Qosify: new package for DSCP marking + cake

it is configured by default to diffserv4 in the /etc/config/qosify

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 16mbit
	option bandwidth_down 56mbit
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4 # <--------- here
	option nat 1
	option host_isolate 1
	option autorate_ingress 1
	option ingress_options ""
	option egress_options ""
	option options ""
1 Like

thank you, I am going to change it to diffserv4

cat /etc/config/qosify


config defaults
        list defaults /etc/qosify/*.conf
        option dscp_icmp +besteffort
        option dscp_default_tcp default_class
        option dscp_default_udp default_class

config class default_class
        option ingress CS1
        option egress CS1
        option prio_max_avg_pkt_len 1270
        option dscp_prio CS4
        option bulk_trigger_pps 600
        option bulk_trigger_timeout 10
        option dscp_bulk CS1

config class browsing
        option ingress CS0
        option egress CS0
        option prio_max_avg_pkt_len 575
        option dscp_prio AF41
        option bulk_trigger_pps 1000
        option bulk_trigger_timeout 10
        option dscp_bulk CS1

config class bulk
        option ingress CS1
        option egress CS1

config class besteffort
        option ingress CS0
        option egress CS0

config class network_services
        #option ingress CS2
        #option egress CS2
        option ingress CS4
        option egress CS4

config class broadcast_video
        option ingress CS3
        option egress CS3

config class gaming
        option ingress CS4
        option egress CS4

config class multimedia_conferencing
        option ingress AF42
        option egress AF42
        option prio_max_avg_pkt_len 575
        option dscp_prio AF41

config class telephony
        option ingress EF
        option egress EF

config interface wan
        option name WAN
        option disabled 0
        option bandwidth_up 18mbit
        option bandwidth_down 34mbit
        option overhead_type bridged-ptm
        # defaults:
        option ingress 1
        option egress 1
        option mode diffserv8
        option nat 1
        option host_isolate 1
        option autorate_ingress 0
        option ingress_options ""
        option egress_options ""
        option options "ether-vlan"

config device wandev
        option disabled 1
        option name wan
        option bandwidth 100mbit

@neil1 I would recommend trying with a simpler config.

The config you are using sets the default class for traffic to CS 1 (BULK / deprioritized) and then uses automated rules based on packet size to prioritize things again.

This is great when it manages to prioritize the right packets, but it can fail really badly if something is not prioritized, because those packets end up being in the lowest priority class.

And that could be the problem you are facing now too.

Additionally, most of these rules seem to be based on ideas for routers that had very basic QoS features and didn't support fq_codel or cake SQM.

But imho that's not necessary with cake. In most cases and for most users, once you configure cake correctly, it just works in most situations.

That's because both cake and fq_codel already implement many similar tweaks and their implementations are likely infinitely better than whatever rules someone can add to QoSify.

So there isn't really any further need for tweaking necessary on that level.

But if you do want to prioritize or deprioritize certain traffic (such as video conferencing or gaming), then this package is an excellent choice.

But imho it's best to keep it as close as possible to "vanilla cake".

With that out of the way, here is my config that has been working very well for me so far. It shouldn't have any unexpected side-effects.

/etc/config/qosify

config defaults
	list defaults /etc/qosify/*.conf

	# Don't override DSCP classes
	# If none of the rules in `/etc/qosify/*.conf` apply,
	# keep the DSCP class the application (egress) or ISP (ingress) set.
	# option dscp_icmp besteffort
	# option dscp_default_tcp besteffort
	# option dscp_default_udp besteffort

config class bulk
	# Traffic that you want to be deprioritized, such as torrents
	# or large downloads.
	option ingress CS1
	option egress CS1

config class bulk_upload_only
	# Traffic where you only want to deprioritize uploads, such as
	# backup software or photo cloud syncing.
	option ingress CS0
	option egress CS1

config class besteffort
	# The default class for traffic that is neither prioritized
	# nor deprioritized.
	#
	# Most traffic should go in here.
	option ingress CS0
	option egress CS0

config class video_broadcast
	# Used for priority uploads like live streams, such as YT live
	# or twitch UPLOADS.
	#
	# Shouldn't be used for streaming sites like Netflix, because the video
	# class is used for gaming too and the streaming sites would take away
	# gaming bandwidth.
	#
	# Therefore streaming sites should stay in besteffort.
	option ingress CS3
	option egress CS3

config class video_network_sparse
	# Used for services that should be prioritized while they are
	# transmitting a small amount of data, but deprioritized as
	# soon as they transmit a lot of data.
	#
	# Example:
	#   - SSH shell prioritized
	#   - SFTP transfer deprioritized
	#
	# Currently not working properly due to `bulk_trigger_timeout` issue.
	option ingress CS3
	option egress CS3

	# If many packets come in quick succession,
	# put the traffic back into best effort.
	option bulk_trigger_pps 100
	option bulk_trigger_timeout 5
	option dscp_bulk CS0

config class video_network
	# Used for low latency network services like Remote Desktop (RDP)
	option ingress CS3
	option egress CS3

config class video_gaming
	# Should be used for online games and
	# game streaming services like GeForce Now.
	option ingress CS4
	option egress CS4

config class video_conferencing
	# Can be used for VIDEO conferencing, such as
	# Zoom Video.
	#
	# But practically, I would put all
	# video/audio calls into voice_telephony to give
	# them a higher priority than gaming.
	option ingress AF42
	option egress AF42

config class voice_telephony
	# Theoretically, this should be used for audio calls only.
	# But practically you can't distinguish between audio and
	# video streams for most conferencing apps.
	#
	# Therefore, to prioritize conferencing above games,
	# this class should be used for all audio/video
	# conferencing.
	option ingress EF
	option egress EF

config class voice_network
	# Can be used for low bandwidth, high priority network services
	# like DNS.
	option ingress CS6
	option egress CS6

	# If many packets come in quick succession,
	# put the traffic back into best effort
	option bulk_trigger_pps 100
	option bulk_trigger_timeout 5
	option dscp_bulk CS0

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 20mbit
	option bandwidth_down 110mbit
	option overhead_type "ethernet"
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 0

	# Make sure to no add wash to these options
	# if you want to be able to verify DSCP maks
	# when sniffing the traffic.
	option ingress_options ""
	option egress_options ""
	option options "ether-vlan"

/etc/qosify/00-defaults.conf

#
# Bulk Tin
#


# Apple iCloud
# iCloud Photos and Backup
# Status: Partially working
#   Sometimes Apple is using non-Apple cloud storage services, such as
#   Google Cloud (GCS) and Amazon Cloud (AWS).
#
#   For GCS the hosts seem to be unique to Apple, but the AWS hosts are
#   not. Therefore not all uploads are properly marked.
dns:*.icloud-content.com                            bulk_upload_only
dns_c:*.icloud-content.com                          bulk_upload_only
dns:gcs-*.content-storage-upload.googleapis.com     bulk_upload_only
dns:gcs-*.content-storage-download.googleapis.com   bulk_upload_only

# Apple App Store
# Status: Tested
dns:osxapps.itunes.apple.com  bulk
dns:iosapps.itunes.apple.com  bulk

# Apple Software Updated
# Status: Tested on macOS, but not on iOS
dns:swcdn.apple.com           bulk
dns:updates.cdn-apple.com     bulk
dns:*.swcdn.apple.com         bulk
dns:*.aaplimg.com             bulk
dns:*.apple.com.akadns.net    bulk

# Microsoft Onedrive
# Status: Tested
#  - Also works for ArqBackup uploads to Onedrive
dns:*1drv*                 bulk_upload_only
dns:*onedrive*             bulk_upload_only
dns:*.storage.live.com     bulk_upload_only

# Microsoft (Download)
# Status: Not Tested
dns:*backblaze*            bulk_upload_only
dns:*backblazeb2*          bulk_upload_only
dns:*ms-acdc.office*       bulk_upload_only
dns:*sharepoint*           bulk_upload_only
dns:*update.microsoft*     bulk
dns:*windowsupdate*        bulk

