i think its matter of time.I too would be quite interested in this.
I use queue trees for this(without SFQ as it slows down things for me).Hi,
I know, this is an old thread, but I have a question to the last thread posted by normis.
@normis,
you said, instead of using fq_codel, you can use SFQ and this also works quite well.
I was looking for some HowTo this, but unfortunately, I did not find anything about SFQ and reducing bufferbloat.
Can you give me some advices or maybe a short HowTo?
My bandwidth is 30/6 Down/Up Mbit.
With a full upload (about 5,8Mbit), my ping times rise from normal 6ms to my ISP nameserver to 250-900ms.
Regards,
Florian
Hi,I attached full export of /ip/firewall/mangle and /queue
I can clean up that mess a bit if you need just for one interface.
Yeah, that's true. I have 6 links from 3 ISPs right now.I looked into your config and I have to say, that you have a lot of WAN interfaces!
It's because I limit both incoming and outgoing traffic for each external interface.The next thing, I don't understand is that you have in queue config, different parent interface for ethX-IN and ethx-OUT.
I have 100Mbit on both interfaces but limit to 95 to avoid delays inside ISP limiting queues(which varies from 20 to 300ms).Do you have 100Mbit Up/Downlink? If yes, why do you use only 95Mbit for rate limit?
Sure, I will do it today or tonight.It would be great, if you can shrink down your config to only one WAN interface.
/queue tree
add limit-at=1 max-limit=95M name=ETH1-IN parent=bonding1 queue=RED16
add limit-at=1 max-limit=95M name=ETH1-OUT parent=ether1 queue=RED16
add name=ETH1-IN-1 parent=ETH1-IN priority=1 queue=PFIFO_8
add name=ETH1-IN-4 parent=ETH1-IN priority=4 queue=PFIFO_8
add name=ETH1-IN-8 parent=ETH1-IN queue=PFIFO_8
add name=ETH1-IN_BT packet-mark=wan0_bt_in parent=ETH1-IN-8 queue=RED16
add name=ETH1-OUT-1 parent=ETH1-OUT priority=1 queue=PFIFO_8
add name=ETH1-OUT-4 parent=ETH1-OUT priority=4 queue=PFIFO_8
add name=ETH1-OUT-8 parent=ETH1-OUT queue=PFIFO_8
add name=ETH1-OUT_DNS packet-mark=wan0_dns parent=ETH1-OUT-1 queue=PFIFO_32
add name=ETH1-OUT_ICMP packet-mark=wan0_icmp parent=ETH1-OUT-1 priority=4 queue=PFIFO_8
add name=ETH1-OUT_HTTP packet-mark=wan0_http parent=ETH1-OUT-4 priority=4 queue=PFIFO_32
add name=ETH1-OUT_SSH packet-mark=wan0_ssh parent=ETH1-OUT-4 priority=1 queue=PFIFO_8
add name=ETH1-OUT_SSL packet-mark=wan0_ssl parent=ETH1-OUT-4 priority=3 queue=PFIFO_32
add name=ETH1-OUT_BT packet-mark=wan0_bt parent=ETH1-OUT-8 queue=RED16
add name=ETH1-OUT_SSL_B packet-mark=wan0_ssl_b parent=ETH1-OUT-4 priority=6 queue=RED16
add name=ETH1-IN-4-1 parent=ETH1-IN-4 priority=1 queue=PFIFO_8
add name=ETH1-IN-4-8 parent=ETH1-IN-4 queue=PFIFO_8
add name=ETH1-IN-2 parent=ETH1-IN priority=2 queue=PFIFO_8
add name=ETH1-OUT_OTHER packet-mark=wan0p_out parent=ETH1-OUT-8 queue=RED16
add name=ETH1-OUT_ACK packet-mark=ack_wan0 parent=ETH1-OUT-1 priority=1 queue=RED16
add name=ETH1-IN_OTHER packet-mark=wan0p_in parent=ETH1-IN-8 priority=4 queue=RED16
add name=ETH1-IN_ACK packet-mark=wan0_ack_in parent=ETH1-IN-1 priority=1 queue=RED16
add name=ETH1-IN_ICMP packet-mark=wan0_icmp_in parent=ETH1-IN-2 priority=4 queue=PFIFO_8
add name=ETH1-IN_DNS packet-mark=wan0_dns_in parent=ETH1-IN-2 queue=PFIFO_32
add name=ETH1-IN_HTTP packet-mark=wan0_http_in parent=ETH1-IN-4-1 priority=4 queue=PFIFO_32
add name=ETH1-IN_SSH packet-mark=wan0_ssh_in parent=ETH1-IN-4-1 priority=1 queue=PFIFO_8
add name=ETH1-IN_SSL packet-mark=wan0_ssl_in parent=ETH1-IN-4-1 priority=3 queue=RED16
add name=ETH1-IN_SSL_B packet-mark=wan0_ssl_in_b parent=ETH1-IN-4-8 priority= 3 queue=RED16
/ip firewall mangle
add action=set-priority chain=prerouting new-priority=from-dscp
add action=set-priority chain=prerouting new-priority=from-ingress
add action=mark-connection chain=prerouting connection-state=new dst-address-list=LAN new-connection-mark=LOCAL src-address-list=LAN
add action=fasttrack-connection chain=prerouting connection-mark=LOCAL
add action=jump chain=input connection-state=new in-interface=!bonding1 jump-target=mark_in_only
add action=mark-connection chain=mark_in_only in-interface=ether1 new-connection-mark=wan0
add action=return chain=mark_in_only
add action=jump chain=prerouting connection-mark=no-mark connection-state=new in-interface=!bonding1 jump-target=mark_conn_input
add action=mark-connection chain=mark_conn_input connection-mark=no-mark in-interface=ether1 new-connection-mark=wan0
add action=return chain=mark_conn_input
add action=jump chain=prerouting comment="Jump to prerouting connection marks (PCC)" connection-mark=no-mark connection-state=new dst-address-list=!LAN in-interface=bonding1 jump-target=mark_prerouting_internal
add action=mark-connection chain=mark_prerouting_internal comment=wan0 new-connection-mark=wan0 nth=6,1
add action=return chain=mark_prerouting_internal
add action=jump chain=prerouting comment="Jump to prerouting connection marks (PCC)" connection-mark=no-mark connection-state=new in-interface=bonding1 jump-target=mark_prerouting_internal
add action=jump chain=prerouting comment="Jump to prerouting connection marks (PCC)" connection-mark=no-mark connection-state=new in-interface=bonding1 jump-target=mark_prerouting_internal
add action=jump chain=prerouting comment="Jump to force_marks" connection-mark=no-mark connection-state=new dst-address-list=!LAN in-interface=bonding1 jump-target=mark_prerouting_internal_f
add action=jump chain=output connection-state=new jump-target=mark_out out-interface=!bonding1
add action=mark-connection chain=mark_out new-connection-mark=wan0 out-interface=ether1
add action=return chain=mark_out
add action=jump chain=prerouting comment="Jump to mark routing prerouting" connection-mark=!no-mark in-interface=bonding1 jump-target=mark_routing_prerouting
add action=mark-routing chain=mark_routing_prerouting connection-mark=wan0 new-routing-mark=wan0
add action=return chain=mark_routing_prerouting
add action=jump chain=prerouting comment="Marking incomming packets" jump-target=mark_prerouting
add action=mark-packet chain=mark_prerouting in-interface=ether1 new-packet-mark=wan0p_in
add action=mark-packet chain=mark_prerouting in-interface=bonding1 new-packet-mark=bonding_in
add action=return chain=mark_prerouting
add action=jump chain=forward comment="Marking WAN output packets" jump-target=mark_wan out-interface=!bonding1
add action=mark-packet chain=mark_wan new-packet-mark=wan0p_out out-interface=ether1
add action=return chain=mark_wan
add action=jump chain=forward in-interface=ether1 jump-target=wan0_proto_in out-interface=!ether1
add action=jump chain=forward in-interface=!ether1 jump-target=wan0_proto out-interface=ether1
add action=mark-packet chain=wan0_proto dst-limit=400,100,addresses-and-dst-port/10ms layer7-protocol=http new-packet-mark=wan0_http
add action=mark-packet chain=wan0_proto dst-limit=800,200,addresses-and-dst-port/10ms layer7-protocol=http new-packet-mark=wan0_http_b packet-mark=wan0p_out
add action=mark-packet chain=wan0_proto new-packet-mark=wan0_icmp protocol=icmp
