New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

[ Edited ]

if this result can help you 

 

$ sudo tc -s qdisc show dev ifb0
qdisc htb 7000: root refcnt 2 r2q 10 default 0 direct_packets_stat 27 direct_qlen 32
 Sent 67086683 bytes 76228 pkt (dropped 0, overlimits 3248 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 7001: parent 7000:d2 limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn
 Sent 39557 bytes 302 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 344 drop_overlimit 0 new_flow_count 191 ecn_mark 0
  new_flows_len 1 old_flows_len 31
qdisc fq_codel 7002: parent 7000:e6 limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 7003: parent 7000:f0 limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 7004: parent 7000:fa limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 256 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 7005: parent 7000:12b limit 10240p flows 1024 quantum 1514 target 5.0ms interval 100.0ms ecn
 Sent 67006464 bytes 75899 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 1514 drop_overlimit 0 new_flow_count 11165 ecn_mark 0
  new_flows_len 1 old_flows_len 7
$ sudo tc -s class show dev ifb0
class htb 7000:c8 root rate 1600Kbit ceil 1600Kbit burst 1600b cburst 1600b
 Sent 72884148 bytes 83583 pkt (dropped 0, overlimits 0 requeues 0)
 rate 11552bit 4pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 120312 ctokens: 120312

class htb 7000:fa parent 7000:c8 leaf 7004: prio 7 rate 600Kbit ceil 1600Kbit burst 1599b cburst 1600b
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 333328 ctokens: 125000

class htb 7000:e6 parent 7000:c8 leaf 7002: prio 2 rate 600Kbit ceil 600Kbit burst 1599b cburst 1599b
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 333328 ctokens: 333328

class htb 7000:12b parent 7000:c8 leaf 7005: prio 6 rate 1600Kbit ceil 1600Kbit burst 1600b cburst 1600b
 Sent 72832061 bytes 83204 pkt (dropped 0, overlimits 0 requeues 0)
 rate 11512bit 4pps backlog 0b 0p requeues 0
 lended: 83204 borrowed: 0 giants: 0
 tokens: 120312 ctokens: 120312

class htb 7000:10d2 parent 7000:c8 rate 10Kbit ceil 10Kbit burst 1600b cburst 1600b
 Sent 52087 bytes 379 pkt (dropped 0, overlimits 0 requeues 0)
 rate 40bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 17525000 ctokens: 17525000

class htb 7000:d2 parent 7000:10d2 leaf 7001: prio 0 rate 30Kbit ceil 30Kbit burst 1599b cburst 1023b
 Sent 52087 bytes 379 pkt (dropped 0, overlimits 0 requeues 0)
 rate 40bit 0pps backlog 0b 0p requeues 0
 lended: 379 borrowed: 0 giants: 0
 tokens: 5841656 ctokens: 3441656

class htb 7000:f0 parent 7000:c8 leaf 7003: prio 3 rate 1600Kbit ceil 1600Kbit burst 1600b cburst 1600b
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
 lended: 0 borrowed: 0 giants: 0
 tokens: 125000 ctokens: 125000

class fq_codel 7001:5 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1332 count 0 lastcount 0 ldelay 15us
class fq_codel 7001:25 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1115 count 0 lastcount 0 ldelay 6us
class fq_codel 7001:4a parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1266 count 0 lastcount 0 ldelay 23us
class fq_codel 7001:55 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1301 count 0 lastcount 0 ldelay 15us
class fq_codel 7001:63 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1332 count 0 lastcount 0 ldelay 14us
class fq_codel 7001:b3 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1316 count 0 lastcount 0 ldelay 16us
class fq_codel 7001:b5 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1393 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:da parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1384 count 0 lastcount 0 ldelay 11us
class fq_codel 7001:f6 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1237 count 0 lastcount 0 ldelay 7us
class fq_codel 7001:110 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1382 count 0 lastcount 0 ldelay 4us
class fq_codel 7001:135 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1392 count 0 lastcount 0 ldelay 15us
class fq_codel 7001:160 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1225 count 0 lastcount 0 ldelay 8us
class fq_codel 7001:171 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1384 count 0 lastcount 0 ldelay 10us
class fq_codel 7001:1f5 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1400 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:1f9 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1385 count 0 lastcount 0 ldelay 6us
class fq_codel 7001:216 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1374 count 0 lastcount 0 ldelay 16us
class fq_codel 7001:237 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1423 count 0 lastcount 0 ldelay 10us
class fq_codel 7001:249 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1395 count 0 lastcount 0 ldelay 16us
class fq_codel 7001:251 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1324 count 0 lastcount 0 ldelay 6us
class fq_codel 7001:264 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1330 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:29f parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1340 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:302 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1402 count 0 lastcount 0 ldelay 11us
class fq_codel 7001:308 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1374 count 0 lastcount 0 ldelay 15us
class fq_codel 7001:313 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1370 count 0 lastcount 0 ldelay 6us
class fq_codel 7001:357 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1332 count 0 lastcount 0 ldelay 15us
class fq_codel 7001:372 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1425 count 0 lastcount 0 ldelay 13us
class fq_codel 7001:37c parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1380 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:389 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1343 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:3dc parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1147 count 0 lastcount 0 ldelay 7us
class fq_codel 7001:3e9 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1345 count 0 lastcount 0 ldelay 6us
class fq_codel 7001:3ed parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1225 count 0 lastcount 0 ldelay 5us
class fq_codel 7001:3f9 parent 7001:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1183 count 0 lastcount 0 ldelay 7us
class fq_codel 7005:47 parent 7005:
 (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  deficit 1090 count 0 lastcount 0 ldelay 5us
$ sudo tc -s filter show dev ifb0
filter parent 7000: protocol all pref 211 u32
filter parent 7000: protocol all pref 211 u32 fh 800: ht divisor 1
filter parent 7000: protocol all pref 211 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 7000:d2  (rule hit 83829 success 103)
  match 00010000/00ff0000 at 8 (success 103 )
filter parent 7000: protocol all pref 212 u32
filter parent 7000: protocol all pref 212 u32 fh 801: ht divisor 1
filter parent 7000: protocol all pref 212 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 7000:d2  (rule hit 83723 success 281)
  match 00350000/ffff0000 at 20 (success 281 )
filter parent 7000: protocol all pref 230 u32
filter parent 7000: protocol all pref 230 u32 fh 802: ht divisor 1
filter parent 7000: protocol all pref 230 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 7000:e6  (rule hit 83440 success 0)
  mark 0x40000 0x7c0000 (success 0)
filter parent 7000: protocol all pref 299 u32
filter parent 7000: protocol all pref 299 u32 fh 803: ht divisor 1
filter parent 7000: protocol all pref 299 u32 fh 803::800 order 2048 key ht 803 bkt 0 flowid 7000:12b  (rule hit 83432 success 83432)

 Strange, filter 241 and 254 are missing -> find

 

set traffic-control advanced-queue filters match 241 ip source port "80, 443" command is bad because if ubnt accept the command, it doent create filter for "80 and 443" .  I need to create 1 filter for 1 port

 

can you confirm that ?

 

And if i add DPI application in filter, that break my filter *$@

Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2130
Solutions: 931

Re: QOS

tc command output is amazing.  I'm trying to understand where the 33 fq_codel classes came up from

Can you give output of command:

show configuration commands | grep traffic-control

so I can play around with them myself?

 

 

afaik:

A single tc filter rule can only do AND logic in its u32 matches. Like sourceIP=a AND destIP=B AND destPort=c...

If you want OR for  destports 80 and 443, you'd need 2 filter rules. 

