Help me with best trafic shaping setup for my network

Can you guide me how to add QoS or best traffic shaping to my setup. There are many models in documentation . Please guide me so that I can control traffic.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "TP-Link Archer C6 v2 (EU/RU/JP)",
        "board_name": "tplink,archer-c6-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fded:70e0:222b::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config interface 'guest'
        option proto 'static'
        option ipaddr '192.168.3.1'
        option netmask '255.255.255.0'

config interface 'wwan'
        option proto 'dhcp'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel 'auto'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '3'
        option country 'IN'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'NiMeConnect'
        option encryption 'psk2'
        option key 'de!&FVM5nWuBXZ9rhfXd'
        option ieee80211r '1'
        option nasid '12323'
        option mobility_domain '123b'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel 'auto'
        option band '2g'
        option htmode 'HT40'
        option country 'IN'
        option cell_density '3'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'NiMeConnect'
        option encryption 'psk2'
        option key 'de!&FVM5nWuBXZ9rhfXd'
        option ieee80211r '1'
        option nasid '12333'
        option mobility_domain '123b'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'NiMeConnect-Guest'
        option encryption 'psk2'
        option network 'guest'
        option key 'NiMe@Guest'
        option ieee80211r '1'
        option nasid '12345'
        option mobility_domain 'abc1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option isolate '1'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'NiMeConnect-Guest'
        option encryption 'psk2'
        option isolate '1'
        option key 'NiMe@Guest'
        option ieee80211r '1'
        option nasid '12344'
        option mobility_domain '123a'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option wpa_disable_eapol_key_retries '1'
        option network 'guest'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'NISHANT-5G'
        option encryption 'psk2'
        option key '302285408'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '1h'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'guest'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option name 'GuestDNS'
        option src 'guest'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'GuestDHCP'
        list proto 'udp'
        option src 'guest'
        option dest_port '67'
        option target 'ACCEPT'

Perform Waveform bufferbloat test to have a baseline. Post screenshot.

Disable firewall offloading, both software and hardware.

Install luci-app-sqm. Log out and in.

Find SQM in menus.
Set speeds to 85% of what you got from the first test.
In the second tab choose cake and pieceofcake.

Save and test again. Post results. If bloat is 0, increase speeds by some amount and test again. If bloat isn’t acceptable, reduce speed. Share your findings.

Thanks for reply. But I am kind of new. So could be please be specific how to get things done. Thanks in advance


From fast.com

No problem. Feel free to ask as many questions as you like. Use your search engine, like Google or StartPage to find the Waveform bufferbloat test.

You can disable offloading in Network -> firewall settings in the first tab. If software offloading is disabled, then hardware offloading is off as well.

I used fast.com. that's fine for bufferfloat right?

Its off only. I turned the download speed to 95000kbps and upload to 10000kbps. Now what ?

Choose eth0.2 wan.

This is the speed after enabling

I need to enable QoS for all wireless or? Can I choose guest wifi? Basic aim is QoS with brainy allocation in my main network with Max speed. And QoS with limited speed like 50 percentage speed limited for guest wifi

I prefer more detailed tests. Use your search engine, like Google or StartPage to find the Waveform bufferbloat test.

1 Like

Let’s sort out your wan interface first and then we can think about limiting guest network.

1 Like