A Beginners QoS - A Basic Example [Update IPv6 + HTTP Tweek]

GhostSeven · October 19, 2011, 1:54pm

Updated Rules In Second Post

Hello

I have recently purchased my first Router Board (a RouterBoard 750) and started learning how to configure it.

One thing I had particular problems with understanding and getting functional was Quality of Service bandwidth restrictions.

I have a home connection and wanted to do some basic QoS to make sure my newsgroup downloads or file uploads did not adversely impact the rest of my internet activity, such as playing games on Xbox Live or browsing the web.

After spending many days reading the MikroTik documentation, the wiki and various posts on here, I had a fair understanding of how QoS works but could not quite get my configuration to behave how I would have liked.

I turned once again to the internet and the excellent collection of people on irc.z.je in the #routerboard channel.

The up shot was a lot of help from people on IRC, notably ne2k, causality, chaos, Nest Wireless and others (Sorry cant remember everyone!) Some kind people even connecting to my setup via winbox to help educate me. I then took this knowledge and combined it with some features of other QoS posts on this forum, most notably this post : http://forum.mikrotik.com/t/working-qos-configuration/29847/1 by negge which is essentially my upload rules.

The result has given me a basic set of mangle and queue tree rules to manage my inbound and outbound traffic and I am amazingly impressed with what this little unit can do.

I wanted to post my configuration here in the hope it can help other people who are looking to setup basic QoS.

I am based in the UK with a ADSL connection.

Where AAISP is my PPPoE connection and ether2-master-local is my LAN connection.

Mangle Rules

 1   ;;; Critical traffic download (Xbox Live)
     chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no
     protocol=tcp in-interface=AAISP port=3074

 2   chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no
     protocol=udp in-interface=AAISP port=3074

 3   chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no
     protocol=tcp in-interface=AAISP port=88

 4   ;;; High-priority interactive download (SSH,Winbox)
     chain=prerouting action=mark-packet new-packet-mark=high_pri_interactive_download
     passthrough=no protocol=tcp in-interface=AAISP port=22,2222,2233

 5   chain=prerouting action=mark-packet new-packet-mark=high_pri_interactive_download
     passthrough=no protocol=tcp in-interface=AAISP port=8291

 6   ;;; Low-priority interactive traffic download (HTTP, HTTPS)
     chain=prerouting action=mark-packet new-packet-mark=low_pri_interactive_download
     passthrough=no protocol=tcp in-interface=AAISP port=80,443

 7   ;;; Low-priority non-interactive download
     chain=prerouting action=mark-packet new-packet-mark=low_pri_non_interactive_download
     passthrough=no protocol=tcp in-interface=AAISP port=563

 8   ;;; Link-critical traffic (DHCP)
     chain=postrouting action=mark-packet new-packet-mark=link_critical passthrough=no
     protocol=udp out-interface=AAISP src-port=68 dst-port=67

 9   ;;; ICMP (Testing - Critical Link Traffic Pri)
     chain=postrouting action=mark-packet new-packet-mark=link_critical passthrough=no
     protocol=icmp out-interface=AAISP

10   ;;; Time-critical traffic (DNS, TCP control packets, certain ACK packets, new connections)
     chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no
     protocol=udp out-interface=AAISP dst-port=53

11   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no
     tcp-flags=fin,syn,rst protocol=tcp out-interface=AAISP

12   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no tcp-flags=ac>
     protocol=tcp out-interface=AAISP packet-size=40-89

13   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no
     connection-state=new protocol=tcp out-interface=AAISP

14   ;;; Critical traffic (Xbox Live, some ACK packets)
     chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no tcp-flags=ack
     protocol=tcp out-interface=AAISP packet-size=90-159

15   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=tcp
     out-interface=AAISP port=3074

16   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=udp
     out-interface=AAISP port=3074

17   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=tcp
     out-interface=AAISP port=88

18   ;;; High-priority interactive traffic (SSH, WinBox, certain ACK packets)
     chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no
     protocol=tcp out-interface=AAISP port=22,2222,2233

19   chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no
     protocol=tcp out-interface=AAISP port=8291

