Router for gigabit internet using QoS

juggalojcox · May 2, 2017

Hello everyone,
I am having a bit of an issue. I have WOW for my internet services and i have the 500/50 speeds. this is great at all levels but one, my asus TM-ac1900 doesnt seem to be able to handle that kind of speed when i have QoS trund on. I have a obi200 for voip and i game online alot and QoS helps with ping and UDP trafic for my VOIP services. Now I have 2 options. 1) buy a router that can do what i need, I believe the unifi has their USG pro for $300 can do what i am looking for. 2) DIY it. i know it might be a bit more than the unifi USG pro but for something i can build my self and make sure its doing what i need ill go that route. if buying one is a good option please let me know some knowen good routers or if DIY is the way to go, give me some Hardware sugestions for it. just an FYI, i would like to make sure it can do gigabit internet speeds cause WOW will be bring the gigabit internet to may aera soon

ahnilated · May 2, 2017

Look at getting a DOCSIS 3.0 modem if WOW supports 24 or 32 channels you will be set for gigabit internet.

Kurz · May 2, 2017

QoS has a tricky setup, make sure you are correctly putting in the speed of your internet connection.
Make sure you looking at the value, MB or mb
MegaBytes vs MegaBits.

Internet Services are measured in MegaBits.
Byte = 8
Bit = 1

marko55 · May 2, 2017

Serious question: Why do you feel you need QOS enabled anywhere? The only reason to require QOS is if you're fully loading a link and even then it all depends on the direction of the traffic. To that point, if you're fully loading your outbound internet bandwidth (50Mbps from the looks of it) then QOS on your edge router is only going to be able to put certain packets on to that wire with priority, which is the only benefit it can give you.

QOS will do NOTHING for you in regards to inbound traffic coming in to your router from the internet.

juggalojcox · May 2, 2017

Kurz :

I have done all that, only issue is that with QoS trund on i can get my full 50 up (-15% for buffer) but the download speed is what has the issue. only getting alittle over 200 when QoS is on.

juggalojcox · May 2, 2017

marko55 :

true, but in my case i have PS vue and can easly have like 4-5 streams of that at any given time and netflix. that 500 down sounds good but when your streaming content ( live tv, movies) and gaming and have VOIP services going that over head shinks pretty fast. and with all that going on, i want VOIP to be the priority and my gaming PC to be 2nd. all this and thats not including the plex server I have running that does up streams all the time for family and friends

BFG-9000 · May 2, 2017

The problem is routing is normally done in hardware, with special CPU-bypassing tricks such as hardware acceleration baked in by the chip manufacturer (for example Broadcom's BCM_NAT has the switch chip help redirect packets). I see at SmallNetBuilder over a dozen routers have been reviewed now that can saturate even a gigabit WAN link in hardware.

Unfortunately QoS is generally performed in software just like routing in those third-party firmwares, and the CPU in consumer routers is a weenie MIPs or ARM SoC that just can't keep up. It's best to use an x86 box running pfSense, OPNsense, or M0n0wall derivatives SmallWall or t1n1wall with two Gigabit cards to keep up with newer QoS types as they come out and prove effective (the popular one right now is the Bufferbloat project's fq_codel).

The Ubiquiti Pro4 you mention either does their own type of QoS with a MIPs CPU so they have either written proprietary drivers that use less CPU or have some kind of offloading ASIC also. There are certain kinds of "QoS" that use far less CPU such as a simple bandwidth limiter (it does reduce latency just fine) or applying QoS to only uploads, which is usually the problem area for both DSL and cable (and even non-symmetrical fiber service)

marko55 · May 2, 2017

Gotcha. For the outbound Plex it makes sense.

Are you attempting to throttle download sessions from devices inside your LAN?

juggalojcox · May 2, 2017

marko55 :

Yes, but not all the time, i am just wanting the UDP traffic to be prioritized over everything else.so say when I have everything running at one time (ps vue, gaming, Netflix, and voip) it will focus on say the voip service first or gaming depending on what is active.

juggalojcox · May 2, 2017

BFG-9000 :

You sir are on the right track, consumer-grade routers can't reach the performance of what I'm trying to do you sound like you understand what I'm trying to do. are you saying that building a router myself will be better or do you have an idea of a router that will work for what I want

bill001g · May 2, 2017

The key problem you have is you can not really do QoS on the download side. The ISP is in full control of the traffic if they decide to send you a microsoft update packet and drop a video packet there is nothing you can really do. No router can magically recreate the discarded data.

All forms of so called QoS on the download site attempt to trick the end client into requesting less data by discarding even more data. This hopes the client will detect the loss and request less. This somewhat works but not always. This is why you can not fix a DoS attack with QoS.

