Quality of Service
From DD-WRT Wiki
Quality of Service (QoS) is a method to guarantee a bandwidth relationship between individual applications or protocols. This is very handy when you max out your connection so that you can allow for each application to have some bandwidth and so that no single application can take down the internet connection. This allows, for example, a full speed download via FTP without causing jittering on a VOIP chat. The FTP will slow down slightly as bandwidth is needed for the VOIP, provided VOIP was given greater priority.
 Initial Setup
- Log into the Web Interface
- Select the NAT/QoS tab and then the QoS sub-tab.
- Click "Enable"
- Set Port to "WAN". The term WAN here refers to the WAN connection on your router while the term "LAN & WLAN" refers to the combination of your local ports and Wifi connections. Selecting "WAN" will apply QoS only to traffic moving into or out of your network, while selecting "LAN & WLAN" will apply QoS to ALL traffic passing through the router on your network. Selecting "LAN & WLAN" will limit WLAN<->WLAN and LAN<->WLAN transfer speeds to the lowest of the uplink/downlink speeds that you set while also limiting the LAN & WLAN<->WAN rates, and thus will not be the preferred solution for most people.
- Select HFSC as your packet scheduler.
- Select FQ_CODEL as your queueing discipline.
- Set your upload and download speeds. You can use a speed test like Speedtest.net to check your actual connection speed. Some ISPs also provide their own bandwidth testing service, which may be more reliable than the links provided. Enter no higher than 90% of the values you measured into the proper fields. After you have everything set run the speed test again. If you get near 90% of your previous measurement in each direction then things are cool. If you get results which are way off then chances are that you have reversed these values. You must enter a value for the uplink field but if you want you can enter 0 for the downlink field in which case no QoS will occur in that direction though setting your downlink field to 0 isn't recommended.
It probably bugs you to set less than 100% of your available bandwidth in these fields but this is required. There will be a bottleneck somewhere in the system and QoS can only work if the bottleneck is in your router where it has control. The goal is to force the bottleneck to be in your router as opposed to some random location out on the wire over which you have no control. Some ISP's even have bursting ("powerboost") which will temporarily give you extra bandwidth when you first start using your connection but will later throttle down to a sustained rate. Fortunately there is usually a minimum level that you receive on a consistent basis and you must set your QoS limits below this minimum. The problem is finding this minimum and you may have to repeat speed tests many times before determining it. For this reason start with 80% of your measured speed and try things for a couple of days. If the performance is acceptable you can start to inch your levels up. If you go even 3% higher than you should be, your QoS will totally stop working (just too high) or randomly stop working (high when your ISP is slow). This can lead to a lot of confusion on your part so get it working first by conservatively setting these speeds and then optimize later.
 Prioritizing by Application (Skype, Http) or Port Range (P2P)
- Choose an available Service or Port Range from the list or create one, and then press "Add" next to it.
- For P2P Applications, due to evolving protocols, encryption and obfuscation, it can be much better to define a Port Range [such as TCP/UDP, 60000-61000]. Set your P2P applications to operate within this range. This can significantly reduce the load on the router, avoid mis-identifying packets, and more efficiently shape your network traffic.
- Add all your other selected Services and Port Ranges here
- Choosing a Layer7 service based entry can work better than choosing a port range; though the router works harder as it has to dig into the packets beyond the header, to look at the data they contain.
If you wish to add more than one priority then use the "Add" button to create more entries.
 Prioritizing by IP Address (Netmask Priority)
These are entered in CIDR notation including the network prefix.
For example, to specify a single IP address enter xxx.xxx.xxx.xxx/32. Be careful to enter netmask as /32 because leaving it /0 means ALL IPs!.
The netmask is the number of bits of the IP address to match. For example, the entry 192.168.1.0/24 matches 192.168.1.x addresses. An entry of 192.168.0.0/16 matches 192.168.x.x addresses. If you're unsure of how to create CIDR subnet masks and what they mean, then use a subnet calculator.
After you have filled it out, press "add" next to it. If you want to add multiple entries (make sure to have order correct!) click "save" before entering in another so any previous changes don't get deleted, only click "apply" when you want to start testing your current changes displayed.
 Prioritizing by MAC Address
In the case you want to prioritize traffic from a particular device without a static IP address on your LAN, you can prioritize by MAC Address. Enter the MAC Address of the device and press "Add" next to it.
