If you saw my article on DIY Linux Routers, then you might have already taken the plunge and gotten yourself up and running with one. One of the primary reasons I made the switch to a dedicated machine running a Linux router distro was to have a router that would not lock up on me regularly, but what I found was that the additional features that these distros come with became a large part of why I love my Linux router.

The only problem was that there was almost no information out there for the layperson about how to take advantage of these advanced features. So while I had all of this power readily available, it took me a long time to figure out how to effectively take advantage of it.

In this next series of articles, I will be taking a look at some of the settings and features that would provide most useful to home power users looking to take control of their network. I will primarily be focusing on Astaro Security Gateway 8 and Untangle 9.2 simply because they have the most comprehensive feature set and also because it is what I use and know the best.

The first thing we’re going to take a look at is quality of service (QoS) -- also known as traffic shaping. Five years ago, you’d be hard pressed to find this feature outside of high-end enterprise level firewalls, but it seems it is becoming almost standard on most new routers. Most people either are unaware that they even have such a feature or they never use it to its full potential.

The first thing you need to know about QoS is that it’s almost always for upstream bandwidth only. This means that if your kids or roommates are watching a Dr. Who marathon on Netflix while you’re trying to download that file you need for school or work, you’re going to be out of luck. There is however an exception in the form of Untangle’s implementation of QoS. Because of that, for the QoS section of this article, I’m going to focus exclusively on Untangle. The principles apply to most any other QoS engine, so applying the concepts to another system should be fairly easy.

The first thing you want to do is find out what you’re connection speed is. You need to do this because if you have let’s say a 2 megabit connection, and you enter that you have a 2.5 megabit connection, the QoS engine will think you have more bandwidth than you actually do. This will cause it to over allocate your connection and it will turn into a big mess. So, go to www.speedtest.net and run the test at least 3 times to get a good average of what your connection speed is. Make sure when doing this that there is no other activity on your network that is using bandwidth. Take 85-95% of your determined connection speed and write that number down.

Find the place in whatever product you’re using where you need to enter you connection speed, and enter in the number(s) you wrote down. Untangle’s QoS settings can be found under Config > Networking > Advanced > QoS and it looks like this (click to enlarge):
Be sure to note what units it asks for. Here, it asks for kbps not mbps. In other programs it might ask for mbps.
Most products with QoS have a number of default rules that allow you to set the priority. Some distros like smoothwall stop here and do not let you configure anything but the priority. Others, like Untangle, let you not only define the priorities in terms of bandwidth allocated, but also allow you to create custom rules.Here are Untangle’s default QoS rules:
Here is the QoS priorities box:
You can edit any of these values to suit the needs of your home network. Want to make sure Bittorrent is never taking priority over anything else and also never uses more than 10% of the entire network’s bandwidth? Create a custom rule (more on that in a second) and assign it to the priority “Limited Severely”. Want to make sure your VoIP calls get at least 60% of the bandwidth if they need it? Create another rule and set the priority to “Very High”. Again, keep in mind that any of these values can change.

So if you want your VoIP calls to have at least 70% of the bandwidth, just change the upload reservation to 70% under “Very High”. When doing this though, you want to make sure that you don’t reserve more than 100% of your bandwidth. Notice the reservations all add up to 100.

The reservation/limit concept can be a little tough to grasp, so here is an example to help clarify. Let's assume that you have HTTP traffic set to “Medium” priority and you are uploading a large file through a web interface. You are using 100% of the available upload because you have specified that the “Medium” priority can utilize 100% of the connection so long as nothing higher than it needs bandwidth. A VoIP call then comes in. At this time, the router will drop the upload speed on the HTTP interface to no less than 12% of the bandwidth (because it has 12% reserved), and the VoIP protocol has up to 60% of the bandwidth available if it needs it. All of this is dynamic, so if the VoIP call is only using 30% of the bandwidth, the HTTP upload can utilize more of it.

Untangle, along with many other distros, allows you to create your own custom QoS rules. With Untangle, however, there is one caveat: you need to create a bypass rule in order to be able to prioritize the traffic. What does this mean exactly? It simply means that the network traffic will “bypass” the untangle application itself and go straight to the Linux kernel then onto the network interface.

What does all of that mean for the user? It means that any traffic that is bypassed will not be run through any of the Untangle apps. So if you wanted to bypass HTTP traffic in order to shape it, you would lose out on things like virus scanning and the web filter. So in this situation, you would have to choose whether or not you wanted QoS to be active on HTTP or whether or not you wanted HTTP to run through any of the active apps that you have running on your Untangle machine. More about creating bypass rules in Untangle can be found here.

The good news is that if you absolutely need QoS on non-bypassed protocols, Untangle’s Bandwidth Control app does just that. It does cost money however, and it is not exactly cheap at $270/year for up to 10 PCs -- and $540/year for up to 50 PCs. At that price tag it's certainly not for everyone, but it may be worth it to some and at least the option is there.

Creating custom rules is very simple. Click add, and then create a name and fill in the corresponding ports to whatever you are trying to shape (ex. TCP port 80 for HTTP). Then choose the priority and enable it. Note that the rules get processed from top to bottom, so put your most critical traffic rules at the top.

The basics covered in this article are going to be the same regardless of what distro you’re using. For the specifics however, you will need to consult your distro’s user manual or wiki.

This article is part of an effort to solicit content from the Broadband Reports community. If you'd like to participate, please contact us.