Return to site

Tomato Qos Guide

broken image


  1. Tomato Qos Guidelines
  2. Tomato Qos Guide
  • The problem is the Tomato/Shibby QoS settings are very complicated. The key thing are the rate limits in the QoS/Basic Settings page, particularly Inbound for traffic coming into the router from the Internet. Here's where I ended up: That setting says 'all traffic classified as Service should use between 5% and 100% of the bandwidth'.
  • Tomato QoS Two excellent open source firmware loads that can be installed on some models of low priced routers, most notably some wireless Linksys WRT54G versions (as well as some other manufacturers), will produce a router that performs like routers that would cost 4 times as much and be an excellent choice for VoIP installations.
  • Welcome to the official website of the FreshTomato firmware project, a system based on Linux, dedicated for routers with Broadcom chipset and distributed on the GPL license.
  • I also torrent a little (Raspberry Pi and Ubuntu installation iso's), so I made sure to limit myself on those downloads as well. If you want a definitive guide about how to set up the QoS settings, follow the link below. It is a lengthy read. Using Tomato's QOS System. How to set it up in Tomato. Go to Speedtest.net and get record your.

In this sample chapter from Designing for Cisco Network Service Architectures (ARCH) Foundation Learning Guide: CCDP ARCH 300-320, 4th Edition, the authors cover some best practice QoS design principles and QoS strategy models that are used to implement the numerous QoS tools we have at our disposal.

There we go , this will be my second part of how to configure QoS for Tomato Firmware (Yeah – it took a long time for me to write this article) . You may want to read my first part before proceeding to the second part here. Anyway , I've explained couple of things last time , which includes the basics of Qos and how to configure the bandwidth allocation and stuff like that. Once again I recommend you to read the first part before proceeding to the second part. If you're feeling a bit adventurous (or if you're lazy to read the whole guide) , then continue on to read. Anyway let us get started shall we (Click on read more to get started)
First and foremost , make sure you have configured the basic QoS Configuration as suggested in my first part of the QoS Guide. Once you have done that , make sure that QoS is disabled. This is important as we do not wish to intrerput our Internet connection while configuring the whole thing (Trust me , if you enable Qos while your room mates/family members are surfing the Internet or playing on line games – You'll feel remorse and they'll get on your nerves). Anyway , take look at the screenshot that I've posted below
If you notice that I have left the default configuration as it is , we don't really want to mess with the basic settings. Leave it as it is , however you may want to delete the last rule which is Bulk Traffic rule. This is where we will configure it manually. Anyhow , before I teach the tricks of trade on how to configure your router. Lets take a look at the terminology , I'm sure you are interested to know what is Layer 7. Here we go :-
Layer 7– 'L7-filter is a classifier for Linux's Netfilter that identifies packets based on application layer data. It can classify packets as Kazaa, HTTP, Jabber, Citrix, Bittorrent, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on IP address, port numbers and so on.'. In other words it can automatically classify packets regardless of port. this is much more efficent way of blocking p2p traffic and/or controlling other applications such as games. However there is a catch , Layer 7 is very CPU-intensive and slow. This may stress your router and may cause slow-downs – Just keep that in mind
IPP2P – 'IPP2P uses suitable search patterns to identify P2P traffic thus allowing the reliable identifcation of traffic belonging to many P2P networks. Once identified one may handle P2P traffic in different ways – dropping such traffic, putting into low priority classes or shaping to a given bandwidth limit is possible. Reducing costs, freeing network ressources and therefore improving network performance is often the result of using IPP2P'. In other words its a filters p2p traffic and it identifies. This is how some ISPs throttle P2P , although its not efficient as p2p clients these days have encryption , it can still throttle most of the p2p connections , which is still great ! – But it isn't that great and once again this isn't the best solution as bit torrent clients can easily bypass these filters by turning on Packet encryption !
TCP/UDP and other forms of Protocol – You wouldn't want to mess with the rest of the protocols that they are there unless you know what you're doing. Usually you'll use this kind of filter to play or prioritise gaming packets or VOIP applications. Just specify which port it requires and you'll have its data prioritised or reduced (depending on how you set it). This isn't our primary concern and there is no further explanation for this , unless you want to study how TCP/UDP works – which is again way too complicated for me to explain and for you to understand. For now , that should do the trick
Port Selection – This is the fun part , you can choose to throttle the data on all ports (source port or destination port). You can usaully set it to which port or better yet block any port when you're using IPP2P Filter or Layer 7. This i will leave it up to you. However , keep in mind that you're going to add some load to the router if your port selection is any port and you're using Layer 7. Thats just my tip
Address – This is where you specify who gets what slice of the bread. Suppose if you want to throttle your room mates' (its just an example aka figure of speech) Bit Torrent connection as he is hogging everything. You may just filter it via IP. However , if your room mate is smart , he can manually assign IP in his PC and bypass that filter. I know you'll be yelling – but don't worry you can classify traffic via MAC Address. Although its possible to change MAC Address , only those who know what they are doing will know how to bypass and edit it. At times for certain NIC and WNIC (Wireless/WiFi Cards) its not possible to change the MAC Address.
Classification – As have been thought in Lesson I , this is where you apply it. You classify it to your own class which one to do you think it is priroity traffic , bulk traffic , etc. Just select the propriate class for the propriate program !
Here are some tips , make sure VOIP Applications (such as Skype) or demanding applications (Counter Strike and FPS games , and even World of Warcraft/Warcraft III (DOTA) ), gets the highest pirority traffic otherwise your your calls will cut or the quality will be degraded. Make sure critical applications do get the highest priority of traffic
You'll have to do some trial and errors before you're able to get full control of your traffic. QoS does take a look of effort , especially when you're new. You'll have to keep changing profiles till you get the shape of the traffic that you want (yeah , its just like losing weight and looking hawt). Dont forget to put a check on Re-classify all packets when changing settings , which can be found under Basic Settings (QoS), This is important especially when you're testing your rules and other things. Plus , Its very hard to say on how efficent is your QoS. You'll have to test it by stimulating traffic and monitoring it. It takes a bit of pratice and once you get the hang of it , it will be a easy as a pie ! – In my next lesson , we will be doing more in-depth analysis on certain cases , and how to counter attack certain cases and what are the disadvantages of QoS and of course ways to overcome it !

Quick and Easy QoS with Tomato

Tomato Qos Guide
November 21, 2009

SIP combined with Elastix is nothing short of amazing.

Cost savings, flexibility, functionality, and I'll say it again: Cost savings! Online cgpa calculator.

When deploying Elastix to use SIP over ADSL (for example), many find their existing Broadband connection does not quite provide satisfactory call quality, usually due to sharing the connection with other traffic.

We will follow this post up later with another on Diagnosing connectivity / quality issues.

NOTE: This is not the only way to do QoS, but after having struggled with the likes of pfsense, the budget / useless junk that many routers build in, and a host of other software / hardware solutions, I found Tomato did it the easiest, the best, and the most reliably! It's a breeze to setup, and you'll be kicking yourself for not having set something like this up earlier.

Requirements:

  • Administrative access to the ADSL Router
  • The Router must either do DMZ or (most ideally) Half-bridging. The Linksys AM300 is recommended
  • A Linksys WRT54GL or Asus WL-52oGU — The WRT54GL was easiest to flash, but the WL-520GU is un-brickable
  • The Tomato Firmware, available from polarcloud.com/tomato
  • A quiet afternoon in the office, where nobody will jump up and down too much if you take down the internet for a little bit.

NOTE: I would *strongly* recommend you get permission to take and test this out on your home connection prior to trying to deploy it in a production environment. I promise you will suffer much less heartbreak compared to tearing down a corporate network and finding you cannot easily repair it to its original state.

Step 1) Selecting the Hardware

I'll be honest, the Linksys WRT54GL is probably the easiest, and at around NZD$100 it's a bargain price! See xe.com/ucc to convert that price to your currency, or check out the price at Newegg.com

Make sure its the GL model, the L standing for Linux, as some of the non-L models aren't compatible, namely the WRT54G v5.

You also need a router that will hand the IP address / port-forwarding over to it, so you're going to want something such as the Linksys AM300, it's cheap, reliable and known to work well. Just make sure it has Firmware 1.19.04 or half-bridge won't work. Other products such as the NetComm NB6PLUS4Wn will suffice if you put the Tomato in a DMZ, but half-bridging is a nicer solution than a DMZ, due to the Tomato router thinking it's pretty much *the* connection to the Internet. I'll leave the getting-connected-to-the-internet part to your imagination.

Tomato Qos Guidelines

Step 2) Flashing Tomato

If you have the WRT54GL then this is dead easy. If you've previously used it, then reset it back to factory defaults. Connect via a cable (safer than wireless, even though technically speaking WiFi does work for upgrades), go into the Admin settings, select the firmware: WRT54G_WRT54GL.bin

Hit Upgrade, sit back, wait 2-3 minutes and then try re-logging in to the Web Interface.

devices such as the Asus WL-520GU also work well in my experience, though the WRT54GL is definitely the easiest.

Now there is a ton of features that we could go into which you may find useful, but now's not really the time to go into all those. With that in mind we're going to dive straight into the deep end. Fire up the WebGUI, Login with the default username:password of admin:admin and click on QoS –> Basic Settings on the left-hand side.


Step 3) Determining your speeds

This may sound like a silly thing for me to mention, but you absolutely must get this right. First stop: Speedtest.net !

Run a speedtest and see what speeds you get. Also if you check the sync speeds in your router, they'll give you a rough indication of what speeds you'll be getting.

Now, you're not going to want to set your Max InboundBandwidth & Max Outbound Bandwidth in Tomato to your actual line max. For example if your DSL connection is sync'ing at 4.8m/bit down and 950kbps upload and you specify those values in Tomato, not only will you never actually attain those speeds, but if you re-sync at a slightly lower speed, it'll throw things even more. Speedtest for me shows I'm getting around 4300kbps down and 890kbps upload, so we're going to round things right down to 3500kbps download and 800kbps upload. Seriously, I can pretty much promise that none of your staff will notice the difference between the internet speeds downloading at 4300kbps vs 3500kbps so don't feel as though you're going to be slowing down their internet. You won't! If anything, they'll 'feel' like it's going faster by the time we're done.

So, enter in those values of yours in the Max Bandwidth for inbound & outbound. Up the top we're going to set:

  • Enable QOS
  • Prioritize small packets with these control flags: ACK
  • Prioritize ICMP
  • Reset class when changing settings
  • Default Class: C
Tomato qos guide
November 21, 2009

SIP combined with Elastix is nothing short of amazing.

Cost savings, flexibility, functionality, and I'll say it again: Cost savings! Online cgpa calculator.

When deploying Elastix to use SIP over ADSL (for example), many find their existing Broadband connection does not quite provide satisfactory call quality, usually due to sharing the connection with other traffic.

We will follow this post up later with another on Diagnosing connectivity / quality issues.

NOTE: This is not the only way to do QoS, but after having struggled with the likes of pfsense, the budget / useless junk that many routers build in, and a host of other software / hardware solutions, I found Tomato did it the easiest, the best, and the most reliably! It's a breeze to setup, and you'll be kicking yourself for not having set something like this up earlier.

Requirements:

  • Administrative access to the ADSL Router
  • The Router must either do DMZ or (most ideally) Half-bridging. The Linksys AM300 is recommended
  • A Linksys WRT54GL or Asus WL-52oGU — The WRT54GL was easiest to flash, but the WL-520GU is un-brickable
  • The Tomato Firmware, available from polarcloud.com/tomato
  • A quiet afternoon in the office, where nobody will jump up and down too much if you take down the internet for a little bit.

NOTE: I would *strongly* recommend you get permission to take and test this out on your home connection prior to trying to deploy it in a production environment. I promise you will suffer much less heartbreak compared to tearing down a corporate network and finding you cannot easily repair it to its original state.

Step 1) Selecting the Hardware

I'll be honest, the Linksys WRT54GL is probably the easiest, and at around NZD$100 it's a bargain price! See xe.com/ucc to convert that price to your currency, or check out the price at Newegg.com

Make sure its the GL model, the L standing for Linux, as some of the non-L models aren't compatible, namely the WRT54G v5.

You also need a router that will hand the IP address / port-forwarding over to it, so you're going to want something such as the Linksys AM300, it's cheap, reliable and known to work well. Just make sure it has Firmware 1.19.04 or half-bridge won't work. Other products such as the NetComm NB6PLUS4Wn will suffice if you put the Tomato in a DMZ, but half-bridging is a nicer solution than a DMZ, due to the Tomato router thinking it's pretty much *the* connection to the Internet. I'll leave the getting-connected-to-the-internet part to your imagination.

Tomato Qos Guidelines

Step 2) Flashing Tomato

If you have the WRT54GL then this is dead easy. If you've previously used it, then reset it back to factory defaults. Connect via a cable (safer than wireless, even though technically speaking WiFi does work for upgrades), go into the Admin settings, select the firmware: WRT54G_WRT54GL.bin

Hit Upgrade, sit back, wait 2-3 minutes and then try re-logging in to the Web Interface.

devices such as the Asus WL-520GU also work well in my experience, though the WRT54GL is definitely the easiest.

Now there is a ton of features that we could go into which you may find useful, but now's not really the time to go into all those. With that in mind we're going to dive straight into the deep end. Fire up the WebGUI, Login with the default username:password of admin:admin and click on QoS –> Basic Settings on the left-hand side.


Step 3) Determining your speeds

This may sound like a silly thing for me to mention, but you absolutely must get this right. First stop: Speedtest.net !

Run a speedtest and see what speeds you get. Also if you check the sync speeds in your router, they'll give you a rough indication of what speeds you'll be getting.

Now, you're not going to want to set your Max InboundBandwidth & Max Outbound Bandwidth in Tomato to your actual line max. For example if your DSL connection is sync'ing at 4.8m/bit down and 950kbps upload and you specify those values in Tomato, not only will you never actually attain those speeds, but if you re-sync at a slightly lower speed, it'll throw things even more. Speedtest for me shows I'm getting around 4300kbps down and 890kbps upload, so we're going to round things right down to 3500kbps download and 800kbps upload. Seriously, I can pretty much promise that none of your staff will notice the difference between the internet speeds downloading at 4300kbps vs 3500kbps so don't feel as though you're going to be slowing down their internet. You won't! If anything, they'll 'feel' like it's going faster by the time we're done.

So, enter in those values of yours in the Max Bandwidth for inbound & outbound. Up the top we're going to set:

  • Enable QOS
  • Prioritize small packets with these control flags: ACK
  • Prioritize ICMP
  • Reset class when changing settings
  • Default Class: C

Your Default Class can change, I've set it to C for un(C)lassified. Honestly it made sense when I first setup the router…

Now, we're going to set the Outbound values, these are the most essential. Here's a bit of an example of how mine looks:

  • Highest / 80% / 90%
  • High / 20% / 80%
  • Medium / 5% / 70%
  • Low / 3% / 60%
  • Lowest / 2% / 20%
  • Class A / 90% / 100%
  • Class B / 1% / 5%
  • Class C / 1% / 10%
  • Class D / 1% / 5%
  • Class E / 10% / 20%

Now I'll explain my madness here. Class C is the default, so if it's uncategorized it's because it's not important enough for me to spend the time writing rules for it, so you don't want to give it much. Class B & D don't get used by me, so again I leave them very low, as nothing should be using them. Class A is going to be my VoIP so I want it to always get priority. Reggae backing track drums.

