OpenWrt Forum Archive

Topic: give priority to a specific pc in the LAN, with MWAN3 rules

The content of this topic has been archived on 5 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I want to create a rule (work-rule) that will give top priority to a specific pc (let's name it work-pc) in the LAN.  For this purpose I assigned it a static IP (ie 192.168.1.50).  I assigned to this rule (very high in the rules table) with some policies with low metric and high weight values and source address 192.168.1.50.

http://s22.postimg.org/va7d4w7qp/rules2.png

Is this a correct setup?

My worry is that all other rules lower will be ignored.  Like the HTTPS, if I put this lower, then I will be kicked out from https sites, right?  So what is the correct way to do this?

I could put work-rule lower than the https rule.  But I also want my work-pc to have higher precedence over other pcs when visiting https sites.

So how do I do this?

PS: I decided to open a new topic for this question I have already asked in the mwan3 thread.  I have a feeling it is lost in there.

I've been told I can easily do this with QOS script.  However I have SQM-QoS installed, which does not have this capability (AFAIK).  urthermore SQM-QoS and QOS scripts cannot coexist, right?

bobptz wrote:

I've been told I can easily do this with QOS script.  However I have SQM-QoS installed, which does not have this capability (AFAIK).  urthermore SQM-QoS and QOS scripts cannot coexist, right?

It is true, sqm-scripts does not offer this. I am tempted to include a way of selecting IPs to dedicate for back-ground traffic (as bit-torrent packets can be hard to categorize). I would certainly recommend you go and test whether simple.qos does not already work for you out of the box though. I like your enthusiasm to understand things and set-up the "perfect" qos/mwan system, but with my sqm-scripts head on, I am happy to fix real bugs and shortcomings, but I have my own agenda regarding changes that are not necessitated by bugs (or features as they say, the background priority by IP is one of those, so there might be an intersection between our interestes). So if you can convince me that the current sqm-scripts oe not work sufficiently well as they are now, I am still happy to help you out with information and attempts at elucidating internals of sqm, but this is musher lower priority for me than for you...

Best Regards
        M.

Hello moeller0

So from what I understand the feature I want is in the QoS category (and not the multi-wan one).

A month ago I was unaware of what QoS is.  Now that I am starting to learn about this stuff, I think that giving priority to a specific pc in the LAN ( that may belong to the boss, a power user or a very critical department like a stock broker's orders entry pc) is a must.  I am not surprised you are thinking to add this feature.  I am surprised it is missing.  Maybe I still cannot grasp what QoS is and certainly to me SQM is just a black box that somehow improves my internet connection.

moeller0 wrote:

I would certainly recommend you go and test whether simple.qos does not already work for you out of the box though.

You mean the form under  Network -> SQM QoS -> Queue Discipline -> Queue setup script ?
Yes, I already have the default simple.qos there.  What can I test?  How can this setting possibly know that I want to give priority to a certain pc in the LAN?  I am missing something here again, right?

moeller0 wrote:

So if you can convince me that the current sqm-scripts oe not work sufficiently well as they are now...

You mean testing for bugs?  ok, I will report if I find anything.  But if you want opinion on the feature set, first I need to understand what SQM is (does) and stop seeing it as a black box. 

PS: I thought you said you are not the SQM developer.  How come you fix bugs?


EDIT:  Like SQM advertises on the top of the screen that it does "prioritisation".  What traffic gets priority?  How much priority?  How do I change priority... etc?

(Last edited by bobptz on 30 Dec 2015, 22:28)

Hi bobptz,

bobptz wrote:

Hello moeller0

So from what I understand the feature I want is in the QoS category (and not the multi-wan one).

A month ago I was unaware of what QoS is.  Now that I am starting to learn about this stuff, I think that giving priority to a specific pc in the LAN ( that may belong to the boss, a power user or a very critical department like a stock broker's orders entry pc) is a must.

        I would not recommend any organization with tight well-defined priority needs to use sqm-scripts at all, they are better off with rolling their own priority system tailored to their needs (sqm-scripts does not aim for perfect but simply for good enough for most use cases, as far as I am concerned). Giving priority to a specific IP address (and I am only thinking about lowering the priority of a given set of IPs to alleviate the problem fq_codel still has with heavy bit-torrent traffic, I am not talking about a  higher priority IP address set yet).

bobptz wrote:

I am not surprised you are thinking to add this feature.  I am surprised it is missing.

