACOFBTPC] -m tcp -m multiport --sports 6981,4433 -m comment --comment "BT de-prio"-j CONNMARK --set-mark 88
iptables -t mangle -A FORWARD -o eth0.2 -p udp -m mac --mac-source [MACOFBTPC] -m tcp -m multiport --sport 6981 -m comment --comment "BT de-prio udp"-j CONNMARK --set-mark 88
#since a PC might be using IPV6, also tag on the IPV6 tables
ip6tables -t mangle -A FORWARD -o eth0.2 -p tcp -m mac --mac-source [MACOFBTPC] -m tcp -m multiport --sports 6981,4433 -m comment --comment "BT de-prio"-j CONNMARK --set-mark 88
ip6tables -t mangle -A FORWARD -o eth0.2 -p udp -m mac --mac-source [MACOFBTPC] -m tcp -m multiport --sport 6981 -m comment --comment "BT de-prio udp"-j CONNMARK --set-mark 88
Note: untested, as I don't do BT.
Please carefully re-read my original post, instructions are there.
Please note that this will only control the outgoing torrents you, incoming torrents will be seen by iptables after sqm/cake are done with them, to remark incoming packets have a look at https://forum.openwrt.org/t/ultimate-sqm-settings-layer-cake-dscp-marks-new-script/53209/142...
Personally I would try to move the torrent stuff on to a raspberry pi or something and the cake's per-internal-IP fairness will solve all of this quite elegantly
TopDog, thank you, I really was expecting to have to edit a file in the FS, not in LUCI, so I didn't quite understand that. And knowing that now, I might have didn't see that in the tutorials, I'm so sorry!
moeller0, thank you, I'm aware of the incoming traffic, this is not an issue, that is something that nearly never saturates for me. Also this is something I can control easily myself on the server. I considdered running the torrent stuff in a VM, this way I could achieve the same thing as with a raspberry pi. But to be honest, I don't like both solutions too much. As a solution if everything else fails I will consider it, but right now I want to learn that stuff, even though it will be a pain in the...
Thank you both for your help, I will start reading and working on this topic, right now all questions are answered.
Mmmh, if you are happy with egress only and if you are using windows, you could use windows built-in machanisms to set the desired dscp mark for the torrent executable, see for example https://wiki.innovaphone.com/index.php?title=Howto:Set_Type_of_Service_%28ToS%29_DiffServ_DSCP_Values_for_innovaphone_Windows_Applications_%28SoftwarePhone%2C_myPBX_Video%29. The SetQosPolicy comandlet should work, please note that you do not even need to specify protocol or ports.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.