I have a Edgerouter X, with the following setup:
eth0 as WAN, connected to my DSL modem (7.2 down 1.0 up)
eth3 connected to a ethernet switch, with computers, printers, etc. connected (192.168.1.*)
eth4 connected to my ATA (internet phone) device
What I'm doing is giving priority for the ATA first (I reserved 200kbps of bandwidth, which is enough), and also prioritize VOIP (Skype, etc.) using the onboard deep packet inspection system. I've set up the rules as indicated in the attached picture.
Now, the problem here is that the QOS does not seem to be affecting my connection at all. For example, when I am downloading a large file, it automatically goes to the full 7.2 mbps speed and bogs down my entire line (and therefore my phone connection gets interrupted). I've tried setting really low limiting values for the leaves and branches (like 1 mbps), but it still doesn't throttle the line whatsoever.
Finally, I tried setting the root of the tree (main in the screenshot) to a 1 mbps limit, but that also had no effect whatsoever and a speedtest shows that downloads are using all 7.2 mbps and are not being throttled.
Does anyone know why? My configuration is posted below in full.
firewall {
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 1 {
action accept
description "allow established"
log disable
protocol all
state {
established enable
invalid disable
new disable
related disable
}
}
rule 2 {
action drop
description "drop invalid"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description "Internet (PPPoE)"
duplex auto
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server auto
password RENDACTED
user-id RENDACTED
}
speed auto
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN1 {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.20 {
stop 192.168.1.255
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
ubnt-discover {
disable
}
}
system {
host-name ubnt
login {
user admin {
authentication {
encrypted-password RENDACTED
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone RENDACTED
traffic-analysis {
dpi enable
export enable
}
}
traffic-control {
advanced-queue {
branch {
queue 100 {
bandwidth 200kbit
description sip
parent 1
priority 0
}
queue 400 {
bandwidth 7200kbit
description web
parent 1
priority 1
}
queue 410 {
bandwidth 1000kbit
description up
parent 400
}
queue 420 {
bandwidth 7200kbit
description down
parent 400
}
}
filters {
match 1 {
attach-to 1
description web
interface eth3
target 400
}
match 2 {
attach-to 1
description sip
interface eth4
target 100
}
match 3 {
attach-to 400
description up
ip {
source {
address 192.168.1.0/24
}
}
target 410
}
match 4 {
attach-to 400
description down
ip {
destination {
address 192.168.1.0/24
}
}
target 420
}
match 10 {
attach-to 100
target 3
}
match 11 {
attach-to 410
target 4
}
match 12 {
application {
category Web
}
attach-to 420
description web
target 5
}
match 13 {
application {
category Security-Update
}
attach-to 420
description security_updates
target 6
}
match 14 {
application {
category Voice-over-IP
}
attach-to 420
description voip
target 7
}
match 16 {
application {
category Voice-over-IP
}
attach-to 410
description voip
target 8
}
}
leaf {
queue 3 {
bandwidth 200kbit
description "sip priority"
parent 100
queue-type priority
}
queue 4 {
bandwidth 500kbit
ceiling 1000kbit
description up
parent 410
priority 3
queue-type up
}
queue 5 {
bandwidth 6800kbit
ceiling 7200mbit
description web
parent 420
priority 3
queue-type down
}
queue 6 {
bandwidth 3000kbit
ceiling 7200kbit
description updates
parent 420
priority 7
queue-type down
}
queue 7 {
bandwidth 5000kbit
ceiling 7200kbit
description voip
parent 420
priority 3
queue-type down
}
queue 8 {
bandwidth 850kbit
ceiling 1000kbit
description voip
parent 410
priority 2
queue-type up
}
}
queue-type {
pfifo priority {
limit 10
}
sfq down {
}
sfq up {
}
}
root {
queue 1 {
attach-to global
bandwidth 1000mbit
description main
}
}
}
}