When I started using the EdgeRouter Lite, I knew that it was quite powerful and could handle pretty much anything I threw at it. Last week I had to send a very large file to a co-worker, so I put it in Dropbox and soon saw Dropbox use pretty much 100% of my upstream bandwidth; I tried limiting the upstream bandwidth in Dropbox, but the setting failed to do anything. Someone tried to call us on our Ooma and I had trouble with the call, so I stopped the Dropbox upload and turned on the Network Link Conditioner on my Mac to limit the upload.
That evening I started playing with Quality of Service (QoS) on the EdgeRouter Lite to see what I could do to prioritize the voice traffic and limit bandwidth while making calls. After much research over about a week, I finally managed to come up with a configuration that seems to work. There are lots of guides out there, but I didn’t quite understand them, so I’ll do what I can to explain what I’ve done here. If there are any errors or tips, feel free to let me know.
First up, I setup a DOWNLOAD traffic-policy to handle downstream bandwidth. I’m not sure that this is truly necessary as I’ve been unable to continuously max out my downstream connection and when Time Warner Cable upgrade to MAXX this November, it will become less of an issue.
I SSH’d into the box and did the following:
configure
set traffic-policy shaper DOWNLOAD bandwidth 60mbit
DOWNLOAD is an arbitrary label. 60mbit is my total downstream bandwidth.
set traffic policy shaper DOWNLOAD class 10 bandwidth 25%
set traffic policy shaper DOWNLOAD class 10 burst 2.5k
set traffic policy shaper DOWNLOAD class 10 ceiling 50%
set traffic policy shaper DOWNLOAD class 10 description RTP
set traffic policy shaper DOWNLOAD class 10 match VOIP-RTP ip dscp 46
set traffic policy shaper DOWNLOAD class 10 match VOIP-RTP-ipv6 ipv6 dscp 46
set traffic policy shaper DOWNLOAD class 10 priority 7
set traffic policy shaper DOWNLOAD class 10 queue-type fair-queue
This sets up a “rule” given this particular traffic a minimum of 25% of the total bandwidth and caps it at 50% of the total bandwidth. It matches on the VOIP RTP packet header. The docs say that the priority is 0 to 7 where 7 is the highest priority. Note that the docs say that for default, 7 is the lowest priority.
set traffic policy shaper DOWNLOAD class 20 bandwidth 5%
set traffic policy shaper DOWNLOAD class 20 burst 2.5k
set traffic policy shaper DOWNLOAD class 20 ceiling 50%
set traffic policy shaper DOWNLOAD class 20 description RTP
set traffic policy shaper DOWNLOAD class 20 match VOIP-SIP ip dscp 24
set traffic policy shaper DOWNLOAD class 20 match VOIP-SIP-ipv6 ipv6 dscp 24
set traffic policy shaper DOWNLOAD class 20 priority 7
set traffic policy shaper DOWNLOAD class 20 queue-type fair-queue
The bandwidth values are pretty arbitrary as VOIP should never use that much bandwidth on my network.
set traffic policy shaper DOWNLOAD class 30 bandwidth 10%
set traffic policy shaper DOWNLOAD class 30 burst 2.5k
set traffic policy shaper DOWNLOAD class 30 ceiling 20%
set traffic policy shaper DOWNLOAD class 30 description OOMA
set traffic policy shaper DOWNLOAD class 30 match OOMA-ADDRESS ip destination 10.0.1.102/32
set traffic policy shaper DOWNLOAD class 30 match OOMA-MAC there destination 00:00:00:00:00:00
set traffic policy shaper DOWNLOAD class 30 priority 7
set traffic policy shaper DOWNLOAD class 30 queue-type fair-queue
This rules gives my Ooma box guaranteed bandwidth; the matching is an ANY so either match will work. I really don’t need both matches, but I put it here to try things out.
set traffic policy shaper DOWNLOAD default bandwidth 65%
set traffic policy shaper DOWNLOAD default burst 15k
set traffic policy shaper DOWNLOAD default ceiling 100%
set traffic policy shaper DOWNLOAD default priority 7
set traffic policy shaper DOWNLOAD default queue-type fair-queue
This is for any traffic that doesn’t match the other rules. Note that the total bandwidth (not ceiling) should add up to 100%.
