QoS on encrypted Bittorrent?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Mon Jul 03, 2006 13:14    Post subject: QoS on encrypted Bittorrent? Reply with quote
Hi,

I'm using the v23 sp1 DD-WRT on my new WRT54GL and I love the features and stability and other things. Very good work and thanks :)

I just wanted to ask, if I'm using utorrent and using encryption, how I should set QoS on the router so that it still gets traffic shaped? I'm guessing using normal Bittorrent profile under QoS won't work because utorrent's encryption bypasses the traffic shaping set up by my ISP.

Currently, I have a profile under services that I made by selecting to filter the TCP/UDP ports. Is this correct? Or is there a better method (other filters)?

Thanks
Sponsor
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7300
Location: Dresden, Germany

PostPosted: Mon Jul 03, 2006 13:36    Post subject: Reply with quote
the bittorrent filter in dd-wrt does support the encrypted bit torrent headers. if there is another new encryption method it wont work. but so far i know theris not
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Mon Jul 03, 2006 13:47    Post subject: Reply with quote
Oh ok. Thanks !




Joined: 01 Jan 1970
Posts:

PostPosted: Mon Jul 03, 2006 19:07    Post subject: Reply with quote
Here's a simple thing to do, which is not only optimal but works for even encrypted and unidentified traffic:

Since typicall all your torrent activity is going to occur on high port numbers, just set all ports above 1024 to 'Bulk' mode. You can create a custom filter for this by using the 'Add' button to the list of service signatures in the QOS tab.

If there is any traffic you have on those high ports you don't want classified as Bulk, simply add a rule to exclude it.

As I said, this is more reliable, easier, and more optimal than an L7 having to work to try to match torrent traffic, often unsuccesfully even when not encrypted.
tievolu
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 31

PostPosted: Wed Jul 12, 2006 9:29    Post subject: Reply with quote
db90h wrote:
Since typicall all your torrent activity is going to occur on high port numbers, just set all ports above 1024 to 'Bulk' mode. You can create a custom filter for this by using the 'Add' button to the list of service signatures in the QOS tab.

If there is any traffic you have on those high ports you don't want classified as Bulk, simply add a rule to exclude it.


This sounds like a good idea - should lower CPU usage on the router.

However, I was just setting this up and something occurred to me. Which order are the QOS rules processed in? For example, to set this up, do I need to do this:

    [all ports above 1024] Bulk
    [non bulk port] Standard


or this:

    [non bulk port] Standard
    [all ports above 1024] Bulk



Also, the wiki says the following:

Quote:
It Seems as though the L7 Protocol (leave the port range at 0) works the best instead of choosing a port range. Though, this does add extra strain to your router
http://www.dd-wrt.com/wiki/index.php/Quality_of_Service

This sounds incorrect to me. Surely port based QOS works more reliably than L7 filtering?


Last edited by tievolu on Wed Jul 12, 2006 10:17; edited 2 times in total
tievolu
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 31

PostPosted: Wed Jul 12, 2006 9:48    Post subject: Reply with quote
BrainSlayer wrote:
the bittorrent filter in dd-wrt does support the encrypted bit torrent headers. if there is another new encryption method it wont work. but so far i know theris not


There is another encryption method, in Azureus at least - RC4. The L7 filters can't possibly work on that.




Joined: 01 Jan 1970
Posts:

PostPosted: Thu Jul 13, 2006 22:01    Post subject: Reply with quote
tievolu wrote:
db90h wrote:
Since typicall all your torrent activity is going to occur on high port numbers, just set all ports above 1024 to 'Bulk' mode. You can create a custom filter for this by using the 'Add' button to the list of service signatures in the QOS tab.

If there is any traffic you have on those high ports you don't want classified as Bulk, simply add a rule to exclude it.


This sounds like a good idea - should lower CPU usage on the router.

However, I was just setting this up and something occurred to me. Which order are the QOS rules processed in? For example, to set this up, do I need to do this:

    [all ports above 1024] Bulk
    [non bulk port] Standard


or this:

    [non bulk port] Standard
    [all ports above 1024] Bulk



Also, the wiki says the following:

Quote:
It Seems as though the L7 Protocol (leave the port range at 0) works the best instead of choosing a port range. Though, this does add extra strain to your router
http://www.dd-wrt.com/wiki/index.php/Quality_of_Service

This sounds incorrect to me. Surely port based QOS works more reliably than L7 filtering?


Yea, this method works great for me. I think that comment in the Wiki means to state the pupose of L7 filters, in that the can detect traffic types regardless port, and not that they really work 'better'. So, you're right, I think its wrong too.

The QOS entries work in the way that later ones take precedence over earlier ones. So you need to specify the bulk all upper ports, then any exclusions after that.
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7300
Location: Dresden, Germany

PostPosted: Thu Jul 13, 2006 22:03    Post subject: Reply with quote
dd-wrt doesnt use l7 for p2p filters. ipp2p is used
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
tievolu
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 31

PostPosted: Fri Jul 14, 2006 10:35    Post subject: Reply with quote
BrainSlayer wrote:
dd-wrt doesnt use l7 for p2p filters. ipp2p is used

Those filters work for the older protocol header encryption (PHE), but they won't work for full protocol encryption (PE).

I don't see how any packet inspection system could successfully classify a fully encrypted stream (obviously, that's the whole point!).

However, the port based method we discussed earlier will still work.
D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Fri Jul 14, 2006 12:17    Post subject: Reply with quote
So basically, this is what I should do :

1.) Create custom filter of TCP and UDP ports, with a range from 1024 to 65535
2.) Delete existing filters
3.) Add custom filter created in 1.)
4.) Re-add filters deleted in 2.)

Is this correct?

EDIT:

Here is a screenshot of what I did. The other filters are the default ones that come with the firmware and I can just choose them from a list. Will this suffice? Are there any other ports in the upper range that I should be giving standard/express/premium priority to?

D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Mon Jul 17, 2006 1:12    Post subject: Reply with quote
bump
tievolu
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 31

PostPosted: Mon Jul 17, 2006 9:55    Post subject: Reply with quote
D.D. wrote:
So basically, this is what I should do :

1.) Create custom filter of TCP and UDP ports, with a range from 1024 to 65535
2.) Delete existing filters
3.) Add custom filter created in 1.)
4.) Re-add filters deleted in 2.)

Is this correct?

Yeah, that's pretty much what you need to do if you want to use full protocol encryption bittorrent.
FlappySocks
DD-WRT Novice


Joined: 07 Jul 2006
Posts: 11

PostPosted: Mon Jul 17, 2006 11:59    Post subject: Reply with quote
Presumably you don't need to set HTTP and FTP as standed, as they would default to that anyway.

Stuart.

_________________
Buffalo WHR-G54S
D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Mon Jul 17, 2006 12:34    Post subject: Reply with quote
OK thanks Smile
D.D.
DD-WRT Novice


Joined: 03 Jul 2006
Posts: 12

PostPosted: Sun Aug 20, 2006 22:08    Post subject: Reply with quote
I wanted to mention that I tried this for a while and noticed that the internet access seems to get really slow. Also, my CS Source gets an unstable ping with this setup. Going back to the normal bittorrent QOS filter for now seems to fix the problem...

Maybe Brainslayer was right after all?
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum