Bandwidth sharing (prioritising DNS)

kevin_i_orourke · August 21, 2006, 10:26am

I’m quite new to MikroTik and still struggling a bit.

We have a 128/64 Kib satellite link for our internet connectivity, which works fine until somebody starts a large download.

At that point DNS lookups get very slow and usually stop working.

I’ve followed the instructions in the MikroTik reference manual’s application examples to set up equal bandwidth sharing and this has improved the situation for mutliple users downloading at once. I’ve pasted in the queue tree config below.

However I can’t work out how to give DNS requests and responses priority over other traffic on the link.

Any suggestions?

Kevin

[admin@MikroTik] > /queue tree print
Flags: X - disabled, I - invalid 
 0   name="Download" parent=local packet-mark="" limit-at=0 queue=default 
     priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 
     burst-time=0s 

 1   name="queue2" parent=Download packet-mark=users limit-at=0 
     queue=pcq-download priority=8 max-limit=0 burst-limit=0 
     burst-threshold=0 burst-time=0s 

 2   name="Upload" parent=public packet-mark="" limit-at=0 queue=default 
     priority=8 max-limit=60000 burst-limit=0 burst-threshold=0 burst-time=0s 

 3   name="queue4" parent=Upload packet-mark=users limit-at=0 queue=pcq-upload 
     priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

dapsyra · August 21, 2006, 11:20am

Mangle DNS as follows:

/ ip firewall mangle
add chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=dns-con passthrough=yes comment=“dns-con” disabled=no
add chain=prerouting connection-mark=dns-con action=mark-packet
new-packet-mark=dns-packets passthrough=no comment=“” disabled=no

Now set speed and priority for dns packets as follows:

/ queue tree
add name=“dns-uploads” parent=global-in packet-mark=dns-packets limit-at=0
queue=default priority=1 max-limit=32000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no
add name=“dns-downloads” parent=global-out packet-mark=dns-packets limit-at=0
queue=default priority=1 max-limit=32000 burst-limit=0 burst-threshold=0
burst-time=0s disabled=no

These rules will set a speed of 32kbps at priority 1 for DNS. You can just copy and paste into a terminal window.

cmit · August 21, 2006, 11:34am

For completeness, you should also mangle the TCP variant of DNS. Just add another mangle rule to write a connection-mark, and put it BEFORE the rule placing the final packet marks:

So just add the following:
/ ip firewall mangle
add chain=prerouting protocol=tcp dst-port=53 action=mark-connection
new-connection-mark=dns-con passthrough=yes comment=“dns-con” disabled=no

in between the two mangle rules dapsyra wrote for you.

Best regards,
Christian Meis

kevin_i_orourke · August 21, 2006, 1:32pm

OK, I now have /ip firewall mangle (including my two preexisting rules):

Flags: X - disabled, I - invalid, D - dynamic
 0   chain=forward src-address=192.168.0.0/24 action=mark-connection
     new-connection-mark=users-con passthrough=yes

 1   chain=forward connection-mark=users-con action=mark-packet
     new-packet-mark=users passthrough=yes

 2   ;;; dns-con
     chain=prerouting protocol=udp dst-port=53 action=mark-connection
     new-connection-mark=dns-con passthrough=yes

 3   chain=prerouting connection-mark=dns-con action=mark-packet
     new-packet-mark=dns-packets passthrough=no

 4   ;;; dns-con
     chain=prerouting protocol=tcp dst-port=53 action=mark-connection
     new-connection-mark=dns-con passthrough=yes

and /queue tree:

Flags: X - disabled, I - invalid
 0   name="Download" parent=local packet-mark="" limit-at=0 queue=default
     priority=8 max-limit=128000 burst-limit=0 burst-threshold=0
     burst-time=0s

 1   name="queue2" parent=Download packet-mark=users limit-at=0
     queue=pcq-download priority=8 max-limit=100000 burst-limit=0
     burst-threshold=0 burst-time=0s

 2   name="Upload" parent=public packet-mark="" limit-at=0 queue=default
     priority=8 max-limit=64000 burst-limit=0 burst-threshold=0 burst-time=0s

 3   name="queue4" parent=Upload packet-mark=users limit-at=0 queue=pcq-upload
     priority=8 max-limit=60000 burst-limit=0 burst-threshold=0 burst-time=0s

 4   name="dns-uploads" parent=global-in packet-mark=dns-packets limit-at=0
     queue=default priority=1 max-limit=32000 burst-limit=0 burst-threshold=0
     burst-time=0s

 5   name="dns-downloads" parent=global-out packet-mark=dns-packets limit-at=0
     queue=default priority=1 max-limit=32000 burst-limit=0 burst-threshold=0
     burst-time=0s

The statistics in winbox are counting packets passing through dns-uploads but showing zero for dns-downloads. Is this correct?

Kevin

cmit · August 21, 2006, 2:25pm

You have to swap rules 3 and 4 in your mangle rules - the one putting packet-marks on all packets from a connection has to be last!

This will only prioritize the DNS requests (i.e. outgoing DNS queries), as you are mangling/packet-markting according to DESTINATION port 53.
So the counter behaviour you see is correct.

But you can of course also prioritze the incoming DNS answers. You would have to mark those packets accordingly, i.e. mark UDP/TCP with a SOURCE port of 53.

But beware that this will only work on your internal network - you don’t have any influence on how the DNS answers will come in over your internet uplink. This is something that would have to be done by your ISP/uplink-provider…

Best regards,
Christian Meis

kevin_i_orourke · August 22, 2006, 7:59am

Oops, I added the last mangle rule but forgot to move it to the correct position.

Thanks for the help, I’m hoping this will improve things a bit.

Kevin