What's new

[Release] FreshJR Adaptive QOS (Improvements / Custom Rules / and Inner workings)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Good point!

I went ahead and created an "Adaptive QoS Optimization" wiki that recommends using AMTM to install FreshJRQoS and includes everything we discovered here about the the iptables DHCP problem with Adaptive QoS.

Feedback welcomed.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Adaptive-QoS-Optimization
Well done for all the work you've done finding the problem. I see that you posted in the Whirlpool Forums thread too - it might be worth explicitly tagging Jack @ Asus as this could be something they want to get fixed asap.

I think I saw this issue recently when trying to use Dual Wan with dynamic IP on the upstream routers. I was getting DHCP failures when it was trying to swap between connections but strangely I also saw issues when I changed to static IPs on the connections (maybe internally they are still using DHCP to swap between the links) so I plan to do more digging when I can get time to disrupt our household internet connectivity.
 
Last edited:
Well done for all the work you've done finding the problem. I see that you posted in the Whirlpool Forums thread too - it might be worth explicitly tagging Jack @ Asus as this could be something they want to get fixed asap.

I think I saw this issue recently when trying to use Dual Wan with dynamic IP on the upstream routers. I was getting DHCP failures when it was trying to swap between connections but strangely I also saw issues when I changed to static IPs on the connections (maybe internally they are still using DHCP to swap between the links) so I plan to do more digging when I can get time to disrupt our household internet connectivity.

Tell me about it. That's why I was doing my debugging at 5am :)

One of the regulars here put me on to Jack and the continuous DHCP fix currently being tested, which is how I discovered that thread. I PM'd Jack directly with the details just to make sure he didn't miss it, and posted on the thread just to help out anyone who might be experiencing the same problem. I can only imaging how much more complicated it could be if you throw another WAN connection into the mix!
 
DSCP based categorization?

Wondering if anyone's considered assigning traffic to specific categories based on DSCP? Now that my Adaptive QoS is working, I'm still seeing a lot of my Zoom and Webex traffic going into "Other" and "Web Surfing" presumably because it's HTTPS and Trend Micro isn't recognizing it.

I know how hard it is to identify web traffic based on DPI, especially in a world going more and more HTTPS so you can't understand the contents of the packet. In a past job I was on a team trying to identify apps based on their network traffic, and at best we had a ~70% success rate. So I don't expect perfection from any DPI solution.

I did some research and see Zoom uses DSCP 40 and 56 for audio and video (QoS DSCP Marking) and WebEx uses 34 and 46 respectively (WebEx DSCP).

I haven't checked my network to see how much non-VOIP traffic might be using those tags and be false positives, or even what percent of my overall traffic is DSCP tagged at all (I'm guessing less than half). So I'm going to fire up Wireshark and do some analysis when I have a chance.

I'm not looking to build a whole DSCP-based routing system, but I'm thinking something like this might work based on my limited understanding of iptables and the FreshJRQoS script:

EDIT: fixed typo in command
# put DSCP 56 download traffic into VOIP
iptables -A POSTROUTING -t mangle -o br0 -m dscp --dscp 56 -j MARK --set-mark 0x80060001

Has anyone else experimented with this with any success?
 
Last edited:
m not looking to build a whole DSCP-based routing system, but I'm thinking something like this might work based on my limited understanding of iptables and the FreshJRQoS script:

# put DSCP 56 download traffic into VOIP
iptables -A POSTROUTING -t mangle -o br0 -m dcsp --dscp 56 -j MARK --set-mark 0x80060001

Has anyone else experimented with this with any success?
I thought it was a no-go until I realized you misspelled dscp in the rule. An interesting idea. Test it out and let us know if it's more reliable than the current methods. FreshJR UI won't show the connections in the right colored category since it has no way to determine the dscp marking from the UI functions. But if it works, you should see it in the correct bucket in the pie charts.
 
@solstyce How about going "old school" and creating a custom rule in FreshJR's UI which uses the unique port numbers of Zoom/WebEx calls to prioritize their traffic?

