What's new

CakeQOS CakeQoS-Merlin v2.0.0

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

iptables -t mangle -nvL CakeQOS-Merlin

Looking good..

Code:
Chain CakeQOS-Merlin (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   165 DSCP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            multiport sports 16384:16415 DSCP set 0x2e
    0     0 DSCP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            multiport dports 19302:19309 DSCP set 0x2e
    0     0 DSCP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            multiport dports 3478:3481 DSCP set 0x2e
 886K   47M DSCP       tcp  --  *      eth0    192.168.xx.xxx       0.0.0.0/0            multiport dports 119,563 DSCP set 0x08
    0     0 DSCP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            multiport dports 500,4500 DSCP set 0x2e
    0     0 DSCP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            multiport dports 8801:8810 DSCP set 0x2e
    0     0 DSCP       tcp  --  *      eth0    192.168.xx.xxx       0.0.0.0/0            multiport sports 13213 DSCP set 0x08
  487 49522 DSCP       udp  --  *      eth0    192.168.xx.xxx       0.0.0.0/0            multiport sports 13213 DSCP set 0x08

Cake stats also look ok. Had to change classification to match my tins...
 
Wow, now you can have your cake and eat it too!

Both classless and classified QOS at the same time. I can see this helping some gamers as well as those with insufficient bandwidth.

It is great to see innovation like this!

Morris
 
Question on which port to enter for voip. I have Ooma voip system that uses the following ports:
  • remote UDP/TCP 53, 1194, 1294
  • remote TCP 80, 110, 443, 5061
  • remote UDP 67, 123, 3480
  • local UDP 49000 to 50000
  • remote UDP 10000 to 20000
Is it enough to enter the remote UDP ports 10000:20000 into the iptable rules or should I enter all the ports listed above?

1622722909492.png
 
Question on which port to enter for voip. I have Ooma voip system that uses the following ports:
  • remote UDP/TCP 53, 1194, 1294
  • remote TCP 80, 110, 443, 5061
  • remote UDP 67, 123, 3480
  • local UDP 49000 to 50000
  • remote UDP 10000 to 20000
Is it enough to enter the remote UDP ports 10000:20000 into the iptable rules or should I enter all the ports listed above?

View attachment 34212

if your VOIP is working with cake, do nothing as cake should handle it well. Only address applications that have issues or cause issues

Morris
 
if your VOIP is working with cake, do nothing as cake should handle it well. Only address applications that have issues or cause issues

Morris
That's the problem, Ooma is iffy.
 
if your VOIP is working with cake, do nothing as cake should handle it well. Only address applications that have issues or cause issues

Agreed, but will assume for now the user is having an issue perhaps. I would be looking at which type of connectivity is required for VOIP connection (quality) and confirm it is actually getting missed. You could (if configurable) limit which ports are used. I do this for BitTorrent for example and can therefore control/shape now with @dave14305 work how that traffic gets classified as it was using BestEffort before - now using Bulk.

I suspect for Ooma it's remote UDP 10000 to 20000 for the upload classification that you want to look at. In general that is where (if any area) to apply any of these new features @dave14305 is bringing to the table.

Hope that helps....
 
Does the max 250Mbps rule still apply for the AX88u ? I’m getting a upgrade soon to 300Mbps and was just curious.
Hello,

FYI: On my AC86U, I just hit 370Mbps with Cake on. And maybe it was limited by my line (which gives 400Mbps in ideal conditions) and not cake or the cpu. I think I have previously hit closer to 400Mbps with Cake on.
YMMV

I guess each household has various needs but at my home, I'm sure noone would notice if I had 200Mbps instead of 400Mbps anyway.

Cheers
W.
 
The Category dropdown contains generic descriptions for some initial types of traffic you may want to re-tin. The options and their assigned DSCP values are:
  • Bulk: CS1
  • Streaming: AF31
  • Voice: EF
  • Conferencing: AF41
  • Gaming: CS4

Dear Dave,

Thank you for your recent work on this, and all that came earlier.

I wish to give feedback about the typology of traffic in the beta, considering the intent is to "re-tin" (i.e. assign to different tins).

AF41 and AF31 are always sent to the same tin by Cake. I don't see the point in managing two different types of traffic when they end up in the same tin anyway. I feel one could as well merge "Streaming" and "Conferencing". (BTW for those less aware of the context: "Streaming" here is meant to be "Multimedia Streaming (AF3x) - eg. YouTube, NetFlix, Twitch", as per the sources of Cake available e.g. at https://github.com/RMerl/asuswrt-merlin.ng ) Considering the classification now targets upstream only, this clarification might be less relevant but I wanted to point it as, one day, the downstream might also become "classifiable".)

