Ultimate SQM settings: Layer_cake + DSCP marks

Installing and Using OpenWrt Network and Wireless Configuration
683

If any help 'flowid 1:' works and eliminates 'flowid ???' in tc filter show dev eth'n' output.

684

will do, i still use all the other scripts such as sqm etc? or you really meant to say is to use qos.sh and dnsmasq.conf only and delete all the other older scripts that you have mentioned in your first post. currently am running these two scripts as well as Sqm scripts, so far i have had mixed results and still trying to figure out the best setting for sqm, i seems to notice more changes to my gaming when i adjust the sqm setting. tell me more about diffserv4 vs diffserv8, do i need to change anything special here or can i just delete the 4 and replace it with 8?

i sometime seems to get better results with fq_codel compare to Cake, am not sure the exact reason but in most cases the game seems to play smooth.

can i change these for this test:
option qdisc 'cake' to option qdisc 'fq_codel'
option script 'simple.qos'
option linklayer_adaptation_mechanism 'default
'

685

you can just play with sqm settings.
my script will work with cake and layer_cake, not sure how it will act with fq_codel

yes you can try that.

try to play with sqm until you find the best settings for you!

686

So I was reading a bit and can this maybe be helpful for ingress burst size?

tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

tc qdisc add dev $DEV handle ffff: ingress

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src
192.168.1.1 police rate ${34860}kbit burst 10k drop flowid :1

687

Sorry for the months late answer @hisham2630 the wifi is working great on my phones though I made some changes, for example went back to have all the sqm settings in the pppoe-wan (upload and download), I had upload only in wan and the download settings for the upload on the veth0, also deleted some of the advanced settings of sqm.

Something I have not solved is how to make my openvpn server work with dscp, if I have your script on, I can only ssh into my router using openvpn everything else (like browsing, etc) do not work, to use my vpn from work I have to disable your scrip and restart the router first. Any ideas??

1 Like
688

This topic is now almost exactly 1 year old and has accumulated 681 postings.
Have your initial questions been answered during the last 12 months?

If yes: Could you please sum up your findings and the answers to your questions and then mark the topic as solved? This would be a great help for other users and save them the time to wade through 600something postings.

2 Likes
689

Hello friends, I wanted to see if you help me in this, I wanted to know what is the highest priority in DSCP if it is EF or CS7

1 Like
690

I also want to know if these commands are properly placed in the Extra arguments boxes
2

691

Hello guys,

I have a TP link archer c7 v5 and got two question.

Should I use layer cake instead of piece of cake? I want my hit detection to be much instant as possible. I heard I also should set squash to do not squash on inbound.

Im playing on console, game is using following udp ports 3074, 3479 and 3480.

Can I run this in my firewall as dscp mark?

##ICMP
iptables -t mangle -A FORWARD -p icmp -j DSCP --set-dscp-class EF

iptables -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class EF

##GAMING
iptables -t mangle -A FORWARD -p udp --match multiport --sport 3074,3479:3480 -j DSCP --set-dscp-class EF

iptables -t mangle -A FORWARD -p udp --match multiport --dport 3074,3479:3480 -j DSCP --set-dscp-class EF

iptables -t mangle -A POSTROUTING -p udp --match multiport --sport 3074,3479:3480 -j DSCP --set-dscp-class EF

iptables -t mangle -A POSTROUTING -p udp --match multiport --dport 3074,3479:3480 -j DSCP --set-dscp-class EF

692

If you want to use DSCP to prioritize some packets over others, you need to use layer_cake and make sure packets carry the correct/desired dscp marking before cake gets hold of them.

1 Like
693

Ok thanks. Can I use the iptables I posted above? Just want these udp packets to travel fast as possible and ICMP priotized.

694

Well, just try it.

tc -s qdisc will give you statistics where cake reports how many packets traversed through the different priority tiers, so just run a test and see whether the correct counters increase.
Typically on a wan link's ingress side qdiscs run before iptables got hold of the packets, so on ingress the marking most likely is not going to have an effect on egress it might (unless the NAT system had to re-map the ports to different internal port numbers)...

695

It would be awesome if SQM (luci-app) had a option to prioritize packets of specific gaming ports when using layer_cake. I would love to prioritize a few gaming ports but reading thrue this thread I figured out that it does seem to be kinda complicated and not very userfriendly.

@lajkasir
If this worked for you please report back as I would like to set up something similar for some games.

2 Likes
696

Im using gargoyle rn but dont know if its possible to run this on openwrt thats why im asking...

On gargoyle i post these in firewall.user and run this command in putty
/etc/init.d/firewall restart

Then reboot

Edit: ok i just tried but get error. Do i need to have SQM and Layer cake enabled to get this working?

697

I've tested your rules with Modern Warfare on my PS4 and it does seem to work for the egress side (layer_cake@pppoe). On the ingress side it didn't had any effect and I guess the reason is the one that moeller0 stated above...

Yes but my test showed me that your solution will only work on the upload side (egress) and sadly I don't know any simple solution for the download side (ingress). To make things rly work it has to be Up+Dowload sided.

