Prioritizing Netflix traffic with DD-WRT

Im in ur internet... clogging ur tubesNetwork traffic shaping is an interesting topic, that allows you to ensure that certain traffic gets priority over other traffic.  When applied at the ISP level, this can get controversial, as you start getting into Network-Neutrality issues (where one company’s traffic gets priority over another company’s, which could lead to large media corporations silencing grassroots communication).

At the local network level, though, it means that you can ensure that certain traffic (like streaming Netflix videos) won’t be slowed down just because other, less important traffic (like an off-site backup job), is also flowing through your WAN connection.  DD-WRT makes all of this possible (and not too difficult) on the NAT/QoS->QoS tab.

NAT/QoS->QoS

In the first section, titled ‘Quality of Service (QoS)’, set the following options:

  • Start QoS => Enable
  • Port => WAN
  • Packet Scheduler => HTB
  • Uplink => (whatever your ISP gives you for an uplink speed)
  • Downlink => (whatever your ISP gives you for an downlink speed)

You may want to check out speedtest.net or a similar service to see what your uplink and downlink speeds are.  If you can get this information from your ISP, that would be better, since the more accurate these values are, the better this will work.  If you enter too high of a value, the shaping won’t kick in because the router will think that it has more bandwidth to paly with.  If you choose too low of a value, you will end up wasting bandwidth, and your router will not use it all.

Now, if you only ever watch Netflix from a device that won’t be sending low-prioirty traffic as well (such as a Wii or Roku box), you can just enter that device’s MAC address in the MAC Priority section.  Add the MAC address(es) and then select ‘Premium’ for the priority.

MAC Priority Settings

On the other hand, if you have a home server connected to your television, and you use this both as a file server (which runs off-site backup jobs to ensure your data is not lost in the event of fire, burglary, or other catastrophe) and as a media player, you will want more fine-grained control, since not all of the traffic to that device will have the same priority.

So, we will need to set up some Netmask Priority rules.  This will give traffic to/from Netflix a higher than normal priority.  Inspired by Jonathan Kamens, I first set my offsite backup (to Amazon’s S3 service) a lower than average priority.  Then, I followed the same approach to itentify the subnet used by Netflix to stream their movies.

Using Little Snitch, I learned that Netflix uses LibSyn’s content-delivery network to stream the data.  Specifically, I noticed a lot of traffic coming from netflix-380.vo.llnwd.net.  Now, that server alone is not enough, because no doubt every time you connect, you will get a different server int he pool (like netflix-379…, netflix-381… etc).  So, I got the IP address for this server using the ‘ping’ command:

[pkaeding@tripel:~] 22:35:43
% ping netflix-380.vo.llnwd.net
PING netflix-380.vo.llnwd.net (208.111.173.130): 56 data bytes
64 bytes from 208.111.173.130: icmp_seq=0 ttl=56 time=15.002 ms
64 bytes from 208.111.173.130: icmp_seq=1 ttl=56 time=16.956 ms
64 bytes from 208.111.173.130: icmp_seq=2 ttl=56 time=14.714 ms

Now that we have the IP address (208.111.173.130), we need to know what block of IP assignment it belongs to.  IP addresses are assigned to companies in blocks, so it is a good bet that we want to prioritize all traffic to that network in the same way.  The ‘whois’ command will help us learn this information:

[pkaeding@tripel:~] 20:26:16
% whois 208.111.173.130
GeekTools Whois Proxy v5.0.5 Ready.
Checking access for 67.174.196.72... ok.
Final results obtained from whois.arin.net.
Results:
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=208.111.173.130?showDetails=true&showARIN=false
#

NetRange:       208.111.128.0 - 208.111.191.255
CIDR:           208.111.128.0/18
OriginAS:       AS22822
NetName:        LLNW-3
...

What we are interested in is the ‘CIDR’ field.  This is what refers to the block of IP Addresses that we are trying to prioritize.  Go back to DD-WRT, and in the ‘Netmask Priority’ section, add an entry for this network.  Then, assign it to the ‘Premium’ priority.  (In the screenshot, you can see that I have the S3 network set to ‘Bulk’ as well as the Netflix traffic set to ‘Premium’.

