Community discussions

MikroTik App
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

urgent help needed ... QoS questions

Mon Jun 26, 2006 9:24 pm

i'd like someone to help me with a simple 4 rule QoS set

DNS: Priority 0 (ULTRA High)
HTTP browsing: Priority 1 (Highest)
IM (yahoo and MSN): Priority 2 (medium)
everything else: Priority 3 (Low)

I have looking at the forums and searched however i am not that keen on routeros just yet to do mangle and queues.

my line is 512kbps down and 256kbps up

can someone hit me with an example please i can use and then start to tweak?
 
oriondotnet
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Jan 17, 2006 9:27 pm

Tue Jun 27, 2006 6:52 am

 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Tue Jun 27, 2006 6:55 am

Or you could at least try to use the search function in the forum...... the question HAS beeen answered before

/Jörgen
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Tue Jun 27, 2006 10:57 am

as i said above i am

1) new to router os

and

2) my request is sorta specific so even though i searched i was still going "huh"?
 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Tue Jun 27, 2006 1:51 pm

Well since you can't seem to find the link yourself.... http://forum.mikrotik.com/viewtopic.php ... highlight=

READ this topic, it clearly explains how to set up QoS

/Jörgen
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Tue Jun 27, 2006 10:01 pm

sorry but i alread read that.

heres what i have now that i took from the online tutorial that i am using.

all i want now is to make something new to give priority 1 to http port 80.
[admin@MikroTik] queue tree> print
Flags: X - disabled, I - invalid 
 0   name="download" parent=ether2 packet-mark=users limit-at=0 
     queue=pcq-download priority=8 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 1   name="upload" parent=ether1 packet-mark=users limit-at=0 queue=pcq-upload 
     priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 

 [admin@MikroTik] queue tree> 
[admin@MikroTik] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting protocol=tcp dst-port=80 action=mark-connection 
     new-connection-mark=http-con passthrough=no 

 1   chain=prerouting connection-mark=http-con action=mark-packet 
     new-packet-mark=http passthrough=no 

 2   chain=forward src-address=192.168.0.0/24 action=mark-connection 
     new-connection-mark=users-con passthrough=yes 

 3   chain=forward connection-mark=users-con action=mark-packet 
     new-packet-mark=users passthrough=yes 
[admin@MikroTik] ip firewall mangle> 
now i need some kind soul to help me make something like that to give the highest priority to port 80 for http
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Thu Jun 29, 2006 9:07 am

comeon guys. a little help please?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Thu Jun 29, 2006 9:09 am

this will be the best help ever:
http://training.mikrotik.com/
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Thu Jun 29, 2006 9:11 am

yes. its a great website. i found it to be very useful however the online courses dont focus on what i need.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Thu Jun 29, 2006 9:22 am

how about the on-site courses? go to one of the trainings closest to you. you will learn a lot in the training class
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Thu Jun 29, 2006 9:25 am

i cant. i am in baghdad/iraq right now. lol!
 
cabana
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Feb 18, 2005 9:18 pm

Thu Jun 29, 2006 5:07 pm

I believe that Cape Town will be the next closest training class to you (July 16-19), or of course you could attend MUM in Singapore in September and gain a few tips there.

Although I do think the link that joeri91942 provided should solve your issue.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

OH MY GOD

Tue Jul 04, 2006 6:33 am

You guys! Why dont you HELP the man? Seriously.
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Jul 04, 2006 8:28 am

cylent,

your first mangle rule should have passthrough set to "yes", otherwise no packets will get a http packet mark, so nothing can be possibly queued furtheron. So it should read
 0   chain=prerouting protocol=tcp dst-port=80 action=mark-connection 
     new-connection-mark=http-con passthrough=yes
Then you can add queue rules similar to the "user" ones you posted, but for packets with the "http" packet mark and priority 1 (or whatever you want).