        Note, I would prefer not having to do this at all, it feels like a work-around instead of a proper solution, the fact that heavy bit-torrent can disrupt other traffic in the same network is just unfortunate, and that almost no bit-torrent client allows to change the DSCP/TOS bits of the packets it sends...

bobptz wrote:

Maybe I still cannot grasp what QoS is and certainly to me SQM is just a black box that somehow improves my internet connection.

moeller0 wrote:

I would certainly recommend you go and test whether simple.qos does not already work for you out of the box though.

You mean the form under  Network -> SQM QoS -> Queue Discipline -> Queue setup script ?
Yes, I already have the default simple.qos there.  What can I test?  How can this setting possibly know that I want to give priority to a certain pc in the LAN?  I am missing something here again, right?

        The idea is that you test whether you need special priority for the work_pc at all. Personally I aim at keeping sqm scripts as simple as possible, so any additional feature should be justified by solving real issues. And with real I do not mean issues that one could expect to encounter in the future, but really observed failures of sqm to keep latency under control in a specific real-world situation.

bobptz wrote:
moeller0 wrote:

So if you can convince me that the current sqm-scripts oe not work sufficiently well as they are now...

You mean testing for bugs?  ok, I will report if I find anything.

        Thanks, I mean bugs and observable situations were sqm-scipts performs worse than could be expected; with emphasis on observable wink

bobptz wrote:

But if you want opinion on the feature set, first I need to understand what SQM is (does) and stop seeing it as a black box.

        Wel, to be blunt I (personally) am not taking any feature requests wink that is, you can describe them and I will listen, I just do not promise to implement them (or give them priority if I am convinced those features are worthwhile).

bobptz wrote:

PS: I thought you said you are not the SQM developer.  How come you fix bugs?

        Well, Dave Täht created the initial scripts and Toke Høiland-Jørgensen created an openwrt package out of them and refined them, since Dave mostly retreated Toke is THE developer of sqm-scripts. I started to contribute fixes, small changes and feature implementations some time ago, so I would consider myself at best to be a junior co-developer of sqm-scripts, certainly not the developer...
        But SQM, like most open source projects, takes bug reports and bug fixes not only from core developers but from anybody offering them. So you can also become part of the sqm-scripts development team; either by offering patches that fix real bugs/short-comings or be offering implentations of new features (for those you will need to convince mainly Toke that they are an actual improvement and worth their complexity, so offering something is no guarantee of getting it in).

bobptz wrote:

EDIT:  Like SQM advertises on the top of the screen that it does "prioritisation".  What traffic gets priority?  How much priority?  How do I change priority... etc?

       Have a look at the contents of /usr/lib/sqm/simple.qos  and /usr/lib/sqm/functions.sh they should explain a lot. Basically the priority is selected based on the DSCP markings of the packets. Ideally you do not need to change the priority in the scripts at all, but rather you teach your applications to set the correct DSCP marks.
        But really just go and test whether sqm-scripts out of the box does not already solve your traffic control issues. You seem dedicated to change sqm-scripts to follow your pre-conceptions about how traffic shaping should work; which is fine as that is how you learn new things.
        But if you want to go that route, please take at least a few days/weeks time to get a feel how sqm-scripts baseline behavior works. Only if you have measurements of the status-quo, you will be able to figure out if your changes improve things or not. Also, I believe, you have come close to the end of things you can learn by simply of shell scripts so they should be reasonably simple to read and understand/modify)

Best Regards
        M.

Ah! I wrote you a detailed answer only to loose everything when I tried to post it.  My dual wan, double IP problem I guess.

So here is a the summary.

I googled again and I still do not know what DSCP is, let alone to try to teach my applications how to change the DSCP marks.  No idea how to do this, never heard of it.  If this is required for SQM, then please, put a guide in the manual.

The way SQM works, a “good enough result” is really very interesting and maybe perfect for SOHO.  I have a SOHO and I may just leave it as it is.  However, suppose my work-pc has an important skype session and my wife talks to her mother, at another skype session on the laptop.  How will SQM give priority to the work-pc, in case bandwidth is limited?  Don't you see the need for manual configuration, for more traditional QoS rules? 