Something similar for UPLOAD:
set traffic-policy shaper UPLOAD bandwidth 6mbit
set traffic policy shaper UPLOAD class 10 bandwidth 25%
set traffic policy shaper UPLOAD class 10 burst 2.5k
set traffic policy shaper UPLOAD class 10 ceiling 50%
set traffic policy shaper UPLOAD class 10 description RTP
set traffic policy shaper UPLOAD class 10 match VOIP-RTP ip dscp 46
set traffic policy shaper UPLOAD class 10 match VOIP-RTP-ipv6 ipv6 dscp 46
set traffic policy shaper UPLOAD class 10 priority 7
set traffic policy shaper UPLOAD class 10 queue-type fair-queue
set traffic policy shaper UPLOAD class 20 bandwidth 5%
set traffic policy shaper UPLOAD class 20 burst 2.5k
set traffic policy shaper UPLOAD class 20 ceiling 50%
set traffic policy shaper UPLOAD class 20 description RTP
set traffic policy shaper UPLOAD class 20 match VOIP-SIP ip dscp 24
set traffic policy shaper UPLOAD class 20 match VOIP-SIP-ipv6 ipv6 dscp 24
set traffic policy shaper UPLOAD class 20 priority 7
set traffic policy shaper UPLOAD class 20 queue-type fair-queue
set traffic policy shaper UPLOAD class 30 bandwidth 10%
set traffic policy shaper UPLOAD class 30 burst 2.5k
set traffic policy shaper UPLOAD class 30 ceiling 20%
set traffic policy shaper UPLOAD class 30 description OOMA
set traffic policy shaper UPLOAD class 30 match OOMA-ADDRESS ip source 10.0.1.102/32
set traffic policy shaper UPLOAD class 30 match OOMA-MAC there source 00:00:00:00:00:00
set traffic policy shaper UPLOAD class 30 priority 7
set traffic policy shaper UPLOAD class 30 queue-type fair-queue
set traffic policy shaper UPLOAD default bandwidth 60%
set traffic policy shaper UPLOAD default burst 15k
set traffic policy shaper UPLOAD default ceiling 100%
set traffic policy shaper UPLOAD default priority 7
set traffic policy shaper UPLOAD default queue-type fair-queue
set interfaces ethernet eth1 redirect ifb1
set interfaces ethernet eth1 traffic-policy out DOWNLOAD
set interfaces input ifb1 traffic-policy out UPLOAD
commit
save
The last bit above tells eth1 (my LAN interface) to use the download policy (out means leaving the box). In order to get the upload to work, I’ve told the interface to redirect the traffic to the “input” interface and then applied the QoS policy.
One drawback to QoS is that with the 1.7 firmware, traffic analysis doesn’t work. Ubiquiti has said that they may add traffic analysis to QoS packets. In addition, the release notes indicate that at higher bandwidths, QoS bogs down the box and limits the bandwidth. So, when my cable modem gets upgraded, I may turn off the DOWNLOAD policy, but can still keep the UPLOAD policy which is where most of the problem lies.
After setting all of this up, I was able to run a download test and still maintain a voice call, so I succeeded in my mission. I’m sure something isn’t quite right and I’ll be tweaking this again when iOS 9 brings WiFi calling as I’m not sure that my policies will match the correct traffic.
