Good Day All,
I have setup a system using an older Dell server we had lying around, installed RouterOS 5.4 and purchased a license.
We have a 500Mbit asynchronous fiber connection coming in to our headquarters building, in to a juniper firewall and Palo Alto appliance we are using for content filtering. From here in to our core switch environment where we send off fiber to all other buildings on our campus. Each building / area is broken up in to different VLANs.
I have setup in this system a bridge with ether1 and ether2, using ether3 as our management port. ether1 and ether2 connect in between the Juniper and Palo Alto. With this bridge I have setup PCQ bandwidth limiting for all our subnets, for the appropriate VLAN’s, and have another PCQ group setup which uses an address list of IP Addresses to not be limited to any bandwidth and have high priority. So far this seems to be working really well.
I am now trying to incorporate some QoS rules which would affect the whole campus. So trying to make things like DNS and HTTP Requests top priority. I have setup some rules on the /ip firewall mangle options, like marking the packets, and then another rule to “set priority” for the respective marked packets. The marking is happening in prerouting while the set priority is happening in forward. Is this the proper way to do it? The rules are “above” the rules which mark the connection and packets for my PCQ queues. Should they be before or after? Does it matter?
I have tried a series of different ways, like using src-port instead of dst-port = 80, or 53 in the case of DNS, but it doesn’t appear to have made any difference.
I also want to setup priority for other things like XBox live, and other services to ensure our users get the best experience.
Ultimately, we have a problem that when users request pages, there is a 5 - 10 second delay most of the time before anything happens. I am trying to do all I can to remove this delay. So as an example. In my browser I type in “www.mikrotik.com”, I press return / enter. The browser initiates it and in the status bar reports “Waiting for www.mikrotik.com”. It sits like this for 5 - 10 seconds most of the time, sometimes instant as would be expected. Overall the internet experience has been wonderful, but this frustrating delay would be nice to get rid of all together.
Now granted, our connection at this point at its peak doesn’t go more than 280Mbit - 300Mbit at any given point, and so we have that extra 200Mbit overhead, so would priority even need to be setup? I would imagine it should, because if somebody is hitting their 10Mbit limit and wants to do something else, priority would still come in to play here, correct? Like if somebody’s kid is watching youtube videos while dad is trying to play Halo or something, we’d need to boost the priority of Xbox over “HTTP Download”, correct?
Thank you for any help with this!
My queues are like this:
Total Download (Parent)
- Exception Download (Unlimited, High Priority)
- Subnet 1 Download (Limited 10M, Regular Priority)
- Subnet 2 Download (Limited 10M, Regular Priority)
- Etc
Total Upload (Parent) - Exception Upload (Unlimited, High Priority)
- Subnet 1 Upload (Limited 5M, Regular Priority)
- Subnet 2 Upload (Limited 5M, Regular Priority)
- Etc
Under IP → Firewall → Address Lists I have our subnets listed, so for example
name=Subnet Name address=192.168.10.0/24
name=Subnet 2 Name address=192.168.11.0/24
name=Subnet 2 Name address=192.168.12.0/24
etc