So the way I will use it is refrain from heavy use of the rest of the network while the work-pc is doing something important.  This will work, but it does not sound an impressive QoS to me.

You are right, I first need to test how the system performs and if it has a problem, then trouble shoot it. 

I did look at the source code you told me.  You reminded me the days I was a trainee, I could read at long printouts of source code and then embarrass the senior programmers by pointing out their bugs.  I cannot do this any more.  Even if I could understand what each statement did, my complete lack of DSCP knowledge would still prevent me from understanding the logic.

Thank you for you interest and effort to educate me.  I hope I am not wasting your time for nothing.



Regarding my original question.  I wish someone can verify for me that MWAN3 cannot do what I want, so I can look for other ways.

(Last edited by bobptz on 31 Dec 2015, 17:38)

Hi bobptz,

bobptz wrote:

Ah! I wrote you a detailed answer only to loose everything when I tried to post it.  My dual wan, double IP problem I guess.

So here is a the summary.

I googled again and I still do not know what DSCP is, let alone to try to teach my applications how to change the DSCP marks.  No idea how to do this, never heard of it.  If this is required for SQM, then please, put a guide in the manual.

        Have a look at http://lmgtfy.com/?q=DSCP wink (the second link is especially interesting) and https://tools.ietf.org/html/rfc2475 these should cover some ground on DSCP in general. Is this required for SQM? No, but if you want to use the different priority tiers that simple.qos offers you will need to look at it, but SQM will work just fie with everything at the default DSCP value of zero. And let me ask with some snark, which manual?

bobptz wrote:

The way SQM works, a “good enough result” is really very interesting and maybe perfect for SOHO.  I have a SOHO and I may just leave it as it is.  However, suppose my work-pc has an important skype session and my wife talks to her mother, at another skype session on the laptop.  How will SQM give priority to the work-pc, in case bandwidth is limited?  Don't you see the need for manual configuration, for more traditional QoS rules?

        Well, if your bandwidth is not sufficient to have two concurrent Skype sessions then don't do that then? BTW, you can always use qos-scripts instead of sqm-scripts if you absolutely want to (micro-)manage individual priority levels... (sqm-scripts has advantages in that it works out of the box for IPv6 which qos-scripts as of 3 years ago did to (last time I looked), and sqm offers link layer overhead accounting that actually works, but it does not expose the kind of knobs that you seem to want so qos-scripts might be the right solution for you).

bobptz wrote:

So the way I will use it is refrain from heavy use of the rest of the network while the work-pc is doing something important.

        Why not test how heavy use of the rest of the network affects work_pc's ability to do what you intend it to do first? That way you might collect data that shows that sqm scripts has short-commings that should be fixed...

bobptz wrote:

This will work, but it does not sound an impressive QoS to me.

        I am sorry to hear that, but want to note for posterity that I did to start helping out with sqm-scripts to either impress you personally or to create an impressive qos system, so no hard feelings.

bobptz wrote:

You are right, I first need to test how the system performs and if it has a problem, then trouble shoot it.

        That is the right spirit wink

bobptz wrote:

I did look at the source code you told me.  You reminded me the days I was a trainee, I could read at long printouts of source code and then embarrass the senior programmers by pointing out their bugs.

        Oh, this is not about embarrassing anybody, if sqm scripts has a bug (and I am certain there are multiple) it needs fixing, so I will (grumpily wink ) commend you when you report bugs or even send bug fixes.

bobptz wrote:

I cannot do this any more.  Even if I could understand what each statement did, my complete lack of DSCP knowledge would still prevent me from understanding the logic.

        The good thing is that nowadays with the internet one can do this kind of research about computer and network related issues from the comfort of one's own desk/home, no need for tedious research trips to the local library wink

bobptz wrote:

Thank you for you interest and effort to educate me.  I hope I am not wasting your time for nothing.

         While I might not fully agree with all your assessments, I am always interested toi learn about bugs and possible improvements for sqm-scripts so there is something in our discussion for me as well. (The more real-world testing data the better for me wink )

bobptz wrote:

Regarding my original question.  I wish someone can verify for me that MWAN3 cannot do what I want, so I can look for other ways.

From all the reading and searching I did about DSCP, I understood that the network packets are marked by compatible routers/switches with those DSCP marks, so that QoS can be applied to them. As for the criteria, I won;t go deep right now.  I am sure there are shortcomings, like skype and torrents (like you said).