Best regards,
Christian Meis
 
cylent
Member
Member
Topic Author
Posts: 383
Joined: Sun May 28, 2006 10:30 am

Tue Jul 04, 2006 8:36 am

 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Jul 04, 2006 8:47 am

Hmmm, your decision... :D

Best regards,
Christian Meis
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

I Have a question now

Tue Jul 04, 2006 8:51 am

Playing with prerouting and whatnot. how do i setup a queue to catch all traffic not already being marked and prioritized?
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Jul 04, 2006 9:12 am

Just create a last (position is important!) mangle rule to mark all packets with a packet-mark of "the_rest" for example.
Then every packet that's not already mangled before (take care of your passthrough=yes/no settings!) will get marked with "the_rest".

You then can queue those "the_rest" packets as you want to.

Best regards,
Christian Meis
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Tue Jul 04, 2006 9:14 am

Thanks. Everything at the moment is set to passthrough=yes

0 chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-con passthrough=yes

1 chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-con passthrough=yes

2 chain=prerouting protocol=tcp dst-port=53 action=mark-packet new-packet-mark=dns-con passthrough=yes

3 chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http-con passthrough=yes

4 chain=prerouting protocol=tcp dst-port=80 action=mark-packet new-packet-mark=http-con passthrough=yes

5 chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email-con passthrough=yes

6 chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email-con passthrough=yes

7 chain=prerouting protocol=tcp dst-port=110 action=mark-packet new-packet-mark=email-con passthrough=yes

8 chain=prerouting protocol=tcp dst-port=25 action=mark-packet new-packet-mark=email-con passthrough=yes

9 chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http-con passthrough=yes

10 chain=prerouting protocol=tcp dst-port=443 action=mark-packet new-packet-mark=http-con passthrough=yes

11 chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=http-con passthrough=yes

12 chain=prerouting protocol=tcp dst-port=8080 action=mark-packet new-packet-mark=http-con passthrough=yes

13 chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-con passthrough=yes

14 chain=prerouting p2p=all-p2p action=mark-packet new-packet-mark=p2p-con passthrough=yes

15 X chain=prerouting action=mark-connection new-connection-mark=other-con passthrough=yes

16 X chain=prerouting action=mark-packet new-packet-mark=other-con passthrough=yes

Can you tell me what ive done wrong here? When i enable the last rule it starts picking up all the traffic and the other rules no longer work
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Jul 04, 2006 9:17 am

Every rule where you set a packet-mark should have its' passthrough set to no in your example. So packets already marked do not pass the mangle rules further down. You passthrough=yes makes every packet traverse the following mangle rules also, and every packets is (again) matched by the last rule, marking everything as "other-con"...

And you don't need to work with a mark-connection/mark-packet pair for the last "catch-all" rule - just a single mark-packet rule is enough.

Best regards,
Christian Meis
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Tue Jul 04, 2006 9:31 am

Thanks for that. As soon as i enable that last rule now, it starts to pick up (or so it seems) all the traffic still. Im watching my queues when i enable it and theyre not picking up email, http or dns.

This is what i have now

0 chain=prerouting protocol=tcp dst-port=53 action=mark-connection new-connection-mark=dns-con passthrough=yes
1 chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=dns-con passthrough=yes
2 chain=prerouting protocol=tcp dst-port=53 action=mark-packet new-packet-mark=dns-con passthrough=no
3 chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http-con passthrough=yes
4 chain=prerouting protocol=tcp dst-port=80 action=mark-packet new-packet-mark=http-con passthrough=no
5 chain=prerouting protocol=tcp dst-port=8080 action=mark-connection new-connection-mark=http-con passthrough=yes
6 chain=prerouting protocol=tcp dst-port=8080 action=mark-packet new-packet-mark=http-con passthrough=no
7 chain=prerouting protocol=tcp dst-port=25 action=mark-connection new-connection-mark=email-con passthrough=yes
8 chain=prerouting protocol=tcp dst-port=25 action=mark-packet new-packet-mark=email-con passthrough=no
9 chain=prerouting protocol=tcp dst-port=110 action=mark-connection new-connection-mark=email-con passthrough=yes
10 chain=prerouting protocol=tcp dst-port=110 action=mark-packet new-packet-mark=email-con passthrough=no
11 chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=http-con passthrough=yes
12 chain=prerouting protocol=tcp dst-port=443 action=mark-packet new-packet-mark=http-con passthrough=no
13 chain=prerouting protocol=tcp dst-port=995 action=mark-connection new-connection-mark=email-con passthrough=yes
14 chain=prerouting protocol=tcp dst-port=995 action=mark-packet new-packet-mark=email-con passthrough=no
15 chain=prerouting protocol=tcp dst-port=143 action=mark-packet new-packet-mark=email-con passthrough=no
16 chain=prerouting protocol=tcp dst-port=143 action=mark-connection new-connection-mark=email-con passthrough=yes
17 chain=prerouting protocol=tcp dst-port=993 action=mark-packet new-packet-mark=email-con passthrough=no
18 chain=prerouting protocol=tcp dst-port=993 action=mark-connection new-connection-mark=email-con passthrough=yes
19 chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-con passthrough=yes
20 chain=prerouting p2p=all-p2p action=mark-packet new-packet-mark=p2p-con passthrough=no
21 X chain=prerouting action=mark-packet new-packet-mark=other-con passthrough=yes

