QOS for SOHO VOIP Solved, Tomato Firmware

Whoa, easy on the Acronyms-.

One of my biggest challenges setting up my Small Office and Home Office (SOHO) Voice Over IP (VOIP) network has been related to Quality of Service (QOS). Have you ever been on a VOIP call and had people complain that you sound like you are in a tin can? Most residential broadband connections have a capped upload speed. If your internet habits are anything like mine, at times you can max your connection in both directions. Creating room for voice traffic can be a challenge. Current voice coding algorithms require 16 - 80 kbps for a single voice connection. If the throughput is not available or the latency is too high (> 250ms one way), voice quality will suffer or with some clients completely drop. A lot of routers/switches claim to come with QOS, most of them are pretty crude and require bandwidth/node fixing. There are also a number of plug and play solutions claiming to clear up the problem. They are generally expensive and do not offer custom traffic shaping.

The Solution

[![WRT54G](http://static.mrmatt57.org/img/wrtg_thumb.gif "WRT54G")](http://static.mrmatt57.org/img/wrtg.gif)
A couple years ago Linksys went open source on one of their most popular broadband routers firmware, the WRT54G. There have been a number of different firmware releases. I tried everything I could get my hands on. The one that stood out from the pack with both features and usability was [Tomato by Jonathan Zarate](http://www.polarcloud.com/tomato) It has a number of enhancements from the default firmware, the most notable being: - AJAX enabled interface - Sweet [bandwidth usage monitor](http://www.polarcloud.com/v/scbwm.htm) - Advanced QOS - [Access Restrictions](http://www.polarcloud.com/v/screst.htm) - New wireless features such as WDS and [wireless client modes](http://www.polarcloud.com/v/scclient.htm) - Raises the limits on maximum connections for P2P - Allows you to run your custom scripts or telnet/ssh in and do all sorts of things like re-program the SES/AOSS button - Adds wireless site survey to see your wifi neighbors ## Installing Tomato Jut a couple of notes here. Make sure you check your device-s hardware version number. Unfortunately you can-t walk into your local computer superstore and pick one up anymore, v5+ hardware is not supported. If your WRT54G is a couple of years old, chances are you have one of the [supported devices](http://www.polarcloud.com/tomatofaq#what_will_this_run_on). Installation is pretty straight forward, just flash it with the [latest firmware](http://www.polarcloud.com/firmware). This will wipe your settings, so make sure you grab screenshots/write them down before you get started. The default GUI username is -admin- or -root- (username is required), ssh and telnet username is always -root-, and the default password is -admin-. ## Configuring Basic Firewall Functions This step will vary depending on your ISP, network configuration and VOIP provider. WAN/LAN configuration is straight forward and should be configured the same as it was in your default firmware. Port Forwading depends on what VOIP gateway hardware you have. The standard signaling port for SIP is 5060-5063 UDP and RTP voice travels on 16384 - 16482 UDP (some phones may need ranges up to 10000 - 20000 UDP). I have setup a [Trixbox](http://www.trixbox.org/) PBX locally for handling calls (thinking of trying asterisk on linode). Forwarding the above ports allows me to authenticate a trunk with my provider, voip your life. Make a couple of test calls over a quiet internet connection to insure everything is working. Audio in both directions should be without glitch. ## Setting up Quality of Service With tomato you can classify data by IP or Mac Address, Source/Destination Port and how much data is being transfered. You will want to adjust these setting to match your usage. For example, I am digesting a shoutcast stream 24/7 and have set 8000-8006 to highest priority to avoid interruptions. ### Enabling QOS - Log-in to your router - Open the QOS > Basic Settings Menu - Check -Enable QOS-
![Enabling QOS](http://static.mrmatt57.org/img/QOS_enabled.gif) *Note: if you use applications that do a lot of ACKnowledgment requests (BitTorrent), you might want to consider turning this option off*
### Outbound Rate / Limit - Max Bandwidth: this is your maximum outbound (upload) bandwidth. You can determine your speed at [DSL Reports](http://www.dslreports.com/stest), [SpeakEasy](http://www.speakeasy.net/speedtest/) or [Speedtest.net](http://www.speedtest.net/). A hack to ensure you have enough overhead is to intentionally low-ball this number. You would only want to do this if absolutely necessary as you would not be fully utilizing your bandwidth.
![QOS Outbound Rate / Limit](http://static.mrmatt57.org/img/QOS_Outbound_Limit.gif) *Note: These are the settings that work for me, you will most likely have to tweak them*
### Inbound Limit - Max Bandwidth: Use the inbound (download) results from your tests above.
![QOS Inbound Limit](http://static.mrmatt57.org/img/QOS_Inbound_limit.gif) *Note: These are the settings that work for me, you will most likely have to tweak them*
### Classifications - Open the QOS > Classifications Menu - Add Entry for Any Address, TCP/UDP, Src or Dst 5060 (your SIP Signaling port), Highest Priority - Add Entry for Any Address, TCP/UDP, Src or Dst 16384-16482 (your RTP Voice port range), Highest Priority - Move them to the top of the list - *Note: If you have any other traffic (P2P) on ports these ports, you should try the SIP I7-Filter.* - *Note: Another solution is to setup a QOS classification for the IP/Mac addresss of your standalone VoIP phones or adapters if they are connecting to a trunk over the internet* - *Note: Some phones require a different RTP range for example, my Linksys SPA942?s call for 10,000 - 20,000 UDP. Check with you phone or ATA documentation to determine the actual RTP port range.* [![QOS Classifications](http://static.mrmatt57.org/img/QOS_Classifications.gif "QOS Classifications")](http://static.mrmatt57.org/img/QOS_Classifications_full.gif) ## Testing, Testing, Testing Now that you have established a baseline for your QOS, it-s time to see if it works. First, if possible test on a clean connection to make sure nothing is out of whack. Now for the fun part; max your connection out. Start your P2P, BitTorrent, Large file Uploads, Video Streaming and anything else you can think of. You can check how much you are using in the Bandwidth > Real Time menu. Tomato also comes with two very useful tools to debug your QOS settings. ### Distribution Graphs - Use these graph to determine where your connections are being classified. If you see something out of balance, you can adjust your classifications accordingly.
[![QOS Distribution Graph](http://static.mrmatt57.org/img/QOS_Graph.gif "QOS Distribution Graph")](http://static.mrmatt57.org/img/QOS_Graph_full.gif)
### Detailed View - This shows what traffic is currently flowing and how it is being classified. Take a look at each of the connections and make sure it is classified correctly. This report is also useful for determining the source of rouge traffic.
[![QOS Details](http://static.mrmatt57.org/img/QOS_Details.gif "QOS Details")](http://static.mrmatt57.org/img/QOS_Details_full.gif)

