1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Release] FreshJR Adaptive QOS (Improvements / Custom Rules / and Inner workings)

Discussion in 'Asuswrt-Merlin' started by FreshJR, Jan 12, 2017.

  1. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    Since you have a typical eth0 connection, the compatible/fast versions work as expected.

    The alternate wan script is for non-eth0 connections.

    I am confused what command you are referring too.
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Kingp1n

    Kingp1n Regular Contributor

    Joined:
    Feb 27, 2018
    Messages:
    56
    Oops i meant this command?
    nvram get wan0_ifname
     
  4. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    That was debugging users did when they noticed iptable rules were created on the wrong interface. Do not worry about that command
     
  5. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,575
    http://whatsyourrouter.com/mybb/showthread.php?tid=304
     
  6. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    Pushed an update to the ALTERNATE_WAN_INTERFACE version of the script.

    The update was to fix the bug reports regarding improper interface detection.

    The alternate version can be found here.

    https://www.snbforums.com/threads/r...-and-inner-workings.36836/page-76#post-409166

    --

    v5 release uses a different firewall-start entry.

    As a result, you will have to fully uninstall any previous version of the script, and fresh install this one.


    Eg.

    Code:
    /jffs/scripts/FreshJR_QOS -uninstall
    --upload new script--
    /jffs/scripts/FreshJR_QOS -install
    
    Once again, this is only intended for users with non-eth0 interfaces!
     
    Last edited: Jun 15, 2018
    Vexira and Pit_g like this.
  7. Atomic7431

    Atomic7431 Occasional Visitor

    Joined:
    Apr 25, 2018
    Messages:
    15
    Thanks for this i have it installed now, will report any oddities in the logs.
     
  8. el pescador

    el pescador Regular Contributor

    Joined:
    Jan 15, 2016
    Messages:
    190
  9. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    That article is a little dated and shouldn’t apply.

    TCP transfers initially have slow start and the server keeps ramping up speeds until it detects packet loss.

    Once it hits packet loss, speed would ramp down as a function of packet loss until equilibrium is reached.

    Article stated that concurrent tcp connections would have high possibility ramp up/down in sync.

    With that said, the findings in the article is are longer valid.

    Now a days we also have ECN information instead of only limiting speeds as a function of packet less. CoDel on QOS takes this a step further and does intelligent queuing based both ECN and packet age. This changes the dynamic entirely.


    ---

    If you are concerned with UDP traffic you should first understand that it cannot really be rate limited / QOS’d. Only TCP can be flow controlled.

    In my head sticking all UDP traffic into NetControl makes perfect sense. This would cause QOS traffic rate limiting techniques to only apply to TCP traffic.

    Ultimatey, I decided not to mess with what isn’t broken.

    I decided that for us UDP traffic priority isn’t a problem. Most UDP should primarily be VoIP & Gaming. This UDP traffic should never be getting dropped by our QOS setup since these categories have high priority assigned in relation to bulk traffic.

    As such the effects of sticking UDP into NetControl would not make a difference for most users. Instead they would lose details when viewing traffic usuage by data type via QOS statistics.

    Feel free to correct me if I am wrong in my line of thinking between QOS rate limiting and UDP traffic. I believe I am correct from what I have read so far.

    As always, feel free to experiment and post your findings. This thread is about inner workings and improvements of QOS. Suggestions don’t have to come from me.
     
    Last edited: Jun 14, 2018
  10. el pescador

    el pescador Regular Contributor

    Joined:
    Jan 15, 2016
    Messages:
    190
    Thanks.my main concern is udp packet loss.
    I know ea dont show it properly...bf1 netgraph for example...only shows if its over a second.

    Was suspicious when i realised udp loss is always over zero lol

    I presume that paper really only applies if i have a heavily congested network so with router capacity and bandwidth i guess that why you say its not relevant.
    From our side at least.

    What about congested networks en route?

    Also how can i tell a udp packet size being used by say FIFA without wireshark?

    Want to go armed with info before i start questioning or shaming them lol.
     
  11. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    It is not likely packet loss is occuring because the network is congested en route. (Who knows)

    It's most likely your ISP throwing out packets because you are exceeding your allotted speeds.
    This would mean QOS is not properly limiting speeds prebottleneck.

    If it's not your ISP, then it means QOS is throwing out gaming packets to stay within your alloted speeds instead of bulk traffic.
    This is weird since it should target bulk traffic first.

    Are we talking about PC or Console?

    The following code will push to system log the details about:
    { 1 random incoming download, udp packet, destined towards device 192.168.2.100, each second }
    Code:
    iptables -I POSTROUTING -o br0 -t mangle -p udp -d 192.168.2.100/32 -m limit --limit 1/s -j LOG
    
    To disable the logging run

    Code:
    iptables -D POSTROUTING -o br0 -t mangle -p udp -d 192.168.2.100/32 -m limit --limit 1/s -j LOG
    
    ---

    When viewing the log, just focus on the mark.

    Mark 0x8008 ???? will send that traffic into "Gaming"
    Mark 0x8000 0000 will also send that traffic into "Gaming" if the custom gaming rule enabled for that device
     
    Last edited: Jun 15, 2018
  12. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    QOS + VPN Client fix via custom rules.

    Tunneled VPN traffic when the router is acting as a VPN client does not appear on the upload/download portions of QOS correctly.

    You have to understand the difference between a router acting as a VPN Server or acting as a VPN Client before using this rule.

    The router has the ability to act as a VPN Client on behalf of specific LAN devices.

