Hi again!
I switched back from fireqos to SQM, because my router (TP-LINK W8970) have low power to handle fireqos config.
also it's better idea to control both bufferbloat + doing prioritization using a AIO solution.
I started to read and play with SQM settings, DSCP marks,etc...
and the result was amazing!, it's like having SQM + adaptive QOS, in one package simple and easy to config.
so i made a script that will handle DSCP marks and traffic routing using veth method like how @dlakelan taught me, now i can play an online (LOL) game on my pc while download + seeding a torrent without lag,
ping is very stable with rare ping spike (due to bad bandwidth settings and bad isp's network), also i can
download + browsing internet without delay (download will suffer when i browsing or download on my phone),
bandwidth fairness is really good, no more streaming lags.
this script still need to be optimization, correction to handle everything, after that i want to integrate it to layer_cake script, so it will be more easier for basic users to handle a simple configs.
to make this happen i want the valued help from this great forum members/modders.
some tests:
SQM off:
a.unloaded network:
- League of legends game ping is 90~100ms.
- whatsapp voice calls,viber voice calls= few lags and delay.
b.loaded network:
- League of legends game ping is 200~400ms.
- whatsapp voice calls,viber voice calls= more lags and delay, sometimes other person cant's hear clearly.
SQM on with DSCP tags:
a. unloaded network:
- League of legends game ping is 100~117ms.
- whatsapp voice calls,viber voice calls= no lags or delay.
b.loaded network:
- League of legends game ping is 109~124ms.
- whatsapp voice calls,viber voice calls= very rare lag, no delay.
This is ISP bandwidth splitting speeds:
download:
services= google ggc,cache,games updates,some CDN's.==8 mbps upto 12 mbps.
youtube= 8mbps upto 12 mbps.
facebook= 4 mbps.
main download speed=1.1 mbps, and 8mbps from 2am to 10am.
upload:
between 1.5mbps ~ 7mbps differ from site to site.but if i disable upload shaping bufferbloat is too low for upload, only my download have spikes!, and can be fixed by set download limit to 1000kbit.
*all of those traffic is isolated from each other!.they use dscp tag on youtube traffic (can't remember which value exactly but i think its 0x60 or 0x30).
My setup:
i used this guide to have extroot--> https://www.pcsuggest.com/configuring-extroot-with-openwrt-on-tp-link-mr-3220/
use this command to backup your installed packages names to file:
opkg list-installed | cut -f 1 -d ' ' > /etc/config/packages.list
and use this to reinstall your packages after sysupgrade
opkg install $(cat /etc/config/packages.list)
needed packages:
first run "opkg update", without quotes, then
opkg install kmod-veth kmod-netem kmod-ipt-ipopt kmod-nf-nathelper-extra kmod-sched kmod-sched-cake ip-full ipset iptables-mod-conntrack-extra iptables-mod-extra iptables-mod-ipopt iptables-mod-nat-extra
opkg remove dnsmasq ; opkg install dnsmasq-full
optional:
opkg install tcpdump -->to dump packets on interface for debugging.
opkg install kmod-tcp-bbr -->to enable BBR tcp congestion control,it's really improve network response.
then go to /etc/sysctl.conf and add those two lines:
net.core.default_qdisc=fq_codel
net.ipv4.tcp_congestion_control=bbr
I named my script net.sh and place it in /root/net.sh
IPT="iptables"
####Latency Sensitive Ports
##league of legends,PUBGM,some voip service like whatsapp.
sport1="37,53,81,88,123,500,1500,1863,3074:3076,3478:3481,3544,3659,4244"
sport2="4379,4380,4500,5222,5223,5228,5242,5000:5500,7985,8000,8888,9339,9785,34784"
sport3="10000:10300,19132,25565,27000:27030,28960,59172,39499,34141,59437:59581,45395,50318,59234"
dport1="37,53,81,88,123,500,1500,1863,3005,3074:3076,3101,3478:3481,3544"
dport2="3659,4244,4379,4380,4500,5222,5223,5228,5242,5000:5500,7985,8000,8888,34784"
dport3="9339,9785,10000:10300,19132,25565,27000:27030,28960,59172,39499,34141,59437:59581,45395"
dport4="1119,3724,7000:7999,8011,8081:8090,9030,17000,50318,59234"
## set up a 2 pair of veth devices to handle inbound and outbound traffic
ip link show | grep veth0 || ip link add type veth
## get new veth interfaces up
ip link set veth0 up
ip link set veth1 up
## trun on promisc mode,sometimes it's needed to make bridge work
ip link set veth1 promisc on
## add veth1,veth3 to bridge
brctl addif br-lan veth1
## just to make sure there's nothing inside those 2 tables
ip rule del priority 100
ip route flush table 100
##ipset for streming sites.they are bening filled by dnsmasq
ipset create vidstream hash:ip
ipset create usrcdn hash:ip
ipset create bulk hash:ip
ipset create latsens hash:ip
## flush mangle table
$IPT -t mangle -F PREROUTING
## add routing for veth0 this will handle all slow traffic
ip route add default dev veth0 table 100
ip rule add iif pppoe-wan table 100 priority 100
#Clear interface dscp marks, we don't trust ISP marks(also to use our own marks).