# MEGA (Download)
# Status: Tested
dns:*mega*                 bulk

# Dropbox
# Status: Not Tested
dns:*dropboxusercontent*   bulk

# Google
# Status: Not Tested
dns:*drive.google*         bulk
dns:*googleusercontent*    bulk

# Steam (Download)
# Status: Tested
dns:*steamcontent*         bulk

# Epic Games (Download)
# Status: Not Tested
dns:*download.epicgames*   bulk
dns:*download2.epicgames*  bulk
dns:*download3.epicgames*  bulk
dns:*download4.epicgames*  bulk
dns:*epicgames-download1*  bulk

# BitTorrent
# Status: Not Tested
tcp:6881-7000    bulk
tcp:51413        bulk
udp:6771         bulk
udp:6881-7000    bulk
udp:51413        bulk

# Usenet
# Status: Not Tested
tcp:119          bulk
tcp:563          bulk

#
# Best Effort Tin
#

# Nothing here, because traffic is put here by default

#
# Video Tin
#

# SSH
#   - Prioritize shell traffic
#   - But keep SFTP traffic in best effort
#
# Status: Tested, but not working properly properly due to
# `bulk_trigger_timeout` issue.
tcp:22    video_network_sparse

# Microsoft Remote Desktop (RDP)
# Status: Tested
tcp:3389        video_network
udp:3389        video_network

# Parsec - Remote Desktop
# Status: Not Tested
udp:8000-8010   video_network
udp:9000        video_network

# TeamViewer - Remote Desktop
# Status: Not Tested
tcp:5938         video_network
udp:5938         video_network

# Live Streaming to YouTube Live, Twitch, Vimeo and LinkedIn Live
# Status: Not Tested
tcp:1935-1936    video_broadcast
tcp:2396         video_broadcast
tcp:2935         video_broadcast

# GeForce Now
# Status: Tested
tcp:49006       video_gaming
udp:49003-49006 video_gaming
dns:cloudmatchbeta.nvidiagrid.net video_gaming
dns:*.cloudmatchbeta.nvidiagrid.net video_gaming

# Stadia
# Status: Not Tested
tcp:44700-44899		video_gaming
udp:44700-44899		video_gaming

# Boosteroid (Game streaming service like GeForce Now)
# Status: Tested
dns:cloud.boosteroid.com video_gaming
dns:*.cloud.boosteroid.com video_gaming

# Xbox
# Status: Not Tested
tcp:3074         video_gaming
udp:88           video_gaming
#udp:500         video_gaming # UDP port already used in "VoWiFi" rules
udp:3074         video_gaming
udp:3544         video_gaming
#udp:4500        video_gaming # UDP port already used in "VoWiFi" rules

# PlayStation
# Status: Not Tested
tcp:3478-3480    video_gaming
#udp:3478-3479   video_gaming # UDP ports already used in "Zoom" rules

# Call of Duty
# Status: Not Tested
#tcp:3074        video_gaming # TCP port already used in "Xbox" rules
tcp:3075-3076    video_gaming
#udp:3074        video_gaming # UDP port already used in "Xbox" rules
udp:3075-3079    video_gaming
udp:3658         video_gaming

# FIFA
# Status: Not Tested
tcp:3659         video_gaming
udp:3659         video_gaming

# Minecraft
# Status: Not Tested
tcp:25565        video_gaming
udp:19132-19133  video_gaming
udp:25565        video_gaming

# Supercell Games
# Status: Not Tested
tcp:9339         video_gaming
udp:9339         video_gaming


#
# Voice Tin
#

# Telephony
# Zoom, Microsoft Teams, Skype, FaceTime and WhatsApp Calls
# (they use these same ports).
# Status: Tested for
#   - Whatsapp
#   - FaceTime (With additional ports)
udp:3478-3497   +voice_telephony

# Zoom
# Status: Tested
dns:*.zoom.us   +voice_telephony
tcp:8801-8802       +voice_telephony
udp:8801-8810       +voice_telephony

# Skype
# Status: Not Tested
dns:*skype*      +voice_telephony

# FaceTime
# Status: Tested with macOS 12.6 to iOS 16 FT
# udp:3478-3497   voice_telephony  # Ports already used in "Telephony" rules
udp:16384-16387 +voice_telephony
udp:16393-16402 +voice_telephony