20   chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no
     tcp-flags=ack protocol=tcp out-interface=AAISP packet-size=160-249

21   ;;; Low-priority interactive traffic (HTTP, HTTPS)
     chain=postrouting action=mark-packet new-packet-mark=low_pri_interactive passthrough=no
     protocol=tcp out-interface=AAISP port=80,443

22   chain=postrouting action=mark-packet new-packet-mark=low_pri_interactive passthrough=no
     tcp-flags=ack protocol=tcp out-interface=AAISP packet-size=250-359

23   ;;; High-priority non-interactive traffic (FTP)
     chain=postrouting action=mark-packet new-packet-mark=high_pri_non_interactive passthrough=no
     protocol=tcp out-interface=AAISP connection-type=ftp

24   chain=postrouting action=mark-packet new-packet-mark=high_pri_non_interactive passthrough=no
     tcp-flags=ack protocol=tcp out-interface=AAISP packet-size=360-489

25   ;;; Low-priority non-interactive traffic (POP, SMTP)
     chain=postrouting action=mark-packet new-packet-mark=low_pri_non_interactive passthrough=no
     protocol=tcp out-interface=AAISP port=25,110

26   chain=postrouting action=mark-packet new-packet-mark=low_pri_non_interactive passthrough=no
     tcp-flags=ack protocol=tcp out-interface=AAISP packet-size=490-639

Queue Trees

 0   ;;; OQ_Master
     name="Outgoing queue" parent=AAISP limit-at=0 priority=8 max-limit=650k burst-limit=0
     burst-threshold=0 burst-time=0s

 1   name="Low-pri non-interactive" parent=Outgoing queue packet-mark=low_pri_non_interactive
     limit-at=0 queue=default priority=7 max-limit=650k burst-limit=0 burst-threshold=0
     burst-time=0s

 2   name="Link-critical" parent=Outgoing queue packet-mark=link_critical limit-at=0 queue=default
     priority=1 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 3   name="Time-critical" parent=Outgoing queue packet-mark=time_critical limit-at=0 queue=default
     priority=2 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 4   name="Critical" parent=Outgoing queue packet-mark=critical limit-at=0 queue=default priority=3
     max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 5   name="High-pri interactive" parent=Outgoing queue packet-mark=high_pri_interactive limit-at=0
     queue=default priority=4 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 6   name="Low-pri interactive" parent=Outgoing queue packet-mark=low_pri_interactive limit-at=0
     queue=default priority=5 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 7   name="High-pri non-interactive" parent=Outgoing queue packet-mark=high_pri_non_interactive
     limit-at=0 queue=default priority=6 max-limit=650k burst-limit=0 burst-threshold=0
     burst-time=0s

 8   name="Low-pri non-marked" parent=Outgoing queue packet-mark=no-mark limit-at=0 queue=default
     priority=8 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 9   ;;; IQ_Master
     name="Incoming queue" parent=ether2-master-local limit-at=0 priority=8 max-limit=7M
     burst-limit=0 burst-threshold=0 burst-time=0s

10   name="Low-pri interactive download" parent=Incoming queue
     packet-mark=low_pri_interactive_download limit-at=0 queue=default priority=5 max-limit=7M
     burst-limit=0 burst-threshold=0 burst-time=0s

11   name="Low-pri non-interactive download" parent=Incoming queue
     packet-mark=low_pri_non_interactive_download limit-at=0 queue=default priority=8 max-limit=7M
     burst-limit=0 burst-threshold=0 burst-time=0s

12   name="Low-pri non-marked download" parent=Incoming queue packet-mark=no-mark limit-at=0
     queue=default priority=7 max-limit=7M burst-limit=0 burst-threshold=0 burst-time=0s

13   name="Critical download" parent=Incoming queue packet-mark=critical_download limit-at=0
     queue=default priority=3 max-limit=7M burst-limit=0 burst-threshold=0 burst-time=0s

14   name="High-pri interactive download" parent=Incoming queue
     packet-mark=high_pri_interactive_download limit-at=0 queue=default priority=4 max-limit=7M
     burst-limit=0 burst-threshold=0 burst-time=0s

I also setup some basic scripts to disable and enable these rules, the reason behind this is I don’t require QoS between 2am and 6am and this is when my automated downloads occur so I may as well let it saturate the connection at this time.

