Page 1 of 1

SFQ Implementation

Posted: Fri Jul 23, 2004 7:00 pm
by GJS
I have the following simple queues set up:

[admin@mt] queue simple> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="LAPTOP 2" target-address=192.168.0.103/32 dst-address=0.0.0.0/0
interface=all queue=red priority=8 limit-at=0/0 max-limit=128000/512000

1 name="LAPTOP 1" target-address=192.168.0.102/32 dst-address=0.0.0.0/0
interface=all queue=pfifo priority=8 limit-at=0/0 max-limit=128000/512000

2 name="All" target-address=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all
queue=pfifo priority=8 limit-at=0/0 max-limit=100/100

3 name="Public Traffic Mon" target-address=0.0.0.0/0 dst-address=0.0.0.0/0
interface=all queue=pfifo priority=8 limit-at=0/0 max-limit=0/0

4 name="queue1" target-address=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all
queue=sfq priority=8 limit-at=0/0 max-limit=0/0

The first two queues seem to work fine to limit bandwidth to the two clients, though as you will see I have set queue 0 to be RED type. This seems to restrict traffic slightly more than pfifo type. Why is this and what is the correct queue type in this scenario? The third queue (2) is to throttle all traffic from other address in the 192.168.0.0/24 network which seems to work fine. The fourth queue is just to monitor the total traffic on the public interface and seems to work fine also. I have added the fifth queue (4) as I would like to implement sfq for all traffic from and to the clients as I imagine the upstream from public (to the Internet) will get busy at times. However, this queue appears to do nothing at the bottom of the table and if moved to the top of the table allows all traffic to pass unrestricted.

What I am doing wrong? What is the correct way to implement sfq for all traffic passing to and from an interface?

Thanks,
Guy

Posted: Fri Jul 23, 2004 7:12 pm
by Eugene
1) For information on different types of simple queues refer to:
http://www.mikrotik.com/docs/ros/2.8/ro ... main.1.4.1
2) How does the definition for queue sfq look like in /queue type?

Posted: Fri Jul 23, 2004 7:46 pm
by GJS
Eugene,

I have read the bandwidth control section of the manual many times as well as many other documents on linux classless queue types.

This is the "queue type>print" output for queue type sfq:

7 name="sfq" kind=sfq bfifo-limit=15000 pfifo-limit=10 red-limit=60 red-min-threshold=10 red-max-threshold=50
red-burst=20 sfq-perturb=5 sfq-allot=1514 pcq-rate=0 pcq-limit=50 pcq-classifier=""

Thanks,
Guy

Posted: Fri Jul 23, 2004 8:06 pm
by Eugene
1) If you have available cpu and memory resources (in this case you surely have them), RED performs better then pfifo.
2) No packet can enter two simple queues at a time. If the packet is catched by one queue, than it will escape from all others. Therefore your third queue will 'shade' forthcoming ones.

Posted: Sat Jul 24, 2004 1:14 am
by GJS
1) In what way does RED perform better than pfifo; more accurate?
2) When LAPTOP2 is downloading, both queue 0 and queue 3 report passing traffic. How come queue 0 does not "shade" queue 3?

Thanks for your help.
Guy

Posted: Sat Jul 24, 2004 2:49 am
by lastguru
1. There are no better or worse queue types - they are just different. Classless queues (schedulers) which by nature do not limit data rate (FIFO, SFQ, RED, but not PCQ) can not be more or less accurate as there is no way they can be accurate at all. The only comparison that can be made is in what measure they are effective in some particular cases. For example, RED is good for TCP as TCP can adapt to packet losts and decrease traffic speed before the actual limit is met, so the channel would be used more effectively. But the same RED algorithm is not so good for UDP or ICMP as for them packet loss is a packet loss - for such a traffic maybe SFQ or FIFO is better. Also note that there is no difference between PFIFO and BFIFO except the measurement units they use to limit their wait buffer (queue).

2. That is normal as simple queues are put in two places simultaneously - in global-in (direct queue) and in global-out (reverse queue). I think, I've mentioned this effect in the forum some weeks ago - please do search. Anyway, having queue #0 match src-address=192.168.0.103/32 in global-in and queue #3 match everything in global-out, makes a good explanation for the observed effect. But having two entries matching the same thing in the same place, only the first one of them will actually work.