add action=mark-packet chain=wan0_proto layer7-protocol=bittorrent new-packet-mark=wan0_bt
add action=mark-packet chain=wan0_proto layer7-protocol="5TP" new-packet-mark=wan0_bt
add action=mark-packet chain=wan0_proto new-packet-mark=wan0_bt p2p=bit-torrent
add action=mark-packet chain=wan0_proto new-packet-mark=wan0_bt protocol=tcp src-address=192.168.4.64 src-port=16508
add action=mark-packet chain=wan0_proto new-packet-mark=wan0_bt protocol=udp src-address=192.168.4.64 src-port=16508
add action=mark-packet chain=wan0_proto dst-limit=800,200,addresses-and-dst-port/10ms layer7-protocol=ssl new-packet-mark=wan0_ssl packet-mark=wan0p_out
add action=mark-packet chain=wan0_proto layer7-protocol=ssl new-packet-mark=wan0_ssl_b packet-mark=wan0p_out
add action=mark-packet chain=wan0_proto layer7-protocol=ssh new-packet-mark=wan0_ssh packet-mark=wan0p_out
add action=mark-packet chain=wan0_proto dst-limit=800,200,addresses-and-dst-port/10ms layer7-protocol=ssh new-packet-mark=wan0_ssh_b packet-mark=wan0p_out
add action=mark-packet chain=wan0_proto layer7-protocol=dns new-packet-mark=wan0_dns
add action=return chain=wan0_proto
add action=mark-packet chain=wan0_proto_in dst-limit=400,100,addresses-and-dst-port/10ms layer7-protocol=http new-packet-mark=wan0_http_in packet-mark=wan0p_in
add action=mark-packet chain=wan0_proto_in layer7-protocol=http new-packet-mark=wan0_http_in_b packet-mark=wan0p_in
add action=mark-packet chain=wan0_proto_in new-packet-mark=wan0_icmp_in protocol=icmp
add action=mark-packet chain=wan0_proto_in layer7-protocol=bittorrent new-packet-mark=wan0_bt_in
add action=mark-packet chain=wan0_proto_in layer7-protocol="5TP" new-packet-mark=wan0_bt_in
add action=mark-packet chain=wan0_proto_in new-packet-mark=wan0_bt_in p2p=bit-torrent
add action=mark-packet chain=wan0_proto_in dst-address=192.168.4.64 dst-port=16508 new-packet-mark=wan0_bt_in protocol=tcp
add action=mark-packet chain=wan0_proto_in dst-address=192.168.4.64 dst-address-list=local_ips dst-port=16508 new-packet-mark=wan0_bt_in protocol=udp
add action=mark-packet chain=wan0_proto_in dst-limit=200,100,addresses-and-dst-port/100ms layer7-protocol=ssl new-packet-mark=wan0_ssl_in packet-mark=wan0p_in
add action=mark-packet chain=wan0_proto_in layer7-protocol=ssl new-packet-mark=wan0_ssl_in_b packet-mark=wan0p_in
add action=mark-packet chain=wan0_proto_in layer7-protocol=ssh new-packet-mark=wan0_ssh_in
add action=mark-packet chain=wan0_proto_in layer7-protocol=dns new-packet-mark=wan0_dns_in
add action=return chain=wan0_proto_in
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=fin,rst,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=fin,syn,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=syn
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=rst
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=rst,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=fin,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=syn,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=0-128 protocol=tcp tcp-flags=fin,ack
add action=jump chain=forward jump-target=mark_ack_wan out-interface=!bonding1 packet-size=129-809 protocol=tcp tcp-flags=ack
add action=mark-packet chain=mark_ack_wan connection-mark=wan0 new-packet-mark=ack_wan0 out-interface=ether1
add action=return chain=mark_ack_wan
add action=jump chain=prerouting in-interface=!bonding1 jump-target=mark_ack_in_wan packet-size=0-128 protocol=tcp tcp-flags=ack
add action=mark-packet chain=mark_ack_in_wan connection-mark=wan0 in-interface=ether1 new-packet-mark=wan0_ack_in