I WFH and I have noticed that Adaptive QoS/Trend Micro/FreshJR is able to categorize:

- my office VPN (Cisco AnyConnect IPSec VPN)
- Microsoft Teams
- Microsoft Skype for Business

Neither of the 3 apps above are in Web Surfing. They are all put into VoIP I believe.
 
This is fascinating, I asked before if QoS supported dscp, all I got told was I could implement it myself.

But that would be a nice addition to QoS dscp support.
 
I thought it was a no-go until I realized you misspelled dscp in the rule. An interesting idea. Test it out and let us know if it's more reliable than the current methods. FreshJR UI won't show the connections in the right colored category since it has no way to determine the dscp marking from the UI functions. But if it works, you should see it in the correct bucket in the pie charts.

I ran the rules manually and do see increased traffic in that category. Haven't been able to give it a good 'real world' workout but I hope this is what I've been looking for and works. (Heavy Zoom user on a thin pipe)
 
Hi im a new user so i have a 10/0.5 mb internet via adsl2 what config do you recomend me?
Install FreshJR, set your limits (down and up), then prioritize your list using custom or use a default one.
 
DSCP based categorization?

Wondering if anyone's considered assigning traffic to specific categories based on DSCP? Now that my Adaptive QoS is working, I'm still seeing a lot of my Zoom and Webex traffic going into "Other" and "Web Surfing" presumably because it's HTTPS and Trend Micro isn't recognizing it.

I know how hard it is to identify web traffic based on DPI, especially in a world going more and more HTTPS so you can't understand the contents of the packet. In a past job I was on a team trying to identify apps based on their network traffic, and at best we had a ~70% success rate. So I don't expect perfection from any DPI solution.

I did some research and see Zoom uses DSCP 40 and 56 for audio and video (QoS DSCP Marking) and WebEx uses 34 and 46 respectively (WebEx DSCP).

I haven't checked my network to see how much non-VOIP traffic might be using those tags and be false positives, or even what percent of my overall traffic is DSCP tagged at all (I'm guessing less than half). So I'm going to fire up Wireshark and do some analysis when I have a chance.

I'm not looking to build a whole DSCP-based routing system, but I'm thinking something like this might work based on my limited understanding of iptables and the FreshJRQoS script:

# put DSCP 56 download traffic into VOIP
iptables -A POSTROUTING -t mangle -o br0 -m dcsp --dscp 56 -j MARK --set-mark 0x80060001

Has anyone else experimented with this with any success?
I thought it was a no-go until I realized you misspelled dscp in the rule. An interesting idea. Test it out and let us know if it's more reliable than the current methods. FreshJR UI won't show the connections in the right colored category since it has no way to determine the dscp marking from the UI functions. But if it works, you should see it in the correct bucket in the pie charts.
Would this rule have to go under both download and upload as well? I will try it out and thanks alot for this
 
I knew I'd seen FreshJR talk about DSCP earlier in the thread but couldn't find it - was searching for DSCP and iptables. When I just searched for DSCP I found this post with an DSCP matching example using tc.

Plugging in the hex values for the DSCP values for Zoom and WebEx, I get

# solstyce Zoom to VOIP DSCP 40 (video) and 56 (audio) -- down
${tc} filter add dev br0 protocol all prio 1 u32 match u8 0x28 0xFC at 8 flowid ${VOIP}
${tc} filter add dev br0 protocol all prio 1 u32 match u8 0x38 0xFC at 8 flowid ${VOIP}
# solstyce Webex to VOIP DSCP 34 (video) and 46 (audio) -- down
${tc} filter add dev br0 protocol all prio 1 u32 match u8 0x22 0xFC at 8 flowid ${VOIP}
${tc} filter add dev br0 protocol all prio 1 u32 match u8 0x2e 0xFC at 8 flowid ${VOIP}

