Ultimate SQM settings: Layer_cake + DSCP marks


Yeah, not for me. They dont appear at all ;-(

Must be difference in windows version/build perhaps. I find using NetQosPolicy more reliable so far.

Using gpedit.msc does nothing for me at all. even after reboot the rules not work. I tried both user and computer configuration QoS section.

QoS in VLAN-Bridges

i forget to say that you should add these to /etc/iproute2/rt_dsfield

# Differentiated field values
# These include the DSCP and unused bits
0x0     default
# Newer RFC2597 values
0x28    AF11
0x30    AF12
0x38    AF13
0x48    AF21
0x50    AF22
0x58    AF23
0x68    AF31
0x70    AF32
0x78    AF33
0x88    AF41
0x90    AF42
0x98    AF43
# Older values RFC2474
0x20    CS1
0x40    CS2
0x60    CS3
0x80    CS4
0xA0    CS5
0xC0    CS6
0xE0    CS7
# RFC 2598
0xB8    EF

you should create this file!


Already did :slight_smile: Thanks u :slight_smile:


remember when tag a port or iprange, tag on both source and destination.
something like:

$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport1 -j DSCP --set-dscp-class CS6 
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $sport1 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m iprange --src-range -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m iprange --dst-range -j DSCP --set-dscp-class CS6


Yes, however I think i prefer tagging outbound with Windows QoS, sort of makes sense? Dont know if it will make a difference in overhead, or client side is 'double' prioritized to an extend.

I mean prioritizing / tagging based on executable looks much more granular to me, it can be a lot harder and less convinient trying to extrapolate port range, potentially different IP etc...

Imho upstream prioritizing still most important factor for gaming, this inbound prioritizing is like icing on the cake :slight_smile:

But please give input if I am wrong!


It's a good idea to control tags on transmit. But it's not always possible, for example in Xbox or an Android tablet or whatever.


That is true. However my only concern is maximum performance in the few select windows games I play, and I want them to have 100% priority over anything else on my network. Luckily I'm in full control of congestion (For the most part). The whole QoS for me is for 'incidents' for when lets say my iPhone is fetching data in the background, or some anomaly happening which can potentially throw off my game's networking even if its just slightly. Using 4G itself is really variable and sometimes I can get 60Mbps and other times I suspect it can just drop to <20Mbps for a few hundred milliseconds. As long as my UDP packets go through at these situations im satisfied.

I'm still using EF for them at this point and disabled WMM on my Wifi, as well as disallowing apps to use their own DSCP tags.

But in your situation, if the Android device or Xbox doesn't use any tags, or only low priority, the transmit DSCP i set on my Windows system still has priority over the others right? I can understand that you cant prioritize transmit packets from such devices without Windows QoS and then ur forced to use OpenWRT QoS indeed.


Yes, but if for example some over-zealous Android / iPhone app decides to tag its weather updates with CS7 your EF tags will not help you. This can be particularly true if some device gets compromised into a botnet that floods packets with very high DSCP priority. So it can be useful to rewrite the tags in your router anyway so as to squash other devices over-zealous attempts at prioritizing themselves.


Good point, havent thought of it that way. Is there any way to mark anything else other than the two rules i've already set to CS0? Or whatever lowest priority is? Or would I have to make specific rules for that too?

How would one go and setup something like mark all data except these two rules as low priority?


For SQM / cake lowest priority is CS1. CS0 is "regular" priority. You can easily add a rule that sets all traffic that isn't from your windows machine (give your windows machine a static IP reservation) to CS0, nullifying priorities put on the packets by anything else.


Good idea! Yea the only client on my network who has static IP is my Windows PC.


i prefer to tag port 80/443 with cs3, then put a connbytes rule that will tag port 80/443 with cs1 if the connbytes is
i think CS6 is better than EF,i read somewhere it's have problems with some kernels.


it's possible to tag packets on android using iptables, something like this:

iptables -t mangle -A PREROUTING -p udp -m owner --uid-owner 10154 -j DSCP --set-dscp-class CS6

#Clear interface dscp marks, we don't trust ISP marks(also to use our own marks).
$IPT -t mangle -A PREROUTING -i eth1.2 -j DSCP --set-dscp-class CS1

#MWO specific (upstream and downstream, however upstream is already covered with Windows QoS)
iptables -t mangle -A PREROUTING -p udp -m iprange --src-range -j DSCP --set-dscp-class CS6
iptables -t mangle -A PREROUTING -p udp -m iprange --src-range -j DSCP --set-dscp-class CS6
iptables -t mangle -A PREROUTING -p udp -m iprange --dst-range -j DSCP --set-dscp-class CS6
iptables -t mangle -A PREROUTING -p udp -m iprange --dst-range -j DSCP --set-dscp-class CS6

#Clear egress (upstream) dscp marks on all local network IP's except our Windows Client with static IP (
iptables -t mangle -A PREROUTING -p all -m iprange --src-range -j DSCP --set-dscp-class CS1

Does this look alright?


i think yeah.
but this will tag all untaged packets with CS1(bulk tin).
test under loaded network then see how it will works!


Im not sure how Cake deals with Untagged packets vs CS0 or CS1 tbh. I assume untagged packets are either treated as one or the other?


CS0 will go to best effort tin.so i's better to use CS0.
CS1 will go to bulk tin, which will add delay to packets and offer less bandwidth to them if network is loaded.


"untagged" is the same as CS0, so it's "best effort". CS1 will go in bulk and be delayed in favor of more important packets including "best effort" packets. CS1 is great for things like torrents or long-running downloads such as updates for games or Windows updates etc.


how to tag viber voice calls, cause viber always use p2p on random ports on each call.
i'm thinking if iptables ipp2p module would help me?


A word of warning, this is exactly the rabbit hole that fine-grained QoS rules will get you into*... Have you tried simply on relying on cake/fq_codel's sparse flow boosting and not create a specific rule? Especially the idea that ports above 1024 can actually be trusted to convey information about the content type seems a bit optimistic**.

*) This is not to say fine-grained rules are bad or in your specific case even avoidable, but maybe =or some things goog-enough might be acceptable instead of perfect :wink:

**) Again in reality the port mapping often is temporally stable enough that using port based schemes is acceptable as long as one does not forget to re-check all those port assumptions every now and then...