I mean paste the content of /etc/config/sqm here, i will edit this file, then you will copy/paste the new config into
the older one.
you can download winscp to easily edit config files.
Ok...thanks...but today I'm not home...as soon as I get home I'm attaching you 
Here's what you asked me...sorry for the delay, I had a difficult weekend...thank you 
config queue 'eth1'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option script 'piece_of_cake.qos'
option linklayer 'ethernet'
option enabled '1'
option interface 'eth1.2'
option qdisc_advanced '1'
option squash_dscp '1'
option squash_ingress '1'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option iqdisc_opts 'nat dual-dsthost'
option eqdisc_opts 'nat dual-srchost'
option overhead '26'
option upload '20000'
option download '100000'
In light of this your download limit of 100000 seems a bit high.
Also try adding ingress to to the ingress qdisc options, that will make the link slightly more robust against concurrent bulk downloads, at the cost of a bit of bandwidth, but that sacrifice is dynamically scaled....
With this value, however, I managed to get a better test, 97/18...even to me it seemed strange...but maybe it happens because the theoric speed of my line is 108/22 
Speed test performance is variable to begin with. It's particularly true when you've got fast speeds and connected via a shared medium, for example cable DOCSIS can be congested on the local line. GPON which is the technology in use for Fiber To The Premises (FTTP) is also a shared medium where optical splitters mix the optical signals into a single stream. I find that time of day affects my real world speed. Because of that I set my speeds to something that is achievable basically all the time. I have gigabit fiber but I set 700Mbps in order to be sure that I'm not affected when my neighbors are all home loading up Netflix or YouTube. It still isn't perfect, I find sometimes speeds as low as 350Mbps on dslreports.
Speed tests on other speed test sites are often rigged, the ISPs run a speed test server inside their network, and so you're measuring just the connection from your house to the server closet in your town, or the ISP will detect the traffic to a known list of IPs and prioritize it to make it seem like you have high speeds when other non-prioritized traffic would be less fast.
1 Like
I hope you are ok.
config queue 'wan'
option ingress_ecn 'ECN'
option egress_ecn 'ECN'
option enabled '1'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option qdisc_advanced '1'
option qdisc_really_really_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option download '0'
option script 'layer_cake.qos'
option linklayer 'ethernet'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option interface 'eth1.2'
option linklayer_adaptation_mechanism 'cake'
option overhead '26'
option tcMPU '84'
option upload '20000'
option iqdisc_opts 'diffserv8 dual-dsthost'
option eqdisc_opts 'diffserv8 dual-srchost egress'
config queue
option debug_logging '0'
option verbosity '5'
option ingress_ecn 'ECN'
option tcMTU '2047'
option tcTSIZE '128'
option enabled '1'
option download '0'
option qdisc 'cake'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option egress_ecn 'ECN'
option qdisc_really_really_advanced '1'
option linklayer 'ethernet'
option linklayer_advanced '1'
option linklayer_adaptation_mechanism 'cake'
option script 'layer_cake.qos'
option interface 'veth0'
option upload '95000'
option overhead '50'
option tcMPU '84'
option iqdisc_opts 'diffserv8 dual-srchost'
option eqdisc_opts 'diffserv8 dual-dsthost ingress'
*Note: this settings for testing, we may need to change it later, don't forget to rename the old sqm config to
something like sqm.bak.
Create a new empty file and name it qos.sh "you can create this file using winscp by right click then new file" then place it at /etc/config/
then from terminal run the following command:
chmod 775 /etc/config/qos.sh.
