[SOLVED] QoS Server Setup separate from gateway/router

[darrellbunger]

The basic question here is: Can I set up an alternate device to run QoS service, other than my gateway, that isn't funneling all traffic through it?

Every setup instruction I find says to use the WAN as the interface; this assumes my QoS is being set up on the gateway.


Image of Network Map (Basic)

My setup:

1. Netgear C7000 as my gateway and primary WAP
2. Netgear R7800 w/OpenWRT as a wire-bridged remote WAP on same subnet
3. Raspberry Pi2 B as DHCP/DNS server running PiHole (uses dnsmasqd as the DHCP/DNS server)

I do not have the option of QoS on #1 my gateway, as Xfinity controls the firmware updates and does not offer a QoS option.

OpenWRT, of course, offers plenty of options for QoS and I am currently trying out luci-app-sqm. Instead of using the eth1 WAN, I want to know if this will work on a device that is not my gateway, ie on the OpenWRT remote WAP's br-lan interface (eth0, eth0.1 and eth0.2 for my LAN, 5g and 2.4g respectively). I'm thinking this is probably an under-the-hood SSH-in kind of tweak... but not sure.

I also have plenty of options available with the Raspberry Pi 2B, but again stuck on whether I can use it as a standalone QoS server that will actually apply QoS rules to traffic/packets. As I understand QoS, this should be possible but that doesn't mean I understand correctly.

NOTE-FYI on OpenWRT-luci-app-sqm, I don't really see any difference in service just yet, I'm probably being impatient. I just need to know as my searching on QoS doesn't really lend any help on if I can run a QoS service on a device that is not funneling all traffic to/through the gateway, i.e. a second router connected by wire on the same subnet with distributed wireless traffic shared between two WAPs (my situation, see diagram).

 

[kanewolf]

The basic question here is: Can I set up an alternate device to run QoS service, other than my gateway, that isn't funneling all traffic through it?

Every setup instruction I find says to use the WAN as the interface; this assumes my QoS is being set up on the gateway.


Image of Network Map (Basic)

My setup:

1. Netgear C7000 as my gateway and primary WAP
2. Netgear R7800 w/OpenWRT as a wire-bridged remote WAP on same subnet
3. Raspberry Pi2 B as DHCP/DNS server running PiHole (uses dnsmasqd as the DHCP/DNS server)

I do not have the option of QoS on #1 my gateway, as Xfinity controls the firmware updates and does not offer a QoS option.

OpenWRT, of course, offers plenty of options for QoS and I am currently trying out luci-app-sqm. Instead of using the eth1 WAN, I want to know if this will work on a device that is not my gateway, ie on the OpenWRT remote WAP's br-lan interface (eth0, eth0.1 and eth0.2 for my LAN, 5g and 2.4g respectively). I'm thinking this is probably an under-the-hood SSH-in kind of tweak... but not sure.

I also have plenty of options available with the Raspberry Pi 2B, but again stuck on whether I can use it as a standalone QoS server that will actually apply QoS rules to traffic/packets. As I understand QoS, this should be possible but that doesn't mean I understand correctly.

NOTE-FYI on OpenWRT-luci-app-sqm, I don't really see any difference in service just yet, I'm probably being impatient. I just need to know as my searching on QoS doesn't really lend any help on if I can run a QoS service on a device that is not funneling all traffic to/through the gateway, i.e. a second router connected by wire on the same subnet with distributed wireless traffic shared between two WAPs (my situation, see diagram).

What WAN speed do you have? QOS is not of significant value if you are not filling your upload bandwidth. It also won't significantly change download bandwidth usage.

 

[darrellbunger]

What WAN speed do you have? QOS is not of significant value if you are not filling your upload bandwidth. It also won't significantly change download bandwidth usage.

I'm trying to diagnose why my video conferencing tells me often that I have low bandwidth or unstable connection... when my advertised and tested BW should be more than enough to video conference.