It makes no difference if i make the last rule passthrough or not

Thanks for your help
 
cmit
Forum Guru
Forum Guru
Posts: 1547
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Jul 04, 2006 9:43 am

Sorry, I did not really read all of your rules completely - my bad.
You should create a connection-mark based on some "protocol identifiers", like "TCP, dst-port 110".
The rule after that should create the packet-mark, but just based on the fact if that packet belongs to a marked connection, see the following modified example from your mangle rules:
3 chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http-con passthrough=yes
4 chain=prerouting connection-mark=http-con action=mark-packet new-packet-mark=http-con passthrough=no
And as a habit I personally would call a packet-mark something with "con" in it - tends to create confusion later on. I would call the packet-mark in the example above something like "http" only. But that's purely a matter of personal preference...

Best regards,
Christian Meis
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Tue Jul 04, 2006 9:58 am

i suspect im doing something drastically wrong.

3 chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http-con passthrough=yes

4 chain=prerouting connection-mark=http-con action=mark-packet new-packet-mark=http-con passthrough=no

After changing my rules to reflect that, my queues started picking up everything else again, so im not 100% sure what im doing wrong

why do i not specify the port & type in this second rule? Am i meant to be creating a protocol classifier first? (im not sure how to do this)
 
joeri91942
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Mar 31, 2005 12:31 pm
Location: Sundsvall, Sweden

Tue Jul 04, 2006 4:15 pm

The second rules does just what it is told to do... packet-marks all packets that are associated with http traffic (ie that has connection-mark=http-con )

That connection mark is set on all http traffic (dst-port=80) in the first rule.

Rule #3 tells the system to keep track of sessions going to port 80 and mark all traffic in a session with the connection mark http-con, it also allows for further processing of those packets by having passtrough=yes

Rule #4 takes all traffic marked by rule #3 and tags it with the packet mark (packet marks are needed for queue handling) http-con. Here I would personally use another name to easily see the difference between packet marks and connection marks.
This rule also has passthrough set to no so that the marked packets are not processed any more which could lead to them being retagged with some other mark further down in the list.

As far as I can tell your rule should be correct, if you run winbox (that is if you have a windows machine?) and look at the mangle screen, that should show you in close to real time exactly how much goes through.... also the screen connections shows you who are talking where and if you've gotten a connection mark set

/Jörgen
 
User avatar
HarvSki
Member
Member
Posts: 395
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Wed Jul 05, 2006 11:18 am


hahaha it is built on a steam engine! oh no sorry StreamEngine. There is a bit of a learing curve with a MikroTik router but once you get going it can do things you never even thought you would need when you started but will find you cannot do without. I started with one thinking it would be the only MikroTik I would need at the main gateway of my network, now I've lost count how may MT routers I've got out there :D
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Wed Jul 05, 2006 11:20 am

Yup. MT is incredibly flexable :) Thanks to all those who helped me! i managed to get my problem sorted yesturday!

Thanks again!

Who is online

Users browsing this forum: EnglishInfix and 23 guests