Putting this all together, I got the following configuration:
traffic-policy {
shaper DOWNLOAD {
bandwidth 60mbit
class 10 {
bandwidth 25%
burst 2.5k
ceiling 50%
description RTP
match VOIP-RTP {
ip {
dscp 46
}
}
match VOIP-RTP-IPv6 {
ipv6 {
dscp 46
}
}
priority 7
queue-type fair-queue
}
class 20 {
bandwidth 5%
burst 2.5k
ceiling 50%
description SIP
match VOIP-SIP {
ip {
dscp 24
}
}
match VOIP-SIP-IPv6 {
ipv6 {
dscp 24
}
}
priority 7
queue-type fair-queue
}
class 30 {
bandwidth 5%
burst 2.5k
ceiling 10%
description OOMA
match OOMA-ADDRESS {
ip {
destination {
address 10.0.1.102/32
}
}
}
match OOMA-MAC {
ether {
destination 00:00:00:00:00:00
}
}
priority 7
queue-type fair-queue
}
default {
bandwidth 65%
burst 15k
ceiling 100%
priority 7
queue-type fair-queue
}
}
shaper UPLOAD {
bandwidth 6mbit
class 10 {
bandwidth 25%
burst 2.5k
ceiling 50%
description RTP
match VOIP-RTP {
ip {
dscp 46
}
}
match VOIP-RTP-IPv6 {
ipv6 {
dscp 46
}
}
priority 7
queue-type fair-queue
}
class 20 {
bandwidth 5%
burst 2.5k
ceiling 50%
description SIP
match VOIP-SIP {
ip {
dscp 24
}
}
match VOIP-SIP-IPv6 {
ipv6 {
dscp 24
}
}
priority 7
queue-type fair-queue
}
class 30 {
bandwidth 10%
burst 2.5k
ceiling 20%
description OOMA
match OOMA-ADDRESS {
ip {
source {
address 10.0.1.102/32
}
}
}
match OOMA-MAC {
ether {
source 00:00:00:00:00:00
}
}
priority 7
queue-type fair-queue
}
default {
bandwidth 60%
burst 15k
ceiling 100%
priority 7
queue-type fair-queue
}
}
}
interfaces {
ethernet eth1 {
address 10.0.1.1/24
description Local
duplex auto
redirect ifb1
speed auto
traffic-policy {
out DOWNLOAD
}
}
input ifb1 {
traffic-policy {
out UPLOAD
}
}
}
There is no real need to set a policy on the download side. The router will have no difficulty dealing with each packet as fast as they could possibly arrive, being that your local network should be considerably faster than the internet connection. The only real ability to reduce download congestion is from the ISP side, as they will send the packets to you at the same rate regardless of what sort of policy you apply.
Anyhow, thanks for the post; it was of great assistance in getting my own policy setup. I used yours as a starting point and grew it from there, with a few tweaks.
I noticed that class 20/30 were never actually being used (show queueing ethernet eth0); so I deleted them. I did not use any interim interfaces as I was only interested in the upload, I removed the burst/ceiling commands as I was happy with the default values, and I set the priorities based upon the IEEE P802.1P recommended values. I also changed the bandwidth values, though I am guessing at best.
Below is the pertinent portions of my config which seems to work well enough, based upon my non-scientific testing.
interfaces {
ethernet eth0 {
address dhcp
description Internet
…
traffic-policy {
out UPLOAD
}
}
traffic-policy {
shaper UPLOAD {
bandwidth 5mbps
class 10 {
bandwidth 10%
description RTP
match VOIP-RTP {
ip {
dscp 46
}
}
match VOIP-RTP-V6 {
ipv6 {
dscp 46
}
}
priority 5
queue-type fair-queue
}
default {
bandwidth 25%
priority 1
queue-type fair-queue
}
}
}
Can this be done in the GUI? I’m wanting to give priority to computers that live stream or limit speeds of services like Apple App Store updates and downloads on our guest network. Thanks for your posts. Been helped already.
Hi Douglas,
The Edge OS 1.8 firmware has some more priority and queuing features in it, but I haven’t updated up. Also, I’ve turned off QoS due to an increase in my cable modem speed (now 300 down/20 up).
I’d give 1.8 a try to see if it can do what you want in the GUI.
Good luck!
I have 1.8. Just wondering how it’s done. Thanks for your reply.
HI Scott,
Thanks for updating .i am new user and i am running with my device OS1.8.could you tell me how to do that with GUI mode.
Thanks
Hi Hammad,
I’m not using 1.8 now, so unfortunately I don’t know how to do this with the GUI. Maybe the Ubiquiti forums can help or their support staff can help.
Good luck!
What made you decide to use dscp 24 instead of dscp 26. Does ooma use dscp 24?
Hi Steve,
Unfortunately I don’t recall why I did this! I’ve since turned it off as I have more than enough bandwidth that I haven’t needed QoS.
Thank you for this great information, I hope someone can assist me… I have looked everywhere and i cannot figure out (despite the routers ability to identify Dropbox (file-transfer) traffic) how to restrict upload / download of specific types of traffic based up the “service type”.
I have already enable smart queue, which made decent improvements overall. But many of our users use dropbox and when file transfers are in progress the video chats in the conference rooms (very important!) degrade.
The traffic analysis tab is amazing, it can tell the difference between Gmail, Web – Other, Dropbox (when mouse-over it says Built-In Category File-Transfer) but how can i control the bandwidth allowed for these services?
So far the only thing I was able to do was create a shaper policy for the specific ip’s of my video conferencing devices, and that is for guaranteeing minimum upload bandwidth only.
Thank you!
I have been searching for this for months, finally found it:
…
2. Create leaf queue 101 and relative filter 101 for limiting overall upload file-transfer with rate 2mbit
set traffic-control advanced-queue leaf queue 101 bandwidth 2mbit
set traffic-control advanced-queue leaf queue 101 description file-transfer
set traffic-control advanced-queue leaf queue 101 parent 100
set traffic-control advanced-queue filters match 101 application category File-Transfer
set traffic-control advanced-queue filters match 101 attach-to 100
set traffic-control advanced-queue filters match 101 description ‘limit file-transfer’
set traffic-control advanced-queue filters match 101 target 101
I’m no expert but that should get you started, see original articles:
https://help.ubnt.com/hc/en-us/articles/220716608-EdgeRouter-Advanced-queue-CLI-examples
https://help.ubnt.com/hc/en-us/articles/218732788-EdgeMax-Create-a-Firewall-Rule-using-Deep-Packet-Inspection-DPI-
Hi David,
Thanks for the tip! I’ve switched to the USG and haven’t bothered with QoS since I went to 300 up/20 down.
We have 100/100, however that really doesn’t matter in our case because dropbox or google drive traffic will saturate nearly any amount of bandwidth, maybe not as bad if the upstream was at 300… but once even a little saturated video quality on these dedicated “HighFive” devices just becomes laggy and degraded beyond belief…
So far i was able to give them a reserved floor of 40MBps upstream via there IP since it never changes, but that doesnt help them compete on the downstream side of things. (Used the traffic-shaper policy as such: set traffic-policy shaper DOWNLOAD class 1001 match ADDR ip destination address ‘192.168.1.100/32’ )
And whats more is random people use their laptops to communicate with the highfive’s (i think out to the highfive cloud server if not mistaken) so they don’t get any upstream reservation benefit, and no way to grant it to them since its always someone different, who also is a file-transfer offender… this would be easy if i could just tick some boxes and limit overall traffic with a GUI ๐ i really don’t undertand the tree-branch-leaf setting either…
Hi David,
The UniFi controller (for the USG) has a way to limit traffic based on groups. I donโt know anything abou this, but I suspect it does some type of traffic shaping.
I just realized how extensive your blog is, i tried scrolling to the bottom, but it kept going, then i gave up. I think i will have a lot of great reading to do for a while, thanks in advance ๐ have a great night! If you ever need anything, keep my email.
Hi David,
Thanks for reading! Enjoy reading my random writings!
Oh it is graphical… i just have a lot more to learn, this is a great article, it’s long, must scroll down…
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-8-0/ba-p/1490756