# GoToMeeting
# Status: Not Tested
udp:1853         +voice_telephony
udp:8200         +voice_telephony

# Webex Meeting
# Status: Not Tested
tcp:5004         +voice_telephony
udp:9000         +voice_telephony

# Jitsi Meet
# Status: Not Tested
tcp:5349         +voice_telephony
udp:10000        +voice_telephony

# Google Meet
# Status: Tested
udp:19302-19309  +voice_telephony

# Voice over Internet Protocol (VoIP)
# Status: Not Tested
tcp:5060-5061    +voice_telephony
udp:5060-5061    +voice_telephony

# Voice over WiFi or WiFi Calling (VoWiFi)
# Status: Not Tested
udp:500          +voice_telephony
udp:4500         +voice_telephony

So, considering trying to take that config and remove all the rules that are not important on your network. Then add the ports for your games and then see how it goes.

Additionally, I would also recommend installing wireshark and then follow my instructions in my previous post on how to verify if the prioritization works by sniffing the traffic.

6 Likes

If your get 34 down/18 up from your isp it’s advised to set your download and upload speeds to 85-95% of those numbers.

What game were you playing when your ping was stuck at 999? Are you on pc or console?

Since yesterday I am now using diffserv4 instead of diffserv8 and so far, it's working fine. And in wireshark I am seeing class selector 1, class selector 4 and default for DSCP marking.

I was playing warthunder Europe server. Normal ping is 150-200ms. And PC

Hello, I would like help to lower priority to 12 Wi-Fi devices that are home automation and prioritize 2 computers, 1 console and 2 cell phones, I want all the traffic from the two computers to have the highest priority, because they work on these, the IPs of the two computers are 192.168.1.100 and 192.168.1.215.

That is my config:

config defaults
	list defaults /etc/qosify/*.conf
	option dscp_icmp +besteffort
	option dscp_default_tcp unmarked_traffic
	option dscp_default_udp unmarked_traffic

config class unmarked_traffic
	option ingress CS1
	option egress CS1
	option prio_max_avg_pkt_len 1256
	option dscp_prio CS4
	option bulk_trigger_pps 600
	option bulk_trigger_timeout 4
	option dscp_bulk CS1

config class browsing
	option ingress CS0
	option egress CS0
	option prio_max_avg_pkt_len 575
	option dscp_prio AF31
	option bulk_trigger_pps 1000
	option bulk_trigger_timeout 4
	option dscp_bulk CS1

config class bulk
	option ingress CS1
	option egress CS1
	option prio_max_avg_pkt_len 575
	option dscp_prio CS1
	option bulk_trigger_pps 1000
	option bulk_trigger_timeout 30
 	option dscp_bulk CS0

config class besteffort
	option ingress CS0
	option egress CS0

config class network_services
	option ingress CS2
	option egress CS2

config class broadcast_video
	option ingress CS3
	option egress CS3
	option egress AF32
   	option prio_max_avg_pkt_len 575
	option dscp_prio AF31

config class gaming
	option ingress CS4
	option egress CS4

config class multimedia_conferencing
	option ingress AF41
	option egress AF41

config class streaming
	option ingress AF32
	option egress AF32
	option prio_max_avg_pkt_len 575
	option dscp_prio AF31

config class telephony
	option ingress EF
	option egress EF

config interface wan
    option name wan
    option disabled 0
    option bandwidth_up 94mbit
    option bandwidth_down 94mbit
  

config interface GuestWifi
    option name GuestWifi
    option disabled 0
    option bandwidth_up 7mbit
    option bandwidth_down 7mbit

    # defaults:
    option ingress 1
    option egress 1
    option mode diffserv4
    option nat 1
    option host_isolate 1
    option autorate_ingress 0
    option ingress_options "nat dual-dsthost ingress mpu 84 overhead 44"
    option egress_options "nat dual-srchost mpu 84 overhead 44 wash"
    

Qosify is not able to act based on local (LAN) IP addresses. Only remote IPs or ports are available for classification purposes.

