Looking for a second opinion on my queue configuration

lorsungcu · Wed Mar 29, 2017 1:00 am

Hello; I've built some mangling/queues and would like someone else's opinion on whether what I'm doing makes sense. The goal is to de-prioritize large downloads and ensure voice traffic has the highest priority. Issue I'm seeing is that it seems no matter what I do, I end up dropping packets on the voice queue, causing problems. See below:

/ip firewall mangle

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=74.95.143.115 dst-port=10161-10164 new-connection-mark=conn_snmp passthrough=yes protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=74.95.143.115 dst-port=161 new-connection-mark=conn_snmp passthrough=yes protocol=udp
add action=jump chain=prerouting comment="Mark voice traffic" connection-mark=no-mark connection-state=established,related,new dst-address-list=!local-networks jump-target=mark-voice protocol=udp src-address=10.9.1.20
add action=mark-connection chain=mark-voice new-connection-mark=conn_voice passthrough=no
add action=jump chain=prerouting connection-mark=conn_voice in-interface=ether10 jump-target=voice-download
add action=mark-packet chain=voice-download comment="Voice download" new-packet-mark=pack_voice-down passthrough=no
add action=jump chain=postrouting connection-mark=conn_voice jump-target=voice-upload out-interface=ether10
add action=mark-packet chain=voice-upload comment="Voice upload" new-packet-mark=pack_voice-up passthrough=no
add action=jump chain=prerouting comment="new connections from LAN" connection-mark=no-mark connection-state=established,related,new dst-address-list=!local-networks jump-target=mark-lan src-address=192.168.10.0/24
add action=mark-connection chain=mark-lan new-connection-mark=conn_lan-tcp passthrough=yes protocol=tcp
add action=mark-connection chain=mark-lan new-connection-mark=conn_lan-tcp passthrough=yes protocol=udp
add action=mark-connection chain=mark-lan new-connection-mark=conn_lan-tcp passthrough=yes
add action=jump chain=prerouting comment="LAN download traffic" connection-mark=conn_lan-tcp in-interface=ether10 jump-target=lan-download
add action=mark-packet chain=lan-download comment=0-5MB connection-bytes=0-5000000 new-packet-mark=pack_lan-download-01 passthrough=yes
add action=mark-packet chain=lan-download comment=5-25MB connection-bytes=5000000-25000000 new-packet-mark=pack_lan-download-02 passthrough=yes
add action=mark-packet chain=lan-download comment=25-100MB connection-bytes=25000000-100000000 new-packet-mark=pack_lan-download-03 passthrough=yes
add action=mark-packet chain=lan-download comment="100MB and greater" connection-bytes=100000000-0 new-packet-mark=pack_lan-download-04 passthrough=yes
add action=jump chain=postrouting comment="LAN upload traffic" connection-mark=conn_lan-tcp jump-target=lan-upload out-interface=ether10
add action=mark-packet chain=lan-upload comment=0-10MB connection-bytes=0-250000 new-packet-mark=pack_lan-upload-01 passthrough=yes
add action=mark-packet chain=lan-upload comment=0-10MB connection-bytes=250000-0 new-packet-mark=pack_lan-upload-02 passthrough=yes
add action= chain=none comment="WLAN connection marks" disabled=yes
add action=jump chain=prerouting comment="Mark WLAN connections" connection-mark=no-mark connection-state=established,related,new dst-address-list=!local-networks jump-target=mark-wlan src-address=10.9.5.0/24
add action=mark-connection chain=mark-wlan new-connection-mark=conn_wlan passthrough=no protocol=tcp
add action=mark-connection chain=mark-wlan new-connection-mark=conn_wlan passthrough=yes protocol=udp
add action=mark-connection chain=mark-wlan connection-mark=no-mark new-connection-mark=conn_wlan passthrough=yes
add action=jump chain=prerouting comment="WLAN download traffic" connection-mark=conn_wlan in-interface=ether10 jump-target=wlan-download
add action=mark-packet chain=wlan-download comment=0-5MB connection-bytes=0-5000000 new-packet-mark=pack_wlan-download-01 passthrough=no
add action=mark-packet chain=wlan-download comment=5-25MB connection-bytes=5000000-25000000 new-packet-mark=pack_wlan-download-02 passthrough=no
add action=mark-packet chain=wlan-download comment=25-100MB connection-bytes=25000000-100000000 new-packet-mark=pack_wlan-download-03 passthrough=no
add action=mark-packet chain=wlan-download comment="100MB and greater" connection-bytes=100000000-0 new-packet-mark=pack_wlan-download-04 passthrough=no
add action=jump chain=postrouting comment="WLAN upload traffic" connection-mark=conn_wlan jump-target=wlan-upload out-interface=ether10
add action=mark-packet chain=wlan-upload comment=0-10MB connection-bytes=0-2500000 new-packet-mark=pack_wlan-upload-01 passthrough=no
add action=mark-packet chain=wlan-upload comment=0-10MB connection-bytes=2500000-0 new-packet-mark=pack_wlan-upload-02 passthrough=no
add action=jump chain=prerouting comment="Mark guest connections" connection-mark=no-mark connection-state=established,related,new dst-address-list=!local-networks jump-target=mark-guest src-address=10.9.15.0/24
add action=mark-connection chain=mark-guest new-connection-mark=conn_guest passthrough=no
add action=jump chain=prerouting connection-mark=conn_guest in-interface=ether10 jump-target=guest-download
add action=mark-packet chain=guest-download comment=0-5MB connection-bytes=0-5000000 new-packet-mark=pack_guest-download-01 passthrough=no
add action=mark-packet chain=guest-download comment=5-25MB connection-bytes=5000000-25000000 new-packet-mark=pack_guest-download-02 passthrough=no
add action=mark-packet chain=guest-download comment=25-100MB connection-bytes=25000000-100000000 new-packet-mark=pack_guest-download-03 passthrough=no
add action=mark-packet chain=guest-download comment="100MB and greater" connection-bytes=100000000-0 new-packet-mark=pack_guest-download-04 passthrough=no
add action=jump chain=postrouting connection-mark=conn_guest jump-target=guest-upload out-interface=ether10
add action=mark-packet chain=guest-upload comment=0-10MB new-packet-mark=pack_guest-upload passthrough=no

/queue

/queue type
add kind=pfifo name=voice pfifo-limit=75
/queue tree
add burst-limit=65M burst-threshold=20M burst-time=5s limit-at=12M max-limit=50M name=download-master packet-mark="pack_lan-download-01,pack_lan-download-02,pack_lan-download-03,pack_lan-download-04,pack_voice-down,pack_wlan-download-01,pack_wlan-download-02,pack_wlan-download-03,pack_wlan-download-04" parent=global
add limit-at=4M max-limit=12M name=upload-master packet-mark=pack_lan-upload-01,pack_lan-upload-02,pack_voice-up parent=global
add limit-at=10M max-limit=30M name=lan-download packet-mark=pack_lan-download-01,pack_lan-download-02,pack_lan-download-03,pack_lan-download-04 parent=download-master
add limit-at=512k max-limit=4M name=lan-upload packet-mark=pack_lan-upload-01,pack_lan-upload-02 parent=upload-master
add limit-at=5M max-limit=10M name=wlan-download packet-mark=pack_wlan-download-01,pack_wlan-download-02,pack_wlan-download-03,pack_wlan-download-04 parent=download-master
add limit-at=1M max-limit=2M name=wlan-upload packet-mark=pack_wlan-upload-01,pack_wlan-upload-02 parent=upload-master
add burst-limit=6M burst-threshold=2M burst-time=5s limit-at=3M max-limit=5M name=down-tcp_L1 packet-mark=pack_lan-download-01 parent=lan-download priority=4 queue=pcq-download-default
add burst-limit=5M burst-threshold=1M burst-time=5s limit-at=2M max-limit=4M name=down-tcp_L2 packet-mark=pack_lan-download-02 parent=lan-download priority=5 queue=pcq-download-default
add burst-limit=4M burst-threshold=512k burst-time=5s limit-at=1M max-limit=3M name=down-tcp_L3 packet-mark=pack_lan-download-03 parent=lan-download priority=6 queue=pcq-download-default
add burst-limit=3M burst-threshold=256k burst-time=5s limit-at=512k max-limit=2M name=down-tcp_L4 packet-mark=pack_lan-download-04 parent=lan-download priority=7 queue=pcq-download-default
add burst-limit=1M burst-threshold=256k burst-time=2s limit-at=512k max-limit=768k name=up-tcp_L1 packet-mark=pack_lan-upload-01 parent=lan-upload priority=4 queue=pcq-upload-default
add burst-limit=768k burst-threshold=256k burst-time=2s limit-at=384k max-limit=512k name=up-tcp_L2 packet-mark=pack_lan-upload-02 parent=lan-upload priority=5 queue=pcq-upload-default
add limit-at=5M max-limit=8M name=voice-download packet-mark=pack_voice-down parent=download-master priority=2 queue=voice
add limit-at=4M max-limit=6M name=voice-upload packet-mark=pack_voice-up parent=upload-master priority=2 queue=voice
add burst-limit=3M burst-threshold=1M burst-time=5s limit-at=1500k max-limit=2500k name=wlan-down_L1 packet-mark=pack_wlan-download-01 parent=wlan-download priority=5 queue=pcq-download-default
add burst-limit=2500k burst-threshold=1M burst-time=5s limit-at=1M max-limit=2M name=wlan-down_L2 packet-mark=pack_wlan-download-02 parent=wlan-download priority=6 queue=pcq-download-default
add burst-limit=2M burst-threshold=512k burst-time=5s limit-at=512k max-limit=1500k name=wlan-down_L3 packet-mark=pack_wlan-download-03 parent=wlan-download priority=7 queue=pcq-download-default
add burst-limit=1500k burst-threshold=256k burst-time=5s limit-at=256k max-limit=1M name=wlan-down_L4 packet-mark=pack_wlan-download-04 parent=wlan-download queue=pcq-download-default
add burst-limit=768k burst-threshold=256k burst-time=2s limit-at=256k max-limit=512k name=wlan-up_L1 packet-mark=pack_wlan-upload-01 parent=wlan-upload priority=5 queue=pcq-upload-default
add burst-limit=512k burst-threshold=128k burst-time=2s limit-at=128k max-limit=256k name=wlan-up_L2 packet-mark=pack_wlan-upload-02 parent=wlan-upload priority=6 queue=pcq-upload-default

There's some weirdness in there for protocols; disregard it

. I'm mostly wondering whether it makes more sense to just fasttrack SIP/RTP traffic and not queue it at all, while limiting other traffic enough to ensure voice always has some left over.