 

I've used application matching for windows updates, and it resulted in tc filter output having matches

New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

set traffic-control advanced-queue branch
set traffic-control advanced-queue filters match 199 attach-to 100
set traffic-control advanced-queue filters match 199 description Default
set traffic-control advanced-queue filters match 199 target 199
set traffic-control advanced-queue filters match 211 attach-to 200 set traffic-control advanced-queue filters match 211 description ICMP set traffic-control advanced-queue filters match 211 ip protocol 1 set traffic-control advanced-queue filters match 211 target 210
set traffic-control advanced-queue filters match 212 attach-to 200 set traffic-control advanced-queue filters match 212 description DNS set traffic-control advanced-queue filters match 212 ip source port 53 set traffic-control advanced-queue filters match 212 target 210
set traffic-control advanced-queue filters match 230 application category Games set traffic-control advanced-queue filters match 230 attach-to 200 set traffic-control advanced-queue filters match 230 description Gaming set traffic-control advanced-queue filters match 230 target 230

set traffic-control advanced-queue filters match 239 application category Web
set traffic-control advanced-queue filters match 239 attach-to 200
set traffic-control advanced-queue filters match 239 description 'DPI Web'
set traffic-control advanced-queue filters match 239 target 240

set traffic-control advanced-queue filters match 240 attach-to 200 set traffic-control advanced-queue filters match 240 description HTTP set traffic-control advanced-queue filters match 240 ip source port 80 set traffic-control advanced-queue filters match 240 target 240
set traffic-control advanced-queue filters match 241 attach-to 200 set traffic-control advanced-queue filters match 241 description HTTPS set traffic-control advanced-queue filters match 241 ip source port 443 set traffic-control advanced-queue filters match 241 target 240
set traffic-control advanced-queue filters match 254 application category Games set traffic-control advanced-queue filters match 254 attach-to 200 set traffic-control advanced-queue filters match 254 description 'Blizzard Downloads' set traffic-control advanced-queue filters match 254 ip source port '1119, 1120, 3724, 4000, 6112, 6113, 6114' set traffic-control advanced-queue filters match 254 target 250
set traffic-control advanced-queue filters match 299 attach-to 200 set traffic-control advanced-queue filters match 299 description Default set traffic-control advanced-queue filters match 299 target 299
set traffic-control advanced-queue leaf queue 199 bandwidth 600kbit set traffic-control advanced-queue leaf queue 199 burst burst-rate 100kbit set traffic-control advanced-queue leaf queue 199 burst burst-size 15kb set traffic-control advanced-queue leaf queue 199 description default set traffic-control advanced-queue leaf queue 199 parent 100 set traffic-control advanced-queue leaf queue 199 queue-type FQCODEL_UP
set traffic-control advanced-queue leaf queue 210 bandwidth 30kbit set traffic-control advanced-queue leaf queue 210 burst burst-rate 10kbit set traffic-control advanced-queue leaf queue 210 burst burst-size 1kb set traffic-control advanced-queue leaf queue 210 description 'ICMP and DNS' set traffic-control advanced-queue leaf queue 210 parent 200 set traffic-control advanced-queue leaf queue 210 priority 0 set traffic-control advanced-queue leaf queue 210 queue-type FQCODEL_DOWN
set traffic-control advanced-queue leaf queue 230 bandwidth 600kbit set traffic-control advanced-queue leaf queue 230 description Gaming set traffic-control advanced-queue leaf queue 230 parent 200 set traffic-control advanced-queue leaf queue 230 priority 2 set traffic-control advanced-queue leaf queue 230 queue-type FQCODEL_DOWN
set traffic-control advanced-queue leaf queue 240 bandwidth 1600kbit set traffic-control advanced-queue leaf queue 240 description HTTP/HTTPS set traffic-control advanced-queue leaf queue 240 parent 200 set traffic-control advanced-queue leaf queue 240 priority 3 set traffic-control advanced-queue leaf queue 240 queue-type FQCODEL_DOWN
set traffic-control advanced-queue leaf queue 250 bandwidth 600kbit set traffic-control advanced-queue leaf queue 250 ceiling 1600kbit set traffic-control advanced-queue leaf queue 250 description 'File Transfers' set traffic-control advanced-queue leaf queue 250 parent 200 set traffic-control advanced-queue leaf queue 250 priority 7 set traffic-control advanced-queue leaf queue 250 queue-type FQCODEL_DOWN
set traffic-control advanced-queue leaf queue 299 bandwidth 1600kbit set traffic-control advanced-queue leaf queue 299 description default set traffic-control advanced-queue leaf queue 299 parent 200 set traffic-control advanced-queue leaf queue 299 priority 6 set traffic-control advanced-queue leaf queue 299 queue-type FQCODEL_DOWN
set traffic-control advanced-queue queue-type fq-codel FQCODEL_DOWN ecn enable set traffic-control advanced-queue queue-type fq-codel FQCODEL_UP ecn enable
set traffic-control advanced-queue root queue 100 attach-to global set traffic-control advanced-queue root queue 100 bandwidth 600kbit set traffic-control advanced-queue root queue 100 description QOS_Up
set traffic-control advanced-queue root queue 200 attach-to ifb0 set traffic-control advanced-queue root queue 200 bandwidth 1600kbit set traffic-control advanced-queue root queue 200 description QOS_Down