The Downside-

Yea, there is usually a con with every pro. To make this setup work correctly, you are essentially capping your throughput. Some networks offer pooled connections and have -boost- speeds. You will not be able to take advantage of these features. Most of the bandwidth related troubles with SOHO VOIP is outbound, so one workaround is to turn off the Inbound Limits. It is not fool-proof, but in some setups will work just fine.

Summary

As you can see, the Tomato firmware gives you granular traffic shaping control. Implementing these QOS settings has not only eliminated my VOIP problems, it has also made a noticeable difference in the overall speed and consistency of my connection. DNS queries resolve faster, multiple HTTP requests are balanced and I can transfer large files in the background. Even if you are not ready to take the leap to VOIP, I highly recommend Tomato Firmware.

Banner photo by -Peter Castleton-

Comments

avatar
Matt
01/27/2008

A couple of well noted corrections/aditions to the post thanks to the Tomato Firmware Forum at linksysinfo.org:

<ul>
<li>- WRTG54 = WRT54G - What was I thinking?</li>
<li>- the firmware is written by Jonathan Zarate (polar cloud is the host, thanks Johnathan!)</li>
<li>- If you have any other traffic (P2P) on ports 10000-20000, you should try the SIP l7-Filter. </li>
<li>- Another solution is to setup a QOS classification for the IP/Mac addresss of your standalone VoIP phones or adapters if they are connecting to a trunk over the internet</li>
</ul>

Thanks guys!

avatar
Dan
01/30/2008

I am using tomato with verizon FIOS and Vonage with great success. I have also found that using the I7-filters work great.

avatar
Scott
02/28/2008

What I'm trying to understand, and can't find anywhere, is a description of what the Rate/Limit settings do... Limit is the high end and Rate is? How do they work together?

avatar
Matt
02/29/2008

@Scott - It really confused me too... The way I see it, the Rate represents the transfer speed and the Limit is the maximum speed/rate. The limit tells the QOS how much to base the percentages on. If the limit is set above the actual available bandwidth it changes the scale and won't give you the guaranteed rates needed for VOIP.

avatar
Dimitrios
06/18/2008

What is the I7-filter? What does it do?

I have a small office, 4 computers, all have softphones. I want to prioritize the VOIP traffic. We do not have any heavy downloads, no P2P or any of that stuff..our CRM is web based, so the 2 main things we use our internet for are calls and using the CRM.

Anyone have any tips for maximizing my set up?

Thanks!

avatar
Matt
06/19/2008

@Dimitrios - It's actually L7, it is an application layer packet classifier. Basically it's a filter that can determine what application the data/traffic is coming from based on certain identifiers in the packets. They can be helpful when you don't know or want to specify a specific port or IP address.

For your office setup; I would always set priority for your VOIP traffic. If you experience latency with the CRM site you can try to increase the priority on port 80/443 just for the CRM's destination IP. You can also set the default priority to lowest to ensure the specified business traffic runs smooth.

Let me know if you are having any specific problems and I'll do my best to help you out.

avatar
Dimitrios
06/19/2008

Matt...thanks for the reply!!

One thing that I am confused about: We run the VOIP with Softphones, so prioritizing the MAC addresses doesn't really help since we have no Adapters. I assume that if we prioritize port 5060, that is for the VOIP? And I would do the L7 when setting up that port? Or do I skip the L7 in this case and just set up port 5060?

As you can tell I am not an IT guy, just know enough to get myself in trouble running my mortgage company!! :)

Also my CRM is on a server I own in California and I am in Ohio. It has been slow recently, the guys who manage my server (they made the CRM), say that it can be any connection from here to there making it slow...that being said, would it help to set up the IP address of my CRM server anyway?

THANKS!!!

avatar
Matt
06/25/2008

@Dimitrios - I have found when setting up Tomato classifications, simple is almost always better. If you don't need granular filters, don't set them. For some reason they don't always work as expected. QOS seems to be more of an art than a science. All you can really do is use the real-time monitors until you find that magic combination that works for your traffic. Port 5060 is for SIP traffic, don't forget the RTP ports. You may have success using just the L7. How is the quality for your voice calls? Can you run all four at the same time?

I would run a trace route on your server in California and see where your latency is. You will likely find it is with your ISP and for the most part out of your control, but you might get lucky. Another neat way to check global latency is with just-ping.com (you must have IMCP enabled). If this isn't the issue, it definitely a bandwidth issue. If your CRM has heavy graphics you could try local caching or any number of proxy servers/internet accelerators.

Another thing to check is your bandwidth utilization overall. If you are not running pedal to metal QOS isn't going to help much. It doesn't really speed things up, it is more for bandwidth allocation. On the other-hand, if you are constantly maxed out, prioritizing your traffic will help... but you might ultimately need to consider upgrading your connection.

Anyone else have some advise?

avatar
jim
06/30/2008

What am I loosing by using Tomato?

I have DSL and every bit counts.

Q: Does QoS rob bits? and how much?

