Sqm setup help

user674574 · August 27, 2020, 2:19pm

Hello,

Im relatively new to openwrt and trying to learn/evaluate sqm, it works well using cake / layer_cake, just trying to improve even more.

Im running 2x wireguard interfaces as clients to mullvad vpn provider.
My setup is that some devices in lan/guest-lan go through wireguard #1, some through wireguard #2 and some directly to wan.

Im using vpn-policy-routing for directing traffic.

I have full duplex / symmetric gigabit wan.

What i want to achieve is that regardless of what devices on wireguard #1 does, the clients using wireguard #2 and wan should have priority.

Still, i want to minimize the loss of network throughput on wireguard #1 as much as i can.

Would i select wan, wireguard #1 or #2 as interface for sqm?
What overhead settings? since its both wireguard traffic and normal wan i dont know what overhead should be.

The router-hardware is x86_64 with 4x threads at 3ghz+ so cpu hardware is not a limitation (ofcourse theres a limit but you know)

Any advice?
Thank you

moeller0 · August 28, 2020, 7:01am

God question. Since all packets traverse over wan, I would recommend sqm on wan to fight your access link's bufferbloat. About the prioritization things get tricky. Naively, I would simply use sqm's per internal IP fairness configuration assuming that it will treat both VPNs equally, that is not exactly what you want, but might be better than the default behavior in regards to non VPN traffic.
Inside each VPN you probably want some sort of fair queueing as well, but I a not 100% sure how to get this done (as I understand it, this is something wireguard would need to offer, at least in the form of some feed back of its own buffering, not sure whether that is implemented).

That depends, a traffic shaper instantiated on WAN will not care about the VPN overhead and still do the right thing (you still need to account for the applcable overhead for the WAN link itself though). If you instantiate a shaper inside the VPN (so that it sees the packets before they enter the wiregard tunnel/encapsulation) you will need to add both the wan overhead, as well as VPN overhead. And if you combine wan and VPN shapers, the wan shaper needs to account for wan overhead, and the VPN shaper for VPN overhead (but that would require same testing).

Hope that helps.