My WAN speed is advertised at 500Mb/s Down // 30Mb/s Up, but real world I get around 420-440Mb/s Dn // 20 Mb/s Up during peak time... and you make a good point. I did not properly stress my network yet to see if QoS is kicking in while set to work on my br-lan interface.

I'll do this later this evening and report. I have a video conference to attend later tonight at peak time, and before I go into it I'll start a few torrents and make sure my gamer son is actively gaming a session while my wife streams video on flix. That should be a pretty good test, yes?

 

[bill001g]

Have you even tested your speed when you have the QoS enabled. Modern routers use a feature that lets nat traffic bypass the CPU. As soon as you use any form of QoS all the traffic must pass via the cpu and it caps the speed on even very fast routers to 250-300mbps. Last I heard just loading dd-wrt on the router make it so you can not use the NAT acceleration unless they somehow got past the licensing restrictions for using that feature.

That fast a connection you should never have issues. You are best off with the router set to do nothing but NAT to avoid any delays in the traffic.

Note if you run lan-lan on the dd-wrt router all the traffic stays in the switch chip and no QoS will be applied.

 

[darrellbunger]

Have you even tested your speed when you have the QoS enabled. Modern routers use a feature that lets nat traffic bypass the CPU. As soon as you use any form of QoS all the traffic must pass via the cpu and it caps the speed on even very fast routers to 250-300mbps. Last I heard just loading dd-wrt on the router make it so you can not use the NAT acceleration unless they somehow got past the licensing restrictions for using that feature.

That fast a connection you should never have issues. You are best off with the router set to do nothing but NAT to avoid any delays in the traffic.

Note if you run lan-lan on the dd-wrt router all the traffic stays in the switch chip and no QoS will be applied.

Very well, this sounds reasonable and makes sense. I believe this also answers my initial question:

Can I run QoS service on a server that is not my router?

From what I gather here, the answer is NO, as there is no traffic passing through either CPU on those devices that are not serving a gateway connection. Right?

 

[bill001g]

That is the problem you must somehow find a way that the cpu on the devices can intercept the traffic. They technically don't have to be the gateway but that is the easiest way to implement it. There are layer 2 firewalls that can be placed physically inline and process traffic but these tend to be rather complex to configure. One of the larger issues is how you get the device placed between all the traffic since wifi to the main internet router would bypass it.

The key to remember is QoS is purely a method to select which traffic gets to go first. When you have a very large internet connection it is highly unlikely you are going to get data queues where a selection must be made. Traffic will always be sent immediately.

Beside you can't actually run QoS on the download link. The ISP decides what to send and what to discard or delay. By the time your router is involved the damage is done. Any thing you see that claims to do QoS on the download side is just attempting to trick the end user applications into requesting less traffic. This is why it is impossible for large companies to stop denial of service attacks without help form the ISP.

 

[darrellbunger]

That is the problem you must somehow find a way that the cpu on the devices can intercept the traffic. They technically don't have to be the gateway but that is the easiest way to implement it. There are layer 2 firewalls that can be placed physically inline and process traffic but these tend to be rather complex to configure. One of the larger issues is how you get the device placed between all the traffic since wifi to the main internet router would bypass it.

The key to remember is QoS is purely a method to select which traffic gets to go first. When you have a very large internet connection it is highly unlikely you are going to get data queues where a selection must be made. Traffic will always be sent immediately.

Beside you can't actually run QoS on the download link. The ISP decides what to send and what to discard or delay. By the time your router is involved the damage is done. Any thing you see that claims to do QoS on the download side is just attempting to trick the end user applications into requesting less traffic. This is why it is impossible for large companies to stop denial of service attacks without help form the ISP.

Makes sense, esp the DoS part, which I knew but forgot about. I have no control over the bandwidth issues I'm seeing here and its not anywhere close to being serious enough for me to consider bothering Xfinity about, not that they'd take it seriously haha. I'm not that important.

Not that my goal isn't worthwhile in any way, as an exercise at least. I may still learn how to set it up just for sake of learning purposes but like you said, chances are whatever issues I'm seeing are happening before traffic even hits my gateway.