$IPT -t mangle -A PREROUTING -i pppoe-wan -j DSCP --set-dscp 0
########################################
# Latency Sensitive (gaming/voip)
########################################
##Latency Sensitive
$IPT -t mangle -A PREROUTING -p icmp -j DSCP --set-dscp-class CS6 ##dscp tag for ping packets
$IPT -t mangle -A PREROUTING -m set --match-set latsens src -j DSCP --set-dscp-class CS6 ## set dscp tag for our Latency Sensitive (latsens) ipset
$IPT -t mangle -A PREROUTING -p tcp -m conntrack --ctorigsrc 192.168.1.150 -m multiport ! --ports 80,443 -j DSCP --set-dscp-class CS6 -m comment --comment "PS4" #i don't have PS4, change the ip according to your ip setting.
$IPT -t mangle -A PREROUTING -p udp -m conntrack --ctorigsrc 192.168.1.150 -j DSCP --set-dscp-class CS6 -m comment --comment "PS4"
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport1 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport2 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport3 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p tcp -m multiport --sport 22,2099,4244,5222,5223,5228,5242,8088,8393:8400,50318,59234 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport1 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport2 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport3 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport4 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p tcp -m multiport --dport 22,2099,3013,4244,5222:5228,5242,10012,17000,17500,8088,8393:8400,50318,59234 -j DSCP --set-dscp-class CS6
########################################
# Streaming Media (videos/audios)
########################################
$IPT -t mangle -A PREROUTING -m set --match-set vidstream src -j DSCP --set-dscp-class AF41 ##set dscp tag for our ipset vidstearm
$IPT -t mangle -A PREROUTING -m set --match-set usrcdn src -j DSCP --set-dscp-class AF21 ##set dscp tag for our ipset usrcdn #those cdn's are isolated by my ISP.
$IPT -t mangle -A PREROUTING -p tcp -m multiport --dport 1935 -j DSCP --set-dscp-class AF41
########################################
# Best Effort (browsing/services)
########################################
$IPT -t mangle -A PREROUTING -p tcp -m multiport --ports 80,443,853,3455,8080,27015 -j DSCP --set-dscp-class AF13
$IPT -t mangle -A PREROUTING -p udp -m multiport --ports 80,443,853,3455,8080 -j DSCP --set-dscp-class AF13
#########################################
# Background Traffic (Bulk/file transfer)
#########################################
$IPT -t mangle -A PREROUTING -m set --match-set bulk src -j DSCP --set-dscp-class CS1 ##set dscp tag for our bulk ipset
$IPT -t mangle -A PREROUTING -p tcp -m multiport --ports 21,80,443,8080,60887,27014:27050 -m connbytes --connbytes 1048576: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1 #60887 bittorrent
$IPT -t mangle -A PREROUTING -p udp -m multiport --ports 21,80,443,8080,60887 -m connbytes --connbytes 1048576: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1
Q1. Is it needed to tag sport?, if yes then how ?
Q2. Should i route my fast traffic to another pair of veth?
Q3. How to benefit from ECN ?
Q4. How to wmm qos queue ?
Q5. Is it needed to add -w option to iptables to get rid of xt_table lock issue?