 Priorities explained
- Exempt - Exempt no longer ignores global limits, instead it is now treated as "absolute max priority" higher than that of premium & is now the top bandwidth class guaranteeing 60% at minimum.
- Premium - By default handshaking and icmp packets fall into this class. This class should be used sparingly. Occasionally VoIP and gaming services may be placed in this class so that they high priority.
- Express - The Express class is for interactive applications (IRC, SSH, telnet, etc.) that require bandwidth above standard services so that interactive apps run smoothly.
- Standard - All traffic that is not specifically classed will fall under the standard class. You should not need to explicitly set anything to this class.
- Bulk - The bulk class is only allocated bandwidth when the remaining classes are idle. Use this class for P2P services and downloading services like FTP.
 Detailed breakdown of traffic
Bandwidth is allocated based on the following "minimum - maximum" percentages of uplink and downlink values for each class as of r21061 ~ current:
- Exempt: 60% - 100%
- Premium: 25% - 100%
- Express: 10% - 100%
- Standard: 5% - 100%
- Bulk: 1% - 100%
What this really means is that if you have 10,000kbit of uplink traffic, "Standard" class traffic can be reduced and de-prioritized to 5% or 500kbit when a concurrent express or higher priority service requires the down/uplink pipe at the same time.
You can run the tc commands below to check breakdown of traffic applied to each interface. Uplink limits are applied to the WAN interface while LAN & WLAN are on the bridge interface (
br0 ) depending on which port you selected, while downlink limits are applied to the imq0 interface.
Edit: Actually the interface responsible for shaping internal traffic is imq1 instead or br0.
tc class show dev `get_wanface`
tc class show dev br0tc class show dev imq1 tc class show dev imq0
 TCP Packet Priority
This is a new feature that only very recent builds (as of this writing) will have! Recent as in r20801 which was a private build, & higher. Public builds before r21061 WILL NOT HAVE THIS GUI OPTION.
Prioritize small TCP-packets with the following flags: ACK/SYN/FIN/RST
For detailed info on what these packets do see: http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
It is highly recommended to have at least, SYN, FIN & RST checked. ACK can go both ways as P2P intensive applications such as uTorrent etc involve a lot of ACKs, so theoretically prioritizing ACKs means you "prioritized P2P" though that is not entirely accurate. Read up & do your own testing to find out whats best for your network. If you do not do large amounts of P2P activity on your network or none at all, then hands down enable ACK prioritization.
 How Do You Check What QoS Priorities Were Applied
The DDWRT web UI doesn't display any live traffic. Short of doing a practical test, you can get your hands dirty by checking the conntrack entries via telnet or ssh access in the router. When you're logged in run:
It will list out all currently open connection and protocol that is currently being routed by the router. This is what it would look like:
tcp 6 113 ESTABLISHED src=192.168.1.5 dst=18.104.22.168 sport=48959 dport=21 src=22.214.171.124 dst=126.96.36.199 sport=21 dport=48959 [ASSURED] use=1 rate=73 l7proto=ftp mark=40 udp 17 29 src=192.168.1.5 dst=188.8.131.52 sport=56105 dport=53 src=184.108.40.206 dst=220.127.116.11 sport=53 dport=56105 use=1 rate=157 l7proto=dns mark=10
What you'll be interested to look at will be the first set of source and destination IP, including the port numbers. Next the presence of l7proto and the "mark" field. The entries indicate the current live connection QoS priority applied on them based on the "mark" field. The "mark" values corresponds to the following:
- Exempt: 100
- Premium: 10
- Express: 20
- Standard: 30
- Bulk: 40
- (no QoS matched): 0
You may see "mark=0" for some l7proto service even though they are in configured in the list of QoS rules. This may mean that the layer 7 pattern matching system didn't match a new or changed header for that protocol. Custom service on port matches will usually take care of these.
Alternatively, you can also check applied QoS with this command:
iptables -t mangle -vnL
With the above iptables mangle command you can see the inbound/outbound chains, entered IPs/MACs/services & whats being matched where.