698

If you're using a snapshot of master you can use sqm-scripts 1.4.0 (or newer) with cake and also install kmod-sched-ctinfo, kmod-sched-connmark, and kmod-sched-ipset (the latter is optional but I make use of it). I use a simple script based off of what @ldir originally posted:

#!/bin/sh
# Cero3 Shaper
# A cake shaper and AQM solution that allows several diffserv marking schemes
# for ethernet gateways

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
#       Copyright (C) 2012-5 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller


#sm: TODO pass in the cake diffserv keyword

. ${SQM_LIB_DIR}/defaults.sh
QDISC=cake

# Default traffic classication is passed in INGRESS_CAKE_OPTS and EGRESS_CAKE_OPTS, defined in defaults.sh now


egress() {
    SILENT=1 $TC qdisc del dev $IFACE root
    $TC qdisc add dev $IFACE root handle cacf: $( get_stab_string ) cake \
        bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}

    # put an action on the egress interface to set DSCP from the stored connmark.
    # this seems counter intuitive but it ensures once the mark is set that all
    # subsequent egress packets have the same stored DSCP avoiding iptables rules
    # to mark every packet, ctinfo does it for us and then CAKE is happy using the
    # DSCP
    $TC filter add dev $IFACE protocol all prio 10 u32 match u32 0 0 action \
	ctinfo dscp 0xfc000000 0x01000000
}


ingress() {

    SILENT=1 $TC qdisc del dev $IFACE handle ffff: ingress
    $TC qdisc add dev $IFACE handle ffff: ingress

    SILENT=1 $TC qdisc del dev $DEV root

    [ "$IGNORE_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS besteffort"
    [ "$ZERO_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS wash"

    $TC qdisc add dev $DEV root handle cace: $( get_stab_string ) cake \
        bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}

    $IP link set dev $DEV up

    # redirect all IP packets arriving in $IFACE to ifb0
    # set DSCP from conntrack mark
    $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
	match u32 0 0 action \
	ctinfo dscp 0xfc000000 0x01000000 \
	mirred egress redirect dev $DEV

    # Configure iptables chain to mark packets
    ipt -t mangle -N QOS_MARK_${IFACE}

    # Change DSCP of relevant hosts/packets
    # and save the DSCP to the connmark using savedscp 
    
    #From sched_cake.c:
    # /*  Further pruned list of traffic classes for four-class system:
    # *
    # *	    Latency Sensitive  (CS7, CS6, EF, VA, CS5, CS4)
    # *	    Streaming Media    (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
    # *	    Best Effort        (CS0, AF1x, TOS2, and those not specified)
    # *	    Background Traffic (CS1)
    # *
    # *		Total 4 traffic classes.
    # */
    
    #and for diffserv8:
    # /*	Pruned list of traffic classes for typical applications:
    # *
    # *		Network Control          (CS6, CS7)
    # *		Minimum Latency          (EF, VA, CS5, CS4)
    # *		Interactive Shell        (CS2, TOS1)
    # *		Low Latency Transactions (AF2x, TOS4)
    # *		Video Streaming          (AF4x, AF3x, CS3)
    # *		Bog Standard             (CS0 etc.)
    # *		High Throughput          (AF1x, TOS2)
    # *		Background Traffic       (CS1)
    # *
    # *		Total 8 traffic classes.
    # */
    
    GAMING_CLASS=AF41
    ipt -t mangle -A QOS_MARK_${IFACE} -m set --match-set gameset dst -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -m set --match-set bulkset dst -j DSCP --set-dscp-class CS1

    ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}

    ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.166 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.166 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    
    ipt -A QOS_MARK_${IFACE} -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
    # Send unmarked connections to the marking chain
    # top 6 bits are DSCP, LSB is DSCP is valid flag
    # ipt -t mangle -A PREROUTING  -i $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
    ipt -t mangle -A POSTROUTING -o $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}

    #you could just send every packet to the marking chain and update the stored DSCP for every packet
    #which should work for dynamic type marking but at a cpu cost
}

sqm_prepare_script() {
    do_modules
    verify_qdisc $QDISC "cake" || return 1
}

I have limited upload bandwidth so I use cakes video tin rather than voice. The '--savedscp-mark' saves the DSCP marks we set to the connection and the 'ctinfo' action restores the DSCP value to the packets before cake takes them.

The patches for savedscp support weren't merged into 19.07, but I've been building my own images with it since the beginning of August and everything has been working perfectly for me. If you want a fancier script ldir has a good example here.

I use dnsmasq to populate two ipsets, but you need to use dnsmasq-full for that. One is for a couple of games that use a HTTPS connection for game traffic, the other is mainly to confine Windows/Xbox updates to the bulk tin.

6 Likes
699

Thanks for your input!

I'm using a Snapshot build of davidc502 (OpenWrt SNAPSHOT r11086-4fc0a61ed3) and it has sqm-scripts 1.4.0-1 installed and I'm also able to install the packages which you mentioned above.

I'll give your solution/script a try later on. My Upload speed is rather on the larger side (~40mbps) so I guess that the default voice tin for gaming would make sense for me. I'll just need to figure out how to adjust the script for my needs because all I want for now is to priotize my PS4 Gaming traffic and I think some source/destination port rules for the gaming/server ports would be a good start.

700

All of the clients I specified are game consoles so I let them have the full range of ports I expect them to possibly use for game traffic (not worried about bittorrent clients on the consoles). Since the marks are being set on egress and you have no way to predetermine what hosts they will connect to except in limited circumstances (DNS requests for hosted servers, which are handled by ipsets) I considered that the easiest way to handle them.

701

Did you feel any diffrence

Edit: I will try to flash my wrt1900acsv2 with davidc502 firmware and try this:

iptables -t mangle -A POSTROUTING -j DSCP --set-dscp-class CS0

iptables -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class CS4

iptables -t mangle -A POSTROUTING -p udp --sport 3074 -j DSCP --set-dscp-class CS4

iptables -t mangle -A POSTROUTING -p udp --dport 3074 -j DSCP --set-dscp-class CS4

702

No I couldn't tell a difference in case of the hit detection but as I said these rules only work for egress and I can only notice a noticeable (negative) impact on gaming when there is heavy torrenting or steam updates are going on. So a working priotizizing for ingress is needed to make things better for gaming.

Hopefully I'll find time at the weekend to try out the script which Barrakketh provided and see if that fixes my problems.