<div dir="ltr">Hello,<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:12.8px">I think the easiest and most robust way to shape ingress traffic for you<br></span><span style="font-size:12.8px">would be to do it on the LAN side.<br></span><span style="font-size:12.8px">If you have multiple interfaces facing LAN then use ifb.<br></span><span style="font-size:12.8px">I've never used it myself, but to mark multiple address ranges the<br></span><span style="font-size:12.8px">easiest way would be to use iptables with ipset - there will be many<br></span><span style="font-size:12.8px">examples to be found on the internet.<br></span><span style="font-size:12.8px">Even if you do mark (well set dscp cs1) for steam servers you will still<br></span><span style="font-size:12.8px">need to be backed off from your ingress rate enough or it still won't<br></span><span style="font-size:12.8px">work as the queue will build up too much on the ISP side of the<br></span><span style="font-size:12.8px">bottleneck. Shaping ingress is quite different to doing egress as you<br></span><span style="font-size:12.8px">are at the wrong end of the bottleneck.</span></blockquote><div><br></div><div>In my case switch0 should work for the LAN, just wondering if setting cake on both pppoe0 (for outbound traffic) and switch0 (fro inbound traffic) at the same time should work without issues? Hmm, probably gonna try it and see if it does. I'm gonna look up iptables and ipset and see what I can find, thanks for the help.</div><div><br></div><div>Also I have done some more testing, I was able to limit Steam connections just to one thanks to some console commands ("@cMaxContentServersToRequest" and "@cCSClientMaxNumSocketsPerHost") and while the situation improved (no more packet loss, latency variation within 10ms, but still seeing ping spikes of ~50ms) it's still not what I'd consider ideal, which would be like with any other download. So my guess is there's something else going on other than just the multiple connections, which are definitely big part of the problem but not the only thing.</div><div><br></div><div>Anyway these are my current settings for Cake and I've been using them for the last four days without issues:</div><div><br></div><div><i>qdisc cake 8005: root refcnt 2 bandwidth 950Kbit diffserv3 triple-isolate nat wash rtt 100.0ms atm overhead 40 via-ethernet</i><br></div><div><i>qdisc cake 8006: root refcnt 2 bandwidth 17500Kbit diffserv3 triple-isolate nat wash ingress rtt 100.0ms atm overhead 40 via-ethernet</i><br></div><div><br></div><div>I will try Andy's suggestions and see what I can do.</div><div><br></div><div>@Sebastian No problem, I tested your updated script and it is indeed reporting overhead 40. </div></div><div class="gmail_extra"><br><div class="gmail_quote">On 25 April 2017 at 12:26, Andy Furniss <span dir="ltr"><<a href="mailto:adf.lists@gmail.com" target="_blank">adf.lists@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Dendari Marini wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
FWIW here's a quick example on ingress ppp that I tested using<br>
connmark the connmarks (1 or 2 or unmarked) being set by iptables<br>
rules on outbound connections/traffic classes.<br>
</blockquote>
<br>
<br>
Unfortunately I'm really not sure how to apply those settings to my<br>
case, it's something I've never done so some hand-holding is probably<br>
needed, sorry. At the moment I've limited the Steam bandwidth using<br>
the built-in Basic Queue and DPI features from the ER-X. They're easy<br>
to set up but aren't really ideal, would rather prefer Cake would<br>
take care about it more dynamically.<br>
<br>
Anyway about the Steam IP addresses I've noticed, in the almost three<br>
weeks of testing, they're almost always the same IP blocks (most of<br>
which can be found on the Steam Support website, <a href="https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711" rel="noreferrer" target="_blank">https://support.steampowered.c<wbr>om/kb_article.php?ref=8571-GLV<wbr>N-8711</a>).<br>
I believe it would be a good starting point for limiting Steam, what<br>
do you think?<br>
</blockquote>
<br></span>
I think the easiest and most robust way to shape ingress traffic for you<br>
would be to do it on the LAN side.<br>
If you have multiple interfaces facing LAN then use ifb.<br>
I've never used it myself, but to mark multiple address ranges the<br>
easiest way would be to use iptables with ipset - there will be many<br>
examples to be found on the internet.<br>
Even if you do mark (well set dscp cs1) for steam servers you will still<br>
need to be backed off from your ingress rate enough or it still won't<br>
work as the queue will build up too much on the ISP side of the<br>
bottleneck. Shaping ingress is quite different to doing egress as you<br>
are at the wrong end of the bottleneck.<br>
</blockquote></div><br></div>