Community discussions

MikroTik App
  4. RouterOS
  5. General

Help with QoS

Post Reply
 
qdza
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Dec 07, 2010 12:13 am

Help with QoS

Mon Apr 18, 2011 11:47 am

Hello

I've problem with QoS this little s**t won't work

Mangle
[admin@Core] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic

20 ;;; Mark Standart_Download_100M__________________________________________>
__________
chain=forward action=mark-connection
new-connection-mark=Standart_con_down_100M passthrough=yes
src-address-list=Standart_class_100M&40M

21 chain=postrouting action=mark-packet
new-packet-mark=Standart_Download_100M passthrough=no
dst-address-list=Standart_class_100M&40M
connection-mark=Standart_con_down_100M

22 ;;; Mark Standart_Upload_40M_____________________________________________>
___________
chain=forward action=mark-connection
new-connection-mark=Standart_con_up_40M
passthrough=yes
src-address-list=Standart_class_100M&40M

23 chain=postrouting action=mark-packet new-packet-mark=Standart_Upload_40M
passthrough=no src-address-list=Standart_class_100M&40M
connection-mark=Standart_con_up_40M
This is right?

Thank you for help
Top
 
qdza
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Dec 07, 2010 12:13 am

Re: Help with QoS

Mon Apr 18, 2011 8:44 pm

No-one can't help me?
Please

Or someone can post example with configuration maybe I'll find something
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Help with QoS

Mon Apr 18, 2011 8:59 pm

Why are you marking packets on postrouting? It's generally better to do so in the forward chain than there.

Also without knowing what kind of queues you are using, you could potentially be having issues there.

http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram

Couple of issues that pop out at me:
1.) With basing packet marks off of a connection mark, you automatically get both sides of the connection. You have two mark-connection rules that use the same matchers, you are overwriting connection marks and causing unintended issues there.

2.) Why are you checking for an address list when marking packets? That's eating more CPU time instead of just relying on the connection mark. I would also recommend putting connection-state=new in your mark connection rules to cut down on CPU time as well. Once a connection has a mark, no sense in marking each packet again.

With that being said, if you see the rules incrementing then that means your packets are being marked. That leaves your queue setup, since that's not posted we can't answer any questions with that.
Top
 
Sanity
Member Candidate
Member Candidate
Posts: 198
Joined: Sun Mar 06, 2011 8:51 am

Re: Help with QoS

Mon Apr 18, 2011 9:38 pm

I would also recommend putting connection-state=new in your mark connection rules to cut down on CPU time as well. Once a connection has a mark, no sense in marking each packet again.
There is IMHO a better way.

I do marking in the prerouting chain at the moment for connections, forward for packets.

* First rule connection: If the connection has a mark, return.
* Then I have all the rules assigning connection marks.

Postrouting:

* First rules for all traffi types, more important first. They assign packet marks (used for queues) according to connection mark.
* Last rule: connection no-mark -> no action (tracks traffic of that type, which is LITTLE, possibly technial syn etc.).

I keep forward empty due to automatic rules by VPN's.

I currently struggle with getting nths splits between VPN done at the same time which sadly are address specific. I just wish Mikrotik would have per per connection routing marks.
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Help with QoS

Mon Apr 18, 2011 9:56 pm

You can use the PCC classifier when marking for routing, or for anything else for in the firewall. It's just recommended on the connections since it uses less CPU time (only needs to be calculated once on a new connection). By using PCC on a mark-routing rule it has to calculate the PCC matcher for each packet at a minimum, so this will increase CPU time.
Top
 
Sanity
Member Candidate
Member Candidate
Posts: 198
Joined: Sun Mar 06, 2011 8:51 am

Re: Help with QoS

Mon Apr 18, 2011 10:17 pm

You can use the PCC classifier when marking for routing, or for anything else for in the firewall. It's just recommended on the connections since it uses less CPU time (only needs to be calculated once on a new connection). By using PCC on a mark-routing rule it has to calculate the PCC matcher for each packet at a minimum, so this will increase CPU time.
Tried that. My poblem with that is that I need the per connection classifier already to distribute packet marks for the queue.

It would be nice if one could have two connection marks - one that can be used for setting a routing mark.
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Help with QoS

Mon Apr 18, 2011 10:25 pm

Tried that. My poblem with that is that I need the per connection classifier already to distribute packet marks for the queue.

