Page 1 of 1
QoS nat limiting with pcq and QT
Posted: Thu Mar 17, 2011 4:17 pm
by xins
Hi all,
im strugling for quite some time witch PCQ and QT.
i have specific plan and i can't figure this one by my self...
i have a core router with one bridge and one wan (NATted) and now im trying to do as Megis shown us in US 2009 MUM.
on bridge i have pppoe server.
i want to limit upload and download with pcq and qt using mangle and addres list. i know that i cant use wan interface as a parent (because of NATting) and should use some of global-out/in but after a lot of configuratins im losing hope. can any one just show me 4 mangle rules for upload and download (with interfaces out/in ) and QT to work this out?
when you dont use nat is easy to cut speed...
Please Help
I'm using ROS 5.rc11
if any more explanation is needed i will provide if someone will ask.
Re: QoS last battle
Posted: Fri Mar 18, 2011 2:53 pm
by xins
Ok i was staring at this hole night...
and from page 10:
Global-Out or Interface HTB?
There are two fundamental differences
In case of SRC-NAT (masquerade) Global-Out
will be aware of private client addresses, but
Interface HTB will not – Interface HTB is after
SRC-NAT
Each Interface HTB only receives traffic that will
be leaving through a particular interface – there
is no need for to separate upload and download
in mangle
is that mean when i use SRC-NAT i cant use interface HTB and should use Global-Out. And another thing i have to make mangle rules separatly for upload and download with selected out interface?(wan for upload_mangle & bridge for download_mangle)?
any confirmation or additional explanation?
and can i after that add priority based on traffic type?
Re: QoS last battle
Posted: Fri Mar 18, 2011 3:23 pm
by xins
ok aftere some testing i mange to mangle corectly upload traffic:
Uploaded with
ImageShack.us
and here is the conf for QT:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=upload parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2M_up packet-mark=2m_up_packet parent=upload priority=8 \
queue=2M_up
and for mangle:
add action=mark-connection chain=forward disabled=no new-connection-mark=\
2m_up_conn out-interface=ether9 passthrough=yes src-address-list=2mbit
add action=mark-packet chain=forward connection-mark=2m_up_conn disabled=no \
new-packet-mark=2m_up_packet out-interface=ether9 passthrough=no
ether9 is my wan (in my test lab)
still trying to corectly mangle download any hints?
Re: QoS nat limiting with pcq and QT
Posted: Sun Mar 20, 2011 8:55 pm
by xins
i see evryone on this forums is very helpful... so after next days i figure this out
and im still share this with u people.
AND dont say that nobody have NATED networks?
MANGLE:
/ip firewall mangle
add action=mark-connection chain=forward disabled=no new-connection-mark=\
2m_up_conn out-interface=ether9 passthrough=yes src-address-list=2mbit
add action=mark-packet chain=forward connection-mark=2m_up_conn disabled=no \
new-packet-mark=2m_up_packet out-interface=ether9 passthrough=no
add action=mark-connection chain=forward disabled=no dst-address-list=2mbit \
in-interface=ether9 new-connection-mark=2m_down_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=2m_down_conn disabled=no \
new-packet-mark=2m_down_pack passthrough=no
add action=mark-connection chain=forward disabled=no new-connection-mark=\
1m_up_conn out-interface=ether9 passthrough=yes src-address-list=1mbit
add action=mark-packet chain=forward connection-mark=1m_up_conn disabled=no \
new-packet-mark=1m_up_packet out-interface=ether9 passthrough=no
add action=mark-connection chain=forward disabled=no dst-address-list=1mbit \
in-interface=ether9 new-connection-mark=1m_down_conn passthrough=yes
add action=mark-packet chain=forward connection-mark=1m_down_conn disabled=no \
new-packet-mark=1m_down_pack passthrough=no
QT:
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=upload parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2M_up packet-mark=2m_up_packet parent=upload priority=8 \
queue=2M_up
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=5M name=download parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=2m_down packet-mark=2m_down_pack parent=download priority=\
8 queue=2M-down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=1M_down packet-mark=1m_down_pack parent=download priority=\
8 queue=1M_down
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=0 name=1M_up packet-mark=1m_up_packet parent=upload priority=8 \
queue=1M_up
queue type:
add kind=pcq name=2M_up pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=2M-down pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2M pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=1M_down pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=1M_up pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=\
10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=1M pcq-src-address-mask=32 \
pcq-src-address6-mask=64 pcq-total-limit=2000
You must remember that upload mangle rules must bu higher then download mangle for the same adress list.
NOW i will try add QoS based on type of traffic to this...
ENJOY
Re: QoS nat limiting with pcq and QT
Posted: Thu Mar 31, 2011 9:29 pm
by ZoemDoef
xins
I agree, i have searched the forum and could not find much else on the topic you raise here. I am also very interrested to get the forums suggestions and opinions on this.
Re: QoS nat limiting with pcq and QT
Posted: Sat May 07, 2011 10:27 pm
by boardman
Nice
Thanks
Finally a real PCQ Example - Upload and Download
Posted: Sun Jun 26, 2011 6:54 am
by Twas
XINS,
You are the very first to ever show both the upload and download side of managing PCQ. I don't really care what others say because I have tried to figure this out for two years. I have even went so far as to pay a Mikrotik Certified and recommended by MT tech just to be told this can't be done correctly. I could always get either the upload or the download to work, but never both correctly balanced.
