Joined: Fri Oct 22, 2004 7:03 am Posts: 413
Location: Tucson, AZ
Like the new diagrams. One suggestion is to add detail on the "Use MPLS?" and "Use Route?". If you compare these decisions in the flow chart to the first decision after physical input, "In-Interface Bridge Port?", it seems to me that the first decision is much more self describing than the others -- "Is the in-interface in a bridge?" vs. "Are we going to use MPLS?" If it was more clear as to the logic for "Use MPLS" or "Use Route", then it might be more useful in learning RouterOS.
Joined: Tue Aug 28, 2007 12:24 am Posts: 120
Looks clean guys. Nice work.
_________________ Hit my blog for video tutorials of Mikrotik and Cacti. Just so I look as cool as everyone else ->CCNA / CCNP / CCIE W / MCNA / MCRE / Certified Trainer / A+ / N+ / Partridge in pear tree<- man I love being pretentious!
Please help me understand as I'm obviously missing something here... In ROS 5 you could double-QoS by: 1)Mangle in prerouting, prioritise in Global-In HTB (all in prerouting sub-section) 2)Mark in forward/postrouting, shape in Interface HTB
Now in ROS 6 the global HTB resides in the Input chain, not the prerouting chain!? So how do I achieve double-QoS with ROS6 then?
In scenario D, there is no Global HTB in prerouting, according to diagram it is now in Input chain, but Input chain is not used if it is forwarded traffic. I'm not suggesting ROS is broken, I'm suggesting that possibly the diagram is wrong, or does ROS6 process Input chain for forwarded traffic as well now?
Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once. Input traffic hits them in the Input, while Output and Forward traffic - in the Postrouting. The packet flow has changed and you will need to adopt to it.
So here (if I understand it correctly), you could: new-packet-mark @ ManglePrerouting(1a), then queue @ Global-In/Global-total(1c) Then re-mark the packet @ MangleForward(2a) or ManglePostrouting(3a), then queue @Global-out(3b) or Interface HTB(4-) Correct?
Here, the first queue that you reach, is only in Global HTB(3c), after prerouting, forward, postrouting Mangles. There is no mangle opportunity after that to re-mark the packet before Interface HTB(4-)? I guess my question is then, can a packet carry more than one mark? Otherwise, how does a packet get remarked if the sequence above is correct?
1) mark by traffic type in any mangle chain... - i suggest "forward" 2) prioritize traffic by traffic type in HTB global 3) use simple queues to apply individual user limits (use target as individual IP, or network and PCQ queue type)
_________________ I know what i don't know, do you?
Joined: Thu Jan 05, 2012 12:53 am Posts: 45
One addon from my point of view: I would like to have colours in the picture, they make the boxes much more clearer! PDF is also a good point. Please publish a vector graphics inside the PDF so that we can enjoy a real wallpaper
I've read many things on this forum and I've track carefully the packet flow, but one thing are still missing. The physical interface rules. Probably it's on the hardware, but try to figure out how can I bridge 5 interfaces on a CCR-1036 6.7, setup a DHCP Server attached to the bridge and control the HTB using the etherX entry. Refering to the scenario PacketFlowDiagram_v6_example1.2.jpg, I've put somes traces (packet log) following the decisions:
So quickly, I've add a Bridge interface name BR_TEST, with eth1,3,4 and 5, eth2 are my dhcp client into my personal network and I masquerade anything trough this interface.
I've disabled the fast path for the bridge and enabled the IP Firewall options to enter into the ip mangle table and grab somes packets log output, log that I have seen into the LOG window.
I've just realized that the represented interface are the bridge interface BR_TEST and not ether2...
I mean, the traffic are still handled by the physical port, not really, but mabe, the virtual BR_TEST port.
Question #1: It is the chipset who do this?
Always referring the chart, I've add two filter rules into the bridge management and now I can track my interface management.
So I've mark my packets, add it on seperated HTB rules and my download queue dont work...
What I'Ve missing?
There are two perspectivs when use-ip-firewall is used.
1) layer-2 perspective - when traffic comes via one bridge port and leaves via other port of the same bridge - in this case in and out interfaces will be physical interfaces that are in the bridges
2) layer-3 perspective - when packet is routed to bridge - in all configuration packet will leave via bridge interface cause routing doesn't know anything about bridge ports. for this traffic out interface will be bridge interface and only bridge forwarding table will know what actual physical port it goes out.
This is done with one single reason - so that enabling use-ip-firewall will not break your layer-3 configuration that you might have.
_________________ I know what i don't know, do you?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum