Thanks for the info.
So in diffserv4, if i reached the 25% of bandwidth in voip tin, then packets will go to video tin?, i just think
it's better to borrow a none used bandwidth from the next tin?!
Why i should have ton of rules, if one or two rules can do everything, Like using connbytes to detect downloads it's working great and can stop torrent hogging the bandwidth!.
Most of game operators use TCP SYN to measure latency, they block ICMP to save their servers from DDOS
etc.
While they can use udp to measure latency; As you said:
I think it's OK, it's just a number, i need to test for a few days, i play another game which the ping is low and stable, because it's use UDP to measure latency, also on the same ip for the game session.
Yeah, it's a robust like the bulk rule that use connbytes, i completely removed port based prioritizing for
the realtime traffic.
Thank you for the valued help and diagnosing .
Yeah sure, but let me clean it first, wait a few minutes!
Most of these seem reasonable, there are a few where I imagine you could go both directions rather than just download direction for example (matching ipset src rather than dest). I do think probably some of your rules overlap each other, like your ACK rules might set TCP connections to CS2 and then later your streaming media rules might reset it to AF41 or whatever. That might be something you want it to do, but you might look at that to see if the interaction of rules is what you want.
Overall, I think this is a pretty robust set of rules and together with an appropriate mapping to buckets should work well. If you have remaining latency issues with VOIP or games it's probably either inherent issues (ie. problems between you and the server) or transient over-committing to high priority buckets, like if your PS4 suddenly starts updating some software over port 8080 or some other weird port and that all gets prioritized CS6
Still not sure which one's is overlap with each other's, it's a tcp flag, so not sure if it will make a problem
with streaming media. i think it's fine if streaming media reset it to AF41.
Hahha, i'm not sure what i want to do and what i don't want to do!!!
Sometimes interaction is not bad!?
Yeah it's still working fine for all cases until now, it happens sometimes there's a problem between me and
server , duo to loaded isp routers/peering issues.
I don't have PS4 or any console so i can't test that behavior!
I exclude those bulky ports like(80,443,8080,torrent port), sometimes when i start a download a game ping
will go up by 20ms for 2 sec then back normal, i think this is because i have a small bandwidth.
at early morning my speed will go up to 8mbps, browsing is much faster and there's no ping jump while
initiate a download, but in general i tried running a download and uploaded while during a game session
and there's no lag or ping jump at all!
I will keep maintain this script, and let you know; if you have any ideas or suggestions please share it.
That's great. I definitely had a similar improvement when I set up my QoS for my voip server, and recently I had my voip server cloud kernel changed by the VPS managers and they left out the HFSC qdisc, so reboot made me lose the QoS things went terrible, so I fixed it by using my own kernel and continuing to use my QoS system. The point is, even when you have hundreds of megabits of bandwidth, it's still perfectly possible to get terrible realtime performance for VOIP or games unless you make some effort to tag/prioritize/queue properly.
This is really more an experimental thread, nothing finalized into a "package" really. If you install and set up SQM with very basic settings then bam... Better network. If you want to go beyond that, requires some experiments, which is what this thread is about
Diffserv8 may have 8 queues, but that doesn't mean you need to use all of them. I'd limit it to
Realtime stuff, tagged CS6 (VOIP, games, NTP)
Low Latency small stuff tagged CS5 (flags, DNS)
Video Streaming tagged AF41 (this matches with WMM Video queue)
Best Effort Stuff tagged CS0 (goes into BE WMM queue)
Background CS1 (Goes into BK WMM queue)
Beyond that trying to use other tags will wind up getting you conflicts between cake and WMM and some cheap managed switches and various other things that might use DSCP, one thing will treat say CS2 as prioritized, another one will treat it as Background, etc.
Thanks.
I see that when 2 clients connected to the same lan, assume client A call client B using viber voice call app
viber will tag packets with AF41 for both outbound and inbound, also the call is p2p using the private ip of
those 2 clients.
My ISP is tagging NTP packets with AF41 ?!
Since there are no hard standards each app or provider uses their own system, it's a bit of a mess. But af41 is reasonable as a tag for low latency data. It won't go into voice WMM queue though
Hi again guys! Perhaps you can help me extend this setup. (if any1 has any other tips to optimize tcp over openvpn be my guest)
I'm trying to add OpenVPN to this for my game and im planning to route the traffic from my windows through the OpenVPN client on OpenWRT by destination IP, or policy based routing)
I tried Windows VPN clients with split-tunneling to try and only route specific apps through VPN but it seem mostly dirty fixes with firewall rules i believe, and just feels dirty.
Currently the OpenVPN works (tun0) and connection established, turned off nagling with tcp-nodelay.
The default routes work to the clients depending whether i use 'route-nopull' or not, obviously use it as i want to do some manual route.
But first I gotta get the Tun0 to work with the veth setup so also ingress from tun0 goes through veth!
with a vpn you'll have two kinds of ingress and two kinds of egress, one "into / out of the tunnel" and one the actual encrypted packet sent out or in on ethernet. If you prioritize the unencrypted (pre/post tunnel) packet, but the encrypted packet waits... you won't get the prioritization you want. It's a bit tricky because you can't look at the encrypted packet at all so likely you want to restrict the tunnel to just gaming, and prioritize all the encrypted packets.
also, if you can use a VPN provider who uses wireguard, it is a better choice due to lower CPU requirements for the router.
Yep, that will be hard to prioritize inside tunnel too, but... the VPN is intended for solely one game! I know the IP destination range, but im having trouble setting it up in the same veth setup as @hisham2630
So at least the tunnel should not be hard to prioritize now and I can just prioritize the whole port of my choosing, i think? (Currently just port 443, but I can change to a different one later)
If I can just have both Eth1.2 (WAN) and Tun0 both let egress go over Veth0/1, and the tunnel sends egress back the regular route to Eth1.2 (WAN)
Or is this too simple thinking?
Edit: I think I already managed it working, but not sure if OK. When I do speedtest (Download) i can see equal Tun0 and Veth data flow!
What i did:
ip route add default dev veth0 table 100
ip rule add iif eth1.2 table 100 priority 100
ip rule add iif tun0 table 100 priority 100
Just added the last line. I use this package to specify route atm the easy way: