Prioritizing ACK/SYN/FIN/RST packets

[shm0]

Hi
most other routers have an option to prioritize ACK/SYN/FIN/RST packets.
Im trying to implemented this into my current setup.

I currently have the following classes both for upload and download:
Maximum 60% for ACK/SYN/FIN/RST packets
Express 25% HTTP, DNS, Games, Putty, IRC and so on
Standard 14% Default Class: HTTP over 1024 Connection bytes.
Bulk 1% Torrent

I came up with this rules:
Upload:

Code: Select all

i
ptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags ACK ACK -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags SYN SYN -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags RST RST -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags FIN FIN -m length --length :64 -j MARK --set-mark 0x2

Download:

Code: Select all

iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags ACK ACK -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags SYN SYN -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags RST RST -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags FIN FIN -m length --length :64 -j MARK --set-mark 0x200

Is this the right way to do? And does it matter where the rules are inserted? For example should they go the top or bottom?
Before or after the bulk class? (Torrents can cause high ack traffic?)

Thanks!

[shm0]

I discarded my first attempt because there are too much rules to setup.
And now im back to this approach
http://www.gargoyle-router.com/phpbb/vi ... =12&t=7532
which already works quite well (thanks dumass777)

But i tought maybe this can be improved.

So came up with this:
Currently i use the following priority classes:
Max 60% - For ACK SYN FIN RST packets; max size 64
Fast 30% - Other Small Packets; Size 65-512
Normal 10% - Everything else.
For both upload and Download.

There is no option in the gui to set tcp flags, so this has to be added manually. To do this edit /etc/init.d/qos_gargoyle
Upload:
Around Line 453 add below apply_all_rules

Code: Select all

iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags ACK ACK -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags SYN SYN -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags RST RST -m length --length :64 -j MARK --set-mark 0x2
iptables -t mangle -A qos_egress  -p tcp -m tcp --tcp-flags FIN FIN -m length --length :64 -j MARK --set-mark 0x2

Download:
Around Line 607 add below apply_all_rules:

Code: Select all

iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags ACK ACK -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags SYN SYN -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags RST RST -m length --length :64 -j MARK --set-mark 0x200
iptables -t mangle -A qos_ingress  -p tcp -m tcp --tcp-flags FIN FIN -m length --length :64 -j MARK --set-mark 0x200

To get the mark bits. Add a dummy priority to the max class and execute iptables -t mangle -L
But i think the highest class always starts with 0x2/0x200

The packet sizes maybe need some tweaking.
I got the size for the ack packets from ddwrt. But in some older openwrt scripts 128 was used. dumass777 mentioned an average size of 80bytes for ack packets.
And maybe add an additional class for pactkes with size 513-1024 bytes?

Also for asymmetric lines with way higher download as upload there is no need to give the max class 60% ? (Download QoS)
I found this formula on the pfsense forum:
There it seems max is around ~6% download bandwidth for a symmetric line. For asymmetric lines it is way lower ~2%.
https://forum.pfsense.org/index.php?top ... 5#msg42685

But i think it is a bit off. For Example i have 150/5 (yeah way too low upload) which has B/A of 30. The table only goes up to a B/A of 20 and there is already 93% Upload used. That would mean i need over 100% upload ? But in my test i only need around 60%.

What are your thoughts about this ?

[dumas777]

Yeah gargoyle's rules give you quite a bit of flexibility. I actually ended up having only one upload class (in class bandwidth sharing for basically free is awesome and the biggest advantage to sfq) and two download classes. One of which is set to %99 with a minimal bandwidth minimum and minimize RTT on the ACC. The other class is %1, maximize throughput and is the default class. The only few rules are for some console gaming udp port traffic to go to the %99 class (ie. jump ahead of everything else) and trigger the minimize RTT. Normally you would want to set a maximum limit to prevent this class starving the other(s) but I found for some reason this increases latency slightly and don't set one because my rules don't allow for a bandwidth hog in the %99 class. As for prioritizing acks etc I have actually found this to not be that useful from a latency standpoint. Acks and most of the others apply much more to TCP than UDP and TCP streams are generally much more bulk class and less time sensitive. It could improve your throughput though. Also for ack packet size that will depend on the link layer of (ethernet or ATM (DSL, etc)) of the WAN interface. For example with PPPoE its basically impossible to send a packet smaller than 106 bytes (lots of extra overhead simply because France had to have its way) which is why ATM is complete garbage for a tcp/ip world (and lots of the reason why DSL lost the war) but I digress, Oh and there is only a second s at the end of my name when I am trolling.

[Lantis]

Well that makes sense, UDP is a best effort stream protocol. It doesn't care for ACKs TCP does.

[shm0]

I went back to this setup and used it as my base again:
http://www.gargoyle-router.com/phpbb/vi ... =12&t=7532

Upload: 4700 kbits/s
Download: 150000 kbits/s

I added two extra classes.
So my classes are currently
Fast: 69% - Max Packet Size 400; DNS
Normal: 29% - Default Class
Games: 1% - Min Bandwith: 3525 kbit/s
Bulk: 1% - Torrents for example

I gave the game class relative high bandwidth because here in my network there some multiple games and Voice Chats used. Is this a good idea to set relative high min bandwidth? And should games and Voice Chat each have their own class?

About that ACK priority thing.. yeah i dropped that idea.
Because i have a relative small upload for my download.
But with that current setup the ACK packets are caught by the max 400 packet size rule and putted in the fast class. Maybe i will add the ack packet rule back but mark them for the normal or bulk class. The other important packets (syn/fin/rst) are then still caught by the max packet size 400 rule.

[shm0]

Im currently trying to replace sfq with fq_codel.
It works... but only for a short time period.
Then the connection to the router/internet is lost.
It recovers after a few seconds. This will repeat four or five times.
Then the connection doesnt recover anymore.
Someone knows what is going wrong here?

Current Qos Script:
http://pastebin.com/NPFe3uV9