Netmask Priority Settings

In the end, I can watch movies while my 130GB photo collection is copied to Amazon’s cloud service!

This entry was posted in computers and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

10 Comments

  1. Posted November 15, 2010 at 11:22 pm | Permalink

    There is another option to backup data to cloud storage powered by Amazon S3. Check out CloudBerry Backup http://backup.cloudberrylab.com/ . It is one time fee and the rest what you pay for Amazon S3. Besides, there is no proprietary data format and you can access your data using other Amazon s3 tools. Supports all Amazon S3 regions and Reduced Redundancy Storage.

  2. Posted March 12, 2011 at 1:15 pm | Permalink

    After doing some monitoring of my DNS requests (thanks OPENDNS) and a little research I have found the following IPs that Netflix uses to serve content.
    208.75.76.0/22
    128.242.0.0/16
    63.97.94.0/24
    65.200.11.0/24
    96.16.0.0/15
    216.246.75.0/24
    204.0.0.0/14
    204.200.0.0/14
    184.84.0.0/14
    62.0.0.0/8
    58.0.0.0/8
    198.76.0.0/14
    4.27.0.0/16
    8.0.0.0/8
    206.32.0.0/14
    209.84.28.0/23
    209.84.24.0/22
    209.84.16.0/21
    192.221.0.0/16
    205.128.0.0/14
    4.0.0.0/8
    204.160.0.0/14
    199.92.0.0/14
    184.72.0.0/15
    208.111.128.0/18
    For settings I’m using: QoS = “Enabled”, Port = “WAN”, Packet Scheduler = “HFSC”, and then set my max up/down band width. I did not have a drop down list to indicate the priority but had to enter a kbps limit. I chose values slightly less than the max entered at the top.
    I’m open to additional comments as well.

  3. Trong Nguyen
    Posted February 28, 2012 at 10:57 pm | Permalink

    thanks this helped a lot. There seem to be massive downloaders on my network so its hard to watch a good netflix movie on 22mb line.

    if you have any updated rules plese post them up

  4. Ignacio
    Posted July 15, 2013 at 7:10 pm | Permalink

    Hi Patrick,

    Thanks for the great article..

    I have a very n00b question though. Currently I have an apple tv connected via wifi, if I want to set up the upload and download speeds, should it be taken from a pc connected via wifi as well, correct?

    Thanks in advance

  5. Posted July 15, 2013 at 7:15 pm | Permalink

    For most people, the bottle neck is going to be your internet connection, not your wifi speeds (ie, the data can go from your laptop or Apple tv device to the wifi router much more quickly than it can get from the router to Netflix, or wherever it is going). So, it shouldn’t matter if your laptop is connected over wifi or plugged directly into your router. If your Apple TV is far away from the router, though (or there are other sources of interference), it is possible that will slow things down.

    If you want, you can try both ways. If you get different numbers, use the higher one.

    Hope that helps!

  6. Kyle
    Posted September 16, 2013 at 6:25 pm | Permalink

    Will this help?…….maybe but remember QOS doesn’t increase your bandwidth and only one packet can be on the wire at one time. I know that sounds like a silly statement but a lot of people think otherwise in someway.

    Since you only have the ability to enable QOS on your side, what’s the point? You are marking packets with a priority and your ISP is more than likely remarking them to default when received (outbound). Also the traffic that has already come across the wire (inbound), has then arrived on your network, has nothing to do with your QOS model you setup. Since Netflix is inbound traffic…you get what you get from the ISP.

    However I think dd-wrt can trick the other packets (lower priority) by dropping packets to cause TCP connections to lower their window size therefore decreasing the packet size on the next inbound transmission. By making the packets smaller so streaming packets can fit in. Think of having to wait for a long train to cross the road vs a small train. This will help a little but don’t expect HD for everything….

    What has already come across the WAN interface has already used your bandwidth. So for most people, any QOS to the inside form there is pointless….

    Best thing to do is create an outbound firewall rule to block everything you don’t want to so only your pc is sending Netflix packet requests. This will then cause the inbound traffic to decrease so only Netflix is coming in.

  7. Nick Fennell
    Posted October 2, 2013 at 6:56 am | Permalink

    An old thread I know but in response to Jon and incase anyone else comes across this – I have doubt over the subnet list provided.

