DSCP Question

Hi. I have googled a lot for the answer to this question, and although I have learned a lot about mangle and queues, I have not found a way to do what I imagine is quite a simple task.

I am looking to put Mikrotiks as NTEs which feed into a Cisco network. As such I want to mark packets leaving the Mikrotik with various DSCP values to be processed by the Cisco routers.

I have found Mangle is sufficient to mark packets based on IP address, port and protocol. So far so good.

However - I also want to be able to (for instance) mark the first 50Meg of bandwidth with one DSCP value, then mark anything over that with a different DSCP value, and I cannot see how to do that.

Note - I do not want to actually rate limit anything on the Mikrotik, I only want to mark the packets based on bandwidth usage. The rate limiting will be done upstream.

Can anyone help with this please?

You can achieve that with “connection-bytes” in the mangle rules:

add action=mark-connection chain=forward comment=\
    "smtp, submission up/down - mark connection small" connection-mark=\
    no-mark dst-port=25,587 new-connection-mark=smtp-up-dn-s passthrough=yes \
    protocol=tcp
add action=mark-connection chain=forward comment=\
    "smtp, submission up/down - mark connection medium (512KiB-10MiB)" \
    connection-bytes=524288-10485759 connection-mark=smtp-up-dn-s \
    new-connection-mark=smtp-up-dn-m passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=\
    "smtp, submission up/down - mark connection large (>=10MiB)" \
    connection-bytes=10485760-0 connection-mark=smtp-up-dn-m \
    new-connection-mark=smtp-up-dn-l passthrough=yes protocol=tcp
add action=change-dscp chain=forward comment=\
    "smtp, submission up/down small - set DSCP AF11" connection-mark=\
    smtp-up-dn-s new-dscp=10 passthrough=no
add action=change-dscp chain=forward comment=\
    "smtp, submission up/down medium - set DSCP AF12" connection-mark=\
    smtp-up-dn-m new-dscp=12 passthrough=no
add action=change-dscp chain=forward comment=\
    "smtp, submission up/down large - set DSCP AF13" connection-mark=\
    smtp-up-dn-l new-dscp=14 passthrough=no

Hi Trema! Thanks so much for your reply.

I am not 100% sure I have explained myself properly:

If a customer is sending traffic at a rate of 0-50Mbps, I need it to me marked with, for example, AF11.

If a customer then sends traffic at a rate of say, 60Mbps, I still need the first 50Mbps marked with AF11, and I only need the traffic from 51Mbps-60Mbps to be marked AF12.

I think your code would, for instance, mark traffic at 49Mbps as AF11, but then if the traffic rate was increased to 55Mbps, ALL traffic from 0-55Mbps would be marked as AF12, when I would still need the first 50Mbps to be AF11 and only the portion of traffic which is over 50Mbps to be marked as AF12.

This is so I can offer a CIR of 50Mbps and classify traffic over and above this rate differently.

Is there any way I can achieve this, please?

By using connection-rate as the criteria.

connection-bytes is the bytes the connection has already transferred, not the rate.

Thanks for the reply.

I have tried using the ‘connection-rate’ command rather than ‘connection-bytes’, but the same problem applies.

ie. if a user is sending data at 40Mbps, it will mark the traffic as AF11 - which is fine.

but: if they then start sending data at 55Mbps, then the whole 55Mbps will be marked as AF12, when I need the first 50Mbps to be still marked at AF11 and only the final 5Mbps to be marked as AF12.

Is there a way to get around this problem?

Of course not. How should the router know which traffic is below and which is above 50 Mbps?
Traffic is just packets and can only be judged “as a whole” to have a certain rate.

Hi,

I have never tried it, but can’t the “Limit” option in the “Extra” tab do this?

Well perhaps connection-rate isn’t the way forward, but this is obviously something that can be done.

On Cisco IOS you could use policy-maps/class-maps to achieve it. I am just wondering how it can be done with RouterOS.

I don’t know, but thanks for the suggestion. I will take a look.