how to increase priority for VoIP packets

toplek · April 16, 2011, 3:30pm

HI,

I’m trying to change DSCP value on VoIP packets using Layer 7:

/ip firewall layer7-protocol add name=sip regexp="^(invite|register|cancel) sip[\\x09-\\x0d -~]*sip/[0-2]\\.[0-9]"

/ip firewall mangle
add action=mark-packet chain=forward disabled=no layer7-protocol=sip new-packet-mark=dscp_sip passthrough=yes
add action=change-dscp chain=forward disabled=no new-dscp=10 packet-mark=dscp_sip

The problem is that this L7 regexp is matching only couple first packets of VoIP connection. Do you have any idea how to mark all VoIP packets. I’m using PAP2T phone adapter (G726-32 codec)

This was tested with MT5.1.

thank in advance
TopLek

edmidor · April 16, 2011, 8:00pm

PAP2T already marks its traffic with DSCP 26 and 46, no need in L7

toplek · April 18, 2011, 4:22pm

HI,

Thank you for the reply. This is not solving the problem. I have no idea what kind of phone adapter my customer will use and this is only one side solution.

So I have that situation:

VoIP adapter–switch–MT_Router(CPE)–bridge…bridge–Traffic_Manager–MT_Router(edge router)

In order to make correct QOS I need to mark packets on both side:
-CPE
-edge router

Is there any once who could HELP?

fewi · April 18, 2011, 4:29pm

Provided that your layer 7 expression actually works, set a connection-mark based on it, rather than a packet mark. The connection mark will be available for all packets in a connection.

So basically change what you have to:

/ip firewall mangle
add action=mark-packet chain=forward disabled=no layer7-protocol=sip new-connection-mark=dscp_sip passthrough=yes
add action=change-dscp chain=forward disabled=no new-dscp=10 connection-mark=dscp_sip

The first rule will only match at the beginning of the connection, but the second rule will match on all packets in connection that at any time were matched by the first rule.

Though that is going to be expensive as hell to run on the router. What you have does a regular expression inspection on the first packets of EVERY connection. At the very least you should change that so it only tries to match UDP connections, ideally you’d whittle that down further.

toplek · April 18, 2011, 5:36pm

Hello,

Thank you for the reply. Your idea appears to be correct. After puting the first line into router I’ve got an error so I’ve made a small change.

/ip firewall mangle
add action=mark-connection chain=forward disabled=no layer7-protocol=sip new-connection-mark=dscp_sip passthrough=yes
add action=change-dscp chain=forward connection-mark=dscp_sip disabled=no new-dscp=10

The situation is the same, catching only couple first packets:

br
Toplek