It would be nice if one could have two connection marks - one that can be used for setting a routing mark.
You can mark packets directly too instead of relying on connection marks. This once again just chews up extra CPU time, and you need to make sure you have rules in place that will catch both sides of the connection, so extra rules = more CPU time.

What option you choose is up to you, and the requirements of the network. I went with the mark packets directly route because I'm only marking VPN, HTTP, HTTPS, DNS, and other. I only saw about a 10-20% increase in CPU time, but none of my networks are really pushing more than 10Mbps of traffic most of the time.

Also the PCC matcher is just that, you can use it as many times as you want in different locations, regardless if you are using it to mark connections. If you don't mind me asking, why are you using PCC with connection marks to mark packets for QoS? Unless I'm reading your post wrong.
Top
 
qdza
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Dec 07, 2010 12:13 am

Re: Help with QoS

Mon Apr 18, 2011 10:53 pm

Can someone show me right rules that i can reconfigure.
This configurations which I'm using right now, I found them somewhere in forum and actually this conf. don't work.

If someone can post working rules please?
Top
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: Help with QoS

Tue Apr 19, 2011 12:20 am

Code: Select all
/ip firewall mangle
chain=forward action=mark-connection new-connection-mark=Standart_con_down_100M passthrough=yes src-address-list=Standart_class_100M&40M connection-state=new
chain=forward action=mark-packet connection-mark=Standart_con_down_100M new-packet-mark=Standart_con_down_100M
That will mark packets for a connection in BOTH directions. So if you want to apply different overall limits based on upload and download, you need to set up your queues to handle it correctly. I usually place the queues on the interface HTB, that way WAN is always upload LAN is always download, and I can set my limits there.

Here is a basic example in the Wiki that you can use to get started and work out from there.
http://wiki.mikrotik.com/wiki/Manual:Connection_Rate
Top
 
Sanity
Member Candidate
Member Candidate
Posts: 198
Joined: Sun Mar 06, 2011 8:51 am

Re: Help with QoS

Tue Apr 19, 2011 6:33 am

Also the PCC matcher is just that, you can use it as many times as you want in different locations, regardless if you are using it to mark connections. If you don't mind me asking, why are you using PCC with connection marks to mark packets for QoS? Unless I'm reading your post wrong.
Because this seems moreefficient. I have a significant number of connection marking rules (25 or so), some based on address lists (traffic to specific hosts is high priority). This way, the per packet analysis only has to go through a number of siple rules to analyse the connection mark.

/ip firewall mangle

/ first the packet marks based on the connection marks
add action=mark-packet chain=postrouting comment="con inf -> packet inf" \
connection-mark=inf disabled=no new-packet-mark=inf passthrough=no
add action=mark-packet chain=postrouting comment="con tmd -> packet tmd" \
connection-mark=tmd disabled=no new-packet-mark=tmd passthrough=no
add action=mark-packet chain=postrouting comment="con int -> packet int" \
connection-mark=int disabled=no new-packet-mark=int passthrough=no
add action=mark-packet chain=postrouting comment="con req -> packet req" \
connection-mark=req disabled=no new-packet-mark=req passthrough=no
add action=mark-packet chain=postrouting comment="con slo -> packet slo" \
connection-mark=slo disabled=no new-packet-mark=slo passthrough=no
add action=mark-packet chain=postrouting comment="con unm -> packet unm" \
connection-mark=unm disabled=no new-packet-mark=unm passthrough=no
add action=return chain=postrouting comment=\
"con no-mark -> no action (count traffic)" connection-mark=no-mark \
disabled=no

// Split traffic to company office to two pptp links

add action=mark-routing chain=prerouting comment="split: fabric-00-01.1 n:1/2" \
disabled=no dst-address=172.20.0.0/16 new-routing-mark=fabric-00-01.1 nth=\
2,1 passthrough=yes
add action=mark-routing chain=prerouting comment="split: fabric-00-01.2 n:2/2" \
disabled=no dst-address=172.20.0.0/16 new-routing-mark=fabric-00-01.2 nth=\
2,2 passthrough=yes

// From here on we mark connections.