By the way, AF41 is the value used by CISCO themselves with their own conferencing solutions as Webex or Jabber, at least on platforms which are friendly with DSCP tagging (like Android 9). I like it.

EF and CS4 are sent to the same tin by Cake in diffserv8 and diffserv4. (Yeah, I know it is counterintuitive that diffserv3 processes them in different tins, while diffserv4 and diffserv8 process them in the same tin...) So, maybe the DSCP value is not ideal when the intent is to "retin". Or with a different perspective, it might be overkill to manage 2 categories (voice and Gaming) when they will end up in the same tin anyway with diffserv4 and diffserv8. (By the way, with diffserv3, AF41, AF31 and CS4 are actually all sent to the same tin. Of course, we didn't expect diffserv3 with 3 tins to be able to split 5 categories.)

I once created a table to visualize DSCP values, and the way they are assigned to tins by Cake (for diffserv8, 4 and 3); and now by your beta software. Here it is. If anyone is interested in the file, let me know, I would "sanitize" it and share it. There might be mistakes, I built it manually based on Cake source. But it should be correct.

Screenshot from 2021-06-03 22-51-03.png
 
Agreed, but will assume for now the user is having an issue perhaps. I would be looking at which type of connectivity is required for VOIP connection (quality) and confirm it is actually getting missed. You could (if configurable) limit which ports are used. I do this for BitTorrent for example and can therefore control/shape now with @dave14305 work how that traffic gets classified as it was using BestEffort before - now using Bulk.

I suspect for Ooma it's remote UDP 10000 to 20000 for the upload classification that you want to look at. In general that is where (if any area) to apply any of these new features @dave14305 is bringing to the table.

Hope that helps....
Possibly he can use source and/or destination IP to id the VOIP. I'm concerned that something else is causing his issues as VOIP is a perfect example of an application that cake should help. I run two flavors of VOIP on my LAN and they both work great.

Morris
 
Question on which port to enter for voip. I have Ooma voip system that uses the following ports:
  • remote UDP/TCP 53, 1194, 1294
  • remote TCP 80, 110, 443, 5061
  • remote UDP 67, 123, 3480
  • local UDP 49000 to 50000
  • remote UDP 10000 to 20000
Is it enough to enter the remote UDP ports 10000:20000 into the iptable rules or should I enter all the ports listed above?

View attachment 34212
I would try the Ooma voip on a static IP, and load that static IP address as a Local IP in the rules without specifying any ports
(I've been doing this with a Siemens VoIP gateway that uses similar ports with FreshQoS/FlexQoS and now Cake).

UPDATE: I removed the Local IP rule for my Siemens VoIP and still see call traffic through Callcentric service is in the "Voice" category tin with diffserv3: looks like Cake is doing a great job without any specific rule needed for my (lucky) setup.
 
Last edited:
Agreed, but will assume for now the user is having an issue perhaps. I would be looking at which type of connectivity is required for VOIP connection (quality) and confirm it is actually getting missed. You could (if configurable) limit which ports are used. I do this for BitTorrent for example and can therefore control/shape now with @dave14305 work how that traffic gets classified as it was using BestEffort before - now using Bulk.

I suspect for Ooma it's remote UDP 10000 to 20000 for the upload classification that you want to look at. In general that is where (if any area) to apply any of these new features @dave14305 is bringing to the table.

Hope that helps....
It didn't change anything, Ooma performs about the same no matter what port configuration I used. So, I went from diffserv4 back to besteffort without any iptables rules again and it seems to work the same. Could be that there is something else going on with the Ooma Telo device.
 
It didn't change anything, Ooma performs about the same no matter what port configuration I used. So, I went from diffserv4 back to besteffort without any iptables rules again and it seems to work the same. Could be that there is something else going on with the Ooma Telo device.
Congestion any ware on the internet can cause this. I suggest you do a trace route to your VOIP provider. If that looks good then contact the VOIP provider and have them take a look.

Good luck

Morris
 
Dear Dave,

Thank you for your recent work on this, and all that came earlier.

I wish to give feedback about the typology of traffic in the beta, considering the intent is to "re-tin" (i.e. assign to different tins).

AF41 and AF31 are always sent to the same tin by Cake. I don't see the point in managing two different types of traffic when they end up in the same tin anyway. I feel one could as well merge "Streaming" and "Conferencing". (BTW for those less aware of the context: "Streaming" here is meant to be "Multimedia Streaming (AF3x) - eg. YouTube, NetFlix, Twitch", as per the sources of Cake available e.g. at https://github.com/RMerl/asuswrt-merlin.ng ) Considering the classification now targets upstream only, this clarification might be less relevant but I wanted to point it as, one day, the downstream might also become "classifiable".)