Part of the problem is take a lot more processing power to constantly recalculate data caps that to just select which packet to send first.

BFG-9000 · May 2, 2017

QoS can actually work to reduce latency on downloads as well, by randomly dropping packets!

Counterintuitively this works, because it is the only ethernet mechanism available to let upstream devices know the link is saturated. As RAM has become dirt cheap, buffers on every router and modem in the chain have become larger and larger, and if they all fill up can result in whole seconds of latency. Unfortunately the very presence of the buffers hides the bottlenecks from the upstream devices so they will continue sending packets at full speed until the buffers fill up (unless they see the occasional dropped packet).

This isn't exactly QoS but more of a bandwidth limiter where lower priority packet types can be selected for culling.

I don't turn QoS on for downloads because the Bufferbloat test at DSLreports shows there is only a latency issue here for uploads. BTW don't test over Wifi because it has its own latency problems that aren't helped by any current QoS scheme. The people at the Bufferbloat project are working on it with their unimaginatively named "make-wifi-fast" effort if you want to look into it.

marko55 · May 2, 2017

There are definitely routers/firewalls that can "sorta" do inbound. I feel like a lot of it is the device manipulating the TCP stream causing it to window down to xxMbps of throughput though, which is quite processor intensive, especially on a high speed link like 1Gbps. You're talking about some pretty serious power there.

I'm doing it on a Fortinet firewall right now for a buddy's law firm. He uses a cloud hosted PBX. For inbound traffic to his voice VLAN you can create a rule that guarantees it xxMbps of bandwidth based on the source/dest

ort you configure. The firewall essentially takes all the other TCP sessions, besides that VLAN's traffic, and only allows everything else to use whatever you didn't guarantee the voice traffic if the link comes under load.

I validated the throttling capability on the fly by kicking off the download of a huge ISO from cisco.com to one of their computers, then enforced a rule to limit https to 20Mbps and within 5 seconds of enabling the rule my download throughput went down to 20Mbps from 100Mbps.

I have a feeling this won't work well for UDP traffic though.

BFG-9000 · May 2, 2017

Yep, inbound throttling isn't really "QoS" but it does still help reduce latency. Obviously it won't work on DDoS because all of those packets would be marked highest priority...

So the bottom line is it's probably the most future-resistant to repurpose an x86 PC to do the job with brute force if you want to keep up with the latest QoS schemes at home. Buying an enterprise device locks you in to whatever QoS is baked into it unless you want to keep paying for a support subscription...

In order to make it worth its power consumption it's also a good idea to have it do double duty as a NAS file/backup/media server.

juggalojcox · May 2, 2017

BFG-9000 :

well i already have a server for my plex, its running windows 2008 r2 with 8 gigs ram and a I7 4790k with 5 2 TB HDD in raid 5. all that horsepower is for streaming and transcoding on the fly and i really dont want to take away any power form the server. so i was just going to build one from scratch, a router that is. I have the unifi ap ac pro and love the interface for it, thats what got me thinking about the unifi Pro4 when this issue poped up. i have np going out and buying a I5 and ram for a DIY router. but for what i am wanting to do that maybe a off the shelf router would have better fit and cheaper.

nigelivey · May 2, 2017

You could build your own quite easily and use limiters and Q's. Pfsense can quite easily do this if you know a little about how to configure it correctly. The hardware can be quite lightweight but I wouldn't advise having your firewall/router as a shared appliance (NAS etc)

BFG-9000 · May 2, 2017

If you are willing to accept the power usage, then separate devices are certainly better from both a security and performance standpoint.

An enterprise router is definitely less flexible if you want to try different QoS schemes to find which works best for you, but at the same time the fewer options makes it easier to set up. I suppose it would depend on whether you like to tinker and experiment.

An i5 is pretty overkill but would work great. pfSense sells their own enterprise hardware under the Netgate brand and even their largest appliance for large businesses uses only a Xeon D-1541 (8 cores at only 2.1GHz). I think technically streaming workloads end up limited by RAM bandwidth and latency so the very best i5 for this would probably be the Broadwell i5-5675C as the 128MB eDRAM L4 cache has half the latency and double the bandwidth of system RAM. As the RAM can be separately addressed concurrently, its merely dual-channel DDR3 platform ends up benchmarking faster than even quad-channel DDR4 HEDT platforms for the tiny amount of memory a router needs (An i7-5775C would add 50% more L3 cache and 4 threads but probably wouldn't appreciably improve matters).

