15

CrashPlan appears to upload stuff on the standard HTTPS port 443.

Is there any way to allocate it bulk QoS priority separately from all other HTTPS traffic, or am I completely stuffed?

I'm using DD-WRT.

Tamara Wijsman
  • 57,881
RomanSt
  • 9,959

8 Answers8

7

I think I have this working for DD-WRT + Crashplan.

First, test your connection with speedtest.net or similar performance tool.

  1. Configure TOS in Crashplan

    In Crashplan, go to Settings → Network → TCP packet TOS. Here I selected DSCP and input a value of 56. That corresponds to 0x38; shifting right two bits gives us 0xE, which is a DSCP codepoint we can program into IPTABLES.

    I set this value for both WAN and LAN; after saving, I did a reboot.

    To confirm this was OK, I installed Wireshark and did a trace on tcp.port == 443. After starting Crashplan I could see the output backup traffic; sure enough, expanding the IP header showed that the DS codepoint was 0xE.

  2. Enable QoS in DD-WRT

    Simply enable QoS on the DD-WRT router, as described in the above comment: NAT/QOS → QoS → Start QoS (set to "Enable").

    I programmed in 85% of my available upload and download bandwidth.

  3. Create the iptables rule

    Here, we configure iptables to pattern match on the DS code point (DSCP) and then 'set mark' to the BULK group. Go to Administration → Commands and input the following into the text box:

    iptables -t mangle -I POSTROUTING -m dscp --dscp 0x0e -j MARK --set-mark 40
iptables -t mangle -I PREROUTING  -m dscp --dscp 0x0e -j MARK --set-mark 40

    Click "Save Firewall" to commit these changes.

    Finally, I followed up with a reboot.

  4. Test

    I found it difficult to produce a table or diagnostic that showed that my rules were in effect. So, I simply did the ultimate test, which was to re-run the performance test described above, while Crashplan was running. Success! The upload and download speeds are basically the same, even though Crashplan was running in the background.

Indrek
  • 24,874
acel
  • 71
6

There's a setting for CrashPlan to tag its packets itself: TCP packet TOS

Jon-Eric
  • 2,312
6

Set the DSCP value you want via local machine policy using the process name and destination port to ensure you only tag crashplan traffic, not anything else on port 443.

I just blogged about this, including video:

http://blog.paulgeorge.co.uk/2012/06/07/crashplan-upload-traffic-with-dscp-tos-and-qos-on-windows-7/

EDIT : updated post with router setup http://blog.paulgeorge.co.uk/2012/06/11/setting-up-qos-on-draytek-2920n-router-using-dscp/

Paul George
  • 441
3

There is a tip on the DD-WRT forum.

Use this in your firewall script, the mark values are explained on the QoS wiki page.

iptables -t mangle -I POSTROUTING -d [destination ip] -j MARK --set-mark 40 
iptables -t mangle -I PREROUTING -s [source ip] -j MARK --set-mark 40

Since they're both using iptables, you can do the same as Tomato. You just don't have a nice GUI.

Community
  • 1
Robert Metzger
  • 248
2

I use Tomato, not DD-WRT, but I found it very easy to setup QoS for crashplan.

I configured QoS based upon destination IPs for central.crashplan.com on port 443 and classified it as bulk traffic.

Rodalpho C
  • 21
1

Use CrashPlan's settings to rate-limit its traffic. Considering that HTTPS traffic is encrypted end-to-end (well, it's supposed to be), your router's not going to be able to determine what traffic belongs to it. The only end-run around that is if you could do QoS based on destination IP address. I don't know enough about DD-WRT to tell you whether or not that's possible.

afrazier
  • 23,505
0

Turns out to be a trick question because the information provided is slightly incorrect.

The Crashplan official page notes other ports in use by the product for backup. If you check, it looks like 443 is only used to administer the product and is listed for completeness. You should add port 4287 to your list of bulk service ports. 

https://support.code42.com/Administrator/Small_Business/Get_started_with_CrashPlan_for_Small_Business/CrashPlan_for_Small_Business_requirements

443 is only used for administration.