So, the rest of these supposedly MT techs including MT themselves have never shown what you have shown here. Yes they answer questions leaving the end user with more questions. They rarely offer solid information. Hats off to a job well done and thank you for your hours of work.
If you ever implement QOS with this model I will be happy to pay you for an outline. Janis Megis seems to know what he is talking about, but you should have gave the course on "Basic PCQ", not him.
Your method works and that is what counts. MT should always follow your way of doing things in their courses, rather than giving outlines with few solutions that are open ended with no definition.
Thanks
Re: QoS nat limiting with pcq and QT
Posted: Sun Jun 26, 2011 7:30 am
by fewi
I find it easier to just use different chains and interface directions. To me it Is also easier and cheaper on the CPU to just mark packets if queues are the only purpose of marking, and you have few qualifiers. I use this on NAT routers, and speeds are correctly shaped both ways. Technically you could consider it wasteful to let packets get to postrouting before shaping but it's easy to troubleshoot and configure to me.
In the below example silver is a class for 1m down and 512k up, based on address lists. Gold is 2m/1m. All classes are limited to 10-11m total.
/ip firewall mangle
add chain=postrouting out-interface=LAN dst-address-list=silver action=mark-packet new-packet-mark=silver-down passthrough=no
add chain=postrouting out-interface=LAN dst-address-list=gold action=mark-packet new-packet-mark=gold-down passthrough=no
add chain=prerouting in-interface=LAN src-address-list=silver action=mark-packet new-packet-mark=silver-up passthrough=no
add chain=prerouting in-interface=LAN src-address-list=gold action=mark-packet new-packet-mark=gold-up passthrough=no
/queue type add kind=pcq name="silver-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="512000" pcq-total-limit="204800";
/queue type add kind=pcq name="silver-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="2000000" pcq-total-limit="204800";
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-up" packet-mark="silver-up" parent="global-in" queue="silver-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-down" packet-mark="silver-down" parent="global-out" queue="silver-down"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-up" packet-mark="gold-up" parent="global-in" queue="gold-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-down" packet-mark="gold-down" parent="global-out" queue="gold-down"
This is not to take away from the post, just an alternative way of achieving the same thing.
Re: QoS nat limiting with pcq and QT
Posted: Sun Jun 26, 2011 8:38 pm
by boardman
I find it easier to just use different chains and interface directions. To me it Is also easier and cheaper on the CPU to just mark packets if queues are the only purpose of marking, and you have few qualifiers. I use this on NAT routers, and speeds are correctly shaped both ways. Technically you could consider it wasteful to let packets get to postrouting before shaping but it's easy to troubleshoot and configure to me.
In the below example silver is a class for 1m down and 512k up, based on address lists. Gold is 2m/1m. All classes are limited to 10-11m total.
/ip firewall mangle
add chain=postrouting out-interface=LAN dst-address-list=silver action=mark-packet new-packet-mark=silver-down passthrough=no
add chain=postrouting out-interface=LAN dst-address-list=gold action=mark-packet new-packet-mark=gold-down passthrough=no
add chain=prerouting in-interface=LAN src-address-list=silver action=mark-packet new-packet-mark=silver-up passthrough=no
add chain=prerouting in-interface=LAN src-address-list=gold action=mark-packet new-packet-mark=gold-up passthrough=no
/queue type add kind=pcq name="silver-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="512000" pcq-total-limit="204800";
/queue type add kind=pcq name="silver-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-up" pcq-classifier=src-address pcq-limit=50 pcq-rate="1000000" pcq-total-limit="204800";
/queue type add kind=pcq name="gold-down" pcq-classifier=dst-address pcq-limit=50 pcq-rate="2000000" pcq-total-limit="204800";
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-up" packet-mark="silver-up" parent="global-in" queue="silver-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="silver-down" packet-mark="silver-down" parent="global-out" queue="silver-down"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-up" packet-mark="gold-up" parent="global-in" queue="gold-up"
/queue tree add limit-at="10000000" max-limit="11000000" name="gold-down" packet-mark="gold-down" parent="global-out" queue="gold-down"
This is not to take away from the post, just an alternative way of achieving the same thing.
Hi fewi, nice share,
How do you get to / calculate this values : pcq-total-limit="204800"; ?
Regards
J. Boardman
Re: QoS nat limiting with pcq and QT
Posted: Sun Jun 26, 2011 9:21 pm
by fewi
pcq-limit is the number of packets that can be queued per sub stream (so in this case per user). pcq-total-limit should be set to pcq-limit multiplied by the number of concurrent users. 204800 would be good for 4096 users. Which I guess doesn't make much sense with a total limit of 10 megs, should have edited that down to a lower number.
Re: QoS nat limiting with pcq and QT
Posted: Tue Jun 28, 2011 4:53 pm
by CCDKP
I take vacation for a week and this is what I miss!
It looks like you pretty much have it by now, but for the sake of adding another example, I did PCQ with NAT on my P2P blocking script:
http://forum.mikrotik.com/viewtopic.php ... 83#p249583