 Time Based QoS
As described in this thread you can use CRON jobs to enable/disable QoS. This is just a simplistic approach but more complex things could be done if you put your mind to it. These commands will enable HTB QoS on the WAN port from 5PM to 1AM but you will still need to configure everything else in the GUI. If you want to use LAN&WLAN then change "`get_wanface`" to "br0". To change the times, see the CRON page for information.
1 17 * * * root /usr/sbin/svqos `nvram get wshaper_downlink` `nvram get wshaper_uplink` `get_wanface` `nvram get wan_mtu` 0 */6 1-17 * * * root /usr/sbin/svqos stop 0 `get_wanface` 0 0
If you use HFSC then you would do something like this instead.
1 17 * * * root /usr/sbin/svqos2 `nvram get wshaper_uplink` `nvram get wshaper_downlink` `get_wanface` `nvram get wan_mtu` 0 */6 1-17 * * * root /usr/sbin/svqos2 stop 0 `get_wanface` 0 0
As described in this thread you can also set different rates at different times by doing something like this which changes the HTB rates.
1 23 * * * root /usr/sbin/svqos [downlink rate] [uplink rate] `get_wanface` `nvram get wan_mtu` 0; nvram set wshaper_downlink=[downlink rate]; nvram set wshaper_uplink=[uplink rate]; 1 10 * * * root /usr/sbin/svqos [downlink rate] [uplink rate] `get_wanface` `nvram get wan_mtu` 0; nvram set wshaper_downlink=[downlink rate]; nvram set wshaper_uplink=[uplink rate];
Edit: This will course troubles on current firmware releases greater then r21061. Use the predefined service handler to stop/start qos instead. Even if needed, user imq1 instead of br0 for internal traffic shaping.
stopservice wshaper startservice wshaper
If you need to alter up-/downrates edit the nvram variables before restarting the service
nvram set wshaper_downlink=20000 nvram set wshaper_uplink=800 startservice wshaper
 SSID / Interface QoS / Traffic shaping
If you have a multi SSID configuration, it's possible to apply a specific Qos for one SSID. The following is an example of traffic shaping on 2nd SSID for Buffalo WBMR-HP-G300H.
# define your device export DEVICE=ath0.1 tc qdisc del dev $DEVICE root tc qdisc add dev $DEVICE root handle 1:0 htb default 10 tc class add dev $DEVICE parent 1:0 classid 1:10 htb rate 512kbps ceil 768kbps prio 0 tc filter add dev $DEVICE parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 # define the traffic you want shape iptables -A POSTROUTING -t mangle -o $DEVICE -p tcp -m multiport --dports 25,587,110,995,143,993,80,443 -j MARK --set-mark 10
1st ) This is not necessary on builds > r21061. The QOS doesn't care about bridges/interfaces but the wan-port; shaping will work for the whole system no matter where data come from. Just prioritize the whole network segment via netmask-priority.
2nd) This solution won't work under all circumstances. This depends on the fact that prioritization (where to place the packet in the send-buffer) only works while enqueuing a packet to the buffer. So you really have only control about outgoing packets but not incoming packets.
With all these ways of marking traffic its easy to get confused about how seemingly contradictory requirements are resolved. For example, what happens if you have an IP rule setting IP 192.168.1.2 to priority "exempt" and have a MAC rule setting MAC AA:BB:CC:DD:EE:FF to priority "bulk"?
The order the precendence is as follows:
- MAC - If you have specified a MAC address priority then it takes precedence over all others
- Netmask - The IP address entries are applied in the order that they appear in your netmask table. Interestingly only the first match applies. For example if you have an entry marking 192.168.1.10/32 as bulk followed by an entry marking 192.168.1.0/24 (all 192.168.1 addresses) as premium the traffic from 192.168.1.10 would be marked bulk because it was the first match. Also if a match is found in this table it does not matter what you put in the services table.
- Services - The services entries are applied in the order that they appear in your services tables. Again, only the first match will apply.
- Ethernet Ports
NOTE: Ethernet Port Priority only works on old 802.11g only models with ADMtek switch chips. If you don't have ethernet port priority listed, your router does not support it.
NOTE: Services CAN be used at the same time as netmask or MAC, such as limiting 192.168.1.2 to 6Mbps down & 512Kbps up while having http set to express, that device will have http packets prioritized within it's allocated bandwidth limit. This only applies to recent MODERN BUILDS as of this edit such as r20675 as a minimum, & beyond.