I have Asymmetrical Internet, low upload, high download capacity.
I mangle in prerouting for service packer marker.
I mangle in forward client traffic based on address list and subscription level.
In Queue tree have priority and speed limits set for services:
Upload; Parent = Public interface
Download; Parent = global-in
In Queue tree have priority and speed limits set for client subscripiton levels:
Upload; Parent = ???
Download; Parent = Local interface.
I tried several options for client upload parent; global out, global total or Publick interface again. Nothing works.
MUM presentation only speaks about global-in for download prioritizing and limiting for service QoS. But I have very little upload capacity and since P2P is consuming lots of bandwith, need to prioritize and limit in upload as well, but with different limits as download. Which interface (real or virtual) to use?
Normally I would say the public interface. But that one is already in use by the client shaping Queues. Can anybody give me any help?
When I do that my upload queues drop dead. No more traffic.
For client subscripiton levels:
Upload; Parent = Public interface (WAN)
Download; Parent = Local interface (LAN)
When I do that my upload queues also bear no traffic
My mangle is similar to yours.
Hope this help.
Regards, G.
If you don’t mind, can you post your config (with the pcq’s you’re using) here?
If you do mind, would you be kind enough to send them to my e-mail info@marucom.es?
I would appreciate it “mucho”
No, no NAT in this router. (So this router passes all traffic with original client CPE IP and port. Nat is only performed at adsl modems outside the WAN of my load balancer and on the WAN ports of the Load balancer itself.)
actually, for such complex setups I prefer not to use interface queues…
Why? I am learned from guys like galaxynet and other examples this is a good idea? Can you give me a funded reason? Maybe I agree with you! I am eager to see any input in improving my scheme.
you may use global-in for user upload and download per service, and global-out for user download and upload per service
Tried that. Although my service queues seem to be working now only the download queue on the users gets traffic, but much less then the service queues for download. (Should be roughly the same? Same amount of agregated sum of all services data should be the same as aggregated sum of all users data?)
Upload queues for the user stay empty. No traffic…
Well, I set my service upload to global-out as suggested but traffic was then doubled and some child and parent continuously in red. Internet service became crap…
I had to sad my queues back to origin (only service queues with download>global-in and upload>public interface) at least that works and worked for months…
Don’t know where to go now… I am thinking of having just another router in the pipe and split the dual functionality over the two routers. I might then also do route marking in mangle for policy routing of P2P or other unwanted traffic to my adsl lines since they are installing my HQ line this week.
Just got an answer form MT-support about the same question as this topic. Answer = “watch our tiktube with the QoS presentation”.
Gosh, sometimes I hate these guys. As if I not already have seen that presentation about 100 times…
Ok, I think where to find my problem and the solution..
Someone told me in the past to mangle only once, in the prerouting (or forward) chain on the local interface. (Where all traffic is coming from.
But I should actually mangle twice. (Actually three times. 1. mangle conn. 2. mangle upload 3. mangle download)
First I mangle all connections in pre-routing and assign connection mark.
Second these now known connections both get packet marked with separation based on the interface they come in.
Upload traffic come in the local interface.
Download traffic was initiated in the local interface (and conn.tracker started tracking it) but only when the result traffic comes back it comes in the public interface. Conn.tracker knows which connection it is, thus connection mark is applied already and now we only mark these packages on this incoming interface?
So far so good?
The queueing is now done for each direction based on the global-out interface? (If this is not true, please explain.)
[Wiki manual writes; "global-out: represents all the output interfaces in general (EGRESS queue). "
I don’t understand why actually most of us (including me up to now) use the global-in interface for traffic that leaves the router? Can somebody explain?
According to Wiki:
global-in: represents all the input interfaces in general (INGRESS queue). Queues attached to global-in apply to traffic that is received by the router before the packet filtering
And look at packet flow diagram http://wiki.mikrotik.com/wiki/Packet_Flow
When you mangle on prerouting, global-in is after mangle, so it works.
Ok, I agree on that. For confirmation, lets follow the traffic:
LAN client sends request for webpage > enters router at local interface and after conn tracking register the connection it gets mangled in the pre-routing chain with classifier that local interface. Here-after the packages are queued in the global-in.
After this traffic flows further through the router and leaves via public interface of router.
Then traffic comes back, and enters router at the public interface. Yet again the connection tracker is passed first and here the router recognizes the connection as one already created before. So same connection marker is applied. Now mangle should mark that connection again but the argument is now the public interface as incoming interface and a packet marker is applied that represents the download traffic.
Queued can now be done again in global-in, but we take the download package marker now as argument?
Would this now reserve the forward mangle for client (IP based) traffic shaping and the queue for that takes place in either the real output interface or the virtual one, Global-Out?
I know this might look like I did not do enough reading and testing. But I also post since I know lots of users are struggling with the subject. So to benefit us all!
Little bit different item, but still QoS. More mangle this time.
In examples and Wiki I see two mainstream ways of mangle marking traffic flows.
Some use connection marking first, different traffic stream identifiers (filters) mark these connections with one connection marker “X”.
After this package marker rule marks all packages belonging to that connection with a certain package mark.
It is stated somewhere this is less cpu expensive since package belonging to one connection flow is now marked all in one packet marker rule. Without a marked connection router would have to filter and test each individual package before decision can be made what package mark it would get. And that for each package in a tream over and over again.
But some in this forum I see only marking packages. No use of connection marking.
Who is right?
Also, looking at my previous post in this topic, I only have to mark connection once. Even traffic coming back and entering public interface is immediately recognized and needs no filter. It just gets a new package mark if we tell router to do so.
Saves a whole bunch of filter rules I would think?
Depends on how often and what you’re matching. To mark a packet matching on a connection-mark takes one lookup per packet (does it have this tag?). If you’re marking the connection based on more than one matcher (does it match this source address, and this inbound interface) you’re saving resources since the lookups per packet go down, you only need to compare one field on every packet instead of two.
However, if you’re just matching on one matcher (did it come in through this interface?) and you don’t need to be stateful, you might as well just mark the packet.
Thanks, this is a clear explanation someone can understand.
Since most of my mangle filters look at at least two types of matcher and some whole ranges of ports (VOIP: 5060-5070) my choice for conn.marking is a right one.
One question: What exactly do you mean with “stateful”? English is not my native language and my dictionary doesn’t even know that word…
I have a problem with double marking. When the upload Services Queue is active, the Users upload Queue are not counted!
But when Upload Services is disabled, then works well…
