Bandwidth priorities and simple queues

Hi, new user here. been messing around with an RB750G for a few months now setting up simple stuff. I’m currently working on implementing something like this (quoted from another user in this forum) but cannot get anywhere. My setup is as follows:

What I’m planning on doing, is prioritize HTTP over any other traffic. FOr example, I have a 15 MBit DSL connection, and its maxed out. When browsing I need to lower the speed of all other traffix to 4Mbit (or any other number such as to allow fast browsing and downloads over http).

For downloads, at the moment I’m setting the Max Limits at 15MBit for parent, 15Mbit for HTTP and 15Mbit for Other. When other traffic is running, HTTP traffic is not getting the priority, but rather take the little bandwidth that left. When both are being used, I want http to max out, and all other bandwidth gets lowered immediately.

Any idea what I’m doing wrong here?

Cheers

You are going to want to use Queue trees and not simple queues for what you want to do. Simple Queues are very simple, and basically just process their queue just like the firewall, each packet that comes in just goes down the list until it finds a queue that fits.

This is probably more what you are looking for. Adjust the interfaces and rates to be more of what you are looking for.

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=15M name="Global Download" parent="LAN" priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=10M \
    max-limit=15M name="HTTP Traffic Download" packet-mark=other_traffic parent=\
    "Global Download" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M \
    max-limit=15M name="Other Download" packet-mark=heavy_traffic parent=\
    "Global Download" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=3M \
    max-limit=15M name="High Download" packet-mark=high_traffic parent=\
    "Global Download" priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=1M name="Global Upload DSL" parent=ether1 priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=512K \
    max-limit=1M name="HTTP Upload DSL" packet-mark=other_traffic \
    parent="Global Upload DSL" priority=4 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256K \
    max-limit=1M name="Other Upload DSL" packet-mark=heavy_traffic \
    parent="Global Upload DSL" priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=256K \
    max-limit=1M name="High Upload DSL" packet-mark=high_traffic parent=\
    "Global Upload DSL" priority=1 queue=default

Max Limit is how much traffic is allowed to go through the queue at any time. Limit-at is the guaranteed rate you want to offer to that kind of traffic. You need a queue for each interface that is going to upload and download, so if you have multiple WANs or LANs you need to add in the appropriate queue trees for them.

Thanks for the quick reply! I did the changes as you posted modified to my setup but something is not working as it should. Tried limiting the HTTP traffic just to check if its working, but it keeps maxing out anyway even though I set it up to a max of 5Mbit.

Packet marking seems fine as when i tried limiting the speed with simple queues worked out fine. I also tried using both the pppoe interface aswell ether1 as parent, to no avail. Any idea?

It looks like you placed that on Ether1, is that the WAN or the LAN? By placing it on the WAN you are limiting the upload, place the rules on the LAN to limit the download. You could also make the parent Global-Download instead of the LAN, just by specifying the parent interface you are better able to control what each interface is capable of passing.

This wiki page shows you how a packet processed through the MikroTik. It is very useful and will help you understand better where and how to implement QoS rules.

http://wiki.mikrotik.com/wiki/Packet_Flow

I changed the parent to global in after some reading. Currently seem to have a problem with marking as everything is getting marked as http.. will see whats wrong with the setup and report back. Thanks!

Just an update, sorry for the influx of posts!

Basically marking is working and traffic flow in the queue tree is showing up correctly.

Now when I have other traffic it can max out, but when theres HTTP traffic, other traffic should get lowered to 2Mbits if HTTP traffic is requesting to max out the connection right?

Its currently not doing so, when other traffic is maxed out and I start HTTP traffic, HTTP barely gets 1-3Mbits so prioritization is not occurring.

Any idea what I might be missing?

Try moving the parent interface to your LAN and see how that goes. Based off of the average rates there it’s looking like you still have rate limiting the Upload stream.

You should move the queue to the interface that is facing the clients.

If you have:

internet → ether1 routeros ether2 → clients

then you should attach the queue to ether2 (or global-out).

You can attach corresponding queues with their own limits to ether1 to limit traffic in the other direction. (unless you’re using global-out).

You may also need to increase the size of the queues in queue types tab, and/or change them to a different type of queue in the interfaces tab, but don’t worry about that for now, the defaults are probably fine.

Basically, you can’t do anything to traffic that has already been sent to you, except buffer it, but when you send it somewhere else (to your downstream clients), then you can reorder (prioritize it). I’m not really a fan of using the global-xxx options.