Here's a summary of my understanding of how the QoS works. It could be totally wrong, however it's done me well thus far:

You've got a limited amount of outgoing bandwidth, lets say for arguments sake its 100kbps.
Now lets pretend you're saturating that with a variety of traffic, including VoIP, sending email attachments through Gmail (http traffic) and FTP uploading (website changes?). So, VoIP is only going to use a tiny little bit, if you're using iLBC then it'll be 13.3kbps + overheads = 44kbps (See here). If you've classified VoIP to Class A, it's going to try and reserve 90% at least. You only need 44kbps so that's still leaving 66kbps for HTTP & FTP. Now, if HTTP is Highest, then it's going to try and reserve 80% of the 100kbps for it, essentially leaving FTP with nothing. For this reason you'd set HTTP to High perhaps, and FTP to Medium. Both have a 'max' of 80% & 70% respectively, so it'll do it's best to share the remainder after VoIP between the two of them, at all times giving HTTP a minimum of 20% and FTP at least 5%.

Tomato Qos Guide

In a nutshell, set the minimum amount to be reserved on the left, and the max that it should be allowed on the right. Assume worst-case scenario that your line is going to be 100% full all the time, and try and give each a bit of 'wiggle room'

Next we setup Inbound also:

  • Highest / 90%
  • High / 80%
  • Medium / 70%
  • Low / 60%
  • Lowest / 20%
  • Class A / 100%
  • Class B / 5%
  • Class C / 10%
  • Class D / 5%
  • Class E / 5%

You can turn on TCP Vegas if you want, I choose not to, you can read more about it and what it does on Wikipedia. Scroll down and hit Save.

Now on to the next part:

Step 4) Classification of Traffic types

On the left-hand side we're now in QoS –> Classification

We need to classify the types of traffic that fall in to each of the classes we setup just earlier. We're going to start by going through and clearing out all the standard rules and we'll put in a few of our own:

  • UDP / Src or Dst / 5060 / Class A / SIP
  • UDP / Src or Dst / 10000-20000 / Class A / RTP
  • TCP or UDP / Dst Port / 53 / Highest / DNS
  • TCP / Dst Port / 80,443 / High / HTTP & HTTPS
  • TCP / Src or Dst / 25,110,143 / Medium / Email (SMTP POP3 IMAP)
  • TCP or UDP / Src or Dst / Class C Bulk Traffic
  • GRE / Src or Dst / Class E / PPTP VPN (GRE)

Why? We prioritize VoIP first of all, at all times we want our voice to be perfect. Next we do DNS so that pages 'feel' like they're loading quickly (Especially with OpenDNS). We want HTTP & HTTPS in their own little queue, followed by Email.
Im also putting PPTP VPN into a class of it's own, as I use that a bit myself for a variety of things.
Finally, we're already technically classifying anything that isnt classified as Bulk Traffic / Class C, but this rule just re-affirms it.

Scroll down, hit Save, then make a call to a local freephone number out your local SIP connection to see if this is working.

Step 5) Confirmation and Corrections

Now comes the testing part. You should be able to click on QoS –> View Graphs, and while you're on a call you'll see Class A has a bit of traffic in it. If you click on the Class A title it will take you to a screen where you can now also see the IP that the traffic is going to. With a bit of luck, this should be your Elastix box (If you've got a remote extension) or your ITSP (If your Elastix box is local).

From here, it's a matter of keeping an eye on the graphs over the next few days / weeks and seeing what really goes on through your Internet Connection. You may be quite surprised at what you see.

If you run into any troubles, feel free to post on the Elastix Forums and either myself or one of the many other helpful regulars will be able to assist.





broken image