The two simple scrips are as follows. They work on the fact that the parent queue trees have specific comments against them that the script matches.

Enable Script

/queue tree set [find comment="IQ_Master"] disabled=no
/queue tree set [find comment="OQ_Master"] disabled=no

Disable Script

/queue tree set [find comment="IQ_Master"] disabled=yes
/queue tree set [find comment="OQ_Master"] disabled=yes

I hope this is useful for people or if people just wish to comment on how I have done my rules, I am a beginner after all!

Thanks

Blake

GhostSeven · October 27, 2011, 8:52am

After using my QoS setup for a little longer I had noticed two problems that were causing issues on the network.

If someone kicks off a HTTP download that saturates the connection then all HTTP browsing traffic suffers. The QoS rules have no way of determining what is a download and what is normal browsing traffic
I use RSync to keep my music library in sync across several computers, one of them being a remote computer. This connection is done over SSH, as a result when Rsync kicks off (usually during the day so all relevant computers are turned on) it saturates the connection and what is worse it is at a high priority as it is SSH traffic.

The solution? monitoring the Connection Bytes and marking packets that are under or over a particular amount. My cut off for both the SSH and HTTP traffic is any connection using under 1M in these classes is normal traffic anything over is download.

So I present my revised mangle and queue tree rules. Please note I have added one extra queue for ultra low priority traffic.

I have also made the transition to IPv6 (well 6 and 4 in tandem) as my ISP does native IPv6 (thanks aaisp!) something to note with IPv6 and RB is you need to define another set of firewall and mangle rules for your IPv6 traffic. These are exactly the same for my setup but could be different if you were specifying a target or source address so keep that in mind if you move to IPv6.

Where AAISP is my PPPoE connection and ether2-master-local is my LAN connection.

Mangle Rules

1   ;;; Critical traffic download (Xbox Live)
     chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no protocol=tcp in-interface=AAISP port=3074

 2   chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no protocol=udp in-interface=AAISP port=3074

 3   chain=prerouting action=mark-packet new-packet-mark=critical_download passthrough=no protocol=tcp in-interface=AAISP port=88

 4   ;;; High-priority interactive download (SSH,Winbox)
     chain=prerouting action=mark-packet new-packet-mark=high_pri_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=22,2222,2233 connection-bytes=0-1000000

 5   chain=prerouting action=mark-packet new-packet-mark=high_pri_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=8291

 6   ;;; Low-priority interactive traffic download (HTTP, HTTPS)
     chain=prerouting action=mark-packet new-packet-mark=low_pri_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=80,443 connection-bytes=0-1000000

 7   ;;; Low-Priority non-interactive download (SSH Download / RSync)
     chain=prerouting action=mark-packet new-packet-mark=low_pri_non_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=22,2222,2233 connection-bytes=1000000-0

 8   ;;; Low-priority non-interactive download (Newsgroups)
     chain=prerouting action=mark-packet new-packet-mark=low_pri_non_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=563

 9   ;;; Low priortiy non-interactive download (HTTP, HTTPS)
     chain=prerouting action=mark-packet new-packet-mark=low_pri_non_interactive_download passthrough=no protocol=tcp in-interface=AAISP
     port=80,443 connection-bytes=1000000-0

10   ;;; Link-critical traffic (DHCP)
     chain=postrouting action=mark-packet new-packet-mark=link_critical passthrough=no protocol=udp out-interface=AAISP src-port=68
     dst-port=67

11   ;;; ICMP (Testing - Critical Link Traffic Pri)
     chain=postrouting action=mark-packet new-packet-mark=link_critical passthrough=no protocol=icmp out-interface=AAISP

12   ;;; Time-critical traffic (DNS, TCP control packets, certain ACK packets, new connections)
     chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no protocol=udp out-interface=AAISP dst-port=53

13   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no tcp-flags=fin,syn,rst protocol=tcp out-interface=AAIS>