// If already marked, we are finished. This is triggered for most packets.
add action=return chain=prerouting comment=\
"con marked -> return (we do not recheck for mark)" connection-mark=\
!no-mark disabled=no

// Now we go and find the first match.
add action=mark-connection chain=prerouting comment="inf: bgp" disabled=no \
new-connection-mark=inf passthrough=no port=179 protocol=tcp
add action=mark-connection chain=prerouting comment="inf: icmp" disabled=no \
new-connection-mark=inf passthrough=no protocol=icmp
add action=mark-connection chain=prerouting comment="inf: dns" disabled=no \
new-connection-mark=inf passthrough=no port=53 protocol=tcp
add action=mark-connection chain=prerouting comment="inf: dns" disabled=no \
new-connection-mark=inf passthrough=no port=53 protocol=udp
add action=mark-connection chain=prerouting comment="inf: ntp" disabled=no \
new-connection-mark=inf passthrough=no port=123 protocol=udp
add action=mark-connection chain=prerouting comment="inf: ldp (hello)" \
disabled=no new-connection-mark=inf passthrough=no port=646 protocol=tcp
add action=mark-connection chain=prerouting comment="inf: ldp" disabled=no \
new-connection-mark=inf passthrough=no port=646 protocol=udp
add action=mark-connection chain=prerouting comment="tmd: gre" disabled=no \
new-connection-mark=tmd passthrough=no protocol=gre
add action=mark-connection chain=prerouting comment="tmd: pptp" disabled=no \
new-connection-mark=tmd passthrough=no port=1723 protocol=tcp
add action=mark-connection chain=prerouting comment="tmd: sip" disabled=no \
new-connection-mark=tmd passthrough=no port=5060-5061 protocol=udp
add action=mark-connection chain=prerouting comment=\
"tmd: traffic from the traffic-timed server list" disabled=no \
new-connection-mark=tmd passthrough=no src-address-list=traffic-timed
add action=mark-connection chain=prerouting comment=\
"tmd: traffic to the traffic-timed server list" disabled=no \
dst-address-list=traffic-timed new-connection-mark=tmd passthrough=no
add action=mark-connection chain=prerouting comment="int: rdp" disabled=no \
new-connection-mark=int passthrough=no port=3389 protocol=tcp
add action=mark-connection chain=prerouting comment="req: http" disabled=no \
new-connection-mark=req passthrough=no port=80,8080 protocol=tcp
add action=mark-connection chain=prerouting comment="req: https" disabled=no \
new-connection-mark=req passthrough=no port=443 protocol=tcp
add action=mark-connection chain=prerouting comment="slo: smb" disabled=no \
new-connection-mark=slo passthrough=no port=137-139,445 protocol=tcp
add action=mark-connection chain=prerouting comment="slo: dfs-r" disabled=no \
new-connection-mark=slo passthrough=no port=5722 protocol=tcp
add action=mark-connection chain=prerouting comment="inf: winbox" disabled=no \
new-connection-mark=inf passthrough=no port=8291 protocol=tcp

// Finally: we mark as unm

add action=mark-connection chain=prerouting comment="unm: rest" disabled=no \
new-connection-mark=unm passthrough=no
Top
 
qdza
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Dec 07, 2010 12:13 am

Re: Help with QoS

Tue Apr 19, 2011 12:23 pm

I'm not pro in QoS I'll post my rules maybe someone can find mistake and make it right please

Some rules are disabled, I disable them in due to testing
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Total_Download packet-mark="" parent=global-in priority=\
8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Total_Upload parent=global-out priority=8

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Upload_10M packet-mark=Business_Upload_10M \
parent=Total_Upload priority=8 queue=PCQ_up_10M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Standart_Download_100M packet-mark=\
Standart_Download_100M parent=Total_Download priority=1 queue=\
PCQ_down_100M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Download_100M packet-mark=\
Business_Download_100M parent=Total_Download priority=1 queue=\
PCQ_down_100M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Upload_10M packet-mark=Standart_Upload_10M \
parent=Total_Upload priority=8 queue=PCQ_up_10M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Download_75M packet-mark=Business_Download_75M \
parent=Total_Download priority=2 queue=PCQ_down_75M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Download_50M packet-mark=Business_Download_50M \
parent=Total_Download priority=6 queue=PCQ_down_50M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Download_25M packet-mark=Business_Download_25M \
parent=Total_Download priority=8 queue=PCQ_down_25M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Download_75M packet-mark=Standart_Download_75M \
parent=Total_Download priority=2 queue=PCQ_down_75M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Download_50M packet-mark=Standart_Download_50M \
parent=Total_Download priority=6 queue=PCQ_down_50M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Download_25M packet-mark=Standart_Download_25M \
parent=Total_Download priority=1 queue=PCQ_down_25M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Upload_20M packet-mark=Business_Upload_20M \
parent=Total_Upload priority=6 queue=PCQ_up_20M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Upload_30M packet-mark=Business_Upload_30M \
parent=Total_Upload priority=4 queue=PCQ_up_30M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Business_Upload_40M packet-mark=Business_Upload_40M \
parent=Total_Upload priority=2 queue=default

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Upload_20M packet-mark=Standart_Upload_20M \
parent=Total_Upload priority=6 queue=PCQ_up_20M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=0 \
max-limit=0 name=Standart_Upload_30M packet-mark=Standart_Upload_30M \
parent=Total_Upload priority=2 queue=PCQ_up_30M

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=Standart_Upload_40M packet-mark=Standart_Upload_40M \
parent=Total_Upload priority=1 queue=PCQ_up_40M
/queue type
add kind=pcq name=PCQ_down_50M pcq-classifier=dst-address pcq-limit=20 pcq-rate=50000000 pcq-total-limit=500
add kind=pcq name=PCQ_up_30M pcq-classifier=src-address pcq-limit=20 pcq-rate=30000000 pcq-total-limit=500
add kind=pcq name=PCQ_down_25M pcq-classifier=dst-address pcq-limit=30 pcq-rate=25000000 pcq-total-limit=1000
add kind=pcq name=PCQ_down_75M pcq-classifier=dst-address pcq-limit=30 pcq-rate=75000000 pcq-total-limit=1000
add kind=pcq name=PCQ_up_20M pcq-classifier=src-address pcq-limit=30 pcq-rate=20000000 pcq-total-limit=1000
add kind=pcq name=PCQ_up_10M pcq-classifier=src-address pcq-limit=30 pcq-rate=10000000 pcq-total-limit=1000
add kind=pcq name=PCQ_down_100M pcq-classifier=dst-address pcq-limit=50 pcq-rate=100000000 pcq-total-limit=2000
add kind=pcq name=PCQ_up_40M pcq-classifier=src-address pcq-limit=50 pcq-rate=40000000 pcq-total-limit=2000

/ip firewall mangle

add action=mark-connection chain=prerouting comment="Mark Business_Download_100M__________________________________________________________" \
disabled=yes new-connection-mark=Business_con_down_100M passthrough=yes src-address-list=Business_class_100M&40M

add action=mark-packet chain=prerouting comment="" connection-mark=Business_con_down_100M disabled=yes new-packet-mark=Business_Download_100M \
passthrough=yes

add action=mark-connection chain=postrouting comment="Mark Business_Upload_40M" disabled=yes new-connection-mark=Business_con_up_40M \
passthrough=yes src-address-list=Business_class_100M&40M

add action=mark-packet chain=postrouting comment="" connection-mark=Business_con_up_40M disabled=yes new-packet-mark=Business_Upload_40M \
passthrough=yes

add action=mark-connection chain=prerouting comment="Mark Business_Download_75M" disabled=yes new-connection-mark=Business_con_down_75M \
passthrough=yes src-address-list=Business_class_75M&30M

add action=mark-packet chain=prerouting comment="" connection-mark=Business_con_down_75M disabled=yes new-packet-mark=Business_Download_75M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Business_Upload_30M" disabled=yes new-connection-mark=Business_con_up_30M passthrough=\
yes src-address-list=Business_class_75M&30M

add action=mark-packet chain=forward comment="" connection-mark=Business_con_up_30M disabled=yes new-packet-mark=Business_Upload_30M \
passthrough=yes

add action=mark-connection chain=prerouting comment="Mark Business_Download_50M" disabled=yes new-connection-mark=Business_con_down_50M \
passthrough=yes src-address-list=Business_class_50M&20M

add action=mark-packet chain=prerouting comment="" connection-mark=Business_con_down_50M disabled=yes new-packet-mark=Business_Download_50M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Business_Upload_20M" disabled=yes new-connection-mark=Business_con_up_20M passthrough=\
yes src-address-list=Business_class_50M&20M

