Lede as a dedicated QoS /Bufferbloat appliance

Newbie here to Lede but have used DD-WRT for a number of years.

I have a somewhat complex home system where 4 WANs /IP connections at 10 mbps from CenturyLink are aggregated in a PEPLINK Balance 50 and then connected to a switch and then to my computers. Most are connected via wire but I do have a home security system connected by WiFi as well. The system suffers from BufferBloat. So what I currently see as the most practical solution is to put in a dedicated Lede router (probably a NETGEAR R6300v2 Wireless AC1750 Dual Band Wi-Fi Router R6300v2 with the SQM Bufferbloat Packages in LEDE.

So I envision this as something like a wired version of a WiFi bridge. It seems like it should be transparent, namely all the DHCP functions etc should continue to be handled by PEPLINK and then passed through the Lede router to the switch with the only thing the Lede router does is SQM BufferBloat control. But if this conception is wrong, please correct me.

I've been playing with this using an old Linksys/Cisco e3000 I had in a box. I managed to get Lede installed with no problems and installed the SQM BufferBloat packages and connected to the internet using the router separately on one of the WANs. But then I started disabling things like the WiFi (no need for that I have a strong Ubiquiti NanoStation M2 on the roof doing WiFi for the security system and hand held devices) and DHCP (would be handled by PEPLINK) and then I rebooted and now the router is at least "soft bricked": namely I can't communicate with it.

I tried setting 192.168.1.1 as the default gateway and my computer on this address 192.168.1.XXX and still no communictions. Tried the DD-WRT hard reset 30/30/30 nothing.

So... I need help

1. most important, can I set up a Lede router as a dedicated SQM Bufferbloat only appliance and if yes, how to do this

2. if I am approaching this wrong, how should I do it right?

3. Can someone suggest how I can start interacting with my old friend the e3000 or has it been moved permanently into the paperweight brick mode?

Thanks!

Hi,

I can only help you with your first question. Yes, this is possible. I use a TP-Link Archer C7 v2 this way. The basic setup is this. Configure the LEDE device as an access point, i.e. bridge the WAN and LAN interfaces together, set a static IP, gateway address and DNS server for the LEDE device and disable the DHCP and DNS service on the LEDE device.

I basically followed these instructions: https://wiki.openwrt.org/doc/recipes/dumbap
However, there is one step in these instructions that I didn't follow: For devices that don't have a real dedicated WAN port but only a switch port that is configured as WAN in the switch/VLAN configuration, it recommeds to put all the switch ports in one VLAN. You shouldn't do that because then you don't have a seperate WAN interface anymore on which you can perform SQM. So, simply bridge the two interfaces and you should be good.

On the DHCP/Dnsmasq configuration: I did not uninstall Dnsmasq, so I can return to router operation anytime. I simply disabled the DHCP service for all interfaces, then I set the DNS service to listening on the loopback address only (127.0.0.1) and disabled the automatic startup of the dnsmasq service. The reason I changed the listening address to the loopback address is that after a sysupgrade any disabled startup service will automatically get enabled again unless you disable it again manually.

Hope this helps.

P.S.: After that you can configure the SQM parts as you like (or described in other HowTos). I don't know how it'll behave/perform on an aggregated WAN connection though, as I merely have one WAN connection.

Super, thank you for help with the most important question. I don't use VLAN.

On reading the dumbap write-up it looks like I will be able to communicate with the router as it will have its own IP address like 192.168.1.2 But the write up says to disable the WAN and just use the LAN ports. Guess I will need to play with that as, at least conceptually I see SQM being performed between WAN and LAN.

I'm excited that this might work as BufferBloat seems a major factor holding back my system for now.

I think bridging the LAN and WAN will be ok because you can run SQM on any interface. It doesn't have to be a WAN.

Super, should get my new-used router from ebay this coming week. I'll let this thread know how I progress....

Super, thank you for help with the most important question. I don't use VLAN.