On http/https rules, i split it for each port 80 and 443. I remove dpi too which break my rule. After this modify, rules seems to work. Filter 239 with DPI Web doesnt work

 

Every 2.0s: tc -s filter show dev ifb0                                                                                                                                   Mon Jun 26 23:21:58 2017

filter parent 7000: protocol all pref 211 u32
filter parent 7000: protocol all pref 211 u32 fh 800: ht divisor 1
filter parent 7000: protocol all pref 211 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 7000:d2  (rule hit 1740 success 0)
  match 00010000/00ff0000 at 8 (success 0 )
filter parent 7000: protocol all pref 212 u32
filter parent 7000: protocol all pref 212 u32 fh 801: ht divisor 1
filter parent 7000: protocol all pref 212 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 7000:d2  (rule hit 1740 success 16)
  match 00350000/ffff0000 at 20 (success 16 )
filter parent 7000: protocol all pref 230 u32
filter parent 7000: protocol all pref 230 u32 fh 802: ht divisor 1
filter parent 7000: protocol all pref 230 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 7000:e6  (rule hit 1724 success 0)
  mark 0x40000 0x7c0000 (success 0)
filter parent 7000: protocol all pref 239 u32
filter parent 7000: protocol all pref 239 u32 fh 803: ht divisor 1
filter parent 7000: protocol all pref 239 u32 fh 803::800 order 2048 key ht 803 bkt 0 flowid 7000:f0  (rule hit 1724 success 0)
  mark 0x80000 0x7c0000 (success 0)
filter parent 7000: protocol all pref 240 u32
filter parent 7000: protocol all pref 240 u32 fh 804: ht divisor 1
filter parent 7000: protocol all pref 240 u32 fh 804::800 order 2048 key ht 804 bkt 0 flowid 7000:f0  (rule hit 1724 success 64)
  match 00500000/ffff0000 at 20 (success 64 )
filter parent 7000: protocol all pref 241 u32
filter parent 7000: protocol all pref 241 u32 fh 805: ht divisor 1
filter parent 7000: protocol all pref 241 u32 fh 805::800 order 2048 key ht 805 bkt 0 flowid 7000:f0  (rule hit 1660 success 1546)
  match 01bb0000/ffff0000 at 20 (success 1546 )
filter parent 7000: protocol all pref 299 u32
filter parent 7000: protocol all pref 299 u32 fh 806: ht divisor 1
filter parent 7000: protocol all pref 299 u32 fh 806::800 order 2048 key ht 806 bkt 0 flowid 7000:12b  (rule hit 114 success 114)

Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2130
Solutions: 931

Re: QOS

filter 199 should match on LAN subnet. (or attach to WAN interface instead of global)

Global interface sees all traffic , in both directions, where you want upload only.   Now up and download interact , limiting download speed to max upload speed.

 

Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2130
Solutions: 931

Re: QOS

Played around with your settings, and indeed problem mentioned in previous post exists.

 

Did you enable dpi? Without it application matching rules will never work

New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

Yes DPI is enable

 

set system traffic-analysis dpi enable
set system traffic-analysis export enable

i dont know why rules with DPI doesnt work

New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

you said "I've used application matching for windows updates, and it resulted in tc filter output having matches"

 

can you show me your rule ? 

Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2130
Solutions: 931

Re: QOS

These work:

set system traffic-analysis custom-category PCUPDATE name 'microsoft windows update'
set system traffic-analysis custom-category PCUPDATE name mcafee
set system traffic-analysis dpi enable
set system traffic-analysis export enable

Part of filters for download:

set traffic-control advanced-queue filters match 271 application category Streaming-Media
set traffic-control advanced-queue filters match 271 attach-to 2
set traffic-control advanced-queue filters match 271 description StreamingMedia
set traffic-control advanced-queue filters match 271 target 207
set traffic-control advanced-queue filters match 272 application custom-category PCUPDATE
set traffic-control advanced-queue filters match 272 attach-to 2
set traffic-control advanced-queue filters match 272 description WindowsUpdate
set traffic-control advanced-queue filters match 272 target 207
set traffic-control advanced-queue filters match 273 application category P2P
set traffic-control advanced-queue filters match 273 attach-to 2
set traffic-control advanced-queue filters match 273 description P2P
set traffic-control advanced-queue filters match 273 target 207

And current statistics:

filter parent 7000: protocol all pref 271 u32
filter parent 7000: protocol all pref 271 u32 fh 804: ht divisor 1
filter parent 7000: protocol all pref 271 u32 fh 804::800 order 2048 key ht 804 bkt 0 flowid 7000:cf  (rule hit 521049355 success 6316134)
  mark 0x80000 0x7c0000 (success 6316134)
filter parent 7000: protocol all pref 272 u32
filter parent 7000: protocol all pref 272 u32 fh 805: ht divisor 1
filter parent 7000: protocol all pref 272 u32 fh 805::800 order 2048 key ht 805 bkt 0 flowid 7000:cf  (rule hit 514733221 success 233412)
  mark 0x2000 0x3e000 (success 233412)
filter parent 7000: protocol all pref 273 u32
filter parent 7000: protocol all pref 273 u32 fh 806: ht divisor 1
filter parent 7000: protocol all pref 273 u32 fh 806::800 order 2048 key ht 806 bkt 0 flowid 7000:cf  (rule hit 514499809 success 80967)
  mark 0x40000 0x7c0000 (success 80967)
filter parent 7000: protocol all pref 299 u32
filter parent 7000: protocol all pref 299 u32 fh 807: ht divisor 1
filter parent 7000: protocol all pref 299 u32 fh 807::800 order 2048 key ht 807 bkt 0 flowid 7000:ce  (rule hit 514418842 success 514418842)

V1.9.1

Note this is a company, and p2p better stay (close to) zero

 

New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

i'm curious, do you have set a branch ?

set traffic-control advanced-queue branch  .... 

Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2131
Solutions: 931

Re: QOS

No branch.

You only need branch when nesting policies.  Which is required when attaching to global.

 

Instead I  attached upload to WAN, and download to switch0,

New Member
Posts: 32
Registered: ‎05-28-2017
Kudos: 1

Re: QOS

[ Edited ]

 

 

1/ I remake my all config with 1.9.1.1 version and DPI with QOS wasn't work

2/ i upgrade the er-x to beta2 -> same problem, DPI didn't work with QOS

 

3/ i change the attach-to of root : ifb0 to eth0 and ohh my god, DPI work

 

filter parent 7000: protocol all pref 200 u32
filter parent 7000: protocol all pref 200 u32 fh 800: ht divisor 1
filter parent 7000: protocol all pref 200 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 7000:d2  (rule hit 648 success 0)
  match 00010000/00ff0000 at 8 (success 0 )
filter parent 7000: protocol all pref 210 u32
filter parent 7000: protocol all pref 210 u32 fh 801: ht divisor 1
filter parent 7000: protocol all pref 210 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 7000:d2  (rule hit 648 success 0)
  match 00350000/ffff0000 at 20 (success 0 )
filter parent 7000: protocol all pref 220 u32
filter parent 7000: protocol all pref 220 u32 fh 802: ht divisor 1
filter parent 7000: protocol all pref 220 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 7000:e6  (rule hit 648 success 38)
  mark 0x2000 0x3e000 (success 38)
filter parent 7000: protocol all pref 299 u32
filter parent 7000: protocol all pref 299 u32 fh 803: ht divisor 1
filter parent 7000: protocol all pref 299 u32 fh 803::800 order 2048 key ht 803 bkt 0 flowid 7000:12b  (rule hit 610 success 610)