Posted: Tue Jul 27, 2004 1:42 am
by GJS
Thanks for you reply, lastguru. To ask my original question another way, when I set the two clients to the same bandwidth for download, each of which is equal to the total available upstream bandwidth, laptop2 always dominates i.e. upstream bandwidth available is 1024kbs, both clients set to download max-limit of 1024kbs, when both downloading laptop1 gets approximately 250kbs and laptop2 gets approx 750kbs.

I want to give both clients an equal slice of the avaliable bandwidth i.e. approx 512kbs each when they are both downloading. This seems to be the bevaviour of an sfq queue, but what queues do I actually need to set up on the Mikrotik?

Thanks,
Guy

Posted: Tue Jul 27, 2004 2:40 pm
by Dave
try to set for both (rule 0 and 1):

set 0,1 limit-at=0/512000 max-limit=0/1024000 interface=local_interface queue=sfq
disable 2,3,4

this will limit download only. it should work like this - when both are downloading, they receive 512kbps, but if one is idle, the other one can go up to 1024kbps.

Posted: Tue Jul 27, 2004 6:16 pm
by GJS
Thanks for your reply, Dave. I will try this later today but I'm sure it will work. However, this is OK with just two clients (as I have now, this is only a test setup) but what if I have say, 50 clients and the number is changing all the time? Each time I add or remove a client I have to reset the limit-at value to bandwidth/number-clients for all clients. Of course, this becomes much more complex if each client's speed setting is different e.g. 10 clients at 512kbs, 20 clients at 768kbs 20 clients at 1024kbs. Is this the only way?

Thanks,
Guy

Posted: Wed Jul 28, 2004 2:11 am
by GJS
OK, tried your suggestion, Dave, but the results are unchanged:

[admin@pad001X] queue simple> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="LAPTOP 1" target-address=192.168.0.102/32 dst-address=0.0.0.0/0 interface=all queue=sfq priority=8
limit-at=128000/512000 max-limit=128000/1024000

1 name="LAPTOP 2" target-address=192.168.0.103/32 dst-address=0.0.0.0/0 interface=all queue=sfq priority=8
limit-at=128000/512000 max-limit=128000/1024000

2 X name="All" target-address=192.168.0.0/24 dst-address=0.0.0.0/0 interface=all queue=sfq priority=8
limit-at=0/0 max-limit=100/100

3 X name="Public Traffic Mon" target-address=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all queue=sfq priority=8
limit-at=0/0 max-limit=0/0
[admin@pad001X] queue simple>

laptop2 gets about 750 while laptop1 gets about 250. What could be happening here?

Thanks,
Guy

Posted: Thu Jul 29, 2004 8:53 am
by Eugene
In this case it is better to use queue tree, e.g.:
[admin@ID] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 0   src-address=1.1.1.2/32 action=accept mark-flow=test2

 1   src-address=1.1.1.3/32 action=accept mark-flow=test3

[admin@ID] ip firewall mangle> /queue tree print
Flags: X - disabled, I - invalid, D - dynamic
 0    name="queue1" parent=global-out flow=test1 limit-at=0 queue=default
      priority=8 max-limit=1024000 burst-limit=0 burst-threshold=0
      burst-time=0

 1    name="queue2" parent=queue1 flow=test2 limit-at=512000 queue=default
      priority=8 max-limit=1024000 burst-limit=0 burst-threshold=0
      burst-time=0

 2    name="queue3" parent=queue1 flow=test3 limit-at=512000 queue=default
      priority=8 max-limit=1024000 burst-limit=0 burst-threshold=0
      burst-time=0
[admin@ID] ip firewall mangle>

Posted: Thu Jul 29, 2004 11:09 pm
by GJS
Eugene,

I have tried your suggestion like this:

[admin@pad001X] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-mac-address=00:04:25:9E:00:81 action=passthrough mark-connection=CN02_conn

1 connection=CN02_conn action=accept mark-flow=CN02

2 src-mac-address=00:02:2D:A4:E0:21 action=passthrough mark-connection=CN01_conn

3 connection=CN01_conn action=accept mark-flow=CN01
[admin@pad001X] ip firewall mangle>

[admin@pad001X] queue tree> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="CN02 Upload" parent=Master Upload flow=CN02 limit-at=0 queue=default priority=8 max-limit=128000
burst-limit=0 burst-threshold=0 burst-time=0

1 name="CN02 Download" parent=Master Download flow=CN02 limit-at=0 queue=default priority=8 max-limit=1024000
burst-limit=0 burst-threshold=0 burst-time=0

2 name="Master Upload" parent=public flow="" limit-at=0 queue=default priority=8 max-limit=128000 burst-limit=0
burst-threshold=0 burst-time=0

3 name="Master Download" parent=private flow="" limit-at=0 queue=default priority=8 max-limit=1024000
burst-limit=0 burst-threshold=0 burst-time=0

4 name="CN01 Download" parent=Master Download flow=CN01 limit-at=0 queue=default priority=8 max-limit=1024000
burst-limit=0 burst-threshold=0 burst-time=0

5 name="CN01 Upload" parent=Master Upload flow=CN01 limit-at=0 queue=default priority=8 max-limit=128000
burst-limit=0 burst-threshold=0 burst-time=0
[admin@pad001X] queue tree>

There is no change, CN02 gets about 750kbs, CN01 gets about 250kbs. Any ideas why this is not working?

Thanks,
Guy

Posted: Fri Jul 30, 2004 2:17 am
by lastguru
1. How do you measure the actual speeds? And how long is the test going?

2. How do the downloads from laptop1 and laptop2 differ?

3. There is an undefined behavour of such a setup in short term. In long run with random traffic, it will eventually equalize user sessions, but there is no express guarantees on that. That is especially true if you are using long buffers (try reducing queue buffer) or different queues on different clients (pfifo may be more agressive than red). That is why PCQ was made - try that on all your customers at once (not one PCQ for each client, but one for all of them)

Posted: Fri Jul 30, 2004 2:38 am
by GJS
1. I am using this http://www.giganews.com/comps/test_connect.mhtml and this http://www.adslguide.org/tools/speedtest.asp to execute download and upload then looking at the statistics for the queues in winbox to see what transfer speed is actually occuring.

2. I am usually doing the same downloads but even if I download from two different websites the results are very similar.

3. So, I would have a parent PCQ queue set to the maximum upstream bandwidth available then child queues of default type to limit speed for each particular client? I have tried this and there is no change.

I am thinking that I am doing something fundamentally wrong. I am particularly puzzled by the section in the manual which says that sfq cannot limit data rate at all, but I am doing it so I'm obviously not fully understanding what is going on. Could you post an example of using PCQ to equalize the speed to each client?

Thanks for all your help.
Guy

Posted: Fri Jul 30, 2004 10:34 am
by Dave
/queue simple add target-address=192.168.0.102/31 interface=local limit-at=0/512000 max-limit=0/1024000
:lol:

Posted: Fri Jul 30, 2004 10:57 am
by Dave
Right, SFQ, xFIFO, RED does not limit traffic at all, but HTB does!

Posted: Fri Jul 30, 2004 11:00 am
by Dave
PCQ example:

1. mangle packets destined to your network:
/ip firewall mangle add dst-address=Your_Network mark-flow=download
2. mangle packets coming out of your network:
/ip firewall mangle add src-address=Your_Network mark-flow=upload
3. create 2 new PCQ queue types:
/queue type add name="download-queue" kind=pcq pcq-classifier=dst-address
pcq-rate=Download_rate_for_each_client
/queue type add name="upload-queue" kind=pcq pcq-classifier=src-address
pcq-rate=Upload_rate_for_each_client
4. add queues:
/queue tree add parent=Local_Interface queue=download-queue flow=download
/queue tree add parent=Public_Interface queue=upload-queue flow=upload

but it is not possible to set MIR here, the pcq-rate is the max rate available and that's it!

Posted: Fri Jul 30, 2004 11:38 am
by lastguru
For the given task it would be better to change this example like this:
3. do not include pcq-rade in both entries (i.e., pcq-rate would be "0")
4. use max-limit here with the values of maximal total download and upload