Hello, I am trying to figure out how to setup a QOS for Dscp 46 for voip.
This dscp is already being set on the packets by our voip server program (3cx)
I am a bit confused on the firewalls and Que setups. They all seem to be wanting to mark the traffic when from what I can see the traffic is already marked by the Voip Server.
Any help would be great.
Thanks
I wrote a script to setup DSCP for you.. It’s in this thread: http://forum.mikrotik.com/t/dscp-mangle-and-queue-trees/100297/7
Thank you for the reply, I appreciate it alot!
But I am still confused where the dscp 46 comes into play? I think the priority levels there must contain dscp 46, is that right?
Also if I am looking this right should I adjust the dscp value in your script and does this script basically give dscp 46(voip) priority over all other traffic except for route updates?
Please excuse my ignorance I am not very familiar with Mikrotik or prioritization ;/.
The script will setup everything you need. you only need to do is set the WAN upload bandwidth.
You VoIP software / hardware will do the rest. It sets the DSCP on the packets (46 for audio, 20-something for control)
The script just sets up the router and queues to honor the disco value setup
DSCP is just a field in the IP packet header.
Think of it the same way as writing “fragile” on a box that you send through snail mail.
Just because you’ve WRITTEN on the box, it doesn’t mean that the postal service will honor that mark.
Basically, you must program the router on how to honor the mark.
Queues will match packets based on certain criteria - namely targets + packet marks.
Targets basically determine the source of packets to enter the queue.
Packet marks are an additional “filter”
So if a target specifies an interface, then all packets on that interface will go into the queue. If a packet mark is also specified, then only packets with that mark AND passing through that interface will go into the queue.
Packet marks are a construct that only exists inside the router itself. There is no actual field on the packet which is changed because of a packet mark.
Packet marking is performed in the mangle table.
You can configure your mangle rules to mark packets based on DSCP values. (there are MANY more ways you could choose to mark packets)
So if you made a prerouting chain rule which marks packets having DSCP=46, then your queue can match packets with the specific mark.
It seems like a lot of extra work to go through for something so simple, but because the mangle table can do lots more crazy things than just match DSCP, it turns out that packet marking gives you a ton of functionality that doesn’t exist in just queueing based on DSCP.
Bare with me and thanks again.
I thought the voip devices or in my case the 3cx server sets the dscp 46 on the packets.
So why would we want to mark the packets again on the router and not just route or is the dscp value lost some how when reaching the router.
Also is this line talking about the ethernet port (ethernet-Default)? I ask because mine are renamed?
name=($thisDscp+1 . ". " . $subClass ) parent=$queueName priority=($thisDscp+1) queue=ethernet-default
:for thisQueue from=0 to=7 do={
Thank you
ethernet-default is the type of queue.
Yes, your 3cx server sets the disco value on the packet, but the Mikrotik does not directly see that. You need the mangle rule to make the packet in a way that the router and understand and then place it in the correct queue.
Thank you for that reply!!!
That helps a lot in understanding. I am still a bit in the dark but its getting a little more clear on how all this works.
So would it be possible to just rely on the dscp value set by the 3cx server program or am I missing it or is it just better to do it the complex way for more functionality later on.
my ethernet setup looks like this
set 0 interface=wlan1
set 1 interface=ether1
set 2 interface=ether2
set 3 interface=ether3
set 4 interface=ether4
set 5 interface=ether5
Not sure how to show it without handing out passwords and secure information.
Sorry it is taking me too long to reply and I reply without seeing your replies. Thank you. I think I am getting it… Maybe. thanks again for lending a hand and not calling me dumb.
One last dumb question.
So when I use wireshark, I can easily see the packets from my phones that are marked with dscp 46 but when I run torch in mikrotik I don’t seem to see those same ip address of those devices. I get some dscp46 from the ip address of the 3cx server but not to the phone I am calling with or any other phone devices.
Am I missing something or using “torch” incorrectly?
Thank you Sir for the script!
I ran it and I got the mangle rules however it failed to create the queue and I got some error messages in the terminal. I edited only the upload and wan name(or was I supposed to change anything saying “waninterfaceName”. I tried that way as well and it still failed to create the queues but the mangle rules applied but I do not see a huge increase in traffic on dscp 46 and 26 when a call is made. Any help would be great. PS I have 951Ui-2HnD’s as my routers
:local wanInterfaceName "Ether1"
:local uploadBandwidth 5500k
:local queueName ("DSCP_" . $wanInterfaceName)
:local dscpClass [:toarray "Network Control,Internetwork Control,Critical,Flash Override,Flash,Immedate,Priority,Routine"]
:local dscp 64
:for thisDscp from 63 to 00 do={
/ip firewall mangle add action=mark-packet chain=postrouting comment=("dscp_" . $thisDscp) \
disabled=no dscp=$thisDscp new-packet-mark=("dscp_" . $thisDscp) passthrough=no
}
/queue tree add max-limit=$uploadBandwidth name=$queueName parent=$wanInterfaceName priority=1
:for thisDscp from=0 to=7 do={
:local subClass ([:pick $dscpClass $thisDscp] . " (" . $wanInterfaceName . ")")
/queue tree add \
name=($thisDscp+1 . ". " . $subClass ) parent=$queueName priority=($thisDscp+1) queue=ethernet-default
:for thisQueue from=0 to=7 do={
:set dscp ($dscp-1)
/queue tree add name=($subClass . " (Pri: " . $thisQueue+1 .")") \
parent=($thisDscp+1 . ". " . $subClass) priority=($thisQueue+1) \
packet-mark=("dscp_" . $dscp) queue=ethernet-default comment=("dscp_" . $dscp)
}
}
wanInterfaceName needs to match your WAN internet name… normally “ether1”, not “Ether1”
Okay great, i’ll fix that and check it out. Is it normal though that im not seeing much data on those dscp packets?
Still the same errors.
I think when I paste into the terminal it is messing up the script.
that’s your problem. You need to paste it into a script, then run the script.
sheesh, im a newb. Thanks for taking time to help!
no problem at all! We were all newbs with MikroTik at some point.
Awesome it setup the Que tree.
One other question.
Is there anything I need to change to prioritize things if I have 2 different locations connected via vpn to this router.(the other locations are on their own subnets but still come back and communicate with the 3cx server)
nope. The Mangle rules will catch all the packets passing through the router and read the DSCP, then tag the packet for the queue. If you trust the 3cx server and phones, you are good to go. If you don’t trust it, then you can write some extra mangles to catch more and mark them with what you want.
You should be able to look at the queue tree and see just how much is passing through each queue.
After a day or two, you can also turn off any queues & mangles that have 0 traffic. that will lighten the work load on the processor.
Thank You! You are a huge benefit to the Mikrotik Community!!!