Community discussions

MikroTik App
 
JJT211
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Sun Apr 28, 2019 9:01 pm

Currently using Mangle rules for DUAL WAN setup. Now I want to add some QOS. Is it possible to integrate the QOS mangle

Mon May 25, 2020 7:36 am

My current dual WAN mangle rules are the first list. They been working flawlessly the last 6 months or so.

Now I'd like to add some addtional mangles for QOS. Would these (2nd list) interefer with the above dual WAN by changing packet marking?

Does rule order matter? Should QOS be before or after the dual WAN?
 /ip firewall mangle
            add action=accept chain=prerouting comment=ATT-ISP1 dst-address=x.x.x.x/29 in-interface-list=\
                LAN-att
            add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type="" \
                in-interface=eth1-AT&T new-connection-mark=ISP1-conn passthrough=yes
            add action=mark-connection chain=prerouting comment="DSCP-Force-WISP-to-ATT 042620" \
                connection-state=new disabled=yes dscp=46 dst-address-type=!local log=yes log-prefix=\
                "/mangle/ - bypass Cox to ATT by DSCP" new-connection-mark=ISP1-conn passthrough=no
            add action=mark-connection chain=prerouting comment=Force-WISP-IP-to-ATT connection-state=new \
                dst-address-type=!local log=yes log-prefix="/mangle/ - bypass Cox to ATT" new-connection-mark=\
                ISP1-conn passthrough=no src-address-list=Force-WISP-out-ATT
            add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!RFC1918 \
                dst-address-type=!local in-interface-list=LAN-att new-connection-mark=ISP1-conn passthrough=yes
            add action=mark-routing chain=prerouting connection-mark=ISP1-conn in-interface-list=LAN-att \
                new-routing-mark=to-ISP1 passthrough=yes
            add action=mark-routing chain=output connection-mark=ISP1-conn dst-address-type="" new-routing-mark=\
                to-ISP1 passthrough=yes
            add action=accept chain=prerouting comment=Cox-ISP2 dst-address=y.y.y.y/27 in-interface-list=\
                LAN-cox
            add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type="" \
                in-interface=eth2-cox new-connection-mark=ISP2-conn passthrough=yes
            add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!RFC1918 \
                dst-address-type=!local in-interface-list=LAN-cox new-connection-mark=ISP2-conn passthrough=yes
            add action=mark-routing chain=prerouting connection-mark=ISP2-conn in-interface-list=LAN-cox \

Now I'd like to add some addtional mangles for QOS. Would these below interefer with the above dual WAN by changing packet marking?
         /ip firewall mangle
        add action=mark-connection chain=prerouting comment=VOIP disabled=yes dscp=46 new-connection-mark=\
            VOIP passthrough=yes
        add action=mark-connection chain=prerouting disabled=yes dscp=26 new-connection-mark=VOIP \
            passthrough=yes
        add action=mark-packet chain=prerouting connection-mark=VOIP disabled=yes new-packet-mark=VOIP \
            passthrough=no
        add action=mark-connection chain=prerouting comment=DNS connection-state=new disabled=yes \
            new-connection-mark=DNS passthrough=yes port=53 protocol=udp
        add action=mark-packet chain=prerouting connection-mark=DNS disabled=yes new-packet-mark=DNS \
            passthrough=no
        add action=mark-connection chain=postrouting connection-state=new disabled=yes new-connection-m
            DNS passthrough=yes port=53 protocol=udp
        add action=mark-packet chain=postrouting connection-mark=DNS disabled=yes new-packet-mark=DNS \
            passthrough=no
        add action=mark-connection chain=prerouting comment=QUIC connection-state=new disabled=yes \
            new-connection-mark=QUIC passthrough=yes port=80,443 protocol=udp
        add action=mark-packet chain=prerouting connection-mark=QUIC disabled=yes new-packet-mark=QUIC 
            passthrough=no
        add action=mark-connection chain=prerouting comment=ICMP connection-state=new disabled=yes \
            new-connection-mark=ICMP passthrough=yes protocol=icmp
        add action=mark-packet chain=prerouting connection-mark=ICMP disabled=yes new-packet-mark=ICMP 
            passthrough=no
        add action=mark-connection chain=postrouting connection-state=new disabled=yes new-connection-m
            ICMP passthrough=yes protocol=icmp
        add action=mark-packet chain=postrouting connection-mark=ICMP disabled=yes new-packet-mark=ICMP
            passthrough=no
        add action=mark-packet chain=postrouting comment=ACK disabled=yes new-packet-mark=ACK packet-si
            0-123 passthrough=no protocol=tcp tcp-flags=ack
        add action=mark-packet chain=prerouting disabled=yes new-packet-mark=ACK packet-size=0-123 \
            passthrough=no protocol=tcp tcp-flags=ack
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11278
Joined: Mon Dec 04, 2017 9:19 pm

Re: Currently using Mangle rules for DUAL WAN setup. Now I want to add some QOS. Is it possible to integrate the QOS man

Mon May 25, 2020 12:59 pm

Rule order does matter. Whether you set passthrough to yes or no does matter. You can only assign a single connection-mark to a connection at a time - the last assigned one replaces any previous ones. So you have to use composite connection marks, each expressing both the routing policy to be used and the packet-mark to be assigned.
 
TDJ211
just joined
Posts: 7
Joined: Mon Jul 01, 2019 2:30 am

Re: Currently using Mangle rules for DUAL WAN setup. Now I want to add some QOS. Is it possible to integrate the QOS man

Mon May 25, 2020 4:05 pm

Ahh ok gotcha! Thanks for the clarification.
 
TDJ211
just joined
Posts: 7
Joined: Mon Jul 01, 2019 2:30 am

Re: Currently using Mangle rules for DUAL WAN setup. Now I want to add some QOS. Is it possible to integrate the QOS man

Mon May 25, 2020 4:19 pm

Actually, im a bit confused.

If I understand correctly, this would make things quite complex.

I believe that would mean I would have to QOS and route by protocol.

Would you mind giving an example?