But that's so overkill that I'd consider using the also-overkill 4790k instead and building a proper box with ECC memory for the NAS first. Don't you have any older hardware lying around to repurpose? Though it lacks AES-NI (which will apparently be required for pfSense v2.5), even a Core 2 would be good enough to see if you at least can live with the interface and give you an idea if this is the path you want to take.

bill001g · May 2, 2017

Maybe something to point out before you get too deep into this is that your ISP does not guarantee you any particular rate. Even if they would guarantee the segment to your house they do not guarantee bandwidth to other ISP. This means even if you have all the QoS setup in your router other users of the same ISP are competing for the same bandwidth. This means the ISP will at time drop your traffic to allow other peoples traffic.

juggalojcox · May 2, 2017

BFG-9000 :

I picked the I7 4790k cause its the best CPU for that socket set with the best passmark scores and has igpu. this was all set up for the Plex, and on their website it says....

"The Guideline
Very roughly speaking, for a single full-transcode of a video, the following PassMark scores are a good guideline for a requirement:
1080p/10Mbps: 2000 PassMark
720p/4Mbps: 1500 PassMark
The CPU Benchmark website is a good resource to see what sort of PassMark score a particular processor received"

With that CPU i can transcode 6 1080p streams ( although yes i know i only have 50 up) to ppl outside my network ( dont need to worry about inside, its all driect play) . and cause it has igpu i dont need a video card thats going to use up more power and that still leaves me with an open pci-e port. So i dont think over kill is how i would like to put it, more like releaving bottle necks. This server started out with 3 HDDs and a i3 with 2 gigs of ram. so i upgraded as time went on i started sharing with more and more ppl. So, yes i do like to tinker with stuff (kinda of a hubby) but this is something that i would like to be able to set up for my network. i have everything wired up as in every room has Cat6 ran to it so if its got a ethernet jack on it its wired up. so setting something like this up would be perfect or as some to say cup of tea. againg though i still dont want to count out that Pro4 cause i do like the idea of the unifi eco system, but the one thing i have seenmy whole life is know what you need now, and do your best for the future.

juggalojcox · May 2, 2017

bill001g :

True, but from many days and speed test later i have found my speeds to be pretty consistently get the 500+ down and 50+ up

Soi dont see that being an issue right now, but if that does happen then all the networking tech in the world isnt going to help that in any case

bill001g · May 2, 2017

juggalojcox :

But QoS only matters if you actually use the 500m if you are nowhere close then it does nothing. So if you are actually using your QoS settings which means you are running you connection at the limit a single users using only 1mbit/sec will have a impact on you.

BFG-9000 · May 2, 2017

juggalojcox :

I thought it was pretty clear I was saying the 4790k is overkill as a router chip but I'd build a faster box for the Plex with ECC before I built the fastest possible router mentioned in the paragraph before. While only the E3 Kaby Lake Xeons have IGP, those are still faster and use less power than your Haswell under load.

The Haswell i7 would be idle most of the time as a router, and that's fine as Haswell doesn't use much power at idle. In truth even a Haswell Pentium can always rout at 1Gbps with QoS enabled (older i3, Celeron and Pentium lack AES-NI so will slow down when doing VPN).

BTW about interfaces, QoS setup in the Pro 4 has been terrible and was even entirely command-line-only until half a year ago. Even now you cannot enable Smart Queue QoS and DPI at the same time + Ubiquiti warns of lower performance if QoS is enabled, plus traffic shaping is still CLI-only. So things won't really resemble other UniFi devices until Edge OS 1.9.1 is ported to the Pro 4.

Kewlx25 · May 2, 2017

marko55 :

QoS on inbound works wonderful, but not as good if it was on the egress of the sending port than the ingress of the receiving.

By limiting your download below your assigned bandwidth, QoS can drop a packet which signals the sender to slow down.

In my case, this lowered by ping under load, increased my average bandwidth because low pings are important to ACK data, and stabilized my download bandwidth by only dropping packets here and there instead of in large bursts like what a dumb bloated fifo buffer does.

Kewlx25 · May 2, 2017

Don't get an i7. Hyperthreading is typically bad for routers, you're just going to want to disable it. The most important part of a firewall/router is the NIC, hands down. A $50 CPU with a $100 NIC will be 10x faster than a $400 CPU with an integrated whatever NIC.

kanewolf · May 2, 2017

Ars Technica has several VERY interesting articles on home router performance at gigabit speeds.
https://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
https://arstechnica.com/gadgets/2016/09/the-router-rumble-ars-diy-build-faces-better-tests-tougher-competition/

Very interesting. Smallnetbuilder.com is changing their testing to more closely match the testing shown above.

Router for gigabit internet using QoS

Reputable

Splendid

Distinguished

Honorable

Reputable

Reputable

Splendid

Honorable

Reputable

Reputable

Titan

Splendid

Honorable

Splendid

Reputable

Splendid

Splendid

Titan

Reputable

Reputable

Titan

Splendid

Distinguished

Distinguished

Titan

Share this page