add action=mark-packet chain=forward comment="" connection-mark=Business_con_up_20M disabled=yes new-packet-mark=Business_Upload_20M \
passthrough=yes

add action=mark-connection chain=prerouting comment="Mark Business_Download_25M" disabled=yes new-connection-mark=Business_con_down_25M \
passthrough=yes src-address-list=Business_class_25M&10M

add action=mark-packet chain=prerouting comment="" connection-mark=Business_con_down_25M disabled=yes new-packet-mark=Business_Download_25M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Business_Upload_10M" disabled=yes new-connection-mark=Business_con_up_10M passthrough=\
yes src-address-list=Business_class_25M&10M

add action=mark-packet chain=forward comment="" connection-mark=Business_con_up_10M disabled=yes new-packet-mark=Business_Upload_10M \
passthrough=yes

add action=mark-connection chain=prerouting comment="Mark
Standart_Download_100M_______________________________________________________" \
disabled=no dst-address-list=Standart_class_100M&40M new-connection-mark=Standart_con_down_100M passthrough=yes

add action=mark-packet chain=postrouting comment="" connection-mark=Standart_con_down_100M disabled=no dst-address-list=\
Standart_class_100M&40M new-packet-mark=Standart_Download_100M passthrough=no

add action=mark-connection chain=postrouting comment="Mark Standart_Upload_40M___________________________________________________________" \
disabled=no new-connection-mark=Standart_con_up_40M passthrough=yes src-address-list=Standart_class_100M&40M

add action=mark-packet chain=postrouting comment="" connection-mark=Standart_con_up_40M disabled=no new-packet-mark=Standart_Upload_40M \
passthrough=no src-address-list=Standart_class_100M&40M

add action=mark-connection chain=prerouting comment="Mark Standart_Download_75M" disabled=yes new-connection-mark=Standart_con_down_75M \
passthrough=yes src-address-list=Standart_class_75M&30M

add action=mark-packet chain=prerouting comment="" connection-mark=Standart_con_down_75M disabled=yes new-packet-mark=Standart_Download_75M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Standart_Upload_30M" disabled=yes new-connection-mark=Standart_con_up_30M passthrough=\
yes src-address-list=Standart_class_75M&30M

add action=mark-packet chain=forward comment="" connection-mark=Standart_con_up_30M disabled=yes new-packet-mark=Standart_Upload_30M \
passthrough=yes
add action=mark-connection chain=prerouting comment="Mark Standart_Download_50M" disabled=yes new-connection-mark=Standart_con_down_50M \
passthrough=yes src-address-list=Standart_class_50M&20M

add action=mark-packet chain=prerouting comment="" connection-mark=Standart_con_down_50M disabled=yes new-packet-mark=Standart_Download_50M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Standart_Upload_20M" disabled=yes new-connection-mark=Standart_con_up_20M passthrough=\
yes src-address-list=Standart_class_50M&20M

add action=mark-packet chain=forward comment="" connection-mark=Standart_con_up_20M disabled=yes new-packet-mark=Standart_Upload_20M \
passthrough=yes

add action=mark-connection chain=prerouting comment="Mark Standart_Download_25M" disabled=yes new-connection-mark=Standart_con_down_25M \
passthrough=yes src-address-list=Standart_class_25M&10M

add action=mark-packet chain=prerouting comment="" connection-mark=Standart_con_down_25M disabled=yes new-packet-mark=Standart_Download_25M \
passthrough=yes

add action=mark-connection chain=forward comment="Mark Standart_Upload_10M" disabled=yes new-connection-mark=Standart_con_up_10M passthrough=\
yes src-address-list=Standart_class_25M&10M

add action=mark-packet chain=forward comment="" connection-mark=Standart_con_up_10M disabled=yes new-packet-mark=Standart_Upload_10M \
passthrough=yes

add action=log chain=forward comment="Check for unmarked traffic" disabled=yes log-prefix=""
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no
+Karma for results
Thank you
Top
 
qdza
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Tue Dec 07, 2010 12:13 am

Re: Help with QoS

Tue Apr 19, 2011 8:52 pm

In forum are registered 22383 users from them ~5% are not active, and no one who can help :)

I should probably use simple queues
Top
Post Reply
  4. RouterOS
  5. General