HI,

I have these rules set up, but it doesn’t seem like the packets are being marked. The connection is, but not the packets (at least from looking at the counters in Winbox).
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough

1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough

3 chain=postrouting action=mark-connection new-connection-mark=RTP-Out-Connection passthrough=no
protocol=udp dst-address-list=Vitelity-Out port=10000-20000 log=no log-prefix=“”

4 chain=postrouting action=mark-packet new-packet-mark=RTP-Out-Pkt passthrough=no
connection-mark=RTP-Out-Connection log=no log-prefix=“”

5 chain=prerouting action=mark-connection new-connection-mark=RTP-Inbound-Connection passthrough=no
protocol=udp dst-port=5060,10000-20000 log=no log-prefix=“”

6 chain=prerouting action=mark-packet new-packet-mark=RTP-Inbound-Packet passthrough=no
connection-mark=RTP-Inbound-Connection log=no log-prefix=“”
Have I done something wrong?

Thanks,
Westley

The counters will show the number of connections matched, not the number of packets.

Check your matching queues to see the packets that are being matched by your connection marking.

Even the counters for the Queue Tree’s are showing 0.
0 name=“Upload Parent” parent=global packet-mark=“” limit-at=0 queue=default
priority=8 max-limit=20M burst-limit=0 burst-threshold=0 burst-time=0s
bucket-size=0.1

1 name=“RTP” parent=Upload Parent packet-mark=RTP-Out-Pkt limit-at=2M
queue=default priority=1 max-limit=20M burst-limit=0 burst-threshold=0
burst-time=0s bucket-size=0.1

2 name=“Unmarked” parent=Upload Parent packet-mark=no-mark limit-at=2M
queue=default priority=8 max-limit=20M burst-limit=0 burst-threshold=0
burst-time=0s bucket-size=0.1

3 name=“Download Parent” parent=bridge packet-mark=“” limit-at=100M
queue=default-small priority=8 max-limit=100M burst-limit=0
burst-threshold=0 burst-time=0s bucket-size=0.1

4 name=“RTP In” parent=Download Parent packet-mark=RTP-Inbound-Packet
limit-at=2M queue=default-small priority=1 max-limit=100M burst-limit=0
burst-threshold=0 burst-time=0s bucket-size=0.1

5 name=“Unmarked In” parent=Download Parent packet-mark=no-mark limit-at=2M
queue=default-small priority=8 max-limit=100M burst-limit=0
My big concern is with the RTP-Out-Pkt. We are having a lot of problems with our outgoing audio and I am hoping setting up QOS will help.

Here’s the latest stats
0 name=“Upload Parent” parent=global packet-mark=“” rate=16824 packet-rate=18
queued-bytes=0 queued-packets=0 bytes=93480608 packets=308853 dropped=0

1 name=“RTP” parent=Upload Parent packet-mark=RTP-Out-Pkt rate=0 packet-rate=0
queued-bytes=0 queued-packets=0 bytes=0 packets=0 dropped=0

2 name=“Unmarked” parent=Upload Parent packet-mark=no-mark rate=16824
packet-rate=18 queued-bytes=0 queued-packets=0 bytes=93471650
packets=308826 dropped=239

3 name=“Download Parent” parent=bridge packet-mark=“” rate=0 packet-rate=0
queued-bytes=0 queued-packets=0 bytes=81898246 packets=108069 dropped=0

4 name=“RTP In” parent=Download Parent packet-mark=RTP-Inbound-Packet rate=0
packet-rate=0 queued-bytes=0 queued-packets=0 bytes=1144 packets=6
dropped=0

5 name=“Unmarked In” parent=Download Parent packet-mark=no-mark rate=0
packet-rate=0 queued-bytes=0 queued-packets=0 bytes=81897102
packets=108063 dropped=0
Thanks,
Westley

BUMP

Hi

Please provide the full config, so that others have all the needed info / elements

/export hide-sensitive compact

Here it is.

dec/07/2018 14:28:29 by RouterOS 6.43.4

software id = GYAA-XQ70

model = 951G-2HnD

serial number = 642F06F96BC2

/interface bridge
add admin-mac=6C:3B:6B:64:XX:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
country="united states" disabled=no distance=indoors frequency=auto mode=
ap-bridge ssid=Corelifting wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/queue tree
add limit-at=100M max-limit=100M name="Download Parent" parent=bridge
add limit-at=2M max-limit=100M name="RTP In" packet-mark=RTP-Inbound-Packet
parent="Download Parent" priority=1
add limit-at=2M max-limit=100M name="Unmarked In" packet-mark=no-mark parent=
"Download Parent"
add max-limit=20M name="Upload Parent" parent=global queue=default
add limit-at=2M max-limit=20M name=RTP packet-mark=RTP-Out-Pkt parent=
"Upload Parent" priority=1 queue=default
add limit-at=2M max-limit=20M name=Unmarked packet-mark=no-mark parent=
"Upload Parent" queue=default
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.254/24 comment=defconf interface=ether2 network=
192.168.1.0
add address=A.B.C.12/19 interface=ether1 network=A.B.C.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=68.105.28.29,68.105.28.16
/ip dns static
add address=192.168.1.254 name=router.lan
/ip firewall address-list
add address=outbound.vitelity.net list=Vitelity-Out
/ip firewall filter
add action=log chain=forward disabled=yes dst-address=216.146.208.49
log-prefix=core-
add action=accept chain=input comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN"
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy"
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy"
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=forward comment=
"defconf: accept established,related, untracked" connection-state=
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid"
connection-state=invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=postrouting new-connection-mark=
RTP-Out-Connection passthrough=no port=10000-20000 protocol=udp
add action=mark-packet chain=postrouting connection-mark=RTP-Out-Connection
new-packet-mark=RTP-Out-Pkt passthrough=no
add action=mark-connection chain=prerouting dst-port=5060,10000-20000
new-connection-mark=RTP-Inbound-Connection passthrough=no protocol=udp
add action=mark-packet chain=prerouting connection-mark=
RTP-Inbound-Connection new-packet-mark=RTP-Inbound-Packet passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade"
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=RDP dst-address=A.B.C.12
dst-port=3389 protocol=tcp to-addresses=192.168.1.2 to-ports=3389
add action=dst-nat chain=dstnat comment=SIP dst-address=A.B.C.12
dst-port=5060 protocol=tcp to-addresses=192.168.1.4 to-ports=5060
add action=dst-nat chain=dstnat comment=RTP dst-address=A.B.C.12
dst-port=10000-20000 protocol=udp to-addresses=192.168.1.4 to-ports=
10000-20000
/ip route
add distance=1 gateway=A.B.C.1
/system clock
set time-zone-name=America/Chicago
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set file-limit=40000KiB file-name=003.pcap filter-interface=all