14   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no tcp-flags=ack protocol=tcp out-interface=AAISP
     packet-size=40-89

15   chain=postrouting action=mark-packet new-packet-mark=time_critical passthrough=no connection-state=new protocol=tcp out-interface=AAISP

16   ;;; Critical traffic (Xbox Live, some ACK packets)
     chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no tcp-flags=ack protocol=tcp out-interface=AAISP
     packet-size=90-159

17   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=tcp out-interface=AAISP port=3074

18   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=udp out-interface=AAISP port=3074

19   chain=postrouting action=mark-packet new-packet-mark=critical passthrough=no protocol=tcp out-interface=AAISP port=88

20   ;;; High-priority interactive traffic (SSH, WinBox, certain ACK packets)
     chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no protocol=tcp out-interface=AAISP
     port=22,2222,2233 connection-bytes=0-1000000

21   chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no protocol=tcp out-interface=AAISP port=8291

22   chain=postrouting action=mark-packet new-packet-mark=high_pri_interactive passthrough=no tcp-flags=ack protocol=tcp out-interface=AAISP
     packet-size=160-249

23   ;;; Low-priority interactive traffic (HTTP, HTTPS)
     chain=postrouting action=mark-packet new-packet-mark=low_pri_interactive passthrough=no protocol=tcp out-interface=AAISP port=80,443

24   chain=postrouting action=mark-packet new-packet-mark=low_pri_interactive passthrough=no tcp-flags=ack protocol=tcp out-interface=AAISP
     packet-size=250-359

25   ;;; High-priority non-interactive traffic (FTP)
     chain=postrouting action=mark-packet new-packet-mark=high_pri_non_interactive passthrough=no protocol=tcp out-interface=AAISP
     connection-type=ftp

26   chain=postrouting action=mark-packet new-packet-mark=high_pri_non_interactive passthrough=no tcp-flags=ack protocol=tcp
     out-interface=AAISP packet-size=360-489

27   ;;; Low-priority non-interactive traffic (POP, SMTP)
     chain=postrouting action=mark-packet new-packet-mark=low_pri_non_interactive passthrough=no protocol=tcp out-interface=AAISP
     port=25,110

28   chain=postrouting action=mark-packet new-packet-mark=low_pri_non_interactive passthrough=no tcp-flags=ack protocol=tcp
     out-interface=AAISP packet-size=490-639

29   ;;; Ultra Low-Priority non-interactive traffic (SSH Upload / RSync
     chain=postrouting action=mark-packet new-packet-mark=ultra_low_pri_non_interactive passthrough=no protocol=tcp out-interface=AAISP
     port=22,2222,2233 connection-bytes=1000000-0

Queue Trees

 0   ;;; OQ_Master
     name="Outgoing queue" parent=AAISP limit-at=0 priority=8 max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 1   name="Low-pri non-interactive" parent=Outgoing queue packet-mark=low_pri_non_interactive limit-at=0 queue=default priority=7
     max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 2   name="Link-critical" parent=Outgoing queue packet-mark=link_critical limit-at=0 queue=default priority=1 max-limit=650k burst-limit=0
     burst-threshold=0 burst-time=0s

 3   name="Time-critical" parent=Outgoing queue packet-mark=time_critical limit-at=0 queue=default priority=2 max-limit=650k burst-limit=0
     burst-threshold=0 burst-time=0s

 4   name="Critical" parent=Outgoing queue packet-mark=critical limit-at=0 queue=default priority=3 max-limit=650k burst-limit=0
     burst-threshold=0 burst-time=0s

 5   name="High-pri interactive" parent=Outgoing queue packet-mark=high_pri_interactive limit-at=0 queue=default priority=4 max-limit=650k
     burst-limit=0 burst-threshold=0 burst-time=0s

 6   name="Low-pri interactive" parent=Outgoing queue packet-mark=low_pri_interactive limit-at=0 queue=default priority=5 max-limit=650k
     burst-limit=0 burst-threshold=0 burst-time=0s

 7   name="High-pri non-interactive" parent=Outgoing queue packet-mark=high_pri_non_interactive limit-at=0 queue=default priority=6
     max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

