How to Mangle, Priority with HTB (Queue Tree) in ROS 3.16

samsoft08 · December 10, 2008, 10:27pm

mknnoc , when the test-user hit the 128k , there will be no room for any traffic even it has the highest priority , so priority will work when you dont really need it , and it doesnt work when you need it .. actually nothing will help when test-user hit the 128k , this is an important principle i’d learn here !!! you can check another topic about priority to confirm this fact..

if ICMP is your problem so : isolate it , exclude it by mangle , give it a simple unlimited queue , put this q always on top of other simple q’s , it wont take much bandwidth at all ..

mknnoc · December 11, 2008, 3:23am

Thanks Samsoft for your suggestion! i will use it for my last resort.

anyway, here corrected and tested configuration:

ip firewall mangle print

136 ;;; icmp-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=icmp in-interface=vlan5-noc

137 ;;; icmp-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=icmp

138 ;;; test-conn
chain=prerouting action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=172.16.31.89

139 ;;; test-packet-upload
chain=prerouting action=mark-packet new-packet-mark=test-packet-upload passthrough=no in-interface=vlan5-noc connection-mark=test-conn

140 ;;; test-packet-download
chain=prerouting action=mark-packet new-packet-mark=test-packet-download passthrough=no connection-mark=test-conn

queue tree print

120 name=“test-parent-upload” parent=global-in packet-mark=“” limit-at=128000 queue=default priority=8 max-limit=100000 burst-limit=0 burst-threshold=0 burst-time=0s

121 name=“test-parent-download” parent=global-in packet-mark=“” limit-at=128000 queue=default priority=8 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name=“icmp-priority-download” parent=test-parent-download packet-mark=icmp-packet-download limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

118 name=“icmp-priority-upload” parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=128000 queue=default priority=2 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

119 name=“test-user-download” parent=test-parent-download packet-mark=test-packet-download limit-at=128000 queue=defaul priority=8 max-limit=128000 burst-limit=0 burst-threshold=0 burst-time=0s

0 name=“test-user-upload” parent=test-parent-upload packet-mark=test-packet-upload limit-at=128000 queue=default priority=8 max-limit=256000 burst-limit=0 burst-threshold=0 burst-time=0s

queue type print

13 name=“pcq-128k-up” kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=5000

14 name=“pcq-128k-down” kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=5000

My testing procedures are:

try to use full bandwidth
result: all are good. ICMP can get good result.
try to disable(#122,#188) priority and shapping of ICMP packet, and use full bandwidth
result: user can get the top speed (D:128k,U:256k) BUT ICMP still good. i think mangle excluded ICMP from user connection already as Samsoft said

if ICMP is your problem so : isolate it , exclude it by mangle , give it a simple unlimited queue , put this q always on top of other simple q’s , it wont take much bandwidth at all ..

try to change from ICMP to HTTP protocol. just to make sure that user cannot use over the bandwidth as Janisk said

This way we get virtually the same behaviour as “per user prioritization”

Here is new configuration:

ip firewall mangle print

136 ;;; http-packet-upload
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-upload passthrough=no protocol=tcp in-interface=vlan5-noc dst-port=80

137 ;;; http-packet-download
chain=prerouting action=mark-packet new-packet-mark=icmp-packet-download passthrough=no protocol=tcp dst-port=80

queue tree print

118 name=“http-priority-upload” parent=test-parent-upload packet-mark=icmp-packet-upload limit-at=128000 queue=default priority=2 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s

122 name=“http-priority-download” parent=test-parent-download packet-mark=icmp-packet-download limit-at=128000 queue=default priority=2 max-limit=1000000 burst-limit=0 burst-threshold=0 burst-time=0s
result: user can use over bandwidth. that mean, PCQ can not help.

mknnoc · December 11, 2008, 10:26am

anyone please??

mknnoc · December 12, 2008, 9:06am

i am waiting for the answer or suggestion. anyone???

dot-bot · December 12, 2008, 9:41am

Here’s the answer my friend. Set queue=pcq-*** to all childs. Adjust it according to upload and according to download - to separate queue types. Then PCQ will work like a charm. Tested and will probably use it for the future like this.

mknnoc · December 12, 2008, 9:55am

Sorry that make you confuse about my configuration. actually, i have been used queue=pcq-*** for test-user-upload and test-user-download. i pasted wrong config, which is queue=default, to the post.

however, i have tested with queue=pcq-***. but customer still can uses over bandwidth if i do HTTP priority.

dot-bot · December 12, 2008, 10:54am

The reason is because due to HTB structure and queue lengths (pcq-limit, pcq-total-limit) the traffic which gets more bandwidth is able to push more packets. I had the same problem with my dedicated p2p machine. Remarked it’s traffic and problem was solved.

In your case you must be more careful to adjust pcq-limit and pcq-total-limit. Or you could separate QoS from PCQ. Leave this setup for QoS and raise all limit-at values. Add another marking and another Queue Tree for PCQ.

janisk:

In my presentation I told that creating priorities separately for each client is suicide - there is no hardware that can handle small queue tree for every user (if you have 1000 of them). So in my presentation I discuss next best thing, which is close as possible to desired behavior.

The main Idea of the setup is to have two separate QoS steps:

In the first step we prioritize traffic, we are making sure that traffic with higher priority has more chance to get to the customers than traffic with lower priority.

Example:
We have total of 100Mbps available, but clients at this particular moment would like to receive 10Mbps of Priority=1 traffic 20Mbps of Priority=4 and 150Mbps of Priority=8.
Of course after our prioritization and limitation 80Mbps of priority=8 will be dropped. And only 100Mbps will get to the next step.

Next step is per-user limitation, we already have only higher priority traffic, but now we must make sure that some user will not overuse it, so we have PCQ with limits.

This way we get virtually the same behavior as “per user prioritization”.

dot-bot · December 12, 2008, 11:02am

macgaiver · December 15, 2008, 7:53am

Take a look at:
http://wiki.mikrotik.com/wiki/HTB
to be more precise at:
http://wiki.mikrotik.com/wiki/Image:Stage1_1.jpg

Queue01 have max-limit=50M and have 2 children Queue02 and Oueue08 with max-limit=49M
Queue08 have max-limit=49M and have 2 children Queue09 and Oueue12 with max-limit=47M
Queue09 have max-limit=47M and have 2 children Queue10 and Oueue11 with max-limit=45M

This way if one child queue use all available traffic, other child queue will have a “room to work”. this I was trying to explain by:

and this

mknnoc · December 18, 2008, 9:47am

As i know so far, Priority will work only if bandwidth is full(100%). isn’t it?

dot-bot · December 18, 2008, 12:04pm

Packet rearrangement occurs in a well built HTB/Queue. Priorities determine which child leaf gets the available limit-at/max-limit of it’s parent. First prio 1 gets it’s traffic, then 2, then 3 etc to 8 for limit-at. After this is done first prio 1 gets for max-lmit, then prio 2 gets for max-limit etc.

NetworkPro · January 16, 2009, 11:51pm

You’re kinda wrong. Packets of one connection can not/must not get rearranged, their order must be preserved. We are talking about bandwidth here and packet discarding, not moving forward and backward… I am confused

Chupaka · January 17, 2009, 12:17pm

well, packet rearrangement inside a single connection is normal, it’s what TCP was developed for =) but in normal situation packets from one connection should not have different priorities, so they won’t be rearranged

newtoCS · July 24, 2010, 2:22am

Could anyone answer to my post?
http://forum.mikrotik.com/t/where-should-i-implement-htb/39455/1

Please help…