This is just a home setup, sorry if I didn’t mention that earlier. Basically I have the DSL modem connected to ether1 and 4 clients including a wireless AP to ports ether2-5. How should I go about setting the port pointing to the client? Should I choose ether2 since its the master port for ether3-5?

I believe so, I’ve never used the switch chips so I can’t say for sure. Worst that happens is you try it and it doesn’t work. It won’t break anything.

Tried setting the parent as ether2 but still no priorities for http

Post the results of the following commands. We should be able to spot what is going on.

/ip firewall mangle export
/queue export

add action=mark-connection chain=prerouting comment=“Mark HTTP” disabled=no dst-port=80,443 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment=“” connection-mark=http_conn disabled=no new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting comment=“Mark all other” disabled=no new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting comment=“” connection-mark=other_conn disabled=no new-packet-mark=other passthrough=no


/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=15M
name=“Global Traffic” parent=ether2-local-master priority=1
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 red-burst=20
red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=pcq-default pcq-classifier=“” pcq-limit=50 pcq-rate=0 pcq-total-limit=
2000
set default-small kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=13M max-limit=15M
name=“HTTP Traffic” packet-mark=http parent=“Global Traffic” priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=2M max-limit=15M
name=“Other Traffic” packet-mark=other parent=“Global Traffic” priority=8 queue=default
/queue interface
set ether1-gateway queue=ethernet-default
set ether2-local-master queue=ethernet-default
set ether3-local-slave queue=ethernet-default
set ether4-local-slave queue=ethernet-default
set ether5-wifi queue=ethernet-default
set pppoe-out1 queue=default

Well it looks right to me, so I’m not sure why it’s not working for you. I would be curios to try a few things.
1.) See what happens when you move the mangle rules to the forward chain
2.) See what happens when you put it on the Global-out interface
3.) See what happens when you turn off the switch chip, put a PC on Ether2 and see how that affects things.

One thing I forgot to mention is the way the rules work. All of your other connections are guaranteed 2 Mbps, but can take up to 15 Mbps. Your HTTP is guaranteed 13 Mbps and take up to 15 Mbps. However if HTTP is not taking up it’s guaranteed 13 Mbps when the connection is under full load, the other queue will borrow the left over bandwidth for it’s own uses. Just with the priority, all of your HTTP connections will go out first.

You will also probably want to prioritize DNS traffic, since your computer will not be able to or even try to go anywhere until it has resolved the domain name of where you are trying to get to.

I added more ports to cover DNS and other important traffic to get tagged with the http rule. The below point have been testing with other ports tagged aswell.

1. The forward chains shown in the pics are dynamic, what do you mean by this?
2. Tried Global in, Global out and ether2, still not prioritizing. Other data still not being lowered to 2Mbits even though I’m trying to get a large file over http (speed can max out)
3. The testing I’m doing is coming frmo one PC connected to the ether2 port, still nothing

In your mangle rules, change the chain from prerouting to forward.

For your test, I would open up a torch session on Ether2 and see if you are really getting the file via HTTP or some other method then. Be sure you check portocol and port and let it run.

Set up torch on ether2, tried the http download on 80 and it marked the download at 15mbit, so the test I’m trying is going through http. Also changed the mangle rules from prerouting to forward, still the same.

This is what I’m trying to test priorities maybe I’m doing something here. I’m letting a bittorrent distro run, letting it max out at 15Mbit. Then I start an http transfer of an exe, which should in theory take up the 15MBit and slow down the other transfers (barely taking 2mbit and slowly trickling down, while other transfers remain almost maxed). Am I testing it right? Or is there an other way of going through this?

Thanks

Ok, that all sounds right, so lets go back to some very basics.

1.) Where are you downloading the files from? Are they on your local network, or are they out on the internet?
2.) If they are out on the internet, are you able to get full HTTP download speeds without the torrent running?
3.) Do you see the mangle rules incrementing like they should be when you start your downloads?
4.) Do you see the Queue rules incrementing like they should be when you are downloading traffic?

1. An exe from a company we are partners with at my office
2. Without any http accelerators and no torrents running I’m able to max out the http connection in the first few sec
3. Both http and other are increasing in byte count when the appropriate files are downloaded
4. Yes byte count increases aswell. Also:

HTTP Only
HTTP Traffic - Red
Other Traffic - Green

Other Only
HTTP Traffic - Green
Other Traffic - Red

Both
HTTP Traffic - Green
Other Traffic - Red

Hope that helps