NanoPi R6S - Openwrt - What a beast!

lmfy2k

lmfy2k

lmfy2k

Soldato
Joined
12 Feb 2004
Posts
7,401
Location
Manchester
Recently moved from opnsense to openwrt as wanted to move to a lower power device

This has Rockchip RK3588S, 8Gb RAM, 32Gb eMMC, 1x 1Gb port and 2x 2.5Gb ports.

full spec: https://www.friendlyelec.com/index.php?route=product/product&product_id=289

Runs at 5W full load and getting A+ Bufferbloat with SQM/Cake with 1400/110 connection

oh and its tiny!


Still learning openwrt, so far got wireguard and adblock home setup on it, you can even have lxc and docker to on it too (yet to explore)
 
That's a very nice box for the price, I have a Rock 5 model B and the Rockchip cores are decent. What settings are you using in SQM? I assume it's giving you full speed on WAN? Take a look at the banip package with a couple of good lists. That'll turn it from a dumb firewall into a fully fledged threat management appliance. The overhead is ridiculously tiny. I have half a dozen lists running on all interfaces (cinsscore, dshield, hagezi, threat, threatview and turris), and it adds only double digits to RAM usage for 105MB system total used. Server load is still averaging 0.01, 0.00, 0.00 and there's no impact on performance.
 
Rainmaker said:
That's a very nice box for the price, I have a Rock 5 model B and the Rockchip cores are decent. What settings are you using in SQM? I assume it's giving you full speed on WAN? Take a look at the banip package with a couple of good lists. That'll turn it from a dumb firewall into a fully fledged threat management appliance. The overhead is ridiculously tiny. I have half a dozen lists running on all interfaces (cinsscore, dshield, hagezi, threat, threatview and turris), and it adds only double digits to RAM usage for 105MB system total used. Server load is still averaging 0.01, 0.00, 0.00 and there's no impact on performance.
Click to expand...

Using 1330000 and 104500 (virgin media 1gb)
Cake and piece of cake
Link layer overhead + 42

Yep, full speeds.

Awesome, will check out banip. I had Crowdsec on Opnsense so this sounds ideal!
 
Last edited:
GregI said:
In addition I like to set:

Queue Discipline > Tick Advanced Configuration (keep settings as they are) > Dangerous and add "nat dual-dsthost ingress" to ingress and "nat dual-srchost" to egress.

So it looks like: https://i.imgur.com/TvLmjpP.png

Better for torrents with a lot of connections.

You should also configure mpu to 84 for smaller packets: https://i.imgur.com/VGzvN8P.png
Click to expand...
How does...
"nat dual-dsthost ingress" to ingress and "nat dual-srchost" to egress
...help with torrents?

Asking as I have set Cake+Layer_cake and have A+ bufferbloat rating on my newly acquired openwrt router. Should I still set those options if I have A+?
 
@PanchoVilla

Getting an A+ rating is just the start of the journey but generally if you don't do torrents it's fine. As for your question:

By default, cake runs in triple isolate mode which by the manual (https://man7.org/linux/man-pages/man8/tc-cake.8.html) is basically:

"fairness is applied over source *and* destination addresses intelligently (ie. not merely by host-pairs), and also over individual flows. Use this if you're not certain whether to use dual-srchost or dual-dsthost; it'll do both jobs at once, preventing any one host on *either* side of the link from monopolising it with a large number of flows."

Sounds great right? This will do what most people want i.e. A+ bufferbloat rating but that approach to fariness does not work with BitTorrent. It's all about the number of connections. Every IP you're connected to as a peer or seed in the swarm will create a connection for cake. It's not long before that torrent is actually monopolising the bandwidth since cake treats each connection the same as all others under triple isolate mode. It has no knowledge of BitTorrent having multiple flows/connections. Quick example: Your running BitTorrent downloading from 50 seeds. Cake in this triple isolate mode must give fairness to all 50 of those flows. Someone else on your network is streaming a 4K YouTube video which is a single flow. They can potentially (and most likely will) now incur buffering since those 50 flows are monopolising most of the bandwidth over that 1 flow.

The solution: Put cake into per host isolation mode. In this mode cake is able to look at the kernel's internal routing table and see the true ip addresses and isolate all the BitTorrent traffic into one connection (now it does have knowledge you see). To take the previous example, this now means your same bittorrent download with 50 seeds is now counted as 1 flow and the YouTube video is counted as 1 flow and there is way less risk of buffering now since it can request more bandwidth. dual-srchost and dual-dsthost accomplish per host isolation.

If you're wondering about why the ingress keyword. It tries to ensure that the incoming packet rate is closer to the shaper rate that you set in the basic settings tab in order to help keep the upstream device buffer as clear as possible.
 
Last edited:
@GregI - thanks for the explanation.

I changed my settings to piece_of_cake (from layer_cake) and used your nat settings. I still get A+ bufferbloat rating.

Update:
I am not setting 'Link layer overhead + 42' - is this required?
 
Last edited:
Apologies for the slight sidetrack, but since the few SQM/OpenWRT users on this forum are in here... I never can get A+ downstream on WaveForm, only upstream. My downstream latency under load is always 80+ms, but upstream loaded latency is always 0ms. It doesn't matter what I set the downstream speed to in Luci, it doesn't change the results (though does lower the download speed obviously). It was the same on VM last year, but I just blamed them. Now I'm on Aquiss FTTP it's still the same issue. Weirdly, if I test on Cloudflare's speedtest, I get almost no increase in latency under load either down or upstream, and jitter is measured in microseconds (uS) not milliseconds (ms).

Is this a weird variable just on Waveform (uBlock Origin, my browser, something else) or maybe I'm doing something wrong?

I have Ethernet with 42, MPU 84, cake/piece of cake, nat dual-dsthost ingress and nat dual-srchost set, and no dice. I've tried even just setting the speeds and leaving any link layer adaptation or advanced settings disabled, and still the same result on WaveForm. I also tried inverting the config (setting the SQM interface to LAN and reversing the speeds) and setting the downstream shaper speed to 0 (disabled) and it's always the same result. Any ideas chaps?
 
@Rainmaker
I could not get A+ rating until I turned off 'Network Acceleration'. This was done via the GLInet interface on the Flint 2 router. I then went on to Luci interface and set my SQM to Cake/piece_of_cake. I don't know where in Luci the setting is for 'Network Acceleration'.
 
You must log in or register to reply here.
Back
Top Bottom