Now, i dont know why DPI didn"t work with "eth0 redirect to ifb0"

 

My setup, now, is

 

ubnt@ubnt:~$ sudo cat /config/config.boot
firewall {
    all-ping enable
    broadcast-ping disable
    group {
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
            out {
            }
        }
        speed auto
    }
    ethernet eth1 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        duplex auto
        speed auto
    }
    input ifb0 {
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.10.1/24
        description Local
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.10.0/24 {
                default-router 192.168.10.1
                dns-server 192.168.10.1
                domain-name HomeNet
                lease 86400
                start 192.168.10.38 {
                    stop 192.168.10.243
                }
                static-mapping EX6200 {
                    ip-address 192.168.10.39
                    mac-address a0:63:91:48:82:34
                }
                static-mapping S4 {
                    ip-address 192.168.10.50
                    mac-address f0:25:b7:9a:e0:ab
                }
                static-mapping Tablette {
                    ip-address 192.168.10.130
                    mac-address 08:ee:8b:7f:e1:5b
                }
                static-mapping noname {
                    ip-address 192.168.10.38
                    mac-address e0:cb:4e:4f:83:8a
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on switch0
            name-server 192.168.1.1
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    domain-name HomeNet
    host-name ubnt
    login {
        user ubnt {
            authentication {
                encrypted-password $6$mgIc1TmHwa$cpnGfuuqk.BFTflKkcWcOoJj5SLafHVt3vNphqtQC3H.sepamuRsqn.zta9OSUw96/xoohfCf4W0wEKNmRO1
            }
            level admin
        }
    }
    name-server 127.0.0.1
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        hwnat enable
        ipsec enable
    }
    package {
        repository wheezy {
            components "main contrib non-free"
            distribution wheezy
            password ""
            url http://ftp.us.debian.org/debian/
            username ""
        }
        repository wheezy-updates {
            components "main contrib non-free"
            distribution wheezy/updates
            password ""
            url http://security.debian.org/
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Europe/Paris
    traffic-analysis {
        custom-category Blizzard {
            name "WOW Game"
            name Battle.net
        }
        dpi enable
        export enable
    }
}
traffic-control {
    advanced-queue {
        filters {
            match 200 {
                attach-to 1
                description ICMP
                ip {
                    protocol 1
                }
                target 210
            }
            match 210 {
                attach-to 1
                description DNS
                ip {
                    source {
                        port 53
                    }
                }
                target 210
            }
            match 220 {
                application {
                    custom-category Blizzard
                }
                attach-to 1
                description Games
                target 230
            }
            match 299 {
                attach-to 1
                description Default
                target 299
            }
        }
        leaf {
            queue 210 {
                bandwidth 30kbit
                description "ICMP and DNS"
                parent 1
                priority 0
                queue-type FQCODEL_DOWN
            }
            queue 230 {
                bandwidth 600kbit
                description Gaming
                parent 1
                priority 2
                queue-type FQCODEL_DOWN
            }
            queue 299 {
                bandwidth 1600kbit
                description default
                parent 1
                priority 6
                queue-type FQCODEL_DOWN
            }
        }
        queue-type {
            fq-codel FQCODEL_DOWN {
                ecn enable
            }
            fq-codel FQCODEL_UP {
                ecn enable
            }
        }
        root {
            queue 1 {
                attach-to eth0
                bandwidth 1600kbit
                description DOWNLOAD
            }
        }
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.9.7-beta.2.4993780.170622.0522 */
ubnt@ubnt:~$

 

 

Highlighted
Veteran Member
Posts: 8,111
Registered: ‎03-24-2016
Kudos: 2131
Solutions: 931

Re: QOS

fbi interface affects normal packet flow, enabling inbound QoS shaping.

I already knew it might break firewall modify rules,   now I know it also confuses DPI.