Tagging network packets attached to the service would also work if you are able to achieve that but this is potentially simpler.

Greg Christopher
  • 41
-1

@afrazier Crash Plan PRO only encrypts traffic at 128-bit Advanced Encryption Standard (AES) protocol. That's not a call out, just an FYI-I'm a die hard CPP+ fan. OF course the data is ENCRYPTED (their end) 448-so it's beyond safe. (I say"PRO" with emphasis, no telling what "Consumer" is (???)

OK, first is the newest Fix--It allocates more Memory to CPP. Therefore, those who have the overhead, willing to give to CPP Change the INI File Found

HERE: *WIN.X" C:\Program Files\CrashPlan\CrashPlanService.ini Ubuntu · Linux · Debian /usr/local/crashplan/bin/run.conf «

GO SLOW!! THERE IS AN "-Xms15M" SWITCH AND AN "-Xmx512M" FOR THE Java Virtual Machine. *YOU WILL WORK WITH THE "-Xmx512M" (it's a compressed line, why the emphasis)

---IF you have the overhead----raise value. You should be able to increase it to 1536 or 2048 on 32-bit systems although it might be possible to go higher, especially on 64-bit systems.

IF you need to throttle back--- For Linux, stay on 64-bit (if you have a 64-bit cpu), lower the memory maximum, and use compressed ops (assuming a recent JDK) -XX:+UseCompressedOops

The URL here (but no diff than what I wrote out--wrote out for Goog bot to catch (forget to remove the -XX minus, won't find it. grin

[http://crashplan.probackup.nl/remote-backup/support/q/keeps-stopping-and-starting.en.html][1]

Increasing Internet Speed (this is *NIGHT/DAY" difference on the "HOPS"

Level-3 has a "Public DNS" I changed my 4.2.2.2 over to the "Known Public" Not only am I getting faster speeds (at least 4-5 MBPS MORE DOWN on Speedtest). Most critical the "HOPS" are MUCH LESS.

I was upward of 25ish hops to get to CPP. And by the time I got there it was horrendous (180-200ms+) Now, I'm around 10-hops. All "acceptable" 20ms--range

****DOGS BOLLOCKS******LEVEL 3********* [http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm][1] Updated (November 2013) Level 3--Level3-DNS
Primary 209.244.0.3
Secondary 209.244.0.4

Have more, but it's 5am!!! here (thought was 1am) need sleep! later

PS--I"m on a Win.X, I found this in the jre\bin\client More Info on the -X Command Usages---NOTE THE DISCLAIMER (Subject to change without Notice) 

-Xmixed           mixed mode execution (default)
-Xint             interpreted mode execution only
-Xbootclasspath:<directories and zip/jar files separated by ;>
                  set search path for bootstrap classes and resources
-Xbootclasspath/a:<directories and zip/jar files separated by ;>
                  append to end of bootstrap class path
-Xbootclasspath/p:<directories and zip/jar files separated by ;>
                  prepend in front of bootstrap class path
-Xnoclassgc       disable class garbage collection
-Xincgc           enable incremental garbage collection
-Xloggc:<file>    log GC status to a file with time stamps
-Xbatch           disable background compilation
-Xms<size>        set initial Java heap size
-Xmx<size>        set maximum Java heap size
-Xss<size>        set java thread stack size
-Xprof            output cpu profiling data
-Xfuture          enable strictest checks, anticipating future default
-Xrs              reduce use of OS signals by Java/VM (see documentation)
-Xcheck:jni       perform additional checks for JNI functions
-Xshare:off       do not attempt to use shared class data
-Xshare:auto      use shared class data if possible (default)
-Xshare:on        require using shared class data, otherwise fail.

The -X options are non-standard and subject to change without notice.

WhereIsMyMindAt
  • 7