 8   name="Low-pri non-marked" parent=Outgoing queue packet-mark=no-mark limit-at=0 queue=default priority=8 max-limit=650k burst-limit=0
     burst-threshold=0 burst-time=0s

 9   ;;; IQ_Master
     name="Incoming queue" parent=ether2-master-local limit-at=0 priority=8 max-limit=7600k burst-limit=0 burst-threshold=0 burst-time=0s

10   name="Low-pri interactive download" parent=Incoming queue packet-mark=low_pri_interactive_download limit-at=0 queue=default priority=5
     max-limit=7600k burst-limit=0 burst-threshold=0 burst-time=0s

11   name="Low-pri non-interactive download" parent=Incoming queue packet-mark=low_pri_non_interactive_download limit-at=0 queue=default
     priority=8 max-limit=7600k burst-limit=0 burst-threshold=0 burst-time=0s

12   name="Low-pri non-marked download" parent=Incoming queue packet-mark=no-mark limit-at=0 queue=default priority=7 max-limit=7600k
     burst-limit=0 burst-threshold=0 burst-time=0s

13   name="Critical download" parent=Incoming queue packet-mark=critical_download limit-at=0 queue=default priority=3 max-limit=7600k
     burst-limit=0 burst-threshold=0 burst-time=0s

14   name="High-pri interactive download" parent=Incoming queue packet-mark=high_pri_interactive_download limit-at=0 queue=default priority=>
     max-limit=7600k burst-limit=0 burst-threshold=0 burst-time=0s

15   name="Ultra Low-Pri non-interactive" parent=Outgoing queue packet-mark=ultra_low_pri_non_interactive limit-at=0 queue=default priority=>
     max-limit=650k burst-limit=0 burst-threshold=0 burst-time=0s

Once again I hope this is of use and welcome any changes or advice people would like to give.

If this helps you please post here and say hello

whitepearl · May 16, 2012, 8:59pm

I try to upload my queue tree. I have try to set max-limit with scheduler script, but i’m still failed. I want to set Download.8 value form 1Mb to 3Mb with scheduler script. Maybe you can help me, Thank you
queue try schedule.png

GhostSeven · May 17, 2012, 8:52am

I can try my best to help

Can you post the schedule script so I can have a look at it.

whitepearl · May 17, 2012, 3:14pm

/queue tree set [/queue tree find comment=download] max-limit=3072000

above is my scheduler script at night, and at day i want to set decrease max limit to 1024000.

i was inspired by this link.
http://wiki.mikrotik.com/wiki/Different_bandwidth_in_day_and_night_for_several_categories_of_users

Thank you GhostSeven

GhostSeven · May 18, 2012, 12:02pm

whitepearl:

/queue tree set [/queue tree find comment=download] max-limit=3072000
above is my scheduler script at night, and at day i want to set decrease max limit to 1024000.

i was inspired by this link.
http://wiki.mikrotik.com/wiki/Different_bandwidth_in_day_and_night_for_several_categories_of_users

Thank you GhostSeven

I can see no issues with your script, tested it on my RB and works fine (you may wish to check the rates i.e 307200 etc or use 1M or 3M etc).

So you have saved this as a new script then? Does it work if you run it from scripts (without a schedule setup?) i.e by pushing run script? (It works on my RB) if it does work from scripts, it must be something with the schedule setup, can you post what you have there? (screen shots will be fine)

To do the different rates at different times of day I would do the following.

I hope this helps! If not I shall try to assist further

whitepearl · May 18, 2012, 4:08pm

I use bits/s on this case, for example 3072000 is equal 3M. I have different way with you, the different is i type my script on scheduler and you type your script on mikrotik script then call by scheduler. I haven’t yet running script without scheduler before. This my capture, sorry for my bad English, I’m from Indonesia.
mikrotik schedule.png

GhostSeven · May 24, 2012, 9:14am

Sorry for the slow response, have been busy! I have tested your script and it works fine here. Is the scheduled event not working for you? Do you have another schedule to set the script back to 1M? (Sorry trying to understand what is not working

I think your English is perfectly fine