Thanks
jim

avatar
Matt
07/03/2008

@jim - You aren't inherently loosing anything by using Tomato. I have actually seen (seat-of-the-pants) performance improvements over other firmwares.

A: QOS does not rob bits, it throttles/routes them. If you lost bits, you would being losing part of your data stream and it would likely corrupt the output. If you mean rob bandwidth/throughput; there is the potential of loosing some "burst" speeds due to the fixed nature of Tomato's QOS implementation. For me it was give an take... give a little bit of bandwidth for an uninterrupted phone conversation.

avatar
NoDaddy.com
01/03/2009

10,000 ports? are you high?

stop that baseline nonsense and adjust your RTP port range on your ATA to something other than inane

I use 16384 - 16482

If you must P2P then you must also use a client that allows you to specify port ranges.

avatar
Matt
01/03/2009

Very good point NoDadddy. Many ATA's and Softphones RTP ranges can be configured. Unfortunately I am using a Linksys SPA 942 and have been unable to dial in the range. I don't P2P much and don't have any other traffic traveling over these ports, so I haven't ran into any troubles yet.

I added to the post to try 16384 - 16482 UDP before going going all out and classifying so many ports. Thanks for the feedback.

avatar
Tom
02/07/2009

I set a few QoS rules on the my router running Tomato, but noticed I was still getting unclassfied traffic through, I was wondering how that would be possible as I was pretty sure I had covered everything...(I wanted to be able to limit my flatmates connections as he really doesn't respect any kind of torrenting limitations leading to our bandwidth getting limited by our ISP, and the network slowing a little, although nowhere near as badly on Tomato firmware compared to Linksys stock firmware.)

The problem being, some traffic still isn't getting classfied, I even deleted all the rules and set just one up so that no IP, protocol, port, or other filter was selected, and whilst the majority of the traffic then fell under this category, some did not. (And it wasn't just the traffic from my PC to the router HTTP gui, which I could understand not getting classfied) but traffic from me and my flatmate to the internet

Has anyone got any ideas as to why that may happen?

avatar
Tim
10/08/2009

I have a Vonage box that I moved from outside my WRT54GL/Tomato router to inside because I found the Vonage box was blocking ports. Moving it inside caused the voice quality to drop significantly. Just adding the port forwarding seems to have helped significantly, but the QOS modifications really knocked my socks off. Thanks for this write-up. It was exactly what I was looking for.

avatar
Bill
10/31/2009

I could not get my Tomato to work successfully. Then I found a QOS tutorial which clearly explained how to get the best out of it. I was able to discover why my setup didn't work and make adjustments.

Here is the link http://www.linksysinfo.org/for...

avatar
Kevin J Lambert
11/04/2009

So many QoS implementations use bandwidth caps. This is unintuitive and sacrificial. Can't we just have a basic prioritization without limiting bandwidth of other services during off-peak periods? For instance, during a phone call I don't care if all other traffic grinds to a halt. In the same sense I'm perfectly OK with BitTorrent saturating my network while I'm not at home.

avatar
Rykel Lim
01/02/2012

Hi, I have Tomato firmware running smoothly for a long time, but whenever China apps such as PPTV and PPStream are running elsewhere on the network, my Skype would suffer.

Is there a simple "Prioritise Skype Over Other Software" GUI manager add-on that can be added to Tomato to auto-prioritise Skype?

If not, how can I do so from the Tomato webadmin interface?

Thanks for advice!

avatar
Mohnish
12/01/2012

@KevinLambert The problem with what you suggest is explained in detail in Toastman's QOS explanation. In a nutshell, we do not control the sender. We can gradually ask him to slow down by not sending acknowledgement receipts for his packets, but he'll slow down only when he wishes! So, we try to figure out the bandwidth requirement for an app and then set the QOS accordingly. Use NONE on a class for no sacrifice. I have NONE for www traffic.

@RykelKim Check the QOS graph to see the Skype port and assign that device/port to HIGHEST class. Skype prioritized over China apps!

Leave a comment