My dnsmasq.conf ipset's /etc/dnsmasq.conf :
##Latency Sensitive (gaming/voip)
ipset=/*.igamecj.com/igamecj.com/latsens
##video/audio streams
# Youtube is also isolated by my isp
ipset=/googlevideo.com/*.googlevideo.com/vidstream
# NetFlix
ipset=/nflxvideo.net/vidstream
# AmazonVideo
ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/vidstream
# Facebook
ipset=/fbcdn.net/vidstream
# Twitch
ipset=/ttvnw.net/vidstream
# VeVo
ipset=/vevo.com/vidstream
# Spotify
ipset=/audio-fa.scdn.cot/vidstream
# Deezer
ipset=/deezer.com/vidstream
# SoundCloud
ipset=/sndcdn.com/vidstream
# last.fm
ipset=/last.fm/vidstream
##i have isolated speed for those cdn's
ipset=/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn
## Bulk downloads
#qq download
ipset=/download.qq.com/bulk
# Steam Download
ipset=/steamcontent.com/bulk
# PSN Download
ipset=/gs2.ww.prod.dl.playstation.net/bulk
# DropBox
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk
# Google Drive
ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk
# Google Docs
ipset=/docs.google.com/docs.googleusercontent.com/bulk
# PlayStore Download
ipset=/gvt1.com/bulk
# WhatsApp Files
ipset=/mmg-fna.whatsapp.net/bulk
# Youtube Upload
ipset=/upload.youtube.com/upload.video.google.com/bulk
# WindowsUpdate
ipset=/windowsupdate.com/update.microsoft.com/bulk
My /etc/config/sqm :
config queue 'wan'
option ingress_ecn 'ECN'
option egress_ecn 'ECN'
option enabled '1'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option qdisc_advanced '1'
option qdisc_really_really_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option linklayer 'ethernet'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option tcMPU '64'
option linklayer_adaptation_mechanism 'cake'
option download '0'
option interface 'veth0'
option shaper_burst '1'
option script 'layer_cake.qos'
option ilimit '18'
option elimit '18'
option iqdisc_opts 'overhead 28 diffserv4 nat dual-srchost rtt 200ms'
option eqdisc_opts 'overhead 35 diffserv4 nat dual-dsthost rtt 200ms'
option overhead '0'
option upload '16000'
config queue
option debug_logging '0'
option verbosity '5'
option ingress_ecn 'ECN'
option tcMTU '2047'
option tcTSIZE '128'
option enabled '1'
option download '0'
option qdisc 'cake'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option egress_ecn 'ECN'
option qdisc_really_really_advanced '1'
option linklayer 'ethernet'
option linklayer_advanced '1'
option tcMPU '64'
option linklayer_adaptation_mechanism 'cake'
option shaper_burst '1'
option upload '7000'
option script 'layer_cake.qos'
option ilimit '18'
option elimit '18'
option interface 'pppoe-wan'
option overhead '0'
option iqdisc_opts 'diffserv4 nat dual-dsthost rtt 200ms'
option eqdisc_opts 'overhead 18 diffserv4 nat dual-srchost rtt 200ms'
config queue
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option qdisc_advanced '1'
option ingress_ecn 'ECN'
option qdisc_really_really_advanced '1'
option enabled '1'
option squash_dscp '0'
option squash_ingress '0'
option egress_ecn 'ECN'
option shaper_burst '1'
option interface 'eth0'
option script 'test_LAN_triple-isolate__piece_of_cake.qos'
option linklayer 'ethernet'
option overhead '8'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option tcMPU '64'
option linklayer_adaptation_mechanism 'cake'
option ilimit '18'
option elimit '18'
option iqdisc_opts 'mpu 64 nat dual-srchost'
option eqdisc_opts 'mpu 64 nat dual-dsthost'
option download '58120'
option upload '0'
I used diffserv4 for layer cake:
you can edit this in /usr/lib/sqm/defaults.sh
replace diffserv3 with diffserv4
I'm using "Linux OpenWrt 4.14.79 #0 SMP Mon Nov 12 16:09:09 2018 mips GNU/Linux
- r8450", tomorrow i will upgrade to latest snapshot.
*note: software offloading is off!.
bufferbloat test:
sqm off:
sqm on:
Many thanks to openwrt dev's/modder's for making openwrt great and better.
Many thanks to @dlakelan for taught me and help me to configure fireqos.
Many thanks to @shm0 for your script, i took some codes from your script!
*NOTE:
Here is the newest script, don't use old script it's a port based and outed dated!
QOS script
#!/bin/bash -x
IPT="iptables"
WANIF="pppoe-wan" #wan interface
tc qdisc add dev wlan0 root mq #setup multi queue for wifi device(optional)
####veth start's here####
## set up a pair of veth devices to handle inbound and outbound traffic
ip link show | grep veth0 || ip link add type veth
## get new veth interfaces up
ip link set veth0 up
ip link set veth1 up
## trun on promisc mode,sometimes it's needed to make bridge work
ip link set veth1 promisc on
## add veth1 to bridge
brctl addif br-lan veth1
## just to make sure there's nothing inside those 2 tables
ip rule del priority 100
ip route flush table 100
## add routing for veth0 this will handle all traffic
ip route add default dev veth0 table 100
ip rule add iif $WANIF table 100 priority 100
###veth end ###
##ipset for streming sites, etc; they are bening filled by dnsmasq
ipset create streaming hash:ip
ipset create usrcdn hash:ip
ipset create bulk hash:ip
ipset create latsens hash:ip
$IPT -t mangle -N dscp_mark > /dev/null 2>&1
$IPT -t mangle -F dscp_mark
## check if POSTROUTING already exits then jumps to our tables if not, add them
$IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -j dscp_mark
iptmark(){
$IPT -t mangle -A dscp_mark "$@"
}
## start by washing the dscp to CS0
iptmark -j DSCP --set-dscp 0
#A robust 2 rules to detect realtime traffic
# mark connections that go over 115 packets per second, not prioritized
iptmark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"
# unmarked UDP streams with small packets get CS6
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
#large udp streams like video call get AF41
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,5353,80,443,8080,60001 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF41 -m comment --comment "large udp connection gets AF41"
########################################
# Latency Sensitive (gaming/voip)
########################################
##ICMP, to prioritize pings
iptmark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings"
#DNS traffic both udp and tcp
iptmark -p udp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS udp"
iptmark -p tcp -m multiport --port 53,5353,8888 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS tcp"
#NTP
iptmark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP udp"
#High priority ipset, i use for pubgM
iptmark ! -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp
iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset
########
##Browsing
########
## medium priority for browsing
iptmark -p tcp -m multiport --ports 80,443,8080 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing at CS3"
##################
#TCP SYN,ACK flows
##################
#Make sure ACK,SYN packets get priority (to avoid upload speed limiting our download speed)
iptmark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3
iptmark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3
#Small packet is probably interactive or flow control
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3
#Small packet connections: multi purpose (don't harm since not maxed out)
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3
########################################
# Streaming Media (videos/audios)
########################################
#Known video streams sites like netflix
iptmark -m set --match-set streaming src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset"
# some iptv provider's use this port
iptmark -p tcp -m multiport --ports 1935,9982 -j DSCP --set-dscp-class AF41 -m comment --comment "some iptv streaming service"
#known usrcdn like google or akamai
iptmark -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset"
#########################################
# Background Traffic (Bulk/file transfer)
#########################################
#bulk traffic ipset, like windows udates and steam updates/downloads
iptmark -p tcp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p udp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS0 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS0 to CS1 for bulk tcp traffic"
iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic"
iptmark -p udp -m multiport --port 60001 -j DSCP --set-dscp-class CS1 -m comment --comment "bulk torrent port UDP"
#tcpdump rule, copy and paste this rule into terminal, this rule is used to capture realtime traffic, you can change ip to what you like
#tcpdump -i br-lan host 192.168.1.126 and udp and portrange 1-65535 and !port
Dnsmasq, dnsmasq.conf:
dnsmasq.conf
ipset=/igamecj.com/gcloudcs.com/qos.gcloud.qq.com/tencentgames.helpshift.com/latsens
ipset=/.googlevideo.com/youtube.com/streaming
ipset=/live.mp3quran.net/tiktokv.com/media-imdb.com/v.redd.it/last.fm/sndcdn.com/deezer.com/audio-fa.scdn.cot/vevo.com/ttvnw.net/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/nflxvideo.net/av.alarabiya.net/streaming
ipset=/.fbcdn.net/.whatsapp.net/.whatsapp.com/usrcdn
ipset=/lol.secure.dyn.riotcdn.net/lol.dyn.riotcdn.net/lol-promos.s3.amazonaws.com/.amazonaws.com/l3cdn.riotgames.com/.akamaihd.net/ucy.ac.cy/hwcdn.net/windowsupdate.com/update.microsoft.com/share.box/akamaized.net/usrcdn
ipset=/.google.com/googletagmanager.com/.googleusercontent.com/google.com/.googleapis.com/1e100.net/usrcdn
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/gs2.ww.prod.dl.playstation.net/steamcontent.com/download.qq.com/bulk
**Use an overhead that will suit your connection type!
***I used sqm on eth0 for test purpose and maybe sometimes fix spikes!
****For routers that have Switch0 interface(DSA architecture switch), you don't need to use veth method!