    One glaring example is 8.0.0.0/8. This certainly does not belong to Netflix. It’s a Level 3 owned block and is used across the globe. Google for example use 8.8.8.8.

    You can check who owns/uses the blocks using a whois.

    As an example;

    nfennell-mbp:~ nickfennell$ whois 8.0.0.0/8

    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/cidr/8.0.0.0/8/less?showDetails=true&ext=netref2
    #

    NetRange: 8.0.0.0 - 8.255.255.255
    CIDR: 8.0.0.0/8
    OriginAS:
    NetName: LVLT-ORG-8-8
    NetHandle: NET-8-0-0-0-1
    Parent:
    NetType: Direct Allocation
    RegDate: 1992-12-01
    Updated: 2012-02-24
    Ref: http://whois.arin.net/rest/net/NET-8-0-0-0-1

    OrgName: Level 3 Communications, Inc.
    OrgId: LVLT
    Address: 1025 Eldorado Blvd.
    City: Broomfield
    StateProv: CO
    PostalCode: 80021
    Country: US
    RegDate: 1998-05-22
    Updated: 2012-01-30
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    Ref: http://whois.arin.net/rest/org/LVLT

    Just be careful what you’re prioritising as you may not end up with what you expect.

    Nick

  8. Joe
    Posted February 20, 2014 at 8:32 pm | Permalink

    @Kyle

    Your ISP provides you with a set pipeline in which you can transmit and receive data. Now, do you want to saturate this entire pipeline with a file transfer while you are trying to stream a Netflix video? No, you don’t. So you shape the traffic on your end in such a way that the Netflix video stream has priority over the file transfer.

    You can think of Qos this way;
    Say you have a main waterline at your house that can provide 1o gallons per second. Now say your house has 2 faucets. If one faucet is run, you can expect 10 gallons per second expelled from the faucet. BUT, if you were to turn on both faucets at the same time, each faucet would be expected to produce 5 gallons per second.

    Now, say you need one faucet to put out 7 gallons per second (ie. stream Netflix) while the other faucet would be fine with only 3 gallons per second (ie. file transfer, system updates, etc), you need to manipulate that waterflow in some way. What you can do to solve this problem is; Install a limiter on the waterline that requires only 3 gallons per second. Now, you always have 7 gallons per second available for your higher priority faucet.

    This is a rudimentary explanation, Qos actually handles this traffic shaping more eloquently than just forcing one link down to a lower level at all times, but this should help you to understand why Qos can be quite useful.

  9. Posted April 25, 2014 at 9:16 pm | Permalink
  10. serpico
    Posted August 1, 2014 at 12:15 am | Permalink

    @Joe

    I don’t think you quite understood what Kyle was saying. When you download a file, who, ultimately, do you think controls the speed of that download? If you answer your client machine, you’d actually be wrong. The speed of the download is dictated by the slowest link between the server and your client. If your connection to the ISP happens to be the slowest link, guess what’s going to happen? It’s going to get saturated, regardless of ANYTHING you do. Neither your client, nor your router, have any direct control over this.

    So then, you ask, if that is true how are you able to control downloading speeds in certain programs. The magic here occurs because TCP/IP has a built in flow control mechanisms. By adjusting TCP/IP acknowledgements you can, effectively, control the download speed. However, if some server suddenly decides to blast you with 1Gb/s of UDP traffic, good luck trying to control that (welcome to DDOS attacks). You can setup QOS rules all day long and it won’t do anything.

    This is the magic of most consumer grade QOS, it actually DOES NOT CONTROL DOWNLOAD SPEED AT ALL. QOS on most consumer routers will monitor the download traffic, and then simply drop packets if they are labeled as low priority and the download is being saturated. This means that the client will never receive the packet, will not send an acknowledgement, and therefor the server will reduce the speed with which its uploading to you. Notice that in this situation, you do not have control of the download speed. Once you drop the packet, the damage has already been done (your pipe was saturated during that time). However, you are effectively telling the server to slow down its upload to you for future packets.

    This is where I disagree with Kyle. I have heard numerous people say that consumer grade QOS has worked wonders for them. Even though you do not directly control download speed, controlling TCP/IP flow seems to be good enough.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>