add action=return chain=mark_ack_in_wan
add action=change-dscp chain=postrouting comment="Setting DSCP for the switch" new-dscp=38 out-interface=bonding1
add action=change-dscp chain=postrouting new-dscp=46 out-interface=bonding1 packet-size=0-128 protocol=tcp tcp-flags=ack
add action=change-dscp chain=forward comment="Setting DSCP for the ISP" new-dscp=38 out-interface=!bonding1
add action=change-dscp chain=forward new-dscp=46 packet-mark=ack_wan0
which imply - Newer Linux kernel to Properly support it with real benefits(few/incomplete "back-porting" attempts - bring only fractions of benefits from), which imply it can be only in Router OS 7.x versions, since MT developers state that such major updates to tool-chain and ROS itself - mean major version change.Just putting my vote in for this. CoDel would be a very welcome addition to the QoS options in RouterOS.
well newer kernels had serious benefits even w/o fq_codel in terms of countering/perventing bloatbuffering.I've been reading up on AQM and managing buffer sizes and was a bit disappointed to only see RED available on my MT devices. Would love to see fq_codel / RRED available in future ROS versions as buffer bloat is a huge problem among residential users.
Maybe another year or two(or more, who knows?) and we will get it.Any news on codel? Everybody else has it, only we are stuck in the past
Come on man, throw us a bone. Ubiquiti has it in their firewalls, I'm trying hard to not use theirs but you're not making it easy. SFQ is better than some even older more abusive options but is still deprecated since FQCodel offers a fair superior experience. https://www.bufferbloat.net/projects/co ... s_Gallery/thanks for the suggestion, we are looking into it for v7. currently you can use SFQ, whh is also very good
I don't think they can implement it until the new kernel version, which only arrives in v7. Harping at them to try to get it sooner will not help.Come on man, throw us a bone. Ubiquiti has it in their firewalls, I'm trying hard to not use theirs but you're not making it easy. SFQ is better than some even older more abusive options but is still deprecated since FQCodel offers a fair superior experience. https://www.bufferbloat.net/projects/co ... s_Gallery/
Not quite as good as codel but use an sfq until it gets implemented. Just make sure you set the limits a few kB below what your service can do to ensure the router controls the packet flow.Just signed up to the forums to say... I really want this feature too.
At this rate I'm going to have to buy an Ubiquiti EdgeRouter X to replace my hEX...
no, it's notIs fq_codel implemented in MikroTik RouterOS?
Four years later and we are still waiting for the magic unicorn v7...thanks for the suggestion, we are looking into it for v7. currently you can use SFQ, which is also very good
Untangle is a very good option for a polished off the shelf.I haven't found a suitable solution in other products either. The Ubiquiti solutions don't have enough throughput and have other problems. I don't IF/WHEN Mikrotik will ever get around to this, been waiting for a long time.. so I decided to bypass Mikrotik on this topic and built a Linux VM, passed two NICs to it directly on ESXi, bridged them in the OS and implemented the newest Cake code into that kernel (Cake is a newer, better version of fq_codel) .. I then simply plugged in said VM between my CCR1016 and the LAN. It's a bump in the wire and its only function is to do queuing/shaping. Works perfect.