# solstyce Zoom to VOIP DSCP 40 (video) and 56 (audio) -- up
${tc} filter add dev eth0 protocol all prio 1 u32 match u8 0x28 0xFC at 8 flowid ${VOIP}
${tc} filter add dev eth0 protocol all prio 1 u32 match u8 0x38 0xFC at 8 flowid ${VOIP}
# solstyce Webex to VOIP DSCP 34 (video) and 46 (audio) -- up
${tc} filter add dev eth0 protocol all prio 1 u32 match u8 0x22 0xFC at 8 flowid ${VOIP}
${tc} filter add dev eth0 protocol all prio 1 u32 match u8 0x2e 0xFC at 8 flowid ${VOIP}

But when I add them to the bottom of the other TC down and TC up functions in the script, it's allocating the majority of the downward traffic into VOIP even without Zoom or WebEx running. Then when I fire up Zoom, I don't see any additional VOIP traffic in my upload stats. This is looking at the pie charts since these rules don't appear in the web UI, and I'm assuming they won't appear in the per-system connection view at the bottom of the QoS-Classification page.

I did some research on tc and tc-u32 man pages and roughly understand what these commands are doing but it appears I'm catching unexpected traffic with these rules. I did a few wireshark captures to check for DSCP values and didn't see much. What was tagged was mainly "CS0" and "27". Apparently wireshark shows the decimal value for the full 8 bits, so you have to convert to binary, then convert the first 6 bits back to decimal to see the actual decimal DSCP value.

Wondering if I borked the math somewhere, or if I'm missing something obvious with tc.

So close I can almost taste it!
 
I thought it was a no-go until I realized you misspelled dscp in the rule. An interesting idea

Doh! Been trying to do too much in to little time lately. Thanks for catching that!

In the meantime I found the legacy FreshJR recommendations using tc instead of iptables.

I'll have to break it down and compare tc and iptables approaches for zoom and WebEx and see which seems to be working better.

ATT is coming out tomorrow to almost double my bandwidth, so given how well the stock FreshJR script is working, it may take a while to dig deeper into this.
 
@solstyce How about going "old school" and creating a custom rule in FreshJR's UI which uses the unique port numbers of Zoom/WebEx calls to prioritize their traffic?

I looked at that briefly, but as far as I could tell with my limited networking analysis skills and some Google searches is they mainly use 80/443 a handful of protocol specific ports and the ephemeral ports, and didn't want to try to capture all the different ports in the limited rule space available.

Really hoping I can figure out an iptables or tc rule that captures the WebEx and Zoom traffic without too many false positives.

While we have an RFC for DSCP values, it's a shame we don't have standardization on values for specific types of services, e.g. 56 for all video conferencing audio whether Skype, WebEx, Zoom, etc.

Given the trend toward gigabit speeds, I suspect the eventual steady state will be everyone using DSCP to divvy up their traffic into its 64 prioritized buckets.
 
Will be moving from DOCSIS 3.0 500/36Mbps over to FTTP 900/100Mbps would it be time to drop QoS
 
Will be moving from DOCSIS 3.0 500/36Mbps over to FTTP 900/100Mbps would it be time to drop QoS

Depends on what you want. I don't know the throughput of the AX88U but most people on gigabit see significant drops in speed when using QoS, e.g. 500-700Mbps. In the past FreshJR has recommended bandwidth allocation per device and Microtik equipment for simple QoS implementations.

I'd try it and see if it works for you.
 
Something I noticed in testing.. some app have been re-categorized by trendmicro and may not need rules in the script now as well... something worth looking at while you guys messin around :)
 
Something I noticed in testing.. some app have been re-categorized by trendmicro and may not need rules in the script now as well... something worth looking at while you guys messin around :)

Thanks! Please post examples of what you've noticed lately ... and what version of the signature file you're currently on
 
Hey guys.
On a ac56r running 384.6, is it normal to not see the tracked connections at all?
D1F6E6E7-0DE7-4B98-9535-98FF9FC1C0B5.png
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top