then open qos.sh and paste the following:
IPT="iptables"
## set up a pair of veth devices to handle inbound and outbound traffic
ip link show | grep veth0 || ip link add type veth
## get new veth interfaces up
ip link set veth0 up
ip link set veth1 up
## trun on promisc mode,sometimes it's needed to make bridge work
ip link set veth1 promisc on
## add veth1 to bridge
brctl addif br-lan veth1
## just to make sure there's nothing inside those 2 tables
ip rule del priority 100
ip route flush table 100
##ipset for streming sites.they are bening filled by dnsmasq
ipset create vidstream hash:ip
ipset create usrcdn hash:ip
ipset create bulk hash:ip
ipset create latsens hash:ip
## flush mangle table
$IPT -t mangle -F PREROUTING
## add routing for veth0 this will handle all slow traffic
ip route add default dev veth0 table 100
ip rule add iif eth1.2 table 100 priority 100
########################################
# Latency Sensitive (gaming/voip)
########################################
##ICMP, to prioritize pings
$IPT -t mangle -A PREROUTING -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings"
$IPT -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class CS5
#DNS traffic both udp and tcp
$IPT -t mangle -A PREROUTING -p udp -m multiport --port 53,123,5353 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp and NTP"
$IPT -t mangle -A POSTROUTING -p udp -m multiport --port 53,123,5353 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp and NTP by router"
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 53,5353 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp"
$IPT -t mangle -A POSTROUTING -p tcp -m multiport --port 53,5353 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp by router"
#A robust 2 rules to detect realtime traffic
$IPT -t mangle -A PREROUTING -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 120/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"
$IPT -t mangle -A PREROUTING -p udp -m connmark ! --mark 0x55 -m conntrack --ctorigsrc 10.10.10.0/24 -m multiport ! --ports 53,5353,80,443,8080,60887 -m connbytes --connbytes 0:700 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection"
$IPT -t mangle -A POSTROUTING -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 120/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"
$IPT -t mangle -A POSTROUTING -p udp -m connmark ! --mark 0x55 -m conntrack --ctorigsrc 10.10.10.0/24 -m multiport ! --ports 53,5353,80,443,8080,60887 -m connbytes --connbytes 0:700 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection"
########################################
# Streaming Media (videos/audios)
########################################
#Known video streams sites like youtube,netflix
$IPT -t mangle -A PREROUTING -m set --match-set vidstream src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "vidstream ipset"
$IPT -t mangle -A POSTROUTING -m set --match-set vidstream src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "vidstream ipset"
# some iptv provider's use this port
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 1935 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service"
$IPT -t mangle -A POSTROUTING -p tcp -m multiport --port 1935 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service"
##set dscp tag for our ipset usrcdn #those cdn's have an isolated speeds by my ISP
$IPT -t mangle -A PREROUTING -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset"
$IPT -t mangle -A POSTROUTING -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset"
########################################
# Best Effort (browsing/services)
########################################
#Small packet is probably interactive or flow control
$IPT -t mangle -A PREROUTING -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3
$IPT -t mangle -A POSTROUTING -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3
#Small packet connections: multi purpose (don't harm since not maxed out)
$IPT -t mangle -A PREROUTING -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3
$IPT -t mangle -A POSTROUTING -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3
#########################################
# Background Traffic (Bulk/file transfer)
#########################################
#bulk traffic ipset, like windows udates and steam updates/downloads
$IPT -t mangle -A PREROUTING -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
$IPT -t mangle -A POSTROUTING -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
#A robust rule to detect downloads/uploads and torrents!
$IPT -t mangle -A PREROUTING -p tcp -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 #-m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887,27014:27050 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1 #60887 bittorrent
$IPT -t mangle -A POSTROUTING -p tcp -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 #-m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887,27014:27050 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1 #60887 bittorrent
$IPT -t mangle -A PREROUTING -p udp -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 #-m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1
$IPT -t mangle -A POSTROUTING -p udp -m dscp ! --dscp 16 -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 #-m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1
go to /etc/config/network and add the following at the end:
config interface 'QOS'
option proto 'none'
option ifname 'veth0'
option auto '1'
after that go to /etc/dnsmasq.conf open the file then add the following at the end:
##video/audio streams
# Youtube is also isolated by my isp
ipset=/googlevideo.com/*.googlevideo.com/vidstream
# NetFlix
ipset=/nflxvideo.net/vidstream
# AmazonVideo
ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/vidstream
# Facebook
ipset=/fbcdn.net/vidstream
# Twitch
ipset=/ttvnw.net/vidstream
# VeVo
ipset=/vevo.com/vidstream
# Spotify
ipset=/audio-fa.scdn.cot/vidstream
# Deezer
ipset=/deezer.com/vidstream
# SoundCloud
ipset=/sndcdn.com/vidstream
# last.fm
ipset=/last.fm/vidstream
#reddit videos
ipset=/v.redd.it/vidstream
#twitch.tv
ipset=/ttvnw.net/vidstream
##i have isolated speed for those cdn's
ipset=/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn
## Bulk downloads
#qq download
ipset=/download.qq.com/bulk
# Steam Download
ipset=/steamcontent.com/bulk
# PSN Download
ipset=/gs2.ww.prod.dl.playstation.net/bulk
# DropBox
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk
# Google Drive
ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk
# Google Docs
ipset=/docs.google.com/docs.googleusercontent.com/bulk
# PlayStore Download
ipset=/gvt1.com/bulk
# WhatsApp Files
ipset=/mmg-fna.whatsapp.net/bulk
# Youtube Upload
ipset=/upload.youtube.com/upload.video.google.com/bulk
# WindowsUpdate
ipset=/windowsupdate.com/update.microsoft.com/bulk
*don't forget to save after editing.