You mentioned twice about teaching my applications to use the correct DSCP markings.  How do I do this?

moeller0 wrote:

Well, if your bandwidth is not sufficient to have two concurrent Skype sessions then don't do that then?

Maybe my wife or my children do not understand this even if I tell them 100 times.  Maybe the line is loaded already by other stuff.  Maybe the line can handle couple of skype sessions if they are geographically close, but has problem if they are from another continent.  Maybe the ADSL line has fluctuations and some times it has reduced bandwidth (my ADSL does). 

Why do you want to take care of torrents when everybody knows it is a hog for bandwidth and people should schedule them during off hours?

Because we are perfectionists and we strive for automation and excellence in the products we make. 

moeller0 wrote:

And let me ask with some snark, which manual?

This is what I mean:
https://wiki.openwrt.org/doc/howto/sqm

moeller0 wrote:

(sqm-scripts has advantages in that it works out of the box for IPv6 which qos-scripts as of 3 years ago did to (last time I looked),

I don't think I need IPv6 support (do I?).  But your statement confused me.  Does qos-scripts support IPv6 or not?

moeller0 wrote:

sqm offers link layer overhead accounting that actually works,

In English, it is more efficient in reducing bufferbloat, right?

I think it should be explained in the manual (see above) what are the features/benefits of SQM, in a way that a non-technical person understands them.  A simple tutorial about all the DSCP stuff needed to fine tune it.  All the confusion in my questions could be food for thought to at least improve documentation.

(Last edited by bobptz on 1 Jan 2016, 09:03)

bobptz wrote:

From all the reading and searching I did about DSCP, I understood that the network packets are marked by compatible routers/switches with those DSCP marks, so that QoS can be applied to them. As for the criteria, I won;t go deep right now.  I am sure there are shortcomings, like skype and torrents (like you said).

You mentioned twice about teaching my applications to use the correct DSCP markings.  How do I do this?

So have a look at say "man ping" on your ubuntu machine, you will see something which includes the following:
[...]
       -Q tos Set Quality of Service -related bits in ICMP datagrams.  tos can be decimal (ping only) or hex number.

              In RFC2474, these fields are interpreted as 8-bit Differentiated Services (DS), consisting of: bits 0-1 (2  lowest
              bits) of separate data, and bits 2-7 (highest 6 bits) of Differentiated Services Codepoint (DSCP).  In RFC2481 and
              RFC3168, bits 0-1 are used for ECN.

              Historically (RFC1349, obsoleted by RFC2474), these were interpreted as: bit 0 (lowest  bit)  for  reserved  (cur‐
              rently being redefined as congestion control), 1-4 for Type of Service and bits 5-7 (highest bits) for Precedence.
[...]

So in try for example "sudo ping -c 1 -s 16 -Q 0xC0 one.of.your.IP-addresses" while using tcpdump to record the packages then look at the IP header in wireshark. Ideally all applications would allow to do that, but currently most do not. You then have the option to change the source code of the applications relevant for you and the re-compile (especially if those are open source programs, for Skype this will, unless you work at the right division of Microsoft not work). You can also use iptables on the machine running Skype to say mark all outgoing traffic as EF or so (that would with the existing simple.qos script allow to move all of work_pc's traffic into the higher priority class, pretty much what you asked for). Google should be your friend in getting the correct iptables/ip6tables invocation to make this happen.

Best Regards
        M.

Hi bobptz,

bobptz wrote:
moeller0 wrote:

Well, if your bandwidth is not sufficient to have two concurrent Skype sessions then don't do that then?

Maybe my wife or my children do not understand this even if I tell them 100 times.

        Since in our gedankenexperiment there will b too little bandwidth for two concurrent calls, they will notice since their Skype session also is going to be crappy... But i get your point you want to have a stricter control over this...

bobptz wrote:

Maybe the line is loaded already by other stuff.  Maybe the line can handle couple of skype sessions if they are geographically close, but has problem if they are from another continent.

        Why should this depend on the geographical distance between a call's endpoints?

bobptz wrote:

Maybe the ADSL line has fluctuations and some times it has reduced bandwidth (my ADSL does).