    This means that:

    1) Local devices connect to the router as normal
    2) A portion of these devices (depending on configuration) will have their entire communications forwarded to a private VPN Server **typically paid**
    3) The VPN server will fetch/receive data from the destination/website that the local device wanted to communicate with
    4) The VPN server will return the data, in encrypted form, to the local device.

    This configuration is typically used when you dont want your ISP to snoop on the contents/destination of your traffic.
    The router also has the ability to act as a VPN Server

    This is the reverse of the above situation:

    1) You are on a work/public WiFi network and you dont want your work/public network admin to spy on you.
    2) Instead of paying for a private VPN Server, you can have your router host one for you, and tunnel your traffic via your local ISP
    3) Your traffic will remain private from whatever network you are connected too.
    4) As an added bonus, when connecting to your own hosted VPN, you can access your LAN devices just as if you never left your network.

    This configuration is typically used when you want to access LAN devices or maintain privacy on a network away from your own.​

    Custom Rules for when Router is acting as a VPN Client
    These custom rules fix tunneled traffic from being zero-rated (whitelisted) or have traffic in the wrong section (reversed) when using QOS.

    Code:
    Download:
    iptables -D POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0x80000000/0xC0000000  &> /dev/null
    iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0x80000000/0xC0000000
    
    "Incoming/download" traffic is being whitelisted/reversed on the download interface since Asus is marking "download" traffic with an "upload" mark.
    The rule above switches the "upload" mark back into a "download" mark.
    Since the original mark is preserved, download traffic will remain correctly identified by traffic type.

    192.168.2.100/32 should be changed to match the iprange of your tunneled devices

    Code:
    Upload:
    iptables -D OUTPUT -t mangle -o $wan ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark_up} &> /dev/null
    iptables -A OUTPUT -t mangle -o $wan ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark_up}
    
    The upload mark assigned to upload traffic is completely lost after entering the VPN tunnel.
    As a result, we have to lump ALL upload vpn traffic into a fixed user defined category.

    192.168.2.1 should be changed to the IP of your router

    -p udp --dport 25000 should be changed to the protocol and port of your VPN host/provider.

    Enjoy!

    Custom Rules for when Router is acting as a VPN Server
    No solution here :confused:

    This might not be possible to fix because download traffic in this configuration is never forwarded to the br0 interface.
    Traffic has to transverse the br0 interface to have its download limited via QOS.

    You can read this post of mine for a detailed explanation.
    https://www.snbforums.com/threads/just-a-quick-question-about-qos.47220/

    If someone has ideas how to fix this via routing changes, please go right ahead!
    That area is beyond my skill level.
     
    Last edited: Aug 13, 2018 at 1:10 AM
    HowIFix, INeedYou, skeal and 3 others like this.
  13. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,575
    I get this when running the second iptables command at ssh prompt:
    Code:
    iptables v1.4.15: unknown option "--set-mark"
    
     
  14. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    You cant run the second iptables command directly via SSH since the variable ${Downloads_mark} is only defined when executed from the FreshJR_QOS script itself.

    For testing feel free to use this command temporarily.

    Code:
    iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
    
    After testing, both rules should go within the upload/download portions of the script itself.
     
    Last edited: Jun 15, 2018
  15. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,575
    The above command you mentioned to test and the other lines; can i change {Downloads_mark} to {Streaming_mark} ? For instance:
    Code:
    iptables -A POSTROUTING -t mangle -o br0 -d 192.168.14.67/32 -j MARK --set-xmark 0xC0000000/0x80000000
     
  16. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    Come again

    This command

    Code:
    iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
    
    is equivalent to

    Code:
    iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
    

    I just manually expanded ${Downloads_mark} --> 0x40030001 so you would be able run in directly from SSH as you requested.

    Yes you can change ${Downloads_mark} into whatever you perfer for your personal use.

    All UPLOAD tunneled traffic will be counted against whatever category you define. This is your choice.
     
    Last edited: Jun 15, 2018
  17. waeking

    waeking Occasional Visitor

    Joined:
    May 15, 2018
    Messages:
    13
    Asus Router 68U with version 384.5 firmware
    Code:
    Download:
    
    iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0xC0000000/0x80000000
    
    I am getting this error :
    iptables v1.4.15: unknown option "--set-xmark"

    Code:
    Upload:
    
    iptables -A POSTROUTING -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
    
    I am getting this error :
    iptables v1.4.15: unknown option "--set-mark"

    Do I need to install entware's iptables?
     
  18. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    RMerlin v384.5??

    Those commands should work out of the box. I am stumped!

    I personally cannot upgrade past 384.4. There is no reason those commands stopped working on the v384.5 update o_O

    As for --set-mark, that has to be ran from the script itself unless you manually expand the ${Downloads_mark} variable. See @skeal's question for the same exact issue.
     
  19. waeking

    waeking Occasional Visitor

    Joined:
    May 15, 2018
    Messages:
    13
    Sorry I deleted this post and never hit the post reply button, so I thought..... It should not have been posted.
    I mistyped and didnt include the "-j MARK"

    However This solution works awsome. The graphs in the RMerlin don't represent what is actually going on. but the actual qos is working splendidly!
     
  20. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    799
    RMerlin's charts are always a true representation of the QOS system.
    Are both oth the upload & download charts are not showing activity?

    If so, then I would say the rules are not working at all in your case.

    Did you set up the variables matching your configuration.
     
    Last edited: Jun 15, 2018
  21. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,575
    Can I change this:
    Code:
    iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
    To:
    Code:
    iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Streaming_mark}
    or is this:
    Code:
    0x40030001
    not right for streaming.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!