The question is not so much whether you are planning to use VLAN tagging, rather than whether your device already uses it in the default state. Some devices (like my Archer C7 v2) have a WAN port that is labeled "WAN", yet electrically it is actually just part of the same switch that provides the "LAN" ports. So technically the firmware only sees one ethernet interface, but it uses VLAN tagging to make a distinction between the "WAN" port and the other ports on the switch. Other devices really have an electrically distinct WAN interface and they don't need to use VLAN tagging in their default configuration.
Now, the NETGEAR R6300 v2 you mentioned falls into the first category of devices (according to the OpenWrt Wiki - I never owned or used one), so when you first boot up LEDE it will already have two VLANs configured, one for WAN and one for LAN. The important point here is, that unlike the Dumb AP Recipe, that I referenced earlier, says, you need to leave this VLAN configuration in place because otherwise you will only have one ethernet interface left and then SQM won't work anymore (I'm talking from experience, because I first made that mistake when I tried to setup SQM in AP mode).

On reading the dumbap write-up it looks like I will be able to communicate with the router as it will have its own IP address like 192.168.1.2

Yes, just make sure 1) the address you use is on the same subnet that your main router advertises (say your router is 192.168.20.1 and clients get addresses like 192.168.20.???, then your LEDE device should also use an IP starting with 192.168.20.) and 2) the address you use is not in the range of IP addresses that your main router gives to clients (so, either reserve a static lease for the AP's MAC address in the main router configuration or use an IP that is not in the range of automatically leased adresses, yet still on the same subnet).

But the write up says to disable the WAN and just use the LAN ports.

That is what I meant you need to avoid. You are right when you say:

at least conceptually I see SQM being performed between WAN and LAN

SQM needs two interfaces to work with. Whether you call them WAN or LAN or whatever, doesn't matter.

Thanks again for information. Looks like I will be getting the router early this week. Tentatively I plan to use it solo with a single modem to assess how much it can do by itself for bufferbloat, then I plan to put it in between the Peplink and switch. There it will be dealing with 35-40 mbps rather than 8-10 mbps of a single connection.

I'll keep the forum posted on this "experiment".

The advice offered helped enormously, thanks all!

There is a problem with in on the "fat pipe" between the Peplink and Switch: for uploads the SQM only would be activated when uploads reach toward 4 x 700 kbps or 2800 kbps since most of the time the uploads are much less than this. The upload on my system the greatest bufferbloat bloater.

So I decided that I really need 4 bufferbloat control appliances, one for each modem. This follows the kind advice I received from IQRouters (EvenRoute):

Sandy Fowler (EvenRoute)
Feb 27, 09:42 AST

It might not work in the configuration you propose due to the bufferbloat occurring individually on each of the 4 WAN links. Depending on how the PEPlink load-balances and the actual traffic patterns, you could have any one of the 4 links saturate and bloat out. That can happen when the traffic is 'sticky' to the IP of a WAN link, as in an HTTPS session where there is much data being sent outbound, such as an iPhone synching new photos to iCloud.

So bloat must be controlled on each line individually ahead of the PEPLink. Another reason for that that is that while the lines are nominally the same, they might in actuality be synching at slightly different rates, which thens means traffic control settings are different for each. And over time, one might have more issues than another, and require unique settings.

So to truly correct the bloat, it would require four IQrouters placed between the modems and the PEPlink.
DHCP and other unnecessary functions could be turned off, or ignored.

So I did just go ahead and put my LEDE R6300v2 between my transparent bridge modem and the Peplink on one connection. I disabled DHCP and it works just fine. Took a while to get the PEPLINK so it would have a static IP on WAN4 and see the LEDE router as the gateway but it eventually worked.

This actually changed by grades on bufferbloat from DSLReports/speedtest from straight Fs to generally C or better. The reason being, I believe is that I have an outbound rule that uses the lowest latency connection so the one WAN with Luci SQM is generally fastest and others are not used till it is "full".

The follow more quantitative evaluation is from SourceForge/speedtest

I'm running into some problems with a LEDE router on each of the 4 WANs aggregated by my Peplink. Web pages taking forever to load, miserable speed tests etc.

I'm a newb clearly. I'm bascially running the LEDE routers in dumbap mode with the caveat that they are doing the PPOE connections. In order to do so they need to have DNS supplied from the web. DHCP is disabled the Peplink has a reserved static IP.

I think the slowdown comes in the DNS lookup. Peplink has to find DNS at the LEDE router Lan IP.

What would be nice, if possible, would be to have the LEDE routers in a near transparent mode. Namely the transparent bridge modems pass the connection through the LEDE routers to control BufferBloat and then pass the connection onto the Peplink that will handle PPOE, DNS and DHCP et.

If there some recipe for such a setting that I could follow?

Here is a basic diagram of my system

IP 1 from CenturyLink -Transparent Bridge Modem -\ LEDE Router 1 -|
IP 2 from CenturyLink - Transparent Bridge Modem - LEDE Router 2 -|
IP 3 from CenturyLink - Transparent Bridge Modem - LEDE Router 3 -|--------Peplink
IP 4 from CenturyLink - Transparent Bridge Modem - LEDE Router 4- |

PPPOE in Peplink and LEDE between ?

modem (bridge) -> LEDE (PPPOE) ->PepLink (DHCP client).

That is what I'd like and Felipee07. Maybe this could be done with a bridged LEDE router with WAN bridged to Lan but not sure how to do this....

You can't ! pppoe is layer 2.

LEDE has to be the edge and then Peplink handling link balance with DHCP server.

That's the thing that I've been running up against...thinking somehow to
make the LEDE transparent.

I am doing this on a network with 600 routers. I have a LEDE box with 3 gigabit interfaces, 2 bridged (unmanaged) and 1 management. The box is transparent to the network and it is sitting in between my customers and the main NAT router. I modified the cake code to use up to 65535 flows. It's running on a dual core pentium pushing 300mbits/sec during peak hours. CPU load 0-1%

And now the 64K question is, how low can you push the number of flows and still get decent performance and flow separation ? Or put differently with 600 users how many active flows do you typically see? (This is an honest question, BTW, I am really curious, just having home network experience myself)

I can manage to login PPOE with PEPLINK and the LEDE router between it and the transparent bridge modem. Problem is with DNS. I've yet to get fast DNS lookups with to the PEPLINK. I can set PEPLINK to look for DNS servers at the Lan interface of the LEDE router, at the WAN interface of the LEDE router and at DNS servers but no setting I've found lets things move along at normal speeds and sometime web pages just refuse to load. Guess, for now, I'll go back to a single LEDE router between PEPLINK and my unmanaged switch...so PEPLINK is edge.

if you login in the modem, your LEDE router is acting as switch and you won't do qos at all.

See also the "Transparent Cake Box" topic that seems to be running along the same lines. Transparent Cake Box

docpecos, the only real solution here is to have a transparent LEDE box in between each wan connection and your peplink box. Its overkill i know and cake in this scenario will only work based on flows. Get rid of the multi wan setup.

Orangetek this is exactly what I have every wan connection goes into a transparent bridge modem, then goes into a R6300v2 "cake box" and then goes into a PEPLINK 380 for aggregation

Felipee07 the modems are in transparent bridge formation and the Cake Boxes do the login via PPOE. They work great.

The problem the current system has is that each additional cake box when added in makes connections to a given web page etc more and more difficult, like maybe there is a loop or something in the system or just too many wan to lan connections. Currently the cake boxes are connected to the modem on their wan connections and to the PEPLINK via a single lan line.

One way I have thought of possibly decreasing the dns problems and complications is to try and put the cake boxes in a configuration where they act simply as as a switch so the PEPLINK handles the PPOE and the cake boxes do zero in terms of dns and PPOE. As noted by Felipee07 if it is a single switch then no bufferbloat control is possible.

I was thinking since with the R6300v2 there really is only a single switch for wan and lan and the function of the 5 ports (4 lan, 1 wan is controlled by VLAN switches) that maybe there is a way to set up those switches so that there are two lans (lan1, lan2) and hence two interfaces so that luci-app-sqm can be applied. Basically this would turn the linkage between the 4 lan ports from an unmanaged switch into a managed switch between lan1 and lan2. Problem is, I've not been able to set this up and would like some help on how to do this.

This is what the Luci Lua looks like in a cake box:

Here I added in VLAN 3 and turned on LAN4 on VLAN3 and turned off all other lans and wan. In VLAN1, I turned off LAN4. Now if LAN4 could be made to communicate with LAN1-3 and be on a different physical setting and label, eth2, say, then maybe luci-app-sqm could be applied usefully to eth2. I think LAN4 would also have to be not bridged for this to work.

I've tried to add an interface but haven't managed to make it so, say three of the lan ports are on lan1 and one on lan2 with a connection between them (like when you pug into a wan and all 4 lan ports are then connected with the wan).