By the way, AF41 is the value used by CISCO themselves with their own conferencing solutions as Webex or Jabber, at least on platforms which are friendly with DSCP tagging (like Android 9). I like it.

EF and CS4 are sent to the same tin by Cake in diffserv8 and diffserv4. (Yeah, I know it is counterintuitive that diffserv3 processes them in different tins, while diffserv4 and diffserv8 process them in the same tin...) So, maybe the DSCP value is not ideal when the intent is to "retin". Or with a different perspective, it might be overkill to manage 2 categories (voice and Gaming) when they will end up in the same tin anyway with diffserv4 and diffserv8. (By the way, with diffserv3, AF41, AF31 and CS4 are actually all sent to the same tin. Of course, we didn't expect diffserv3 with 3 tins to be able to split 5 categories.)

I once created a table to visualize DSCP values, and the way they are assigned to tins by Cake (for diffserv8, 4 and 3); and now by your beta software. Here it is. If anyone is interested in the file, let me know, I would "sanitize" it and share it. There might be mistakes, I built it manually based on Cake source. But it should be correct.

View attachment 34222
This is really useful feedback. I admit I didn’t do much analysis before picking the DSCP classes for Gaming or Conferencing. I threw Gaming in at the last second because I figured someone might ask what’s best for Gaming, and I don’t give a hoot about gaming.

I want to avoid the trap of having to worry which DSCP classes should be valid dropdown options based on the active diffserv option. So setting the DSCP class via iptables may or may not result in re-tinning. Very little happens with diffserv3, as you’ve noticed. diffserv4 is slightly better, but not many people are streaming in the upload direction, so it’s of limited use for Streaming.

I’m open to suggestions on where to go next with this. I don’t run this script myself, except when developing and testing it. I would like to move toward ipset-based rules so they can be used in either direction with iptables and tc filter. Multi-port rules are unwieldy with tc filter, so if we get to an ipset implementation, these port-based rules might be sacrificed for simplicity.

I made my own DSCP to Tin spreadsheet tonight. Useful to have.
 
Dear Dave,

It was easy to point at some details. It is difficult for me to imagine the best approach...

First, I have to admit that my first feedback about the Beta missed the point a bit. When someone defines some traffic as Gaming and some other traffic as Voice, the current beta scheme doesn't ensure differentiated handling between those two (which might be expected by the user). But it does ensure that they are not treated anymore as standard/normal/bulk. This is still a major improvement.

We don't really need user interaction to know that Skype is "Conferencing". Actually, for instance, https://forum.openwrt.org/t/ultimate-sqm-settings-layer-cake-dscp-marks-new-script/53209 (see also https://github.com/hisham2630/Ultimate-SQM-settings-Layer_cake-DSCP-marks-New-Script) does all the tagging without user interaction (based a.o. on ipset).

When your User Interface allows users to change the "Category", it is allowing users to change the handling/priority/tin. Considering also the objective to shield the users from the anarchy of DSCP values or the details of Cake's tins, I would make categories "self-explanatory", like "lowest latency", "low latency", "standard", "bulk" (or 3, 2, 1, 0). With the current beta names, I don't feel/know what is supposed to be the highest priority between 'Gaming' and 'Voice' for instance, and users will keep asking forever.

I would choose DSCP values that mostly ensure different tins (except for diffserv3 for the obvious 3 tins limitation): for instance, EF, AF41, CS0, CS1 (CS1 goes to tin 0). This is not 'by-the-book'(RFC) tagging but it probably achieves the re-tin objective in a simple manner, without creating too many expectations (I think users will expect each category to be treated differently by Cake).

Just the best 2cts I could think of so far.

Take care
W.

PS: Below the previous table with an extra column for the DSCP values that are used by the script referenced above. It's not gospel, just an example. (The line numbers refer to the file DSCP-ipv4.sh in the GitHub above)

Screenshot from 2021-06-06 11-05-42.png


PPS: This disregards the soft limits that Cake applies to tins (e.g. 25% of traffic), which might only be a second order concern anyway. https://www.snbforums.com/threads/cake-diffserv3-dscp-how-badly-are-liars-outliers-punished.71482/


EDIT: I like the topic, but truth be told, on my own network, I don't currently tag/classify in any way... When I did in the past, the Cake statistics about each tin didn't really reveal significant benefits for the different tins. Maybe because my line doesn't see enough saturation/congestion.
 
Last edited:
PS: Below the previous table with an extra column for the DSCP values that are used by the script referenced above. It's not gospel, just an example. (The line numbers refer to the file DSCP-ipv4.sh in the GitHub above)

View attachment 34267

PPS: This disregards the soft limits that Cake applies to tins (e.g. 25% of traffic), which might only be a second order concern anyway. https://www.snbforums.com/threads/cake-diffserv3-dscp-how-badly-are-liars-outliers-punished.71482/
Nice analysis! With the default cake set for diffserv3 (on upload anyway) I think that anyone who goes to the trouble to define a "gaming" rule would be disappointed that it ends up in the same tin as normal traffic! Is there some way to map CS4 to tin 2?

Or perhaps the better answer is to advise folks who use this classification to use diffserv4 instead? (This was also suggested in the outlier thread referenced). Or perhaps automatically switch to diffserv4 by default when rules are defined.
 
Or perhaps the better answer is to advise folks who use this classification to use diffserv4 instead? (This was also suggested in the outlier thread referenced). Or perhaps automatically switch to diffserv4 by default when rules are defined.

I kinda like this idea - or perhaps simpler/easier might be a tool tip/warning for Category/Classification to Priority Queuing, if it doesn't "break" anything?

I want to avoid the trap of having to worry which DSCP classes should be valid dropdown options based on the active diffserv option. So setting the DSCP class via iptables may or may not result in re-tinning. Very little happens with diffserv3, as you’ve noticed. diffserv4 is slightly better, but not many people are streaming in the upload direction, so it’s of limited use for Streaming.

Yep - @dave14305 see above...wonder how difficult it would be to check queue and selected categories/classification and show a warning on the status menu option and the page.....

I also do upload streaming and definitely can test that use case further..
 
  • Like
Reactions: pdc
Nice analysis! With the default cake set for diffserv3 (on upload anyway) I think that anyone who goes to the trouble to define a "gaming" rule would be disappointed that it ends up in the same tin as normal traffic! Is there some way to map CS4 to tin 2?
Thank you for the nice comment.
I would approach it differently: not trying to change how Cake handles CS4. I would tag that traffic with a different DSCP.
If you use diffserv3 and want some traffic (e.g. gaming) to be in the top tin, with the current Beta, just assign it to the "Voice" category. CakeQOS-Merlin will tag it with the "EF" DSCP, and Cake will assign it to the top tin. It might not be intuitive, hence my suggestions in previous posts (to merge/rename categories).
Note that DSCP has some rules/guidelines. But there is no DSCP law enforcement. I once monitored my traffic and noticed that various NTP servers for instance will use all sort of DSCP tags. Whatsapp on Android uses CS6 which is a rogue use of a category intended for "Network control" etc. This is why DSCP tags are routinely "washed", and not blindly trusted when they come from a distant packet/provider.
 
Last edited:
If you use diffserv3 and want some traffic (e.g. gaming) to be in the top tin, with the current Beta, just assign it to the "Voice" category. CakeQOS-Merlin will tag it with the "EF" DSCP, and Cake will assign it to the top tin. It might not be intuitive, hence my suggestions in previous posts (to merge/rename categories).
Correct and same experience here thus the suggestion.
Note that DSCP has some rules/guidelines. But there is no DSCP law enforcement. I once monitored my traffic and noticed that various NTP servers for instance will use all sort of DSCP tags. Whatsapp on Android uses CS6 wish is a rogue use of a category intended for "Network control" etc. This is why DSCP tags are routinely "washed", and not blindly trusted when they come from a distant packet/provider.
100%
 
Hello all. I've been using Cake for awhile now and overall it's been working very well. However I have noticed that sometimes my work connection seems to be slower than I would expect. I connect into the office on my work laptop using Cisco AnyConnect VPN and all traffic goes through the VPN (teams, voip, everything) and they will not allow a split tunnel. I don't know the default tin for VPN connections (is it besteffort?), but is there anything I can and/or should do to optimize my VPN connection?
 
Hello all. I've been using Cake for awhile now and overall it's been working very well. However I have noticed that sometimes my work connection seems to be slower than I would expect. I connect into the office on my work laptop using Cisco AnyConnect VPN and all traffic goes through the VPN (teams, voip, everything) and they will not allow a split tunnel. I don't know the default tin for VPN connections (is it besteffort?), but is there anything I can and/or should do to optimize my VPN connection?
The first thing I'd try is besteffort in both directions. You have no controlee of what goes in what TIN and this will avoid other traffic having priority over the VPN. You must also consider what traffic is in the VPN as a download could cause the entire VPN to be slowed for other traffic such as net controls. VPN might not be a good fit for cake unless it has it's own cake interface and that's not implemented.

Good luck,
Morris
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top