1 Like

As far as understanding notation, what is the difference between +besteffort versus besteffort?

README

1 Like

117 - Support for LAN host based priority, nothing about this is workig at this time?

Correct, "planned feature" but not yet implemented.

1 Like

read the readme, I seen at the bottom where it mentions

111 Adding a + in front of the value tells qosify to only override the DSCP value if it is zero
112 DNS entries are compared in the order in which they are specified in the config, using the
113 first matching entry.

I guess where I am having the problem understanding is I see the + being used in both the default.conf and the /etc/config/qosify . I am just not understanding the dynamics.

I like your restructured config. In comparison to the one provided by @elan , it would be fair to say yours assumes all DSCP markings are accurate enough except for the ones you choose to prioritize in /etc/qosify/*.conf .

I am gathering this from re-reading,

 # Don't override DSCP classes
 # If none of the rules in `/etc/qosify/*.conf` apply,
 # keep the DSCP class the application (egress) or ISP (ingress) set.
 # option dscp_icmp besteffort
 # option dscp_default_tcp besteffort
 # option dscp_default_udp besteffort

where as @elan config

sets the default class for traffic to CS 1 (BULK / deprioritized) and then uses automated rules based on packet size to prioritize things again.

This is great when it manages to prioritize the right packets, but it can fail really badly if something is not prioritized, because those packets end up being in the lowest priority class.

So the question for me here is, do we want to trust the ISP DSCP markings, or is it better to control the priority by rewriting the DSCP altogether?

Because I can see where there can be issues either way.

1 Like

There really is no 'we' here, that is a decision that each network administrator needs to take individually for their network. However it is not that hard to check whether one's ISPs DSCP markings make sense for one's own desired policy. My gut feeling is that an ISP's markings rarely make much sense for a leaf network.

1 Like

'+' works as stated, i.e. if a dscp value is set then qosify will respect it and queue accordingly, instead of overwriting based on its own (=qosify) matching rules.

for example: if you have an app which can set dscp value and you trust in this app, you can assume it is doing the right thing and respect the dscp value this app sets. like a voip phone. the + option can help if for whatever reason an app forgets to set dscp value. without + option dscp value is strictly set by qosify, no matter what is already set it will be overwritten and handled accordingly.

it is a matter of trust: in larger networks and or with separated responsibilities as a network operator will you assume the client apps doing the right things (use +), or not (without +) because you cannot be sure if a misconfigured / rogue app will not hijacking a queue by setting unexpected dscp value. let's say EF is allocated for voice calls (and you pay the premium price for it) but user wants his/her "very important" app to run snappy so will set EF for the app.

1 Like

no, you cannot assume ISP is doing the exact same classification as you, likely your priorities (e.g. gaming traffic) is the least priority for ISP. Or media streaming is nightmare from ISP point of view as contrary to the name is rather burst traffic. so rather not assume your interest is aligned with ISP's. better safe than sorry.

1 Like

That is a fair way of describing it.

Although that’s not the reason why I chose not to overwrite it.

My logic is pretty simple: Cake works amazingly well in the “default config” without extra tweaking. So I want to run it as close to that as possible, while prioritizing and deprioritizing a few select services.

Since cake by itself doesn’t choose to overwrite ingress DSCP values, I do the same.

But I think setting all ingress traffic to CS0 (best effort) is totally valid too and will likely not do any harm.

What I would avoid though is setting all incoming traffic to CS1 (bulk) or any other values. Because then you are significantly diverting from cakes default way of working and will need have rules that set the “correct” priority for all traffic.

And I just don’t think creating a config, that works in all edge cases, is realistic.

Quick note, cakevdefaults to 'besteffort' so will by default ignore all DSCPs without touching them...
The diffservN modes expect the user to assertain that DSCPs are 'meaningful'.

Just to make sure I understand your comment correct... Do you mean that in the piece of cake config, cake will ignore DSCP completely and in the layer cake mode it will put traffic in different tins based on whatever DSCP values are assigned to the traffic, but it will itself not modify any DSCP values.

Is that correct?