Hello!
Here’s what I’m struggling with. I have OpenVPN server at 192.168.0.99. Also I have video surveillance device (NVR) at 192.168.0.153. And of course the whole network at 192.168.0.0/24. My goal is set the highest priority for 0.153 traffic, then go VPN clients (0.99’s port is forwarded outside) and the last priority have all other network participants. So whenever someone in the network starts to download something, his downloading won’t affect the speed of NVR and total speed (max-limit) of VPN clients.
/queue simple
add dst=ether1-wan max-limit=100M/100M name=QoS-simple priority=1/1 target=“” total-queue=ethernet-default
add queue=pcq-upload-default/pcq-download-default limit-at=50M/50M parent=QoS-simple priority=1/1 max-limit=100M/100M name =NVR target=192.168.0.153/32
add queue=pcq-upload-default/pcq-download-default limit-at=40M/40M parent=QoS-simple priority=2/2 max-limit=60M/60M name=VPN target=192.168.0.99/32
add queue=pcq-upload-default/pcq-download-default parent=QoS-simple priority=8/8 name=LAN target=192.168.0.0/24
According to most guides, I should not set dst for my queue. But if I don’t do it, I see zeroes in the statistics of the queue and child queues, which tells me that queues don’t work at all. Only after I set my WAN interface (connection type - static address) as dst something starts to work. The way I test my setup is using iperf for VPN client and browser downloading as regular network’s participant. NVR is using nearly 50M/s itself, so I just track is it affected or not. Long story short: 0.153 and 0.99 ARE affected when someone in the network starts his download UNTIL I set up a Queue Tree in addition to my Simple Queues:
/queue tree
add limit-at=100M max-limit=100M name=QoS-tree packet-mark=no-mark parent=global priority=1 queue=default
Now 0.153 stays mostly unaffected with somebody’s download, but as VPN client I get significantly speed reduce. Maybe I wrongly treat VPN client’s traffic as 0.99’s traffic, because when I open Connections I see VPN traffic like: Source - <client’s white IP>, Destination - :<port where 0.99 if forwarded to>. But when I look to the queue statistics for 0.99 I see exactly the same amount of traffic which iperf generates. So I don’t get how should look my queues in this case.
Please, help me to set up traffic prioritization for this setup.
chechito, thanks for the reply. Unfortunately, I witness the same picture with your rules: when I start a download it cripples the NVR’s speed. I didn’t do the right math between Limit At of all rules, but it’s just a pure logic when NVR downloads at 50M when network mostly idles, and then drops to 20M (the download is going on the host from 192.168.0.0/24 where’s no Limit At at all) - it’s not working. I can tell it by how NVR has a speed spike to 99M right after I stop download.
Also, I’ve read a lot about fasstrack, but not sure - does it enable by just Firewall’s Filter Rule with action ‘fasstrack connection’ or anywhere else? I have no firewall’s rule with fasttrack action.
The funniest thing about parent queue for target=192.168.0.0/24 without dst= is that upload (yeah, only UPLOAD) gets doubled when it comes to child queues. There’s no mistake or coincidence - the traffic on the screenshot is the same!
After countless test attempts, the only nearly working (as it seems) rules for me (without additional Queue Tree) look like:
There are some speed differences from my initial example, but it’s not important.
NVR speed stays mostly unaffected, VPN speed (orange rectangle) gets significantly reduced with a download somewhere in LAN (black rectangle):
Now I stop the downloading (the moment is marked with the arrow) and get:
Well, since even the simple queue for equal speed among /24 network works strange in my case, guess the problem is somewhere else. Thank for the help, chechito!