Some remarks:

global don’t work with fasttracking
TODO:

• change global → ether1 (=wan)
  add max-limit=20M name=“Upload Parent” parent=ether1 queue=default

you are fasttracking everything
TODO:

• you need to exclude traffic for “RTP” from fasttracking
  add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related connection-bytes=8000-0 connection-mark=!RTP

your marking is incorrect
TODO:

• connection marking is for both in & outbound leg => it’s one connection
• once connection gets marked, packets needs too, so best to split connection & packet marks: connection in forward, packet in postrouting
• only mark if needed
  /ip firewall mangle
  add action=mark-connection chain=forward dst-port=5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp connection-mark=no-mark
  add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=RTP passthrough=no
  (+ adj packet-mark on queue)
  
  
  (edited by hand, so some errors may exist)

All of the fasttracking stuff is the defaults from a new router.

Every resource I looked at for VoIP QOS had marking both the inbound and outbound connections separately.

I made the changes as suggested, but I’m still not seeing anything in the queue tree counters.

Here are the changes I made:
/queue tree
add limit-at=100M max-limit=100M name=“Download Parent” parent=bridge
add limit-at=2M max-limit=100M name=“RTP In” packet-mark=RTP-Inbound-Packet
parent=“Download Parent” priority=1
add limit-at=2M max-limit=100M name=“Unmarked In” packet-mark=no-mark parent=
“Download Parent”
add max-limit=20M name=“Upload Parent” parent=ether1 queue=default
add limit-at=2M max-limit=20M name=RTP packet-mark=RTP parent=“Upload Parent”
priority=1 queue=default
add limit-at=2M max-limit=20M name=Unmarked packet-mark=no-mark parent=
“Upload Parent” queue=default
/ip firewall address-list
add address=outbound.vitelity.net list=Vitelity-Out
/ip firewall filter
add action=passthrough chain=forward comment=
“special dummy rule to show fasttrack counters-copy” disabled=yes
add action=fasttrack-connection chain=forward connection-bytes=8000-0
connection-mark=!RTP connection-state=established,related
add action=log chain=forward disabled=yes dst-address=216.146.208.49
log-prefix=core-
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=postrouting disabled=yes
new-connection-mark=RTP-Out-Connection passthrough=no port=10000-20000
protocol=udp
add action=mark-packet chain=postrouting connection-mark=RTP-Out-Connection
disabled=yes new-packet-mark=RTP-Out-Pkt passthrough=no
add action=mark-connection chain=prerouting disabled=yes dst-port=
5060,10000-20000 new-connection-mark=RTP-Inbound-Connection passthrough=
no protocol=udp
add action=mark-packet chain=prerouting connection-mark=
RTP-Inbound-Connection disabled=yes new-packet-mark=RTP-Inbound-Packet
passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark dst-port=
5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=
RTP passthrough=no

I know… but the default doesn’t have queues either .

And it’s not wrong, FOR packets. It is wrong for connections. A UDP “connection” has packets travelling in both directions. So which connection mark should it have: RTP In or RTP Out???

try this

/queue tree
add limit-at=100M max-limit=100M name=“Download Parent” parent=bridge
add limit-at=2M max-limit=100M name=“RTP In” packet-mark=RTP parent=“Download Parent” priority=1
add limit-at=2M max-limit=100M name=“Unmarked In” packet-mark=no-mark parent=“Download Parent”
add max-limit=20M name=“Upload Parent” parent=ether1 queue=default
add limit-at=2M max-limit=20M name=“RTP Out” packet-mark=RTP parent=“Upload Parent” priority=1 queue=default
add limit-at=2M max-limit=20M name=“Unmarked Out” packet-mark=no-mark parent=“Upload Parent” queue=default

/ip firewall filter
…
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related connection-bytes=8000-0 connection-mark=!RTP
…

/ip firewall mangle
add action=mark-connection chain=forward dst-port=5060,10000-20000 new-connection-mark=RTP passthrough=no protocol=udp connection-mark=no-mark
add action=mark-packet chain=postrouting connection-mark=RTP new-packet-mark=RTP passthrough=no