What's new

Beta Asuswrt-Merlin 386.2 Beta is now available

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
ack-filter should only be used in upload (not in download) and I think you should inform that this feature is especially for DSL and cable subscribers, because the links/connection is asymmetric.
Agreed that it is only useful for asymmetric links (15:1 or greater).
 
I may be the last to realize this, but the washing happens AFTER the traffic is put into tins. I wrongly assumed it was washing the DSCP before tin classification.
This feels odd to me. Is the documentation explicit about this behaviour?
 
This feels odd to me. Is the documentation explicit about this behaviour?
The man page on wash mentions it subtly below, but I think the code in cake_handle_diffserv is clear. It saves the dscp value, then changes it in the packet header, then returns the saved dscp value.

Apply the wash option to clear all extra diffserv (but not ECN bits), after priority queuing has taken place.
tc-cake(8) - Linux manual page (man7.org)
 
The man page on wash mentions it subtly below, but I think the code in cake_handle_diffserv is clear. It saves the dscp value, then changes it in the packet header, then returns the saved dscp value.


tc-cake(8) - Linux manual page (man7.org)
Sounds counterintuitive to me, but as long the documentation matches the code... :)
 
Sounds counterintuitive to me, but as long the documentation matches the code... :)
Dave Taht said:
The point being that the damn tos bits should be cleared on ingress to
avoid confusing other stuff inside your own dmark. Right now, nearly all
traffic on my principal use case (comcast) gets marked as background.
This means that much traffic hits the wifi - and ends up in the
background wifi queue.
I think the rationale is the downstream impact on WiFi's use of DSCP in WMM.
 
Looking for Cake users to run an experiment.


(BTW this is an example on how someone can override the current Cake implementation).
 
Is the logged in account session timeout bug resolved in new version?
 
Agreed that it is only useful for asymmetric links (15:1 or greater).

Does asymmetric links (15:1 or greater) mean that the effective download bandwith has to be at least a ratio 15:1 compared to upload bandwidth? Would that mean that with my Docsis 3.0 Cable connection 250/25 I would not benefit from adding ack-filter on uploads, as the ratio between down and up isnt't large enough?

I wonder whether the assumed ratio isn't too big then, as ack-filter does seem to make a difference when enabled, especially when it comes to bufferbloat.:

with-ack filter:
67738756.png


without ack-filter
67738856.png
 
Does asymmetric links (15:1 or greater) mean that the effective download bandwith has to be at least a ratio 15:1 compared to upload bandwidth? Would that mean that with my Docsis 3.0 Cable connection 250/25 I would not benefit from adding ack-filter on uploads, as the ratio between down and up isnt't large enough?
You are unlikely to see any benefit.

The problem comes about because as you saturate your download with TCP traffic, the upload channel needs to send ACK packets at an ever increasing rate. There is a point, where the upload link can't send them fast enough to keep up, and hence the downloads slow down. ACK-filter is a bit of a hack that combines several acks together into a single packet rather than acknowledging everything separately.
 
You are unlikely to see any benefit.

The problem comes about because as you saturate your download with TCP traffic, the upload channel needs to send ACK packets at an ever increasing rate. There is a point, where the upload link can't send them fast enough to keep up, and hence the downloads slow down. ACK-filter is a bit of a hack that combines several acks together into a single packet rather than acknowledging everything separately.
You can't just look at the raw speeds available, you have to look at each use case as well. For my network I have 55mbps down, 11mbps up however I run CCTV cameras which stream out to the internet constantly. This means that whilst my connection has a 5:1 ratio I actually have more asymmetry in my available bandwidth. If we are then running heavy inbound TCP streams I see a benefit from ack filtering as my available upload bandwidth is much lower than my connection speed.

It's not just about the physical circuit speeds, but usage profiles too. If you never max out your upload you won't benefit from ack filtering, but if you hit your upload maximum and that traffic includes acks for an inbound stream, then your are likely to benefit.
 
Last edited:
It's not just about the physical circuit speeds, but usage profiles too. If you never max out your upload you won't benefit from ack filtering, but if you hit your upload maximum and that traffic includes acks for an inbound stream, then your are likely to benefit.
You're right. If you are consuming the uplink with other traffic, then that increases your "effective" UL/DL traffic ratio and will throttle acks.
 
I may be the last to realize this, but the washing happens AFTER the traffic is put into tins. I wrongly assumed it was washing the DSCP before tin classification.

I don't think this changes the preference for washing incoming DSCP and using besteffort on ingress, but I'm sharing my new learning anyway. :cool:

To know if DSCP is working Install Wireshark https://www.wireshark.org/download.html
  1. Select your Ethernet interface that you use to connect to the internet.
  2. Now need add some DSCP Columns to wireguard.
  3. Right click on a column.
  4. Click on “Column Preferences…”
  5. Press the + Sign twice.
  6. Title of the First one = ”DSCP Value”
  7. Type = ”IP DSCP Value”
  8. Title of the Second = ”DSCP”
  9. Type = ”Custom”
  10. Fields = ”ip.dsfield.dscp”
  11. Then resize columns until you see the DSCP columns.
  12. Right click on the ”DSCP Value” and ”DSCP” columns and select "Align Center".