        If the fluctuations are severe the will likely make your shaper non-functional during periods of low bandwidth, in that situation sqm-scripts will not work well at all. I have he feeling you might be happier with maybe using gargoyle, which has a method to monitor the available bandwidth and set the shaper accordingly, also I believe gargoyle allows the level of detailed configuration and control you seem to want.

bobptz wrote:

Why do you want to take care of torrents when everybody knows it is a hog for bandwidth and people should schedule them during off hours?

        Because people don't do this reliably enough? And a number of networks are shared between users that want a reasonable fairness of bandwidth use (in times of contention), and because bit-torrent traffic can really make sqm-scripts perform worse than expected...

bobptz wrote:

Because we are perfectionists and we strive for automation and excellence in the products we make.

        Please speak for yourself; for me this is not about excellence but really about fixing a bad corner-case were a single misbehaving user/application can degrade the network experience for a whole segment (but unlike a DOS situation, bit-torrent by itself is not an unwanted application, so banning it is not really an option, but relying on people getting the configuration right also does not seem to work generally, sort of like in your family scenario above... wink ).

bobptz wrote:

moeller0 wrote:

And let me ask with some snark, which manual?

This is what I mean:
https://wiki.openwrt.org/doc/howto/sqm

        This is not really a manual, but rather a quick introduction to help people getting it up and running, Rich Brown wrote this great document, but its aim certainly is not to explain all the details, but rather get people to a working set-up as quickly as possible.

bobptz wrote:

moeller0 wrote:

(sqm-scripts has advantages in that it works out of the box for IPv6 which qos-scripts as of 3 years ago did to (last time I looked),

I don't think I need IPv6 support (do I?).  But your statement confused me.  Does qos-scripts support IPv6 or not?

        I do not know the current state of qos-scripts and IPv6, three years ago it did not shape IPv6 traffic at all, so say on a dual-stack link with some IPv6 traffic flowing the shaper might not have worked at all.. About today, I really do not know.

bobptz wrote:

moeller0 wrote:

sqm offers link layer overhead accounting that actually works,

In English, it is more efficient in reducing bufferbloat, right?

        This can be a side-effect, yes. But the man point is that without correct accounting for the link layer and the per packet overhead the shaper will not robustly work especially on an ATM-bassed link, were worst case ~50% of the link bandwidth can be wasted on quantization overhead, so either you set your shaper to 50% of the link rate or use correct link layer accounting to make sure the traffic shaper will work as expected under all circumstances...

bobptz wrote:

I think it should be explained in the manual (see above) what are the features/benefits of SQM, in a way that a non-technical person understands them.

        Remember when I pointed you at https://github.com/moeller0/ATM_overhead_detector ? You complained about its almost complete opaqueness and tech-babble, but this was my attempt at describing something in a way for lay-people to understand (without dumbing down on the details), so I might not be the person you actually want writing documentation... That said, if you want to contribute simple and correct text for a more detailed manual, I am sure Toke will happily include this, or it could be hosted on the openwrt wiki somewhere, just holler if you want to contribute.

bobptz wrote:

A simple tutorial about all the DSCP stuff needed to fine tune it.

        One of the core dies behind sqm-scripts is to come up with a traffic control system that should not need any fine-tuning wink You are right that a better description of the DSCP topics would be great. So may I ask you to document the steps of your journey to a working set-up, to use as a skeleton for the sqm/DSCP manual?

bobptz wrote:

All the confusion in my questions could be food for thought to at least improve documentation.

        So, are you volunteering your own time here to improve the documentation? In that case I will try to endorse you and help out with information, if I can. If you are thinking about volunteering my or someone else's time I am unsure how quickly the tentative documentation improvements will materialize wink
        Ceterum censeo, you should try to perform a worst case measurement on your system first to figure out whether any DSCP magic is required at all or not, if I understand correctly we are mainly talking about theoretical short-comings you want fixed, not really confirmed practical ones... You know what they say, "if it is not broken, do not fix it". There are enough sqm related items on my todo list that fix real observable issues that I am not actively soliciting for more ideas how to spend my spare time wink

Best Regards
        M.