Let me know if you done everything!
On a "static" bandwidth VDSL2 link I would advise caution when using autorate-ingress, although similar in name it is quite different from the recommended ingress keyword that I would use instead.
Best Regards
1 Like
I did not understand what you mean 
I am talking about the /etc/config/sqm that @hisham2630 posted. In his iqdisc_opts line it reads autorate-ingress, but in your case this will not be helpful, you should use just ingress. Hope that helps...
Yesterday I had an upgrade of the line, from 100 mega to 200 mega from my provider...so now the speed detected is 200/20...now the bufferbloat seems to have improved even with the provider's modem, without Linksys with openwrt
How can I edit the files posted above?
Well, openwrt by default comes with a vi editor (as part of busybox, IIRC). Now, vi is not very intuitive, so I always install nano which is a simpler editor that is easier to use (it shows the edit special function key mapping at the bottom of the screen, unlike vi where you need to memorize everything).
Log into your router via ssh:
opkg update ; opkg install nano
This should do the trick, Then just use:
nano /etc/config/sqm
and you should be fine. Note you can/should also use nano to edit the other files @hisham2630 recommended, if you want to test his approach.
Now in all honesty, I expect pure internal-ip-address isolation to work much better at 200 Mbps than at 100 Mbps so I would certainly test whether you are not sufficiently happy with the current situation. Finally I would try to replace the plc/powerlan devices with an ethernet cable, as PLC is known to not harmonize well with VDSL especially not with the vectoring varieties of VDSL....
I just remove it.
I f you are on windows, you can just use WinScp this will make things much easier!
@hollywood_jack
only /etc/config/sqm is changed others things are still the same!
config queue 'wan'
option ingress_ecn 'ECN'
option egress_ecn 'ECN'
option enabled '1'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option qdisc_advanced '1'
option qdisc_really_really_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option download '0'
option script 'layer_cake.qos'
option linklayer 'ethernet'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option interface 'eth1.2'
option linklayer_adaptation_mechanism 'cake'
option overhead '26'
option tcMPU '84'
option upload '20000'
option iqdisc_opts 'diffserv8 dual-dsthost'
option eqdisc_opts 'diffserv8 dual-srchost egress'
config queue
option debug_logging '0'
option verbosity '5'
option ingress_ecn 'ECN'
option tcMTU '2047'
option tcTSIZE '128'
option enabled '1'
option download '0'
option qdisc 'cake'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option egress_ecn 'ECN'
option qdisc_really_really_advanced '1'
option linklayer 'ethernet'
option linklayer_advanced '1'
option linklayer_adaptation_mechanism 'cake'
option script 'layer_cake.qos'
option interface 'veth0'
option upload '195000'
option overhead '50'
option tcMPU '84'
option iqdisc_opts 'diffserv8 dual-srchost'
option eqdisc_opts 'diffserv8 dual-dsthost ingress'
don't forget to install Winscp if your using windows on your PC, this will make editing and backup files much
easier!
I cannot use an ethernet cable, the MAG is far from the router 
However, I found that if I do now a speedtest directly on the MAG I detects 70/80 Mbps, while if attacking the same cable to another device, a laptop for example, the speed is 170 Mbps...then looking on the internet I read that it happens to all MAG 256 devices, It's not a problem of the powerlan
I cannot use an ethernet cable, the MAG is far from the router
Why "option upload '195000'? This is my download speed? If I would to try other settings, with different speeds (my VDSL speed), just change this value?
Hahah, i know but when using veth interface, upload will be download, eth1.2 will handle upload, and veth0 will handle download on egress!(simple explanation), and ingress for both interfaces we set it 0.
1 Like
I can explain this ;). If you look at the two sqm instances in @hisham2630's example configurations, you see that instead of configuring both upload and download bandwidth they only configure upload shaping.
How does this work, you might ask?
Well, sqm always interprets ingress/download and egress/upload from the view of the actual interface and not from the perspective of the enduser who mostly is interested in internet-down-/up-load. On an interface that is directed towards the internet (like openwrt's wan) interface and internet directionality are aligned, but on the veth0 interface they are switched as that interface (from the kernel's perspective) does not face the internet but the LAN. And packets from the internet (so ingress packets on wan) will be routed to the veth and send out towards the LAN and hence qualify as egress/upload from sqm's perspective. This is unfortunately not something we can fix or autodetect, without taking away from sqm's configurability.
Best Regards
1 Like
Ah come on, ethernet cables can be up to 100m 
(And there are also nice flat ethernet cables available at ready made length in the crazy range like 50m https://www.amazon.de/dp/B0167KR4UU)