When using "wash", the iptables DSCP does not work for WMM queue.

I've also added iptables rules for Teams and Zoom to ensure that it takes advantage of the Voice tin in diffserv3 on upload.
This is the contents of my /jffs/scripts/qos-start script. I have IPv6 enabled, so the last 4 lines aren't needed if you do not have IPv6 enabled.
Code:
#!/bin/sh

iptables -t mangle -D POSTROUTING -o eth0 -p udp -m multiport --dports 3478:3481 -j DSCP --set-dscp-class EF 2>/dev/null
iptables -t mangle -A POSTROUTING -o eth0 -p udp -m multiport --dports 3478:3481 -j DSCP --set-dscp-class EF
iptables -t mangle -D POSTROUTING -o eth0 -p udp -m multiport --dports 8001:8010 -j DSCP --set-dscp-class EF 2>/dev/null
iptables -t mangle -A POSTROUTING -o eth0 -p udp -m multiport --dports 8001:8010 -j DSCP --set-dscp-class EF

ip6tables -t mangle -D POSTROUTING -o eth0 -p udp -m multiport --dports 3478:3481 -j DSCP --set-dscp-class EF 2>/dev/null
ip6tables -t mangle -A POSTROUTING -o eth0 -p udp -m multiport --dports 3478:3481 -j DSCP --set-dscp-class EF
ip6tables -t mangle -D POSTROUTING -o eth0 -p udp -m multiport --dports 8001:8010 -j DSCP --set-dscp-class EF 2>/dev/null
ip6tables -t mangle -A POSTROUTING -o eth0 -p udp -m multiport --dports 8001:8010 -j DSCP --set-dscp-class EF
 
Last edited:
For the Beta testers, please have a look at the latest item coming out of the oven, primarily baked by @dave14305


Enjoy the tasty treats :)
 
For the Beta testers, please have a look at the latest item coming out of the oven, primarily baked by @dave14305


Enjoy the tasty treats :)
You need to be on the latest rmerlin beta to test this correct?

Update: just saw that you need to be in 386.2 Beta (latest).
 
I just updated my slave router with 386.2 beta (RT-AC68U) set on "Repeater Mode", and it shows on index page (front page) that the "Security level" is "Open System", which is incorrect. Bug? On the side of the Security Level under System Status, the slave router shows that encryption is enabled (WPA2-Personal/AES). My master router set on "Wireless Router" is still on 384.19, but will update it later. My master router is reporting the Security Level is set at WPA2-Personal.
 
Is the logged in account session timeout bug resolved in new version?
Autologout code is closed source and outside of my control.

Code:
merlin@ubuntu-dev:~/amng/release/src/router/httpd$ grep http_autologout * -r
Binary file prebuild/RT-AX86U/web_hook.o matches
Binary file prebuild/RT-AC5300/web_hook.o matches
Binary file prebuild/RT-AC86U/web_hook.o matches
Binary file prebuild/GT-AX11000/web_hook.o matches
Binary file prebuild/RT-AX56U/web_hook.o matches
Binary file prebuild/RT-AC3100/web_hook.o matches
Binary file prebuild/RT-AC88U/web_hook.o matches
Binary file prebuild/RT-AX58U/web_hook.o matches
Binary file prebuild/RT-AX88U/web_hook.o matches
Binary file prebuild/RT-AC68U/web_hook.o matches
Binary file prebuild/RT-AX68U/web_hook.o matches
Binary file prebuild/GT-AC2900/web_hook.o matches
 
20-March-2021: Beta 2 is now available. Changes since Beta 1:

Code:
1cf08f7d10 Updated documentation
86aae14fcb httpd: fix ouiDB.json location for browser caching
c402f3c108 tools: exclude web files that cause the optimizing tool to crash and leave temp files in the /www directory
bf6559ab5f shared: match with rx/tx var types for backup_rx/backup_tx in netdev_calc()
fe677008a5 webui: remove OpenVPN server Windows FAQ as it's missing from the Asus website
d57130c437 webui: store local copies of online json files; add code to refresh them
0d62444ab8 httpd: fix openvpn/pptpd account list getting truncated after one entry
1e6831e65a rc: make qos-start run in blocking mode
3b449faf84 rc: revert static DNS routes added with GPL 42095
9311e1661b webui: QoS Classification page: add warning in Cake mode; harmonise qos type handling with nvram value
592448890b rc: rewritten dnsfilter server table management
7577702a81 rc: fix pointer corruption in filter_setting()
4ffb00efed Merge branch 'master' of github.com:RMerl/asuswrt-merlin.ng
c5087ce589 Merge pull request #718 from sadoneli/master
1788f2ea14 add .dummy file for wlcsm to make sure GT-AX11000 passing fw build
7d85c4c849 Bumped revision to beta 2

I'm looking for more feedback from RT-AX68U and GT-AX11000 owners.

I also implemented a potential fix for the rstats traffic spikes. I have no way of testing it, so I have no idea if it resolved that particular issue or not - feedback from users who are able to reproduce the problem would be appreciated.
 
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top