Hello moeller0

moeller0 wrote:

So in try for example "sudo ping -c 1 -s 16 -Q 0xC0 one.of.your.IP-addresses" while using tcpdump to record the packages then look at the IP header in wireshark. Ideally all applications would allow to do that, but currently most do not. You then have the option to change the source code of the applications relevant for you and the re-compile (especially if those are open source programs, for Skype this will, unless you work at the right division of Microsoft not work). You can also use iptables on the machine running Skype to say mark all outgoing traffic as EF or so (that would with the existing simple.qos script allow to move all of work_pc's traffic into the higher priority class, pretty much what you asked for). Google should be your friend in getting the correct iptables/ip6tables invocation to make this happen.

I am looking into iptables, mostly out of interest, since iptables keeps coming up all the time.  I do not want to change the source code and recompile my applications, even if I could do it (after googling for several months).  I was hoping for a much more user-friendly and less technical solution.

moeller0 wrote:

Why should this depend on the geographical distance between a call's endpoints?

Distance increases the ping.  Skype is sensitive to ping AFAIK.

moeller0 wrote:

I have he feeling you might be happier with maybe using gargoyle, which has a method to monitor the available bandwidth and set the shaper accordingly, also I believe gargoyle allows the level of detailed configuration and control you seem to want.

oh Yes!  This sounds great.  This dynamic adjustment is exactly what I had in mind when I started with multi wan and QoS.  However I do not want to change firmware because of some obstacles I found with OpenWRT or SQM.  All software have flaws and shortcomings.  I invested my time in this setup, I prefer to continue with it.

moeller0 wrote:

So may I ask you to document the steps of your journey to a working set-up, to use as a skeleton for the sqm/DSCP manual?
….
So, are you volunteering your own time here to improve the documentation?

I am already doing this.  Have a look at this link:
http://bbb-solutions.blogspot.gr/2015/1 … enwrt.html

I wrote it because the readme file was not accurate and I would have trouble installing them without your help.  I keep this blog so I can repeat these steps if I ever need to. 

The rest of my setup is 99% from the “manual”.  Do you remember something from our conversations that needs to be included in the documentation?  If it is something that I comprehend (because many things I still do not), then I could write a guide for it. 

moeller0 wrote:

In that case I will try to endorse you and help out with information, if I can.

You can try, but remember:  I still do not know what iptables are and although I like to learn and improve things, I do not want to learn all the internals of Linux just to improve my router.

Hi bobptz,

bobptz wrote:

Hello moeller0

moeller0 wrote:

So in try for example "sudo ping -c 1 -s 16 -Q 0xC0 one.of.your.IP-addresses" while using tcpdump to record the packages then look at the IP header in wireshark. Ideally all applications would allow to do that, but currently most do not. You then have the option to change the source code of the applications relevant for you and the re-compile (especially if those are open source programs, for Skype this will, unless you work at the right division of Microsoft not work). You can also use iptables on the machine running Skype to say mark all outgoing traffic as EF or so (that would with the existing simple.qos script allow to move all of work_pc's traffic into the higher priority class, pretty much what you asked for). Google should be your friend in getting the correct iptables/ip6tables invocation to make this happen.

I am looking into iptables, mostly out of interest, since iptables keeps coming up all the time.  I do not want to change the source code and recompile my applications, even if I could do it (after googling for several months).  I was hoping for a much more user-friendly and less technical solution.

        Great, iptables (and for IPv6 ip6tables) is a binary program to interact with the kernels iptables subsystem (IIRC), so looking into this sounds worthwhile. Something along the lines of http://www.linuxtopia.org/Linux_Firewal … x4172.html should help you to configure the DSCP marks of all tcp packets leaving your work_pc for example; so this should allow you to configure the stict priority tiers you seem to desire. The downside of this approach is that it will only affect traffic originating from work_pc, but not packets on the reverse leg from the internet to work_pc (for this to work the filtering needs to be performed before the packets reach the shaper, but since you set the shaper up on the wan interfaces, at that point you do not have easy access to work_pc's internal IP address, thank to network address translation (NAT)). In my view teach relevant application to use configurable DSCP markings is the superior solution as that allows to specify the policy on a per application basis; in your case you seem to be adamant that work_pc needs priority for Skype so it seems the most natural solution to just make Skype use higher priority... in the end this also is way more user friendly if applications start to expose the DSCP marking somewhere in their configuration files or settings dialogs, but I admit that this is simple a question of personal taste and preference...

bobptz wrote:
moeller0 wrote:

Why should this depend on the geographical distance between a call's endpoints?

Distance increases the ping.  Skype is sensitive to ping AFAIK.

        But this is then independent of your router's bandwidth, so outside the scope of sqm-scripts, no?

bobptz wrote:
moeller0 wrote:

I have he feeling you might be happier with maybe using gargoyle, which has a method to monitor the available bandwidth and set the shaper accordingly, also I believe gargoyle allows the level of detailed configuration and control you seem to want.

oh Yes!  This sounds great.  This dynamic adjustment is exactly what I had in mind when I started with multi wan and QoS.  However I do not want to change firmware because of some obstacles I found with OpenWRT or SQM.  All software have flaws and shortcomings.  I invested my time in this setup, I prefer to continue with it.

        Well, fair enough, please note though that gargoyle ( https://www.gargoyle-router.com ) is based on openwrt, so might allow you to re-use the already learned knowledge and refined configuration files. Also some of the things gargoyle already offers to day and that you seem to want are not in sqm-scripts (near to intermediate) future...

bobptz wrote:

moeller0 wrote:

So may I ask you to document the steps of your journey to a working set-up, to use as a skeleton for the sqm/DSCP manual?
….
So, are you volunteering your own time here to improve the documentation?

I am already doing this.  Have a look at this link:
http://bbb-solutions.blogspot.gr/2015/1 … enwrt.html

        This is a great start, thannks.

bobptz wrote:

I wrote it because the readme file was not accurate and I would have trouble installing them without your help.  I keep this blog so I can repeat these steps if I ever need to.

        What part in the realm was not accurate beyond the use of a symbolic name for the "target directory"?

bobptz wrote:

The rest of my setup is 99% from the “manual”.  Do you remember something from our conversations that needs to be included in the documentation?  If it is something that I comprehend (because many things I still do not), then I could write a guide for it.

        If you implement the "switch work_pc to higher priority" using iptables approach it sure will help if you post a nice description (along the lines of the existing entries) to your blog.

bobptz wrote:
moeller0 wrote:

In that case I will try to endorse you and help out with information, if I can.

You can try, but remember:  I still do not know what iptables are and although I like to learn and improve things, I do not want to learn all the internals of Linux just to improve my router.

        I start to sound like a broken record, but here I go again: why don't you simply try whether sqm-scripts default behavior does not already work well enough for your needs first? Then you can still decide whether reading "man iptables" and "man iptables-extensions" is worth your time...

Best Regards
        M.

Hello moeller0

moeller0 wrote:

In my view teach relevant application to use configurable DSCP markings is the superior solution as that allows to specify the policy on a per application basis; in your case you seem to be adamant that work_pc needs priority for Skype so it seems the most natural solution to just make Skype use higher priority... in the end this also is way more user friendly if applications start to expose the DSCP marking somewhere in their configuration files or settings dialogs, but I admit that this is simple a question of personal taste and preference...

I agree this is a far better method for QoS, and I also agree there should be a better way to configure the DSCP marks of the packets the application sends.  Otherwise it is unusuable to the average user.


moeller0 wrote:

What part in the realm was not accurate beyond the use of a symbolic name for the "target directory"?

This and the explanation of the scp command.  It is not obvious if you have not done this before:
scp -r ./*  root@192.168.1.1:/

About this iptables technique.  MWAN3 seems to have its own routing and iptables scheme.  I am reading the "Mwan3 routing" section of https://wiki.openwrt.org/doc/howto/mwan3 , but I only understand half of what it says.

(Last edited by bobptz on 3 Jan 2016, 08:51)

Hi bobptz,

bobptz wrote:

Hello moeller0

moeller0 wrote:

In my view teach relevant application to use configurable DSCP markings is the superior solution as that allows to specify the policy on a per application basis; in your case you seem to be adamant that work_pc needs priority for Skype so it seems the most natural solution to just make Skype use higher priority... in the end this also is way more user friendly if applications start to expose the DSCP marking somewhere in their configuration files or settings dialogs, but I admit that this is simple a question of personal taste and preference...

I agree this is a far better method for QoS, and I also agree there should be a better way to configure the DSCP marks of the packets the application sends.  Otherwise it is unusuable to the average user.

        I have my doubts that the average user uses openwrt at home wink, also none of this is actual rocket science, and a decent blog like yours might be enough to get others started as well. In other words my faith in peoples capabilities seems greater than yours wink

bobptz wrote:
moeller0 wrote:

What part in the realm was not accurate beyond the use of a symbolic name for the "target directory"?

This and the explanation of the scp command.  It is not obvious if you have not done this before:
scp -r ./*  root@192.168.1.1:/

        Interesting, I had not considered that either the symbolic directory name nor the "missing" information from "man scp" would be an obstacle...

bobptz wrote:

About this iptables technique.  MWAN3 seems to have its own routing and iptables scheme.  I am reading the "Mwan3 routing" section of https://wiki.openwrt.org/doc/howto/mwan3 , but I only understand half of what it says.

        On your ubuntu machines, the whole mwan3 issue does not exist all you need is to issue something along the lines of (to make the whole machine label everything for background (lowest) priority):

sudo iptables --table mangle --append OUTPUT --protocol all -j DSCP --set-dscp 0x08
sudo ip6tables --table mangle --append OUTPUT --protocol all -j DSCP --set-dscp 0x08

to delete the rules first use:

sudo iptables --line-numbers -t mangle -vL OUTPUT
to get the rules number, should be the highest number or very likely this is the only rule, so 1 in our example,
then delete it:
sudo iptables -t mangle -D OUTPUT 1

And the same for IPv6:
sudo ip6tables --line-numbers -t mangle -vL OUTPUT
# assuming the number is 1
sudo ip6tables -t mangle -D OUTPUT 1

This is by all means not perfect and only affects the egress/outgoing/upload direction (if issued at one of your internal linux hosts) and it will not survive a reboot, but it should at least give you an example of how to push one machine into a specific priority band... Feel free to experiment a bit with this. For testing I used the ceroscripts ( https://github.com/richb-hanover/CeroWrtScripts) bettersppeedtest wrapper script:
1) IPv4:
./betterspeedtest.sh -4  -H netperf-eu.bufferbloat.net -t 2
and
./betterspeedtest.sh -6  -H netperf-eu.bufferbloat.net -t 2
(You can use any program that will send tcp packets over your wan interfaces here...)
While using "tcpdump -s 1550 -i ge00 -w ge00.cap" on my router, get is the physical interface name (in your case probably eth0) on which my egress pppoe-ge00 lives. I then copied these to my analysis machine and had a look inside with wireshark and looked at the values of the disc fields in the IP headers of packets originating from the internal host. Also "tc -s qdisc show dev pppoe-ge00" now showed among other outputs:
qdisc fq_codel 130: parent 1:13 limit 1001p flows 1024 quantum 300 target 5.0ms interval 100.0ms
Sent 18728096 bytes 22576 pkt (dropped 23, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
  maxpacket 1516 drop_overlimit 0 new_flow_count 7268 ecn_mark 0
  new_flows_len 0 old_flows_len 2
This shows that the background priority tier actually transmitted packets during the test. Testing without the remarking rule above yields:
qdisc fq_codel 130: parent 1:13 limit 1001p flows 1024 quantum 300 target 5.0ms interval 100.0ms
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
  maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0

This shows that the forced DSCP marking at the end host works for egress packets and that sqm-scripts' simple.qos actually honors these DCP marks. I hope that this gets you started to implement what ever you want. BUT please, first test how the system behaves without manual interventions; in the end most end users will not want to touch anything so the out-of-the-box default behavior of sqm-scripts aims at being reasonable in most reasonable circumstances; so does it work for yor case out-of-the-box or is tweaking required?

For anything more there is always "man iptables" and "man iptables-extensions" and google...

Best Regards, over and out
        M.

this is a bit old of a thread, but i often host lobbies in ptp online fps, and as well have a mission critical apache server, and both run at the same time.  The online mp gaming hosts would be the time dependant traffic and the apache server while important isnt latency dependant, and sometimes gets server at a huge percentage of my bandwidth.  I realize that sqm scripts might work just fine out of the box, but the addition of priority to the gaming computer against the apache would just make the hosts that much better. 

I just want to throw my hat up for addition of the priority/(ip address/mac address) section of the sqm qos script section, or better yet a merger of the two so that it has both features. 

tc is still some what greek to me so idk, but ive read over man documents, i guess i just need to put the pen to the paper on my own personal script for this

so am i right that i cant have both qos scripts and sqm-qos installed at the same time?

The discussion might have continued from here.